diff --git a/.air.toml b/.air.toml
index af182697fb..65872e7382 100644
--- a/.air.toml
+++ b/.air.toml
@@ -11,7 +11,7 @@ include_file = ["main.go"]
 include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
 exclude_dir = [
   "models/fixtures",
-  "models/migrations/fixtures",
+  "models/gitea_migrations/fixtures",
   "modules/avatar/identicon/testdata",
   "modules/avatar/testdata",
   "modules/git/tests",
diff --git a/.deadcode-out b/.deadcode-out
index 24facdf12e..9c7176e7b1 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -18,9 +18,11 @@ forgejo.org/models/auth
 
 forgejo.org/models/db
 	TruncateBeans
+	TruncateBeansCascade
 	InTransaction
 	DumpTables
 	GetTableNames
+	extendBeansForCascade
 
 forgejo.org/models/dbfs
 	file.renameTo
@@ -32,6 +34,9 @@ forgejo.org/models/forgejo/semver
 	SetVersionString
 	SetVersion
 
+forgejo.org/models/forgejo_migrations
+	resetMigrations
+
 forgejo.org/models/git
 	RemoveDeletedBranchByID
 
@@ -224,6 +229,12 @@ forgejo.org/services/context
 forgejo.org/services/federation
 	FollowRemoteActor
 
+forgejo.org/services/mailer
+	ActionCloseIssueByCommit.isActionAdditionalData
+
+forgejo.org/services/notify
+	UnregisterNotifier
+
 forgejo.org/services/repository
 	IsErrForkAlreadyExist
 
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 3f250e5682..72fb06c69a 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,6 +1,6 @@
 {
   "name": "Gitea DevContainer",
-  "image": "mcr.microsoft.com/devcontainers/go:1.24-bullseye",
+  "image": "mcr.microsoft.com/devcontainers/go:2.0-bullseye",
   "features": {
     // installs nodejs into container
     "ghcr.io/devcontainers/features/node:1": {
diff --git a/.forgejo/workflows-composite/setup-cache-go/action.yaml b/.forgejo/workflows-composite/setup-cache-go/action.yaml
index f2818a7635..fec166fc35 100644
--- a/.forgejo/workflows-composite/setup-cache-go/action.yaml
+++ b/.forgejo/workflows-composite/setup-cache-go/action.yaml
@@ -17,7 +17,7 @@ runs:
         apt-get -q install -qq -y zstd
 
     - name: "Set up Go using setup-go"
-      uses: https://data.forgejo.org/actions/setup-go@v5
+      uses: https://data.forgejo.org/actions/setup-go@v6
       id: go-version
       with:
         go-version-file: "go.mod"
diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index f5aa059fcf..bb11f083ba 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -25,7 +25,7 @@ jobs:
     if: vars.ROLE == 'forgejo-coding'
     runs-on: lxc-bookworm
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
 
       - id: forgejo
         uses: https://data.forgejo.org/actions/setup-forgejo@v3.0.4
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index b70439f12f..042a981881 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -33,7 +33,7 @@ jobs:
     # root is used for testing, allow it
     if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -43,11 +43,11 @@ jobs:
           repository="${{ github.repository }}"
           echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
 
-      - uses: https://data.forgejo.org/actions/setup-node@v4
+      - uses: https://data.forgejo.org/actions/setup-node@v6
         with:
           node-version: 22
 
-      - uses: https://data.forgejo.org/actions/setup-go@v5
+      - uses: https://data.forgejo.org/actions/setup-go@v6
         with:
           go-version-file: "go.mod"
 
diff --git a/.forgejo/workflows/cascade-setup-end-to-end.yml b/.forgejo/workflows/cascade-setup-end-to-end.yml
index e62dbd9e7d..c481c80497 100644
--- a/.forgejo/workflows/cascade-setup-end-to-end.yml
+++ b/.forgejo/workflows/cascade-setup-end-to-end.yml
@@ -37,7 +37,7 @@ jobs:
     container:
       image: data.forgejo.org/oci/node:22-bookworm
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
         with:
           fetch-depth: '0'
           show-progress: 'false'
diff --git a/.forgejo/workflows/coverage.yml b/.forgejo/workflows/coverage.yml
index 194b116251..a835efd9a5 100644
--- a/.forgejo/workflows/coverage.yml
+++ b/.forgejo/workflows/coverage.yml
@@ -58,10 +58,10 @@ jobs:
           POSTGRESQL_EXTRA_FLAGS: -c full_page_writes=off
         options: --tmpfs /bitnami/postgresql
       cacher:
-        image: registry.redict.io/redict:7.3.5-scratch
+        image: registry.redict.io/redict:7.3.6-scratch
         options: --tmpfs /data:noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
         with:
           repository: ${{ inputs.repository }}
           ref: ${{ inputs.ref }}
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 5303f902e3..a583756656 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -41,7 +41,7 @@ jobs:
     runs-on: lxc-bookworm
     if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
 
       - name: copy & sign
         uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.4.1
diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 57c9a23f02..76799b06dc 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -15,7 +15,7 @@ jobs:
     container:
       image: 'data.forgejo.org/oci/ci:1'
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
 
       - uses: https://data.forgejo.org/actions/cache@v4
         with:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index a727e57afb..6fde710d84 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -17,7 +17,7 @@ jobs:
     container:
       image: 'data.forgejo.org/oci/node:22-bookworm'
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
 
       - name: event
         run: |
@@ -28,7 +28,7 @@ jobs:
           ${{ toJSON(github.event) }}
           EOF
 
-      - uses: https://data.forgejo.org/actions/setup-go@v5
+      - uses: https://data.forgejo.org/actions/setup-go@v6
         with:
           go-version-file: "go.mod"
           cache: false
diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 6fc4380d72..7a06a3177a 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:41.122.3
+      image: data.forgejo.org/renovate/renovate:41.146.0
 
     steps:
       - name: Load renovate repo cache
diff --git a/.forgejo/workflows/testing-integration.yml b/.forgejo/workflows/testing-integration.yml
index 6822c45f39..f98f92e317 100644
--- a/.forgejo/workflows/testing-integration.yml
+++ b/.forgejo/workflows/testing-integration.yml
@@ -34,7 +34,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:22-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install git 2.34.1 and git-lfs 3.0.2
         uses: ./.forgejo/workflows-composite/install-minimum-git-version
@@ -53,7 +53,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:22-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install git 2.34.1 and git-lfs 3.0.2
         uses: ./.forgejo/workflows-composite/install-minimum-git-version
@@ -85,7 +85,7 @@ jobs:
           MARIADB_DATABASE: testgitea
         options: --tmpfs /var/lib/mysql:noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install dependencies & git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 715ce3cb28..49213b064f 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -21,7 +21,7 @@ jobs:
           cat <<'EOF'
           ${{ toJSON(github) }}
           EOF
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - run: su forgejo -c 'make deps-backend deps-tools'
       - run: su forgejo -c 'make --always-make -j$(nproc) lint-backend tidy-check swagger-check lint-swagger fmt-check swagger-validate' # ensure the "go-licenses" make target runs
@@ -33,7 +33,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:22-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - run: make deps-frontend
       - run: make lint-frontend
       - run: make checks-frontend
@@ -77,7 +77,7 @@ jobs:
           MINIO_ROOT_USER: 123456
           MINIO_ROOT_PASSWORD: 12345678
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -104,7 +104,7 @@ jobs:
       image: 'data.forgejo.org/oci/playwright:latest'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
         with:
           fetch-depth: 20
       - uses: ./.forgejo/workflows-composite/setup-env
@@ -126,7 +126,7 @@ jobs:
           echo "all=1" >> "$GITHUB_OUTPUT"
       - name: Get changed files
         id: changed-files
-        uses: https://data.forgejo.org/tj-actions/changed-files@v46
+        uses: https://data.forgejo.org/tj-actions/changed-files@v47
         with:
           separator: '\n'
       - run: |
@@ -172,7 +172,7 @@ jobs:
         image: ${{ matrix.cacher.image }}
         options: ${{ matrix.cacher.options }}
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -205,7 +205,7 @@ jobs:
           MYSQL_EXTRA_FLAGS: --innodb-adaptive-flushing=OFF --innodb-buffer-pool-size=4G --innodb-log-buffer-size=128M --innodb-flush-log-at-trx-commit=0 --innodb-flush-log-at-timeout=30 --innodb-flush-method=nosync --innodb-fsync-threshold=1000000000 --disable-log-bin
         options: --tmpfs /bitnami/mysql/data:noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install dependencies & git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -233,6 +233,7 @@ jobs:
         options: --tmpfs /bitnami/minio/data
       ldap:
         image: data.forgejo.org/oci/forgejo-test-openldap:1
+        options: --memory 500M
       pgsql:
         image: data.forgejo.org/oci/bitnami/postgresql:16
         env:
@@ -242,7 +243,7 @@ jobs:
           POSTGRESQL_EXTRA_FLAGS: -c full_page_writes=off
         options: --tmpfs /bitnami/postgresql
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install dependencies & git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -264,7 +265,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:22-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install dependencies & git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -292,7 +293,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:22-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: https://data.forgejo.org/actions/checkout@v5
       - uses: ./.forgejo/workflows-composite/setup-env
       - run: su forgejo -c 'make deps-backend deps-tools'
       - run: su forgejo -c 'make security-check'
diff --git a/.golangci.yml b/.golangci.yml
index b8884dd080..e41a40fe5a 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -94,6 +94,7 @@ linters:
         - all
     testifylint:
       disable:
+        - error-is-as
         - go-require
   exclusions:
     generated: lax
@@ -119,7 +120,7 @@ linters:
           - errcheck
           - gocyclo
           - gosec
-        path: models/migrations/v
+        path: models/gitea_migrations/v
       - linters:
           - forbidigo
         path: cmd
diff --git a/.release-notes-assistant.yaml b/.release-notes-assistant.yaml
index b3e5a8e665..f8264c0897 100644
--- a/.release-notes-assistant.yaml
+++ b/.release-notes-assistant.yaml
@@ -5,6 +5,7 @@ branch-find-version: 'v(?P<version>\d+\.\d+)/forgejo'
 branch-to-version: '${version}.0'
 branch-from-version: 'v%[1]d.%[2]d/forgejo'
 tag-from-version: 'v%[1]d.%[2]d.%[3]d'
+supported-release-count: 3
 branch-known:
   - 'v7.0/forgejo'
 cleanup-line: 'sed -Ee "s/^(feat|fix):\s*//g" -e "s/^\[WIP\] //" -e "s/^WIP: //" -e "s;\[(UI|BUG|FEAT|v.*?/forgejo)\]\s*;;g"'
diff --git a/CODEOWNERS b/CODEOWNERS
index 25a3f698dc..fa332c6d71 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -38,6 +38,10 @@ routers/.* @gusted
 options/locale/.* @0ko
 options/locale_next/.* @0ko
 
-# Personal interest
+# lint-locale-usage
 build/lint-locale-usage/.* @fogti
+models/unit/.* @fogti
+services/migrations/lint-locale-usage/.* @fogti
+
+# Personal interest
 .*/webhook.* @oliverpool
diff --git a/Makefile b/Makefile
index f1bc58a258..76e58c784f 100644
--- a/Makefile
+++ b/Makefile
@@ -37,17 +37,17 @@ endif
 XGO_VERSION := go-1.21.x
 
 AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.3.0 # renovate: datasource=go
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.8.0 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.3.1 # renovate: datasource=go
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.4.1 # renovate: datasource=go
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.9.1 # renovate: datasource=go
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.5.0 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 # renovate: datasource=go
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.36.0 # renovate: datasource=go
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.38.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@41.122.3 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@41.146.0 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...
@@ -287,14 +287,14 @@ show-version-api: verify-version
 .PHONY: compute-go-test-packages
 compute-go-test-packages:
 ifeq ($(HAS_GO), yes)
-	$(eval GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list forgejo.org/models/migrations/...) $(shell $(GO) list forgejo.org/models/forgejo_migrations/...) forgejo.org/tests/integration/migration-test forgejo.org/tests forgejo.org/tests/integration forgejo.org/tests/e2e,$(shell $(GO) list ./...)))
+	$(eval GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list forgejo.org/models/gitea_migrations/...) $(shell $(GO) list forgejo.org/models/forgejo_migrations_legacy/...) $(shell $(GO) list forgejo.org/models/forgejo_migrations/...) forgejo.org/tests/integration/migration-test forgejo.org/tests forgejo.org/tests/integration forgejo.org/tests/e2e,$(shell $(GO) list ./...)))
 endif
 
 # Target to compute MIGRATION_PACKAGES - only runs when needed
 .PHONY: compute-migration-packages
 compute-migration-packages:
 ifeq ($(HAS_GO), yes)
-	$(eval MIGRATION_PACKAGES := $(shell $(GO) list forgejo.org/models/migrations/... forgejo.org/models/forgejo_migrations/...))
+	$(eval MIGRATION_PACKAGES := $(shell $(GO) list forgejo.org/models/gitea_migrations/... forgejo.org/models/forgejo_migrations_legacy/... forgejo.org/models/forgejo_migrations/...))
 endif
 
 ###
@@ -432,7 +432,7 @@ lint: lint-frontend lint-backend
 lint-fix: lint-frontend-fix lint-backend-fix
 
 .PHONY: lint-frontend
-lint-frontend: lint-js lint-css
+lint-frontend: lint-js tsc lint-css
 
 .PHONY: lint-frontend-fix
 lint-frontend-fix: lint-js-fix lint-css-fix
@@ -475,7 +475,7 @@ lint-locale:
 
 .PHONY: lint-locale-usage
 lint-locale-usage:
-	$(GO) run ./build/lint-locale-usage --allow-masked-usages-from=build/lint-locale-usage/allowed-masked-usage.txt
+	$(GO) run ./build/lint-locale-usage/bin --allow-masked-usages-from=build/lint-locale-usage/allowed-masked-usage.txt
 
 .PHONY: lint-md
 lint-md: node_modules
@@ -514,7 +514,11 @@ lint-disposable-emails-fix:
 
 .PHONY: security-check
 security-check:
-	go run $(GOVULNCHECK_PACKAGE) -show color ./...
+	$(GO) run $(GOVULNCHECK_PACKAGE) -show color ./...
+
+.PHONY: tsc
+tsc: node_modules
+	npx tsc --noEmit
 
 ###
 # Development and testing targets
@@ -774,7 +778,7 @@ migrations.individual.mysql.test: $(GO_SOURCES) | compute-migration-packages
 
 .PHONY: migrations.individual.sqlite.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/migrations/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/gitea_migrations/$*
 
 .PHONY: migrations.individual.pgsql.test
 migrations.individual.pgsql.test: $(GO_SOURCES) | compute-migration-packages
@@ -784,7 +788,7 @@ migrations.individual.pgsql.test: $(GO_SOURCES) | compute-migration-packages
 
 .PHONY: migrations.individual.pgsql.test\#%
 migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/migrations/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/gitea_migrations/$*
 
 .PHONY: migrations.individual.sqlite.test
 migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite | compute-migration-packages
@@ -794,7 +798,7 @@ migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite | compute-m
 
 .PHONY: migrations.individual.sqlite.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/migrations/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/gitea_migrations/$*
 
 e2e.mysql.test: $(GO_SOURCES)
 	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/e2e -o e2e.mysql.test
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index c688045d1c..a0a8889352 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -130,6 +130,10 @@ A [companion blog post](https://forgejo.org/2024-07-release-v8-0/) provides addi
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/3334): <!--number 3334 --><!--number--><!--description Added support for the `workflow_dispatch` workflow trigger-->added support for the [`workflow_dispatch` trigger](https://forgejo.org/docs/v8.0/user/actions/#onworkflow_dispatch) in Forgejo Actions.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/3307): <!--number 3307 --><!--number--><!--description Support [Proof Key for Code Exchange (PKCE - RFC7636)](https://www.rfc-editor.org/rfc/rfc7636) for external login using the OpenID Connect authentication source.-->support [Proof Key for Code Exchange (PKCE - RFC7636)](https://www.rfc-editor.org/rfc/rfc7636) for external login using the OpenID Connect authentication source.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/3139): <!--number 3139 --><!--number--><!--description Allow hiding auto generated release archives-->allow hiding auto generated release archives.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3952): Update of Chroma from v2.13.0: to v2.14.0:
+    - [`1e983e7`](https://github.com/alecthomas/chroma/commit/1e983e7) lexers/cue: support CUE attributes ([#&#8203;961](https://github.com/alecthomas/chroma/issues/961))
+    - [`9347b55`](https://github.com/alecthomas/chroma/commit/9347b55) Add Gleam syntax highlighting ([#&#8203;959](https://github.com/alecthomas/chroma/issues/959))
+    - [`2580aaa`](https://github.com/alecthomas/chroma/commit/2580aaa) Add Bazel bzlmod support into Python lexer ([#&#8203;947](https://github.com/alecthomas/chroma/issues/947))
 - **Bug fixes**
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/4732) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4715)): <!--number 4732 --><!--number--><!--description -->Show the AGit label on merged pull requests.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/4689) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4687)): <!--number 4689 --><!--number--><!--description -->Fixed: issue state change via the API is not idempotent.<!--description-->
@@ -146,6 +150,9 @@ A [companion blog post](https://forgejo.org/2024-07-release-v8-0/) provides addi
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/3442): <!--number 3442 --><!--number--><!--description Save updated empty comments instead of skipping the update silently, [which prevented the removal of attachments of such comments](https://codeberg.org/forgejo/forgejo/issues/3424).-->Fixed: it is not possible to remove attachments from an empty comment.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/3430): <!--number 3430 --><!--number--><!--description Fixed a bug where the `/api/v1/repos/{owner}/{repo}/wiki` API endpoints were using a hardcoded "master" branch for the wiki, rather than the branch they really use.-->Fixed: the `/api/v1/repos/{owner}/{repo}/wiki` API endpoints is using a hardcoded "master" branch for the wiki, rather than the branch they really use.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/3379): <!--number 3379 --><!--number--><!--description -->Fixed: using the API to search for users, the results are not paged by default an the default paging limits are not respected.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3952): Update of Chroma from v2.13.0: to v2.14.0:
+    - [`736c0ea`](https://github.com/alecthomas/chroma/commit/736c0ea) Typescript: Several fixes ([#&#8203;952](https://github.com/alecthomas/chroma/issues/952))
+    - [`e5c25d0`](https://github.com/alecthomas/chroma/commit/e5c25d0) Org: Keep all newlines ([#&#8203;951](https://github.com/alecthomas/chroma/issues/951))
 - **Localization**
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/4661) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4568)): <!--number 4661 --><!--number--><!--description -->24 July updates<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/4565) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4451)): <!--number 4565 --><!--number--><!--description -->19 July updates<!--description-->
diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 608db76eb3..aa1a65db12 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -199,6 +199,16 @@
     "path": "code.gitea.io/sdk/gitea/LICENSE",
     "licenseText": "Copyright (c) 2016 The Gitea Authors\nCopyright (c) 2014 The Gogs Authors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n"
   },
+  {
+    "name": "code.superseriousbusiness.org/go-jpeg-image-structure/v2",
+    "path": "code.superseriousbusiness.org/go-jpeg-image-structure/v2/LICENSE",
+    "licenseText": "MIT LICENSE\n\nCopyright 2020 Dustin Oprea\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
+  },
+  {
+    "name": "code.superseriousbusiness.org/go-png-image-structure/v2",
+    "path": "code.superseriousbusiness.org/go-png-image-structure/v2/LICENSE",
+    "licenseText": "MIT LICENSE\n\nCopyright 2020 Dustin Oprea\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
+  },
   {
     "name": "codeberg.org/gusted/mcaptcha",
     "path": "codeberg.org/gusted/mcaptcha/LICENSE",
@@ -207,7 +217,7 @@
   {
     "name": "connectrpc.com/connect",
     "path": "connectrpc.com/connect/LICENSE",
-    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2021-2024 The Connect Authors\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2021-2025 The Connect Authors\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
   },
   {
     "name": "dario.cat/mergo",
@@ -484,6 +494,31 @@
     "path": "github.com/dsnet/compress/LICENSE.md",
     "licenseText": "Copyright © 2015, Joe Tsai and The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n* Redistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer.\n* Redistributions in binary form must reproduce the above copyright notice,\nthis list of conditions and the following disclaimer in the documentation and/or\nother materials provided with the distribution.\n* Neither the copyright holder nor the names of its contributors may be used to\nendorse or promote products derived from this software without specific prior\nwritten permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY\nDIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\nON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
+  {
+    "name": "github.com/dsoprea/go-exif/v3",
+    "path": "github.com/dsoprea/go-exif/v3/LICENSE",
+    "licenseText": "MIT LICENSE\n\nCopyright 2019 Dustin Oprea\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
+  },
+  {
+    "name": "github.com/dsoprea/go-iptc",
+    "path": "github.com/dsoprea/go-iptc/LICENSE",
+    "licenseText": "MIT License\n\nCopyright (c) 2020 Dustin Oprea\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
+  },
+  {
+    "name": "github.com/dsoprea/go-logging",
+    "path": "github.com/dsoprea/go-logging/LICENSE",
+    "licenseText": "MIT LICENSE\n\nCopyright 2020 Dustin Oprea\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
+  },
+  {
+    "name": "github.com/dsoprea/go-photoshop-info-format",
+    "path": "github.com/dsoprea/go-photoshop-info-format/LICENSE",
+    "licenseText": "MIT License\n\nCopyright (c) 2020 Dustin Oprea\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
+  },
+  {
+    "name": "github.com/dsoprea/go-utility/v2",
+    "path": "github.com/dsoprea/go-utility/v2/LICENSE",
+    "licenseText": "Copyright 2019 Random Ingenuity InformationWorks\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
+  },
   {
     "name": "github.com/dustin/go-humanize",
     "path": "github.com/dustin/go-humanize/LICENSE",
@@ -574,6 +609,11 @@
     "path": "github.com/go-enry/go-enry/v2/LICENSE",
     "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License."
   },
+  {
+    "name": "github.com/go-errors/errors",
+    "path": "github.com/go-errors/errors/LICENSE.MIT",
+    "licenseText": "Copyright (c) 2015 Conrad Irwin \u003cconrad@bugsnag.com\u003e\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
+  },
   {
     "name": "github.com/go-fed/httpsig",
     "path": "github.com/go-fed/httpsig/LICENSE",
@@ -619,6 +659,11 @@
     "path": "github.com/go-webauthn/x/revoke/LICENSE",
     "licenseText": "Copyright (c) 2014 CloudFlare Inc.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\nRedistributions of source code must retain the above copyright notice,\nthis list of conditions and the following disclaimer.\n\nRedistributions in binary form must reproduce the above copyright notice,\nthis list of conditions and the following disclaimer in the documentation\nand/or other materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nHOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED\nTO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
+  {
+    "name": "github.com/go-xmlfmt/xmlfmt",
+    "path": "github.com/go-xmlfmt/xmlfmt/LICENSE",
+    "licenseText": "MIT License\n\nCopyright (c) 2016 go-xmlfmt\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
+  },
   {
     "name": "github.com/gobwas/glob",
     "path": "github.com/gobwas/glob/LICENSE",
@@ -649,6 +694,11 @@
     "path": "github.com/golang-jwt/jwt/v5/LICENSE",
     "licenseText": "Copyright (c) 2012 Dave Grijalva\nCopyright (c) 2021 golang-jwt maintainers\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n"
   },
+  {
+    "name": "github.com/golang/geo",
+    "path": "github.com/golang/geo/LICENSE",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
   {
     "name": "github.com/golang/groupcache/lru",
     "path": "github.com/golang/groupcache/lru/LICENSE",
@@ -1194,6 +1244,11 @@
     "path": "go.yaml.in/yaml/v3/LICENSE",
     "licenseText": "\nThis project is covered by two different licenses: MIT and Apache.\n\n#### MIT License ####\n\nThe following files were ported to Go from C files of libyaml, and thus\nare still covered by their original MIT license, with the additional\ncopyright staring in 2011 when the project was ported over:\n\n    apic.go emitterc.go parserc.go readerc.go scannerc.go\n    writerc.go yamlh.go yamlprivateh.go\n\nCopyright (c) 2006-2010 Kirill Simonov\nCopyright (c) 2006-2011 Kirill Simonov\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of\nthis software and associated documentation files (the \"Software\"), to deal in\nthe Software without restriction, including without limitation the rights to\nuse, copy, modify, merge, publish, distribute, sublicense, and/or sell copies\nof the Software, and to permit persons to whom the Software is furnished to do\nso, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n### Apache License ###\n\nAll the remaining project files are covered by the Apache license:\n\nCopyright (c) 2011-2019 Canonical Ltd\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n"
   },
+  {
+    "name": "go.yaml.in/yaml/v4",
+    "path": "go.yaml.in/yaml/v4/LICENSE",
+    "licenseText": "\nThis project is covered by two different licenses: MIT and Apache.\n\n#### MIT License ####\n\nThe following files were ported to Go from C files of libyaml, and thus\nare still covered by their original MIT license, with the additional\ncopyright staring in 2011 when the project was ported over:\n\n    apic.go emitterc.go parserc.go readerc.go scannerc.go\n    writerc.go yamlh.go yamlprivateh.go\n\nCopyright (c) 2006-2010 Kirill Simonov\nCopyright (c) 2006-2011 Kirill Simonov\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of\nthis software and associated documentation files (the \"Software\"), to deal in\nthe Software without restriction, including without limitation the rights to\nuse, copy, modify, merge, publish, distribute, sublicense, and/or sell copies\nof the Software, and to permit persons to whom the Software is furnished to do\nso, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n### Apache License ###\n\nAll the remaining project files are covered by the Apache license:\n\nCopyright (c) 2011-2019 Canonical Ltd\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n"
+  },
   {
     "name": "go4.org/readerutil",
     "path": "go4.org/readerutil/LICENSE",
@@ -1264,6 +1319,11 @@
     "path": "gopkg.in/warnings.v0/LICENSE",
     "licenseText": "Copyright (c) 2016 Péter Surányi.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
+  {
+    "name": "gopkg.in/yaml.v2",
+    "path": "gopkg.in/yaml.v2/LICENSE",
+    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"{}\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright {yyyy} {name of copyright owner}\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
   {
     "name": "gopkg.in/yaml.v3",
     "path": "gopkg.in/yaml.v3/LICENSE",
diff --git a/build/code-batch-process.go b/build/code-batch-process.go
index 516736b65c..ede43c6c46 100644
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@@ -74,7 +74,7 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/integration/migration-test`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/fixtures`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/migrations/fixtures`))
+		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/gitea_migrations/fixtures`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`services/gitdiff/testdata`))
 	}
 
@@ -181,7 +181,7 @@ func parseArgs() (mainOptions map[string]string, subCmd string, subArgs []string
 			break
 		}
 	}
-	return
+	return mainOptions, subCmd, subArgs
 }
 
 func showUsage() {
diff --git a/build/lint-locale-usage/allowed-masked-usage.txt b/build/lint-locale-usage/allowed-masked-usage.txt
index 06675530db..cfab25a5fd 100644
--- a/build/lint-locale-usage/allowed-masked-usage.txt
+++ b/build/lint-locale-usage/allowed-masked-usage.txt
@@ -23,12 +23,6 @@ themes.names.
 # services/context/context.go
 relativetime.
 
-# templates/mail/issue/default.tmpl: $.locale.Tr
-mail.issue.in_tree_path
-
-# templates/package/metadata/arch.tmpl: $.locale.Tr
-packages.details.license
-
 # templates/repo/issue/view_content.tmpl: indirection via $closeTranslationKey
 repo.issues.close
 repo.pulls.close
@@ -48,7 +42,3 @@ projects.type-3.display_name
 # templates/repo/settings/webhook/link_menu.tmpl, templates/webhook/new.tmpl: repo.settings.web_hook_name_
 # tests/integration/repo_archive_text_test.go
 repo.settings.
-
-# services/migrations/migrate.go: messenger calls
-# ToDo: give them a unique prefix
-repo.migrate.
diff --git a/build/lint-locale-usage/bin/handle-go.go b/build/lint-locale-usage/bin/handle-go.go
new file mode 100644
index 0000000000..b1757fa0fc
--- /dev/null
+++ b/build/lint-locale-usage/bin/handle-go.go
@@ -0,0 +1,177 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package main
+
+import (
+	"fmt"
+	"go/ast"
+	goParser "go/parser"
+	"go/token"
+	"reflect"
+	"slices"
+	"strconv"
+	"strings"
+
+	llu "forgejo.org/build/lint-locale-usage"
+	lluUnit "forgejo.org/models/unit/lint-locale-usage"
+	lluMigrate "forgejo.org/services/migrations/lint-locale-usage"
+)
+
+// the `Handle*File` functions follow the following calling convention:
+// * `fname` is the name of the input file
+// * `src` is either `nil` (then the function invokes `ReadFile` to read the file)
+//   or the contents of the file as {`[]byte`, or a `string`}
+
+func HandleGoFile(handler llu.Handler, fname string, src any) error {
+	fset := token.NewFileSet()
+	node, err := goParser.ParseFile(fset, fname, src, goParser.SkipObjectResolution|goParser.ParseComments)
+	if err != nil {
+		return llu.LocatedError{
+			Location: fname,
+			Kind:     "Go parser",
+			Err:      err,
+		}
+	}
+
+	ast.Inspect(node, func(n ast.Node) bool {
+		// search for function calls of the form `anything.Tr(any-string-lit, ...)`
+
+		switch n2 := n.(type) {
+		case *ast.CallExpr:
+			if len(n2.Args) == 0 {
+				return true
+			}
+			funSel, ok := n2.Fun.(*ast.SelectorExpr)
+			if !ok {
+				return true
+			}
+
+			ltf, ok := handler.LocaleTrFunctions[funSel.Sel.Name]
+			if !ok {
+				return true
+			}
+
+			var gotUnexpectedInvoke *int
+
+			for _, argNum := range ltf {
+				if len(n2.Args) <= int(argNum) {
+					argc := len(n2.Args)
+					gotUnexpectedInvoke = &argc
+				} else {
+					handler.HandleGoTrArgument(fset, n2.Args[int(argNum)], "")
+				}
+			}
+
+			if gotUnexpectedInvoke != nil {
+				handler.OnUnexpectedInvoke(fset, funSel.Sel.NamePos, funSel.Sel.Name, *gotUnexpectedInvoke)
+			}
+
+		case *ast.CompositeLit:
+			if strings.HasSuffix(fname, "models/unit/unit.go") {
+				lluUnit.HandleCompositeUnit(handler, fset, n2)
+			}
+
+		case *ast.FuncDecl:
+			matchInsPrefix := handler.HandleGoCommentGroup(fset, n2.Doc, "llu:returnsTrKey")
+			if matchInsPrefix != nil {
+				results := n2.Type.Results.List
+				if len(results) != 1 {
+					handler.OnWarning(fset, n2.Type.Func, fmt.Sprintf("function %s has unexpected return type; expected single return value", n2.Name.Name))
+					return true
+				}
+
+				ast.Inspect(n2.Body, func(n ast.Node) bool {
+					// search for return stmts
+					// TODO: what about nested functions?
+					if ret, ok := n.(*ast.ReturnStmt); ok {
+						for _, res := range ret.Results {
+							ast.Inspect(res, func(n ast.Node) bool {
+								if expr, ok := n.(ast.Expr); ok {
+									handler.HandleGoTrArgument(fset, expr, *matchInsPrefix)
+								}
+								return true
+							})
+						}
+						return false
+					}
+					return true
+				})
+			}
+
+			if strings.HasSuffix(fname, "services/migrations/migrate.go") {
+				lluMigrate.HandleMessengerInFunc(handler, fset, n2)
+			}
+			return true
+		case *ast.GenDecl:
+			switch n2.Tok {
+			case token.CONST, token.VAR:
+				matchInsPrefix := handler.HandleGoCommentGroup(fset, n2.Doc, " llu:TrKeys")
+				if matchInsPrefix == nil {
+					return true
+				}
+				for _, spec := range n2.Specs {
+					// interpret all contained strings as message IDs
+					ast.Inspect(spec, func(n ast.Node) bool {
+						if argLit, ok := n.(*ast.BasicLit); ok {
+							handler.HandleGoTrBasicLit(fset, argLit, *matchInsPrefix)
+							return false
+						}
+						return true
+					})
+				}
+
+			case token.TYPE:
+				// modules/web/middleware/binding.go:Validate uses the convention that structs
+				// entries can have tags.
+				// In particular, `locale:$msgid` should be handled; any fields with `form:-` shouldn't.
+				// Problem: we don't know which structs are forms, actually.
+
+				for _, spec := range n2.Specs {
+					tspec := spec.(*ast.TypeSpec)
+					structNode, ok := tspec.Type.(*ast.StructType)
+					if !ok || !(strings.HasSuffix(tspec.Name.Name, "Form") ||
+						(tspec.Doc != nil &&
+							slices.ContainsFunc(tspec.Doc.List, func(c *ast.Comment) bool {
+								return c.Text == "// swagger:model"
+							}))) {
+						continue
+					}
+					for _, field := range structNode.Fields.List {
+						if field.Names == nil {
+							continue
+						}
+						if len(field.Names) != 1 {
+							handler.OnWarning(fset, field.Type.Pos(), "unsupported multiple field names")
+							continue
+						}
+						msgidPos := field.Names[0].NamePos
+						msgid := "form." + field.Names[0].Name
+						if field.Tag != nil && field.Tag.Kind == token.STRING {
+							rawTag, err := strconv.Unquote(field.Tag.Value)
+							if err != nil {
+								handler.OnWarning(fset, field.Tag.ValuePos, "invalid tag value encountered")
+								continue
+							}
+							tag := reflect.StructTag(rawTag)
+							if tag.Get("form") == "-" {
+								continue
+							}
+							tmp := tag.Get("locale")
+							if len(tmp) != 0 {
+								msgidPos = field.Tag.ValuePos
+								msgid = tmp
+							}
+						}
+						handler.OnMsgid(fset, msgidPos, msgid, true)
+					}
+				}
+			}
+		}
+
+		return true
+	})
+
+	return nil
+}
diff --git a/build/lint-locale-usage/lint-locale-usage.go b/build/lint-locale-usage/bin/lint-locale-usage.go
similarity index 87%
rename from build/lint-locale-usage/lint-locale-usage.go
rename to build/lint-locale-usage/bin/lint-locale-usage.go
index 8c67a781e9..d9cdf9f321 100644
--- a/build/lint-locale-usage/lint-locale-usage.go
+++ b/build/lint-locale-usage/bin/lint-locale-usage.go
@@ -16,6 +16,7 @@ import (
 	"sort"
 	"strings"
 
+	llu "forgejo.org/build/lint-locale-usage"
 	"forgejo.org/modules/container"
 	"forgejo.org/modules/translation/localeiter"
 )
@@ -23,27 +24,6 @@ import (
 // this works by first gathering all valid source string IDs from `en-US` reference files
 // and then checking if all used source strings are actually defined
 
-type LocatedError struct {
-	Location string
-	Kind     string
-	Err      error
-}
-
-func (e LocatedError) Error() string {
-	var sb strings.Builder
-
-	sb.WriteString(e.Location)
-	sb.WriteString(":\t")
-	if e.Kind != "" {
-		sb.WriteString(e.Kind)
-		sb.WriteString(": ")
-	}
-	sb.WriteString("ERROR: ")
-	sb.WriteString(e.Err.Error())
-
-	return sb.String()
-}
-
 func InitLocaleTrFunctions() map[string][]uint {
 	ret := make(map[string][]uint)
 
@@ -58,14 +38,6 @@ func InitLocaleTrFunctions() map[string][]uint {
 	return ret
 }
 
-type Handler struct {
-	OnMsgid            func(fset *token.FileSet, pos token.Pos, msgid string)
-	OnMsgidPrefix      func(fset *token.FileSet, pos token.Pos, msgidPrefix string, truncated bool)
-	OnUnexpectedInvoke func(fset *token.FileSet, pos token.Pos, funcname string, argc int)
-	OnWarning          func(fset *token.FileSet, pos token.Pos, msg string)
-	LocaleTrFunctions  map[string][]uint
-}
-
 type StringTrie interface {
 	Matches(key []string) bool
 }
@@ -113,7 +85,7 @@ func (m StringTrieMap) Insert(key []string) {
 func ParseAllowedMaskedUsages(fname string, usedMsgids container.Set[string], allowedMaskedPrefixes StringTrieMap, chkMsgid func(msgid string) bool) error {
 	file, err := os.Open(fname)
 	if err != nil {
-		return LocatedError{
+		return llu.LocatedError{
 			Location: fname,
 			Kind:     "Open",
 			Err:      err,
@@ -133,7 +105,7 @@ func ParseAllowedMaskedUsages(fname string, usedMsgids container.Set[string], al
 			allowedMaskedPrefixes.Insert(strings.Split(linePrefix, "."))
 		} else {
 			if !chkMsgid(line) {
-				return LocatedError{
+				return llu.LocatedError{
 					Location: fmt.Sprintf("%s: line %d", fname, lno),
 					Kind:     "undefined msgid",
 					Err:      errors.New(line),
@@ -143,7 +115,7 @@ func ParseAllowedMaskedUsages(fname string, usedMsgids container.Set[string], al
 		}
 	}
 	if err := scanner.Err(); err != nil {
-		return LocatedError{
+		return llu.LocatedError{
 			Location: fname,
 			Kind:     "Scanner",
 			Err:      err,
@@ -152,15 +124,6 @@ func ParseAllowedMaskedUsages(fname string, usedMsgids container.Set[string], al
 	return nil
 }
 
-// Truncating a message id prefix to the last dot
-func PrepareMsgidPrefix(s string) (string, bool) {
-	index := strings.LastIndexByte(s, 0x2e)
-	if index == -1 {
-		return "", true
-	}
-	return s[:index], index != len(s)-1
-}
-
 func Usage() {
 	outp := flag.CommandLine.Output()
 	fmt.Fprintf(outp, "Usage of %s:\n", os.Args[0])
@@ -210,6 +173,7 @@ func Usage() {
 func main() {
 	allowMissingMsgids := false
 	allowUnusedMsgids := false
+	allowWeakMissingMsgids := true
 	usedMsgids := make(container.Set[string])
 	allowedMaskedPrefixes := make(StringTrieMap)
 
@@ -228,6 +192,12 @@ func main() {
 		false,
 		"don't return an error code if missing message IDs are found",
 	)
+	flag.BoolVar(
+		&allowWeakMissingMsgids,
+		"allow-weak-missing-msgids",
+		true,
+		"Don't return an error code if missing 'weak' (e.g. \"form.$msgid\") message IDs are found",
+	)
 	flag.BoolVar(
 		&allowUnusedMsgids,
 		"allow-unused-msgids",
@@ -289,7 +259,7 @@ func main() {
 		os.Exit(3)
 	}
 
-	handler := Handler{
+	handler := llu.Handler{
 		OnMsgidPrefix: func(fset *token.FileSet, pos token.Pos, msgidPrefix string, truncated bool) {
 			msgidPrefixSplit := strings.Split(msgidPrefix, ".")
 			if !truncated {
@@ -299,8 +269,11 @@ func main() {
 				fmt.Printf("%s:\tmissing msgid prefix: %s\n", fset.Position(pos).String(), msgidPrefix)
 			}
 		},
-		OnMsgid: func(fset *token.FileSet, pos token.Pos, msgid string) {
+		OnMsgid: func(fset *token.FileSet, pos token.Pos, msgid string, weak bool) {
 			if !msgids.Contains(msgid) {
+				if weak && allowWeakMissingMsgids {
+					return
+				}
 				gotAnyMsgidError = true
 				fmt.Printf("%s:\tmissing msgid: %s\n", fset.Position(pos).String(), msgid)
 			} else {
@@ -314,7 +287,7 @@ func main() {
 		OnWarning: func(fset *token.FileSet, pos token.Pos, msg string) {
 			fmt.Printf("%s:\tWARNING: %s\n", fset.Position(pos).String(), msg)
 		},
-		LocaleTrFunctions: InitLocaleTrFunctions(),
+		LocaleTrFunctions: llu.InitLocaleTrFunctions(),
 	}
 
 	if err := filepath.WalkDir(".", func(fpath string, d fs.DirEntry, err error) error {
@@ -332,7 +305,7 @@ func main() {
 		} else if name == "bindata.go" || fpath == "modules/translation/i18n/i18n_test.go" {
 			// skip false positives
 		} else if strings.HasSuffix(name, ".go") {
-			onError(handler.HandleGoFile(fpath, nil))
+			onError(HandleGoFile(handler, fpath, nil))
 		} else if strings.HasSuffix(name, ".tmpl") {
 			if strings.HasPrefix(fpath, "tests") && strings.HasSuffix(name, ".ini.tmpl") {
 				// skip false positives
diff --git a/build/lint-locale-usage/lint-locale-usage_test.go b/build/lint-locale-usage/bin/lint-locale-usage_test.go
similarity index 83%
rename from build/lint-locale-usage/lint-locale-usage_test.go
rename to build/lint-locale-usage/bin/lint-locale-usage_test.go
index 81ca12c6db..69fc5accc6 100644
--- a/build/lint-locale-usage/lint-locale-usage_test.go
+++ b/build/lint-locale-usage/bin/lint-locale-usage_test.go
@@ -7,24 +7,26 @@ import (
 	"go/token"
 	"testing"
 
+	llu "forgejo.org/build/lint-locale-usage"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-func buildHandler(ret *[]string) Handler {
-	return Handler{
-		OnMsgid: func(fset *token.FileSet, pos token.Pos, msgid string) {
+func buildHandler(ret *[]string) llu.Handler {
+	return llu.Handler{
+		OnMsgid: func(fset *token.FileSet, pos token.Pos, msgid string, weak bool) {
 			*ret = append(*ret, msgid)
 		},
 		OnUnexpectedInvoke: func(fset *token.FileSet, pos token.Pos, funcname string, argc int) {},
-		LocaleTrFunctions:  InitLocaleTrFunctions(),
+		LocaleTrFunctions:  llu.InitLocaleTrFunctions(),
 	}
 }
 
 func HandleGoFileWrapped(t *testing.T, fname, src string) []string {
 	var ret []string
 	handler := buildHandler(&ret)
-	require.NoError(t, handler.HandleGoFile(fname, src))
+	require.NoError(t, HandleGoFile(handler, fname, src))
 	return ret
 }
 
diff --git a/build/lint-locale-usage/handle-go.go b/build/lint-locale-usage/handle-go.go
index a91a210313..44229e52f7 100644
--- a/build/lint-locale-usage/handle-go.go
+++ b/build/lint-locale-usage/handle-go.go
@@ -2,18 +2,17 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package main
+package lintLocaleUsage
 
 import (
 	"fmt"
 	"go/ast"
-	goParser "go/parser"
 	"go/token"
 	"strconv"
 	"strings"
 )
 
-func (handler Handler) handleGoTrBasicLit(fset *token.FileSet, argLit *ast.BasicLit, prefix string) {
+func (handler Handler) HandleGoTrBasicLit(fset *token.FileSet, argLit *ast.BasicLit, prefix string) {
 	if argLit.Kind == token.STRING {
 		// extract string content
 		arg, err := strconv.Unquote(argLit.Value)
@@ -29,14 +28,14 @@ func (handler Handler) handleGoTrBasicLit(fset *token.FileSet, argLit *ast.Basic
 			}
 			handler.OnMsgidPrefix(fset, argLit.ValuePos, prep, trunc)
 		} else {
-			handler.OnMsgid(fset, argLit.ValuePos, arg)
+			handler.OnMsgid(fset, argLit.ValuePos, arg, false)
 		}
 	}
 }
 
-func (handler Handler) handleGoTrArgument(fset *token.FileSet, n ast.Expr, prefix string) {
+func (handler Handler) HandleGoTrArgument(fset *token.FileSet, n ast.Expr, prefix string) {
 	if argLit, ok := n.(*ast.BasicLit); ok {
-		handler.handleGoTrBasicLit(fset, argLit, prefix)
+		handler.HandleGoTrBasicLit(fset, argLit, prefix)
 	} else if argBinExpr, ok := n.(*ast.BinaryExpr); ok {
 		if argBinExpr.Op != token.ADD {
 			// pass
@@ -57,7 +56,7 @@ func (handler Handler) handleGoTrArgument(fset *token.FileSet, n ast.Expr, prefi
 	}
 }
 
-func (handler Handler) handleGoCommentGroup(fset *token.FileSet, cg *ast.CommentGroup, commentPrefix string) *string {
+func (handler Handler) HandleGoCommentGroup(fset *token.FileSet, cg *ast.CommentGroup, commentPrefix string) *string {
 	if cg == nil {
 		return nil
 	}
@@ -87,131 +86,3 @@ func (handler Handler) handleGoCommentGroup(fset *token.FileSet, cg *ast.Comment
 		return &matchInsPrefix
 	}
 }
-
-// the `Handle*File` functions follow the following calling convention:
-// * `fname` is the name of the input file
-// * `src` is either `nil` (then the function invokes `ReadFile` to read the file)
-//   or the contents of the file as {`[]byte`, or a `string`}
-
-func (handler Handler) HandleGoFile(fname string, src any) error {
-	fset := token.NewFileSet()
-	node, err := goParser.ParseFile(fset, fname, src, goParser.SkipObjectResolution|goParser.ParseComments)
-	if err != nil {
-		return LocatedError{
-			Location: fname,
-			Kind:     "Go parser",
-			Err:      err,
-		}
-	}
-
-	ast.Inspect(node, func(n ast.Node) bool {
-		// search for function calls of the form `anything.Tr(any-string-lit, ...)`
-
-		switch n2 := n.(type) {
-		case *ast.CallExpr:
-			if len(n2.Args) == 0 {
-				return true
-			}
-			funSel, ok := n2.Fun.(*ast.SelectorExpr)
-			if !ok {
-				return true
-			}
-
-			ltf, ok := handler.LocaleTrFunctions[funSel.Sel.Name]
-			if !ok {
-				return true
-			}
-
-			var gotUnexpectedInvoke *int
-
-			for _, argNum := range ltf {
-				if len(n2.Args) <= int(argNum) {
-					argc := len(n2.Args)
-					gotUnexpectedInvoke = &argc
-				} else {
-					handler.handleGoTrArgument(fset, n2.Args[int(argNum)], "")
-				}
-			}
-
-			if gotUnexpectedInvoke != nil {
-				handler.OnUnexpectedInvoke(fset, funSel.Sel.NamePos, funSel.Sel.Name, *gotUnexpectedInvoke)
-			}
-		case *ast.CompositeLit:
-			ident, ok := n2.Type.(*ast.Ident)
-			if !ok {
-				return true
-			}
-
-			// special case: models/unit/unit.go
-			if strings.HasSuffix(fname, "unit.go") && ident.Name == "Unit" {
-				if len(n2.Elts) != 6 {
-					handler.OnWarning(fset, n2.Pos(), "unexpected initialization of 'Unit' (unexpected number of arguments)")
-				}
-				// NameKey has index 2
-				//   invoked like '{{ctx.Locale.Tr $unit.NameKey}}'
-				nameKey, ok := n2.Elts[2].(*ast.BasicLit)
-				if !ok || nameKey.Kind != token.STRING {
-					handler.OnWarning(fset, n2.Elts[2].Pos(), "unexpected initialization of 'Unit' (expected string literal as NameKey)")
-					return true
-				}
-
-				// extract string content
-				arg, err := strconv.Unquote(nameKey.Value)
-				if err == nil {
-					// found interesting strings
-					handler.OnMsgid(fset, nameKey.ValuePos, arg)
-				}
-			}
-		case *ast.FuncDecl:
-			matchInsPrefix := handler.handleGoCommentGroup(fset, n2.Doc, "llu:returnsTrKey")
-			if matchInsPrefix == nil {
-				return true
-			}
-			results := n2.Type.Results.List
-			if len(results) != 1 {
-				handler.OnWarning(fset, n2.Type.Func, fmt.Sprintf("function %s has unexpected return type; expected single return value", n2.Name.Name))
-				return true
-			}
-
-			ast.Inspect(n2.Body, func(n ast.Node) bool {
-				// search for return stmts
-				// TODO: what about nested functions?
-				if ret, ok := n.(*ast.ReturnStmt); ok {
-					for _, res := range ret.Results {
-						ast.Inspect(res, func(n ast.Node) bool {
-							if expr, ok := n.(ast.Expr); ok {
-								handler.handleGoTrArgument(fset, expr, *matchInsPrefix)
-							}
-							return true
-						})
-					}
-					return false
-				}
-				return true
-			})
-			return true
-		case *ast.GenDecl:
-			if !(n2.Tok == token.CONST || n2.Tok == token.VAR) {
-				return true
-			}
-			matchInsPrefix := handler.handleGoCommentGroup(fset, n2.Doc, " llu:TrKeys")
-			if matchInsPrefix == nil {
-				return true
-			}
-			for _, spec := range n2.Specs {
-				// interpret all contained strings as message IDs
-				ast.Inspect(spec, func(n ast.Node) bool {
-					if argLit, ok := n.(*ast.BasicLit); ok {
-						handler.handleGoTrBasicLit(fset, argLit, *matchInsPrefix)
-						return false
-					}
-					return true
-				})
-			}
-		}
-
-		return true
-	})
-
-	return nil
-}
diff --git a/build/lint-locale-usage/handle-tmpl.go b/build/lint-locale-usage/handle-tmpl.go
index a71d7d47e3..8d03291205 100644
--- a/build/lint-locale-usage/handle-tmpl.go
+++ b/build/lint-locale-usage/handle-tmpl.go
@@ -2,7 +2,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package main
+package lintLocaleUsage
 
 import (
 	"fmt"
@@ -48,18 +48,29 @@ func (handler Handler) handleTemplateNode(fset *token.FileSet, node tmplParser.N
 		}
 
 		funcname := ""
-		if nodeChain, ok := nodeCommand.Args[0].(*tmplParser.ChainNode); ok {
+		switch nodeCommand.Args[0].Type() {
+		case tmplParser.NodeChain:
+			nodeChain := nodeCommand.Args[0].(*tmplParser.ChainNode)
 			if nodeIdent, ok := nodeChain.Node.(*tmplParser.IdentifierNode); ok {
 				if nodeIdent.Ident != "ctx" || len(nodeChain.Field) != 2 || nodeChain.Field[0] != "Locale" {
 					return
 				}
 				funcname = nodeChain.Field[1]
 			}
-		} else if nodeField, ok := nodeCommand.Args[0].(*tmplParser.FieldNode); ok {
+
+		case tmplParser.NodeField:
+			nodeField := nodeCommand.Args[0].(*tmplParser.FieldNode)
 			if len(nodeField.Ident) != 2 || !(nodeField.Ident[0] == "locale" || nodeField.Ident[0] == "Locale") {
 				return
 			}
 			funcname = nodeField.Ident[1]
+
+		case tmplParser.NodeVariable:
+			nodeVar := nodeCommand.Args[0].(*tmplParser.VariableNode)
+			if len(nodeVar.Ident) != 3 || !(nodeVar.Ident[0] == "$" && nodeVar.Ident[1] == "locale") {
+				return
+			}
+			funcname = nodeVar.Ident[2]
 		}
 
 		var gotUnexpectedInvoke *int
@@ -93,7 +104,7 @@ func (handler Handler) handleTemplateMsgid(fset *token.FileSet, node tmplParser.
 	case tmplParser.NodeString:
 		nodeString := node.(*tmplParser.StringNode)
 		// found interesting strings
-		handler.OnMsgid(fset, pos, nodeString.Text)
+		handler.OnMsgid(fset, pos, nodeString.Text, false)
 
 	case tmplParser.NodePipe:
 		nodePipe := node.(*tmplParser.PipeNode)
@@ -132,7 +143,7 @@ func (handler Handler) handleTemplateMsgid(fset *token.FileSet, node tmplParser.
 
 		if len(nodeCommand.Args) == 2 {
 			// found interesting strings
-			handler.OnMsgid(fset, stringPos, msgidPrefix)
+			handler.OnMsgid(fset, stringPos, msgidPrefix, false)
 		} else {
 			if nodeIdent.Ident == "printf" {
 				parts := strings.SplitN(msgidPrefix, "%", 2)
diff --git a/build/lint-locale-usage/handler.go b/build/lint-locale-usage/handler.go
new file mode 100644
index 0000000000..6673ac3a4d
--- /dev/null
+++ b/build/lint-locale-usage/handler.go
@@ -0,0 +1,62 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package lintLocaleUsage
+
+import (
+	"go/token"
+	"strings"
+)
+
+type LocatedError struct {
+	Location string
+	Kind     string
+	Err      error
+}
+
+func (e LocatedError) Error() string {
+	var sb strings.Builder
+
+	sb.WriteString(e.Location)
+	sb.WriteString(":\t")
+	if e.Kind != "" {
+		sb.WriteString(e.Kind)
+		sb.WriteString(": ")
+	}
+	sb.WriteString("ERROR: ")
+	sb.WriteString(e.Err.Error())
+
+	return sb.String()
+}
+
+func InitLocaleTrFunctions() map[string][]uint {
+	ret := make(map[string][]uint)
+
+	f0 := []uint{0}
+	ret["Tr"] = f0
+	ret["TrString"] = f0
+	ret["TrHTML"] = f0
+
+	ret["TrPluralString"] = []uint{1}
+	ret["TrN"] = []uint{1, 2}
+
+	return ret
+}
+
+type Handler struct {
+	OnMsgid            func(fset *token.FileSet, pos token.Pos, msgid string, weak bool)
+	OnMsgidPrefix      func(fset *token.FileSet, pos token.Pos, msgidPrefix string, truncated bool)
+	OnUnexpectedInvoke func(fset *token.FileSet, pos token.Pos, funcname string, argc int)
+	OnWarning          func(fset *token.FileSet, pos token.Pos, msg string)
+	LocaleTrFunctions  map[string][]uint
+}
+
+// Truncating a message id prefix to the last dot
+func PrepareMsgidPrefix(s string) (string, bool) {
+	index := strings.LastIndexByte(s, 0x2e)
+	if index == -1 {
+		return "", true
+	}
+	return s[:index], index != len(s)-1
+}
diff --git a/cmd/actions.go b/cmd/actions.go
index 12af2c8e86..7a440d0290 100644
--- a/cmd/actions.go
+++ b/cmd/actions.go
@@ -28,6 +28,7 @@ func subcmdActionsGenRunnerToken() *cli.Command {
 	return &cli.Command{
 		Name:    "generate-runner-token",
 		Usage:   "Generate a new token for a runner to use to register with the server",
+		Before:  noDanglingArgs,
 		Action:  runGenerateActionsRunnerToken,
 		Aliases: []string{"grt"},
 		Flags: []cli.Flag{
diff --git a/cmd/admin.go b/cmd/admin.go
index 7e06a99cda..90157e2d5a 100644
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -37,6 +37,7 @@ func subcmdRepoSyncReleases() *cli.Command {
 	return &cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
+		Before: noDanglingArgs,
 		Action: runRepoSyncReleases,
 	}
 }
@@ -75,6 +76,7 @@ func subcmdSendMail() *cli.Command {
 	return &cli.Command{
 		Name:   "sendmail",
 		Usage:  "Send a message to all users",
+		Before: noDanglingArgs,
 		Action: runSendMail,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
@@ -103,7 +105,7 @@ func idFlag() *cli.Int64Flag {
 	}
 }
 
-func runRepoSyncReleases(ctx context.Context, _ *cli.Command) error {
+func runRepoSyncReleases(ctx context.Context, c *cli.Command) error {
 	ctx, cancel := installSignals(ctx)
 	defer cancel()
 
diff --git a/cmd/admin_auth.go b/cmd/admin_auth.go
index 91b344b1e9..0cfe7da12e 100644
--- a/cmd/admin_auth.go
+++ b/cmd/admin_auth.go
@@ -31,6 +31,7 @@ func microcmdAuthDelete() *cli.Command {
 		Name:   "delete",
 		Usage:  "Delete specific auth source",
 		Flags:  []cli.Flag{idFlag()},
+		Before: noDanglingArgs,
 		Action: runDeleteAuth,
 	}
 }
@@ -39,6 +40,7 @@ func microcmdAuthList() *cli.Command {
 	return &cli.Command{
 		Name:   "list",
 		Usage:  "List auth sources",
+		Before: noDanglingArgs,
 		Action: runListAuth,
 		Flags: []cli.Flag{
 			&cli.IntFlag{
diff --git a/cmd/admin_auth_ldap.go b/cmd/admin_auth_ldap.go
index 9af6c331d3..0ed7613a7e 100644
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -133,8 +133,9 @@ func ldapSimpleAuthCLIFlags() []cli.Flag {
 
 func microcmdAuthAddLdapBindDn() *cli.Command {
 	return &cli.Command{
-		Name:  "add-ldap",
-		Usage: "Add new LDAP (via Bind DN) authentication source",
+		Name:   "add-ldap",
+		Usage:  "Add new LDAP (via Bind DN) authentication source",
+		Before: noDanglingArgs,
 		Action: func(ctx context.Context, cli *cli.Command) error {
 			return newAuthService().addLdapBindDn(ctx, cli)
 		},
@@ -144,8 +145,9 @@ func microcmdAuthAddLdapBindDn() *cli.Command {
 
 func microcmdAuthUpdateLdapBindDn() *cli.Command {
 	return &cli.Command{
-		Name:  "update-ldap",
-		Usage: "Update existing LDAP (via Bind DN) authentication source",
+		Name:   "update-ldap",
+		Usage:  "Update existing LDAP (via Bind DN) authentication source",
+		Before: noDanglingArgs,
 		Action: func(ctx context.Context, cli *cli.Command) error {
 			return newAuthService().updateLdapBindDn(ctx, cli)
 		},
@@ -155,8 +157,9 @@ func microcmdAuthUpdateLdapBindDn() *cli.Command {
 
 func microcmdAuthAddLdapSimpleAuth() *cli.Command {
 	return &cli.Command{
-		Name:  "add-ldap-simple",
-		Usage: "Add new LDAP (simple auth) authentication source",
+		Name:   "add-ldap-simple",
+		Usage:  "Add new LDAP (simple auth) authentication source",
+		Before: noDanglingArgs,
 		Action: func(ctx context.Context, cli *cli.Command) error {
 			return newAuthService().addLdapSimpleAuth(ctx, cli)
 		},
@@ -166,8 +169,9 @@ func microcmdAuthAddLdapSimpleAuth() *cli.Command {
 
 func microcmdAuthUpdateLdapSimpleAuth() *cli.Command {
 	return &cli.Command{
-		Name:  "update-ldap-simple",
-		Usage: "Update existing LDAP (simple auth) authentication source",
+		Name:   "update-ldap-simple",
+		Usage:  "Update existing LDAP (simple auth) authentication source",
+		Before: noDanglingArgs,
 		Action: func(ctx context.Context, cli *cli.Command) error {
 			return newAuthService().updateLdapSimpleAuth(ctx, cli)
 		},
diff --git a/cmd/admin_auth_oauth.go b/cmd/admin_auth_oauth.go
index ef5d9116e3..0fd8650f37 100644
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@@ -136,6 +136,7 @@ func microcmdAuthAddOauth() *cli.Command {
 	return &cli.Command{
 		Name:   "add-oauth",
 		Usage:  "Add new Oauth authentication source",
+		Before: noDanglingArgs,
 		Action: newAuthService().addOauth,
 		Flags:  oauthCLIFlags(),
 	}
@@ -145,6 +146,7 @@ func microcmdAuthUpdateOauth() *cli.Command {
 	return &cli.Command{
 		Name:   "update-oauth",
 		Usage:  "Update existing Oauth authentication source",
+		Before: noDanglingArgs,
 		Action: newAuthService().updateOauth,
 		Flags:  append(oauthCLIFlags()[:1], append([]cli.Flag{idFlag()}, oauthCLIFlags()[1:]...)...),
 	}
diff --git a/cmd/admin_auth_stmp.go b/cmd/admin_auth_stmp.go
index 48b3adaac3..970b613638 100644
--- a/cmd/admin_auth_stmp.go
+++ b/cmd/admin_auth_stmp.go
@@ -78,6 +78,7 @@ func microcmdAuthAddSMTP() *cli.Command {
 	return &cli.Command{
 		Name:   "add-smtp",
 		Usage:  "Add new SMTP authentication source",
+		Before: noDanglingArgs,
 		Action: runAddSMTP,
 		Flags:  smtpCLIFlags(),
 	}
@@ -87,6 +88,7 @@ func microcmdAuthUpdateSMTP() *cli.Command {
 	return &cli.Command{
 		Name:   "update-smtp",
 		Usage:  "Update existing SMTP authentication source",
+		Before: noDanglingArgs,
 		Action: runUpdateSMTP,
 		Flags:  append(smtpCLIFlags()[:1], append([]cli.Flag{idFlag()}, smtpCLIFlags()[1:]...)...),
 	}
diff --git a/cmd/admin_regenerate.go b/cmd/admin_regenerate.go
index 7bfd12f8f4..4d14df317d 100644
--- a/cmd/admin_regenerate.go
+++ b/cmd/admin_regenerate.go
@@ -17,17 +17,19 @@ var (
 	microcmdRegenHooks = &cli.Command{
 		Name:   "hooks",
 		Usage:  "Regenerate git-hooks",
+		Before: noDanglingArgs,
 		Action: runRegenerateHooks,
 	}
 
 	microcmdRegenKeys = &cli.Command{
 		Name:   "keys",
 		Usage:  "Regenerate authorized_keys file",
+		Before: noDanglingArgs,
 		Action: runRegenerateKeys,
 	}
 )
 
-func runRegenerateHooks(ctx context.Context, _ *cli.Command) error {
+func runRegenerateHooks(ctx context.Context, c *cli.Command) error {
 	ctx, cancel := installSignals(ctx)
 	defer cancel()
 
@@ -37,7 +39,7 @@ func runRegenerateHooks(ctx context.Context, _ *cli.Command) error {
 	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
 }
 
-func runRegenerateKeys(ctx context.Context, _ *cli.Command) error {
+func runRegenerateKeys(ctx context.Context, c *cli.Command) error {
 	ctx, cancel := installSignals(ctx)
 	defer cancel()
 
diff --git a/cmd/admin_user_change_password.go b/cmd/admin_user_change_password.go
index dd8c9d378a..cd52a8378c 100644
--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@@ -21,6 +21,7 @@ func microcmdUserChangePassword() *cli.Command {
 	return &cli.Command{
 		Name:   "change-password",
 		Usage:  "Change a user's password",
+		Before: noDanglingArgs,
 		Action: runChangePassword,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
diff --git a/cmd/admin_user_create.go b/cmd/admin_user_create.go
index 96431412f6..e3800bdb59 100644
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -23,6 +23,7 @@ func microcmdUserCreate() *cli.Command {
 	return &cli.Command{
 		Name:   "create",
 		Usage:  "Create a new user in database",
+		Before: noDanglingArgs,
 		Action: runCreateUser,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
diff --git a/cmd/admin_user_delete.go b/cmd/admin_user_delete.go
index 3382c53e5f..affd76247f 100644
--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@@ -40,6 +40,7 @@ func microcmdUserDelete() *cli.Command {
 				Usage: "Purge user, all their repositories, organizations and comments",
 			},
 		},
+		Before: noDanglingArgs,
 		Action: runDeleteUser,
 	}
 }
diff --git a/cmd/admin_user_generate_access_token.go b/cmd/admin_user_generate_access_token.go
index d0f2878297..0a3a7fa89d 100644
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@@ -40,6 +40,7 @@ func microcmdUserGenerateAccessToken() *cli.Command {
 				Usage: `Comma separated list of scopes to apply to access token, examples: "all", "public-only,read:issue", "write:repository,write:user"`,
 			},
 		},
+		Before: noDanglingArgs,
 		Action: runGenerateAccessToken,
 	}
 }
diff --git a/cmd/admin_user_list.go b/cmd/admin_user_list.go
index ccc4b8c917..8e1323bcf8 100644
--- a/cmd/admin_user_list.go
+++ b/cmd/admin_user_list.go
@@ -18,6 +18,7 @@ func microcmdUserList() *cli.Command {
 	return &cli.Command{
 		Name:   "list",
 		Usage:  "List users",
+		Before: noDanglingArgs,
 		Action: runListUsers,
 		Flags: []cli.Flag{
 			&cli.BoolFlag{
diff --git a/cmd/admin_user_reset_mfa.go b/cmd/admin_user_reset_mfa.go
index 8107fd97bf..504331100c 100644
--- a/cmd/admin_user_reset_mfa.go
+++ b/cmd/admin_user_reset_mfa.go
@@ -17,6 +17,7 @@ func microcmdUserResetMFA() *cli.Command {
 	return &cli.Command{
 		Name:   "reset-mfa",
 		Usage:  "Remove all two-factor authentication configurations for a user",
+		Before: noDanglingArgs,
 		Action: runResetMFA,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
diff --git a/cmd/cert.go b/cmd/cert.go
index f9e3a16f3e..baadcbda85 100644
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -31,6 +31,7 @@ func cmdCert() *cli.Command {
 		Usage: "Generate self-signed certificate",
 		Description: `Generate a self-signed X.509 certificate for a TLS server.
 Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
+		Before: noDanglingArgs,
 		Action: runCert,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
diff --git a/cmd/cmd.go b/cmd/cmd.go
index 85a482b78c..379609d294 100644
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -12,6 +12,7 @@ import (
 	"io"
 	"os"
 	"os/signal"
+	"slices"
 	"strings"
 	"syscall"
 
@@ -40,6 +41,19 @@ func argsSet(c *cli.Command, args ...string) error {
 	return nil
 }
 
+// When a CLI command is intended to be used only with flags and no other arbitrary args, noDanglingArgs will validate
+// the end-user's usage.
+func noDanglingArgs(ctx context.Context, c *cli.Command) (context.Context, error) {
+	if c.Args().Len() != 0 {
+		args := c.Args().Slice()
+		if slices.Contains(args, "false") {
+			println("Hint: boolean false must be specified as a single arg, eg. '--restricted=false', not '--restricted false'")
+		}
+		return nil, fmt.Errorf("unexpected arguments: %s", strings.Join(c.Args().Slice(), ", "))
+	}
+	return nil, nil
+}
+
 // confirm waits for user input which confirms an action
 func confirm() (bool, error) {
 	var response string
@@ -135,3 +149,18 @@ func PrepareConsoleLoggerLevel(defaultLevel log.Level) func(ctx context.Context,
 		return ctx, nil
 	}
 }
+
+func multipleBefore(beforeFuncs ...cli.BeforeFunc) cli.BeforeFunc {
+	return func(ctx context.Context, cli *cli.Command) (context.Context, error) {
+		for _, beforeFunc := range beforeFuncs {
+			bctx, err := beforeFunc(ctx, cli)
+			if err != nil {
+				return bctx, err
+			}
+			if bctx != nil {
+				ctx = bctx
+			}
+		}
+		return ctx, nil
+	}
+}
diff --git a/cmd/doctor.go b/cmd/doctor.go
index 681794f094..f557481110 100644
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -6,6 +6,8 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"image"
+	"io"
 	golog "log"
 	"os"
 	"path/filepath"
@@ -13,13 +15,17 @@ import (
 	"text/tabwriter"
 
 	"forgejo.org/models/db"
-	"forgejo.org/models/migrations"
-	migrate_base "forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations"
+	migrate_base "forgejo.org/models/gitea_migrations/base"
+	repo_model "forgejo.org/models/repo"
+	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/container"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/storage"
 	"forgejo.org/services/doctor"
 
+	exif_terminator "code.superseriousbusiness.org/exif-terminator"
 	"github.com/urfave/cli/v3"
 )
 
@@ -34,6 +40,7 @@ func cmdDoctor() *cli.Command {
 			cmdDoctorCheck(),
 			cmdRecreateTable(),
 			cmdDoctorConvert(),
+			cmdAvatarStripExif(),
 		},
 	}
 }
@@ -43,6 +50,7 @@ func cmdDoctorCheck() *cli.Command {
 		Name:        "check",
 		Usage:       "Diagnose and optionally fix problems",
 		Description: "A command to diagnose problems with the current Forgejo instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
+		Before:      noDanglingArgs,
 		Action:      runDoctorCheck,
 		Flags: []cli.Flag{
 			&cli.BoolFlag{
@@ -98,6 +106,15 @@ You should back-up your database before doing this and ensure that your database
 	}
 }
 
+func cmdAvatarStripExif() *cli.Command {
+	return &cli.Command{
+		Name:   "avatar-strip-exif",
+		Usage:  "Strip EXIF metadata from all images in the avatar storage",
+		Before: noDanglingArgs,
+		Action: runAvatarStripExif,
+	}
+}
+
 func runRecreateTable(stdCtx context.Context, ctx *cli.Command) error {
 	stdCtx, cancel := installSignals(stdCtx)
 	defer cancel()
@@ -142,7 +159,7 @@ func runRecreateTable(stdCtx context.Context, ctx *cli.Command) error {
 			return err
 		}
 
-		if err := migrations.EnsureUpToDate(engine); err != nil {
+		if err := gitea_migrations.EnsureUpToDate(engine); err != nil {
 			return err
 		}
 
@@ -230,3 +247,78 @@ func runDoctorCheck(stdCtx context.Context, ctx *cli.Command) error {
 	}
 	return doctor.RunChecks(stdCtx, colorize, ctx.Bool("fix"), checks)
 }
+
+func runAvatarStripExif(ctx context.Context, c *cli.Command) error {
+	ctx, cancel := installSignals(ctx)
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+	if err := storage.Init(); err != nil {
+		return err
+	}
+
+	type HasCustomAvatarRelativePath interface {
+		CustomAvatarRelativePath() string
+	}
+
+	doExifStrip := func(obj HasCustomAvatarRelativePath, name string, target_storage storage.ObjectStorage) error {
+		if obj.CustomAvatarRelativePath() == "" {
+			return nil
+		}
+
+		log.Info("Stripping avatar for %s...", name)
+
+		avatarFile, err := target_storage.Open(obj.CustomAvatarRelativePath())
+		if err != nil {
+			return fmt.Errorf("storage.Avatars.Open: %w", err)
+		}
+		_, imgType, err := image.DecodeConfig(avatarFile)
+		if err != nil {
+			return fmt.Errorf("image.DecodeConfig: %w", err)
+		}
+
+		// reset io.Reader for exif termination scan
+		_, err = avatarFile.Seek(0, io.SeekStart)
+		if err != nil {
+			return fmt.Errorf("avatarFile.Seek: %w", err)
+		}
+
+		cleanedData, err := exif_terminator.Terminate(avatarFile, imgType)
+		if err != nil && strings.Contains(err.Error(), "cannot be processed") {
+			// expected error for an image type that isn't supported by exif_terminator
+			log.Info("... image type %s is not supported by exif_terminator, skipping.", imgType)
+			return nil
+		} else if err != nil {
+			return fmt.Errorf("error cleaning exif data: %w", err)
+		}
+
+		if err := storage.SaveFrom(target_storage, obj.CustomAvatarRelativePath(), func(w io.Writer) error {
+			_, err := io.Copy(w, cleanedData)
+			return err
+		}); err != nil {
+			return fmt.Errorf("Failed to create dir %s: %w", obj.CustomAvatarRelativePath(), err)
+		}
+
+		log.Info("... completed %s.", name)
+
+		return nil
+	}
+
+	err := db.Iterate(ctx, nil, func(ctx context.Context, user *user_model.User) error {
+		return doExifStrip(user, fmt.Sprintf("user %s", user.Name), storage.Avatars)
+	})
+	if err != nil {
+		return err
+	}
+
+	err = db.Iterate(ctx, nil, func(ctx context.Context, repo *repo_model.Repository) error {
+		return doExifStrip(repo, fmt.Sprintf("repo %s", repo.Name), storage.RepoAvatars)
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/cmd/doctor_convert.go b/cmd/doctor_convert.go
index 44bebae154..7bc70163dd 100644
--- a/cmd/doctor_convert.go
+++ b/cmd/doctor_convert.go
@@ -20,6 +20,7 @@ func cmdDoctorConvert() *cli.Command {
 		Name:        "convert",
 		Usage:       "Convert the database",
 		Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
+		Before:      noDanglingArgs,
 		Action:      runDoctorConvert,
 	}
 }
diff --git a/cmd/dump.go b/cmd/dump.go
index ea141291f5..b94277e529 100644
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -164,6 +164,7 @@ func cmdDump() *cli.Command {
 		Usage: "Dump Forgejo files and database",
 		Description: `Dump compresses all related files and database into zip file.
 It can be used for backup and capture Forgejo server image to send to maintainer`,
+		Before: noDanglingArgs,
 		Action: runDump,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
diff --git a/cmd/dump_repo.go b/cmd/dump_repo.go
index 7159d55e99..8e0ef0311f 100644
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -28,6 +28,7 @@ func cmdDumpRepository() *cli.Command {
 		Name:        "dump-repo",
 		Usage:       "Dump the repository from git/github/gitea/gitlab",
 		Description: "This is a command for dumping the repository data.",
+		Before:      noDanglingArgs,
 		Action:      runDumpRepository,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
diff --git a/cmd/generate.go b/cmd/generate.go
index 7076ae541f..a37d689dc2 100644
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -42,6 +42,7 @@ func microcmdGenerateInternalToken() *cli.Command {
 	return &cli.Command{
 		Name:   "INTERNAL_TOKEN",
 		Usage:  "Generate a new INTERNAL_TOKEN",
+		Before: noDanglingArgs,
 		Action: runGenerateInternalToken,
 	}
 }
@@ -51,6 +52,7 @@ func microcmdGenerateLfsJwtSecret() *cli.Command {
 		Name:    "JWT_SECRET",
 		Aliases: []string{"LFS_JWT_SECRET"},
 		Usage:   "Generate a new JWT_SECRET",
+		Before:  noDanglingArgs,
 		Action:  runGenerateLfsJwtSecret,
 	}
 }
@@ -59,6 +61,7 @@ func microcmdGenerateSecretKey() *cli.Command {
 	return &cli.Command{
 		Name:   "SECRET_KEY",
 		Usage:  "Generate a new SECRET_KEY",
+		Before: noDanglingArgs,
 		Action: runGenerateSecretKey,
 	}
 }
diff --git a/cmd/keys.go b/cmd/keys.go
index 00901903f4..31be86d99b 100644
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -21,7 +21,7 @@ func cmdKeys() *cli.Command {
 		Name:        "keys",
 		Usage:       "(internal) Should only be called by SSH server",
 		Description: "Queries the Forgejo database to get the authorized command for a given ssh key fingerprint",
-		Before:      PrepareConsoleLoggerLevel(log.FATAL),
+		Before:      multipleBefore(noDanglingArgs, PrepareConsoleLoggerLevel(log.FATAL)),
 		Action:      runKeys,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
diff --git a/cmd/manager.go b/cmd/manager.go
index 029329b44e..87634705ee 100644
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -39,6 +39,7 @@ func subcmdShutdown() *cli.Command {
 				Name: "debug",
 			},
 		},
+		Before: noDanglingArgs,
 		Action: runShutdown,
 	}
 }
@@ -52,6 +53,7 @@ func subcmdRestart() *cli.Command {
 				Name: "debug",
 			},
 		},
+		Before: noDanglingArgs,
 		Action: runRestart,
 	}
 }
@@ -65,6 +67,7 @@ func subcmdReloadTemplates() *cli.Command {
 				Name: "debug",
 			},
 		},
+		Before: noDanglingArgs,
 		Action: runReloadTemplates,
 	}
 }
@@ -73,6 +76,7 @@ func subcmdFlushQueues() *cli.Command {
 	return &cli.Command{
 		Name:   "flush-queues",
 		Usage:  "Flush queues in the running process",
+		Before: noDanglingArgs,
 		Action: runFlushQueues,
 		Flags: []cli.Flag{
 			&cli.DurationFlag{
@@ -95,6 +99,7 @@ func subCmdProcesses() *cli.Command {
 	return &cli.Command{
 		Name:   "processes",
 		Usage:  "Display running processes within the current process",
+		Before: noDanglingArgs,
 		Action: runProcesses,
 		Flags: []cli.Flag{
 			&cli.BoolFlag{
diff --git a/cmd/manager_logging.go b/cmd/manager_logging.go
index c18bfa919b..02c924f4c5 100644
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@@ -77,6 +77,7 @@ func subcmdLogging() *cli.Command {
 						Name: "debug",
 					},
 				},
+				Before: noDanglingArgs,
 				Action: runPauseLogging,
 			}, {
 				Name:  "resume",
@@ -86,6 +87,7 @@ func subcmdLogging() *cli.Command {
 						Name: "debug",
 					},
 				},
+				Before: noDanglingArgs,
 				Action: runResumeLogging,
 			}, {
 				Name:  "release-and-reopen",
@@ -95,6 +97,7 @@ func subcmdLogging() *cli.Command {
 						Name: "debug",
 					},
 				},
+				Before: noDanglingArgs,
 				Action: runReleaseReopenLogging,
 			}, {
 				Name:      "remove",
@@ -156,6 +159,7 @@ func subcmdLogging() *cli.Command {
 								Usage:   "Compression level to use",
 							},
 						}...),
+						Before: noDanglingArgs,
 						Action: runAddFileLogger,
 					}, {
 						Name:  "conn",
@@ -182,6 +186,7 @@ func subcmdLogging() *cli.Command {
 								Usage:   "Host address and port to connect to (defaults to :7020)",
 							},
 						}...),
+						Before: noDanglingArgs,
 						Action: runAddConnLogger,
 					},
 				},
@@ -197,6 +202,7 @@ func subcmdLogging() *cli.Command {
 						Usage: "Switch off SQL logging",
 					},
 				},
+				Before: noDanglingArgs,
 				Action: runSetLogSQL,
 			},
 		},
diff --git a/cmd/migrate.go b/cmd/migrate.go
index 5a485d17f9..af450d6139 100644
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -7,7 +7,7 @@ import (
 	"context"
 
 	"forgejo.org/models/db"
-	"forgejo.org/models/migrations"
+	"forgejo.org/models/gitea_migrations"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 
@@ -20,6 +20,7 @@ func cmdMigrate() *cli.Command {
 		Name:        "migrate",
 		Usage:       "Migrate the database",
 		Description: "This is a command for migrating the database, so that you can run 'forgejo admin user create' before starting the server.",
+		Before:      noDanglingArgs,
 		Action:      runMigrate,
 	}
 }
@@ -43,7 +44,7 @@ func runMigrate(stdCtx context.Context, ctx *cli.Command) error {
 		if err != nil {
 			return err
 		}
-		return migrations.Migrate(masterEngine)
+		return gitea_migrations.Migrate(masterEngine)
 	}); err != nil {
 		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
diff --git a/cmd/migrate_storage.go b/cmd/migrate_storage.go
index d741a883e3..14ce222c9b 100644
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -13,7 +13,7 @@ import (
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	git_model "forgejo.org/models/git"
-	"forgejo.org/models/migrations"
+	"forgejo.org/models/gitea_migrations"
 	packages_model "forgejo.org/models/packages"
 	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
@@ -32,6 +32,7 @@ func cmdMigrateStorage() *cli.Command {
 		Name:        "migrate-storage",
 		Usage:       "Migrate the storage",
 		Description: "Copies stored files from storage configured in app.ini to parameter-configured storage",
+		Before:      noDanglingArgs,
 		Action:      runMigrateStorage,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
@@ -199,7 +200,7 @@ func runMigrateStorage(stdCtx context.Context, ctx *cli.Command) error {
 	log.Info("Configuration file: %s", setting.CustomConf)
 
 	if err := db.InitEngineWithMigration(context.Background(), func(e db.Engine) error {
-		return migrations.Migrate(e.(*xorm.Engine))
+		return gitea_migrations.Migrate(e.(*xorm.Engine))
 	}); err != nil {
 		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
diff --git a/cmd/restore_repo.go b/cmd/restore_repo.go
index 0e9f0bb50a..6c9bb218d4 100644
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -19,6 +19,7 @@ func cmdRestoreRepository() *cli.Command {
 		Name:        "restore-repo",
 		Usage:       "Restore the repository from disk",
 		Description: "This is a command for restoring the repository data.",
+		Before:      noDanglingArgs,
 		Action:      runRestoreRepository,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
diff --git a/cmd/web.go b/cmd/web.go
index 87965a7c1e..12a8cac797 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -39,7 +39,7 @@ func cmdWeb() *cli.Command {
 		Usage: "Start the Forgejo web server",
 		Description: `The Forgejo web server is the only thing you need to run,
 and it takes care of all the other things for you`,
-		Before: PrepareConsoleLoggerLevel(log.INFO),
+		Before: multipleBefore(noDanglingArgs, PrepareConsoleLoggerLevel(log.INFO)),
 		Action: runWeb,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
diff --git a/contrib/coverage-helper.sh b/contrib/coverage-helper.sh
index ec9f5469ea..3c37e03e05 100755
--- a/contrib/coverage-helper.sh
+++ b/contrib/coverage-helper.sh
@@ -8,8 +8,8 @@ PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}:  '
 # Those must be explicitly required and are excluded from the full list of packages because they
 # would interfere with the testing fixtures.
 #
-excluded+='forgejo.org/models/migrations|'                # must be run before database specific tests
-excluded+='forgejo.org/models/forgejo_migrations|'        # must be run before database specific tests
+excluded+='forgejo.org/models/gitea_migrations|'                # must be run before database specific tests
+excluded+='forgejo.org/models/forgejo_migrations_legacy|'        # must be run before database specific tests
 excluded+='forgejo.org/tests/integration/migration-test|' # must be run before database specific tests
 excluded+='forgejo.org/tests|'                            # only tests, no coverage to get there
 excluded+='forgejo.org/tests/e2e|'                        # JavaScript is not in scope here and if it adds coverage it should not be counted
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index b065247d91..c68d2ebcc4 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -12,10 +12,10 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; These values are environment-dependent but form the basis of a lot of values. They will be
-;; reported as part of the default configuration when running `gitea help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
+;; reported as part of the default configuration when running `forgejo help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
 ;;
-;; - _`AppPath`_: This is the absolute path of the running gitea binary.
-;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
+;; - _`AppPath`_: This is the absolute path of the running Forgejo binary.
+;; - _`AppWorkPath`_: This refers to "working path" of the `forgejo` binary. It is determined by using the first set thing in the following hierarchy:
 ;;   - The "WORK_PATH" option in "app.ini" file
 ;;   - The `--work-path` flag passed to the binary
 ;;   - The environment variable `$GITEA_WORK_DIR`
@@ -54,7 +54,7 @@ APP_NAME = ; Forgejo: Beyond coding. We Forge.
 RUN_USER = ; git
 ;;
 ;; Application run mode, affects performance and debugging: "dev" or "prod", default is "prod"
-;; Mode "dev" makes Gitea easier to develop and debug, values other than "dev" are treated as "prod" which is for production use.
+;; Mode "dev" makes Forgejo easier to develop and debug, values other than "dev" are treated as "prod" which is for production use.
 ;RUN_MODE = prod
 ;;
 ;; The working directory, see the comment of AppWorkPath above
@@ -127,7 +127,7 @@ RUN_USER = ; git
 ;; Permission for unix socket
 ;UNIX_SOCKET_PERMISSION = 666
 ;;
-;; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. In
+;; Local (DMZ) URL for Forgejo workers (such as SSH update) accessing web service. In
 ;; most cases you do not need to change the default value. Alter it only if
 ;; your SSH server node is not the same as HTTP node. For different protocol, the default
 ;; values are different. If `PROTOCOL` is `http+unix`, the default value is `http://unix/`.
@@ -169,11 +169,11 @@ RUN_USER = ; git
 ;; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
 ;SSH_ROOT_PATH =
 ;;
-;; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
+;; Forgejo will create a authorized_keys file by default when it is not using the internal ssh server
 ;; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
 ;SSH_CREATE_AUTHORIZED_KEYS_FILE = true
 ;;
-;; Gitea will create a authorized_principals file by default when it is not using the internal ssh server
+;; Forgejo will create a authorized_principals file by default when it is not using the internal ssh server
 ;; If you intend to use the AuthorizedPrincipalsCommand functionality then you should turn this off.
 ;SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE = true
 ;;
@@ -198,7 +198,7 @@ RUN_USER = ; git
 ;; default is the system temporary directory.
 ;SSH_KEY_TEST_PATH =
 ;;
-;; Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself.
+;; Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Forgejo does the parsing itself.
 ;SSH_KEYGEN_PATH =
 ;;
 ;; Enable SSH Authorized Key Backup when rewriting all keys, default is false
@@ -220,9 +220,9 @@ RUN_USER = ; git
 ;; E.g."ssh-<algorithm> <key>". or "ssh-<algorithm> <key1>, ssh-<algorithm> <key2>".
 ;; For more information see "TrustedUserCAKeys" in the sshd config manpages.
 ;SSH_TRUSTED_USER_CA_KEYS =
-;; Absolute path of the `TrustedUserCaKeys` file gitea will manage.
+;; Absolute path of the `TrustedUserCaKeys` file Forgejo will manage.
 ;; Default this `RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem
-;; If you're running your own ssh server and you want to use the gitea managed file you'll also need to modify your
+;; If you're running your own ssh server and you want to use the Forgejo managed file you'll also need to modify your
 ;; sshd_config to point to this file. The official docker image will automatically work without further configuration.
 ;SSH_TRUSTED_USER_CA_KEYS_FILENAME =
 ;;
@@ -277,7 +277,7 @@ RUN_USER = ; git
 ;;  Manual TLS settings: (Only applicable if ENABLE_ACME=false)
 ;;
 ;; Generate steps:
-;; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+;; $ ./forgejo cert -ca=true -duration=8760h0m0s -host=myhost.example.com
 ;;
 ;; Or from a .pfx file exported from the Windows certificate store (do
 ;; not forget to export the private key):
@@ -288,7 +288,7 @@ RUN_USER = ; git
 ;KEY_FILE = https/key.pem
 ;;
 ;; Root directory containing templates and static files.
-;; default is the path where Gitea is executed
+;; default is the path where Forgejo is executed
 ;STATIC_ROOT_PATH = ; Will default to the built-in value _`StaticRootPath`_
 ;;
 ;; Default path for App data
@@ -302,7 +302,7 @@ RUN_USER = ; git
 ;; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
 ;ENABLE_PPROF = false
 ;;
-;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
+;; PPROF_DATA_PATH, use an absolute path when you start Forgejo as service
 ;PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_
 ;;
 ;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
@@ -374,7 +374,7 @@ DB_TYPE = sqlite3
 ;USER = root
 ;PASSWD = ;Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;SSL_MODE = false ; either "false" (default), "true", or "skip-verify"
-;CHARSET_COLLATION = ; Empty as default, Gitea will try to find a case-sensitive collation. Don't change it unless you clearly know what you need.
+;CHARSET_COLLATION = ; Empty as default, Forgejo will try to find a case-sensitive collation. Don't change it unless you clearly know what you need.
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@@ -440,7 +440,7 @@ SECRET_KEY =
 ;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
 ;SECRET_KEY_URI = file:/etc/gitea/secret_key
 ;;
-;; Secret used to validate communication within Gitea binary.
+;; Secret used to validate communication within Forgejo binary.
 INTERNAL_TOKEN =
 ;;
 ;; Alternative location to specify internal token, instead of this file; you cannot specify both this and INTERNAL_TOKEN, and must pick one
@@ -474,9 +474,9 @@ INTERNAL_TOKEN =
 ;;
 ;; Set to false to allow users with git hook privileges to create custom git hooks.
 ;; Custom git hooks can be used to perform arbitrary code execution on the host operating system.
-;; This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
-;; By modifying the Gitea database, users can gain Gitea administrator privileges.
-;; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
+;; This enables the users to access and modify this config file and the Forgejo database and interrupt the Forgejo service.
+;; By modifying the Forgejo database, users can gain Forgejo administrator privileges.
+;; It also enables them to access other resources available to the user on the operating system that is running the Forgejo instance and perform arbitrary actions in the name of the Forgejo OS user.
 ;; WARNING: This maybe harmful to you website or your operating system.
 ;; WARNING: Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
 ;DISABLE_GIT_HOOKS = true
@@ -484,7 +484,7 @@ INTERNAL_TOKEN =
 ;; Set to true to disable webhooks feature.
 ;DISABLE_WEBHOOKS = false
 ;;
-;; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
+;; Set to false to allow pushes to Forgejo repositories despite having an incomplete environment - NOT RECOMMENDED
 ;ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
 ;;
 ;;Comma separated list of character classes required to pass minimum complexity.
@@ -545,7 +545,7 @@ ENABLED = true
 ;; The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you.
 ;JWT_SIGNING_PRIVATE_KEY_FILE = jwt/private.pem
 ;;
-;; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate
+;; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://forgejo.org/docs/latest/admin/command-line/#generate-secret
 ;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512.
 ;JWT_SECRET =
 ;;
@@ -670,7 +670,7 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; The path of git executable. If empty, Gitea searches through the PATH environment.
+;; The path of git executable. If empty, Forgejo searches through the PATH environment.
 ;PATH =
 ;;
 ;; The HOME directory for Git
@@ -755,17 +755,17 @@ LEVEL = Info
 ;; Whether a new user needs to be confirmed manually after registration. (Requires `REGISTER_EMAIL_CONFIRM` to be disabled.)
 ;REGISTER_MANUAL_CONFIRM = false
 ;;
-;; List of domain names that are allowed to be used to register on a Gitea instance, wildcard is supported
-;; eg: gitea.io,example.com,*.mydomain.com
+;; List of domain names that are allowed to be used to register on a Forgejo instance, wildcard is supported
+;; eg: forgejo.org,example.com,*.mydomain.com
 ;EMAIL_DOMAIN_ALLOWLIST =
 ;;
-;; Comma-separated list of domain names that are not allowed to be used to register on a Gitea instance, wildcard is supported
+;; Comma-separated list of domain names that are not allowed to be used to register on a Forgejo instance, wildcard is supported
 ;EMAIL_DOMAIN_BLOCKLIST =
 ;;
 ;; Disallow registration, only allow admins to create accounts.
 ;DISABLE_REGISTRATION = false
 ;;
-;; Allow registration only using gitea itself, it works only when DISABLE_REGISTRATION is false
+;; Allow registration only using Forgejo itself, it works only when DISABLE_REGISTRATION is false
 ;ALLOW_ONLY_INTERNAL_REGISTRATION = false
 ;;
 ;; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
@@ -777,7 +777,7 @@ LEVEL = Info
 ;; Mail notification
 ;ENABLE_NOTIFY_MAIL = false
 ;;
-;; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password
+;; This setting enables Forgejo to be signed in with HTTP BASIC Authentication using the user's password
 ;; If you set this to false you will not be able to access the tokens endpoints on the API with your password
 ;; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token
 ;ENABLE_BASIC_AUTHENTICATION = true
@@ -1012,7 +1012,7 @@ LEVEL = Info
 ;; Close issues as long as a commit on any branch marks it as fixed
 ;DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false
 ;;
-;; Allow users to push local repositories to Gitea and have them automatically created for a user or an org
+;; Allow users to push local repositories to Forgejo and have them automatically created for a user or an org
 ;ENABLE_PUSH_CREATE_USER = false
 ;ENABLE_PUSH_CREATE_ORG = false
 ;;
@@ -1076,7 +1076,7 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Path for local repository copy. Defaults to `tmp/local-repo` (content gets deleted on gitea restart)
+;; Path for local repository copy. Defaults to `tmp/local-repo` (content gets deleted on Forgejo restart)
 ;LOCAL_COPY_PATH = tmp/local-repo
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1088,7 +1088,7 @@ LEVEL = Info
 ;; Whether repository file uploads are enabled. Defaults to `true`
 ;ENABLED = true
 ;;
-;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on gitea restart)
+;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on Forgejo restart)
 ;TEMP_PATH = data/tmp/uploads
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
@@ -1187,7 +1187,7 @@ LEVEL = Info
 ;; Sets the default trust model for repositories. Options are: collaborator, committer, collaboratorcommitter
 ;DEFAULT_TRUST_MODEL = collaborator
 ;;
-;; Determines when gitea should sign the initial commit when creating a repository
+;; Determines when Forgejo should sign the initial commit when creating a repository
 ;; Either:
 ;; - never
 ;; - pubkey: only sign if the user has a pubkey
@@ -1301,7 +1301,7 @@ LEVEL = Info
 ;; Whether the email of the user should be shown in the Explore Users page
 ;SHOW_USER_EMAIL = true
 ;;
-;; Set the default theme for the Gitea install
+;; Set the default theme for the Forgejo install
 ;DEFAULT_THEME = forgejo-auto
 ;;
 ;; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
@@ -1338,10 +1338,6 @@ LEVEL = Info
 ;; Change the sort type of the explore pages.
 ;; Default is "recentupdate", but you also have "alphabetically", "reverselastlogin", "newest", "oldest".
 ;EXPLORE_PAGING_DEFAULT_SORT = recentupdate
-;;
-;; The tense all timestamps should be rendered in. Possible values are `absolute` time (i.e. 1970-01-01, 11:59) and `mixed`.
-;; `mixed` means most timestamps are rendered in relative time (i.e. 2 days ago).
-;PREFERRED_TIMESTAMP_TENSE = mixed
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1710,10 +1706,10 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; NOTICE: this section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
+;; NOTICE: this section is for Forgejo 1.18 and later. If you are using Forgejo 1.17 or older,
 ;; please refer to
-;; https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini
-;; https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+;; https://codeberg.org/forgejo/forgejo/src/commit/8769df117d6cc2f4ab00d6e1d54ef4241d063f11/custom/conf/app.example.ini
+;; https://codeberg.org/forgejo/forgejo/src/commit/8769df117d6cc2f4ab00d6e1d54ef4241d063f11/docs/content/doc/advanced/config-cheat-sheet.en-us.md
 ;;
 ;ENABLED = false
 ;;
@@ -1766,7 +1762,7 @@ LEVEL = Info
 ;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
 ;ENVELOPE_FROM =
 ;;
-;; If gitea sends mails on behave of users, it will just use the name also displayed in the WebUI. If you want e.g. `Mister X (by CodeIt) <gitea@codeit.net>`,
+;; If Forgejo sends mails on behave of users, it will just use the name also displayed in the WebUI. If you want e.g. `John Doe (by AppName) <johndoe@example.com>`,
 ;; set it to `{{ .DisplayName }} (by {{ .AppName }})`. Available Variables: `.DisplayName`, `.AppName` and `.Domain`.
 ;FROM_DISPLAY_NAME_FORMAT = {{ .DisplayName }}
 ;;
@@ -1927,7 +1923,7 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; How Gitea deals with missing repository avatars
+;; How Forgejo deals with missing repository avatars
 ;; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
 ;REPOSITORY_AVATAR_FALLBACK = none
 ;REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
@@ -2045,7 +2041,7 @@ LEVEL = Info
 ;;
 ;; Setting this to true will enable all cron tasks periodically with default settings.
 ;ENABLED = false
-;; Setting this to true will run all enabled cron tasks when Gitea starts.
+;; Setting this to true will run all enabled cron tasks when Forgejo starts.
 ;RUN_AT_START = false
 ;;
 ;; Note: ``SCHEDULE`` accept formats
@@ -2085,7 +2081,7 @@ LEVEL = Info
 ;SCHEDULE = @every 10m
 ;; Enable running Update mirrors task periodically.
 ;ENABLED = true
-;; Run Update mirrors task when Gitea starts.
+;; Run Update mirrors task when Forgejo starts.
 ;RUN_AT_START = false
 ;; Notice if not success
 ;NOTICE_ON_SUCCESS = false
@@ -2106,7 +2102,7 @@ LEVEL = Info
 ;SCHEDULE = @midnight
 ;; Enable running Repository health check task periodically.
 ;ENABLED = true
-;; Run Repository health check task when Gitea starts.
+;; Run Repository health check task when Forgejo starts.
 ;RUN_AT_START = false
 ;; Notice if not success
 ;NOTICE_ON_SUCCESS = false
@@ -2124,7 +2120,7 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Enable running check repository statistics task periodically.
 ;ENABLED = true
-;; Run check repository statistics task when Gitea starts.
+;; Run check repository statistics task when Forgejo starts.
 ;RUN_AT_START = true
 ;; Notice if not success
 ;NOTICE_ON_SUCCESS = false
@@ -2279,7 +2275,7 @@ LEVEL = Info
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Update the '.ssh/authorized_keys' file with Gitea SSH keys
+;; Update the '.ssh/authorized_keys' file with Forgejo SSH keys
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cron.resync_all_sshkeys]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2352,7 +2348,7 @@ LEVEL = Info
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Check for new Gitea versions
+;; Check for new Forgejo versions
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cron.update_checker]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2453,7 +2449,7 @@ LEVEL = Info
 ;[other]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Show version information about Gitea and Go in the footer
+;; Show version information about Forgejo and Go in the footer
 ;SHOW_FOOTER_VERSION = true
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
@@ -2700,7 +2696,7 @@ LEVEL = Info
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; settings for Gitea's LFS client (eg: mirroring an upstream lfs endpoint)
+;; settings for Forgejo's LFS client (eg: mirroring an upstream lfs endpoint)
 ;;
 ;[lfs_client]
 ;; Limit the number of pointers in each batch request to this number
@@ -2786,6 +2782,10 @@ LEVEL = Info
 ;SKIP_WORKFLOW_STRINGS = [skip ci],[ci skip],[no ci],[skip actions],[actions skip]
 ;; Limit on inputs for manual / workflow_dispatch triggers, default is 10
 ;LIMIT_DISPATCH_INPUTS = 10
+;; Support queuing workflow jobs, by setting `concurrency.group` & `concurrency.cancel-in-progress: false`, can increase
+;; server and database workload due to more complex database queries and more frequent server task querying; this
+;; feature can be disabled to reduce performance impact
+;CONCURRENCY_GROUP_QUEUE_ENABLED = true
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/eslint.config.mjs b/eslint.config.mjs
index 83a6b6bee1..61987aef14 100644
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@@ -58,7 +58,14 @@ export default tseslint.config(
       sourceType: 'module',
     },
     rules: {
-      '@typescript-eslint/no-unused-vars': 'off', // TODO: enable this rule again
+      '@typescript-eslint/no-unused-vars': [2, {
+        args: 'all',
+        argsIgnorePattern: '^_',
+        varsIgnorePattern: '^_',
+        caughtErrorsIgnorePattern: '^_',
+        destructuredArrayIgnorePattern: '^_',
+        ignoreRestSiblings: false,
+      }],
 
       '@eslint-community/eslint-comments/disable-enable-pair': [2],
       '@eslint-community/eslint-comments/no-aggregating-enable': [2],
@@ -539,14 +546,7 @@ export default tseslint.config(
       'no-unused-labels': [2],
       'no-unused-private-class-members': [2],
 
-      'no-unused-vars': [2, {
-        args: 'all',
-        argsIgnorePattern: '^_',
-        varsIgnorePattern: '^_',
-        caughtErrorsIgnorePattern: '^_',
-        destructuredArrayIgnorePattern: '^_',
-        ignoreRestSiblings: false,
-      }],
+      'no-unused-vars': [0],
 
       'no-use-before-define': [2, {
         functions: false,
@@ -703,7 +703,6 @@ export default tseslint.config(
       'sonarjs/no-inverted-boolean-check': [2],
       'sonarjs/no-nested-switch': [0],
       'sonarjs/no-nested-template-literals': [0],
-      'sonarjs/no-one-iteration-loop': [2],
       'sonarjs/no-redundant-boolean': [2],
       'sonarjs/no-redundant-jump': [2],
       'sonarjs/no-same-line-conditional': [2],
@@ -1083,6 +1082,7 @@ export default tseslint.config(
       '@vitest/no-standalone-expect': [0],
       '@vitest/no-test-prefixes': [0],
       '@vitest/no-test-return-statement': [0],
+      '@vitest/prefer-called-exactly-once-with': [2],
       '@vitest/prefer-called-with': [0],
       '@vitest/prefer-comparison-matcher': [0],
       '@vitest/prefer-each': [0],
@@ -1090,6 +1090,7 @@ export default tseslint.config(
       '@vitest/prefer-expect-resolves': [0],
       '@vitest/prefer-hooks-in-order': [0],
       '@vitest/prefer-hooks-on-top': [2],
+      '@vitest/prefer-import-in-mock': [0],
       '@vitest/prefer-lowercase-title': [0],
       '@vitest/prefer-mock-promise-shorthand': [0],
       '@vitest/prefer-snapshot-hint': [0],
diff --git a/go.mod b/go.mod
index e49ec8055f..fb204bf546 100644
--- a/go.mod
+++ b/go.mod
@@ -2,23 +2,25 @@ module forgejo.org
 
 go 1.24.0
 
-toolchain go1.24.7
+toolchain go1.25.3
 
 require (
-	code.forgejo.org/f3/gof3/v3 v3.11.0
+	code.forgejo.org/f3/gof3/v3 v3.11.1
 	code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v11 v11.1.1
+	code.forgejo.org/forgejo/runner/v11 v11.1.2
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
 	code.forgejo.org/go-chi/session v1.0.2
 	code.gitea.io/actions-proto-go v0.4.0
 	code.gitea.io/sdk/gitea v0.21.0
+	code.superseriousbusiness.org/exif-terminator v0.11.0
+	code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
-	connectrpc.com/connect v1.18.1
+	connectrpc.com/connect v1.19.1
 	github.com/42wim/httpsig v1.2.3
 	github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
@@ -34,6 +36,7 @@ require (
 	github.com/djherbis/buffer v1.2.0
 	github.com/djherbis/nio/v3 v3.0.1
 	github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707
+	github.com/dsoprea/go-exif/v3 v3.0.1
 	github.com/dustin/go-humanize v1.0.1
 	github.com/editorconfig/editorconfig-core-go/v2 v2.6.3
 	github.com/emersion/go-imap v1.2.1
@@ -47,7 +50,7 @@ require (
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.9.2
 	github.com/go-ldap/ldap/v3 v3.4.6
-	github.com/go-openapi/spec v0.21.0
+	github.com/go-openapi/spec v0.22.0
 	github.com/go-sql-driver/mysql v1.9.3
 	github.com/go-webauthn/webauthn v0.14.0
 	github.com/gobwas/glob v0.2.3
@@ -56,7 +59,7 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
 	github.com/google/go-github/v64 v64.0.0
-	github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5
+	github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
 	github.com/gorilla/sessions v1.4.0
@@ -74,7 +77,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-sqlite3 v1.14.32
 	github.com/meilisearch/meilisearch-go v0.34.0
-	github.com/mholt/archives v0.1.4
+	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/minio/minio-go/v7 v7.0.95
 	github.com/msteinert/pam/v2 v2.1.0
@@ -96,17 +99,17 @@ require (
 	github.com/yohcop/openid-go v1.0.1
 	github.com/yuin/goldmark v1.7.13
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
-	gitlab.com/gitlab-org/api/client-go v0.130.1
+	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
-	golang.org/x/crypto v0.42.0
-	golang.org/x/image v0.31.0
-	golang.org/x/net v0.44.0
-	golang.org/x/oauth2 v0.31.0
+	golang.org/x/crypto v0.43.0
+	golang.org/x/image v0.32.0
+	golang.org/x/net v0.46.0
+	golang.org/x/oauth2 v0.32.0
 	golang.org/x/sync v0.17.0
-	golang.org/x/sys v0.36.0
-	golang.org/x/text v0.29.0
-	google.golang.org/protobuf v1.36.9
+	golang.org/x/sys v0.37.0
+	golang.org/x/text v0.30.0
+	google.golang.org/protobuf v1.36.10
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
 	mvdan.cc/xurls/v2 v2.5.0
@@ -116,6 +119,7 @@ require (
 
 require (
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 // indirect
 	dario.cat/mergo v1.0.2 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
@@ -145,7 +149,7 @@ require (
 	github.com/blevesearch/zapx/v14 v14.4.2 // indirect
 	github.com/blevesearch/zapx/v15 v15.4.2 // indirect
 	github.com/blevesearch/zapx/v16 v16.2.4 // indirect
-	github.com/bmatcuk/doublestar/v4 v4.8.0 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.9.1 // indirect
 	github.com/bodgit/plumbing v1.3.0 // indirect
 	github.com/bodgit/sevenzip v1.6.1 // indirect
 	github.com/bodgit/windows v1.0.1 // indirect
@@ -160,6 +164,10 @@ require (
 	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dlclark/regexp2 v1.11.5 // indirect
+	github.com/dsoprea/go-iptc v0.0.0-20200609062250-162ae6b44feb // indirect
+	github.com/dsoprea/go-logging v0.0.0-20200710184922-b02d349568dd // indirect
+	github.com/dsoprea/go-photoshop-info-format v0.0.0-20200609050348-3db9b63b202c // indirect
+	github.com/dsoprea/go-utility/v2 v2.0.0-20221003172846-a3e1774ef349 // indirect
 	github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fatih/color v1.18.0 // indirect
@@ -167,17 +175,26 @@ require (
 	github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
+	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
 	github.com/go-git/go-git/v5 v5.16.2 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-openapi/jsonpointer v0.21.1 // indirect
-	github.com/go-openapi/jsonreference v0.21.0 // indirect
-	github.com/go-openapi/swag v0.23.1 // indirect
+	github.com/go-openapi/jsonpointer v0.22.1 // indirect
+	github.com/go-openapi/jsonreference v0.21.2 // indirect
+	github.com/go-openapi/swag/conv v0.25.1 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.1 // indirect
+	github.com/go-openapi/swag/jsonutils v0.25.1 // indirect
+	github.com/go-openapi/swag/loading v0.25.1 // indirect
+	github.com/go-openapi/swag/stringutils v0.25.1 // indirect
+	github.com/go-openapi/swag/typeutils v0.25.1 // indirect
+	github.com/go-openapi/swag/yamlutils v0.25.1 // indirect
 	github.com/go-webauthn/x v0.1.25 // indirect
+	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
+	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -189,7 +206,7 @@ require (
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
@@ -198,7 +215,7 @@ require (
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/markbates/going v1.0.3 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
-	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mattn/go-runewidth v0.0.17 // indirect
 	github.com/mattn/go-shellwords v1.0.12 // indirect
 	github.com/mholt/acmez/v3 v3.1.2 // indirect
 	github.com/miekg/dns v1.1.63 // indirect
@@ -212,7 +229,7 @@ require (
 	github.com/mrjones/oauth v0.0.0-20190623134757-126b35219450 // indirect
 	github.com/mschoch/smat v0.2.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nwaples/rardecode/v2 v2.1.1 // indirect
+	github.com/nwaples/rardecode/v2 v2.2.0 // indirect
 	github.com/olekukonko/errors v1.1.0 // indirect
 	github.com/olekukonko/ll v0.0.9 // indirect
 	github.com/olekukonko/tablewriter v1.0.7 // indirect
@@ -225,13 +242,13 @@ require (
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/rhysd/actionlint v1.7.7 // indirect
+	github.com/rhysd/actionlint v1.7.8 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/xid v1.6.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.3.1 // indirect
 	github.com/sorairolake/lzip-go v0.3.8 // indirect
-	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
 	github.com/tinylib/msgp v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
@@ -243,12 +260,14 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	go.uber.org/zap/exp v0.3.0 // indirect
+	go.yaml.in/yaml/v4 v4.0.0-rc.2 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/mod v0.27.0 // indirect
+	golang.org/x/mod v0.29.0 // indirect
 	golang.org/x/time v0.13.0 // indirect
-	golang.org/x/tools v0.36.0 // indirect
+	golang.org/x/tools v0.38.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
@@ -260,4 +279,4 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
-replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.1
+replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.3
diff --git a/go.sum b/go.sum
index e88102cb52..2ccd783122 100644
--- a/go.sum
+++ b/go.sum
@@ -16,8 +16,8 @@ cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2k
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-code.forgejo.org/f3/gof3/v3 v3.11.0 h1:f/xToKwqTgxG6PYxvewywjDQyCcyHEEJ6sZqUitFsAE=
-code.forgejo.org/f3/gof3/v3 v3.11.0/go.mod h1:4FaRUNSQGBiD1M0DuB0yNv+Z2wMtlOeckgygHSSq4KQ=
+code.forgejo.org/f3/gof3/v3 v3.11.1 h1:c0vE8XvqpbXuSv8gzttn96k5T2FQi0u9bYnux46qSAs=
+code.forgejo.org/f3/gof3/v3 v3.11.1/go.mod h1:1p2UKrqZiwxKneQF2DKrMnc403YIgR/lfcfvadZtmDs=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251 h1:HTZl3CBk3ABNYtFI6TPLvJgGKFIhKT5CBk0sbOtkDKU=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0 h1:RZGGeKt70p/WaIEL97pyT6uiiEIoN8/aLmS5Z6WmX0M=
@@ -28,8 +28,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v11 v11.1.1 h1:CoSfxBOLKLMJZq5VhKd5ZIUc3tCf04iyFx926s+zaMA=
-code.forgejo.org/forgejo/runner/v11 v11.1.1/go.mod h1:9f0D2EG7uabL+cv71SWHKrGgo2vmLpvko0QLmtn3RDE=
+code.forgejo.org/forgejo/runner/v11 v11.1.2 h1:jM5YsNmScH11VJEwmvsTUiqGjAqtiUzBhQ65BIo8ZOs=
+code.forgejo.org/forgejo/runner/v11 v11.1.2/go.mod h1:9f0D2EG7uabL+cv71SWHKrGgo2vmLpvko0QLmtn3RDE=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@@ -40,16 +40,22 @@ code.forgejo.org/go-chi/captcha v1.0.2 h1:vyHDPXkpjDv8bLO9NqtWzZayzstD/WpJ5xwEkA
 code.forgejo.org/go-chi/captcha v1.0.2/go.mod h1:lxiPLcJ76UCZHoH31/Wbum4GUi2NgjfFZLrJkKv1lLE=
 code.forgejo.org/go-chi/session v1.0.2 h1:pG+AXre9L9VXJmTaADXkmeEPuRalhmBXyv6tG2Rvjcc=
 code.forgejo.org/go-chi/session v1.0.2/go.mod h1:HnEGyBny7WPzCiVLP2vzL5ssma+3gCSl/vLpuVNYrqc=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.1 h1:jU5CICzbkpqol6qTa4yctLuS0BI3D2mVCx7q6ogK/gE=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.1/go.mod h1:0q+miQUSpTlsgMw2blcO9a87GB5WyatiX3GuwBca31w=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.3 h1:7KW1+3cr2YIZCS85TM+imdsUe8OdNsfV3F8iP2t36rM=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.3/go.mod h1:5ouTxqMcalQUvlBpQynRpzu/44GwaMpkA1nU+encsDE=
 code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU=
 code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
+code.superseriousbusiness.org/exif-terminator v0.11.0 h1:Hof0MCcsa+1fS17gf86fTTZ8AQnMY9h9kzcc+2C6mVg=
+code.superseriousbusiness.org/exif-terminator v0.11.0/go.mod h1:9sutT1axa/kSdlPLlRFjCNKmyo/KNx8eX3XZvWBlAEY=
+code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0 h1:r9uq8StaSHYKJ8DklR9Xy+E9c40G1Z8yj5TRGi8L6+4=
+code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0/go.mod h1:IK1OlR6APjVB3E9tuYGvf0qXMrwP+TrzcHS5rf4wffQ=
+code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 h1:I512jiIeXDC4//2BeSPrRM2ZS4wpBKUaPeTPxakMNGA=
+code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0/go.mod h1:SNHomXNW88o1pFfLHpD4KsCZLfcr4z5dm+xcX5SV10A=
 codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570 h1:TXbikPqa7YRtfU9vS6QJBg77pUvbEb6StRdZO8t1bEY=
 codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570/go.mod h1:IIAjsijsd8q1isWX8MACefDEgTQslQ4stk2AeeTt3kM=
-connectrpc.com/connect v1.18.1 h1:PAg7CjSAGvscaf6YZKUefjoih5Z/qYkyaTrBW8xvYPw=
-connectrpc.com/connect v1.18.1/go.mod h1:0292hj1rnx8oFrStN7cB4jjVBeqs+Yx5yDIC2prWDO8=
+connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
+connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
 dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
@@ -143,8 +149,8 @@ github.com/blevesearch/zapx/v15 v15.4.2 h1:sWxpDE0QQOTjyxYbAVjt3+0ieu8NCE0fDRaFx
 github.com/blevesearch/zapx/v15 v15.4.2/go.mod h1:1pssev/59FsuWcgSnTa0OeEpOzmhtmr/0/11H0Z8+Nw=
 github.com/blevesearch/zapx/v16 v16.2.4 h1:tGgfvleXTAkwsD5mEzgM3zCS/7pgocTCnO1oyAUjlww=
 github.com/blevesearch/zapx/v16 v16.2.4/go.mod h1:Rti/REtuuMmzwsI8/C/qIzRaEoSK/wiFYw5e5ctUKKs=
-github.com/bmatcuk/doublestar/v4 v4.8.0 h1:DSXtrypQddoug1459viM9X9D3dp1Z7993fw36I2kNcQ=
-github.com/bmatcuk/doublestar/v4 v4.8.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
+github.com/bmatcuk/doublestar/v4 v4.9.1 h1:X8jg9rRZmJd4yRy7ZeNDRnM+T3ZfHv15JiBJ/avrEXE=
+github.com/bmatcuk/doublestar/v4 v4.9.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/bodgit/plumbing v1.3.0 h1:pf9Itz1JOQgn7vEOE7v7nlEfBykYqvUYioC61TwWCFU=
 github.com/bodgit/plumbing v1.3.0/go.mod h1:JOTb4XiRu5xfnmdnDJo6GmSbSbtSyufrsyZFByMtKEs=
 github.com/bodgit/sevenzip v1.6.1 h1:kikg2pUMYC9ljU7W9SaqHXhym5HyKm8/M/jd31fYan4=
@@ -209,6 +215,28 @@ github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cn
 github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 h1:2tV76y6Q9BB+NEBasnqvs7e49aEBFI8ejC89PSnWH+4=
 github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
 github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY=
+github.com/dsoprea/go-exif/v2 v2.0.0-20200321225314-640175a69fe4/go.mod h1:Lm2lMM2zx8p4a34ZemkaUV95AnMl4ZvLbCUbwOvLC2E=
+github.com/dsoprea/go-exif/v3 v3.0.0-20200717053412-08f1b6708903/go.mod h1:0nsO1ce0mh5czxGeLo4+OCZ/C6Eo6ZlMWsz7rH/Gxv8=
+github.com/dsoprea/go-exif/v3 v3.0.0-20210428042052-dca55bf8ca15/go.mod h1:cg5SNYKHMmzxsr9X6ZeLh/nfBRHHp5PngtEPcujONtk=
+github.com/dsoprea/go-exif/v3 v3.0.0-20210625224831-a6301f85c82b/go.mod h1:cg5SNYKHMmzxsr9X6ZeLh/nfBRHHp5PngtEPcujONtk=
+github.com/dsoprea/go-exif/v3 v3.0.0-20221003160559-cf5cd88aa559/go.mod h1:rW6DMEv25U9zCtE5ukC7ttBRllXj7g7TAHl7tQrT5No=
+github.com/dsoprea/go-exif/v3 v3.0.0-20221003171958-de6cb6e380a8/go.mod h1:akyZEJZ/k5bmbC9gA612ZLQkcED8enS9vuTiuAkENr0=
+github.com/dsoprea/go-exif/v3 v3.0.1 h1:/IE4iW7gvY7BablV1XY0unqhMv26EYpOquVMwoBo/wc=
+github.com/dsoprea/go-exif/v3 v3.0.1/go.mod h1:10HkA1Wz3h398cDP66L+Is9kKDmlqlIJGPv8pk4EWvc=
+github.com/dsoprea/go-iptc v0.0.0-20200609062250-162ae6b44feb h1:gwjJjUr6FY7zAWVEueFPrcRHhd9+IK81TcItbqw2du4=
+github.com/dsoprea/go-iptc v0.0.0-20200609062250-162ae6b44feb/go.mod h1:kYIdx9N9NaOyD7U6D+YtExN7QhRm+5kq7//yOsRXQtM=
+github.com/dsoprea/go-logging v0.0.0-20190624164917-c4f10aab7696/go.mod h1:Nm/x2ZUNRW6Fe5C3LxdY1PyZY5wmDv/s5dkPJ/VB3iA=
+github.com/dsoprea/go-logging v0.0.0-20200517223158-a10564966e9d/go.mod h1:7I+3Pe2o/YSU88W0hWlm9S22W7XI1JFNJ86U0zPKMf8=
+github.com/dsoprea/go-logging v0.0.0-20200710184922-b02d349568dd h1:l+vLbuxptsC6VQyQsfD7NnEC8BZuFpz45PgY+pH8YTg=
+github.com/dsoprea/go-logging v0.0.0-20200710184922-b02d349568dd/go.mod h1:7I+3Pe2o/YSU88W0hWlm9S22W7XI1JFNJ86U0zPKMf8=
+github.com/dsoprea/go-photoshop-info-format v0.0.0-20200609050348-3db9b63b202c h1:7j5aWACOzROpr+dvMtu8GnI97g9ShLWD72XIELMgn+c=
+github.com/dsoprea/go-photoshop-info-format v0.0.0-20200609050348-3db9b63b202c/go.mod h1:pqKB+ijp27cEcrHxhXVgUUMlSDRuGJJp1E+20Lj5H0E=
+github.com/dsoprea/go-utility v0.0.0-20200711062821-fab8125e9bdf/go.mod h1:95+K3z2L0mqsVYd6yveIv1lmtT3tcQQ3dVakPySffW8=
+github.com/dsoprea/go-utility/v2 v2.0.0-20200717064901-2fccff4aa15e/go.mod h1:uAzdkPTub5Y9yQwXe8W4m2XuP0tK4a9Q/dantD0+uaU=
+github.com/dsoprea/go-utility/v2 v2.0.0-20221003142440-7a1927d49d9d/go.mod h1:LVjRU0RNUuMDqkPTxcALio0LWPFPXxxFCvVGVAwEpFc=
+github.com/dsoprea/go-utility/v2 v2.0.0-20221003160719-7bc88537c05e/go.mod h1:VZ7cB0pTjm1ADBWhJUOHESu4ZYy9JN+ZPqjfiW09EPU=
+github.com/dsoprea/go-utility/v2 v2.0.0-20221003172846-a3e1774ef349 h1:DilThiXje0z+3UQ5YjYiSRRzVdtamFpvBQXKwMglWqw=
+github.com/dsoprea/go-utility/v2 v2.0.0-20221003172846-a3e1774ef349/go.mod h1:4GC5sXji84i/p+irqghpPFZBF8tRN/Q7+700G0/DLe8=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.3 h1:XVUp6qW3BIkmM3/1EkrHpa6bL56APOynfXcZEmIgOhs=
@@ -258,6 +286,11 @@ github.com/go-enry/go-enry/v2 v2.9.2 h1:giOQAtCgBX08kosrX818DCQJTCNtKwoPBGu0qb6n
 github.com/go-enry/go-enry/v2 v2.9.2/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
 github.com/go-enry/go-oniguruma v1.2.1/go.mod h1:bWDhYP+S6xZQgiRL7wlTScFYBe023B6ilRZbCAD5Hf4=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-errors/errors v1.0.2/go.mod h1:psDX2osz5VnTOnFWbDeWwS7yejl+uV3FEWEp4lssFEs=
+github.com/go-errors/errors v1.1.1/go.mod h1:psDX2osz5VnTOnFWbDeWwS7yejl+uV3FEWEp4lssFEs=
+github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
+github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI=
 github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
@@ -274,14 +307,28 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A=
 github.com/go-ldap/ldap/v3 v3.4.6/go.mod h1:IGMQANNtxpsOzj7uUAMjpGBaOVTC4DYyIy8VsTdxmtc=
-github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic=
-github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
-github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
-github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
-github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
-github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
-github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
-github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
+github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk=
+github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM=
+github.com/go-openapi/jsonreference v0.21.2 h1:Wxjda4M/BBQllegefXrY/9aq1fxBA8sI5M/lFU6tSWU=
+github.com/go-openapi/jsonreference v0.21.2/go.mod h1:pp3PEjIsJ9CZDGCNOyXIQxsNuroxm8FAJ/+quA0yKzQ=
+github.com/go-openapi/spec v0.22.0 h1:xT/EsX4frL3U09QviRIZXvkh80yibxQmtoEvyqug0Tw=
+github.com/go-openapi/spec v0.22.0/go.mod h1:K0FhKxkez8YNS94XzF8YKEMULbFrRw4m15i2YUht4L0=
+github.com/go-openapi/swag/conv v0.25.1 h1:+9o8YUg6QuqqBM5X6rYL/p1dpWeZRhoIt9x7CCP+he0=
+github.com/go-openapi/swag/conv v0.25.1/go.mod h1:Z1mFEGPfyIKPu0806khI3zF+/EUXde+fdeksUl2NiDs=
+github.com/go-openapi/swag/jsonname v0.25.1 h1:Sgx+qbwa4ej6AomWC6pEfXrA6uP2RkaNjA9BR8a1RJU=
+github.com/go-openapi/swag/jsonname v0.25.1/go.mod h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo=
+github.com/go-openapi/swag/jsonutils v0.25.1 h1:AihLHaD0brrkJoMqEZOBNzTLnk81Kg9cWr+SPtxtgl8=
+github.com/go-openapi/swag/jsonutils v0.25.1/go.mod h1:JpEkAjxQXpiaHmRO04N1zE4qbUEg3b7Udll7AMGTNOo=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1 h1:DSQGcdB6G0N9c/KhtpYc71PzzGEIc/fZ1no35x4/XBY=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1/go.mod h1:kjmweouyPwRUEYMSrbAidoLMGeJ5p6zdHi9BgZiqmsg=
+github.com/go-openapi/swag/loading v0.25.1 h1:6OruqzjWoJyanZOim58iG2vj934TysYVptyaoXS24kw=
+github.com/go-openapi/swag/loading v0.25.1/go.mod h1:xoIe2EG32NOYYbqxvXgPzne989bWvSNoWoyQVWEZicc=
+github.com/go-openapi/swag/stringutils v0.25.1 h1:Xasqgjvk30eUe8VKdmyzKtjkVjeiXx1Iz0zDfMNpPbw=
+github.com/go-openapi/swag/stringutils v0.25.1/go.mod h1:JLdSAq5169HaiDUbTvArA2yQxmgn4D6h4A+4HqVvAYg=
+github.com/go-openapi/swag/typeutils v0.25.1 h1:rD/9HsEQieewNt6/k+JBwkxuAHktFtH3I3ysiFZqukA=
+github.com/go-openapi/swag/typeutils v0.25.1/go.mod h1:9McMC/oCdS4BKwk2shEB7x17P6HmMmA6dQRtAkSnNb8=
+github.com/go-openapi/swag/yamlutils v0.25.1 h1:mry5ez8joJwzvMbaTGLhw8pXUnhDK91oSJLDPF1bmGk=
+github.com/go-openapi/swag/yamlutils v0.25.1/go.mod h1:cm9ywbzncy3y6uPm/97ysW8+wZ09qsks+9RS8fLWKqg=
 github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=
 github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
@@ -291,6 +338,8 @@ github.com/go-webauthn/webauthn v0.14.0 h1:ZLNPUgPcDlAeoxe+5umWG/tEeCoQIDr7gE2Zx
 github.com/go-webauthn/webauthn v0.14.0/go.mod h1:QZzPFH3LJ48u5uEPAu+8/nWJImoLBWM7iAH/kSVSo6k=
 github.com/go-webauthn/x v0.1.25 h1:g/0noooIGcz/yCVqebcFgNnGIgBlJIccS+LYAa+0Z88=
 github.com/go-webauthn/x v0.1.25/go.mod h1:ieblaPY1/BVCV0oQTsA/VAo08/TWayQuJuo5Q+XxmTY=
+github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b h1:khEcpUM4yFcxg4/FHQWkvVRmgijNXRfzkIDHh23ggEo=
+github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
@@ -308,6 +357,10 @@ github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9v
 github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
+github.com/golang/geo v0.0.0-20190916061304-5b978397cfec/go.mod h1:QZ0nwyI2jOfgRAoBvP+ab5aRr7c9x7lhGEJrKvBwjWI=
+github.com/golang/geo v0.0.0-20200319012246-673a6f80352d/go.mod h1:QZ0nwyI2jOfgRAoBvP+ab5aRr7c9x7lhGEJrKvBwjWI=
+github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 h1:gtexQ/VGyN+VVFRXSFiguSNcXmS6rkKT+X7FdIrTtfo=
+github.com/golang/geo v0.0.0-20210211234256-740aa86cb551/go.mod h1:QZ0nwyI2jOfgRAoBvP+ab5aRr7c9x7lhGEJrKvBwjWI=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -360,8 +413,8 @@ github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OI
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
-github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5 h1:xhMrHhTJ6zxu3gA4enFM9MLn9AY7613teCdFnlUVbSQ=
-github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA=
+github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 h1:ZI8gCoCjGzPsum4L21jHdQs8shFBIQih1TM9Rd/c+EQ=
+github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -387,8 +440,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
-github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
+github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48=
+github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
@@ -404,6 +457,8 @@ github.com/inbucket/html2text v0.9.0 h1:ULJmVcBEMAcmLE+/rN815KG1Fx6+a4HhbUxiDiN+
 github.com/inbucket/html2text v0.9.0/go.mod h1:QDaumzl+/OzlSVbNohhmg+yAy5pKjUjzCKW2BMvztKE=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jhillyerd/enmime/v2 v2.2.0 h1:Pe35MB96eZK5Q0XjlvPftOgWypQpd1gcbfJKAt7rsB8=
 github.com/jhillyerd/enmime/v2 v2.2.0/go.mod h1:SOBXlCemjhiV2DvHhAKnJiWrtJGS/Ffuw4Iy7NjBTaI=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -453,8 +508,8 @@ github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHP
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
-github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.17 h1:78v8ZlW0bP43XfmAfPsdXcoNCelfMHsDmd/pkENfrjQ=
+github.com/mattn/go-runewidth v0.0.17/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
@@ -463,8 +518,8 @@ github.com/meilisearch/meilisearch-go v0.34.0 h1:P+Ohdx4/PCxXaoI5wNi0LMwPkuiNrF/
 github.com/meilisearch/meilisearch-go v0.34.0/go.mod h1:cUVJZ2zMqTvvwIMEEAdsWH+zrHsrLpAw6gm8Lt1MXK0=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=
 github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
-github.com/mholt/archives v0.1.4 h1:sU+/lLNgafUontWFv3AVwO8VUWye3rrtN6hgC2dU11c=
-github.com/mholt/archives v0.1.4/go.mod h1:I2ia+SQTtQHej9w1GZM/mz7qfdgQv+BHr3hEKqDcGuk=
+github.com/mholt/archives v0.1.5 h1:Fh2hl1j7VEhc6DZs2DLMgiBNChUux154a1G+2esNvzQ=
+github.com/mholt/archives v0.1.5/go.mod h1:3TPMmBLPsgszL+1As5zECTuKwKvIfj6YcwWPpeTAXF4=
 github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=
 github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=
 github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY=
@@ -498,8 +553,8 @@ github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdh
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/niklasfasching/go-org v1.9.1 h1:/3s4uTPOF06pImGa2Yvlp24yKXZoTYM+nsIlMzfpg/0=
 github.com/niklasfasching/go-org v1.9.1/go.mod h1:ZAGFFkWvUQcpazmi/8nHqwvARpr1xpb+Es67oUGX/48=
-github.com/nwaples/rardecode/v2 v2.1.1 h1:OJaYalXdliBUXPmC8CZGQ7oZDxzX1/5mQmgn0/GASew=
-github.com/nwaples/rardecode/v2 v2.1.1/go.mod h1:7uz379lSxPe6j9nvzxUZ+n7mnJNgjsRNb6IbvGVHRmw=
+github.com/nwaples/rardecode/v2 v2.2.0 h1:4ufPGHiNe1rYJxYfehALLjup4Ls3ck42CWwjKiOqu0A=
+github.com/nwaples/rardecode/v2 v2.2.0/go.mod h1:7uz379lSxPe6j9nvzxUZ+n7mnJNgjsRNb6IbvGVHRmw=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
@@ -553,8 +608,8 @@ github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhi
 github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
-github.com/rhysd/actionlint v1.7.7 h1:0KgkoNTrYY7vmOCs9BW2AHxLvvpoY9nEUzgBHiPUr0k=
-github.com/rhysd/actionlint v1.7.7/go.mod h1:AE6I6vJEkNaIfWqC2GNE5spIJNhxf8NCtLEKU4NnUXg=
+github.com/rhysd/actionlint v1.7.8 h1:3d+N9ourgAxVYG4z2IFxFIk/YiT6V+VnKASfXGwT60E=
+github.com/rhysd/actionlint v1.7.8/go.mod h1:3kiS6egcbXG+vQsJIhFxTz+UKaF1JprsE0SKrpCZKvU=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -580,8 +635,8 @@ github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnB
 github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
 github.com/sorairolake/lzip-go v0.3.8 h1:j5Q2313INdTA80ureWYRhX+1K78mUXfMoPZCw/ivWik=
 github.com/sorairolake/lzip-go v0.3.8/go.mod h1:JcBqGMV0frlxwrsE9sMWXDjqn3EeVf0/54YPsw66qkU=
-github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
-github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
+github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
+github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf h1:pvbZ0lM0XWPBqUKqFU8cmavspvIl9nulOYwdy6IFRRo=
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -632,8 +687,8 @@ github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI=
 github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE=
 github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
 github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
-gitlab.com/gitlab-org/api/client-go v0.130.1 h1:1xF5C5Zq3sFeNg3PzS2z63oqrxifne3n/OnbI7nptRc=
-gitlab.com/gitlab-org/api/client-go v0.130.1/go.mod h1:ZhSxLAWadqP6J9lMh40IAZOlOxBLPRh7yFOXR/bMJWM=
+gitlab.com/gitlab-org/api/client-go v0.143.2 h1:tfmUW8u+G/DGKOB/FDR0c06f0RVUAEe0ym8WpLoiHXI=
+gitlab.com/gitlab-org/api/client-go v0.143.2/go.mod h1:gJn5yLx9vYGXr73Yv0ueHWCVl+fL8iUOgJFxC7qV+iM=
 go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
 go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -655,6 +710,8 @@ go.uber.org/zap/exp v0.3.0 h1:6JYzdifzYkGmTdRR59oYH+Ng7k49H9qVpWwNSsGJj3U=
 go.uber.org/zap/exp v0.3.0/go.mod h1:5I384qq7XGxYyByIhHm6jg5CHkGY0nsTfbDLgDDlgJQ=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+go.yaml.in/yaml/v4 v4.0.0-rc.2 h1:/FrI8D64VSr4HtGIlUtlFMGsm7H7pWTbj6vOLVZcA6s=
+go.yaml.in/yaml/v4 v4.0.0-rc.2/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0=
 go4.org v0.0.0-20230225012048-214862532bf5 h1:nifaUDeh+rPaBCMPMQHZmvJf+QdpLFnuQPwx+LxVmtc=
 go4.org v0.0.0-20230225012048-214862532bf5/go.mod h1:F57wTi5Lrj6WLyswp5EYV1ncrEbFGHD4hhz6S1ZYeaU=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -669,8 +726,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
-golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
+golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -683,8 +740,8 @@ golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/y
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.31.0 h1:mLChjE2MV6g1S7oqbXC0/UcKijjm5fnJLUYKIYrLESA=
-golang.org/x/image v0.31.0/go.mod h1:R9ec5Lcp96v9FTF+ajwaH3uGxPH4fKfHHAVbUILxghA=
+golang.org/x/image v0.32.0 h1:6lZQWq75h7L5IWNk0r+SCpUJ6tUVd3v4ZHnbRKLkUDQ=
+golang.org/x/image v0.32.0/go.mod h1:/R37rrQmKXtO6tYXAjtDLwQgFLHmhW+V6ayXlxzP2Pc=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -706,8 +763,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
-golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
+golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
+golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -722,11 +779,16 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200320220750-118fecf932d8/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
@@ -734,15 +796,15 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
-golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
+golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
-golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
+golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -780,12 +842,15 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -793,8 +858,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -804,8 +869,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
-golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
+golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q=
+golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -819,8 +884,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
+golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
@@ -854,8 +919,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
-golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
+golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
+golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -899,8 +964,8 @@ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQ
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
-google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -921,8 +986,10 @@ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRN
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -933,14 +1000,14 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-modernc.org/libc v1.66.3 h1:cfCbjTUcdsKyyZZfEUKfoHcP3S0Wkvz3jgSzByEWVCQ=
-modernc.org/libc v1.66.3/go.mod h1:XD9zO8kt59cANKvHPXpx7yS2ELPheAey0vjIuZOhOU8=
+modernc.org/libc v1.66.10 h1:yZkb3YeLx4oynyR+iUsXsybsX4Ubx7MQlSYEw4yj59A=
+modernc.org/libc v1.66.10/go.mod h1:8vGSEwvoUoltr4dlywvHqjtAqHBaw0j1jI7iFBTAr2I=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
 modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
-modernc.org/sqlite v1.39.0 h1:6bwu9Ooim0yVYA7IZn9demiQk/Ejp0BtTjBWFLymSeY=
-modernc.org/sqlite v1.39.0/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E=
+modernc.org/sqlite v1.39.1 h1:H+/wGFzuSCIEVCvXYVHX5RQglwhMOvtHSv+VtidL2r4=
+modernc.org/sqlite v1.39.1/go.mod h1:9fjQZ0mB1LLP0GYrp39oOJXx/I2sxEnZtzCmEQIKvGE=
 mvdan.cc/xurls/v2 v2.5.0 h1:lyBNOm8Wo71UknhUs4QTFUNNMyxy2JEIaKKo0RWOh+8=
 mvdan.cc/xurls/v2 v2.5.0/go.mod h1:yQgaGQ1rFtJUzkmKiHYSSfuQxqfYmd//X6PxvholpeE=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/models/actions/run.go b/models/actions/run.go
index b5f79a0cb3..2d83806b98 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -25,11 +25,23 @@ import (
 	"xorm.io/builder"
 )
 
+type ConcurrencyMode int
+
+const (
+	// Don't enforce concurrency control.  Note that you won't find `UnlimitedConcurrency` implemented directly in the
+	// code; setting it on an `ActionRun` prevents the other limiting behaviors.
+	UnlimitedConcurrency ConcurrencyMode = iota
+	// Queue behind other jobs with the same concurrency group
+	QueueBehind
+	// Cancel other jobs with the same concurrency group
+	CancelInProgress
+)
+
 // ActionRun represents a run of a workflow file
 type ActionRun struct {
 	ID                int64
 	Title             string
-	RepoID            int64                  `xorm:"index unique(repo_index)"`
+	RepoID            int64                  `xorm:"index unique(repo_index) index(concurrency)"`
 	Repo              *repo_model.Repository `xorm:"-"`
 	OwnerID           int64                  `xorm:"index"`
 	WorkflowID        string                 `xorm:"index"`                    // the name of workflow file
@@ -56,6 +68,11 @@ type ActionRun struct {
 	Created          timeutil.TimeStamp `xorm:"created"`
 	Updated          timeutil.TimeStamp `xorm:"updated"`
 	NotifyEmail      bool
+
+	ConcurrencyGroup string `xorm:"'concurrency_group' index(concurrency)"`
+	ConcurrencyType  ConcurrencyMode
+
+	PreExecutionError string `xorm:"LONGTEXT"` // used to report errors that blocked execution of a workflow
 }
 
 func init() {
@@ -163,6 +180,24 @@ func (run *ActionRun) GetPullRequestEventPayload() (*api.PullRequestPayload, err
 	return nil, fmt.Errorf("event %s is not a pull request event", run.Event)
 }
 
+func (run *ActionRun) SetConcurrencyGroup(concurrencyGroup string) {
+	// Concurrency groups are case insensitive identifiers, implemented by collapsing case here.  Unfortunately the
+	// `ConcurrencyGroup` field can't be made a private field because xorm doesn't map those fields -- using
+	// `SetConcurrencyGroup` is required for consistency but not enforced at compile-time.
+	run.ConcurrencyGroup = strings.ToLower(concurrencyGroup)
+}
+
+func (run *ActionRun) SetDefaultConcurrencyGroup() {
+	// Before ConcurrencyGroups were supported, Forgejo would automatically cancel runs with matching git refs, workflow
+	// IDs, and trigger events.  For backwards compatibility we emulate that behavior:
+	run.SetConcurrencyGroup(fmt.Sprintf(
+		"%s_%s_%s__auto",
+		run.Ref,
+		run.WorkflowID,
+		run.TriggerEvent,
+	))
+}
+
 func updateRepoRunsNumbers(ctx context.Context, repo *repo_model.Repository) error {
 	_, err := db.GetEngine(ctx).ID(repo.ID).
 		SetExpr("num_action_runs",
@@ -183,6 +218,7 @@ func updateRepoRunsNumbers(ctx context.Context, repo *repo_model.Repository) err
 				),
 				),
 		).
+		Cols("num_action_runs", "num_closed_action_runs").
 		Update(repo)
 	return err
 }
diff --git a/models/actions/run_list.go b/models/actions/run_list.go
index 92be510569..174d2aa70c 100644
--- a/models/actions/run_list.go
+++ b/models/actions/run_list.go
@@ -5,6 +5,7 @@ package actions
 
 import (
 	"context"
+	"strings"
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
@@ -64,14 +65,15 @@ func (runs RunList) LoadRepos(ctx context.Context) error {
 
 type FindRunOptions struct {
 	db.ListOptions
-	RepoID        int64
-	OwnerID       int64
-	WorkflowID    string
-	Ref           string // the commit/tag/… that caused this workflow
-	TriggerUserID int64
-	TriggerEvent  webhook_module.HookEventType
-	Approved      bool // not util.OptionalBool, it works only when it's true
-	Status        []Status
+	RepoID           int64
+	OwnerID          int64
+	WorkflowID       string
+	Ref              string // the commit/tag/… that caused this workflow
+	TriggerUserID    int64
+	TriggerEvent     webhook_module.HookEventType
+	Approved         bool // not util.OptionalBool, it works only when it's true
+	Status           []Status
+	ConcurrencyGroup string
 }
 
 func (opts FindRunOptions) ToConds() builder.Cond {
@@ -100,6 +102,9 @@ func (opts FindRunOptions) ToConds() builder.Cond {
 	if opts.TriggerEvent != "" {
 		cond = cond.And(builder.Eq{"trigger_event": opts.TriggerEvent})
 	}
+	if opts.ConcurrencyGroup != "" {
+		cond = cond.And(builder.Eq{"concurrency_group": strings.ToLower(opts.ConcurrencyGroup)})
+	}
 	return cond
 }
 
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index c9a552a2b2..834d1595ae 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -5,7 +5,84 @@ package actions
 
 import (
 	"testing"
+
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestGetRunBefore(t *testing.T) {
 }
+
+func TestSetConcurrencyGroup(t *testing.T) {
+	run := ActionRun{}
+	run.SetConcurrencyGroup("abc123")
+	assert.Equal(t, "abc123", run.ConcurrencyGroup)
+	run.SetConcurrencyGroup("ABC123") // case should collapse in SetConcurrencyGroup
+	assert.Equal(t, "abc123", run.ConcurrencyGroup)
+}
+
+func TestSetDefaultConcurrencyGroup(t *testing.T) {
+	run := ActionRun{
+		Ref:          "refs/heads/main",
+		WorkflowID:   "testing",
+		TriggerEvent: "pull_request",
+	}
+	run.SetDefaultConcurrencyGroup()
+	assert.Equal(t, "refs/heads/main_testing_pull_request__auto", run.ConcurrencyGroup)
+	run = ActionRun{
+		Ref:          "refs/heads/main",
+		WorkflowID:   "TESTING", // case should collapse in SetDefaultConcurrencyGroup
+		TriggerEvent: "pull_request",
+	}
+	run.SetDefaultConcurrencyGroup()
+	assert.Equal(t, "refs/heads/main_testing_pull_request__auto", run.ConcurrencyGroup)
+}
+
+func TestUpdateRepoRunsNumbers(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("Normal", func(t *testing.T) {
+		t.Run("Repo 1", func(t *testing.T) {
+			repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+			require.NoError(t, updateRepoRunsNumbers(t.Context(), repo))
+
+			repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+			assert.Equal(t, 1, repo.NumActionRuns)
+			assert.Equal(t, 1, repo.NumClosedActionRuns)
+		})
+
+		t.Run("Repo 4", func(t *testing.T) {
+			repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+
+			require.NoError(t, updateRepoRunsNumbers(t.Context(), repo))
+
+			repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+			assert.Equal(t, 4, repo.NumActionRuns)
+			assert.Equal(t, 4, repo.NumClosedActionRuns)
+		})
+
+		t.Run("Repo 63", func(t *testing.T) {
+			repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 63})
+
+			require.NoError(t, updateRepoRunsNumbers(t.Context(), repo))
+
+			repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 63})
+			assert.Equal(t, 3, repo.NumActionRuns)
+			assert.Equal(t, 2, repo.NumClosedActionRuns)
+		})
+	})
+
+	t.Run("Columns specifc", func(t *testing.T) {
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		repo.Name = "ishouldnotbeupdated"
+
+		require.NoError(t, updateRepoRunsNumbers(t.Context(), repo))
+
+		repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		assert.Equal(t, "repo1", repo.Name)
+	})
+}
diff --git a/models/actions/task.go b/models/actions/task.go
index 6e77db1b18..569fc2bb33 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -239,6 +239,88 @@ func GetRunningTaskByToken(ctx context.Context, token string) (*ActionTask, erro
 	return nil, errNotExist
 }
 
+func getConcurrencyCondition() builder.Cond {
+	concurrencyCond := builder.NewCond()
+
+	// OK to pick if there's no concurrency_group on the run
+	concurrencyCond = concurrencyCond.Or(builder.Eq{"concurrency_group": ""})
+	concurrencyCond = concurrencyCond.Or(builder.IsNull{"concurrency_group"})
+
+	// OK to pick if it's not a "QueueBehind" concurrency type
+	concurrencyCond = concurrencyCond.Or(builder.Neq{"concurrency_type": QueueBehind})
+
+	// subQuery ends up representing all the runs that would block a run from executing:
+	subQuery := builder.Select("id").From("action_run", "inner_run").
+		// A run can't block itself, so exclude it from this search
+		Where(builder.Neq{"inner_run.id": builder.Expr("outer_run.id")}).
+		// Blocking runs must be from the same repo & concurrency group
+		And(builder.Eq{"inner_run.repo_id": builder.Expr("outer_run.repo_id")}).
+		And(builder.Eq{"inner_run.concurrency_group": builder.Expr("outer_run.concurrency_group")}).
+		And(
+			// Ideally the logic here would be that a blocking run is "not done", and "younger", which allows each run
+			// to be blocked on the previous runs in the concurrency group and therefore execute in order from oldest to
+			// newest.
+			//
+			// But it's possible for runs to be required to run out-of-order -- for example, if a younger run has
+			// already completed but then it is re-run.  If we only used "not done" and "younger" as logic, then the
+			// re-run would not be blocked, and therefore would violate the concurrency group's single-run goal.
+			//
+			// So we use two conditions to meet both needs:
+			//
+			// Blocking runs have a running status...
+			builder.Eq{"inner_run.status": StatusRunning}.Or(
+				// Blocking runs don't have a IsDone status & are younger than the outer_run
+				builder.NotIn("inner_run.status", []Status{StatusSuccess, StatusFailure, StatusCancelled, StatusSkipped}).
+					And(builder.Lt{"inner_run.`index`": builder.Expr("outer_run.`index`")})))
+
+	// OK to pick if there are no blocking runs
+	concurrencyCond = concurrencyCond.Or(builder.NotExists(subQuery))
+
+	return concurrencyCond
+}
+
+// Returns all the available jobs that could be executed on `runner`, before label filtering is applied.  Note that
+// only a single job can actually be run from this result for any given invocation, as multiple runs (in order) from any
+// single concurrency group could be returned.
+func GetAvailableJobsForRunner(e db.Engine, runner *ActionRunner) ([]*ActionRunJob, error) {
+	jobCond := builder.NewCond()
+	if runner.RepoID != 0 {
+		jobCond = builder.Eq{"repo_id": runner.RepoID}
+	} else if runner.OwnerID != 0 {
+		jobCond = builder.In("repo_id", builder.Select("`repository`.id").From("repository").
+			Join("INNER", "repo_unit", "`repository`.id = `repo_unit`.repo_id").
+			Where(builder.Eq{"`repository`.owner_id": runner.OwnerID, "`repo_unit`.type": unit.TypeActions}))
+	}
+	// Concurrency group checks for queuing one run behind the last run in the concurrency group are more
+	// computationally expensive on the database. To manage the risk that this might have on large-scale deployments
+	// When this feature is initially released, it can be disabled in the ini file by setting
+	// `CONCURRENCY_GROUP_QUEUE_ENABLED = false` in the `[actions]` section.  If disabled, then actions with a
+	// concurrency group and `cancel-in-progress: false` will run simultaneously rather than being queued.
+	if setting.Actions.ConcurrencyGroupQueueEnabled {
+		jobCond = jobCond.And(getConcurrencyCondition())
+	}
+	if jobCond.IsValid() {
+		// It is *likely* more efficient to use an EXISTS query here rather than an IN clause, as that allows the
+		// database's query optimizer to perform partial computation of the subquery rather than complete computation.
+		// However, database engines can be fickle and difficult to predict. We'll retain the original IN clause
+		// implementation when ConcurrencyGroupQueueEnabled is disabled, which should maintain the same performance
+		// characteristics. When ConcurrencyGroupQueueEnabled is enabled, it will switch to the EXISTS clause.
+		if setting.Actions.ConcurrencyGroupQueueEnabled {
+			jobCond = builder.Exists(builder.Select("id").From("action_run", "outer_run").
+				Where(builder.Eq{"outer_run.id": builder.Expr("action_run_job.run_id")}).
+				And(jobCond))
+		} else {
+			jobCond = builder.In("run_id", builder.Select("id").From("action_run", "outer_run").Where(jobCond))
+		}
+	}
+
+	var jobs []*ActionRunJob
+	if err := e.Where("task_id=? AND status=?", 0, StatusWaiting).And(jobCond).Asc("updated", "id").Find(&jobs); err != nil {
+		return nil, err
+	}
+	return jobs, nil
+}
+
 func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask, bool, error) {
 	ctx, commiter, err := db.TxContext(ctx)
 	if err != nil {
@@ -248,20 +330,8 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
 
 	e := db.GetEngine(ctx)
 
-	jobCond := builder.NewCond()
-	if runner.RepoID != 0 {
-		jobCond = builder.Eq{"repo_id": runner.RepoID}
-	} else if runner.OwnerID != 0 {
-		jobCond = builder.In("repo_id", builder.Select("`repository`.id").From("repository").
-			Join("INNER", "repo_unit", "`repository`.id = `repo_unit`.repo_id").
-			Where(builder.Eq{"`repository`.owner_id": runner.OwnerID, "`repo_unit`.type": unit.TypeActions}))
-	}
-	if jobCond.IsValid() {
-		jobCond = builder.In("run_id", builder.Select("id").From("action_run").Where(jobCond))
-	}
-
-	var jobs []*ActionRunJob
-	if err := e.Where("task_id=? AND status=?", 0, StatusWaiting).And(jobCond).Asc("updated", "id").Find(&jobs); err != nil {
+	jobs, err := GetAvailableJobsForRunner(e, runner)
+	if err != nil {
 		return nil, false, err
 	}
 
diff --git a/models/auth/access_token.go b/models/auth/access_token.go
index 695702b7a0..2bdb5357c5 100644
--- a/models/auth/access_token.go
+++ b/models/auth/access_token.go
@@ -127,6 +127,13 @@ func (t *AccessToken) DisplayPublicOnly() bool {
 	return publicOnly
 }
 
+// UpdateLastUsed updates the time this token was last used to now.
+func (t *AccessToken) UpdateLastUsed(ctx context.Context) error {
+	t.UpdatedUnix = timeutil.TimeStampNow()
+	_, err := db.GetEngine(ctx).ID(t.ID).Cols("updated_unix").NoAutoTime().Update(t)
+	return err
+}
+
 func getAccessTokenIDFromCache(token string) int64 {
 	if successfulAccessTokenCache == nil {
 		return 0
@@ -220,12 +227,6 @@ func (opts ListAccessTokensOptions) ToOrders() string {
 	return "created_unix DESC"
 }
 
-// UpdateAccessToken updates information of access token.
-func UpdateAccessToken(ctx context.Context, t *AccessToken) error {
-	_, err := db.GetEngine(ctx).ID(t.ID).AllCols().Update(t)
-	return err
-}
-
 // DeleteAccessTokenByID deletes access token by given ID.
 func DeleteAccessTokenByID(ctx context.Context, id, userID int64) error {
 	cnt, err := db.GetEngine(ctx).ID(id).Delete(&AccessToken{
@@ -258,5 +259,6 @@ func RegenerateAccessTokenByID(ctx context.Context, id, userID int64) (*AccessTo
 	// Reset the creation time, token is unused
 	t.UpdatedUnix = timeutil.TimeStampNow()
 
-	return t, UpdateAccessToken(ctx, t)
+	_, err = db.GetEngine(ctx).ID(t.ID).Cols("token_salt", "token", "token_hash", "token_last_eight", "updated_unix").NoAutoTime().Update(t)
+	return t, err
 }
diff --git a/models/auth/access_token_test.go b/models/auth/access_token_test.go
index 913118433c..18e0fd3342 100644
--- a/models/auth/access_token_test.go
+++ b/models/auth/access_token_test.go
@@ -5,10 +5,12 @@ package auth_test
 
 import (
 	"testing"
+	"time"
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/timeutil"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -107,14 +109,17 @@ func TestListAccessTokens(t *testing.T) {
 	assert.Empty(t, tokens)
 }
 
-func TestUpdateAccessToken(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-	token, err := auth_model.GetAccessTokenBySHA(db.DefaultContext, "4c6f36e6cf498e2a448662f915d932c09c5a146c")
-	require.NoError(t, err)
-	token.Name = "Token Z"
+func TestUpdateLastUsed(t *testing.T) {
+	timeutil.MockSet(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
+	defer timeutil.MockUnset()
 
-	require.NoError(t, auth_model.UpdateAccessToken(db.DefaultContext, token))
-	unittest.AssertExistsAndLoadBean(t, token)
+	require.NoError(t, unittest.PrepareTestDatabase())
+	token := unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: 2})
+
+	require.NoError(t, token.UpdateLastUsed(t.Context()))
+
+	token = unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: 2})
+	assert.Equal(t, timeutil.TimeStampNow(), token.UpdatedUnix)
 }
 
 func TestDeleteAccessTokenByID(t *testing.T) {
diff --git a/models/db/context.go b/models/db/context.go
index 3e035cd733..34736ddbef 100644
--- a/models/db/context.go
+++ b/models/db/context.go
@@ -298,6 +298,31 @@ func TruncateBeans(ctx context.Context, beans ...any) (err error) {
 	return nil
 }
 
+// TruncateBeansCascade deletes all given beans. Beans MUST NOT contain delete conditions, as tables related by foreign
+// keys will also be truncated.
+func TruncateBeansCascade(ctx context.Context, beans ...any) (err error) {
+	// Expand the list of beans to any other table with a foreign key reference to the beans
+	cascadeTables, err := extendBeansForCascade(beans)
+	if err != nil {
+		return err
+	}
+
+	// Sort the beans in inverse foreign key delete order
+	cascadeSorted, err := sortBeans(cascadeTables, foreignKeySortDelete)
+	if err != nil {
+		return err
+	}
+
+	// Execute the truncate
+	e := GetEngine(ctx)
+	for i := range cascadeSorted {
+		if _, err = e.Truncate(cascadeSorted[i]); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // CountByBean counts the number of database records according non-empty fields of the bean as conditions.
 func CountByBean(ctx context.Context, bean any) (int64, error) {
 	return GetEngine(ctx).Count(bean)
diff --git a/models/db/engine.go b/models/db/engine.go
index 42b9150696..71197153e5 100755
--- a/models/db/engine.go
+++ b/models/db/engine.go
@@ -161,9 +161,13 @@ func (w engineGroupWrapper) AddHook(hook contexts.Hook) bool {
 
 // SyncAllTables sync the schemas of all tables
 func SyncAllTables() error {
-	_, err := x.StoreEngine("InnoDB").SyncWithOptions(xorm.SyncOptions{
+	sortedTables, err := sortBeans(tables, foreignKeySortInsert)
+	if err != nil {
+		return err
+	}
+	_, err = x.StoreEngine("InnoDB").SyncWithOptions(xorm.SyncOptions{
 		WarnIfDatabaseColumnMissed: true,
-	}, tables...)
+	}, sortedTables...)
 	return err
 }
 
diff --git a/models/db/foreign_keys.go b/models/db/foreign_keys.go
new file mode 100644
index 0000000000..7af0b92f73
--- /dev/null
+++ b/models/db/foreign_keys.go
@@ -0,0 +1,275 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package db
+
+import (
+	"cmp"
+	"fmt"
+	"slices"
+	"sync"
+
+	"forgejo.org/modules/container"
+
+	"xorm.io/xorm/schemas"
+)
+
+type schemaWithDefaultBean struct {
+	schema *schemas.Table
+	bean   any
+}
+
+var (
+	cachedForeignKeyOrderedTables = sync.OnceValues(foreignKeyOrderedTables)
+	cachedTableNameLookupOrder    = sync.OnceValues(tableNameLookupOrder)
+	// Slice of all registered tables, including their bean from `RegisterModel()` and their schemas.Table reference.
+	cachedSchemaTables = sync.OnceValues(func() ([]schemaWithDefaultBean, error) {
+		schemaTables := make([]schemaWithDefaultBean, 0, len(tables))
+		for _, bean := range tables {
+			table, err := TableInfo(bean)
+			if err != nil {
+				return nil, fmt.Errorf("cachedSchemaTables: failure to fetch schema table for bean %#v: %w", bean, err)
+			}
+			schemaTables = append(schemaTables, schemaWithDefaultBean{
+				schema: table,
+				bean:   bean,
+			})
+		}
+		return schemaTables, nil
+	})
+	// Lookup map from table name -> {schemas.Table, bean}. The bean is the empty bean from `RegisterModel()`.
+	cachedTableMap = sync.OnceValues(func() (map[string]schemaWithDefaultBean, error) {
+		schemaTables, err := cachedSchemaTables()
+		if err != nil {
+			return nil, err
+		}
+		retval := make(map[string]schemaWithDefaultBean, len(schemaTables))
+		for _, table := range schemaTables {
+			retval[table.schema.Name] = table
+		}
+		return retval, nil
+	})
+	// Table A has foreign keys to [B, C], this is a map of A -> {B, C}.
+	cachedReferencingTables = sync.OnceValues(func() (map[string][]string, error) {
+		schemaTables, err := cachedSchemaTables()
+		if err != nil {
+			return nil, err
+		}
+		return calculateReferencingTables(schemaTables), nil
+	})
+	// Table A has foreign keys to [B, C], this is a map of B -> {A}, C -> {A}.
+	cachedReferencedTables = sync.OnceValues(func() (map[string][]string, error) {
+		referencingTables, err := cachedReferencingTables()
+		if err != nil {
+			return nil, err
+		}
+		referencedTables := make(map[string][]string)
+		for referencingTable, targetTables := range referencingTables {
+			for _, targetTable := range targetTables {
+				referencedTables[targetTable] = append(referencedTables[targetTable], referencingTable)
+			}
+		}
+		return referencedTables, nil
+	})
+)
+
+// Create a map for each schema table which contains a slice of all the tables that reference it (with a foreign key).
+func calculateReferencingTables(tables []schemaWithDefaultBean) map[string][]string {
+	referencingTables := make(map[string][]string, len(tables))
+	for _, table := range tables {
+		tableName := table.schema.Name
+		for _, fk := range table.schema.ForeignKeys {
+			referencingTables[tableName] = append(referencingTables[tableName], fk.TargetTableName)
+		}
+	}
+	return referencingTables
+}
+
+// Create a list of database tables in their "foreign key order".  This order specifies the safe insertion order for
+// records into tables, where earlier tables in the list are referenced by foreign keys that exist in tables later in
+// the list.  This order can be used in reverse as a safe deletion order as well.
+//
+// An ordered list of tables is incompatible with tables that have self-referencing foreign keys and circular referenced
+// foreign keys; however neither of those cases are in-use in Forgejo.
+func calculateTableForeignKeyOrder(tables []schemaWithDefaultBean) ([]schemaWithDefaultBean, error) {
+	remainingTables := slices.Clone(tables)
+
+	referencingTables := calculateReferencingTables(remainingTables)
+	orderedTables := make([]schemaWithDefaultBean, 0, len(remainingTables))
+
+	for len(remainingTables) > 0 {
+		nextGroup := make([]schemaWithDefaultBean, 0, len(remainingTables))
+
+		for _, targetTable := range remainingTables {
+			// Skip if this targetTable has foreign keys and the target table hasn't been created.
+			slice, ok := referencingTables[targetTable.schema.Name]
+			if ok && len(slice) > 0 { // This table is still referencing an uncreated table
+				continue
+			}
+			// This table's references are satisfied or it had none
+			nextGroup = append(nextGroup, targetTable)
+		}
+
+		if len(nextGroup) == 0 {
+			return nil, fmt.Errorf("calculateTableForeignKeyOrder: unable to figure out next table from remainingTables = %#v", remainingTables)
+		}
+
+		orderedTables = append(orderedTables, nextGroup...)
+
+		// Cleanup between loops: remove each table in nextGroup from remainingTables, and remove their table names from
+		// referencingTables as well.
+		for _, doneTable := range nextGroup {
+			remainingTables = slices.DeleteFunc(remainingTables, func(remainingTable schemaWithDefaultBean) bool {
+				return remainingTable.schema.Name == doneTable.schema.Name
+			})
+			for referencingTable, referencedTables := range referencingTables {
+				referencingTables[referencingTable] = slices.DeleteFunc(referencedTables, func(tableName string) bool {
+					return tableName == doneTable.schema.Name
+				})
+			}
+		}
+	}
+
+	return orderedTables, nil
+}
+
+// Create a list of registered database tables in their "foreign key order", per calculateTableForeignKeyOrder.
+func foreignKeyOrderedTables() ([]schemaWithDefaultBean, error) {
+	schemaTables, err := cachedSchemaTables()
+	if err != nil {
+		return nil, err
+	}
+
+	orderedTables, err := calculateTableForeignKeyOrder(schemaTables)
+	if err != nil {
+		return nil, err
+	}
+
+	return orderedTables, nil
+}
+
+// Create a map from each registered database table's name to its order in "foreign key order", per
+// calculateTableForeignKeyOrder.
+func tableNameLookupOrder() (map[string]int, error) {
+	tables, err := cachedForeignKeyOrderedTables()
+	if err != nil {
+		return nil, err
+	}
+
+	lookupMap := make(map[string]int, len(tables))
+	for i, table := range tables {
+		lookupMap[table.schema.Name] = i
+	}
+
+	return lookupMap, nil
+}
+
+// When used as a comparator function in `slices.SortFunc`, can sort a slice into the safe insertion order for records
+// in tables, where earlier tables in the list are referenced by foreign keys that exist in tables later in the list.
+func TableNameInsertionOrderSortFunc(table1, table2 string) int {
+	lookupMap, err := cachedTableNameLookupOrder()
+	if err != nil {
+		panic(fmt.Sprintf("cachedTableNameLookupOrder failed: %#v", err))
+	}
+
+	// Since this is typically used by `slices.SortFunc` it can't return an error.  If a table is referenced that isn't
+	// a registered model then it will be sorted at the beginning -- this case is used in models/gitea_migrations/test.
+	val1, ok := lookupMap[table1]
+	if !ok {
+		val1 = -1
+	}
+	val2, ok := lookupMap[table2]
+	if !ok {
+		val2 = -1
+	}
+
+	return cmp.Compare(val1, val2)
+}
+
+// In "Insert" order, tables that have a foreign key will be sorted after the tables that the foreign key points to, so
+// that records can be safely inserted in this order.  "Delete" order is the opposite, and allows records to be safely
+// deleted in this order.
+type foreignKeySortOrder int8
+
+const (
+	foreignKeySortInsert foreignKeySortOrder = iota
+	foreignKeySortDelete
+)
+
+// Sort the provided beans in the provided foreign-key sort order.
+func sortBeans(beans []any, sortOrder foreignKeySortOrder) ([]any, error) {
+	type beanWithTableName struct {
+		bean      any
+		tableName string
+	}
+
+	beansWithTableNames := make([]beanWithTableName, 0, len(beans))
+	for _, bean := range beans {
+		table, err := TableInfo(bean)
+		if err != nil {
+			return nil, fmt.Errorf("sortBeans: failure to fetch schema table for bean %#v: %w", bean, err)
+		}
+		beansWithTableNames = append(beansWithTableNames, beanWithTableName{bean: bean, tableName: table.Name})
+	}
+
+	slices.SortFunc(beansWithTableNames, func(a, b beanWithTableName) int {
+		if sortOrder == foreignKeySortInsert {
+			return TableNameInsertionOrderSortFunc(a.tableName, b.tableName)
+		}
+		return TableNameInsertionOrderSortFunc(b.tableName, a.tableName)
+	})
+
+	beanRetval := make([]any, len(beans))
+	for i, beanWithTableName := range beansWithTableNames {
+		beanRetval[i] = beanWithTableName.bean
+	}
+	return beanRetval, nil
+}
+
+// A database operation on `beans` may need to affect additional tables based upon foreign keys to those beans.
+// extendBeansForCascade returns a new list of beans which includes all the referencing tables that link to `beans`'
+// tables. For example, provided a `&User{}`, it will return `[&User{}, &Stopwatch{}, ...]` where `Stopwatch` is a table
+// that references `User`. The additional beans returned will be default structs that were provided to
+// `db.RegisterModel`.
+func extendBeansForCascade(beans []any) ([]any, error) {
+	referencedTables, err := cachedReferencedTables()
+	if err != nil {
+		return nil, err
+	}
+	tableMap, err := cachedTableMap()
+	if err != nil {
+		return nil, err
+	}
+
+	deduplicateTables := make(container.Set[string], len(beans))
+
+	finalBeans := slices.Clone(beans)
+	newBeans := beans
+	nextBeanSet := make([]any, 0)
+
+	for {
+		for _, bean := range newBeans {
+			schema, err := TableInfo(bean)
+			if err != nil {
+				return nil, fmt.Errorf("cascadeDeleteTables: failure to fetch schema table for bean %#v: %w", bean, err)
+			}
+			if deduplicateTables.Contains(schema.Name) {
+				continue
+			}
+			deduplicateTables.Add(schema.Name)
+			for _, referencingTable := range referencedTables[schema.Name] {
+				table := tableMap[referencingTable]
+				finalBeans = append(finalBeans, table.bean)
+				nextBeanSet = append(nextBeanSet, table.bean)
+			}
+		}
+
+		if len(nextBeanSet) == 0 {
+			break
+		}
+		newBeans = nextBeanSet
+		nextBeanSet = nextBeanSet[:0] // set len 0, keep allocation for reuse
+	}
+
+	return finalBeans, nil
+}
diff --git a/models/db/iterate.go b/models/db/iterate.go
index 450c7d3389..5e30b5e8bc 100644
--- a/models/db/iterate.go
+++ b/models/db/iterate.go
@@ -5,39 +5,82 @@ package db
 
 import (
 	"context"
+	"fmt"
+	"reflect"
 
 	"forgejo.org/modules/setting"
 
 	"xorm.io/builder"
 )
 
-// Iterate iterate all the Bean object
+// Iterate iterate all the Bean object. The table being iterated must have a single-column primary key.
 func Iterate[Bean any](ctx context.Context, cond builder.Cond, f func(ctx context.Context, bean *Bean) error) error {
-	var start int
+	var dummy Bean
 	batchSize := setting.Database.IterateBufferSize
-	sess := GetEngine(ctx)
+
+	table, err := TableInfo(&dummy)
+	if err != nil {
+		return fmt.Errorf("unable to fetch table info for bean %v: %w", dummy, err)
+	}
+	if len(table.PrimaryKeys) != 1 {
+		return fmt.Errorf("iterate only supported on a table with 1 primary key field, but table %s had %d", table.Name, len(table.PrimaryKeys))
+	}
+
+	pkDbName := table.PrimaryKeys[0]
+	var pkStructFieldName string
+
+	for _, c := range table.Columns() {
+		if c.Name == pkDbName {
+			pkStructFieldName = c.FieldName
+			break
+		}
+	}
+	if pkStructFieldName == "" {
+		return fmt.Errorf("iterate unable to identify struct field for primary key %s", pkDbName)
+	}
+
+	var lastPK any
+
 	for {
 		select {
 		case <-ctx.Done():
 			return ctx.Err()
 		default:
 			beans := make([]*Bean, 0, batchSize)
+
+			sess := GetEngine(ctx)
+			sess = sess.OrderBy(pkDbName)
 			if cond != nil {
 				sess = sess.Where(cond)
 			}
-			if err := sess.Limit(batchSize, start).Find(&beans); err != nil {
+			if lastPK != nil {
+				sess = sess.Where(builder.Gt{pkDbName: lastPK})
+			}
+
+			if err := sess.Limit(batchSize).Find(&beans); err != nil {
 				return err
 			}
 			if len(beans) == 0 {
 				return nil
 			}
-			start += len(beans)
 
 			for _, bean := range beans {
 				if err := f(ctx, bean); err != nil {
 					return err
 				}
 			}
+
+			lastBean := beans[len(beans)-1]
+			lastPK = extractFieldValue(lastBean, pkStructFieldName)
 		}
 	}
 }
+
+func extractFieldValue(bean any, fieldName string) any {
+	v := reflect.ValueOf(bean)
+	if v.Kind() == reflect.Ptr {
+		v = v.Elem()
+	}
+	field := v.FieldByName(fieldName)
+	return field.Interface()
+}
diff --git a/models/db/iterate_test.go b/models/db/iterate_test.go
index bdeaa876d5..405db84866 100644
--- a/models/db/iterate_test.go
+++ b/models/db/iterate_test.go
@@ -5,42 +5,113 @@ package db_test
 
 import (
 	"context"
+	"fmt"
+	"slices"
 	"testing"
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"xorm.io/builder"
 )
 
 func TestIterate(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-	xe, err := unittest.GetXORMEngine()
-	require.NoError(t, err)
-	require.NoError(t, xe.Sync(&repo_model.RepoUnit{}))
+	db.SetLogSQL(t.Context(), true)
+	defer test.MockVariableValue(&setting.Database.IterateBufferSize, 50)()
 
-	cnt, err := db.GetEngine(db.DefaultContext).Count(&repo_model.RepoUnit{})
-	require.NoError(t, err)
+	t.Run("No Modifications", func(t *testing.T) {
+		require.NoError(t, unittest.PrepareTestDatabase())
+		xe, err := unittest.GetXORMEngine()
+		require.NoError(t, err)
+		require.NoError(t, xe.Sync(&repo_model.RepoUnit{}))
 
-	var repoUnitCnt int
-	err = db.Iterate(db.DefaultContext, nil, func(ctx context.Context, repo *repo_model.RepoUnit) error {
-		repoUnitCnt++
-		return nil
+		// Fetch all the repo unit IDs...
+		var remainingRepoIDs []int64
+		db.GetEngine(t.Context()).Table(&repo_model.RepoUnit{}).Cols("id").Find(&remainingRepoIDs)
+
+		// Ensure that every repo unit ID is found when doing iterate:
+		err = db.Iterate(t.Context(), nil, func(ctx context.Context, repo *repo_model.RepoUnit) error {
+			remainingRepoIDs = slices.DeleteFunc(remainingRepoIDs, func(n int64) bool {
+				return repo.ID == n
+			})
+			return nil
+		})
+		require.NoError(t, err)
+		assert.Empty(t, remainingRepoIDs)
 	})
-	require.NoError(t, err)
-	assert.EqualValues(t, cnt, repoUnitCnt)
 
-	err = db.Iterate(db.DefaultContext, nil, func(ctx context.Context, repoUnit *repo_model.RepoUnit) error {
-		has, err := db.ExistByID[repo_model.RepoUnit](ctx, repoUnit.ID)
-		if err != nil {
-			return err
-		}
-		if !has {
-			return db.ErrNotExist{Resource: "repo_unit", ID: repoUnit.ID}
-		}
-		return nil
+	t.Run("Concurrent Delete", func(t *testing.T) {
+		require.NoError(t, unittest.PrepareTestDatabase())
+		xe, err := unittest.GetXORMEngine()
+		require.NoError(t, err)
+		require.NoError(t, xe.Sync(&repo_model.RepoUnit{}))
+
+		// Fetch all the repo unit IDs...
+		var remainingRepoIDs []int64
+		db.GetEngine(t.Context()).Table(&repo_model.RepoUnit{}).Cols("id").Find(&remainingRepoIDs)
+
+		// Ensure that every repo unit ID is found, even if someone else performs a DELETE on the table while we're
+		// iterating.  In real-world usage the deleted record may or may not be returned, but the important
+		// subject-under-test is that no *other* record is skipped.
+		didDelete := false
+		err = db.Iterate(t.Context(), nil, func(ctx context.Context, repo *repo_model.RepoUnit) error {
+			// While on page 2 (assuming ID ordering, 50 record buffer size)...
+			if repo.ID == 51 {
+				// Delete a record that would have been on page 1.
+				affected, err := db.GetEngine(t.Context()).ID(25).Delete(&repo_model.RepoUnit{})
+				if err != nil {
+					return err
+				} else if affected != 1 {
+					return fmt.Errorf("expected to delete 1 record, but affected %d records", affected)
+				}
+				didDelete = true
+			}
+			remainingRepoIDs = slices.DeleteFunc(remainingRepoIDs, func(n int64) bool {
+				return repo.ID == n
+			})
+			return nil
+		})
+		require.NoError(t, err)
+		assert.True(t, didDelete, "didDelete")
+		assert.Empty(t, remainingRepoIDs)
+	})
+
+	t.Run("Verify cond applied", func(t *testing.T) {
+		require.NoError(t, unittest.PrepareTestDatabase())
+		xe, err := unittest.GetXORMEngine()
+		require.NoError(t, err)
+		require.NoError(t, xe.Sync(&repo_model.RepoUnit{}))
+
+		// Fetch all the repo unit IDs...
+		var remainingRepoIDs []int64
+		db.GetEngine(t.Context()).Table(&repo_model.RepoUnit{}).Cols("id").Find(&remainingRepoIDs)
+
+		// Remove those that we're not expecting to find based upon `Iterate`'s condition.  We'll trim the front few
+		// records and last few records, which will confirm that cond is applied on all pages.
+		remainingRepoIDs = slices.DeleteFunc(remainingRepoIDs, func(n int64) bool {
+			return n <= 15 || n > 1000
+		})
+		err = db.Iterate(t.Context(), builder.Gt{"id": 15}.And(builder.Lt{"id": 1000}), func(ctx context.Context, repo *repo_model.RepoUnit) error {
+			removedRecord := false
+			// Remove the record from remainingRepoIDs, but track to make sure we did actually remove a record
+			remainingRepoIDs = slices.DeleteFunc(remainingRepoIDs, func(n int64) bool {
+				if repo.ID == n {
+					removedRecord = true
+					return true
+				}
+				return false
+			})
+			if !removedRecord {
+				return fmt.Errorf("unable to find record in remainingRepoIDs for repo %d, indicating a cond application failure", repo.ID)
+			}
+			return nil
+		})
+		require.NoError(t, err)
+		assert.Empty(t, remainingRepoIDs)
 	})
-	require.NoError(t, err)
 }
diff --git a/models/fixtures/action_run.yml b/models/fixtures/action_run.yml
index 5b6f89ae0e..4e5af28166 100644
--- a/models/fixtures/action_run.yml
+++ b/models/fixtures/action_run.yml
@@ -525,6 +525,7 @@
   ref: "refs/heads/main"
   commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
   event: "workflow_dispatch"
+  trigger_event: "workflow_dispatch"
   is_fork_pull_request: 0
   status: 6 # running
   started: 1683636528
diff --git a/models/fixtures/repository.yml b/models/fixtures/repository.yml
index 2f104eed65..f537ee02d5 100644
--- a/models/fixtures/repository.yml
+++ b/models/fixtures/repository.yml
@@ -349,7 +349,7 @@
   is_archived: false
   is_mirror: false
   status: 0
-  is_fork: false
+  is_fork: true
   fork_id: 10
   is_template: false
   template_id: 0
diff --git a/models/fixtures/tracked_time.yml b/models/fixtures/tracked_time.yml
index 768af38d9e..f006576c45 100644
--- a/models/fixtures/tracked_time.yml
+++ b/models/fixtures/tracked_time.yml
@@ -24,7 +24,6 @@
 
 -
   id: 4
-  user_id: -1
   issue_id: 4
   time: 1
   created_unix: 946684803
diff --git a/models/fixtures/user.yml b/models/fixtures/user.yml
index 00aa182540..9e9cb2c1a6 100644
--- a/models/fixtures/user.yml
+++ b/models/fixtures/user.yml
@@ -1562,3 +1562,41 @@
   theme: ""
   keep_activity_private: false
   created_unix: 1672578400
+
+-
+  id: 42
+  lower_name: federated-example.net
+  name: federated-example.net
+  full_name: federated
+  email: f73240e82-c061-41ef-b7d6-4376cb6f2e1c@example.com
+  keep_email_private: false
+  email_notifications_preference: enabled
+  passwd: ZogKvWdyEx:password
+  passwd_hash_algo: dummy
+  must_change_password: false
+  login_source: 0
+  login_name: federated-example.net
+  type: 5
+  salt: ZogKvWdyEx
+  max_repo_creation: -1
+  is_active: false
+  is_admin: false
+  is_restricted: false
+  allow_git_hook: false
+  allow_import_local: false
+  allow_create_organization: false
+  prohibit_login: false
+  avatar: ""
+  avatar_email: f73240e82-c061-41ef-b7d6-4376cb6f2e1c@example.com
+  use_custom_avatar: false
+  num_followers: 0
+  num_following: 0
+  num_stars: 0
+  num_repos: 0
+  num_teams: 0
+  num_members: 0
+  visibility: 0
+  repo_admin_change_team_access: false
+  theme: ""
+  keep_activity_private: false
+  created_unix: 1759086716
diff --git a/models/forgejo_migrations/README.md b/models/forgejo_migrations/README.md
new file mode 100644
index 0000000000..578b75c8a0
--- /dev/null
+++ b/models/forgejo_migrations/README.md
@@ -0,0 +1,105 @@
+# forgejo_migrations
+
+Forgejo has three database migration mechanisms:
+
+- `models/gitea_migrations`
+    - Original database schema migrations from Forgejo's legacy as a fork of Gitea.
+    - A linear set of migrations referenced in `models/gitea_migrations/migrations.go`, each represented by a number (eg. migration 304).
+    - The current version is recorded in the database in the table `version`.
+- `models/forgejo_migrations_legacy`
+    - The next 50-ish database schema migrations reflecting change in Forgejo's database structure between Forgejo v7.0 and v14.0
+    - A linear set of migrations referenced in `models/forgejo_migrations_legacy/migrate.go`, each represented by a number (eg. migration 43).
+    - The current version is recorded in the database in the table `forgejo_version`.
+- `models/forgejo_migrations`
+    - The most recent database schema migrations, reflecting change in the v14.0 release cycle and onwards into the future.
+    - Each migration is identified by the filename it is stored in.
+    - The applied migrations are recorded in the database in the table `forgejo_migration`.
+
+`forgejo_migrations` is designed to reduce code conflicts when multiple developers may be making schema migrations in close succession, which it does by avoiding having one code file with a long array of migrations.  Instead, each file in `models/forgejo_migrations` registers itself as a migration, and its filename indicates the order that migration will be applied.
+
+Files in `forgejo_migrations` must:
+- Define an `init` function which registers a function to be invoked for the migration.
+- Follow the naming convention:
+    - The letter `v`
+    - A number, representing the development cycle that the migration was created in
+    - A letter, indicating any required migration ordering
+    - The character `_` (underscore)
+    - A short descriptive identifier for the migration
+
+For example, valid migration file names would look like this:
+- `v14a_add-threaded-comments.go`
+- `v14a_add-federated-emojis.go`
+- `v14b_fix-threaded-comments-index.go`
+
+
+## Migration Ordering
+
+Forgejo executes registered migrations in `forgejo_migrations` in the `strings.Compare()` ordering of their filename.
+
+There are edge cases where migrations may not be executed in this exact order:
+- If a schema change is backported to an earlier Forgejo release.  For example, if a bugfix during the v15 development cycle was backported into a v14 patch release, then a migration labeled `v15a_fix-unusual-data-corruption.go` could be applied during a v14 software upgrade.  In the future when a v15 software release occurs, that migration will be identified as already applied and will be skipped.
+- If a developer working on Forgejo switches between different branches with different schema migrations.
+- If the contents of the `forgejo_migrations` database table are changed outside of Forgejo modifying it.
+
+
+## Creating a new Migration
+
+First, determine the filename for your migration.  In general, you create a new migration by starting a file with the same prefix as the most recent migration present.  If `v14a_add-forgejo-migrations-table.go` was the last file, most of the time you can create your migration with the same `v14a_...` prefix.
+
+There are two exceptions:
+- After the release branch is cut for a release, increment the version in the migration.  If v14 was cut, you would start `v15a_...` as the next migration.
+- If your migration requires that an earlier migration is complete first, you would increment the letter in the prefix.  If you were modifying the table created by `v14a_add-forgejo-migrations-table.go`, then you would name your migration `v14b_...`.
+
+Once you've determined the migration filename, then you can copy this template into the file:
+
+```go
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"forgejo.org/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "short sentence describing this migration",
+		Upgrade:     myMigrationFunction, // rename
+	})
+}
+
+func myMigrationFunction(x *xorm.Engine) error {
+    // add migration logic here
+    //
+    // to prevent `make watch` from recording this migration as done when it
+    // isn't authored yet, returh an error until the implementation is done
+    return errors.New("not implemented yet")
+}
+```
+
+And now it's up to you to write the contents of your migration function.
+
+
+## Development Notes
+
+Once migrations are executed, a record of their execution is stored in the database table `forgejo_migration`.
+
+```sql
+=> SELECT * FROM forgejo_migration;
+                id                 | created_unix
+-----------------------------------+--------------
+ v14a_add-forgejo-migrations-table |   1760402451
+ v14a_example-other-migration      |   1760402453
+ v14b_another-example              |   1760402455
+ v15a_add-something-cool           |   1760402456
+ v15a_another-example-again        |   1760402457
+```
+
+If your migration successfully executes once, it will be recorded in this table and it will never execute again, even if you change the migration code.  It is common during development to need to re-run a migration, in which case you can delete the record that you're working on developing.  The migration will be re-run as soon as the Forgejo server is restarted:
+
+```sql
+=> DELETE FROM forgejo_migration WHERE id = 'v15a_another-example-again';
+```
diff --git a/models/forgejo_migrations/foreign_key_utils.go b/models/forgejo_migrations/foreign_key_utils.go
new file mode 100644
index 0000000000..fc2680e43e
--- /dev/null
+++ b/models/forgejo_migrations/foreign_key_utils.go
@@ -0,0 +1,31 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"errors"
+
+	"forgejo.org/modules/log"
+
+	"xorm.io/xorm"
+)
+
+func syncDoctorForeignKey(x *xorm.Engine, beans []any) error {
+	for _, bean := range beans {
+		// Sync() drops indexes by default, which will cause unnecessary rebuilding of indexes when syncDoctorForeignKey
+		// is used with partial bean definitions; so we disable that option
+		_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, bean)
+		if err != nil {
+			if errors.Is(err, xorm.ErrForeignKeyViolation) {
+				tableName := x.TableName(bean)
+				log.Error(
+					"Foreign key creation on table %s failed. Run `forgejo doctor check --all` to identify the orphaned records preventing this foreign key from being created. Error was: %v",
+					tableName, err)
+				return err
+			}
+			return err
+		}
+	}
+	return nil
+}
diff --git a/models/forgejo_migrations/main_test.go b/models/forgejo_migrations/main_test.go
index 2246e327f0..a38afed10d 100644
--- a/models/forgejo_migrations/main_test.go
+++ b/models/forgejo_migrations/main_test.go
@@ -1,12 +1,12 @@
-// Copyright 2023 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
 
 package forgejo_migrations
 
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/forgejo_migrations/migrate.go b/models/forgejo_migrations/migrate.go
index 71fcf16e7a..53ab95d216 100644
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@@ -1,229 +1,222 @@
-// Copyright 2023 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
 
 package forgejo_migrations
 
 import (
-	"context"
-	"errors"
 	"fmt"
 	"os"
+	"regexp"
+	"runtime"
+	"slices"
+	"strings"
 
-	"forgejo.org/models/forgejo/semver"
-	forgejo_v1_20 "forgejo.org/models/forgejo_migrations/v1_20"
-	forgejo_v1_22 "forgejo.org/models/forgejo_migrations/v1_22"
-	"forgejo.org/modules/git"
+	"forgejo.org/modules/container"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/timeutil"
 
 	"xorm.io/xorm"
 	"xorm.io/xorm/names"
 )
 
-// ForgejoVersion describes the Forgejo version table. Should have only one row with id = 1.
-type ForgejoVersion struct {
-	ID      int64 `xorm:"pk autoincr"`
-	Version int64
+// ForgejoMigration table contains a record of migrations applied to the database.  (Note that there are older
+// migrations in the forgejo_version table from before this table was introduced, and the `version` table from Gitea
+// migrations). Each record in this table represents one successfully completed migration which was completed at the
+// `CreatedUnix` time.
+type ForgejoMigration struct {
+	ID          string             `xorm:"pk"`
+	CreatedUnix timeutil.TimeStamp `xorm:"created"`
 }
 
 type Migration struct {
-	description string
-	migrate     func(*xorm.Engine) error
+	Description string                   // short plaintext explanation of the migration
+	Upgrade     func(*xorm.Engine) error // perform the migration
+
+	id string // unique migration identifier
 }
 
-// NewMigration creates a new migration.
-func NewMigration(desc string, fn func(*xorm.Engine) error) *Migration {
-	return &Migration{desc, fn}
+var (
+	rawMigrations          []*Migration
+	migrationFilenameRegex = regexp.MustCompile(`/(?P<migration_group>v[0-9]+[a-z])_(?P<migration_id>[^/]+)\.go$`)
+)
+
+var getMigrationFilename = func() string {
+	_, migrationFilename, _, _ := runtime.Caller(2)
+	return migrationFilename
 }
 
-// This is a sequence of additional Forgejo migrations.
-// Add new migrations to the bottom of the list.
-var migrations = []*Migration{
-	// v0 -> v1
-	NewMigration("Create the `forgejo_blocked_user` table", forgejo_v1_20.AddForgejoBlockedUser),
-	// v1 -> v2
-	NewMigration("Create the `forgejo_sem_ver` table", forgejo_v1_20.CreateSemVerTable),
-	// v2 -> v3
-	NewMigration("Create the `forgejo_auth_token` table", forgejo_v1_20.CreateAuthorizationTokenTable),
-	// v3 -> v4
-	NewMigration("Add the `default_permissions` column to the `repo_unit` table", forgejo_v1_22.AddDefaultPermissionsToRepoUnit),
-	// v4 -> v5
-	NewMigration("Create the `forgejo_repo_flag` table", forgejo_v1_22.CreateRepoFlagTable),
-	// v5 -> v6
-	NewMigration("Add the `wiki_branch` column to the `repository` table", forgejo_v1_22.AddWikiBranchToRepository),
-	// v6 -> v7
-	NewMigration("Add the `enable_repo_unit_hints` column to the `user` table", forgejo_v1_22.AddUserRepoUnitHintsSetting),
-	// v7 -> v8
-	NewMigration("Modify the `release`.`note` content to remove SSH signatures", forgejo_v1_22.RemoveSSHSignaturesFromReleaseNotes),
-	// v8 -> v9
-	NewMigration("Add the `apply_to_admins` column to the `protected_branch` table", forgejo_v1_22.AddApplyToAdminsSetting),
-	// v9 -> v10
-	NewMigration("Add pronouns to user", forgejo_v1_22.AddPronounsToUser),
-	// v10 -> v11
-	NewMigration("Add the `created` column to the `issue` table", forgejo_v1_22.AddCreatedToIssue),
-	// v11 -> v12
-	NewMigration("Add repo_archive_download_count table", forgejo_v1_22.AddRepoArchiveDownloadCount),
-	// v12 -> v13
-	NewMigration("Add `hide_archive_links` column to `release` table", AddHideArchiveLinksToRelease),
-	// v13 -> v14
-	NewMigration("Remove Gitea-specific columns from the repository and badge tables", RemoveGiteaSpecificColumnsFromRepositoryAndBadge),
-	// v14 -> v15
-	NewMigration("Create the `federation_host` table", CreateFederationHostTable),
-	// v15 -> v16
-	NewMigration("Create the `federated_user` table", CreateFederatedUserTable),
-	// v16 -> v17
-	NewMigration("Add `normalized_federated_uri` column to `user` table", AddNormalizedFederatedURIToUser),
-	// v17 -> v18
-	NewMigration("Create the `following_repo` table", CreateFollowingRepoTable),
-	// v18 -> v19
-	NewMigration("Add external_url to attachment table", AddExternalURLColumnToAttachmentTable),
-	// v19 -> v20
-	NewMigration("Creating Quota-related tables", CreateQuotaTables),
-	// v20 -> v21
-	NewMigration("Add SSH keypair to `pull_mirror` table", AddSSHKeypairToPushMirror),
-	// v21 -> v22
-	NewMigration("Add `legacy` to `web_authn_credential` table", AddLegacyToWebAuthnCredential),
-	// v22 -> v23
-	NewMigration("Add `delete_branch_after_merge` to `auto_merge` table", AddDeleteBranchAfterMergeToAutoMerge),
-	// v23 -> v24
-	NewMigration("Add `purpose` column to `forgejo_auth_token` table", AddPurposeToForgejoAuthToken),
-	// v24 -> v25
-	NewMigration("Migrate `secret` column to store keying material", MigrateTwoFactorToKeying),
-	// v25 -> v26
-	NewMigration("Add `hash_blake2b` column to `package_blob` table", AddHashBlake2bToPackageBlob),
-	// v26 -> v27
-	NewMigration("Add `created_unix` column to `user_redirect` table", AddCreatedUnixToRedirect),
-	// v27 -> v28
-	NewMigration("Add pronoun privacy settings to user", AddHidePronounsOptionToUser),
-	// v28 -> v29
-	NewMigration("Add public key information to `FederatedUser` and `FederationHost`", AddPublicKeyInformationForFederation),
-	// v29 -> v30
-	NewMigration("Migrate `User.NormalizedFederatedURI` column to extract port & schema into FederatedHost", MigrateNormalizedFederatedURI),
-	// v30 -> v31
-	NewMigration("Normalize repository.topics to empty slice instead of null", SetTopicsAsEmptySlice),
-	// v31 -> v32
-	NewMigration("Migrate maven package name concatenation", ChangeMavenArtifactConcatenation),
-	// v32 -> v33
-	NewMigration("Add federated user activity tables, update the `federated_user` table & add indexes", FederatedUserActivityMigration),
-	// v33 -> v34
-	NewMigration("Add `notify-email` column to `action_run` table", AddNotifyEmailToActionRun),
-	// v34 -> v35
-	NewMigration("Noop because of https://codeberg.org/forgejo/forgejo/issues/8373", NoopAddIndexToActionRunStopped),
-	// v35 -> v36
-	NewMigration("Fix wiki unit default permission", FixWikiUnitDefaultPermission),
-	// v36 -> v37
-	NewMigration("Add `branch_filter` to `push_mirror` table", AddPushMirrorBranchFilter),
-	// v37 -> v38
-	NewMigration("Add `resolved_unix` column to `abuse_report` table", AddResolvedUnixToAbuseReport),
-	// v38 -> v39
-	NewMigration("Migrate `data` column of `secret` table to store keying material", MigrateActionSecretsToKeying),
-	// v39 -> v40
-	NewMigration("Add index for release sha1", AddIndexForReleaseSha1),
-}
+func registerMigration(migration *Migration) {
+	migrationFilename := getMigrationFilename()
 
-// GetCurrentDBVersion returns the current Forgejo database version.
-func GetCurrentDBVersion(x *xorm.Engine) (int64, error) {
-	if err := x.Sync(new(ForgejoVersion)); err != nil {
-		return -1, fmt.Errorf("sync: %w", err)
+	if migrationResolutionComplete {
+		panic(fmt.Sprintf("attempted to register migration from %s after migration resolution is already complete", migrationFilename))
 	}
 
-	currentVersion := &ForgejoVersion{ID: 1}
-	has, err := x.Get(currentVersion)
+	matches := migrationFilenameRegex.FindStringSubmatch(migrationFilename)
+	if len(matches) == 0 {
+		panic(fmt.Sprintf("registerMigration must be invoked from a file matching migrationFilenameRegex, but was invoked from %q", migrationFilename))
+	}
+	migration.id = fmt.Sprintf("%s_%s", matches[1], matches[2]) // this just rebuilds the filename, but guarantees that the regex applied for consistent naming
+
+	rawMigrations = append(rawMigrations, migration)
+}
+
+// For testing only
+func resetMigrations() {
+	rawMigrations = nil
+	orderedMigrations = nil
+	migrationResolutionComplete = false
+	inMemoryMigrationIDs = nil
+}
+
+var (
+	migrationResolutionComplete = false
+	inMemoryMigrationIDs        container.Set[string]
+	orderedMigrations           []*Migration
+)
+
+func resolveMigrations() {
+	if migrationResolutionComplete {
+		return
+	}
+
+	inMemoryMigrationIDs = make(container.Set[string])
+	for _, m := range rawMigrations {
+		if inMemoryMigrationIDs.Contains(m.id) {
+			// With the filename-based migration ID this shouldn't be possible, but a bit of a sanity check..
+			panic(fmt.Sprintf("migration id is duplicated: %q", m.id))
+		}
+		inMemoryMigrationIDs.Add(m.id)
+	}
+
+	orderedMigrations = slices.Clone(rawMigrations)
+	slices.SortFunc(orderedMigrations, func(m1, m2 *Migration) int {
+		return strings.Compare(m1.id, m2.id)
+	})
+
+	migrationResolutionComplete = true
+}
+
+func getInDBMigrationIDs(x *xorm.Engine) (container.Set[string], error) {
+	var inDBMigrations []ForgejoMigration
+	err := x.Find(&inDBMigrations)
 	if err != nil {
-		return -1, fmt.Errorf("get: %w", err)
+		return nil, err
 	}
-	if !has {
-		return -1, nil
-	}
-	return currentVersion.Version, nil
-}
 
-// ExpectedVersion returns the expected Forgejo database version.
-func ExpectedVersion() int64 {
-	return int64(len(migrations))
+	inDBMigrationIDs := make(container.Set[string], len(inDBMigrations))
+	for _, inDB := range inDBMigrations {
+		inDBMigrationIDs.Add(inDB.ID)
+	}
+
+	return inDBMigrationIDs, nil
 }
 
 // EnsureUpToDate will check if the Forgejo database is at the correct version.
 func EnsureUpToDate(x *xorm.Engine) error {
-	currentDB, err := GetCurrentDBVersion(x)
+	resolveMigrations()
+
+	inDBMigrationIDs, err := getInDBMigrationIDs(x)
 	if err != nil {
 		return err
 	}
 
-	if currentDB < 0 {
-		return errors.New("database has not been initialized")
+	// invalidMigrations are those that are in the database, but aren't registered.
+	invalidMigrations := inDBMigrationIDs.Difference(inMemoryMigrationIDs)
+	if len(invalidMigrations) > 0 {
+		return fmt.Errorf("current Forgejo database has migration(s) %s applied, which are not registered migrations", strings.Join(invalidMigrations.Slice(), ", "))
 	}
 
-	expected := ExpectedVersion()
-
-	if currentDB != expected {
-		return fmt.Errorf(`current Forgejo database version %d is not equal to the expected version %d. Please run "forgejo [--config /path/to/app.ini] migrate" to update the database version`, currentDB, expected)
+	// unappliedMigrations are those that haven't yet been applied, but seem valid
+	unappliedMigrations := inMemoryMigrationIDs.Difference(inDBMigrationIDs)
+	if len(unappliedMigrations) > 0 {
+		return fmt.Errorf(`current Forgejo database is missing migration(s) %s. Please run "forgejo [--config /path/to/app.ini] migrate" to update the database version`, strings.Join(unappliedMigrations.Slice(), ", "))
 	}
 
 	return nil
 }
 
+func recordMigrationComplete(x *xorm.Engine, migration *Migration) error {
+	affected, err := x.Insert(&ForgejoMigration{ID: migration.id})
+	if err != nil {
+		return err
+	} else if affected != 1 {
+		return fmt.Errorf("migration[%s]: failed to insert into DB, %d records affected", migration.id, affected)
+	}
+	return nil
+}
+
 // Migrate Forgejo database to current version.
-func Migrate(x *xorm.Engine) error {
+func Migrate(x *xorm.Engine, freshDB bool) error {
+	resolveMigrations()
+
 	// Set a new clean the default mapper to GonicMapper as that is the default for .
 	x.SetMapper(names.GonicMapper{})
-	if err := x.Sync(new(ForgejoVersion)); err != nil {
+	if err := x.Sync(new(ForgejoMigration)); err != nil {
 		return fmt.Errorf("sync: %w", err)
 	}
 
-	currentVersion := &ForgejoVersion{ID: 1}
-	has, err := x.Get(currentVersion)
+	inDBMigrationIDs, err := getInDBMigrationIDs(x)
 	if err != nil {
-		return fmt.Errorf("get: %w", err)
-	} else if !has {
-		// If the version record does not exist we think
-		// it is a fresh installation and we can skip all migrations.
-		currentVersion.ID = 0
-		currentVersion.Version = ExpectedVersion()
-
-		if _, err = x.InsertOne(currentVersion); err != nil {
-			return fmt.Errorf("insert: %w", err)
+		return err
+	} else if len(inDBMigrationIDs) == 0 && freshDB {
+		// During startup on a new, empty database, and during integration tests, we rely only on `SyncAllTables` to
+		// create the DB schema.  No migrations can be applied because `SyncAllTables` occurs later in the
+		// initialization cycle.  We mark all migrations as complete up to this point and only run future migrations.
+		for _, migration := range orderedMigrations {
+			err := recordMigrationComplete(x, migration)
+			if err != nil {
+				return err
+			}
 		}
+		inDBMigrationIDs, err = getInDBMigrationIDs(x)
+		if err != nil {
+			return err
+		}
+	} else if freshDB {
+		return fmt.Errorf("unexpected state: migrator called with freshDB=true, but existing migrations in DB %#v", inDBMigrationIDs)
 	}
 
-	v := currentVersion.Version
-
-	// Downgrading Forgejo's database version not supported
-	if v > ExpectedVersion() {
-		msg := fmt.Sprintf("Your Forgejo database (migration version: %d) is for a newer version of Forgejo, you cannot use the newer database for this old Forgejo release (%d).", v, ExpectedVersion())
+	// invalidMigrations are those that are in the database, but aren't registered.
+	invalidMigrations := inDBMigrationIDs.Difference(inMemoryMigrationIDs)
+	if len(invalidMigrations) > 0 {
+		// Downgrading Forgejo's database version not supported
+		msg := fmt.Sprintf("Your Forgejo database has %d migration(s) (%s) for a newer version of Forgejo, you cannot use the newer database for this old Forgejo release.", len(invalidMigrations), strings.Join(invalidMigrations.Slice(), ", "))
 		msg += "\nForgejo will exit to keep your database safe and unchanged. Please use the correct Forgejo release, do not change the migration version manually (incorrect manual operation may cause data loss)."
 		if !setting.IsProd {
-			msg += fmt.Sprintf("\nIf you are in development and really know what you're doing, you can force changing the migration version by executing: UPDATE forgejo_version SET version=%d WHERE id=1;", ExpectedVersion())
+			msg += "\nIf you are in development and know what you're doing, you can remove the migration records from the forgejo_migration table.  The affect of those migrations will still be present."
+			quoted := slices.Clone(invalidMigrations.Slice())
+			for i, s := range quoted {
+				quoted[i] = "'" + s + "'"
+			}
+			msg += fmt.Sprintf("\n  DELETE FROM forgejo_migration WHERE id IN (%s)", strings.Join(quoted, ", "))
 		}
 		_, _ = fmt.Fprintln(os.Stderr, msg)
 		log.Fatal(msg)
 		return nil
 	}
 
-	// Some migration tasks depend on the git command
-	if git.DefaultContext == nil {
-		if err = git.InitSimple(context.Background()); err != nil {
-			return err
+	// unappliedMigrations are those that are registered but haven't been applied.
+	unappliedMigrations := inMemoryMigrationIDs.Difference(inDBMigrationIDs)
+	for _, migration := range orderedMigrations {
+		if !unappliedMigrations.Contains(migration.id) {
+			continue
 		}
-	}
 
-	// Migrate
-	for i, m := range migrations[v:] {
-		log.Info("Migration[%d]: %s", v+int64(i), m.description)
+		log.Info("Migration[%s]: %s", migration.id, migration.Description)
+
 		// Reset the mapper between each migration - migrations are not supposed to depend on each other
 		x.SetMapper(names.GonicMapper{})
-		if err = m.migrate(x); err != nil {
-			return fmt.Errorf("migration[%d]: %s failed: %w", v+int64(i), m.description, err)
+		if err = migration.Upgrade(x); err != nil {
+			return fmt.Errorf("migration[%s]: %s failed: %w", migration.id, migration.Description, err)
 		}
-		currentVersion.Version = v + int64(i) + 1
-		if _, err = x.ID(1).Update(currentVersion); err != nil {
+
+		err := recordMigrationComplete(x, migration)
+		if err != nil {
 			return err
 		}
 	}
 
-	if err := x.Sync(new(semver.ForgejoSemVer)); err != nil {
-		return fmt.Errorf("sync: %w", err)
-	}
-
-	return semver.SetVersionStringWithEngine(x, setting.ForgejoVersion)
+	return nil
 }
diff --git a/models/forgejo_migrations/migrate_test.go b/models/forgejo_migrations/migrate_test.go
index 9d16c9fe1c..360f6a16d5 100644
--- a/models/forgejo_migrations/migrate_test.go
+++ b/models/forgejo_migrations/migrate_test.go
@@ -1,39 +1,314 @@
-// Copyright 2023 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
 
 package forgejo_migrations
 
 import (
+	"fmt"
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	"forgejo.org/modules/test"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"xorm.io/xorm"
 )
 
-// TestEnsureUpToDate tests the behavior of EnsureUpToDate.
-func TestEnsureUpToDate(t *testing.T) {
-	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(ForgejoVersion))
-	defer deferable()
-	if x == nil || t.Failed() {
-		return
+func noOpMigration(x *xorm.Engine) error {
+	return nil
+}
+
+func nilMigration() *Migration {
+	return &Migration{
+		Description: "nothing",
+		Upgrade:     noOpMigration,
+	}
+}
+
+func TestRegisterMigration(t *testing.T) {
+	resetMigrations()
+
+	defer test.MockVariableValue(&getMigrationFilename, func() string {
+		return "some-path/v99b_neat_migration.go"
+	})()
+
+	t.Run("migrationResolutionComplete", func(t *testing.T) {
+		defer test.MockVariableValue(&migrationResolutionComplete, true)()
+		assert.PanicsWithValue(t, "attempted to register migration from some-path/v99b_neat_migration.go after migration resolution is already complete", func() {
+			registerMigration(nilMigration())
+		})
+	})
+
+	for _, fn := range []string{
+		"v99b_neat_migration.go", // no leading path
+		"vb_neat_migration.go",   // no version number
+		"v12_neat_migration.go",  // no migration group letter
+		"v12a-neat-migration.go", // no undescore
+		"v12a.go",                // no descriptive identifier
+	} {
+		t.Run(fmt.Sprintf("bad name - %s", fn), func(t *testing.T) {
+			defer test.MockVariableValue(&getMigrationFilename, func() string {
+				return fn
+			})()
+			assert.PanicsWithValue(t, fmt.Sprintf("registerMigration must be invoked from a file matching migrationFilenameRegex, but was invoked from %q", fn), func() {
+				registerMigration(nilMigration())
+			})
+		})
 	}
 
-	// Ensure error if there's no row in Forgejo Version.
-	err := EnsureUpToDate(x)
-	require.Error(t, err)
-
-	// Insert 'good' Forgejo Version row.
-	_, err = x.InsertOne(&ForgejoVersion{ID: 1, Version: ExpectedVersion()})
-	require.NoError(t, err)
-
-	err = EnsureUpToDate(x)
-	require.NoError(t, err)
-
-	// Modify forgejo version to have a lower version.
-	_, err = x.Exec("UPDATE `forgejo_version` SET version = ? WHERE id = 1", ExpectedVersion()-1)
-	require.NoError(t, err)
-
-	err = EnsureUpToDate(x)
-	require.Error(t, err)
+	registerMigration(nilMigration())
+	found := false
+	for _, m := range rawMigrations {
+		if m.id == "v99b_neat_migration" {
+			found = true
+		}
+	}
+	require.True(t, found, "found registered migration")
+}
+
+func TestResolveMigrations(t *testing.T) {
+	t.Run("duplicate migration IDs", func(t *testing.T) {
+		resetMigrations()
+		defer test.MockVariableValue(&getMigrationFilename, func() string {
+			return "some-path/v99b_neat_migration.go"
+		})()
+		registerMigration(nilMigration())
+		registerMigration(nilMigration())
+
+		assert.PanicsWithValue(t, "migration id is duplicated: \"v99b_neat_migration\"", func() {
+			resolveMigrations()
+		})
+	})
+
+	t.Run("success", func(t *testing.T) {
+		resetMigrations()
+		defer test.MockVariableValue(&getMigrationFilename, func() string {
+			return "some-path/v99b_neat_migration.go"
+		})()
+		registerMigration(nilMigration())
+
+		defer test.MockVariableValue(&getMigrationFilename, func() string {
+			return "some-path/v77a_neat_migration.go"
+		})()
+		registerMigration(nilMigration())
+
+		resolveMigrations()
+
+		assert.True(t, migrationResolutionComplete, "migration resolution complete")
+		assert.Contains(t, inMemoryMigrationIDs, "v77a_neat_migration")
+		assert.Contains(t, inMemoryMigrationIDs, "v99b_neat_migration")
+		require.Len(t, orderedMigrations, 2)
+		assert.Equal(t, "v77a_neat_migration", orderedMigrations[0].id)
+		assert.Equal(t, "v99b_neat_migration", orderedMigrations[1].id)
+	})
+}
+
+func TestGetInDBMigrationIDs(t *testing.T) {
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(ForgejoMigration))
+	defer deferable()
+	require.NotNil(t, x)
+
+	migrationIDs, err := getInDBMigrationIDs(x)
+	require.NoError(t, err)
+	require.NotNil(t, migrationIDs)
+	assert.Empty(t, migrationIDs)
+
+	_, err = x.Insert(&ForgejoMigration{ID: "v77a_neat_migration"})
+	require.NoError(t, err)
+	_, err = x.Insert(&ForgejoMigration{ID: "v99b_neat_migration"})
+	require.NoError(t, err)
+
+	migrationIDs, err = getInDBMigrationIDs(x)
+	require.NoError(t, err)
+	require.NotNil(t, migrationIDs)
+	assert.Len(t, migrationIDs, 2)
+	assert.Contains(t, migrationIDs, "v77a_neat_migration")
+	assert.Contains(t, migrationIDs, "v99b_neat_migration")
+}
+
+func TestEnsureUpToDate(t *testing.T) {
+	tests := []struct {
+		desc     string
+		inMemory []string
+		inDB     []string
+		err      string
+	}{
+		{
+			desc:     "up-to-date",
+			inMemory: []string{"v77a_neat_migration"},
+			inDB:     []string{"v77a_neat_migration"},
+		},
+		{
+			desc:     "invalid-migration",
+			inMemory: []string{},
+			inDB:     []string{"v77a_neat_migration"},
+			err:      "current Forgejo database has migration(s) v77a_neat_migration applied, which are not registered migrations",
+		},
+		{
+			desc:     "missing-migration",
+			inMemory: []string{"v77a_neat_migration"},
+			inDB:     []string{},
+			err:      "current Forgejo database is missing migration(s) v77a_neat_migration",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.desc, func(t *testing.T) {
+			resetMigrations()
+			x, deferable := migration_tests.PrepareTestEnv(t, 0, new(ForgejoMigration))
+			defer deferable()
+			require.NotNil(t, x)
+
+			for _, inMemory := range tc.inMemory {
+				defer test.MockVariableValue(&getMigrationFilename, func() string {
+					return fmt.Sprintf("some-path/%s.go", inMemory)
+				})()
+				registerMigration(nilMigration())
+			}
+			for _, inDB := range tc.inDB {
+				x.Insert(&ForgejoMigration{ID: inDB})
+			}
+
+			err := EnsureUpToDate(x)
+			if tc.err == "" {
+				assert.NoError(t, err)
+			} else {
+				assert.ErrorContains(t, err, tc.err)
+			}
+		})
+	}
+}
+
+func TestMigrate(t *testing.T) {
+	resetMigrations()
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(ForgejoMigration))
+	defer deferable()
+	require.NotNil(t, x)
+
+	v77aRun := false
+	defer test.MockVariableValue(&getMigrationFilename, func() string {
+		return "some-path/v77a_neat_migration.go"
+	})()
+	registerMigration(&Migration{
+		Description: "nothing",
+		Upgrade: func(x *xorm.Engine) error {
+			v77aRun = true
+			return nil
+		},
+	})
+	// v77a_neat_migration will already be marked as already run
+	_, err := x.Insert(&ForgejoMigration{ID: "v77a_neat_migration"})
+	require.NoError(t, err)
+
+	v99bRun := false
+	defer test.MockVariableValue(&getMigrationFilename, func() string {
+		return "some-path/v99b_neat_migration.go"
+	})()
+	registerMigration(&Migration{
+		Description: "nothing",
+		Upgrade: func(x *xorm.Engine) error {
+			v99bRun = true
+			type ForgejoMagicFunctionality struct {
+				ID   int64 `xorm:"pk autoincr"`
+				Name string
+			}
+			return x.Sync(new(ForgejoMagicFunctionality))
+		},
+	})
+
+	v99cRun := false
+	defer test.MockVariableValue(&getMigrationFilename, func() string {
+		return "some-path/v99c_neat_migration.go"
+	})()
+	registerMigration(&Migration{
+		Description: "nothing",
+		Upgrade: func(x *xorm.Engine) error {
+			v99cRun = true
+			type ForgejoMagicFunctionality struct {
+				NewField string
+			}
+			return x.Sync(new(ForgejoMagicFunctionality))
+		},
+	})
+
+	err = Migrate(x, false)
+	require.NoError(t, err)
+
+	assert.False(t, v77aRun, "v77aRun") // was already marked as run in the DB so shouldn't have run again
+	assert.True(t, v99bRun, "v99bRun")
+	assert.True(t, v99cRun, "v99cRun")
+	migrationIDs, err := getInDBMigrationIDs(x)
+	require.NoError(t, err)
+	assert.Contains(t, migrationIDs, "v77a_neat_migration")
+	assert.Contains(t, migrationIDs, "v99b_neat_migration")
+	assert.Contains(t, migrationIDs, "v99c_neat_migration")
+
+	// should be able to query all three of the fields from this table created, verifying both migrations creating the
+	// table and adding a column were run
+	rec := make([]map[string]any, 0)
+	err = x.Cols("id", "name", "new_field").Table("forgejo_magic_functionality").Find(&rec)
+	assert.NoError(t, err)
+}
+
+func TestMigrateFreshDB(t *testing.T) {
+	resetMigrations()
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(ForgejoMigration))
+	defer deferable()
+	require.NotNil(t, x)
+
+	v77aRun := false
+	defer test.MockVariableValue(&getMigrationFilename, func() string {
+		return "some-path/v77a_neat_migration.go"
+	})()
+	registerMigration(&Migration{
+		Description: "nothing",
+		Upgrade: func(x *xorm.Engine) error {
+			v77aRun = true
+			return nil
+		},
+	})
+
+	v99bRun := false
+	defer test.MockVariableValue(&getMigrationFilename, func() string {
+		return "some-path/v99b_neat_migration.go"
+	})()
+	registerMigration(&Migration{
+		Description: "nothing",
+		Upgrade: func(x *xorm.Engine) error {
+			v99bRun = true
+			type ForgejoMagicFunctionality struct {
+				ID   int64 `xorm:"pk autoincr"`
+				Name string
+			}
+			return x.Sync(new(ForgejoMagicFunctionality))
+		},
+	})
+
+	v99cRun := false
+	defer test.MockVariableValue(&getMigrationFilename, func() string {
+		return "some-path/v99c_neat_migration.go"
+	})()
+	registerMigration(&Migration{
+		Description: "nothing",
+		Upgrade: func(x *xorm.Engine) error {
+			v99cRun = true
+			type ForgejoMagicFunctionality struct {
+				NewField string
+			}
+			return x.Sync(new(ForgejoMagicFunctionality))
+		},
+	})
+
+	err := Migrate(x, true)
+	require.NoError(t, err)
+
+	assert.False(t, v77aRun, "v77aRun") // none should be run due to freshDB flag
+	assert.False(t, v99bRun, "v99bRun")
+	assert.False(t, v99cRun, "v99cRun")
+	migrationIDs, err := getInDBMigrationIDs(x)
+	require.NoError(t, err)
+	assert.Contains(t, migrationIDs, "v77a_neat_migration")
+	assert.Contains(t, migrationIDs, "v99b_neat_migration")
+	assert.Contains(t, migrationIDs, "v99c_neat_migration")
 }
diff --git a/models/forgejo_migrations/v14a_add-foreign-keys-collaboration.go b/models/forgejo_migrations/v14a_add-foreign-keys-collaboration.go
new file mode 100644
index 0000000000..849c2e5ea9
--- /dev/null
+++ b/models/forgejo_migrations/v14a_add-foreign-keys-collaboration.go
@@ -0,0 +1,25 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add forgejo_migration table",
+		Upgrade:     addForeignKeysCollaboration,
+	})
+}
+
+func addForeignKeysCollaboration(x *xorm.Engine) error {
+	type Collaboration struct {
+		RepoID int64 `xorm:"UNIQUE(s) INDEX NOT NULL REFERENCES(repository, id)"`
+		UserID int64 `xorm:"UNIQUE(s) INDEX NOT NULL REFERENCES(user, id)"`
+	}
+	return syncDoctorForeignKey(x, []any{
+		new(Collaboration),
+	})
+}
diff --git a/models/forgejo_migrations/v14a_add-forgejo-migrations-table.go b/models/forgejo_migrations/v14a_add-forgejo-migrations-table.go
new file mode 100644
index 0000000000..f78eec8789
--- /dev/null
+++ b/models/forgejo_migrations/v14a_add-forgejo-migrations-table.go
@@ -0,0 +1,25 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"forgejo.org/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add forgejo_migration table",
+		Upgrade:     addForgejoMigration,
+	})
+}
+
+func addForgejoMigration(x *xorm.Engine) error {
+	type ForgejoMigration struct {
+		ID          string             `xorm:"pk"`
+		CreatedUnix timeutil.TimeStamp `xorm:"created"`
+	}
+	return x.Sync(new(ForgejoMigration))
+}
diff --git a/models/forgejo_migrations_legacy/main_test.go b/models/forgejo_migrations_legacy/main_test.go
new file mode 100644
index 0000000000..2622af8e22
--- /dev/null
+++ b/models/forgejo_migrations_legacy/main_test.go
@@ -0,0 +1,14 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgejo_migrations_legacy
+
+import (
+	"testing"
+
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+)
+
+func TestMain(m *testing.M) {
+	migration_tests.MainTest(m)
+}
diff --git a/models/forgejo_migrations_legacy/migrate.go b/models/forgejo_migrations_legacy/migrate.go
new file mode 100644
index 0000000000..72bbf66bdc
--- /dev/null
+++ b/models/forgejo_migrations_legacy/migrate.go
@@ -0,0 +1,246 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgejo_migrations_legacy
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"os"
+
+	"forgejo.org/models/forgejo/semver"
+	"forgejo.org/models/forgejo_migrations"
+	forgejo_v1_20 "forgejo.org/models/forgejo_migrations_legacy/v1_20"
+	forgejo_v1_22 "forgejo.org/models/forgejo_migrations_legacy/v1_22"
+	"forgejo.org/modules/git"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/setting"
+
+	"xorm.io/xorm"
+	"xorm.io/xorm/names"
+)
+
+// ForgejoVersion describes the Forgejo version table. Should have only one row with id = 1.
+type ForgejoVersion struct {
+	ID      int64 `xorm:"pk autoincr"`
+	Version int64
+}
+
+type Migration struct {
+	description string
+	migrate     func(*xorm.Engine) error
+}
+
+// NewMigration creates a new migration.
+func NewMigration(desc string, fn func(*xorm.Engine) error) *Migration {
+	return &Migration{desc, fn}
+}
+
+// This is a sequence of additional Forgejo migrations.
+// Add new migrations to the bottom of the list.
+var migrations = []*Migration{
+	// v0 -> v1
+	NewMigration("Create the `forgejo_blocked_user` table", forgejo_v1_20.AddForgejoBlockedUser),
+	// v1 -> v2
+	NewMigration("Create the `forgejo_sem_ver` table", forgejo_v1_20.CreateSemVerTable),
+	// v2 -> v3
+	NewMigration("Create the `forgejo_auth_token` table", forgejo_v1_20.CreateAuthorizationTokenTable),
+	// v3 -> v4
+	NewMigration("Add the `default_permissions` column to the `repo_unit` table", forgejo_v1_22.AddDefaultPermissionsToRepoUnit),
+	// v4 -> v5
+	NewMigration("Create the `forgejo_repo_flag` table", forgejo_v1_22.CreateRepoFlagTable),
+	// v5 -> v6
+	NewMigration("Add the `wiki_branch` column to the `repository` table", forgejo_v1_22.AddWikiBranchToRepository),
+	// v6 -> v7
+	NewMigration("Add the `enable_repo_unit_hints` column to the `user` table", forgejo_v1_22.AddUserRepoUnitHintsSetting),
+	// v7 -> v8
+	NewMigration("Modify the `release`.`note` content to remove SSH signatures", forgejo_v1_22.RemoveSSHSignaturesFromReleaseNotes),
+	// v8 -> v9
+	NewMigration("Add the `apply_to_admins` column to the `protected_branch` table", forgejo_v1_22.AddApplyToAdminsSetting),
+	// v9 -> v10
+	NewMigration("Add pronouns to user", forgejo_v1_22.AddPronounsToUser),
+	// v10 -> v11
+	NewMigration("Add the `created` column to the `issue` table", forgejo_v1_22.AddCreatedToIssue),
+	// v11 -> v12
+	NewMigration("Add repo_archive_download_count table", forgejo_v1_22.AddRepoArchiveDownloadCount),
+	// v12 -> v13
+	NewMigration("Add `hide_archive_links` column to `release` table", AddHideArchiveLinksToRelease),
+	// v13 -> v14
+	NewMigration("Remove Gitea-specific columns from the repository and badge tables", RemoveGiteaSpecificColumnsFromRepositoryAndBadge),
+	// v14 -> v15
+	NewMigration("Create the `federation_host` table", CreateFederationHostTable),
+	// v15 -> v16
+	NewMigration("Create the `federated_user` table", CreateFederatedUserTable),
+	// v16 -> v17
+	NewMigration("Add `normalized_federated_uri` column to `user` table", AddNormalizedFederatedURIToUser),
+	// v17 -> v18
+	NewMigration("Create the `following_repo` table", CreateFollowingRepoTable),
+	// v18 -> v19
+	NewMigration("Add external_url to attachment table", AddExternalURLColumnToAttachmentTable),
+	// v19 -> v20
+	NewMigration("Creating Quota-related tables", CreateQuotaTables),
+	// v20 -> v21
+	NewMigration("Add SSH keypair to `pull_mirror` table", AddSSHKeypairToPushMirror),
+	// v21 -> v22
+	NewMigration("Add `legacy` to `web_authn_credential` table", AddLegacyToWebAuthnCredential),
+	// v22 -> v23
+	NewMigration("Add `delete_branch_after_merge` to `auto_merge` table", AddDeleteBranchAfterMergeToAutoMerge),
+	// v23 -> v24
+	NewMigration("Add `purpose` column to `forgejo_auth_token` table", AddPurposeToForgejoAuthToken),
+	// v24 -> v25
+	NewMigration("Migrate `secret` column to store keying material", MigrateTwoFactorToKeying),
+	// v25 -> v26
+	NewMigration("Add `hash_blake2b` column to `package_blob` table", AddHashBlake2bToPackageBlob),
+	// v26 -> v27
+	NewMigration("Add `created_unix` column to `user_redirect` table", AddCreatedUnixToRedirect),
+	// v27 -> v28
+	NewMigration("Add pronoun privacy settings to user", AddHidePronounsOptionToUser),
+	// v28 -> v29
+	NewMigration("Add public key information to `FederatedUser` and `FederationHost`", AddPublicKeyInformationForFederation),
+	// v29 -> v30
+	NewMigration("Migrate `User.NormalizedFederatedURI` column to extract port & schema into FederatedHost", MigrateNormalizedFederatedURI),
+	// v30 -> v31
+	NewMigration("Normalize repository.topics to empty slice instead of null", SetTopicsAsEmptySlice),
+	// v31 -> v32
+	NewMigration("Migrate maven package name concatenation", ChangeMavenArtifactConcatenation),
+	// v32 -> v33
+	NewMigration("Add federated user activity tables, update the `federated_user` table & add indexes", FederatedUserActivityMigration),
+	// v33 -> v34
+	NewMigration("Add `notify-email` column to `action_run` table", AddNotifyEmailToActionRun),
+	// v34 -> v35
+	NewMigration("Noop because of https://codeberg.org/forgejo/forgejo/issues/8373", NoopAddIndexToActionRunStopped),
+	// v35 -> v36
+	NewMigration("Fix wiki unit default permission", FixWikiUnitDefaultPermission),
+	// v36 -> v37
+	NewMigration("Add `branch_filter` to `push_mirror` table", AddPushMirrorBranchFilter),
+	// v37 -> v38
+	NewMigration("Add `resolved_unix` column to `abuse_report` table", AddResolvedUnixToAbuseReport),
+	// v38 -> v39
+	NewMigration("Migrate `data` column of `secret` table to store keying material", MigrateActionSecretsToKeying),
+	// v39 -> v40
+	NewMigration("Add index for release sha1", AddIndexForReleaseSha1),
+	// v40 -> v41
+	NewMigration("Add foreign keys to stopwatch & tracked_time", AddForeignKeysStopwatchTrackedTime),
+	// v41 -> v42
+	NewMigration("Add action_run concurrency fields", AddActionRunConcurrency),
+	// v42 -> v43
+	NewMigration("Add action_run pre_execution_error field", AddActionRunPreExecutionError),
+	// v43 -> v44
+	NewMigration("Add foreign keys to access", AddForeignKeysAccess),
+}
+
+// GetCurrentDBVersion returns the current Forgejo database version.
+func GetCurrentDBVersion(x *xorm.Engine) (int64, error) {
+	if err := x.Sync(new(ForgejoVersion)); err != nil {
+		return -1, fmt.Errorf("sync: %w", err)
+	}
+
+	currentVersion := &ForgejoVersion{ID: 1}
+	has, err := x.Get(currentVersion)
+	if err != nil {
+		return -1, fmt.Errorf("get: %w", err)
+	}
+	if !has {
+		return -1, nil
+	}
+	return currentVersion.Version, nil
+}
+
+// ExpectedVersion returns the expected Forgejo database version.
+func ExpectedVersion() int64 {
+	return int64(len(migrations))
+}
+
+// EnsureUpToDate will check if the Forgejo database is at the correct version.
+func EnsureUpToDate(x *xorm.Engine) error {
+	currentDB, err := GetCurrentDBVersion(x)
+	if err != nil {
+		return err
+	}
+
+	if currentDB < 0 {
+		return errors.New("database has not been initialized")
+	}
+
+	expected := ExpectedVersion()
+
+	if currentDB != expected {
+		return fmt.Errorf(`current Forgejo database version %d is not equal to the expected version %d. Please run "forgejo [--config /path/to/app.ini] migrate" to update the database version`, currentDB, expected)
+	}
+
+	return forgejoMigrationsEnsureUpToDate(x)
+}
+
+var forgejoMigrationsEnsureUpToDate = forgejo_migrations.EnsureUpToDate
+
+// Migrate Forgejo database to current version.
+func Migrate(x *xorm.Engine) error {
+	// Set a new clean the default mapper to GonicMapper as that is the default for .
+	x.SetMapper(names.GonicMapper{})
+	if err := x.Sync(new(ForgejoVersion)); err != nil {
+		return fmt.Errorf("sync: %w", err)
+	}
+
+	currentVersion := &ForgejoVersion{ID: 1}
+	has, err := x.Get(currentVersion)
+	freshDB := false
+	if err != nil {
+		return fmt.Errorf("get: %w", err)
+	} else if !has {
+		// If the version record does not exist we think
+		// it is a fresh installation and we can skip all migrations.
+		currentVersion.ID = 0
+		currentVersion.Version = ExpectedVersion()
+		freshDB = true
+
+		if _, err = x.InsertOne(currentVersion); err != nil {
+			return fmt.Errorf("insert: %w", err)
+		}
+	}
+
+	v := currentVersion.Version
+
+	// Downgrading Forgejo's database version not supported
+	if v > ExpectedVersion() {
+		msg := fmt.Sprintf("Your Forgejo database (migration version: %d) is for a newer version of Forgejo, you cannot use the newer database for this old Forgejo release (%d).", v, ExpectedVersion())
+		msg += "\nForgejo will exit to keep your database safe and unchanged. Please use the correct Forgejo release, do not change the migration version manually (incorrect manual operation may cause data loss)."
+		if !setting.IsProd {
+			msg += fmt.Sprintf("\nIf you are in development and really know what you're doing, you can force changing the migration version by executing: UPDATE forgejo_version SET version=%d WHERE id=1;", ExpectedVersion())
+		}
+		_, _ = fmt.Fprintln(os.Stderr, msg)
+		log.Fatal(msg)
+		return nil
+	}
+
+	// Some migration tasks depend on the git command
+	if git.DefaultContext == nil {
+		if err = git.InitSimple(context.Background()); err != nil {
+			return err
+		}
+	}
+
+	// Migrate
+	for i, m := range migrations[v:] {
+		log.Info("Migration[%d]: %s", v+int64(i), m.description)
+		// Reset the mapper between each migration - migrations are not supposed to depend on each other
+		x.SetMapper(names.GonicMapper{})
+		if err = m.migrate(x); err != nil {
+			return fmt.Errorf("migration[%d]: %s failed: %w", v+int64(i), m.description, err)
+		}
+		currentVersion.Version = v + int64(i) + 1
+		if _, err = x.ID(1).Update(currentVersion); err != nil {
+			return err
+		}
+	}
+
+	if err := x.Sync(new(semver.ForgejoSemVer)); err != nil {
+		return fmt.Errorf("sync: %w", err)
+	}
+
+	if err := semver.SetVersionStringWithEngine(x, setting.ForgejoVersion); err != nil {
+		return fmt.Errorf("SetVersionStringWithEngine: %w", err)
+	}
+
+	return forgejo_migrations.Migrate(x, freshDB)
+}
diff --git a/models/forgejo_migrations_legacy/migrate_test.go b/models/forgejo_migrations_legacy/migrate_test.go
new file mode 100644
index 0000000000..1a0fa14671
--- /dev/null
+++ b/models/forgejo_migrations_legacy/migrate_test.go
@@ -0,0 +1,45 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgejo_migrations_legacy
+
+import (
+	"testing"
+
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	"forgejo.org/modules/test"
+
+	"github.com/stretchr/testify/require"
+	"xorm.io/xorm"
+)
+
+// TestEnsureUpToDate tests the behavior of EnsureUpToDate.
+func TestEnsureUpToDate(t *testing.T) {
+	defer test.MockVariableValue(&forgejoMigrationsEnsureUpToDate, func(x *xorm.Engine) error {
+		return nil
+	})()
+
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(ForgejoVersion))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	// Ensure error if there's no row in Forgejo Version.
+	err := EnsureUpToDate(x)
+	require.Error(t, err)
+
+	// Insert 'good' Forgejo Version row.
+	_, err = x.InsertOne(&ForgejoVersion{ID: 1, Version: ExpectedVersion()})
+	require.NoError(t, err)
+
+	err = EnsureUpToDate(x)
+	require.NoError(t, err)
+
+	// Modify forgejo version to have a lower version.
+	_, err = x.Exec("UPDATE `forgejo_version` SET version = ? WHERE id = 1", ExpectedVersion()-1)
+	require.NoError(t, err)
+
+	err = EnsureUpToDate(x)
+	require.Error(t, err)
+}
diff --git a/models/forgejo_migrations/v13.go b/models/forgejo_migrations_legacy/v13.go
similarity index 90%
rename from models/forgejo_migrations/v13.go
rename to models/forgejo_migrations_legacy/v13.go
index ba4183885e..6c216b3732 100644
--- a/models/forgejo_migrations/v13.go
+++ b/models/forgejo_migrations_legacy/v13.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v14.go b/models/forgejo_migrations_legacy/v14.go
similarity index 91%
rename from models/forgejo_migrations/v14.go
rename to models/forgejo_migrations_legacy/v14.go
index 65b857d343..7085fb0722 100644
--- a/models/forgejo_migrations/v14.go
+++ b/models/forgejo_migrations_legacy/v14.go
@@ -1,10 +1,10 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
diff --git a/models/forgejo_migrations/v15.go b/models/forgejo_migrations_legacy/v15.go
similarity index 95%
rename from models/forgejo_migrations/v15.go
rename to models/forgejo_migrations_legacy/v15.go
index a63199ab19..13e1651fd3 100644
--- a/models/forgejo_migrations/v15.go
+++ b/models/forgejo_migrations_legacy/v15.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"time"
diff --git a/models/forgejo_migrations/v16.go b/models/forgejo_migrations_legacy/v16.go
similarity index 93%
rename from models/forgejo_migrations/v16.go
rename to models/forgejo_migrations_legacy/v16.go
index a7d4d5d590..7d18751262 100644
--- a/models/forgejo_migrations/v16.go
+++ b/models/forgejo_migrations_legacy/v16.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v17.go b/models/forgejo_migrations_legacy/v17.go
similarity index 90%
rename from models/forgejo_migrations/v17.go
rename to models/forgejo_migrations_legacy/v17.go
index 8ef6f2c681..403351e221 100644
--- a/models/forgejo_migrations/v17.go
+++ b/models/forgejo_migrations_legacy/v17.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v18.go b/models/forgejo_migrations_legacy/v18.go
similarity index 94%
rename from models/forgejo_migrations/v18.go
rename to models/forgejo_migrations_legacy/v18.go
index e39b0cbf10..e2d2937bfa 100644
--- a/models/forgejo_migrations/v18.go
+++ b/models/forgejo_migrations_legacy/v18.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v19.go b/models/forgejo_migrations_legacy/v19.go
similarity index 90%
rename from models/forgejo_migrations/v19.go
rename to models/forgejo_migrations_legacy/v19.go
index 43d279dcb0..e0a48a388d 100644
--- a/models/forgejo_migrations/v19.go
+++ b/models/forgejo_migrations_legacy/v19.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v1_20/v1.go b/models/forgejo_migrations_legacy/v1_20/v1.go
similarity index 100%
rename from models/forgejo_migrations/v1_20/v1.go
rename to models/forgejo_migrations_legacy/v1_20/v1.go
diff --git a/models/forgejo_migrations/v1_20/v2.go b/models/forgejo_migrations_legacy/v1_20/v2.go
similarity index 100%
rename from models/forgejo_migrations/v1_20/v2.go
rename to models/forgejo_migrations_legacy/v1_20/v2.go
diff --git a/models/forgejo_migrations/v1_20/v3.go b/models/forgejo_migrations_legacy/v1_20/v3.go
similarity index 100%
rename from models/forgejo_migrations/v1_20/v3.go
rename to models/forgejo_migrations_legacy/v1_20/v3.go
diff --git a/models/forgejo_migrations/v1_22/main_test.go b/models/forgejo_migrations_legacy/v1_22/main_test.go
similarity index 76%
rename from models/forgejo_migrations/v1_22/main_test.go
rename to models/forgejo_migrations_legacy/v1_22/main_test.go
index d6a5bdacee..26930f8e70 100644
--- a/models/forgejo_migrations/v1_22/main_test.go
+++ b/models/forgejo_migrations_legacy/v1_22/main_test.go
@@ -6,7 +6,7 @@ package v1_22
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/forgejo_migrations/v1_22/v10.go b/models/forgejo_migrations_legacy/v1_22/v10.go
similarity index 100%
rename from models/forgejo_migrations/v1_22/v10.go
rename to models/forgejo_migrations_legacy/v1_22/v10.go
diff --git a/models/forgejo_migrations/v1_22/v11.go b/models/forgejo_migrations_legacy/v1_22/v11.go
similarity index 100%
rename from models/forgejo_migrations/v1_22/v11.go
rename to models/forgejo_migrations_legacy/v1_22/v11.go
diff --git a/models/forgejo_migrations/v1_22/v12.go b/models/forgejo_migrations_legacy/v1_22/v12.go
similarity index 100%
rename from models/forgejo_migrations/v1_22/v12.go
rename to models/forgejo_migrations_legacy/v1_22/v12.go
diff --git a/models/forgejo_migrations/v1_22/v4.go b/models/forgejo_migrations_legacy/v1_22/v4.go
similarity index 100%
rename from models/forgejo_migrations/v1_22/v4.go
rename to models/forgejo_migrations_legacy/v1_22/v4.go
diff --git a/models/forgejo_migrations/v1_22/v5.go b/models/forgejo_migrations_legacy/v1_22/v5.go
similarity index 100%
rename from models/forgejo_migrations/v1_22/v5.go
rename to models/forgejo_migrations_legacy/v1_22/v5.go
diff --git a/models/forgejo_migrations/v1_22/v6.go b/models/forgejo_migrations_legacy/v1_22/v6.go
similarity index 100%
rename from models/forgejo_migrations/v1_22/v6.go
rename to models/forgejo_migrations_legacy/v1_22/v6.go
diff --git a/models/forgejo_migrations/v1_22/v7.go b/models/forgejo_migrations_legacy/v1_22/v7.go
similarity index 100%
rename from models/forgejo_migrations/v1_22/v7.go
rename to models/forgejo_migrations_legacy/v1_22/v7.go
diff --git a/models/forgejo_migrations/v1_22/v8.go b/models/forgejo_migrations_legacy/v1_22/v8.go
similarity index 100%
rename from models/forgejo_migrations/v1_22/v8.go
rename to models/forgejo_migrations_legacy/v1_22/v8.go
diff --git a/models/forgejo_migrations/v1_22/v8_test.go b/models/forgejo_migrations_legacy/v1_22/v8_test.go
similarity index 93%
rename from models/forgejo_migrations/v1_22/v8_test.go
rename to models/forgejo_migrations_legacy/v1_22/v8_test.go
index 5117dd2dfb..3ef4a05f9f 100644
--- a/models/forgejo_migrations/v1_22/v8_test.go
+++ b/models/forgejo_migrations_legacy/v1_22/v8_test.go
@@ -6,7 +6,7 @@ package v1_22
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/forgejo_migrations/v1_22/v9.go b/models/forgejo_migrations_legacy/v1_22/v9.go
similarity index 100%
rename from models/forgejo_migrations/v1_22/v9.go
rename to models/forgejo_migrations_legacy/v1_22/v9.go
diff --git a/models/forgejo_migrations/v20.go b/models/forgejo_migrations_legacy/v20.go
similarity index 97%
rename from models/forgejo_migrations/v20.go
rename to models/forgejo_migrations_legacy/v20.go
index 91c7b8e911..4bd0be6047 100644
--- a/models/forgejo_migrations/v20.go
+++ b/models/forgejo_migrations_legacy/v20.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v21.go b/models/forgejo_migrations_legacy/v21.go
similarity index 91%
rename from models/forgejo_migrations/v21.go
rename to models/forgejo_migrations_legacy/v21.go
index 61d7950c5a..cc7da2772c 100644
--- a/models/forgejo_migrations/v21.go
+++ b/models/forgejo_migrations_legacy/v21.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v22.go b/models/forgejo_migrations_legacy/v22.go
similarity index 93%
rename from models/forgejo_migrations/v22.go
rename to models/forgejo_migrations_legacy/v22.go
index 8078591da6..892a5ce851 100644
--- a/models/forgejo_migrations/v22.go
+++ b/models/forgejo_migrations_legacy/v22.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v23.go b/models/forgejo_migrations_legacy/v23.go
similarity index 93%
rename from models/forgejo_migrations/v23.go
rename to models/forgejo_migrations_legacy/v23.go
index a79a4f3d6e..48aac74204 100644
--- a/models/forgejo_migrations/v23.go
+++ b/models/forgejo_migrations_legacy/v23.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v24.go b/models/forgejo_migrations_legacy/v24.go
similarity index 93%
rename from models/forgejo_migrations/v24.go
rename to models/forgejo_migrations_legacy/v24.go
index 084a57e1ce..bf3b7b2220 100644
--- a/models/forgejo_migrations/v24.go
+++ b/models/forgejo_migrations_legacy/v24.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v25.go b/models/forgejo_migrations_legacy/v25.go
similarity index 96%
rename from models/forgejo_migrations/v25.go
rename to models/forgejo_migrations_legacy/v25.go
index 56cde499a3..8c4b623c84 100644
--- a/models/forgejo_migrations/v25.go
+++ b/models/forgejo_migrations_legacy/v25.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"context"
@@ -23,7 +23,7 @@ func MigrateTwoFactorToKeying(x *xorm.Engine) error {
 	var err error
 
 	// When upgrading from Forgejo v9 to v10, this migration will already be
-	// called from models/migrations/migrations.go migration 304 and must not
+	// called from models/gitea_migrations/migrations.go migration 304 and must not
 	// be run twice.
 	var version int
 	_, err = x.Table("version").Where("`id` = 1").Select("version").Get(&version)
diff --git a/models/forgejo_migrations/v25_test.go b/models/forgejo_migrations_legacy/v25_test.go
similarity index 94%
rename from models/forgejo_migrations/v25_test.go
rename to models/forgejo_migrations_legacy/v25_test.go
index 68e71da012..86286b2ab1 100644
--- a/models/forgejo_migrations/v25_test.go
+++ b/models/forgejo_migrations_legacy/v25_test.go
@@ -1,13 +1,13 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"testing"
 
 	"forgejo.org/models/auth"
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/modules/keying"
 	"forgejo.org/modules/timeutil"
 
diff --git a/models/forgejo_migrations/v26.go b/models/forgejo_migrations_legacy/v26.go
similarity index 91%
rename from models/forgejo_migrations/v26.go
rename to models/forgejo_migrations_legacy/v26.go
index a0c47799c2..03d05ad96d 100644
--- a/models/forgejo_migrations/v26.go
+++ b/models/forgejo_migrations_legacy/v26.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v27.go b/models/forgejo_migrations_legacy/v27.go
similarity index 92%
rename from models/forgejo_migrations/v27.go
rename to models/forgejo_migrations_legacy/v27.go
index 9cfbc64370..531170d06f 100644
--- a/models/forgejo_migrations/v27.go
+++ b/models/forgejo_migrations_legacy/v27.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"forgejo.org/modules/timeutil"
diff --git a/models/forgejo_migrations/v28.go b/models/forgejo_migrations_legacy/v28.go
similarity index 90%
rename from models/forgejo_migrations/v28.go
rename to models/forgejo_migrations_legacy/v28.go
index 19f0dcd862..443c3f5d66 100644
--- a/models/forgejo_migrations/v28.go
+++ b/models/forgejo_migrations_legacy/v28.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v29.go b/models/forgejo_migrations_legacy/v29.go
similarity index 94%
rename from models/forgejo_migrations/v29.go
rename to models/forgejo_migrations_legacy/v29.go
index 92eb05e8b3..9b79139fcc 100644
--- a/models/forgejo_migrations/v29.go
+++ b/models/forgejo_migrations_legacy/v29.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"database/sql"
diff --git a/models/forgejo_migrations/v30.go b/models/forgejo_migrations_legacy/v30.go
similarity index 97%
rename from models/forgejo_migrations/v30.go
rename to models/forgejo_migrations_legacy/v30.go
index 05a1dff898..2ffafd3fe7 100644
--- a/models/forgejo_migrations/v30.go
+++ b/models/forgejo_migrations_legacy/v30.go
@@ -1,12 +1,12 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"time"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/forgefed"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/timeutil"
diff --git a/models/forgejo_migrations/v30_test.go b/models/forgejo_migrations_legacy/v30_test.go
similarity index 96%
rename from models/forgejo_migrations/v30_test.go
rename to models/forgejo_migrations_legacy/v30_test.go
index 152fddeb47..73bfefac90 100644
--- a/models/forgejo_migrations/v30_test.go
+++ b/models/forgejo_migrations_legacy/v30_test.go
@@ -1,13 +1,13 @@
 // Copyright 2025 The Forgejo Authors.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"testing"
 	"time"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/modules/timeutil"
 
 	"github.com/stretchr/testify/require"
diff --git a/models/forgejo_migrations/v31.go b/models/forgejo_migrations_legacy/v31.go
similarity index 97%
rename from models/forgejo_migrations/v31.go
rename to models/forgejo_migrations_legacy/v31.go
index 23397c7c13..f500ffa231 100644
--- a/models/forgejo_migrations/v31.go
+++ b/models/forgejo_migrations_legacy/v31.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"xorm.io/xorm"
diff --git a/models/forgejo_migrations/v31_test.go b/models/forgejo_migrations_legacy/v31_test.go
similarity index 89%
rename from models/forgejo_migrations/v31_test.go
rename to models/forgejo_migrations_legacy/v31_test.go
index 6d1690aae0..0adc9cc69b 100644
--- a/models/forgejo_migrations/v31_test.go
+++ b/models/forgejo_migrations_legacy/v31_test.go
@@ -1,12 +1,12 @@
 // Copyright 2025 The Forgejo Authors.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/require"
 )
diff --git a/models/forgejo_migrations/v32.go b/models/forgejo_migrations_legacy/v32.go
similarity index 99%
rename from models/forgejo_migrations/v32.go
rename to models/forgejo_migrations_legacy/v32.go
index ce3f855694..bd5176db1e 100644
--- a/models/forgejo_migrations/v32.go
+++ b/models/forgejo_migrations_legacy/v32.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"encoding/xml"
diff --git a/models/forgejo_migrations/v32_test.go b/models/forgejo_migrations_legacy/v32_test.go
similarity index 99%
rename from models/forgejo_migrations/v32_test.go
rename to models/forgejo_migrations_legacy/v32_test.go
index 24cda891bc..6abb5f9004 100644
--- a/models/forgejo_migrations/v32_test.go
+++ b/models/forgejo_migrations_legacy/v32_test.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"bytes"
@@ -11,7 +11,7 @@ import (
 	"strings"
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/models/packages"
 
 	"github.com/stretchr/testify/assert"
diff --git a/models/forgejo_migrations/v33.go b/models/forgejo_migrations_legacy/v33.go
similarity index 98%
rename from models/forgejo_migrations/v33.go
rename to models/forgejo_migrations_legacy/v33.go
index b9ea8efe47..ce220d8179 100644
--- a/models/forgejo_migrations/v33.go
+++ b/models/forgejo_migrations_legacy/v33.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"fmt"
diff --git a/models/forgejo_migrations/v33_test.go b/models/forgejo_migrations_legacy/v33_test.go
similarity index 92%
rename from models/forgejo_migrations/v33_test.go
rename to models/forgejo_migrations_legacy/v33_test.go
index 1d3298da15..a77dfed0c2 100644
--- a/models/forgejo_migrations/v33_test.go
+++ b/models/forgejo_migrations_legacy/v33_test.go
@@ -1,13 +1,13 @@
 // Copyright 2025 The Forgejo Authors.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"testing"
 	"time"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/modules/log"
 	ft "forgejo.org/modules/test"
 
diff --git a/models/forgejo_migrations/v34.go b/models/forgejo_migrations_legacy/v34.go
similarity index 89%
rename from models/forgejo_migrations/v34.go
rename to models/forgejo_migrations_legacy/v34.go
index d193d799e7..c1a1bfc8d6 100644
--- a/models/forgejo_migrations/v34.go
+++ b/models/forgejo_migrations_legacy/v34.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations/v35.go b/models/forgejo_migrations_legacy/v35.go
similarity index 88%
rename from models/forgejo_migrations/v35.go
rename to models/forgejo_migrations_legacy/v35.go
index 9b389fcc12..ea3765fce5 100644
--- a/models/forgejo_migrations/v35.go
+++ b/models/forgejo_migrations_legacy/v35.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"xorm.io/xorm"
diff --git a/models/forgejo_migrations/v36.go b/models/forgejo_migrations_legacy/v36.go
similarity index 97%
rename from models/forgejo_migrations/v36.go
rename to models/forgejo_migrations_legacy/v36.go
index 1a798147cf..5c13f3878e 100644
--- a/models/forgejo_migrations/v36.go
+++ b/models/forgejo_migrations_legacy/v36.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"xorm.io/xorm"
diff --git a/models/forgejo_migrations/v37.go b/models/forgejo_migrations_legacy/v37.go
similarity index 90%
rename from models/forgejo_migrations/v37.go
rename to models/forgejo_migrations_legacy/v37.go
index 89358991af..508f798055 100644
--- a/models/forgejo_migrations/v37.go
+++ b/models/forgejo_migrations_legacy/v37.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"xorm.io/xorm"
diff --git a/models/forgejo_migrations/v38.go b/models/forgejo_migrations_legacy/v38.go
similarity index 92%
rename from models/forgejo_migrations/v38.go
rename to models/forgejo_migrations_legacy/v38.go
index 24240f15a0..93cff2cabb 100644
--- a/models/forgejo_migrations/v38.go
+++ b/models/forgejo_migrations_legacy/v38.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"forgejo.org/modules/timeutil"
diff --git a/models/forgejo_migrations/v39.go b/models/forgejo_migrations_legacy/v39.go
similarity index 98%
rename from models/forgejo_migrations/v39.go
rename to models/forgejo_migrations_legacy/v39.go
index 9af1c250b3..3f0d94b6aa 100644
--- a/models/forgejo_migrations/v39.go
+++ b/models/forgejo_migrations_legacy/v39.go
@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"context"
diff --git a/models/forgejo_migrations/v39_test.go b/models/forgejo_migrations_legacy/v39_test.go
similarity index 94%
rename from models/forgejo_migrations/v39_test.go
rename to models/forgejo_migrations_legacy/v39_test.go
index 42934d912f..6c82f7180f 100644
--- a/models/forgejo_migrations/v39_test.go
+++ b/models/forgejo_migrations_legacy/v39_test.go
@@ -1,12 +1,12 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/models/secret"
 	"forgejo.org/modules/keying"
 	"forgejo.org/modules/timeutil"
diff --git a/models/forgejo_migrations/v40.go b/models/forgejo_migrations_legacy/v40.go
similarity index 88%
rename from models/forgejo_migrations/v40.go
rename to models/forgejo_migrations_legacy/v40.go
index 11e8fbd85e..50dccd393c 100644
--- a/models/forgejo_migrations/v40.go
+++ b/models/forgejo_migrations_legacy/v40.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations_legacy
 
 import "xorm.io/xorm"
 
diff --git a/models/forgejo_migrations_legacy/v41.go b/models/forgejo_migrations_legacy/v41.go
new file mode 100644
index 0000000000..4b3306debd
--- /dev/null
+++ b/models/forgejo_migrations_legacy/v41.go
@@ -0,0 +1,70 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations_legacy
+
+import (
+	"errors"
+	"fmt"
+
+	"forgejo.org/modules/log"
+
+	"xorm.io/builder"
+	"xorm.io/xorm"
+)
+
+func syncDoctorForeignKey(x *xorm.Engine, beans []any) error {
+	for _, bean := range beans {
+		// Sync() drops indexes by default, which will cause unnecessary rebuilding of indexes when syncDoctorForeignKey
+		// is used with partial bean definitions; so we disable that option
+		_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, bean)
+		if err != nil {
+			if errors.Is(err, xorm.ErrForeignKeyViolation) {
+				tableName := x.TableName(bean)
+				log.Error(
+					"Foreign key creation on table %s failed. Run `forgejo doctor check --all` to identify the orphaned records preventing this foreign key from being created. Error was: %v",
+					tableName, err)
+				return err
+			}
+			return err
+		}
+	}
+	return nil
+}
+
+func AddForeignKeysStopwatchTrackedTime(x *xorm.Engine) error {
+	type Stopwatch struct {
+		IssueID int64 `xorm:"INDEX REFERENCES(issue, id)"`
+		UserID  int64 `xorm:"INDEX REFERENCES(user, id)"`
+	}
+	type TrackedTime struct {
+		ID      int64 `xorm:"pk autoincr"`
+		IssueID int64 `xorm:"INDEX REFERENCES(issue, id)"`
+		UserID  int64 `xorm:"INDEX REFERENCES(user, id)"`
+	}
+
+	// TrackedTime.UserID used to be an intentionally dangling reference if a user was deleted, in order to maintain the
+	// time that was tracked against an issue.  With the addition of a foreign key, we set UserID to NULL where the user
+	// doesn't exist instead of leaving it pointing to an invalid record:
+	var trackedTime []TrackedTime
+	err := x.Table("tracked_time").
+		Join("LEFT", "`user`", "`tracked_time`.user_id = `user`.id").
+		Where(builder.IsNull{"`user`.id"}).
+		Find(&trackedTime)
+	if err != nil {
+		return err
+	}
+	for _, tt := range trackedTime {
+		affected, err := x.Table(&TrackedTime{}).Where("id = ?", tt.ID).Update(map[string]any{"user_id": nil})
+		if err != nil {
+			return err
+		} else if affected != 1 {
+			return fmt.Errorf("expected to update 1 tracked_time record with ID %d, but actually affected %d records", tt.ID, affected)
+		}
+	}
+
+	return syncDoctorForeignKey(x, []any{
+		new(Stopwatch),
+		new(TrackedTime),
+	})
+}
diff --git a/models/forgejo_migrations_legacy/v42.go b/models/forgejo_migrations_legacy/v42.go
new file mode 100644
index 0000000000..940c270699
--- /dev/null
+++ b/models/forgejo_migrations_legacy/v42.go
@@ -0,0 +1,20 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations_legacy
+
+import "xorm.io/xorm"
+
+func AddActionRunConcurrency(x *xorm.Engine) error {
+	type ActionRun struct {
+		RepoID           int64  `xorm:"index unique(repo_index) index(concurrency)"`
+		Index            int64  `xorm:"index unique(repo_index)"`
+		ConcurrencyGroup string `xorm:"index(concurrency)"`
+		ConcurrencyType  int
+	}
+	_, err := x.SyncWithOptions(xorm.SyncOptions{
+		// Sync drops indexes by default, and this local ActionRun doesn't have all the indexes -- so disable that.
+		IgnoreDropIndices: true,
+	}, new(ActionRun))
+	return err
+}
diff --git a/models/forgejo_migrations_legacy/v43.go b/models/forgejo_migrations_legacy/v43.go
new file mode 100644
index 0000000000..215299031c
--- /dev/null
+++ b/models/forgejo_migrations_legacy/v43.go
@@ -0,0 +1,17 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations_legacy
+
+import "xorm.io/xorm"
+
+func AddActionRunPreExecutionError(x *xorm.Engine) error {
+	type ActionRun struct {
+		PreExecutionError string `xorm:"LONGTEXT"`
+	}
+	_, err := x.SyncWithOptions(xorm.SyncOptions{
+		// Sync drops indexes by default, and this local ActionRun doesn't have all the indexes -- so disable that.
+		IgnoreDropIndices: true,
+	}, new(ActionRun))
+	return err
+}
diff --git a/models/forgejo_migrations_legacy/v44.go b/models/forgejo_migrations_legacy/v44.go
new file mode 100644
index 0000000000..459c7ac29d
--- /dev/null
+++ b/models/forgejo_migrations_legacy/v44.go
@@ -0,0 +1,18 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations_legacy
+
+import (
+	"xorm.io/xorm"
+)
+
+func AddForeignKeysAccess(x *xorm.Engine) error {
+	type Access struct {
+		UserID int64 `xorm:"UNIQUE(s) REFERENCES(user, id)"`
+		RepoID int64 `xorm:"UNIQUE(s) REFERENCES(repository, id)"`
+	}
+	return syncDoctorForeignKey(x, []any{
+		new(Access),
+	})
+}
diff --git a/models/migrations/base/db.go b/models/gitea_migrations/base/db.go
similarity index 59%
rename from models/migrations/base/db.go
rename to models/gitea_migrations/base/db.go
index 7f7edda53b..2f70fc0806 100644
--- a/models/migrations/base/db.go
+++ b/models/gitea_migrations/base/db.go
@@ -8,8 +8,10 @@ import (
 	"fmt"
 	"reflect"
 	"regexp"
+	"slices"
 	"strings"
 
+	"forgejo.org/models/db"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 
@@ -17,7 +19,12 @@ import (
 	"xorm.io/xorm/schemas"
 )
 
-// RecreateTables will recreate the tables for the provided beans using the newly provided bean definition and move all data to that new table
+// RecreateTables returns a function that will recreate the tables for the provided beans using the newly provided bean
+// definition, move all data to the new tables, and then replace the original tables with a drop and rename.
+//
+// If any 'base' table is requested to be rebuilt where one-or-more 'satellite' tables exists that references it through
+// a foreign key, you must rebuild the satellite tables as well or you will receive an error 'incomplete table set'.
+//
 // WARNING: YOU MUST PROVIDE THE FULL BEAN DEFINITION
 func RecreateTables(beans ...any) func(*xorm.Engine) error {
 	return func(x *xorm.Engine) error {
@@ -27,34 +34,179 @@ func RecreateTables(beans ...any) func(*xorm.Engine) error {
 			return err
 		}
 		sess = sess.StoreEngine("InnoDB")
+
+		tableNames := make(map[any]string, len(beans))
+		tempTableNames := make(map[any]string, len(beans))
+		tempTableNamesByOriginalName := make(map[string]string, len(beans))
 		for _, bean := range beans {
-			log.Info("Recreating Table: %s for Bean: %s", x.TableName(bean), reflect.Indirect(reflect.ValueOf(bean)).Type().Name())
-			if err := RecreateTable(sess, bean); err != nil {
+			tableName := sess.Engine().TableName(bean)
+			tableNames[bean] = tableName
+			tempTableName := fmt.Sprintf("tmp_recreate__%s", tableName)
+			tempTableNames[bean] = tempTableName
+			tempTableNamesByOriginalName[tableName] = tempTableName
+		}
+
+		// Create a set of temp tables.
+		for _, bean := range beans {
+			log.Info("Creating temp table: %s for Bean: %s", tempTableNames[bean], reflect.Indirect(reflect.ValueOf(bean)).Type().Name())
+			if err := createTempTable(sess, bean, tempTableNames[bean]); err != nil {
 				return err
 			}
 		}
+
+		// Our new temp tables tables will have foreign keys that point to the original tables we are recreating.
+		// Before we put data into these tables, we need to drop those foreign keys and add new foreign keys that point
+		// to the temp tables.
+		tableSchemas := make(map[any]*schemas.Table, len(beans))
+		for _, bean := range beans {
+			tableSchema, err := sess.Engine().TableInfo(bean)
+			if err != nil {
+				log.Error("Unable to get table info. Error: %v", err)
+				return err
+			}
+			tableSchemas[bean] = tableSchema
+			modifications := make([]schemas.TableModification, 0, len(tableSchema.ForeignKeys)*2)
+			for _, fk := range tableSchema.ForeignKeys {
+				targetTempTableName, ok := tempTableNamesByOriginalName[fk.TargetTableName]
+				if !ok {
+					return fmt.Errorf("incomplete table set: Found a foreign key reference to table %s, but it is not included in RecreateTables", fk.TargetTableName)
+				}
+				fkName := fk.Name
+				if setting.Database.Type.IsMySQL() {
+					// See MySQL explanation in createTempTable.
+					fkName = "_" + fkName
+				}
+				modifications = append(modifications, schemas.DropForeignKey{ForeignKey: schemas.ForeignKey{
+					Name:            fkName,
+					SourceFieldName: fk.SourceFieldName,
+					TargetTableName: fk.TargetTableName,
+					TargetFieldName: fk.TargetFieldName,
+				}})
+				modifications = append(modifications, schemas.AddForeignKey{ForeignKey: schemas.ForeignKey{
+					Name:            fkName,
+					SourceFieldName: fk.SourceFieldName,
+					TargetTableName: targetTempTableName, // FK changed to new temp table
+					TargetFieldName: fk.TargetFieldName,
+				}})
+			}
+
+			if len(modifications) != 0 {
+				log.Info("Modifying temp table %s foreign keys to point to other temp tables", tempTableNames[bean])
+				if err := sess.Table(tempTableNames[bean]).AlterTable(bean, modifications...); err != nil {
+					return fmt.Errorf("alter table failed: while rewriting foreign keys to temp tables, error occurred: %w", err)
+				}
+			}
+		}
+
+		// Insert into the set of temp tables in the right order, starting with base tables, working outwards to
+		// satellite tables.
+		orderedBeans := slices.Clone(beans)
+		slices.SortFunc(orderedBeans, func(b1, b2 any) int {
+			return db.TableNameInsertionOrderSortFunc(tableNames[b1], tableNames[b2])
+		})
+		for _, bean := range orderedBeans {
+			log.Info("Copying table %s to temp table %s", tableNames[bean], tempTableNames[bean])
+			if err := copyData(sess, bean, tableNames[bean], tempTableNames[bean]); err != nil {
+				// copyData does its own logging
+				return err
+			}
+		}
+
+		// Drop all the old tables in the right order, starting with satellite tables working inwards to base tables,
+		// and rename all the temp tables to the final tables.  The database will automatically update the foreign key
+		// references during the rename from temp to final tables.
+		for i := len(orderedBeans) - 1; i >= 0; i-- {
+			bean := orderedBeans[i]
+			log.Info("Dropping existing table %s, and renaming temp table %s in its place", tableNames[bean], tempTableNames[bean])
+			if err := renameTable(sess, bean, tableNames[bean], tempTableNames[bean], tableSchemas[bean]); err != nil {
+				// renameTable does its own logging
+				return err
+			}
+		}
+
 		return sess.Commit()
 	}
 }
 
-// RecreateTable will recreate the table using the newly provided bean definition and move all data to that new table
+// LegacyRecreateTable will recreate the table using the newly provided bean definition and move all data to that new
+// table.
+//
 // WARNING: YOU MUST PROVIDE THE FULL BEAN DEFINITION
+//
 // WARNING: YOU MUST COMMIT THE SESSION AT THE END
-func RecreateTable(sess *xorm.Session, bean any) error {
-	// TODO: This will not work if there are foreign keys
-
+//
+// Deprecated: LegacyRecreateTable exists for historical migrations and should not be used in current code -- tt does
+// not support foreign key management.  Use RecreateTables instead which provides foreign key support.
+func LegacyRecreateTable(sess *xorm.Session, bean any) error {
 	tableName := sess.Engine().TableName(bean)
 	tempTableName := fmt.Sprintf("tmp_recreate__%s", tableName)
 
+	tableSchema, err := sess.Engine().TableInfo(bean)
+	if err != nil {
+		log.Error("Unable to get table info. Error: %v", err)
+		return err
+	}
+
 	// We need to move the old table away and create a new one with the correct columns
 	// We will need to do this in stages to prevent data loss
 	//
 	// First create the temporary table
-	if err := sess.Table(tempTableName).CreateTable(bean); err != nil {
-		log.Error("Unable to create table %s. Error: %v", tempTableName, err)
+	if err := createTempTable(sess, bean, tempTableName); err != nil {
+		// createTempTable does its own logging
 		return err
 	}
 
+	if err := copyData(sess, bean, tableName, tempTableName); err != nil {
+		// copyData does its own logging
+		return err
+	}
+
+	if err := renameTable(sess, bean, tableName, tempTableName, tableSchema); err != nil {
+		// renameTable does its own logging
+		return err
+	}
+
+	return nil
+}
+
+func createTempTable(sess *xorm.Session, bean any, tempTableName string) error {
+	if setting.Database.Type.IsMySQL() {
+		// Can't have identical foreign key names in MySQL, and Table(tempTableName) only affects the table name and not
+		// the schema definition generated from the bean, so, we do a little adjusting by appending a `_` at the
+		// beginning of each foreign key name on the temp table. We'll remove this by renaming the constraint after we
+		// drop the original table, in renameTable.
+		originalTableSchema, err := sess.Engine().TableInfo(bean)
+		if err != nil {
+			log.Error("Unable to get table info. Error: %v", err)
+			return err
+		}
+
+		// `TableInfo()` will return a `*schema.Table` that is stored in a shared cache.  We don't want to mutate that
+		// object as it will stick around and affect other things.  Make a mostly-shallow clone, with a new slice for
+		// what we're changing.
+		tableSchema := *originalTableSchema
+		tableSchema.ForeignKeys = slices.Clone(originalTableSchema.ForeignKeys)
+		for i := range tableSchema.ForeignKeys {
+			tableSchema.ForeignKeys[i].Name = "_" + tableSchema.ForeignKeys[i].Name
+		}
+
+		sql, _, err := sess.Engine().Dialect().CreateTableSQL(&tableSchema, tempTableName)
+		if err != nil {
+			log.Error("Unable to generate CREATE TABLE query. Error: %v", err)
+			return err
+		}
+		_, err = sess.Exec(sql)
+		if err != nil {
+			log.Error("Unable to create table %s. Error: %v", tempTableName, err)
+			return err
+		}
+	} else {
+		if err := sess.Table(tempTableName).CreateTable(bean); err != nil {
+			log.Error("Unable to create table %s. Error: %v", tempTableName, err)
+			return err
+		}
+	}
+
 	if err := sess.Table(tempTableName).CreateUniques(bean); err != nil {
 		log.Error("Unable to create uniques for table %s. Error: %v", tempTableName, err)
 		return err
@@ -65,11 +217,14 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 		return err
 	}
 
+	return nil
+}
+
+func copyData(sess *xorm.Session, bean any, tableName, tempTableName string) error {
 	// Work out the column names from the bean - these are the columns to select from the old table and install into the new table
 	table, err := sess.Engine().TableInfo(bean)
 	if err != nil {
 		log.Error("Unable to get table info. Error: %v", err)
-
 		return err
 	}
 	newTableColumns := table.Columns()
@@ -128,9 +283,12 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 		return err
 	}
 
+	return nil
+}
+
+func renameTable(sess *xorm.Session, bean any, tableName, tempTableName string, tableSchema *schemas.Table) error {
 	switch {
 	case setting.Database.Type.IsSQLite3():
-		// SQLite will drop all the constraints on the old table
 		if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
 			log.Error("Unable to drop old table %s. Error: %v", tableName, err)
 			return err
@@ -157,32 +315,44 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 		}
 
 	case setting.Database.Type.IsMySQL():
-		// MySQL will drop all the constraints on the old table
 		if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
 			log.Error("Unable to drop old table %s. Error: %v", tableName, err)
 			return err
 		}
 
-		if err := sess.Table(tempTableName).DropIndexes(bean); err != nil {
-			log.Error("Unable to drop indexes on temporary table %s. Error: %v", tempTableName, err)
-			return err
-		}
-
-		// SQLite and MySQL will move all the constraints from the temporary table to the new table
+		// MySQL will move all the constraints that reference this table from the temporary table to the new table
 		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `%s` RENAME TO `%s`", tempTableName, tableName)); err != nil {
 			log.Error("Unable to rename %s to %s. Error: %v", tempTableName, tableName, err)
 			return err
 		}
 
-		if err := sess.Table(tableName).CreateIndexes(bean); err != nil {
-			log.Error("Unable to recreate indexes on table %s. Error: %v", tableName, err)
-			return err
+		// In `RecreateTables` the foreign keys were renamed with a '_' prefix to avoid conflicting on the original
+		// table's constraint names. Now that table has been dropped, so we can rename them back to leave the table in
+		// the right state. Unfortunately this will cause a recheck of the constraint's validity against the target
+		// table which will be slow for large tables, but it's unavoidable without the ability to rename constraints
+		// in-place. Awkwardly these FKs are still a reference to the tmp_recreate target table since we drop in reverse
+		// FK order -- the ALTER TABLE ... RENAME .. on those tmp tables will correct the FKs later.
+		modifications := make([]schemas.TableModification, 0, len(tableSchema.ForeignKeys)*2)
+		for _, fk := range tableSchema.ForeignKeys {
+			modifications = append(modifications, schemas.DropForeignKey{ForeignKey: schemas.ForeignKey{
+				Name:            "_" + fk.Name,
+				SourceFieldName: fk.SourceFieldName,
+				TargetTableName: fmt.Sprintf("tmp_recreate__%s", fk.TargetTableName),
+				TargetFieldName: fk.TargetFieldName,
+			}})
+			modifications = append(modifications, schemas.AddForeignKey{ForeignKey: schemas.ForeignKey{
+				Name:            fk.Name,
+				SourceFieldName: fk.SourceFieldName,
+				TargetTableName: fmt.Sprintf("tmp_recreate__%s", fk.TargetTableName),
+				TargetFieldName: fk.TargetFieldName,
+			}})
+		}
+		if len(modifications) != 0 {
+			if err := sess.Table(tableName).AlterTable(bean, modifications...); err != nil {
+				return fmt.Errorf("alter table failed: while rewriting foreign keys to original names, error occurred: %w", err)
+			}
 		}
 
-		if err := sess.Table(tableName).CreateUniques(bean); err != nil {
-			log.Error("Unable to recreate uniques on table %s. Error: %v", tableName, err)
-			return err
-		}
 	case setting.Database.Type.IsPostgreSQL():
 		var originalSequences []string
 		type sequenceData struct {
@@ -193,7 +363,7 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 
 		schema := sess.Engine().Dialect().URI().Schema
 		sess.Engine().SetSchema("")
-		if err := sess.Table("information_schema.sequences").Cols("sequence_name").Where("sequence_name LIKE ? || '_%' AND sequence_catalog = ?", tableName, setting.Database.Name).Find(&originalSequences); err != nil {
+		if err := sess.Table("information_schema.sequences").Cols("sequence_name").Where("sequence_name LIKE ? || '_id_seq' AND sequence_catalog = ?", tableName, setting.Database.Name).Find(&originalSequences); err != nil {
 			log.Error("Unable to rename %s to %s. Error: %v", tempTableName, tableName, err)
 			return err
 		}
@@ -238,7 +408,7 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 
 		var sequences []string
 		sess.Engine().SetSchema("")
-		if err := sess.Table("information_schema.sequences").Cols("sequence_name").Where("sequence_name LIKE 'tmp_recreate__' || ? || '_%' AND sequence_catalog = ?", tableName, setting.Database.Name).Find(&sequences); err != nil {
+		if err := sess.Table("information_schema.sequences").Cols("sequence_name").Where("sequence_name LIKE 'tmp_recreate__' || ? || '_id_seq' AND sequence_catalog = ?", tableName, setting.Database.Name).Find(&sequences); err != nil {
 			log.Error("Unable to rename %s to %s. Error: %v", tempTableName, tableName, err)
 			return err
 		}
@@ -275,6 +445,7 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 	default:
 		log.Fatal("Unrecognized DB")
 	}
+
 	return nil
 }
 
diff --git a/models/migrations/base/db_test.go b/models/gitea_migrations/base/db_test.go
similarity index 97%
rename from models/migrations/base/db_test.go
rename to models/gitea_migrations/base/db_test.go
index 4a610e065d..4633c7de10 100644
--- a/models/migrations/base/db_test.go
+++ b/models/gitea_migrations/base/db_test.go
@@ -6,7 +6,7 @@ package base
 import (
 	"testing"
 
-	migrations_tests "forgejo.org/models/migrations/test"
+	migrations_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/modules/timeutil"
 
 	"xorm.io/xorm/names"
diff --git a/models/migrations/base/hash.go b/models/gitea_migrations/base/hash.go
similarity index 100%
rename from models/migrations/base/hash.go
rename to models/gitea_migrations/base/hash.go
diff --git a/models/migrations/base/main_test.go b/models/gitea_migrations/base/main_test.go
similarity index 75%
rename from models/migrations/base/main_test.go
rename to models/gitea_migrations/base/main_test.go
index 2b3889441a..73bc7a3521 100644
--- a/models/migrations/base/main_test.go
+++ b/models/gitea_migrations/base/main_test.go
@@ -6,7 +6,7 @@ package base
 import (
 	"testing"
 
-	migrations_tests "forgejo.org/models/migrations/test"
+	migrations_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/fixtures/Test_AddCombinedIndexToIssueUser/issue_user.yml b/models/gitea_migrations/fixtures/Test_AddCombinedIndexToIssueUser/issue_user.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddCombinedIndexToIssueUser/issue_user.yml
rename to models/gitea_migrations/fixtures/Test_AddCombinedIndexToIssueUser/issue_user.yml
diff --git a/models/migrations/fixtures/Test_AddConfidentialClientColumnToOAuth2ApplicationTable/oauth2_application.yml b/models/gitea_migrations/fixtures/Test_AddConfidentialClientColumnToOAuth2ApplicationTable/oauth2_application.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddConfidentialClientColumnToOAuth2ApplicationTable/oauth2_application.yml
rename to models/gitea_migrations/fixtures/Test_AddConfidentialClientColumnToOAuth2ApplicationTable/oauth2_application.yml
diff --git a/models/migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/expected_webhook.yml b/models/gitea_migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/expected_webhook.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/expected_webhook.yml
rename to models/gitea_migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/expected_webhook.yml
diff --git a/models/migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/hook_task.yml b/models/gitea_migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/hook_task.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/hook_task.yml
rename to models/gitea_migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/hook_task.yml
diff --git a/models/migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/webhook.yml b/models/gitea_migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/webhook.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/webhook.yml
rename to models/gitea_migrations/fixtures/Test_AddHeaderAuthorizationEncryptedColWebhook/webhook.yml
diff --git a/models/migrations/fixtures/Test_AddIssueResourceIndexTable/issue.yml b/models/gitea_migrations/fixtures/Test_AddIssueResourceIndexTable/issue.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddIssueResourceIndexTable/issue.yml
rename to models/gitea_migrations/fixtures/Test_AddIssueResourceIndexTable/issue.yml
diff --git a/models/migrations/fixtures/Test_AddPayloadVersionToHookTaskTable/hook_task.yml b/models/gitea_migrations/fixtures/Test_AddPayloadVersionToHookTaskTable/hook_task.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddPayloadVersionToHookTaskTable/hook_task.yml
rename to models/gitea_migrations/fixtures/Test_AddPayloadVersionToHookTaskTable/hook_task.yml
diff --git a/models/migrations/fixtures/Test_AddPayloadVersionToHookTaskTable/hook_task_migrated.yml b/models/gitea_migrations/fixtures/Test_AddPayloadVersionToHookTaskTable/hook_task_migrated.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddPayloadVersionToHookTaskTable/hook_task_migrated.yml
rename to models/gitea_migrations/fixtures/Test_AddPayloadVersionToHookTaskTable/hook_task_migrated.yml
diff --git a/models/migrations/fixtures/Test_AddRepoIDForAttachment/attachment.yml b/models/gitea_migrations/fixtures/Test_AddRepoIDForAttachment/attachment.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddRepoIDForAttachment/attachment.yml
rename to models/gitea_migrations/fixtures/Test_AddRepoIDForAttachment/attachment.yml
diff --git a/models/migrations/fixtures/Test_AddRepoIDForAttachment/issue.yml b/models/gitea_migrations/fixtures/Test_AddRepoIDForAttachment/issue.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddRepoIDForAttachment/issue.yml
rename to models/gitea_migrations/fixtures/Test_AddRepoIDForAttachment/issue.yml
diff --git a/models/migrations/fixtures/Test_AddRepoIDForAttachment/release.yml b/models/gitea_migrations/fixtures/Test_AddRepoIDForAttachment/release.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddRepoIDForAttachment/release.yml
rename to models/gitea_migrations/fixtures/Test_AddRepoIDForAttachment/release.yml
diff --git a/models/migrations/fixtures/Test_AddUniqueIndexForProjectIssue/project_issue.yml b/models/gitea_migrations/fixtures/Test_AddUniqueIndexForProjectIssue/project_issue.yml
similarity index 100%
rename from models/migrations/fixtures/Test_AddUniqueIndexForProjectIssue/project_issue.yml
rename to models/gitea_migrations/fixtures/Test_AddUniqueIndexForProjectIssue/project_issue.yml
diff --git a/models/migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package.yml b/models/gitea_migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package.yml
similarity index 100%
rename from models/migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package.yml
rename to models/gitea_migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package.yml
diff --git a/models/migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_blob.yml b/models/gitea_migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_blob.yml
similarity index 100%
rename from models/migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_blob.yml
rename to models/gitea_migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_blob.yml
diff --git a/models/migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_file.yml b/models/gitea_migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_file.yml
similarity index 100%
rename from models/migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_file.yml
rename to models/gitea_migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_file.yml
diff --git a/models/migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_version.yml b/models/gitea_migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_version.yml
similarity index 100%
rename from models/migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_version.yml
rename to models/gitea_migrations/fixtures/Test_ChangeMavenArtifactConcatenation/package_version.yml
diff --git a/models/migrations/fixtures/Test_CheckProjectColumnsConsistency/project.yml b/models/gitea_migrations/fixtures/Test_CheckProjectColumnsConsistency/project.yml
similarity index 100%
rename from models/migrations/fixtures/Test_CheckProjectColumnsConsistency/project.yml
rename to models/gitea_migrations/fixtures/Test_CheckProjectColumnsConsistency/project.yml
diff --git a/models/migrations/fixtures/Test_CheckProjectColumnsConsistency/project_board.yml b/models/gitea_migrations/fixtures/Test_CheckProjectColumnsConsistency/project_board.yml
similarity index 100%
rename from models/migrations/fixtures/Test_CheckProjectColumnsConsistency/project_board.yml
rename to models/gitea_migrations/fixtures/Test_CheckProjectColumnsConsistency/project_board.yml
diff --git a/models/migrations/fixtures/Test_DeleteOrphanedIssueLabels/issue_label.yml b/models/gitea_migrations/fixtures/Test_DeleteOrphanedIssueLabels/issue_label.yml
similarity index 100%
rename from models/migrations/fixtures/Test_DeleteOrphanedIssueLabels/issue_label.yml
rename to models/gitea_migrations/fixtures/Test_DeleteOrphanedIssueLabels/issue_label.yml
diff --git a/models/migrations/fixtures/Test_DeleteOrphanedIssueLabels/label.yml b/models/gitea_migrations/fixtures/Test_DeleteOrphanedIssueLabels/label.yml
similarity index 100%
rename from models/migrations/fixtures/Test_DeleteOrphanedIssueLabels/label.yml
rename to models/gitea_migrations/fixtures/Test_DeleteOrphanedIssueLabels/label.yml
diff --git a/models/migrations/fixtures/Test_MigrateActionSecretToKeying/secret.yml b/models/gitea_migrations/fixtures/Test_MigrateActionSecretToKeying/secret.yml
similarity index 100%
rename from models/migrations/fixtures/Test_MigrateActionSecretToKeying/secret.yml
rename to models/gitea_migrations/fixtures/Test_MigrateActionSecretToKeying/secret.yml
diff --git a/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federated_user.yaml b/models/gitea_migrations/fixtures/Test_MigrateNormalizedFederatedURI/federated_user.yaml
similarity index 100%
rename from models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federated_user.yaml
rename to models/gitea_migrations/fixtures/Test_MigrateNormalizedFederatedURI/federated_user.yaml
diff --git a/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federation_host.yaml b/models/gitea_migrations/fixtures/Test_MigrateNormalizedFederatedURI/federation_host.yaml
similarity index 100%
rename from models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federation_host.yaml
rename to models/gitea_migrations/fixtures/Test_MigrateNormalizedFederatedURI/federation_host.yaml
diff --git a/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/user.yaml b/models/gitea_migrations/fixtures/Test_MigrateNormalizedFederatedURI/user.yaml
similarity index 100%
rename from models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/user.yaml
rename to models/gitea_migrations/fixtures/Test_MigrateNormalizedFederatedURI/user.yaml
diff --git a/models/migrations/fixtures/Test_MigrateTwoFactorToKeying/two_factor.yml b/models/gitea_migrations/fixtures/Test_MigrateTwoFactorToKeying/two_factor.yml
similarity index 100%
rename from models/migrations/fixtures/Test_MigrateTwoFactorToKeying/two_factor.yml
rename to models/gitea_migrations/fixtures/Test_MigrateTwoFactorToKeying/two_factor.yml
diff --git a/models/migrations/fixtures/Test_RemigrateU2FCredentials/expected_webauthn_credential.yml b/models/gitea_migrations/fixtures/Test_RemigrateU2FCredentials/expected_webauthn_credential.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RemigrateU2FCredentials/expected_webauthn_credential.yml
rename to models/gitea_migrations/fixtures/Test_RemigrateU2FCredentials/expected_webauthn_credential.yml
diff --git a/models/migrations/fixtures/Test_RemigrateU2FCredentials/u2f_registration.yml b/models/gitea_migrations/fixtures/Test_RemigrateU2FCredentials/u2f_registration.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RemigrateU2FCredentials/u2f_registration.yml
rename to models/gitea_migrations/fixtures/Test_RemigrateU2FCredentials/u2f_registration.yml
diff --git a/models/migrations/fixtures/Test_RemigrateU2FCredentials/webauthn_credential.yml b/models/gitea_migrations/fixtures/Test_RemigrateU2FCredentials/webauthn_credential.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RemigrateU2FCredentials/webauthn_credential.yml
rename to models/gitea_migrations/fixtures/Test_RemigrateU2FCredentials/webauthn_credential.yml
diff --git a/models/migrations/fixtures/Test_RemoveInvalidLabels/comment.yml b/models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/comment.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RemoveInvalidLabels/comment.yml
rename to models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/comment.yml
diff --git a/models/migrations/fixtures/Test_RemoveInvalidLabels/issue.yml b/models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/issue.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RemoveInvalidLabels/issue.yml
rename to models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/issue.yml
diff --git a/models/migrations/fixtures/Test_RemoveInvalidLabels/issue_label.yml b/models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/issue_label.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RemoveInvalidLabels/issue_label.yml
rename to models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/issue_label.yml
diff --git a/models/migrations/fixtures/Test_RemoveInvalidLabels/label.yml b/models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/label.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RemoveInvalidLabels/label.yml
rename to models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/label.yml
diff --git a/models/migrations/fixtures/Test_RemoveInvalidLabels/repository.yml b/models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/repository.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RemoveInvalidLabels/repository.yml
rename to models/gitea_migrations/fixtures/Test_RemoveInvalidLabels/repository.yml
diff --git a/models/migrations/fixtures/Test_RemoveSSHSignaturesFromReleaseNotes/release.yml b/models/gitea_migrations/fixtures/Test_RemoveSSHSignaturesFromReleaseNotes/release.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RemoveSSHSignaturesFromReleaseNotes/release.yml
rename to models/gitea_migrations/fixtures/Test_RemoveSSHSignaturesFromReleaseNotes/release.yml
diff --git a/models/migrations/fixtures/Test_RepositoryFormat/comment.yml b/models/gitea_migrations/fixtures/Test_RepositoryFormat/comment.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RepositoryFormat/comment.yml
rename to models/gitea_migrations/fixtures/Test_RepositoryFormat/comment.yml
diff --git a/models/migrations/fixtures/Test_RepositoryFormat/commit_status.yml b/models/gitea_migrations/fixtures/Test_RepositoryFormat/commit_status.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RepositoryFormat/commit_status.yml
rename to models/gitea_migrations/fixtures/Test_RepositoryFormat/commit_status.yml
diff --git a/models/migrations/fixtures/Test_RepositoryFormat/pull_request.yml b/models/gitea_migrations/fixtures/Test_RepositoryFormat/pull_request.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RepositoryFormat/pull_request.yml
rename to models/gitea_migrations/fixtures/Test_RepositoryFormat/pull_request.yml
diff --git a/models/migrations/fixtures/Test_RepositoryFormat/release.yml b/models/gitea_migrations/fixtures/Test_RepositoryFormat/release.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RepositoryFormat/release.yml
rename to models/gitea_migrations/fixtures/Test_RepositoryFormat/release.yml
diff --git a/models/migrations/fixtures/Test_RepositoryFormat/repo_archiver.yml b/models/gitea_migrations/fixtures/Test_RepositoryFormat/repo_archiver.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RepositoryFormat/repo_archiver.yml
rename to models/gitea_migrations/fixtures/Test_RepositoryFormat/repo_archiver.yml
diff --git a/models/migrations/fixtures/Test_RepositoryFormat/repo_indexer_status.yml b/models/gitea_migrations/fixtures/Test_RepositoryFormat/repo_indexer_status.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RepositoryFormat/repo_indexer_status.yml
rename to models/gitea_migrations/fixtures/Test_RepositoryFormat/repo_indexer_status.yml
diff --git a/models/migrations/fixtures/Test_RepositoryFormat/repository.yml b/models/gitea_migrations/fixtures/Test_RepositoryFormat/repository.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RepositoryFormat/repository.yml
rename to models/gitea_migrations/fixtures/Test_RepositoryFormat/repository.yml
diff --git a/models/migrations/fixtures/Test_RepositoryFormat/review_state.yml b/models/gitea_migrations/fixtures/Test_RepositoryFormat/review_state.yml
similarity index 100%
rename from models/migrations/fixtures/Test_RepositoryFormat/review_state.yml
rename to models/gitea_migrations/fixtures/Test_RepositoryFormat/review_state.yml
diff --git a/models/migrations/fixtures/Test_SetTopicsAsEmptySlice/repository.yml b/models/gitea_migrations/fixtures/Test_SetTopicsAsEmptySlice/repository.yml
similarity index 100%
rename from models/migrations/fixtures/Test_SetTopicsAsEmptySlice/repository.yml
rename to models/gitea_migrations/fixtures/Test_SetTopicsAsEmptySlice/repository.yml
diff --git a/models/migrations/fixtures/Test_StoreWebauthnCredentialIDAsBytes/expected_webauthn_credential.yml b/models/gitea_migrations/fixtures/Test_StoreWebauthnCredentialIDAsBytes/expected_webauthn_credential.yml
similarity index 100%
rename from models/migrations/fixtures/Test_StoreWebauthnCredentialIDAsBytes/expected_webauthn_credential.yml
rename to models/gitea_migrations/fixtures/Test_StoreWebauthnCredentialIDAsBytes/expected_webauthn_credential.yml
diff --git a/models/migrations/fixtures/Test_StoreWebauthnCredentialIDAsBytes/webauthn_credential.yml b/models/gitea_migrations/fixtures/Test_StoreWebauthnCredentialIDAsBytes/webauthn_credential.yml
similarity index 100%
rename from models/migrations/fixtures/Test_StoreWebauthnCredentialIDAsBytes/webauthn_credential.yml
rename to models/gitea_migrations/fixtures/Test_StoreWebauthnCredentialIDAsBytes/webauthn_credential.yml
diff --git a/models/migrations/fixtures/Test_UnwrapLDAPSourceCfg/login_source.yml b/models/gitea_migrations/fixtures/Test_UnwrapLDAPSourceCfg/login_source.yml
similarity index 100%
rename from models/migrations/fixtures/Test_UnwrapLDAPSourceCfg/login_source.yml
rename to models/gitea_migrations/fixtures/Test_UnwrapLDAPSourceCfg/login_source.yml
diff --git a/models/migrations/fixtures/Test_UpdateBadgeColName/badge.yml b/models/gitea_migrations/fixtures/Test_UpdateBadgeColName/badge.yml
similarity index 100%
rename from models/migrations/fixtures/Test_UpdateBadgeColName/badge.yml
rename to models/gitea_migrations/fixtures/Test_UpdateBadgeColName/badge.yml
diff --git a/models/migrations/fixtures/Test_UpdateOpenMilestoneCounts/expected_milestone.yml b/models/gitea_migrations/fixtures/Test_UpdateOpenMilestoneCounts/expected_milestone.yml
similarity index 100%
rename from models/migrations/fixtures/Test_UpdateOpenMilestoneCounts/expected_milestone.yml
rename to models/gitea_migrations/fixtures/Test_UpdateOpenMilestoneCounts/expected_milestone.yml
diff --git a/models/migrations/fixtures/Test_UpdateOpenMilestoneCounts/issue.yml b/models/gitea_migrations/fixtures/Test_UpdateOpenMilestoneCounts/issue.yml
similarity index 100%
rename from models/migrations/fixtures/Test_UpdateOpenMilestoneCounts/issue.yml
rename to models/gitea_migrations/fixtures/Test_UpdateOpenMilestoneCounts/issue.yml
diff --git a/models/migrations/fixtures/Test_UpdateOpenMilestoneCounts/milestone.yml b/models/gitea_migrations/fixtures/Test_UpdateOpenMilestoneCounts/milestone.yml
similarity index 100%
rename from models/migrations/fixtures/Test_UpdateOpenMilestoneCounts/milestone.yml
rename to models/gitea_migrations/fixtures/Test_UpdateOpenMilestoneCounts/milestone.yml
diff --git a/models/migrations/migrations.go b/models/gitea_migrations/migrations.go
similarity index 96%
rename from models/migrations/migrations.go
rename to models/gitea_migrations/migrations.go
index 2a5b97f519..7dae8bfcb4 100644
--- a/models/migrations/migrations.go
+++ b/models/gitea_migrations/migrations.go
@@ -2,7 +2,7 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package migrations
+package gitea_migrations
 
 import (
 	"context"
@@ -10,25 +10,25 @@ import (
 	"fmt"
 
 	"forgejo.org/models/db"
-	"forgejo.org/models/forgejo_migrations"
-	"forgejo.org/models/migrations/v1_10"
-	"forgejo.org/models/migrations/v1_11"
-	"forgejo.org/models/migrations/v1_12"
-	"forgejo.org/models/migrations/v1_13"
-	"forgejo.org/models/migrations/v1_14"
-	"forgejo.org/models/migrations/v1_15"
-	"forgejo.org/models/migrations/v1_16"
-	"forgejo.org/models/migrations/v1_17"
-	"forgejo.org/models/migrations/v1_18"
-	"forgejo.org/models/migrations/v1_19"
-	"forgejo.org/models/migrations/v1_20"
-	"forgejo.org/models/migrations/v1_21"
-	"forgejo.org/models/migrations/v1_22"
-	"forgejo.org/models/migrations/v1_23"
-	"forgejo.org/models/migrations/v1_6"
-	"forgejo.org/models/migrations/v1_7"
-	"forgejo.org/models/migrations/v1_8"
-	"forgejo.org/models/migrations/v1_9"
+	"forgejo.org/models/forgejo_migrations_legacy"
+	"forgejo.org/models/gitea_migrations/v1_10"
+	"forgejo.org/models/gitea_migrations/v1_11"
+	"forgejo.org/models/gitea_migrations/v1_12"
+	"forgejo.org/models/gitea_migrations/v1_13"
+	"forgejo.org/models/gitea_migrations/v1_14"
+	"forgejo.org/models/gitea_migrations/v1_15"
+	"forgejo.org/models/gitea_migrations/v1_16"
+	"forgejo.org/models/gitea_migrations/v1_17"
+	"forgejo.org/models/gitea_migrations/v1_18"
+	"forgejo.org/models/gitea_migrations/v1_19"
+	"forgejo.org/models/gitea_migrations/v1_20"
+	"forgejo.org/models/gitea_migrations/v1_21"
+	"forgejo.org/models/gitea_migrations/v1_22"
+	"forgejo.org/models/gitea_migrations/v1_23"
+	"forgejo.org/models/gitea_migrations/v1_6"
+	"forgejo.org/models/gitea_migrations/v1_7"
+	"forgejo.org/models/gitea_migrations/v1_8"
+	"forgejo.org/models/gitea_migrations/v1_9"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
@@ -367,7 +367,7 @@ func prepareMigrationTasks() []*migration {
 
 		// Migration to Forgejo v10
 		newMigration(303, "Gitea last drop", v1_23.GiteaLastDrop),
-		newMigration(304, "Migrate `secret` column to store keying material", forgejo_migrations.MigrateTwoFactorToKeying),
+		newMigration(304, "Migrate `secret` column to store keying material", forgejo_migrations_legacy.MigrateTwoFactorToKeying),
 	}
 	return preparedMigrations
 }
@@ -426,7 +426,7 @@ func EnsureUpToDate(x *xorm.Engine) error {
 		return fmt.Errorf(`current database version %d is not equal to the expected version %d. Please run "forgejo [--config /path/to/app.ini] migrate" to update the database version`, currentDB, expectedDB)
 	}
 
-	return forgejo_migrations.EnsureUpToDate(x)
+	return forgejo_migrations_legacy.EnsureUpToDate(x)
 }
 
 func getPendingMigrations(curDBVer int64, migrations []*migration) []*migration {
@@ -510,7 +510,7 @@ Please try upgrading to a lower version first (suggested v1.6.4), then upgrade t
 	}
 
 	// Execute Forgejo specific migrations.
-	return forgejo_migrations.Migrate(x)
+	return forgejo_migrations_legacy.Migrate(x)
 }
 
 // WrapperMigrate is a wrapper for Migrate to be called in diagnostics
diff --git a/models/migrations/migrations_test.go b/models/gitea_migrations/migrations_test.go
similarity index 96%
rename from models/migrations/migrations_test.go
rename to models/gitea_migrations/migrations_test.go
index 468c918c93..a2491dd65a 100644
--- a/models/migrations/migrations_test.go
+++ b/models/gitea_migrations/migrations_test.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package migrations
+package gitea_migrations
 
 import (
 	"testing"
diff --git a/models/migrations/test/tests.go b/models/gitea_migrations/test/tests.go
similarity index 97%
rename from models/migrations/test/tests.go
rename to models/gitea_migrations/test/tests.go
index 6be3b3c2fc..6a4865194d 100644
--- a/models/migrations/test/tests.go
+++ b/models/gitea_migrations/test/tests.go
@@ -31,7 +31,7 @@ import (
 // PrepareTestEnv prepares the test environment and reset the database. The skip parameter should usually be 0.
 // Provide models to be sync'd with the database - in particular any models you expect fixtures to be loaded from.
 //
-// fixtures in `models/migrations/fixtures/<TestName>` will be loaded automatically
+// fixtures in `models/gitea_migrations/fixtures/<TestName>` will be loaded automatically
 func PrepareTestEnv(t *testing.T, skip int, syncModels ...any) (*xorm.Engine, func()) {
 	t.Helper()
 	ourSkip := 2
@@ -89,14 +89,14 @@ func PrepareTestEnv(t *testing.T, skip int, syncModels ...any) (*xorm.Engine, fu
 		}
 	}
 
-	fixturesDir := filepath.Join(filepath.Dir(setting.AppPath), "models", "migrations", "fixtures", t.Name())
+	fixturesDir := filepath.Join(filepath.Dir(setting.AppPath), "models", "gitea_migrations", "fixtures", t.Name())
 
 	if _, err := os.Stat(fixturesDir); err == nil {
 		t.Logf("initializing fixtures from: %s", fixturesDir)
 		if err := unittest.InitFixtures(
 			unittest.FixturesOptions{
-				Dir:                     fixturesDir,
-				SkipCleanRegistedModels: true,
+				Dir:              fixturesDir,
+				OnlyAffectModels: syncModels,
 			}, x); err != nil {
 			t.Errorf("error whilst initializing fixtures from %s: %v", fixturesDir, err)
 			return x, deferFn
diff --git a/models/migrations/v1_10/v100.go b/models/gitea_migrations/v1_10/v100.go
similarity index 100%
rename from models/migrations/v1_10/v100.go
rename to models/gitea_migrations/v1_10/v100.go
diff --git a/models/migrations/v1_10/v101.go b/models/gitea_migrations/v1_10/v101.go
similarity index 100%
rename from models/migrations/v1_10/v101.go
rename to models/gitea_migrations/v1_10/v101.go
diff --git a/models/migrations/v1_10/v88.go b/models/gitea_migrations/v1_10/v88.go
similarity index 100%
rename from models/migrations/v1_10/v88.go
rename to models/gitea_migrations/v1_10/v88.go
diff --git a/models/migrations/v1_10/v89.go b/models/gitea_migrations/v1_10/v89.go
similarity index 100%
rename from models/migrations/v1_10/v89.go
rename to models/gitea_migrations/v1_10/v89.go
diff --git a/models/migrations/v1_10/v90.go b/models/gitea_migrations/v1_10/v90.go
similarity index 100%
rename from models/migrations/v1_10/v90.go
rename to models/gitea_migrations/v1_10/v90.go
diff --git a/models/migrations/v1_10/v91.go b/models/gitea_migrations/v1_10/v91.go
similarity index 100%
rename from models/migrations/v1_10/v91.go
rename to models/gitea_migrations/v1_10/v91.go
diff --git a/models/migrations/v1_10/v92.go b/models/gitea_migrations/v1_10/v92.go
similarity index 100%
rename from models/migrations/v1_10/v92.go
rename to models/gitea_migrations/v1_10/v92.go
diff --git a/models/migrations/v1_10/v93.go b/models/gitea_migrations/v1_10/v93.go
similarity index 100%
rename from models/migrations/v1_10/v93.go
rename to models/gitea_migrations/v1_10/v93.go
diff --git a/models/migrations/v1_10/v94.go b/models/gitea_migrations/v1_10/v94.go
similarity index 100%
rename from models/migrations/v1_10/v94.go
rename to models/gitea_migrations/v1_10/v94.go
diff --git a/models/migrations/v1_10/v95.go b/models/gitea_migrations/v1_10/v95.go
similarity index 100%
rename from models/migrations/v1_10/v95.go
rename to models/gitea_migrations/v1_10/v95.go
diff --git a/models/migrations/v1_10/v96.go b/models/gitea_migrations/v1_10/v96.go
similarity index 100%
rename from models/migrations/v1_10/v96.go
rename to models/gitea_migrations/v1_10/v96.go
diff --git a/models/migrations/v1_10/v97.go b/models/gitea_migrations/v1_10/v97.go
similarity index 100%
rename from models/migrations/v1_10/v97.go
rename to models/gitea_migrations/v1_10/v97.go
diff --git a/models/migrations/v1_10/v98.go b/models/gitea_migrations/v1_10/v98.go
similarity index 100%
rename from models/migrations/v1_10/v98.go
rename to models/gitea_migrations/v1_10/v98.go
diff --git a/models/migrations/v1_10/v99.go b/models/gitea_migrations/v1_10/v99.go
similarity index 100%
rename from models/migrations/v1_10/v99.go
rename to models/gitea_migrations/v1_10/v99.go
diff --git a/models/migrations/v1_11/v102.go b/models/gitea_migrations/v1_11/v102.go
similarity index 90%
rename from models/migrations/v1_11/v102.go
rename to models/gitea_migrations/v1_11/v102.go
index 15f0c83c36..53288f18ec 100644
--- a/models/migrations/v1_11/v102.go
+++ b/models/gitea_migrations/v1_11/v102.go
@@ -4,7 +4,7 @@
 package v1_11
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
diff --git a/models/migrations/v1_11/v103.go b/models/gitea_migrations/v1_11/v103.go
similarity index 100%
rename from models/migrations/v1_11/v103.go
rename to models/gitea_migrations/v1_11/v103.go
diff --git a/models/migrations/v1_11/v104.go b/models/gitea_migrations/v1_11/v104.go
similarity index 93%
rename from models/migrations/v1_11/v104.go
rename to models/gitea_migrations/v1_11/v104.go
index 7461f0cda3..47cf320359 100644
--- a/models/migrations/v1_11/v104.go
+++ b/models/gitea_migrations/v1_11/v104.go
@@ -4,7 +4,7 @@
 package v1_11
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
diff --git a/models/migrations/v1_11/v105.go b/models/gitea_migrations/v1_11/v105.go
similarity index 100%
rename from models/migrations/v1_11/v105.go
rename to models/gitea_migrations/v1_11/v105.go
diff --git a/models/migrations/v1_11/v106.go b/models/gitea_migrations/v1_11/v106.go
similarity index 100%
rename from models/migrations/v1_11/v106.go
rename to models/gitea_migrations/v1_11/v106.go
diff --git a/models/migrations/v1_11/v107.go b/models/gitea_migrations/v1_11/v107.go
similarity index 100%
rename from models/migrations/v1_11/v107.go
rename to models/gitea_migrations/v1_11/v107.go
diff --git a/models/migrations/v1_11/v108.go b/models/gitea_migrations/v1_11/v108.go
similarity index 100%
rename from models/migrations/v1_11/v108.go
rename to models/gitea_migrations/v1_11/v108.go
diff --git a/models/migrations/v1_11/v109.go b/models/gitea_migrations/v1_11/v109.go
similarity index 100%
rename from models/migrations/v1_11/v109.go
rename to models/gitea_migrations/v1_11/v109.go
diff --git a/models/migrations/v1_11/v110.go b/models/gitea_migrations/v1_11/v110.go
similarity index 100%
rename from models/migrations/v1_11/v110.go
rename to models/gitea_migrations/v1_11/v110.go
diff --git a/models/migrations/v1_11/v111.go b/models/gitea_migrations/v1_11/v111.go
similarity index 100%
rename from models/migrations/v1_11/v111.go
rename to models/gitea_migrations/v1_11/v111.go
diff --git a/models/migrations/v1_11/v112.go b/models/gitea_migrations/v1_11/v112.go
similarity index 100%
rename from models/migrations/v1_11/v112.go
rename to models/gitea_migrations/v1_11/v112.go
diff --git a/models/migrations/v1_11/v113.go b/models/gitea_migrations/v1_11/v113.go
similarity index 100%
rename from models/migrations/v1_11/v113.go
rename to models/gitea_migrations/v1_11/v113.go
diff --git a/models/migrations/v1_11/v114.go b/models/gitea_migrations/v1_11/v114.go
similarity index 100%
rename from models/migrations/v1_11/v114.go
rename to models/gitea_migrations/v1_11/v114.go
diff --git a/models/migrations/v1_11/v115.go b/models/gitea_migrations/v1_11/v115.go
similarity index 100%
rename from models/migrations/v1_11/v115.go
rename to models/gitea_migrations/v1_11/v115.go
diff --git a/models/migrations/v1_11/v116.go b/models/gitea_migrations/v1_11/v116.go
similarity index 100%
rename from models/migrations/v1_11/v116.go
rename to models/gitea_migrations/v1_11/v116.go
diff --git a/models/migrations/v1_12/v117.go b/models/gitea_migrations/v1_12/v117.go
similarity index 100%
rename from models/migrations/v1_12/v117.go
rename to models/gitea_migrations/v1_12/v117.go
diff --git a/models/migrations/v1_12/v118.go b/models/gitea_migrations/v1_12/v118.go
similarity index 100%
rename from models/migrations/v1_12/v118.go
rename to models/gitea_migrations/v1_12/v118.go
diff --git a/models/migrations/v1_12/v119.go b/models/gitea_migrations/v1_12/v119.go
similarity index 100%
rename from models/migrations/v1_12/v119.go
rename to models/gitea_migrations/v1_12/v119.go
diff --git a/models/migrations/v1_12/v120.go b/models/gitea_migrations/v1_12/v120.go
similarity index 100%
rename from models/migrations/v1_12/v120.go
rename to models/gitea_migrations/v1_12/v120.go
diff --git a/models/migrations/v1_12/v121.go b/models/gitea_migrations/v1_12/v121.go
similarity index 100%
rename from models/migrations/v1_12/v121.go
rename to models/gitea_migrations/v1_12/v121.go
diff --git a/models/migrations/v1_12/v122.go b/models/gitea_migrations/v1_12/v122.go
similarity index 100%
rename from models/migrations/v1_12/v122.go
rename to models/gitea_migrations/v1_12/v122.go
diff --git a/models/migrations/v1_12/v123.go b/models/gitea_migrations/v1_12/v123.go
similarity index 100%
rename from models/migrations/v1_12/v123.go
rename to models/gitea_migrations/v1_12/v123.go
diff --git a/models/migrations/v1_12/v124.go b/models/gitea_migrations/v1_12/v124.go
similarity index 100%
rename from models/migrations/v1_12/v124.go
rename to models/gitea_migrations/v1_12/v124.go
diff --git a/models/migrations/v1_12/v125.go b/models/gitea_migrations/v1_12/v125.go
similarity index 100%
rename from models/migrations/v1_12/v125.go
rename to models/gitea_migrations/v1_12/v125.go
diff --git a/models/migrations/v1_12/v126.go b/models/gitea_migrations/v1_12/v126.go
similarity index 100%
rename from models/migrations/v1_12/v126.go
rename to models/gitea_migrations/v1_12/v126.go
diff --git a/models/migrations/v1_12/v127.go b/models/gitea_migrations/v1_12/v127.go
similarity index 100%
rename from models/migrations/v1_12/v127.go
rename to models/gitea_migrations/v1_12/v127.go
diff --git a/models/migrations/v1_12/v128.go b/models/gitea_migrations/v1_12/v128.go
similarity index 100%
rename from models/migrations/v1_12/v128.go
rename to models/gitea_migrations/v1_12/v128.go
diff --git a/models/migrations/v1_12/v129.go b/models/gitea_migrations/v1_12/v129.go
similarity index 100%
rename from models/migrations/v1_12/v129.go
rename to models/gitea_migrations/v1_12/v129.go
diff --git a/models/migrations/v1_12/v130.go b/models/gitea_migrations/v1_12/v130.go
similarity index 100%
rename from models/migrations/v1_12/v130.go
rename to models/gitea_migrations/v1_12/v130.go
diff --git a/models/migrations/v1_12/v131.go b/models/gitea_migrations/v1_12/v131.go
similarity index 100%
rename from models/migrations/v1_12/v131.go
rename to models/gitea_migrations/v1_12/v131.go
diff --git a/models/migrations/v1_12/v132.go b/models/gitea_migrations/v1_12/v132.go
similarity index 100%
rename from models/migrations/v1_12/v132.go
rename to models/gitea_migrations/v1_12/v132.go
diff --git a/models/migrations/v1_12/v133.go b/models/gitea_migrations/v1_12/v133.go
similarity index 100%
rename from models/migrations/v1_12/v133.go
rename to models/gitea_migrations/v1_12/v133.go
diff --git a/models/migrations/v1_12/v134.go b/models/gitea_migrations/v1_12/v134.go
similarity index 100%
rename from models/migrations/v1_12/v134.go
rename to models/gitea_migrations/v1_12/v134.go
diff --git a/models/migrations/v1_12/v135.go b/models/gitea_migrations/v1_12/v135.go
similarity index 100%
rename from models/migrations/v1_12/v135.go
rename to models/gitea_migrations/v1_12/v135.go
diff --git a/models/migrations/v1_12/v136.go b/models/gitea_migrations/v1_12/v136.go
similarity index 100%
rename from models/migrations/v1_12/v136.go
rename to models/gitea_migrations/v1_12/v136.go
diff --git a/models/migrations/v1_12/v137.go b/models/gitea_migrations/v1_12/v137.go
similarity index 100%
rename from models/migrations/v1_12/v137.go
rename to models/gitea_migrations/v1_12/v137.go
diff --git a/models/migrations/v1_12/v138.go b/models/gitea_migrations/v1_12/v138.go
similarity index 100%
rename from models/migrations/v1_12/v138.go
rename to models/gitea_migrations/v1_12/v138.go
diff --git a/models/migrations/v1_12/v139.go b/models/gitea_migrations/v1_12/v139.go
similarity index 100%
rename from models/migrations/v1_12/v139.go
rename to models/gitea_migrations/v1_12/v139.go
diff --git a/models/migrations/v1_13/v140.go b/models/gitea_migrations/v1_13/v140.go
similarity index 96%
rename from models/migrations/v1_13/v140.go
rename to models/gitea_migrations/v1_13/v140.go
index 5bb612c098..c9213a3f54 100644
--- a/models/migrations/v1_13/v140.go
+++ b/models/gitea_migrations/v1_13/v140.go
@@ -6,7 +6,7 @@ package v1_13
 import (
 	"fmt"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/setting"
 
 	"xorm.io/xorm"
diff --git a/models/migrations/v1_13/v141.go b/models/gitea_migrations/v1_13/v141.go
similarity index 100%
rename from models/migrations/v1_13/v141.go
rename to models/gitea_migrations/v1_13/v141.go
diff --git a/models/migrations/v1_13/v142.go b/models/gitea_migrations/v1_13/v142.go
similarity index 100%
rename from models/migrations/v1_13/v142.go
rename to models/gitea_migrations/v1_13/v142.go
diff --git a/models/migrations/v1_13/v143.go b/models/gitea_migrations/v1_13/v143.go
similarity index 100%
rename from models/migrations/v1_13/v143.go
rename to models/gitea_migrations/v1_13/v143.go
diff --git a/models/migrations/v1_13/v144.go b/models/gitea_migrations/v1_13/v144.go
similarity index 100%
rename from models/migrations/v1_13/v144.go
rename to models/gitea_migrations/v1_13/v144.go
diff --git a/models/migrations/v1_13/v145.go b/models/gitea_migrations/v1_13/v145.go
similarity index 100%
rename from models/migrations/v1_13/v145.go
rename to models/gitea_migrations/v1_13/v145.go
diff --git a/models/migrations/v1_13/v146.go b/models/gitea_migrations/v1_13/v146.go
similarity index 100%
rename from models/migrations/v1_13/v146.go
rename to models/gitea_migrations/v1_13/v146.go
diff --git a/models/migrations/v1_13/v147.go b/models/gitea_migrations/v1_13/v147.go
similarity index 100%
rename from models/migrations/v1_13/v147.go
rename to models/gitea_migrations/v1_13/v147.go
diff --git a/models/migrations/v1_13/v148.go b/models/gitea_migrations/v1_13/v148.go
similarity index 100%
rename from models/migrations/v1_13/v148.go
rename to models/gitea_migrations/v1_13/v148.go
diff --git a/models/migrations/v1_13/v149.go b/models/gitea_migrations/v1_13/v149.go
similarity index 100%
rename from models/migrations/v1_13/v149.go
rename to models/gitea_migrations/v1_13/v149.go
diff --git a/models/migrations/v1_13/v150.go b/models/gitea_migrations/v1_13/v150.go
similarity index 81%
rename from models/migrations/v1_13/v150.go
rename to models/gitea_migrations/v1_13/v150.go
index 471a531024..0f92712327 100644
--- a/models/migrations/v1_13/v150.go
+++ b/models/gitea_migrations/v1_13/v150.go
@@ -4,7 +4,7 @@
 package v1_13
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/timeutil"
 
 	"xorm.io/xorm"
@@ -32,8 +32,8 @@ func AddPrimaryKeyToRepoTopic(x *xorm.Engine) error {
 		return err
 	}
 
-	base.RecreateTable(sess, &Topic{})
-	base.RecreateTable(sess, &RepoTopic{})
+	base.LegacyRecreateTable(sess, &Topic{})     //nolint:staticcheck
+	base.LegacyRecreateTable(sess, &RepoTopic{}) //nolint:staticcheck
 
 	return sess.Commit()
 }
diff --git a/models/migrations/v1_13/v151.go b/models/gitea_migrations/v1_13/v151.go
similarity index 100%
rename from models/migrations/v1_13/v151.go
rename to models/gitea_migrations/v1_13/v151.go
diff --git a/models/migrations/v1_13/v152.go b/models/gitea_migrations/v1_13/v152.go
similarity index 100%
rename from models/migrations/v1_13/v152.go
rename to models/gitea_migrations/v1_13/v152.go
diff --git a/models/migrations/v1_13/v153.go b/models/gitea_migrations/v1_13/v153.go
similarity index 100%
rename from models/migrations/v1_13/v153.go
rename to models/gitea_migrations/v1_13/v153.go
diff --git a/models/migrations/v1_13/v154.go b/models/gitea_migrations/v1_13/v154.go
similarity index 100%
rename from models/migrations/v1_13/v154.go
rename to models/gitea_migrations/v1_13/v154.go
diff --git a/models/migrations/v1_14/main_test.go b/models/gitea_migrations/v1_14/main_test.go
similarity index 76%
rename from models/migrations/v1_14/main_test.go
rename to models/gitea_migrations/v1_14/main_test.go
index 57cf995be1..129e66f032 100644
--- a/models/migrations/v1_14/main_test.go
+++ b/models/gitea_migrations/v1_14/main_test.go
@@ -6,7 +6,7 @@ package v1_14
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_14/v155.go b/models/gitea_migrations/v1_14/v155.go
similarity index 100%
rename from models/migrations/v1_14/v155.go
rename to models/gitea_migrations/v1_14/v155.go
diff --git a/models/migrations/v1_14/v156.go b/models/gitea_migrations/v1_14/v156.go
similarity index 100%
rename from models/migrations/v1_14/v156.go
rename to models/gitea_migrations/v1_14/v156.go
diff --git a/models/migrations/v1_14/v157.go b/models/gitea_migrations/v1_14/v157.go
similarity index 100%
rename from models/migrations/v1_14/v157.go
rename to models/gitea_migrations/v1_14/v157.go
diff --git a/models/migrations/v1_14/v158.go b/models/gitea_migrations/v1_14/v158.go
similarity index 100%
rename from models/migrations/v1_14/v158.go
rename to models/gitea_migrations/v1_14/v158.go
diff --git a/models/migrations/v1_14/v159.go b/models/gitea_migrations/v1_14/v159.go
similarity index 88%
rename from models/migrations/v1_14/v159.go
rename to models/gitea_migrations/v1_14/v159.go
index 4e921ea1c6..d8193d25bc 100644
--- a/models/migrations/v1_14/v159.go
+++ b/models/gitea_migrations/v1_14/v159.go
@@ -4,7 +4,7 @@
 package v1_14
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/timeutil"
 
 	"xorm.io/xorm"
@@ -30,7 +30,7 @@ func UpdateReactionConstraint(x *xorm.Engine) error {
 		return err
 	}
 
-	if err := base.RecreateTable(sess, &Reaction{}); err != nil {
+	if err := base.LegacyRecreateTable(sess, &Reaction{}); err != nil { //nolint:staticcheck
 		return err
 	}
 
diff --git a/models/migrations/v1_14/v160.go b/models/gitea_migrations/v1_14/v160.go
similarity index 100%
rename from models/migrations/v1_14/v160.go
rename to models/gitea_migrations/v1_14/v160.go
diff --git a/models/migrations/v1_14/v161.go b/models/gitea_migrations/v1_14/v161.go
similarity index 96%
rename from models/migrations/v1_14/v161.go
rename to models/gitea_migrations/v1_14/v161.go
index 9c850ad0c2..b689a75a05 100644
--- a/models/migrations/v1_14/v161.go
+++ b/models/gitea_migrations/v1_14/v161.go
@@ -6,7 +6,7 @@ package v1_14
 import (
 	"context"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
diff --git a/models/migrations/v1_14/v162.go b/models/gitea_migrations/v1_14/v162.go
similarity index 96%
rename from models/migrations/v1_14/v162.go
rename to models/gitea_migrations/v1_14/v162.go
index ead63f16f4..69016f3f72 100644
--- a/models/migrations/v1_14/v162.go
+++ b/models/gitea_migrations/v1_14/v162.go
@@ -4,7 +4,7 @@
 package v1_14
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
diff --git a/models/migrations/v1_14/v163.go b/models/gitea_migrations/v1_14/v163.go
similarity index 82%
rename from models/migrations/v1_14/v163.go
rename to models/gitea_migrations/v1_14/v163.go
index 06ac36cbc7..4c838df865 100644
--- a/models/migrations/v1_14/v163.go
+++ b/models/gitea_migrations/v1_14/v163.go
@@ -4,7 +4,7 @@
 package v1_14
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
@@ -27,7 +27,7 @@ func ConvertTopicNameFrom25To50(x *xorm.Engine) error {
 	if err := sess.Begin(); err != nil {
 		return err
 	}
-	if err := base.RecreateTable(sess, new(Topic)); err != nil {
+	if err := base.LegacyRecreateTable(sess, new(Topic)); err != nil { //nolint:staticcheck
 		return err
 	}
 
diff --git a/models/migrations/v1_14/v164.go b/models/gitea_migrations/v1_14/v164.go
similarity index 100%
rename from models/migrations/v1_14/v164.go
rename to models/gitea_migrations/v1_14/v164.go
diff --git a/models/migrations/v1_14/v165.go b/models/gitea_migrations/v1_14/v165.go
similarity index 96%
rename from models/migrations/v1_14/v165.go
rename to models/gitea_migrations/v1_14/v165.go
index 90fd2b1e46..11b46e5742 100644
--- a/models/migrations/v1_14/v165.go
+++ b/models/gitea_migrations/v1_14/v165.go
@@ -4,7 +4,7 @@
 package v1_14
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 	"xorm.io/xorm/schemas"
diff --git a/models/migrations/v1_14/v166.go b/models/gitea_migrations/v1_14/v166.go
similarity index 100%
rename from models/migrations/v1_14/v166.go
rename to models/gitea_migrations/v1_14/v166.go
diff --git a/models/migrations/v1_14/v167.go b/models/gitea_migrations/v1_14/v167.go
similarity index 100%
rename from models/migrations/v1_14/v167.go
rename to models/gitea_migrations/v1_14/v167.go
diff --git a/models/migrations/v1_14/v168.go b/models/gitea_migrations/v1_14/v168.go
similarity index 100%
rename from models/migrations/v1_14/v168.go
rename to models/gitea_migrations/v1_14/v168.go
diff --git a/models/migrations/v1_14/v169.go b/models/gitea_migrations/v1_14/v169.go
similarity index 100%
rename from models/migrations/v1_14/v169.go
rename to models/gitea_migrations/v1_14/v169.go
diff --git a/models/migrations/v1_14/v170.go b/models/gitea_migrations/v1_14/v170.go
similarity index 100%
rename from models/migrations/v1_14/v170.go
rename to models/gitea_migrations/v1_14/v170.go
diff --git a/models/migrations/v1_14/v171.go b/models/gitea_migrations/v1_14/v171.go
similarity index 100%
rename from models/migrations/v1_14/v171.go
rename to models/gitea_migrations/v1_14/v171.go
diff --git a/models/migrations/v1_14/v172.go b/models/gitea_migrations/v1_14/v172.go
similarity index 100%
rename from models/migrations/v1_14/v172.go
rename to models/gitea_migrations/v1_14/v172.go
diff --git a/models/migrations/v1_14/v173.go b/models/gitea_migrations/v1_14/v173.go
similarity index 100%
rename from models/migrations/v1_14/v173.go
rename to models/gitea_migrations/v1_14/v173.go
diff --git a/models/migrations/v1_14/v174.go b/models/gitea_migrations/v1_14/v174.go
similarity index 100%
rename from models/migrations/v1_14/v174.go
rename to models/gitea_migrations/v1_14/v174.go
diff --git a/models/migrations/v1_14/v175.go b/models/gitea_migrations/v1_14/v175.go
similarity index 100%
rename from models/migrations/v1_14/v175.go
rename to models/gitea_migrations/v1_14/v175.go
diff --git a/models/migrations/v1_14/v176.go b/models/gitea_migrations/v1_14/v176.go
similarity index 100%
rename from models/migrations/v1_14/v176.go
rename to models/gitea_migrations/v1_14/v176.go
diff --git a/models/migrations/v1_14/v176_test.go b/models/gitea_migrations/v1_14/v176_test.go
similarity index 98%
rename from models/migrations/v1_14/v176_test.go
rename to models/gitea_migrations/v1_14/v176_test.go
index d56b3e0470..60b555b520 100644
--- a/models/migrations/v1_14/v176_test.go
+++ b/models/gitea_migrations/v1_14/v176_test.go
@@ -6,7 +6,7 @@ package v1_14
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 )
diff --git a/models/migrations/v1_14/v177.go b/models/gitea_migrations/v1_14/v177.go
similarity index 100%
rename from models/migrations/v1_14/v177.go
rename to models/gitea_migrations/v1_14/v177.go
diff --git a/models/migrations/v1_14/v177_test.go b/models/gitea_migrations/v1_14/v177_test.go
similarity index 97%
rename from models/migrations/v1_14/v177_test.go
rename to models/gitea_migrations/v1_14/v177_test.go
index 0e0a67fd33..ee69dbad53 100644
--- a/models/migrations/v1_14/v177_test.go
+++ b/models/gitea_migrations/v1_14/v177_test.go
@@ -6,7 +6,7 @@ package v1_14
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/modules/timeutil"
 
 	"github.com/stretchr/testify/assert"
diff --git a/models/migrations/v1_15/main_test.go b/models/gitea_migrations/v1_15/main_test.go
similarity index 76%
rename from models/migrations/v1_15/main_test.go
rename to models/gitea_migrations/v1_15/main_test.go
index 4cf6d6f695..4811142c43 100644
--- a/models/migrations/v1_15/main_test.go
+++ b/models/gitea_migrations/v1_15/main_test.go
@@ -6,7 +6,7 @@ package v1_15
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_15/v178.go b/models/gitea_migrations/v1_15/v178.go
similarity index 100%
rename from models/migrations/v1_15/v178.go
rename to models/gitea_migrations/v1_15/v178.go
diff --git a/models/migrations/v1_15/v179.go b/models/gitea_migrations/v1_15/v179.go
similarity index 93%
rename from models/migrations/v1_15/v179.go
rename to models/gitea_migrations/v1_15/v179.go
index ce514cc4a9..eb87702475 100644
--- a/models/migrations/v1_15/v179.go
+++ b/models/gitea_migrations/v1_15/v179.go
@@ -4,7 +4,7 @@
 package v1_15
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 	"xorm.io/xorm/schemas"
diff --git a/models/migrations/v1_15/v180.go b/models/gitea_migrations/v1_15/v180.go
similarity index 100%
rename from models/migrations/v1_15/v180.go
rename to models/gitea_migrations/v1_15/v180.go
diff --git a/models/migrations/v1_15/v181.go b/models/gitea_migrations/v1_15/v181.go
similarity index 100%
rename from models/migrations/v1_15/v181.go
rename to models/gitea_migrations/v1_15/v181.go
diff --git a/models/migrations/v1_15/v181_test.go b/models/gitea_migrations/v1_15/v181_test.go
similarity index 95%
rename from models/migrations/v1_15/v181_test.go
rename to models/gitea_migrations/v1_15/v181_test.go
index 8196f751e5..130bb35cc7 100644
--- a/models/migrations/v1_15/v181_test.go
+++ b/models/gitea_migrations/v1_15/v181_test.go
@@ -7,7 +7,7 @@ import (
 	"strings"
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_15/v182.go b/models/gitea_migrations/v1_15/v182.go
similarity index 100%
rename from models/migrations/v1_15/v182.go
rename to models/gitea_migrations/v1_15/v182.go
diff --git a/models/migrations/v1_15/v182_test.go b/models/gitea_migrations/v1_15/v182_test.go
similarity index 95%
rename from models/migrations/v1_15/v182_test.go
rename to models/gitea_migrations/v1_15/v182_test.go
index 2baf90d06a..f67fc6586a 100644
--- a/models/migrations/v1_15/v182_test.go
+++ b/models/gitea_migrations/v1_15/v182_test.go
@@ -6,7 +6,7 @@ package v1_15
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_15/v183.go b/models/gitea_migrations/v1_15/v183.go
similarity index 100%
rename from models/migrations/v1_15/v183.go
rename to models/gitea_migrations/v1_15/v183.go
diff --git a/models/migrations/v1_15/v184.go b/models/gitea_migrations/v1_15/v184.go
similarity index 97%
rename from models/migrations/v1_15/v184.go
rename to models/gitea_migrations/v1_15/v184.go
index fbe0dcd780..58cf99af43 100644
--- a/models/migrations/v1_15/v184.go
+++ b/models/gitea_migrations/v1_15/v184.go
@@ -7,7 +7,7 @@ import (
 	"context"
 	"fmt"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/setting"
 
 	"xorm.io/xorm"
diff --git a/models/migrations/v1_15/v185.go b/models/gitea_migrations/v1_15/v185.go
similarity index 100%
rename from models/migrations/v1_15/v185.go
rename to models/gitea_migrations/v1_15/v185.go
diff --git a/models/migrations/v1_15/v186.go b/models/gitea_migrations/v1_15/v186.go
similarity index 100%
rename from models/migrations/v1_15/v186.go
rename to models/gitea_migrations/v1_15/v186.go
diff --git a/models/migrations/v1_15/v187.go b/models/gitea_migrations/v1_15/v187.go
similarity index 96%
rename from models/migrations/v1_15/v187.go
rename to models/gitea_migrations/v1_15/v187.go
index fabef14779..76c29755f1 100644
--- a/models/migrations/v1_15/v187.go
+++ b/models/gitea_migrations/v1_15/v187.go
@@ -4,7 +4,7 @@
 package v1_15
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
diff --git a/models/migrations/v1_15/v188.go b/models/gitea_migrations/v1_15/v188.go
similarity index 100%
rename from models/migrations/v1_15/v188.go
rename to models/gitea_migrations/v1_15/v188.go
diff --git a/models/migrations/v1_16/main_test.go b/models/gitea_migrations/v1_16/main_test.go
similarity index 76%
rename from models/migrations/v1_16/main_test.go
rename to models/gitea_migrations/v1_16/main_test.go
index 8c0a043be6..5b7cdb0032 100644
--- a/models/migrations/v1_16/main_test.go
+++ b/models/gitea_migrations/v1_16/main_test.go
@@ -6,7 +6,7 @@ package v1_16
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_16/v189.go b/models/gitea_migrations/v1_16/v189.go
similarity index 98%
rename from models/migrations/v1_16/v189.go
rename to models/gitea_migrations/v1_16/v189.go
index 19bfcb2423..a2ba3a0c64 100644
--- a/models/migrations/v1_16/v189.go
+++ b/models/gitea_migrations/v1_16/v189.go
@@ -7,7 +7,7 @@ import (
 	"encoding/binary"
 	"fmt"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/json"
 
 	"xorm.io/xorm"
diff --git a/models/migrations/v1_16/v189_test.go b/models/gitea_migrations/v1_16/v189_test.go
similarity index 97%
rename from models/migrations/v1_16/v189_test.go
rename to models/gitea_migrations/v1_16/v189_test.go
index 9d74462a92..7b50cac3d8 100644
--- a/models/migrations/v1_16/v189_test.go
+++ b/models/gitea_migrations/v1_16/v189_test.go
@@ -6,7 +6,7 @@ package v1_16
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/modules/json"
 
 	"github.com/stretchr/testify/assert"
diff --git a/models/migrations/v1_16/v190.go b/models/gitea_migrations/v1_16/v190.go
similarity index 100%
rename from models/migrations/v1_16/v190.go
rename to models/gitea_migrations/v1_16/v190.go
diff --git a/models/migrations/v1_16/v191.go b/models/gitea_migrations/v1_16/v191.go
similarity index 100%
rename from models/migrations/v1_16/v191.go
rename to models/gitea_migrations/v1_16/v191.go
diff --git a/models/migrations/v1_16/v192.go b/models/gitea_migrations/v1_16/v192.go
similarity index 88%
rename from models/migrations/v1_16/v192.go
rename to models/gitea_migrations/v1_16/v192.go
index 31e8c36346..0e2fd522f9 100644
--- a/models/migrations/v1_16/v192.go
+++ b/models/gitea_migrations/v1_16/v192.go
@@ -4,7 +4,7 @@
 package v1_16
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
diff --git a/models/migrations/v1_16/v193.go b/models/gitea_migrations/v1_16/v193.go
similarity index 100%
rename from models/migrations/v1_16/v193.go
rename to models/gitea_migrations/v1_16/v193.go
diff --git a/models/migrations/v1_16/v193_test.go b/models/gitea_migrations/v1_16/v193_test.go
similarity index 97%
rename from models/migrations/v1_16/v193_test.go
rename to models/gitea_migrations/v1_16/v193_test.go
index bf8d8a7dc6..73159118ab 100644
--- a/models/migrations/v1_16/v193_test.go
+++ b/models/gitea_migrations/v1_16/v193_test.go
@@ -6,7 +6,7 @@ package v1_16
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_16/v194.go b/models/gitea_migrations/v1_16/v194.go
similarity index 100%
rename from models/migrations/v1_16/v194.go
rename to models/gitea_migrations/v1_16/v194.go
diff --git a/models/migrations/v1_16/v195.go b/models/gitea_migrations/v1_16/v195.go
similarity index 100%
rename from models/migrations/v1_16/v195.go
rename to models/gitea_migrations/v1_16/v195.go
diff --git a/models/migrations/v1_16/v195_test.go b/models/gitea_migrations/v1_16/v195_test.go
similarity index 96%
rename from models/migrations/v1_16/v195_test.go
rename to models/gitea_migrations/v1_16/v195_test.go
index 1fc7b51f3c..d3e4ffc56e 100644
--- a/models/migrations/v1_16/v195_test.go
+++ b/models/gitea_migrations/v1_16/v195_test.go
@@ -6,7 +6,7 @@ package v1_16
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_16/v196.go b/models/gitea_migrations/v1_16/v196.go
similarity index 100%
rename from models/migrations/v1_16/v196.go
rename to models/gitea_migrations/v1_16/v196.go
diff --git a/models/migrations/v1_16/v197.go b/models/gitea_migrations/v1_16/v197.go
similarity index 100%
rename from models/migrations/v1_16/v197.go
rename to models/gitea_migrations/v1_16/v197.go
diff --git a/models/migrations/v1_16/v198.go b/models/gitea_migrations/v1_16/v198.go
similarity index 100%
rename from models/migrations/v1_16/v198.go
rename to models/gitea_migrations/v1_16/v198.go
diff --git a/models/migrations/v1_16/v199.go b/models/gitea_migrations/v1_16/v199.go
similarity index 100%
rename from models/migrations/v1_16/v199.go
rename to models/gitea_migrations/v1_16/v199.go
diff --git a/models/migrations/v1_16/v200.go b/models/gitea_migrations/v1_16/v200.go
similarity index 100%
rename from models/migrations/v1_16/v200.go
rename to models/gitea_migrations/v1_16/v200.go
diff --git a/models/migrations/v1_16/v201.go b/models/gitea_migrations/v1_16/v201.go
similarity index 100%
rename from models/migrations/v1_16/v201.go
rename to models/gitea_migrations/v1_16/v201.go
diff --git a/models/migrations/v1_16/v202.go b/models/gitea_migrations/v1_16/v202.go
similarity index 100%
rename from models/migrations/v1_16/v202.go
rename to models/gitea_migrations/v1_16/v202.go
diff --git a/models/migrations/v1_16/v203.go b/models/gitea_migrations/v1_16/v203.go
similarity index 100%
rename from models/migrations/v1_16/v203.go
rename to models/gitea_migrations/v1_16/v203.go
diff --git a/models/migrations/v1_16/v204.go b/models/gitea_migrations/v1_16/v204.go
similarity index 100%
rename from models/migrations/v1_16/v204.go
rename to models/gitea_migrations/v1_16/v204.go
diff --git a/models/migrations/v1_16/v205.go b/models/gitea_migrations/v1_16/v205.go
similarity index 94%
rename from models/migrations/v1_16/v205.go
rename to models/gitea_migrations/v1_16/v205.go
index cb452dfd7f..a89edfdef4 100644
--- a/models/migrations/v1_16/v205.go
+++ b/models/gitea_migrations/v1_16/v205.go
@@ -4,7 +4,7 @@
 package v1_16
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 	"xorm.io/xorm/schemas"
diff --git a/models/migrations/v1_16/v206.go b/models/gitea_migrations/v1_16/v206.go
similarity index 100%
rename from models/migrations/v1_16/v206.go
rename to models/gitea_migrations/v1_16/v206.go
diff --git a/models/migrations/v1_16/v207.go b/models/gitea_migrations/v1_16/v207.go
similarity index 100%
rename from models/migrations/v1_16/v207.go
rename to models/gitea_migrations/v1_16/v207.go
diff --git a/models/migrations/v1_16/v208.go b/models/gitea_migrations/v1_16/v208.go
similarity index 100%
rename from models/migrations/v1_16/v208.go
rename to models/gitea_migrations/v1_16/v208.go
diff --git a/models/migrations/v1_16/v209.go b/models/gitea_migrations/v1_16/v209.go
similarity index 100%
rename from models/migrations/v1_16/v209.go
rename to models/gitea_migrations/v1_16/v209.go
diff --git a/models/migrations/v1_16/v210.go b/models/gitea_migrations/v1_16/v210.go
similarity index 100%
rename from models/migrations/v1_16/v210.go
rename to models/gitea_migrations/v1_16/v210.go
diff --git a/models/migrations/v1_16/v210_test.go b/models/gitea_migrations/v1_16/v210_test.go
similarity index 98%
rename from models/migrations/v1_16/v210_test.go
rename to models/gitea_migrations/v1_16/v210_test.go
index 8454920aa0..7972c191f0 100644
--- a/models/migrations/v1_16/v210_test.go
+++ b/models/gitea_migrations/v1_16/v210_test.go
@@ -7,7 +7,7 @@ import (
 	"encoding/hex"
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/modules/timeutil"
 
 	"github.com/stretchr/testify/assert"
diff --git a/models/migrations/v1_17/main_test.go b/models/gitea_migrations/v1_17/main_test.go
similarity index 76%
rename from models/migrations/v1_17/main_test.go
rename to models/gitea_migrations/v1_17/main_test.go
index 166860b3b1..e54e2a9029 100644
--- a/models/migrations/v1_17/main_test.go
+++ b/models/gitea_migrations/v1_17/main_test.go
@@ -6,7 +6,7 @@ package v1_17
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_17/v211.go b/models/gitea_migrations/v1_17/v211.go
similarity index 100%
rename from models/migrations/v1_17/v211.go
rename to models/gitea_migrations/v1_17/v211.go
diff --git a/models/migrations/v1_17/v212.go b/models/gitea_migrations/v1_17/v212.go
similarity index 100%
rename from models/migrations/v1_17/v212.go
rename to models/gitea_migrations/v1_17/v212.go
diff --git a/models/migrations/v1_17/v213.go b/models/gitea_migrations/v1_17/v213.go
similarity index 100%
rename from models/migrations/v1_17/v213.go
rename to models/gitea_migrations/v1_17/v213.go
diff --git a/models/migrations/v1_17/v214.go b/models/gitea_migrations/v1_17/v214.go
similarity index 100%
rename from models/migrations/v1_17/v214.go
rename to models/gitea_migrations/v1_17/v214.go
diff --git a/models/migrations/v1_17/v215.go b/models/gitea_migrations/v1_17/v215.go
similarity index 100%
rename from models/migrations/v1_17/v215.go
rename to models/gitea_migrations/v1_17/v215.go
diff --git a/models/migrations/v1_17/v216.go b/models/gitea_migrations/v1_17/v216.go
similarity index 100%
rename from models/migrations/v1_17/v216.go
rename to models/gitea_migrations/v1_17/v216.go
diff --git a/models/migrations/v1_17/v217.go b/models/gitea_migrations/v1_17/v217.go
similarity index 100%
rename from models/migrations/v1_17/v217.go
rename to models/gitea_migrations/v1_17/v217.go
diff --git a/models/migrations/v1_17/v218.go b/models/gitea_migrations/v1_17/v218.go
similarity index 100%
rename from models/migrations/v1_17/v218.go
rename to models/gitea_migrations/v1_17/v218.go
diff --git a/models/migrations/v1_17/v219.go b/models/gitea_migrations/v1_17/v219.go
similarity index 100%
rename from models/migrations/v1_17/v219.go
rename to models/gitea_migrations/v1_17/v219.go
diff --git a/models/migrations/v1_17/v220.go b/models/gitea_migrations/v1_17/v220.go
similarity index 100%
rename from models/migrations/v1_17/v220.go
rename to models/gitea_migrations/v1_17/v220.go
diff --git a/models/migrations/v1_17/v221.go b/models/gitea_migrations/v1_17/v221.go
similarity index 100%
rename from models/migrations/v1_17/v221.go
rename to models/gitea_migrations/v1_17/v221.go
diff --git a/models/migrations/v1_17/v221_test.go b/models/gitea_migrations/v1_17/v221_test.go
similarity index 96%
rename from models/migrations/v1_17/v221_test.go
rename to models/gitea_migrations/v1_17/v221_test.go
index a9c47136b2..592fd15f5e 100644
--- a/models/migrations/v1_17/v221_test.go
+++ b/models/gitea_migrations/v1_17/v221_test.go
@@ -7,7 +7,7 @@ import (
 	"encoding/base32"
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_17/v222.go b/models/gitea_migrations/v1_17/v222.go
similarity index 97%
rename from models/migrations/v1_17/v222.go
rename to models/gitea_migrations/v1_17/v222.go
index 873769881e..77095f4e7e 100644
--- a/models/migrations/v1_17/v222.go
+++ b/models/gitea_migrations/v1_17/v222.go
@@ -8,7 +8,7 @@ import (
 	"errors"
 	"fmt"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/timeutil"
 
 	"xorm.io/xorm"
diff --git a/models/migrations/v1_17/v223.go b/models/gitea_migrations/v1_17/v223.go
similarity index 98%
rename from models/migrations/v1_17/v223.go
rename to models/gitea_migrations/v1_17/v223.go
index 4f5d34d841..4cc91c4f46 100644
--- a/models/migrations/v1_17/v223.go
+++ b/models/gitea_migrations/v1_17/v223.go
@@ -7,7 +7,7 @@ import (
 	"context"
 	"fmt"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/timeutil"
 
diff --git a/models/migrations/v1_18/main_test.go b/models/gitea_migrations/v1_18/main_test.go
similarity index 76%
rename from models/migrations/v1_18/main_test.go
rename to models/gitea_migrations/v1_18/main_test.go
index 0c20934cea..73e634ca35 100644
--- a/models/migrations/v1_18/main_test.go
+++ b/models/gitea_migrations/v1_18/main_test.go
@@ -6,7 +6,7 @@ package v1_18
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_18/v224.go b/models/gitea_migrations/v1_18/v224.go
similarity index 100%
rename from models/migrations/v1_18/v224.go
rename to models/gitea_migrations/v1_18/v224.go
diff --git a/models/migrations/v1_18/v225.go b/models/gitea_migrations/v1_18/v225.go
similarity index 100%
rename from models/migrations/v1_18/v225.go
rename to models/gitea_migrations/v1_18/v225.go
diff --git a/models/migrations/v1_18/v226.go b/models/gitea_migrations/v1_18/v226.go
similarity index 100%
rename from models/migrations/v1_18/v226.go
rename to models/gitea_migrations/v1_18/v226.go
diff --git a/models/migrations/v1_18/v227.go b/models/gitea_migrations/v1_18/v227.go
similarity index 100%
rename from models/migrations/v1_18/v227.go
rename to models/gitea_migrations/v1_18/v227.go
diff --git a/models/migrations/v1_18/v228.go b/models/gitea_migrations/v1_18/v228.go
similarity index 100%
rename from models/migrations/v1_18/v228.go
rename to models/gitea_migrations/v1_18/v228.go
diff --git a/models/migrations/v1_18/v229.go b/models/gitea_migrations/v1_18/v229.go
similarity index 100%
rename from models/migrations/v1_18/v229.go
rename to models/gitea_migrations/v1_18/v229.go
diff --git a/models/migrations/v1_18/v229_test.go b/models/gitea_migrations/v1_18/v229_test.go
similarity index 94%
rename from models/migrations/v1_18/v229_test.go
rename to models/gitea_migrations/v1_18/v229_test.go
index 903a60c851..deea44ab86 100644
--- a/models/migrations/v1_18/v229_test.go
+++ b/models/gitea_migrations/v1_18/v229_test.go
@@ -6,8 +6,8 @@ package v1_18
 import (
 	"testing"
 
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/models/issues"
-	migration_tests "forgejo.org/models/migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_18/v230.go b/models/gitea_migrations/v1_18/v230.go
similarity index 100%
rename from models/migrations/v1_18/v230.go
rename to models/gitea_migrations/v1_18/v230.go
diff --git a/models/migrations/v1_18/v230_test.go b/models/gitea_migrations/v1_18/v230_test.go
similarity index 94%
rename from models/migrations/v1_18/v230_test.go
rename to models/gitea_migrations/v1_18/v230_test.go
index da31b0dc9b..0db7025838 100644
--- a/models/migrations/v1_18/v230_test.go
+++ b/models/gitea_migrations/v1_18/v230_test.go
@@ -6,7 +6,7 @@ package v1_18
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_19/main_test.go b/models/gitea_migrations/v1_19/main_test.go
similarity index 76%
rename from models/migrations/v1_19/main_test.go
rename to models/gitea_migrations/v1_19/main_test.go
index 9d1c3a57ea..6bf5ec4cc9 100644
--- a/models/migrations/v1_19/main_test.go
+++ b/models/gitea_migrations/v1_19/main_test.go
@@ -6,7 +6,7 @@ package v1_19
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_19/v231.go b/models/gitea_migrations/v1_19/v231.go
similarity index 100%
rename from models/migrations/v1_19/v231.go
rename to models/gitea_migrations/v1_19/v231.go
diff --git a/models/migrations/v1_19/v232.go b/models/gitea_migrations/v1_19/v232.go
similarity index 100%
rename from models/migrations/v1_19/v232.go
rename to models/gitea_migrations/v1_19/v232.go
diff --git a/models/migrations/v1_19/v233.go b/models/gitea_migrations/v1_19/v233.go
similarity index 100%
rename from models/migrations/v1_19/v233.go
rename to models/gitea_migrations/v1_19/v233.go
diff --git a/models/migrations/v1_19/v233_test.go b/models/gitea_migrations/v1_19/v233_test.go
similarity index 97%
rename from models/migrations/v1_19/v233_test.go
rename to models/gitea_migrations/v1_19/v233_test.go
index 3d5eac9887..72770d9544 100644
--- a/models/migrations/v1_19/v233_test.go
+++ b/models/gitea_migrations/v1_19/v233_test.go
@@ -6,7 +6,7 @@ package v1_19
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/secret"
 	"forgejo.org/modules/setting"
diff --git a/models/migrations/v1_19/v234.go b/models/gitea_migrations/v1_19/v234.go
similarity index 100%
rename from models/migrations/v1_19/v234.go
rename to models/gitea_migrations/v1_19/v234.go
diff --git a/models/migrations/v1_19/v235.go b/models/gitea_migrations/v1_19/v235.go
similarity index 100%
rename from models/migrations/v1_19/v235.go
rename to models/gitea_migrations/v1_19/v235.go
diff --git a/models/migrations/v1_19/v236.go b/models/gitea_migrations/v1_19/v236.go
similarity index 100%
rename from models/migrations/v1_19/v236.go
rename to models/gitea_migrations/v1_19/v236.go
diff --git a/models/migrations/v1_19/v237.go b/models/gitea_migrations/v1_19/v237.go
similarity index 100%
rename from models/migrations/v1_19/v237.go
rename to models/gitea_migrations/v1_19/v237.go
diff --git a/models/migrations/v1_19/v238.go b/models/gitea_migrations/v1_19/v238.go
similarity index 100%
rename from models/migrations/v1_19/v238.go
rename to models/gitea_migrations/v1_19/v238.go
diff --git a/models/migrations/v1_19/v239.go b/models/gitea_migrations/v1_19/v239.go
similarity index 100%
rename from models/migrations/v1_19/v239.go
rename to models/gitea_migrations/v1_19/v239.go
diff --git a/models/migrations/v1_19/v240.go b/models/gitea_migrations/v1_19/v240.go
similarity index 100%
rename from models/migrations/v1_19/v240.go
rename to models/gitea_migrations/v1_19/v240.go
diff --git a/models/migrations/v1_19/v241.go b/models/gitea_migrations/v1_19/v241.go
similarity index 100%
rename from models/migrations/v1_19/v241.go
rename to models/gitea_migrations/v1_19/v241.go
diff --git a/models/migrations/v1_19/v242.go b/models/gitea_migrations/v1_19/v242.go
similarity index 100%
rename from models/migrations/v1_19/v242.go
rename to models/gitea_migrations/v1_19/v242.go
diff --git a/models/migrations/v1_19/v243.go b/models/gitea_migrations/v1_19/v243.go
similarity index 100%
rename from models/migrations/v1_19/v243.go
rename to models/gitea_migrations/v1_19/v243.go
diff --git a/models/migrations/v1_20/main_test.go b/models/gitea_migrations/v1_20/main_test.go
similarity index 76%
rename from models/migrations/v1_20/main_test.go
rename to models/gitea_migrations/v1_20/main_test.go
index ee5eec5ef6..dd71e73804 100644
--- a/models/migrations/v1_20/main_test.go
+++ b/models/gitea_migrations/v1_20/main_test.go
@@ -6,7 +6,7 @@ package v1_20
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_20/v244.go b/models/gitea_migrations/v1_20/v244.go
similarity index 100%
rename from models/migrations/v1_20/v244.go
rename to models/gitea_migrations/v1_20/v244.go
diff --git a/models/migrations/v1_20/v245.go b/models/gitea_migrations/v1_20/v245.go
similarity index 97%
rename from models/migrations/v1_20/v245.go
rename to models/gitea_migrations/v1_20/v245.go
index 5e034568c4..730af95ad0 100644
--- a/models/migrations/v1_20/v245.go
+++ b/models/gitea_migrations/v1_20/v245.go
@@ -7,7 +7,7 @@ import (
 	"context"
 	"fmt"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/setting"
 
 	"xorm.io/xorm"
diff --git a/models/migrations/v1_20/v246.go b/models/gitea_migrations/v1_20/v246.go
similarity index 100%
rename from models/migrations/v1_20/v246.go
rename to models/gitea_migrations/v1_20/v246.go
diff --git a/models/migrations/v1_20/v247.go b/models/gitea_migrations/v1_20/v247.go
similarity index 100%
rename from models/migrations/v1_20/v247.go
rename to models/gitea_migrations/v1_20/v247.go
diff --git a/models/migrations/v1_20/v248.go b/models/gitea_migrations/v1_20/v248.go
similarity index 100%
rename from models/migrations/v1_20/v248.go
rename to models/gitea_migrations/v1_20/v248.go
diff --git a/models/migrations/v1_20/v249.go b/models/gitea_migrations/v1_20/v249.go
similarity index 100%
rename from models/migrations/v1_20/v249.go
rename to models/gitea_migrations/v1_20/v249.go
diff --git a/models/migrations/v1_20/v250.go b/models/gitea_migrations/v1_20/v250.go
similarity index 100%
rename from models/migrations/v1_20/v250.go
rename to models/gitea_migrations/v1_20/v250.go
diff --git a/models/migrations/v1_20/v251.go b/models/gitea_migrations/v1_20/v251.go
similarity index 100%
rename from models/migrations/v1_20/v251.go
rename to models/gitea_migrations/v1_20/v251.go
diff --git a/models/migrations/v1_20/v252.go b/models/gitea_migrations/v1_20/v252.go
similarity index 100%
rename from models/migrations/v1_20/v252.go
rename to models/gitea_migrations/v1_20/v252.go
diff --git a/models/migrations/v1_20/v253.go b/models/gitea_migrations/v1_20/v253.go
similarity index 100%
rename from models/migrations/v1_20/v253.go
rename to models/gitea_migrations/v1_20/v253.go
diff --git a/models/migrations/v1_20/v254.go b/models/gitea_migrations/v1_20/v254.go
similarity index 100%
rename from models/migrations/v1_20/v254.go
rename to models/gitea_migrations/v1_20/v254.go
diff --git a/models/migrations/v1_20/v255.go b/models/gitea_migrations/v1_20/v255.go
similarity index 100%
rename from models/migrations/v1_20/v255.go
rename to models/gitea_migrations/v1_20/v255.go
diff --git a/models/migrations/v1_20/v256.go b/models/gitea_migrations/v1_20/v256.go
similarity index 100%
rename from models/migrations/v1_20/v256.go
rename to models/gitea_migrations/v1_20/v256.go
diff --git a/models/migrations/v1_20/v257.go b/models/gitea_migrations/v1_20/v257.go
similarity index 100%
rename from models/migrations/v1_20/v257.go
rename to models/gitea_migrations/v1_20/v257.go
diff --git a/models/migrations/v1_20/v258.go b/models/gitea_migrations/v1_20/v258.go
similarity index 100%
rename from models/migrations/v1_20/v258.go
rename to models/gitea_migrations/v1_20/v258.go
diff --git a/models/migrations/v1_20/v259.go b/models/gitea_migrations/v1_20/v259.go
similarity index 100%
rename from models/migrations/v1_20/v259.go
rename to models/gitea_migrations/v1_20/v259.go
diff --git a/models/migrations/v1_20/v259_test.go b/models/gitea_migrations/v1_20/v259_test.go
similarity index 97%
rename from models/migrations/v1_20/v259_test.go
rename to models/gitea_migrations/v1_20/v259_test.go
index b41b6c7995..6805eb31ce 100644
--- a/models/migrations/v1_20/v259_test.go
+++ b/models/gitea_migrations/v1_20/v259_test.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_21/main_test.go b/models/gitea_migrations/v1_21/main_test.go
similarity index 76%
rename from models/migrations/v1_21/main_test.go
rename to models/gitea_migrations/v1_21/main_test.go
index 3f10a39a94..e467c66a91 100644
--- a/models/migrations/v1_21/main_test.go
+++ b/models/gitea_migrations/v1_21/main_test.go
@@ -6,7 +6,7 @@ package v1_21
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_21/v260.go b/models/gitea_migrations/v1_21/v260.go
similarity index 91%
rename from models/migrations/v1_21/v260.go
rename to models/gitea_migrations/v1_21/v260.go
index b73b53bd61..31f9c5b161 100644
--- a/models/migrations/v1_21/v260.go
+++ b/models/gitea_migrations/v1_21/v260.go
@@ -4,7 +4,7 @@
 package v1_21
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
diff --git a/models/migrations/v1_21/v261.go b/models/gitea_migrations/v1_21/v261.go
similarity index 100%
rename from models/migrations/v1_21/v261.go
rename to models/gitea_migrations/v1_21/v261.go
diff --git a/models/migrations/v1_21/v262.go b/models/gitea_migrations/v1_21/v262.go
similarity index 100%
rename from models/migrations/v1_21/v262.go
rename to models/gitea_migrations/v1_21/v262.go
diff --git a/models/migrations/v1_21/v263.go b/models/gitea_migrations/v1_21/v263.go
similarity index 100%
rename from models/migrations/v1_21/v263.go
rename to models/gitea_migrations/v1_21/v263.go
diff --git a/models/migrations/v1_21/v264.go b/models/gitea_migrations/v1_21/v264.go
similarity index 100%
rename from models/migrations/v1_21/v264.go
rename to models/gitea_migrations/v1_21/v264.go
diff --git a/models/migrations/v1_21/v265.go b/models/gitea_migrations/v1_21/v265.go
similarity index 100%
rename from models/migrations/v1_21/v265.go
rename to models/gitea_migrations/v1_21/v265.go
diff --git a/models/migrations/v1_21/v266.go b/models/gitea_migrations/v1_21/v266.go
similarity index 100%
rename from models/migrations/v1_21/v266.go
rename to models/gitea_migrations/v1_21/v266.go
diff --git a/models/migrations/v1_21/v267.go b/models/gitea_migrations/v1_21/v267.go
similarity index 100%
rename from models/migrations/v1_21/v267.go
rename to models/gitea_migrations/v1_21/v267.go
diff --git a/models/migrations/v1_21/v268.go b/models/gitea_migrations/v1_21/v268.go
similarity index 100%
rename from models/migrations/v1_21/v268.go
rename to models/gitea_migrations/v1_21/v268.go
diff --git a/models/migrations/v1_21/v269.go b/models/gitea_migrations/v1_21/v269.go
similarity index 100%
rename from models/migrations/v1_21/v269.go
rename to models/gitea_migrations/v1_21/v269.go
diff --git a/models/migrations/v1_21/v270.go b/models/gitea_migrations/v1_21/v270.go
similarity index 100%
rename from models/migrations/v1_21/v270.go
rename to models/gitea_migrations/v1_21/v270.go
diff --git a/models/migrations/v1_21/v271.go b/models/gitea_migrations/v1_21/v271.go
similarity index 100%
rename from models/migrations/v1_21/v271.go
rename to models/gitea_migrations/v1_21/v271.go
diff --git a/models/migrations/v1_21/v272.go b/models/gitea_migrations/v1_21/v272.go
similarity index 100%
rename from models/migrations/v1_21/v272.go
rename to models/gitea_migrations/v1_21/v272.go
diff --git a/models/migrations/v1_21/v273.go b/models/gitea_migrations/v1_21/v273.go
similarity index 100%
rename from models/migrations/v1_21/v273.go
rename to models/gitea_migrations/v1_21/v273.go
diff --git a/models/migrations/v1_21/v274.go b/models/gitea_migrations/v1_21/v274.go
similarity index 100%
rename from models/migrations/v1_21/v274.go
rename to models/gitea_migrations/v1_21/v274.go
diff --git a/models/migrations/v1_21/v275.go b/models/gitea_migrations/v1_21/v275.go
similarity index 100%
rename from models/migrations/v1_21/v275.go
rename to models/gitea_migrations/v1_21/v275.go
diff --git a/models/migrations/v1_21/v276.go b/models/gitea_migrations/v1_21/v276.go
similarity index 100%
rename from models/migrations/v1_21/v276.go
rename to models/gitea_migrations/v1_21/v276.go
diff --git a/models/migrations/v1_21/v277.go b/models/gitea_migrations/v1_21/v277.go
similarity index 100%
rename from models/migrations/v1_21/v277.go
rename to models/gitea_migrations/v1_21/v277.go
diff --git a/models/migrations/v1_21/v278.go b/models/gitea_migrations/v1_21/v278.go
similarity index 100%
rename from models/migrations/v1_21/v278.go
rename to models/gitea_migrations/v1_21/v278.go
diff --git a/models/migrations/v1_21/v279.go b/models/gitea_migrations/v1_21/v279.go
similarity index 100%
rename from models/migrations/v1_21/v279.go
rename to models/gitea_migrations/v1_21/v279.go
diff --git a/models/migrations/v1_22/main_test.go b/models/gitea_migrations/v1_22/main_test.go
similarity index 76%
rename from models/migrations/v1_22/main_test.go
rename to models/gitea_migrations/v1_22/main_test.go
index 7b05993e09..81e4664b90 100644
--- a/models/migrations/v1_22/main_test.go
+++ b/models/gitea_migrations/v1_22/main_test.go
@@ -6,7 +6,7 @@ package v1_22
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_22/v280.go b/models/gitea_migrations/v1_22/v280.go
similarity index 100%
rename from models/migrations/v1_22/v280.go
rename to models/gitea_migrations/v1_22/v280.go
diff --git a/models/migrations/v1_22/v281.go b/models/gitea_migrations/v1_22/v281.go
similarity index 100%
rename from models/migrations/v1_22/v281.go
rename to models/gitea_migrations/v1_22/v281.go
diff --git a/models/migrations/v1_22/v282.go b/models/gitea_migrations/v1_22/v282.go
similarity index 100%
rename from models/migrations/v1_22/v282.go
rename to models/gitea_migrations/v1_22/v282.go
diff --git a/models/migrations/v1_22/v283.go b/models/gitea_migrations/v1_22/v283.go
similarity index 100%
rename from models/migrations/v1_22/v283.go
rename to models/gitea_migrations/v1_22/v283.go
diff --git a/models/migrations/v1_22/v283_test.go b/models/gitea_migrations/v1_22/v283_test.go
similarity index 91%
rename from models/migrations/v1_22/v283_test.go
rename to models/gitea_migrations/v1_22/v283_test.go
index 652d96ac16..647555ca9e 100644
--- a/models/migrations/v1_22/v283_test.go
+++ b/models/gitea_migrations/v1_22/v283_test.go
@@ -6,7 +6,7 @@ package v1_22
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/require"
 )
diff --git a/models/migrations/v1_22/v284.go b/models/gitea_migrations/v1_22/v284.go
similarity index 100%
rename from models/migrations/v1_22/v284.go
rename to models/gitea_migrations/v1_22/v284.go
diff --git a/models/migrations/v1_22/v285.go b/models/gitea_migrations/v1_22/v285.go
similarity index 100%
rename from models/migrations/v1_22/v285.go
rename to models/gitea_migrations/v1_22/v285.go
diff --git a/models/migrations/v1_22/v286.go b/models/gitea_migrations/v1_22/v286.go
similarity index 100%
rename from models/migrations/v1_22/v286.go
rename to models/gitea_migrations/v1_22/v286.go
diff --git a/models/migrations/v1_22/v286_test.go b/models/gitea_migrations/v1_22/v286_test.go
similarity index 97%
rename from models/migrations/v1_22/v286_test.go
rename to models/gitea_migrations/v1_22/v286_test.go
index 5bb3334df2..fd630508ec 100644
--- a/models/migrations/v1_22/v286_test.go
+++ b/models/gitea_migrations/v1_22/v286_test.go
@@ -6,7 +6,7 @@ package v1_22
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_22/v287.go b/models/gitea_migrations/v1_22/v287.go
similarity index 100%
rename from models/migrations/v1_22/v287.go
rename to models/gitea_migrations/v1_22/v287.go
diff --git a/models/migrations/v1_22/v288.go b/models/gitea_migrations/v1_22/v288.go
similarity index 100%
rename from models/migrations/v1_22/v288.go
rename to models/gitea_migrations/v1_22/v288.go
diff --git a/models/migrations/v1_22/v289.go b/models/gitea_migrations/v1_22/v289.go
similarity index 100%
rename from models/migrations/v1_22/v289.go
rename to models/gitea_migrations/v1_22/v289.go
diff --git a/models/migrations/v1_22/v290.go b/models/gitea_migrations/v1_22/v290.go
similarity index 100%
rename from models/migrations/v1_22/v290.go
rename to models/gitea_migrations/v1_22/v290.go
diff --git a/models/migrations/v1_22/v290_test.go b/models/gitea_migrations/v1_22/v290_test.go
similarity index 96%
rename from models/migrations/v1_22/v290_test.go
rename to models/gitea_migrations/v1_22/v290_test.go
index a1907cf4d6..a1c303cd28 100644
--- a/models/migrations/v1_22/v290_test.go
+++ b/models/gitea_migrations/v1_22/v290_test.go
@@ -7,7 +7,7 @@ import (
 	"strconv"
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/modules/timeutil"
 	webhook_module "forgejo.org/modules/webhook"
 
diff --git a/models/migrations/v1_22/v291.go b/models/gitea_migrations/v1_22/v291.go
similarity index 100%
rename from models/migrations/v1_22/v291.go
rename to models/gitea_migrations/v1_22/v291.go
diff --git a/models/migrations/v1_22/v292.go b/models/gitea_migrations/v1_22/v292.go
similarity index 100%
rename from models/migrations/v1_22/v292.go
rename to models/gitea_migrations/v1_22/v292.go
diff --git a/models/migrations/v1_22/v293.go b/models/gitea_migrations/v1_22/v293.go
similarity index 100%
rename from models/migrations/v1_22/v293.go
rename to models/gitea_migrations/v1_22/v293.go
diff --git a/models/migrations/v1_22/v293_test.go b/models/gitea_migrations/v1_22/v293_test.go
similarity index 95%
rename from models/migrations/v1_22/v293_test.go
rename to models/gitea_migrations/v1_22/v293_test.go
index 6b1931b761..902e20fbc2 100644
--- a/models/migrations/v1_22/v293_test.go
+++ b/models/gitea_migrations/v1_22/v293_test.go
@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"forgejo.org/models/db"
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 	"forgejo.org/models/project"
 
 	"github.com/stretchr/testify/assert"
diff --git a/models/migrations/v1_22/v294.go b/models/gitea_migrations/v1_22/v294.go
similarity index 100%
rename from models/migrations/v1_22/v294.go
rename to models/gitea_migrations/v1_22/v294.go
diff --git a/models/migrations/v1_22/v294_test.go b/models/gitea_migrations/v1_22/v294_test.go
similarity index 95%
rename from models/migrations/v1_22/v294_test.go
rename to models/gitea_migrations/v1_22/v294_test.go
index e87a4bc85f..197fada2a0 100644
--- a/models/migrations/v1_22/v294_test.go
+++ b/models/gitea_migrations/v1_22/v294_test.go
@@ -7,7 +7,7 @@ import (
 	"slices"
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
diff --git a/models/migrations/v1_22/v295.go b/models/gitea_migrations/v1_22/v295.go
similarity index 100%
rename from models/migrations/v1_22/v295.go
rename to models/gitea_migrations/v1_22/v295.go
diff --git a/models/migrations/v1_22/v296.go b/models/gitea_migrations/v1_22/v296.go
similarity index 100%
rename from models/migrations/v1_22/v296.go
rename to models/gitea_migrations/v1_22/v296.go
diff --git a/models/migrations/v1_22/v298.go b/models/gitea_migrations/v1_22/v298.go
similarity index 100%
rename from models/migrations/v1_22/v298.go
rename to models/gitea_migrations/v1_22/v298.go
diff --git a/models/migrations/v1_23/main_test.go b/models/gitea_migrations/v1_23/main_test.go
similarity index 76%
rename from models/migrations/v1_23/main_test.go
rename to models/gitea_migrations/v1_23/main_test.go
index 5fb4fec999..f8337ab2ee 100644
--- a/models/migrations/v1_23/main_test.go
+++ b/models/gitea_migrations/v1_23/main_test.go
@@ -6,7 +6,7 @@ package v1_23
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/migrations/v1_23/v299.go b/models/gitea_migrations/v1_23/v299.go
similarity index 100%
rename from models/migrations/v1_23/v299.go
rename to models/gitea_migrations/v1_23/v299.go
diff --git a/models/migrations/v1_23/v300.go b/models/gitea_migrations/v1_23/v300.go
similarity index 100%
rename from models/migrations/v1_23/v300.go
rename to models/gitea_migrations/v1_23/v300.go
diff --git a/models/migrations/v1_23/v301.go b/models/gitea_migrations/v1_23/v301.go
similarity index 100%
rename from models/migrations/v1_23/v301.go
rename to models/gitea_migrations/v1_23/v301.go
diff --git a/models/migrations/v1_23/v302.go b/models/gitea_migrations/v1_23/v302.go
similarity index 100%
rename from models/migrations/v1_23/v302.go
rename to models/gitea_migrations/v1_23/v302.go
diff --git a/models/migrations/v1_23/v303.go b/models/gitea_migrations/v1_23/v303.go
similarity index 96%
rename from models/migrations/v1_23/v303.go
rename to models/gitea_migrations/v1_23/v303.go
index 03197d2857..f6cbf7d859 100644
--- a/models/migrations/v1_23/v303.go
+++ b/models/gitea_migrations/v1_23/v303.go
@@ -4,7 +4,7 @@
 package v1_23
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 	"xorm.io/xorm/schemas"
diff --git a/models/migrations/v1_23/v303_test.go b/models/gitea_migrations/v1_23/v303_test.go
similarity index 93%
rename from models/migrations/v1_23/v303_test.go
rename to models/gitea_migrations/v1_23/v303_test.go
index f2c764bae3..5eee15c47a 100644
--- a/models/migrations/v1_23/v303_test.go
+++ b/models/gitea_migrations/v1_23/v303_test.go
@@ -6,7 +6,7 @@ package v1_23
 import (
 	"testing"
 
-	migration_tests "forgejo.org/models/migrations/test"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
 
 	"github.com/stretchr/testify/require"
 	"xorm.io/xorm/schemas"
diff --git a/models/migrations/v1_6/v70.go b/models/gitea_migrations/v1_6/v70.go
similarity index 100%
rename from models/migrations/v1_6/v70.go
rename to models/gitea_migrations/v1_6/v70.go
diff --git a/models/migrations/v1_6/v71.go b/models/gitea_migrations/v1_6/v71.go
similarity index 97%
rename from models/migrations/v1_6/v71.go
rename to models/gitea_migrations/v1_6/v71.go
index 42fe8cd1ba..c9e96980d3 100644
--- a/models/migrations/v1_6/v71.go
+++ b/models/gitea_migrations/v1_6/v71.go
@@ -6,7 +6,7 @@ package v1_6
 import (
 	"fmt"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
diff --git a/models/migrations/v1_6/v72.go b/models/gitea_migrations/v1_6/v72.go
similarity index 100%
rename from models/migrations/v1_6/v72.go
rename to models/gitea_migrations/v1_6/v72.go
diff --git a/models/migrations/v1_7/v73.go b/models/gitea_migrations/v1_7/v73.go
similarity index 100%
rename from models/migrations/v1_7/v73.go
rename to models/gitea_migrations/v1_7/v73.go
diff --git a/models/migrations/v1_7/v74.go b/models/gitea_migrations/v1_7/v74.go
similarity index 100%
rename from models/migrations/v1_7/v74.go
rename to models/gitea_migrations/v1_7/v74.go
diff --git a/models/migrations/v1_7/v75.go b/models/gitea_migrations/v1_7/v75.go
similarity index 100%
rename from models/migrations/v1_7/v75.go
rename to models/gitea_migrations/v1_7/v75.go
diff --git a/models/migrations/v1_8/v76.go b/models/gitea_migrations/v1_8/v76.go
similarity index 100%
rename from models/migrations/v1_8/v76.go
rename to models/gitea_migrations/v1_8/v76.go
diff --git a/models/migrations/v1_8/v77.go b/models/gitea_migrations/v1_8/v77.go
similarity index 100%
rename from models/migrations/v1_8/v77.go
rename to models/gitea_migrations/v1_8/v77.go
diff --git a/models/migrations/v1_8/v78.go b/models/gitea_migrations/v1_8/v78.go
similarity index 94%
rename from models/migrations/v1_8/v78.go
rename to models/gitea_migrations/v1_8/v78.go
index 840fc20d96..829435ead6 100644
--- a/models/migrations/v1_8/v78.go
+++ b/models/gitea_migrations/v1_8/v78.go
@@ -4,7 +4,7 @@
 package v1_8
 
 import (
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 
 	"xorm.io/xorm"
 )
diff --git a/models/migrations/v1_8/v79.go b/models/gitea_migrations/v1_8/v79.go
similarity index 100%
rename from models/migrations/v1_8/v79.go
rename to models/gitea_migrations/v1_8/v79.go
diff --git a/models/migrations/v1_8/v80.go b/models/gitea_migrations/v1_8/v80.go
similarity index 100%
rename from models/migrations/v1_8/v80.go
rename to models/gitea_migrations/v1_8/v80.go
diff --git a/models/migrations/v1_8/v81.go b/models/gitea_migrations/v1_8/v81.go
similarity index 100%
rename from models/migrations/v1_8/v81.go
rename to models/gitea_migrations/v1_8/v81.go
diff --git a/models/migrations/v1_9/v82.go b/models/gitea_migrations/v1_9/v82.go
similarity index 100%
rename from models/migrations/v1_9/v82.go
rename to models/gitea_migrations/v1_9/v82.go
diff --git a/models/migrations/v1_9/v83.go b/models/gitea_migrations/v1_9/v83.go
similarity index 100%
rename from models/migrations/v1_9/v83.go
rename to models/gitea_migrations/v1_9/v83.go
diff --git a/models/migrations/v1_9/v84.go b/models/gitea_migrations/v1_9/v84.go
similarity index 100%
rename from models/migrations/v1_9/v84.go
rename to models/gitea_migrations/v1_9/v84.go
diff --git a/models/migrations/v1_9/v85.go b/models/gitea_migrations/v1_9/v85.go
similarity index 98%
rename from models/migrations/v1_9/v85.go
rename to models/gitea_migrations/v1_9/v85.go
index 9d5adc82dd..c54a006f4c 100644
--- a/models/migrations/v1_9/v85.go
+++ b/models/gitea_migrations/v1_9/v85.go
@@ -6,7 +6,7 @@ package v1_9
 import (
 	"fmt"
 
-	"forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
diff --git a/models/migrations/v1_9/v86.go b/models/gitea_migrations/v1_9/v86.go
similarity index 100%
rename from models/migrations/v1_9/v86.go
rename to models/gitea_migrations/v1_9/v86.go
diff --git a/models/migrations/v1_9/v87.go b/models/gitea_migrations/v1_9/v87.go
similarity index 100%
rename from models/migrations/v1_9/v87.go
rename to models/gitea_migrations/v1_9/v87.go
diff --git a/models/issues/TestGetUIDsAndStopwatch/stopwatch.yml b/models/issues/TestGetUIDsAndStopwatch/stopwatch.yml
index f564e4b389..231d142dc4 100644
--- a/models/issues/TestGetUIDsAndStopwatch/stopwatch.yml
+++ b/models/issues/TestGetUIDsAndStopwatch/stopwatch.yml
@@ -3,9 +3,3 @@
   user_id: 1
   issue_id: 2
   created_unix: 1500988004
-
--
-  id: 4
-  user_id: 3
-  issue_id: 0
-  created_unix: 1500988003
diff --git a/models/issues/issue.go b/models/issues/issue.go
index 14848e4c98..b1966ea50f 100644
--- a/models/issues/issue.go
+++ b/models/issues/issue.go
@@ -116,7 +116,7 @@ type Issue struct {
 
 	DeadlineUnix timeutil.TimeStamp `xorm:"INDEX"`
 
-	Created timeutil.TimeStampNano
+	Created timeutil.TimeStampNano // more precise Created, but may not be populated for older issues
 
 	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
 	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
diff --git a/models/issues/stopwatch.go b/models/issues/stopwatch.go
index 2ff2a17d92..90a637e993 100644
--- a/models/issues/stopwatch.go
+++ b/models/issues/stopwatch.go
@@ -32,8 +32,8 @@ func (err ErrIssueStopwatchNotExist) Unwrap() error {
 // Stopwatch represents a stopwatch for time tracking.
 type Stopwatch struct {
 	ID          int64              `xorm:"pk autoincr"`
-	IssueID     int64              `xorm:"INDEX"`
-	UserID      int64              `xorm:"INDEX"`
+	IssueID     int64              `xorm:"INDEX REFERENCES(issue, id)"`
+	UserID      int64              `xorm:"INDEX REFERENCES(user, id)"`
 	CreatedUnix timeutil.TimeStamp `xorm:"created"`
 }
 
@@ -63,7 +63,7 @@ func getStopwatch(ctx context.Context, userID, issueID int64) (sw *Stopwatch, ex
 // GetUIDsAndNotificationCounts between the two provided times
 func GetUIDsAndStopwatch(ctx context.Context) (map[int64][]*Stopwatch, error) {
 	sws := []*Stopwatch{}
-	if err := db.GetEngine(ctx).Where("issue_id != 0").Find(&sws); err != nil {
+	if err := db.GetEngine(ctx).Find(&sws); err != nil {
 		return nil, err
 	}
 	res := map[int64][]*Stopwatch{}
diff --git a/models/issues/tracked_time.go b/models/issues/tracked_time.go
index 05d7b15815..d229d83470 100644
--- a/models/issues/tracked_time.go
+++ b/models/issues/tracked_time.go
@@ -22,9 +22,9 @@ import (
 // TrackedTime represents a time that was spent for a specific issue.
 type TrackedTime struct {
 	ID          int64            `xorm:"pk autoincr"`
-	IssueID     int64            `xorm:"INDEX"`
+	IssueID     int64            `xorm:"INDEX REFERENCES(issue, id)"`
 	Issue       *Issue           `xorm:"-"`
-	UserID      int64            `xorm:"INDEX"`
+	UserID      int64            `xorm:"INDEX REFERENCES(user, id)"`
 	User        *user_model.User `xorm:"-"`
 	Created     time.Time        `xorm:"-"`
 	CreatedUnix int64            `xorm:"created"`
diff --git a/models/perm/access/access.go b/models/perm/access/access.go
index 87ee600a15..54526d0f5c 100644
--- a/models/perm/access/access.go
+++ b/models/perm/access/access.go
@@ -22,8 +22,8 @@ import (
 // repository, the members of the owners team are in this table.
 type Access struct {
 	ID     int64 `xorm:"pk autoincr"`
-	UserID int64 `xorm:"UNIQUE(s)"`
-	RepoID int64 `xorm:"UNIQUE(s)"`
+	UserID int64 `xorm:"UNIQUE(s) REFERENCES(user, id)"`
+	RepoID int64 `xorm:"UNIQUE(s) REFERENCES(repository, id)"`
 	Mode   perm.AccessMode
 }
 
diff --git a/models/repo/TestGetUserForkLax/repository.yml b/models/repo/TestGetUserForkLax/repository.yml
new file mode 100644
index 0000000000..c91ba18678
--- /dev/null
+++ b/models/repo/TestGetUserForkLax/repository.yml
@@ -0,0 +1,32 @@
+-
+  id: 64
+  owner_id: 15
+  owner_name: user15
+  lower_name: repo10
+  name: repo10
+  default_branch: master
+  num_watches: 0
+  num_stars: 0
+  num_forks: 0
+  num_issues: 0
+  num_closed_issues: 0
+  num_pulls: 0
+  num_closed_pulls: 0
+  num_milestones: 0
+  num_closed_milestones: 0
+  num_projects: 0
+  num_closed_projects: 0
+  is_private: false
+  is_empty: false
+  is_archived: false
+  is_mirror: false
+  status: 0
+  is_fork: true
+  fork_id: 10
+  is_template: false
+  template_id: 0
+  size: 0
+  is_fsck_enabled: true
+  close_issues_via_commit_in_any_branch: false
+  topics: '[]'
+
diff --git a/models/repo/TestGetUserForkLaxWithTwoChoices/repository.yml b/models/repo/TestGetUserForkLaxWithTwoChoices/repository.yml
new file mode 100644
index 0000000000..859e76db88
--- /dev/null
+++ b/models/repo/TestGetUserForkLaxWithTwoChoices/repository.yml
@@ -0,0 +1,63 @@
+-
+  id: 64
+  owner_id: 15
+  owner_name: user15
+  lower_name: repo10
+  name: repo10
+  default_branch: master
+  num_watches: 0
+  num_stars: 0
+  num_forks: 0
+  num_issues: 0
+  num_closed_issues: 0
+  num_pulls: 0
+  num_closed_pulls: 0
+  num_milestones: 0
+  num_closed_milestones: 0
+  num_projects: 0
+  num_closed_projects: 0
+  is_private: false
+  is_empty: false
+  is_archived: false
+  is_mirror: false
+  status: 0
+  is_fork: true
+  fork_id: 10
+  is_template: false
+  template_id: 0
+  size: 0
+  is_fsck_enabled: true
+  close_issues_via_commit_in_any_branch: false
+  topics: '[]'
+-
+  id: 65
+  owner_id: 15
+  owner_name: user15
+  lower_name: repo11
+  name: repo11
+  default_branch: master
+  num_watches: 0
+  num_stars: 0
+  num_forks: 0
+  num_issues: 0
+  num_closed_issues: 0
+  num_pulls: 0
+  num_closed_pulls: 0
+  num_milestones: 0
+  num_closed_milestones: 0
+  num_projects: 0
+  num_closed_projects: 0
+  is_private: false
+  is_empty: false
+  is_archived: false
+  is_mirror: false
+  status: 0
+  is_fork: true
+  fork_id: 11
+  is_template: false
+  template_id: 0
+  size: 0
+  is_fsck_enabled: true
+  close_issues_via_commit_in_any_branch: false
+  topics: '[]'
+
diff --git a/models/repo/collaboration.go b/models/repo/collaboration.go
index 16d10d38b6..eec03b92b5 100644
--- a/models/repo/collaboration.go
+++ b/models/repo/collaboration.go
@@ -19,8 +19,8 @@ import (
 // Collaboration represent the relation between an individual and a repository.
 type Collaboration struct {
 	ID          int64              `xorm:"pk autoincr"`
-	RepoID      int64              `xorm:"UNIQUE(s) INDEX NOT NULL"`
-	UserID      int64              `xorm:"UNIQUE(s) INDEX NOT NULL"`
+	RepoID      int64              `xorm:"UNIQUE(s) INDEX NOT NULL REFERENCES(repository, id)"`
+	UserID      int64              `xorm:"UNIQUE(s) INDEX NOT NULL REFERENCES(user, id)"`
 	Mode        perm.AccessMode    `xorm:"DEFAULT 2 NOT NULL"`
 	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
 	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
diff --git a/models/repo/fork.go b/models/repo/fork.go
index ed8b488738..f96f4cf117 100644
--- a/models/repo/fork.go
+++ b/models/repo/fork.go
@@ -5,6 +5,7 @@ package repo
 
 import (
 	"context"
+	"fmt"
 
 	"forgejo.org/models/db"
 	"forgejo.org/models/unit"
@@ -42,6 +43,22 @@ func HasForkedRepo(ctx context.Context, ownerID, repoID int64) bool {
 	return has
 }
 
+// HasForkedRepoLax checks if given user has already forked a repository with given ID,
+// or if it the target repository is itself a fork, whether the user has a fork of its base
+// (as that can also be used to make a PR).
+func HasForkedRepoLax(ctx context.Context, ownerID int64, baseRepo *Repository) bool {
+	query := db.GetEngine(ctx).
+		Table("repository").
+		Where("owner_id=?", ownerID)
+	if baseRepo.IsFork {
+		query = query.And("fork_id=? OR fork_id=?", baseRepo.ID, baseRepo.ForkID)
+	} else {
+		query = query.And("fork_id=?", baseRepo.ID)
+	}
+	has, _ := query.Exist()
+	return has
+}
+
 // GetUserFork return user forked repository from this repository, if not forked return nil
 func GetUserFork(ctx context.Context, repoID, userID int64) (*Repository, error) {
 	var forkedRepo Repository
@@ -55,6 +72,31 @@ func GetUserFork(ctx context.Context, repoID, userID int64) (*Repository, error)
 	return &forkedRepo, nil
 }
 
+// GetUserForkLax returns the user forked repository from this repository.
+// If the passed repository is itself a fork and we have a fork of its base, it will be used as
+// a fall-back. Otherwise return nil.
+func GetUserForkLax(ctx context.Context, baseRepo *Repository, userID int64) (*Repository, error) {
+	var forkedRepo Repository
+	query := db.GetEngine(ctx).Where("owner_id = ?", userID)
+	if baseRepo.IsFork {
+		query = query.And("fork_id = ? OR fork_id = ?", baseRepo.ID, baseRepo.ForkID)
+		// prefer any repository that is marked as an exact fork of the target
+		// (ordering by a boolean means returning the rows where the condition is false first,
+		// hence the counter-intuitive condition)
+		query.OrderBy(fmt.Sprintf("fork_id != %d", baseRepo.ID))
+	} else {
+		query = query.And("fork_id = ?", baseRepo.ID)
+	}
+	has, err := query.Get(&forkedRepo)
+	if err != nil {
+		return nil, err
+	}
+	if !has {
+		return nil, nil
+	}
+	return &forkedRepo, nil
+}
+
 // GetForks returns all the forks of the repository that are visible to the user.
 func GetForks(ctx context.Context, repo *Repository, user *user_model.User, listOptions db.ListOptions) ([]*Repository, int64, error) {
 	sess := db.GetEngine(ctx).Where(AccessibleRepositoryCondition(user, unit.TypeInvalid))
diff --git a/models/repo/fork_test.go b/models/repo/fork_test.go
index d567081ee6..fe18bbb423 100644
--- a/models/repo/fork_test.go
+++ b/models/repo/fork_test.go
@@ -32,3 +32,80 @@ func TestGetUserFork(t *testing.T) {
 	require.NoError(t, err)
 	assert.Nil(t, repo)
 }
+
+func TestGetUserForkLax(t *testing.T) {
+	defer unittest.OverrideFixtures("models/repo/TestGetUserForkLax")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	// User13 has repo 11 forked from repo10
+	repo10, err := repo_model.GetRepositoryByID(db.DefaultContext, 10)
+	require.NoError(t, err)
+	assert.NotNil(t, repo10)
+	require.True(t, repo_model.HasForkedRepoLax(db.DefaultContext, 13, repo10))
+	repo11, err := repo_model.GetUserForkLax(db.DefaultContext, repo10, 13)
+	require.NoError(t, err)
+	assert.NotNil(t, repo11)
+	assert.Equal(t, int64(11), repo11.ID)
+	assert.Equal(t, int64(10), repo11.ForkID)
+
+	// user13 does not have a fork of repo9
+	repo9, err := repo_model.GetRepositoryByID(db.DefaultContext, 9)
+	require.NoError(t, err)
+	assert.NotNil(t, repo9)
+	require.False(t, repo_model.HasForkedRepoLax(db.DefaultContext, 13, repo9))
+	fork, err := repo_model.GetUserForkLax(db.DefaultContext, repo9, 13)
+	require.NoError(t, err)
+	assert.Nil(t, fork)
+
+	// User15 has repo id 64 forked from repo10, which counts as a fork of repo11 since they have a common base
+	require.False(t, repo_model.HasForkedRepo(db.DefaultContext, 15, repo11.ID))
+	require.True(t, repo_model.HasForkedRepoLax(db.DefaultContext, 15, repo11))
+	fork, err = repo_model.GetUserForkLax(db.DefaultContext, repo11, 15)
+	require.NoError(t, err)
+	assert.NotNil(t, fork)
+	assert.Equal(t, int64(64), fork.ID)
+	assert.Equal(t, int64(10), fork.ForkID)
+}
+
+func TestGetUserForkLaxWithTwoChoices(t *testing.T) {
+	defer unittest.OverrideFixtures("models/repo/TestGetUserForkLaxWithTwoChoices")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	// Test scenario:
+	//
+	// - repo10
+	//     - forked by user15 as repo64
+	//     - forked by user13 as repo11
+	//         - forked by user15 as repo65
+	//
+	// In this scenario, both repo64 and repo65 can be used as forks of repo11 for user15,
+	// but we prefer to use repo65 because it's specifically marked as a fork of repo11
+
+	repo10, err := repo_model.GetRepositoryByID(db.DefaultContext, 10)
+	require.NoError(t, err)
+	assert.NotNil(t, repo10)
+
+	// User15 has repo64 forked from repo10
+	require.True(t, repo_model.HasForkedRepoLax(db.DefaultContext, 15, repo10))
+	repo64, err := repo_model.GetUserForkLax(db.DefaultContext, repo10, 15)
+	require.NoError(t, err)
+	assert.NotNil(t, repo64)
+	assert.Equal(t, int64(64), repo64.ID)
+	assert.Equal(t, int64(10), repo64.ForkID)
+
+	// User13 has repo11 forked from repo10
+	require.True(t, repo_model.HasForkedRepoLax(db.DefaultContext, 13, repo10))
+	repo11, err := repo_model.GetUserForkLax(db.DefaultContext, repo10, 13)
+	require.NoError(t, err)
+	assert.NotNil(t, repo11)
+	assert.Equal(t, int64(11), repo11.ID)
+	assert.Equal(t, int64(10), repo11.ForkID)
+
+	// User15 has repo65 forked from repo11
+	require.True(t, repo_model.HasForkedRepoLax(db.DefaultContext, 15, repo11))
+	repo65, err := repo_model.GetUserForkLax(db.DefaultContext, repo11, 15)
+	require.NoError(t, err)
+	assert.NotNil(t, repo65)
+	assert.Equal(t, int64(65), repo65.ID)
+	assert.Equal(t, int64(11), repo65.ForkID)
+}
diff --git a/models/repo/upload.go b/models/repo/upload.go
index 49152db7fd..a213cb1986 100644
--- a/models/repo/upload.go
+++ b/models/repo/upload.go
@@ -104,17 +104,6 @@ func GetUploadByUUID(ctx context.Context, uuid string) (*Upload, error) {
 	return upload, nil
 }
 
-// GetUploadsByUUIDs returns multiple uploads by UUIDS
-func GetUploadsByUUIDs(ctx context.Context, uuids []string) ([]*Upload, error) {
-	if len(uuids) == 0 {
-		return []*Upload{}, nil
-	}
-
-	// Silently drop invalid uuids.
-	uploads := make([]*Upload, 0, len(uuids))
-	return uploads, db.GetEngine(ctx).In("uuid", uuids).Find(&uploads)
-}
-
 // DeleteUploads deletes multiple uploads
 func DeleteUploads(ctx context.Context, uploads ...*Upload) (err error) {
 	if len(uploads) == 0 {
diff --git a/models/unit/lint-locale-usage/llu.go b/models/unit/lint-locale-usage/llu.go
new file mode 100644
index 0000000000..51e120dba2
--- /dev/null
+++ b/models/unit/lint-locale-usage/llu.go
@@ -0,0 +1,38 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package lintLocaleUsage
+
+import (
+	"go/ast"
+	"go/token"
+	"strconv"
+
+	llu "forgejo.org/build/lint-locale-usage"
+)
+
+func HandleCompositeUnit(handler llu.Handler, fset *token.FileSet, n *ast.CompositeLit) {
+	ident, ok := n.Type.(*ast.Ident)
+	if !ok || ident.Name != "Unit" {
+		return
+	}
+
+	if len(n.Elts) != 6 {
+		handler.OnWarning(fset, n.Pos(), "unexpected initialization of 'Unit' (unexpected number of arguments)")
+		return
+	}
+	// NameKey has index 2
+	//   invoked like '{{ctx.Locale.Tr $unit.NameKey}}'
+	nameKey, ok := n.Elts[2].(*ast.BasicLit)
+	if !ok || nameKey.Kind != token.STRING {
+		handler.OnWarning(fset, n.Elts[2].Pos(), "unexpected initialization of 'Unit' (expected string literal as NameKey)")
+		return
+	}
+
+	// extract string content
+	arg, err := strconv.Unquote(nameKey.Value)
+	if err == nil {
+		// found interesting strings
+		handler.OnMsgid(fset, nameKey.ValuePos, arg, false)
+	}
+}
diff --git a/models/unittest/fixture_loader.go b/models/unittest/fixture_loader.go
index 0b4ab52c61..5aea06550c 100644
--- a/models/unittest/fixture_loader.go
+++ b/models/unittest/fixture_loader.go
@@ -10,8 +10,10 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"slices"
 	"strings"
 
+	"forgejo.org/models/db"
 	"forgejo.org/modules/container"
 
 	"go.yaml.in/yaml/v3"
@@ -41,7 +43,7 @@ func newFixtureLoader(db *sql.DB, dialect string, fixturePaths []string, allTabl
 		fixtureFiles: []*fixtureFile{},
 	}
 
-	tablesWithoutFixture := allTableNames
+	tablesWithoutFixture := allTableNames.Clone()
 
 	// Load fixtures
 	for _, fixturePath := range fixturePaths {
@@ -63,8 +65,10 @@ func newFixtureLoader(db *sql.DB, dialect string, fixturePaths []string, allTabl
 					if err != nil {
 						return nil, err
 					}
-					l.fixtureFiles = append(l.fixtureFiles, fixtureFile)
-					tablesWithoutFixture.Remove(fixtureFile.name)
+					if allTableNames.Contains(fixtureFile.name) {
+						l.fixtureFiles = append(l.fixtureFiles, fixtureFile)
+						tablesWithoutFixture.Remove(fixtureFile.name)
+					}
 				}
 			}
 		} else {
@@ -72,7 +76,10 @@ func newFixtureLoader(db *sql.DB, dialect string, fixturePaths []string, allTabl
 			if err != nil {
 				return nil, err
 			}
-			l.fixtureFiles = append(l.fixtureFiles, fixtureFile)
+			if allTableNames.Contains(fixtureFile.name) {
+				l.fixtureFiles = append(l.fixtureFiles, fixtureFile)
+				tablesWithoutFixture.Remove(fixtureFile.name)
+			}
 		}
 	}
 
@@ -84,6 +91,8 @@ func newFixtureLoader(db *sql.DB, dialect string, fixturePaths []string, allTabl
 		})
 	}
 
+	l.orderFixtures()
+
 	return l, nil
 }
 
@@ -179,6 +188,14 @@ func (l *loader) buildFixtureFile(fixturePath string) (*fixtureFile, error) {
 	return fixture, nil
 }
 
+// Reorganize `fixtureFiles` based upon the order that they'll need to be inserted into the database to satisfy foreign
+// key constraints.
+func (l *loader) orderFixtures() {
+	slices.SortFunc(l.fixtureFiles, func(v1, v2 *fixtureFile) int {
+		return db.TableNameInsertionOrderSortFunc(v1.name, v2.name)
+	})
+}
+
 func (l *loader) Load() error {
 	// Start transaction.
 	tx, err := l.db.Begin()
@@ -192,14 +209,18 @@ func (l *loader) Load() error {
 
 	// Clean the table and re-insert the fixtures.
 	tableDeleted := make(container.Set[string])
-	for _, fixture := range l.fixtureFiles {
+
+	// Issue deletes first, in reverse of insertion order, to maintain foreign key constraints.
+	for i := len(l.fixtureFiles) - 1; i >= 0; i-- {
+		fixture := l.fixtureFiles[i]
 		if !tableDeleted.Contains(fixture.name) {
 			if _, err := tx.Exec(fmt.Sprintf("DELETE FROM %s", l.quoteKeyword(fixture.name))); err != nil {
 				return fmt.Errorf("cannot delete table %s: %w", fixture.name, err)
 			}
 			tableDeleted.Add(fixture.name)
 		}
-
+	}
+	for _, fixture := range l.fixtureFiles {
 		for _, insertSQL := range fixture.insertSQLs {
 			if _, err := tx.Exec(insertSQL.statement, insertSQL.values...); err != nil {
 				return fmt.Errorf("cannot insert %q with values %q: %w", insertSQL.statement, insertSQL.values, err)
diff --git a/models/unittest/fixtures.go b/models/unittest/fixtures.go
index 829cc16466..0019ae147b 100644
--- a/models/unittest/fixtures.go
+++ b/models/unittest/fixtures.go
@@ -80,8 +80,13 @@ func InitFixtures(opts FixturesOptions, engine ...*xorm.Engine) (err error) {
 	}
 
 	var allTables container.Set[string]
-	if !opts.SkipCleanRegistedModels {
+	if opts.OnlyAffectModels == nil {
 		allTables = allTableNames().Clone()
+	} else {
+		allTables = make(container.Set[string])
+		for _, bean := range opts.OnlyAffectModels {
+			allTables.Add(e.TableName(bean))
+		}
 	}
 
 	fixturesLoader, err = newFixtureLoader(e.DB().DB, dialect, fixturePaths, allTables)
diff --git a/models/unittest/testdb.go b/models/unittest/testdb.go
index 795b1f8719..0fbf7ff6bb 100644
--- a/models/unittest/testdb.go
+++ b/models/unittest/testdb.go
@@ -217,10 +217,9 @@ type FixturesOptions struct {
 	Files []string
 	Dirs  []string
 	Base  string
-	// By default all registered models are cleaned, even if they do not have
-	// fixture. Enabling this will skip that and only models with fixtures are
-	// considered.
-	SkipCleanRegistedModels bool
+	// By default all registered models are cleaned, even if they do not have fixture. When OnlyAffectModels is not-nil,
+	// cleaning registered models will be skipped and only these models with fixtures are considered.
+	OnlyAffectModels []any
 }
 
 // CreateTestEngine creates a memory database and loads the fixture data from fixturesDir
diff --git a/models/user/search.go b/models/user/search.go
index b30422e269..08cf6a14a3 100644
--- a/models/user/search.go
+++ b/models/user/search.go
@@ -38,6 +38,7 @@ type SearchUserOptions struct {
 	IsRestricted       optional.Option[bool]
 	IsTwoFactorEnabled optional.Option[bool]
 	IsProhibitLogin    optional.Option[bool]
+	AccountType        optional.Option[UserType]
 	IncludeReserved    bool
 
 	Load2FAStatus     bool
@@ -123,6 +124,10 @@ func (opts *SearchUserOptions) toSearchQueryBase(ctx context.Context) *xorm.Sess
 		cond = cond.And(builder.Eq{"prohibit_login": opts.IsProhibitLogin.Value()})
 	}
 
+	if opts.AccountType.Has() {
+		cond = cond.And(builder.Eq{"type": opts.AccountType.Value()})
+	}
+
 	e := db.GetEngine(ctx)
 	if !opts.IsTwoFactorEnabled.Has() {
 		return e.Where(cond)
diff --git a/models/user/user.go b/models/user/user.go
index 8cdecc06e4..819199607d 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -1194,7 +1194,9 @@ func ValidateCommitsWithEmails(ctx context.Context, oldCommits []*git.Commit) []
 	return newCommits
 }
 
-// GetUserByEmail returns the user object by given e-mail if exists.
+// GetUserByEmail returns the user associated with the email, if it exists
+// and is activated. If the email is a no-reply address, then the user
+// associated with that no-reply address is returned.
 func GetUserByEmail(ctx context.Context, email string) (*User, error) {
 	if len(email) == 0 {
 		return nil, ErrUserNotExist{Name: email}
@@ -1227,6 +1229,26 @@ func GetUserByEmail(ctx context.Context, email string) (*User, error) {
 	return nil, ErrUserNotExist{Name: email}
 }
 
+// GetUserByEmailSimple returns the user associated with the email, if it exists.
+//
+// NOTE: You likely should use `GetUserByEmail`, which handles the no-reply
+// address and only uses activated emails to get the user.
+func GetUserByEmailSimple(ctx context.Context, email string) (*User, error) {
+	if len(email) == 0 {
+		return nil, ErrUserNotExist{Name: email}
+	}
+
+	emailAddress := &EmailAddress{}
+	has, err := db.GetEngine(ctx).Where("lower_email = ?", strings.ToLower(email)).Get(emailAddress)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrUserNotExist{Name: email}
+	}
+
+	return GetUserByID(ctx, emailAddress.UID)
+}
+
 // GetUser checks if a user already exists
 func GetUser(ctx context.Context, user *User) (bool, error) {
 	return db.GetEngine(ctx).Get(user)
diff --git a/models/user/user_test.go b/models/user/user_test.go
index e4a94cbc57..0a1802ba6a 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -219,10 +219,10 @@ func TestSearchUsers(t *testing.T) {
 	}
 
 	testUserSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}},
-		[]int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32, 34, 37, 38, 39, 40, 1041})
+		[]int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32, 34, 37, 38, 39, 40, 42, 1041})
 
 	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsActive: optional.Some(false)},
-		[]int64{9})
+		[]int64{42, 9})
 
 	testUserSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: optional.Some(true)},
 		[]int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32, 34, 37, 38, 39, 40, 1041})
@@ -999,6 +999,7 @@ func TestPronounsPrivacy(t *testing.T) {
 
 func TestGetUserByEmail(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
+	defer test.MockVariableValue(&setting.Service.NoReplyAddress, "noreply.example.org")()
 
 	t.Run("Normal", func(t *testing.T) {
 		u, err := user_model.GetUserByEmail(t.Context(), "user2@example.com")
@@ -1017,4 +1018,33 @@ func TestGetUserByEmail(t *testing.T) {
 		require.NoError(t, err)
 		assert.EqualValues(t, 1, u.ID)
 	})
+
+	t.Run("No-reply", func(t *testing.T) {
+		u, err := user_model.GetUserByEmail(t.Context(), "user1@noreply.example.org")
+		require.NoError(t, err)
+		assert.EqualValues(t, 1, u.ID)
+	})
+}
+
+func TestGetUserByEmailSimple(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	defer test.MockVariableValue(&setting.Service.NoReplyAddress, "noreply.example.org")()
+
+	t.Run("Normal", func(t *testing.T) {
+		u, err := user_model.GetUserByEmailSimple(t.Context(), "user2@example.com")
+		require.NoError(t, err)
+		assert.EqualValues(t, 2, u.ID)
+	})
+
+	t.Run("Not activated", func(t *testing.T) {
+		u, err := user_model.GetUserByEmailSimple(t.Context(), "user11@example.com")
+		require.NoError(t, err)
+		assert.EqualValues(t, 11, u.ID)
+	})
+
+	t.Run("No-reply", func(t *testing.T) {
+		u, err := user_model.GetUserByEmailSimple(t.Context(), "user1@noreply.example.org")
+		require.ErrorIs(t, err, user_model.ErrUserNotExist{Name: "user1@noreply.example.org"})
+		assert.Nil(t, u)
+	})
 }
diff --git a/modules/actions/workflows.go b/modules/actions/workflows.go
index c3960d140a..f50e5f8289 100644
--- a/modules/actions/workflows.go
+++ b/modules/actions/workflows.go
@@ -21,9 +21,10 @@ import (
 )
 
 type DetectedWorkflow struct {
-	EntryName    string
-	TriggerEvent *jobparser.Event
-	Content      []byte
+	EntryName           string
+	TriggerEvent        *jobparser.Event
+	Content             []byte
+	EventDetectionError error
 }
 
 func init() {
@@ -127,7 +128,8 @@ func DetectWorkflows(
 				TriggerEvent: &jobparser.Event{
 					Name: triggedEvent.Event(),
 				},
-				Content: content,
+				Content:             content,
+				EventDetectionError: err,
 			}
 			workflows = append(workflows, dwf)
 			continue
diff --git a/modules/avatar/avatar.go b/modules/avatar/avatar.go
index 33af60a3b8..5ab872f953 100644
--- a/modules/avatar/avatar.go
+++ b/modules/avatar/avatar.go
@@ -10,6 +10,7 @@ import (
 	"image"
 	"image/color"
 	"image/png"
+	"io"
 
 	_ "image/gif"  // for processing gif images
 	_ "image/jpeg" // for processing jpeg images
@@ -17,6 +18,7 @@ import (
 	"forgejo.org/modules/avatar/identicon"
 	"forgejo.org/modules/setting"
 
+	exif_terminator "code.superseriousbusiness.org/exif-terminator"
 	"golang.org/x/image/draw"
 
 	_ "golang.org/x/image/webp" // for processing webp images
@@ -66,15 +68,29 @@ func processAvatarImage(data []byte, maxOriginSize int64) ([]byte, error) {
 		return nil, fmt.Errorf("image height is too large: %d > %d", imgCfg.Height, setting.Avatar.MaxHeight)
 	}
 
+	var cleanedBytes []byte
+	if imgType != "gif" { // "gif" is the only imgType supported above, but not supported by exif_terminator
+		cleanedData, err := exif_terminator.Terminate(bytes.NewReader(data), imgType)
+		if err != nil {
+			return nil, fmt.Errorf("error cleaning exif data: %w", err)
+		}
+		cleanedBytes, err = io.ReadAll(cleanedData)
+		if err != nil {
+			return nil, fmt.Errorf("error reading cleaned data: %w", err)
+		}
+	} else { // gif
+		cleanedBytes = data
+	}
+
 	// If the origin is small enough, just use it, then APNG could be supported,
 	// otherwise, if the image is processed later, APNG loses animation.
 	// And one more thing, webp is not fully supported, for animated webp, image.DecodeConfig works but Decode fails.
 	// So for animated webp, if the uploaded file is smaller than maxOriginSize, it will be used, if it's larger, there will be an error.
 	if len(data) < int(maxOriginSize) {
-		return data, nil
+		return cleanedBytes, nil
 	}
 
-	img, _, err := image.Decode(bytes.NewReader(data))
+	img, _, err := image.Decode(bytes.NewReader(cleanedBytes))
 	if err != nil {
 		return nil, fmt.Errorf("image.Decode: %w", err)
 	}
@@ -94,7 +110,7 @@ func processAvatarImage(data []byte, maxOriginSize int64) ([]byte, error) {
 
 	// usually the png compression is not good enough, use the original image (no cropping/resizing) if the origin is smaller
 	if len(data) <= len(resized) {
-		return data, nil
+		return cleanedBytes, nil
 	}
 
 	return resized, nil
diff --git a/modules/avatar/avatar_test.go b/modules/avatar/avatar_test.go
index 5c21ad5824..7a395c49cc 100644
--- a/modules/avatar/avatar_test.go
+++ b/modules/avatar/avatar_test.go
@@ -11,7 +11,10 @@ import (
 	"testing"
 
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
 
+	jpegstructure "code.superseriousbusiness.org/go-jpeg-image-structure/v2"
+	"github.com/dsoprea/go-exif/v3"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -30,8 +33,8 @@ func Test_RandomImage(t *testing.T) {
 }
 
 func Test_ProcessAvatarPNG(t *testing.T) {
-	setting.Avatar.MaxWidth = 4096
-	setting.Avatar.MaxHeight = 4096
+	defer test.MockVariableValue(&setting.Avatar.MaxWidth, 4096)()
+	defer test.MockVariableValue(&setting.Avatar.MaxHeight, 4096)()
 
 	data, err := os.ReadFile("testdata/avatar.png")
 	require.NoError(t, err)
@@ -41,8 +44,8 @@ func Test_ProcessAvatarPNG(t *testing.T) {
 }
 
 func Test_ProcessAvatarJPEG(t *testing.T) {
-	setting.Avatar.MaxWidth = 4096
-	setting.Avatar.MaxHeight = 4096
+	defer test.MockVariableValue(&setting.Avatar.MaxWidth, 4096)()
+	defer test.MockVariableValue(&setting.Avatar.MaxHeight, 4096)()
 
 	data, err := os.ReadFile("testdata/avatar.jpeg")
 	require.NoError(t, err)
@@ -51,17 +54,28 @@ func Test_ProcessAvatarJPEG(t *testing.T) {
 	require.NoError(t, err)
 }
 
+func Test_ProcessAvatarGIF(t *testing.T) {
+	defer test.MockVariableValue(&setting.Avatar.MaxWidth, 4096)()
+	defer test.MockVariableValue(&setting.Avatar.MaxHeight, 4096)()
+
+	data, err := os.ReadFile("testdata/avatar.gif")
+	require.NoError(t, err)
+
+	_, err = processAvatarImage(data, 262144)
+	require.NoError(t, err)
+}
+
 func Test_ProcessAvatarInvalidData(t *testing.T) {
-	setting.Avatar.MaxWidth = 5
-	setting.Avatar.MaxHeight = 5
+	defer test.MockVariableValue(&setting.Avatar.MaxWidth, 5)()
+	defer test.MockVariableValue(&setting.Avatar.MaxHeight, 5)()
 
 	_, err := processAvatarImage([]byte{}, 12800)
 	assert.EqualError(t, err, "image.DecodeConfig: image: unknown format")
 }
 
 func Test_ProcessAvatarInvalidImageSize(t *testing.T) {
-	setting.Avatar.MaxWidth = 5
-	setting.Avatar.MaxHeight = 5
+	defer test.MockVariableValue(&setting.Avatar.MaxWidth, 5)()
+	defer test.MockVariableValue(&setting.Avatar.MaxHeight, 5)()
 
 	data, err := os.ReadFile("testdata/avatar.png")
 	require.NoError(t, err)
@@ -71,8 +85,8 @@ func Test_ProcessAvatarInvalidImageSize(t *testing.T) {
 }
 
 func Test_ProcessAvatarImage(t *testing.T) {
-	setting.Avatar.MaxWidth = 4096
-	setting.Avatar.MaxHeight = 4096
+	defer test.MockVariableValue(&setting.Avatar.MaxWidth, 4096)()
+	defer test.MockVariableValue(&setting.Avatar.MaxHeight, 4096)()
 	scaledSize := DefaultAvatarSize * setting.Avatar.RenderedSizeFactor
 
 	newImgData := func(size int, optHeight ...int) []byte {
@@ -135,3 +149,40 @@ func Test_ProcessAvatarImage(t *testing.T) {
 	_, err = processAvatarImage(origin, 262144)
 	require.ErrorContains(t, err, "image width is too large: 10 > 5")
 }
+
+func safeExifJpeg(t *testing.T, jpeg []byte) {
+	t.Helper()
+
+	parser := jpegstructure.NewJpegMediaParser()
+	mediaContext, err := parser.ParseBytes(jpeg)
+	require.NoError(t, err)
+
+	sl := mediaContext.(*jpegstructure.SegmentList)
+
+	rootIfd, _, err := sl.Exif()
+	require.NoError(t, err)
+	err = rootIfd.EnumerateTagsRecursively(func(ifd *exif.Ifd, ite *exif.IfdTagEntry) error {
+		assert.Equal(t, "Orientation", ite.TagName(), "only Orientation EXIF tag expected")
+		return nil
+	})
+	require.NoError(t, err)
+}
+
+func Test_ProcessAvatarExif(t *testing.T) {
+	t.Run("greater than max origin size", func(t *testing.T) {
+		data, err := os.ReadFile("testdata/exif.jpg")
+		require.NoError(t, err)
+
+		processedData, err := processAvatarImage(data, 12800)
+		require.NoError(t, err)
+		safeExifJpeg(t, processedData)
+	})
+	t.Run("smaller than max origin size", func(t *testing.T) {
+		data, err := os.ReadFile("testdata/exif.jpg")
+		require.NoError(t, err)
+
+		processedData, err := processAvatarImage(data, 128000)
+		require.NoError(t, err)
+		safeExifJpeg(t, processedData)
+	})
+}
diff --git a/modules/avatar/testdata/avatar.gif b/modules/avatar/testdata/avatar.gif
new file mode 100644
index 0000000000..a70fbacd25
Binary files /dev/null and b/modules/avatar/testdata/avatar.gif differ
diff --git a/modules/avatar/testdata/exif.jpg b/modules/avatar/testdata/exif.jpg
new file mode 100644
index 0000000000..7e71d9b8f4
Binary files /dev/null and b/modules/avatar/testdata/exif.jpg differ
diff --git a/modules/container/set.go b/modules/container/set.go
index d3719dc552..6535d1e4bd 100644
--- a/modules/container/set.go
+++ b/modules/container/set.go
@@ -79,3 +79,22 @@ func (s Set[T]) Seq() iter.Seq[T] {
 func (s Set[T]) Clone() Set[T] {
 	return maps.Clone(s)
 }
+
+// Computes the elements that are in this set, that aren't in the other set.
+func (s Set[T]) Difference(other Set[T]) Set[T] {
+	result := make(Set[T])
+	for key := range s {
+		if !other.Contains(key) {
+			result.Add(key)
+		}
+	}
+	return result
+}
+
+func (s Set[T]) Slice() []T {
+	retval := make([]T, 0, len(s))
+	for key := range s {
+		retval = append(retval, key)
+	}
+	return retval
+}
diff --git a/modules/git/commit_reader.go b/modules/git/commit_reader.go
index ec8989f5a7..37b0c8c606 100644
--- a/modules/git/commit_reader.go
+++ b/modules/git/commit_reader.go
@@ -24,6 +24,7 @@ func CommitFromReader(gitRepo *Repository, objectID ObjectID, reader io.Reader)
 	payloadSB := new(strings.Builder)
 	signatureSB := new(strings.Builder)
 	messageSB := new(strings.Builder)
+	firstLine := true
 	message := false
 	pgpsig := false
 
@@ -83,21 +84,25 @@ readLoop:
 				commit.Committer = &Signature{}
 				commit.Committer.Decode(data)
 				_, _ = payloadSB.Write(line)
-			case "encoding":
-				_, _ = payloadSB.Write(line)
-			case "change-id": // jj-vcs specific header.
-				_, _ = payloadSB.Write(line)
 			case "gpgsig":
 				fallthrough
 			case "gpgsig-sha256": // FIXME: no intertop, so only 1 exists at present.
 				_, _ = signatureSB.Write(data)
 				_ = signatureSB.WriteByte('\n')
 				pgpsig = true
+			default:
+				// If the first line is not any of the known headers, then it is probably the prefix added when git cat-file is called with --batch, and that is not part of the payload
+				if !firstLine {
+					// Every subsequent header field is added to the payload
+					_, _ = payloadSB.Write(line)
+				}
 			}
 		} else {
 			_, _ = messageSB.Write(line)
 			_, _ = payloadSB.Write(line)
 		}
+
+		firstLine = false
 	}
 	commit.CommitMessage = messageSB.String()
 	commit.Signature = &ObjectSignature{
diff --git a/modules/git/commit_test.go b/modules/git/commit_test.go
index ee57a735e6..cd6b17d0d7 100644
--- a/modules/git/commit_test.go
+++ b/modules/git/commit_test.go
@@ -239,6 +239,77 @@ January where the year starts on a Monday :)`, commitFromReader.Signature.Payloa
 	assert.Equal(t, "Nicole Patricia Mazzuca <nicole@strega-nil.co>", commitFromReader.Author.String())
 }
 
+func TestGitbutlerCustomHeaderFields(t *testing.T) {
+	// example from: https://github.com/go-gitea/gitea/issues/34529#issuecomment-2908481092
+	commitString := `tree a29321bf9e3ec433ed9e47b1cbbac6906c71fc60
+parent c0d83043ade7fa3ca10659608799477e9daa670b
+author Sebastian Thiel <sebastian.thiel@icloud.com> 1747920681 +0200
+committer Sebastian Thiel <sebastian.thiel@icloud.com> 1748010747 +0200
+gitbutler-headers-version 2
+gitbutler-change-id 1063f7ea-d841-43b3-903a-01747681c40d
+gpgsig -----BEGIN PGP SIGNATURE-----
+ 
+ iQIzBAABCAAdFiEE6vnM/NCHZAjyl8YKnLXueJXoJosFAmgwhvsACgkQnLXueJXo
+ JovXUxAAq0WKJILCUAxyhwh5tRdxJTB2NjiCLf+ggLfjyrWPtMWPi/YUt7iGPB2H
+ Wbv9U7l5t+54fPX8TQtBKZ79YaDMfYdjlfDSijmPruf8/MXB4G0rAaIajtCr0usZ
+ kJDOgmmYS7bVMybDe6guwFZappiuSS2dCEYgeJun+q7Y6IYsfvdAluJmGubQIkPT
+ rrEffqoQz3URmDYnAKW3sTRUVwCkYIJDxpl/W0Rvc0jmELdkHu7JYX7XvZBYSUDq
+ FWgzCPjyErtkKk8AqoeWtTCpL+9ozzNIXNRKjGCOL2LG4H/uuNFdM46HB+KW/7+B
+ wMGcpZk8T/zN9Cf348M+y+o09QX1OWavDS6LgvWJaDtG/swgxV96KKR5lEtdd1IU
+ JHuXfPUfGp4r378FIrbPK+Thu5bn9Yq8qGvdZOpTqDxHPU9/o9wLpJghcWJZ5O3X
+ MpK4HdN+bME2zgBd08QsOjANogbJIz9MVaMGRFlCO5iOiz2DxG+v2KkO8IRwGXaO
+ OKKQ7BD04fS2wFma862BaTtB9M9f9UTWV4e2mgRpSDJWTQKrj+HkJ63gAFQYFnfp
+ ppgqZLkmzH1Ta2U56JSMMfOoKVFgjuxRx1d+tzdC+TpQyo06NI1KkNMepK1rhFBW
+ p8hej6n/7Bl9LL/W+DKsNqW9jQbTYu66JqKs3Kg7xga6w/ss0iw=
+ =VG6I
+ -----END PGP SIGNATURE-----
+
+asdf
+asdf
+asdf
+`
+
+	sha := &Sha1Hash{0xe6, 0x69, 0x11, 0x91, 0x44, 0x14, 0xb0, 0xda, 0xa8, 0x5d, 0x4a, 0x42, 0x8c, 0x8d, 0x60, 0x7b, 0x9b, 0x24, 0x9a, 0x2c}
+	gitRepo, err := openRepositoryWithDefaultContext(filepath.Join(testReposDir, "repo1_bare"))
+	require.NoError(t, err)
+	assert.NotNil(t, gitRepo)
+	defer gitRepo.Close()
+
+	commitFromReader, err := CommitFromReader(gitRepo, sha, strings.NewReader(commitString))
+	require.NoError(t, err)
+	require.NotNil(t, commitFromReader)
+	assert.EqualValues(t, sha, commitFromReader.ID)
+	assert.Equal(t, `-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEE6vnM/NCHZAjyl8YKnLXueJXoJosFAmgwhvsACgkQnLXueJXo
+JovXUxAAq0WKJILCUAxyhwh5tRdxJTB2NjiCLf+ggLfjyrWPtMWPi/YUt7iGPB2H
+Wbv9U7l5t+54fPX8TQtBKZ79YaDMfYdjlfDSijmPruf8/MXB4G0rAaIajtCr0usZ
+kJDOgmmYS7bVMybDe6guwFZappiuSS2dCEYgeJun+q7Y6IYsfvdAluJmGubQIkPT
+rrEffqoQz3URmDYnAKW3sTRUVwCkYIJDxpl/W0Rvc0jmELdkHu7JYX7XvZBYSUDq
+FWgzCPjyErtkKk8AqoeWtTCpL+9ozzNIXNRKjGCOL2LG4H/uuNFdM46HB+KW/7+B
+wMGcpZk8T/zN9Cf348M+y+o09QX1OWavDS6LgvWJaDtG/swgxV96KKR5lEtdd1IU
+JHuXfPUfGp4r378FIrbPK+Thu5bn9Yq8qGvdZOpTqDxHPU9/o9wLpJghcWJZ5O3X
+MpK4HdN+bME2zgBd08QsOjANogbJIz9MVaMGRFlCO5iOiz2DxG+v2KkO8IRwGXaO
+OKKQ7BD04fS2wFma862BaTtB9M9f9UTWV4e2mgRpSDJWTQKrj+HkJ63gAFQYFnfp
+ppgqZLkmzH1Ta2U56JSMMfOoKVFgjuxRx1d+tzdC+TpQyo06NI1KkNMepK1rhFBW
+p8hej6n/7Bl9LL/W+DKsNqW9jQbTYu66JqKs3Kg7xga6w/ss0iw=
+=VG6I
+-----END PGP SIGNATURE-----
+`, commitFromReader.Signature.Signature)
+	assert.Equal(t, `tree a29321bf9e3ec433ed9e47b1cbbac6906c71fc60
+parent c0d83043ade7fa3ca10659608799477e9daa670b
+author Sebastian Thiel <sebastian.thiel@icloud.com> 1747920681 +0200
+committer Sebastian Thiel <sebastian.thiel@icloud.com> 1748010747 +0200
+gitbutler-headers-version 2
+gitbutler-change-id 1063f7ea-d841-43b3-903a-01747681c40d
+
+asdf
+asdf
+asdf
+`, commitFromReader.Signature.Payload)
+	assert.Equal(t, "Sebastian Thiel <sebastian.thiel@icloud.com>", commitFromReader.Author.String())
+}
+
 func TestHasPreviousCommit(t *testing.T) {
 	bareRepo1Path := filepath.Join(testReposDir, "repo1_bare")
 
diff --git a/modules/git/repo_compare.go b/modules/git/repo_compare.go
index 94f1911c4a..98a1930ac2 100644
--- a/modules/git/repo_compare.go
+++ b/modules/git/repo_compare.go
@@ -30,6 +30,12 @@ type CompareInfo struct {
 	NumFiles     int
 }
 
+// GetMergeBaseSimple returns the merge base of base and head.
+func (repo *Repository) GetMergeBaseSimple(base, head string) (string, error) {
+	stdout, _, err := NewCommand(repo.Ctx, "merge-base").AddDashesAndList(base, head).RunStdString(&RunOpts{Dir: repo.Path})
+	return strings.TrimSpace(stdout), err
+}
+
 // GetMergeBase checks and returns merge base of two branches and the reference used as base.
 func (repo *Repository) GetMergeBase(tmpRemote, base, head string) (string, string, error) {
 	if tmpRemote == "" {
@@ -174,16 +180,36 @@ func (repo *Repository) GetDiffNumChangedFiles(base, head string, directComparis
 	return w.numLines, nil
 }
 
-// GetDiffShortStat counts number of changed files, number of additions and deletions
-func (repo *Repository) GetDiffShortStat(base, head string) (numFiles, totalAdditions, totalDeletions int, err error) {
-	numFiles, totalAdditions, totalDeletions, err = GetDiffShortStat(repo.Ctx, repo.Path, nil, base+"..."+head)
-	if err != nil && strings.Contains(err.Error(), "no merge base") {
-		return GetDiffShortStat(repo.Ctx, repo.Path, nil, base, head)
+var (
+	ErrNoMergebaseFound        = errors.New("no merge base found")
+	ErrMultipleMergebasesFound = errors.New("multiple merge bases found")
+)
+
+// GetShortStat returns the number of changed files, additions and deletions. If
+// `useMergebase` is specified then the merge base between `base` and `head` is
+// used to compare against `head`.
+func (repo *Repository) GetShortStat(base, head string, useMergebase bool) (numFiles, totalAdditions, totalDeletions int, err error) {
+	cmd := NewCommand(repo.Ctx, "diff-tree", "--shortstat")
+	if useMergebase {
+		cmd = cmd.AddArguments("--merge-base")
 	}
-	return numFiles, totalAdditions, totalDeletions, err
+	cmd.AddDynamicArguments(base, head)
+
+	stdout, stderr, err := cmd.RunStdString(&RunOpts{Dir: repo.Path})
+	if err != nil {
+		switch stderr {
+		case "fatal: no merge base found\n":
+			return 0, 0, 0, ErrNoMergebaseFound
+		case "fatal: multiple merge bases found\n":
+			return 0, 0, 0, ErrMultipleMergebasesFound
+		}
+		return 0, 0, 0, err
+	}
+
+	return parseDiffStat(stdout)
 }
 
-// GetCommitStat returns the number of files, total additions and total deletions the commit has.
+// GetCommitShortStat returns the number of files, total additions and total deletions the commit has.
 func (repo *Repository) GetCommitShortStat(commitID string) (numFiles, totalAdditions, totalDeletions int, err error) {
 	cmd := NewCommand(repo.Ctx, "diff-tree", "--shortstat", "--no-commit-id", "--root").AddDynamicArguments(commitID)
 	stdout, _, err := cmd.RunStdString(&RunOpts{Dir: repo.Path})
@@ -194,13 +220,13 @@ func (repo *Repository) GetCommitShortStat(commitID string) (numFiles, totalAddi
 	return parseDiffStat(stdout)
 }
 
-// GetDiffShortStat counts number of changed files, number of additions and deletions
-func GetDiffShortStat(ctx context.Context, repoPath string, trustedArgs TrustedCmdArgs, dynamicArgs ...string) (numFiles, totalAdditions, totalDeletions int, err error) {
-	// Now if we call:
-	// $ git diff --shortstat 1ebb35b98889ff77299f24d82da426b434b0cca0...788b8b1440462d477f45b0088875
-	// we get:
-	// " 9902 files changed, 2034198 insertions(+), 298800 deletions(-)\n"
-	cmd := NewCommand(ctx, "diff", "--shortstat").AddArguments(trustedArgs...).AddDynamicArguments(dynamicArgs...)
+// GetIndexShortStat returns the number of files, total additions and total
+// deletions the commit has.
+//
+// NOTE: It uses `git-diff-index`, should only be used when working with
+// temporary repository. When working on bare repositories use `GetCommitShortStat`.
+func GetIndexShortStat(ctx context.Context, repoPath, commitID string) (numFiles, totalAdditions, totalDeletions int, err error) {
+	cmd := NewCommand(ctx, "diff-index", "--cached", "--shortstat").AddDynamicArguments(commitID)
 	stdout, _, err := cmd.RunStdString(&RunOpts{Dir: repoPath})
 	if err != nil {
 		return 0, 0, 0, err
diff --git a/modules/git/repo_compare_test.go b/modules/git/repo_compare_test.go
index b1ebdf6177..fcdc256112 100644
--- a/modules/git/repo_compare_test.go
+++ b/modules/git/repo_compare_test.go
@@ -243,3 +243,87 @@ func TestGetCommitShortStat(t *testing.T) {
 		assert.Equal(t, 0, totalDeletions)
 	})
 }
+
+func TestGetShortStat(t *testing.T) {
+	// https://github.com/git/git/blob/60f3f52f17cceefa5299709b189ce6fe2d181e7b/t/t4068-diff-symmetric-merge-base.sh#L10-L23
+	repo, err := OpenRepository(t.Context(), filepath.Join(testReposDir, "symmetric_repo"))
+	require.NoError(t, err)
+	defer repo.Close()
+
+	t.Run("Normal", func(t *testing.T) {
+		t.Run("Via merge base", func(t *testing.T) {
+			numFiles, totalAdditions, totalDeletions, err := repo.GetShortStat("br2", "main", true)
+			require.NoError(t, err)
+			assert.Equal(t, 1, numFiles)
+			assert.Equal(t, 1, totalAdditions)
+			assert.Zero(t, totalDeletions)
+
+			numFiles, totalAdditions, totalDeletions, err = repo.GetShortStat("main", "br2", true)
+			require.NoError(t, err)
+			assert.Equal(t, 1, numFiles)
+			assert.Equal(t, 1, totalAdditions)
+			assert.Zero(t, totalDeletions)
+		})
+
+		t.Run("Direct compare", func(t *testing.T) {
+			numFiles, totalAdditions, totalDeletions, err := repo.GetShortStat("main", "br2", false)
+			require.NoError(t, err)
+			assert.Equal(t, 2, numFiles)
+			assert.Equal(t, 1, totalAdditions)
+			assert.Equal(t, 1, totalDeletions)
+
+			numFiles, totalAdditions, totalDeletions, err = repo.GetShortStat("main", "br3", false)
+			require.NoError(t, err)
+			assert.Equal(t, 1, numFiles)
+			assert.Equal(t, 1, totalAdditions)
+			assert.Zero(t, totalDeletions)
+
+			numFiles, totalAdditions, totalDeletions, err = repo.GetShortStat("br3", "main", false)
+			require.NoError(t, err)
+			assert.Equal(t, 1, numFiles)
+			assert.Zero(t, totalAdditions)
+			assert.Equal(t, 1, totalDeletions)
+		})
+	})
+
+	t.Run("No merge base", func(t *testing.T) {
+		numFiles, totalAdditions, totalDeletions, err := repo.GetShortStat("main", "br3", true)
+		require.ErrorIs(t, err, ErrNoMergebaseFound)
+		assert.Zero(t, numFiles)
+		assert.Zero(t, totalAdditions)
+		assert.Zero(t, totalDeletions)
+	})
+
+	t.Run("Multiple merge base", func(t *testing.T) {
+		numFiles, totalAdditions, totalDeletions, err := repo.GetShortStat("main", "br1", true)
+		require.ErrorIs(t, err, ErrMultipleMergebasesFound)
+		assert.Zero(t, numFiles)
+		assert.Zero(t, totalAdditions)
+		assert.Zero(t, totalDeletions)
+	})
+}
+
+func TestGetMergeBaseSimple(t *testing.T) {
+	repo, err := OpenRepository(t.Context(), filepath.Join(testReposDir, "symmetric_repo"))
+	require.NoError(t, err)
+
+	defer repo.Close()
+
+	t.Run("Normal", func(t *testing.T) {
+		mergebase, err := repo.GetMergeBaseSimple("main", "br2")
+		require.NoError(t, err)
+		assert.Equal(t, "9d36f18c8ca14ad28c4751afd14f3e3146a785dc", mergebase)
+	})
+
+	t.Run("No mergebase", func(t *testing.T) {
+		mergebase, err := repo.GetMergeBaseSimple("main", "br3")
+		require.ErrorContains(t, err, "exit status 1")
+		assert.Empty(t, mergebase)
+	})
+
+	t.Run("Multiple mergebase", func(t *testing.T) {
+		mergebase, err := repo.GetMergeBaseSimple("main", "br1")
+		require.NoError(t, err)
+		assert.Equal(t, "9d36f18c8ca14ad28c4751afd14f3e3146a785dc", mergebase)
+	})
+}
diff --git a/modules/git/tests/repos/symmetric_repo/HEAD b/modules/git/tests/repos/symmetric_repo/HEAD
new file mode 100644
index 0000000000..992854f9fb
--- /dev/null
+++ b/modules/git/tests/repos/symmetric_repo/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/br3
diff --git a/modules/git/tests/repos/symmetric_repo/config b/modules/git/tests/repos/symmetric_repo/config
new file mode 100644
index 0000000000..07d359d07c
--- /dev/null
+++ b/modules/git/tests/repos/symmetric_repo/config
@@ -0,0 +1,4 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
diff --git a/modules/git/tests/repos/symmetric_repo/objects/01/fc2bb01605691ba1f40694c1da70501583a085 b/modules/git/tests/repos/symmetric_repo/objects/01/fc2bb01605691ba1f40694c1da70501583a085
new file mode 100644
index 0000000000..914d958d71
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/01/fc2bb01605691ba1f40694c1da70501583a085 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/02/84078471ec566623807297baf4450382542dcb b/modules/git/tests/repos/symmetric_repo/objects/02/84078471ec566623807297baf4450382542dcb
new file mode 100644
index 0000000000..061fc8feec
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/02/84078471ec566623807297baf4450382542dcb differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/19/33da329284aca10dab8dc2fdd54213acd39be5 b/modules/git/tests/repos/symmetric_repo/objects/19/33da329284aca10dab8dc2fdd54213acd39be5
new file mode 100644
index 0000000000..7abecb8b4e
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/19/33da329284aca10dab8dc2fdd54213acd39be5 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/3f/10b1d474ee0a63d008be715494586ccbbbc9da b/modules/git/tests/repos/symmetric_repo/objects/3f/10b1d474ee0a63d008be715494586ccbbbc9da
new file mode 100644
index 0000000000..b54a2a79d7
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/3f/10b1d474ee0a63d008be715494586ccbbbc9da differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/3f/151445f4d22fec48009aa692142c96bce6dcf6 b/modules/git/tests/repos/symmetric_repo/objects/3f/151445f4d22fec48009aa692142c96bce6dcf6
new file mode 100644
index 0000000000..82c5d29824
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/3f/151445f4d22fec48009aa692142c96bce6dcf6 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/4b/825dc642cb6eb9a060e54bf8d69288fbee4904 b/modules/git/tests/repos/symmetric_repo/objects/4b/825dc642cb6eb9a060e54bf8d69288fbee4904
new file mode 100644
index 0000000000..adf64119a3
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/4b/825dc642cb6eb9a060e54bf8d69288fbee4904 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/54/93447336137e6fc28e3be3067f7049273c6909 b/modules/git/tests/repos/symmetric_repo/objects/54/93447336137e6fc28e3be3067f7049273c6909
new file mode 100644
index 0000000000..30092e4f7b
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/54/93447336137e6fc28e3be3067f7049273c6909 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/61/780798228d17af2d34fce4cfbdf35556832472 b/modules/git/tests/repos/symmetric_repo/objects/61/780798228d17af2d34fce4cfbdf35556832472
new file mode 100644
index 0000000000..586bf17a49
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/61/780798228d17af2d34fce4cfbdf35556832472 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/6a/69f92020f5df77af6e8813ff1232493383b708 b/modules/git/tests/repos/symmetric_repo/objects/6a/69f92020f5df77af6e8813ff1232493383b708
new file mode 100644
index 0000000000..77148f56f4
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/6a/69f92020f5df77af6e8813ff1232493383b708 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/6b/e660545b31f61a82a87d2b1915f0b88bb9f16f b/modules/git/tests/repos/symmetric_repo/objects/6b/e660545b31f61a82a87d2b1915f0b88bb9f16f
new file mode 100644
index 0000000000..c8bc9c3d9e
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/6b/e660545b31f61a82a87d2b1915f0b88bb9f16f differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/71/3fc38bac217f3909a1ca43479dec4f3f6e039e b/modules/git/tests/repos/symmetric_repo/objects/71/3fc38bac217f3909a1ca43479dec4f3f6e039e
new file mode 100644
index 0000000000..fde71ec26c
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/71/3fc38bac217f3909a1ca43479dec4f3f6e039e differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/83/966f2fad7dfb1c567ca63bb68e9a7d38b4afc6 b/modules/git/tests/repos/symmetric_repo/objects/83/966f2fad7dfb1c567ca63bb68e9a7d38b4afc6
new file mode 100644
index 0000000000..50d57fceec
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/83/966f2fad7dfb1c567ca63bb68e9a7d38b4afc6 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/9d/36f18c8ca14ad28c4751afd14f3e3146a785dc b/modules/git/tests/repos/symmetric_repo/objects/9d/36f18c8ca14ad28c4751afd14f3e3146a785dc
new file mode 100644
index 0000000000..d1ecb2995f
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/9d/36f18c8ca14ad28c4751afd14f3e3146a785dc differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/bf/91e6a4737da117217f8b32276998b10ee55f65 b/modules/git/tests/repos/symmetric_repo/objects/bf/91e6a4737da117217f8b32276998b10ee55f65
new file mode 100644
index 0000000000..ad3f6a1f9b
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/bf/91e6a4737da117217f8b32276998b10ee55f65 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/d6/dfac318c3dcd5f05554472666d7bb6dfd9e8db b/modules/git/tests/repos/symmetric_repo/objects/d6/dfac318c3dcd5f05554472666d7bb6dfd9e8db
new file mode 100644
index 0000000000..75ea7eaed6
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/d6/dfac318c3dcd5f05554472666d7bb6dfd9e8db differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/e4/2ba3e77f66f623836b47df796932f7e5604aec b/modules/git/tests/repos/symmetric_repo/objects/e4/2ba3e77f66f623836b47df796932f7e5604aec
new file mode 100644
index 0000000000..dc832f465c
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/e4/2ba3e77f66f623836b47df796932f7e5604aec differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/f2/ad6c76f0115a6ba5b00456a849810e7ec0af20 b/modules/git/tests/repos/symmetric_repo/objects/f2/ad6c76f0115a6ba5b00456a849810e7ec0af20
new file mode 100644
index 0000000000..a36463115d
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/f2/ad6c76f0115a6ba5b00456a849810e7ec0af20 differ
diff --git a/modules/git/tests/repos/symmetric_repo/objects/f4/e316302084c597f1678ff1db625b28f68194ae b/modules/git/tests/repos/symmetric_repo/objects/f4/e316302084c597f1678ff1db625b28f68194ae
new file mode 100644
index 0000000000..2133e56d5c
Binary files /dev/null and b/modules/git/tests/repos/symmetric_repo/objects/f4/e316302084c597f1678ff1db625b28f68194ae differ
diff --git a/modules/git/tests/repos/symmetric_repo/packed-refs b/modules/git/tests/repos/symmetric_repo/packed-refs
new file mode 100644
index 0000000000..0e61c448af
--- /dev/null
+++ b/modules/git/tests/repos/symmetric_repo/packed-refs
@@ -0,0 +1,8 @@
+# pack-refs with: peeled fully-peeled sorted 
+01fc2bb01605691ba1f40694c1da70501583a085 refs/heads/br1
+5493447336137e6fc28e3be3067f7049273c6909 refs/heads/br2
+3f10b1d474ee0a63d008be715494586ccbbbc9da refs/heads/br3
+83966f2fad7dfb1c567ca63bb68e9a7d38b4afc6 refs/heads/main
+bf91e6a4737da117217f8b32276998b10ee55f65 refs/tags/commit-C
+^9d36f18c8ca14ad28c4751afd14f3e3146a785dc
+0284078471ec566623807297baf4450382542dcb refs/tags/commit-D
diff --git a/modules/git/tests/repos/symmetric_repo/refs/heads/.gitkeep b/modules/git/tests/repos/symmetric_repo/refs/heads/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/modules/git/tests/repos/symmetric_repo/refs/tags/.gitkeep b/modules/git/tests/repos/symmetric_repo/refs/tags/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/modules/git/url/url_test.go b/modules/git/url/url_test.go
index 54655633bf..68ad8bd7c5 100644
--- a/modules/git/url/url_test.go
+++ b/modules/git/url/url_test.go
@@ -29,12 +29,12 @@ func TestParseGitURLs(t *testing.T) {
 			},
 		},
 		{
-			kase: "git@[fe80:14fc:cec5:c174:d88%2510]:go-gitea/gitea.git",
+			kase: "git@[fe80::14fc:cec5:c174:d88%2510]:go-gitea/gitea.git",
 			expected: &GitURL{
 				URL: &url.URL{
 					Scheme: "ssh",
 					User:   url.User("git"),
-					Host:   "[fe80:14fc:cec5:c174:d88%10]",
+					Host:   "[fe80::14fc:cec5:c174:d88%10]",
 					Path:   "go-gitea/gitea.git",
 				},
 				extraMark: 1,
@@ -132,11 +132,11 @@ func TestParseGitURLs(t *testing.T) {
 			},
 		},
 		{
-			kase: "https://[fe80:14fc:cec5:c174:d88%2510]:20/go-gitea/gitea.git",
+			kase: "https://[fe80::14fc:cec5:c174:d88%2510]:20/go-gitea/gitea.git",
 			expected: &GitURL{
 				URL: &url.URL{
 					Scheme: "https",
-					Host:   "[fe80:14fc:cec5:c174:d88%10]:20",
+					Host:   "[fe80::14fc:cec5:c174:d88%10]:20",
 					Path:   "/go-gitea/gitea.git",
 				},
 				extraMark: 0,
diff --git a/modules/lfs/main_test.go b/modules/lfs/main_test.go
new file mode 100644
index 0000000000..47a0c8138a
--- /dev/null
+++ b/modules/lfs/main_test.go
@@ -0,0 +1,37 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package lfs
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"testing"
+
+	"forgejo.org/modules/git"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/util"
+)
+
+const testReposDir = "tests/repos/"
+
+func TestMain(m *testing.M) {
+	gitHomePath, err := os.MkdirTemp(os.TempDir(), "git-home")
+	if err != nil {
+		_, _ = fmt.Fprintf(os.Stderr, "Test failed: unable to create temp dir: %v", err)
+		os.Exit(1)
+	}
+
+	setting.Git.HomePath = gitHomePath
+
+	if err = git.InitFull(context.Background()); err != nil {
+		util.RemoveAll(gitHomePath)
+		_, _ = fmt.Fprintf(os.Stderr, "Test failed: failed to call git.InitFull: %v", err)
+		os.Exit(1)
+	}
+
+	exitCode := m.Run()
+	util.RemoveAll(gitHomePath)
+	os.Exit(exitCode)
+}
diff --git a/modules/lfs/pointer_scanner_test.go b/modules/lfs/pointer_scanner_test.go
new file mode 100644
index 0000000000..a82c22e66c
--- /dev/null
+++ b/modules/lfs/pointer_scanner_test.go
@@ -0,0 +1,65 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package lfs
+
+import (
+	"cmp"
+	"path/filepath"
+	"slices"
+	"testing"
+
+	"forgejo.org/modules/git"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSearchPointerBlobs(t *testing.T) {
+	repo, err := git.OpenRepository(t.Context(), filepath.Join(testReposDir, "simple-lfs"))
+	require.NoError(t, err)
+
+	pointerChan := make(chan PointerBlob)
+	errChan := make(chan error, 1)
+
+	go SearchPointerBlobs(t.Context(), repo, pointerChan, errChan)
+
+	// Collect all found pointer blobs.
+	var pointerBlobs []PointerBlob
+	for pointerBlob := range pointerChan {
+		pointerBlobs = append(pointerBlobs, pointerBlob)
+	}
+
+	// Check that no errors were reported.
+	errChanClosed := false
+	select {
+	case err, ok := <-errChan:
+		if ok {
+			require.NoError(t, err)
+		} else {
+			errChanClosed = true
+		}
+	default:
+	}
+	assert.True(t, errChanClosed)
+
+	// Sort them, they might arrive in any order
+	slices.SortFunc(pointerBlobs, func(a, b PointerBlob) int {
+		return cmp.Compare(a.Oid, b.Oid)
+	})
+
+	// Assert the values of the found pointer blobs.
+	if assert.Len(t, pointerBlobs, 3) {
+		assert.Equal(t, "31b9a6a709729b8ae48bde8176caf2990c0d7121", pointerBlobs[0].Hash)
+		assert.Equal(t, "2f91b6326743db344ca96b1be86e3ed34abf04262255b4d04db8a961a2a72545", pointerBlobs[0].Oid)
+		assert.EqualValues(t, 43789, pointerBlobs[0].Size)
+
+		assert.Equal(t, "b53619fbbc3d2bfa85a26787238264cdbf551f19", pointerBlobs[1].Hash)
+		assert.Equal(t, "36dae031efb96625cda973c11508617b750665933a36bd52dfcfef586c4fd85c", pointerBlobs[1].Oid)
+		assert.EqualValues(t, 101800, pointerBlobs[1].Size)
+
+		assert.Equal(t, "513d4c000f63ee9fd6a805e9a518206b860ce38a", pointerBlobs[2].Hash)
+		assert.Equal(t, "4d7a214614ab2935c943f9e0ff69d22eadbb8f32b1258daaa5e2ca24d17e2393", pointerBlobs[2].Oid)
+		assert.EqualValues(t, 1234, pointerBlobs[2].Size)
+	}
+}
diff --git a/modules/lfs/tests/repos/simple-lfs/HEAD b/modules/lfs/tests/repos/simple-lfs/HEAD
new file mode 100644
index 0000000000..b870d82622
--- /dev/null
+++ b/modules/lfs/tests/repos/simple-lfs/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/main
diff --git a/modules/lfs/tests/repos/simple-lfs/config b/modules/lfs/tests/repos/simple-lfs/config
new file mode 100644
index 0000000000..07d359d07c
--- /dev/null
+++ b/modules/lfs/tests/repos/simple-lfs/config
@@ -0,0 +1,4 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
diff --git a/modules/lfs/tests/repos/simple-lfs/info/exclude b/modules/lfs/tests/repos/simple-lfs/info/exclude
new file mode 100644
index 0000000000..a5196d1be8
--- /dev/null
+++ b/modules/lfs/tests/repos/simple-lfs/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/modules/lfs/tests/repos/simple-lfs/logs/HEAD b/modules/lfs/tests/repos/simple-lfs/logs/HEAD
new file mode 100644
index 0000000000..18126e38d6
--- /dev/null
+++ b/modules/lfs/tests/repos/simple-lfs/logs/HEAD
@@ -0,0 +1 @@
+0000000000000000000000000000000000000000 ece720b78753aca2c27fd69c42f5578f5bcfbe0e Gusted <postmaster@gusted.xyz> 1759469736 +0200
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/31/b9a6a709729b8ae48bde8176caf2990c0d7121 b/modules/lfs/tests/repos/simple-lfs/objects/31/b9a6a709729b8ae48bde8176caf2990c0d7121
new file mode 100644
index 0000000000..c95ecbafdc
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/31/b9a6a709729b8ae48bde8176caf2990c0d7121 differ
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/33/9e3c3ddbf4cf6655ed335eb820f4f2912d8063 b/modules/lfs/tests/repos/simple-lfs/objects/33/9e3c3ddbf4cf6655ed335eb820f4f2912d8063
new file mode 100644
index 0000000000..dd7eada553
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/33/9e3c3ddbf4cf6655ed335eb820f4f2912d8063 differ
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/51/3d4c000f63ee9fd6a805e9a518206b860ce38a b/modules/lfs/tests/repos/simple-lfs/objects/51/3d4c000f63ee9fd6a805e9a518206b860ce38a
new file mode 100644
index 0000000000..1bd67e2a35
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/51/3d4c000f63ee9fd6a805e9a518206b860ce38a differ
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/72/78f80aa39386476ffbdd79083808887f99fbc8 b/modules/lfs/tests/repos/simple-lfs/objects/72/78f80aa39386476ffbdd79083808887f99fbc8
new file mode 100644
index 0000000000..60d37fc752
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/72/78f80aa39386476ffbdd79083808887f99fbc8 differ
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/8d/ebd861c03718cc43154f5317308b88ab5447d2 b/modules/lfs/tests/repos/simple-lfs/objects/8d/ebd861c03718cc43154f5317308b88ab5447d2
new file mode 100644
index 0000000000..22ce593d43
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/8d/ebd861c03718cc43154f5317308b88ab5447d2 differ
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/9b/af9f95266ceb6043894591f73d97c7ef4cb546 b/modules/lfs/tests/repos/simple-lfs/objects/9b/af9f95266ceb6043894591f73d97c7ef4cb546
new file mode 100644
index 0000000000..e9dd5226ce
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/9b/af9f95266ceb6043894591f73d97c7ef4cb546 differ
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/b5/3619fbbc3d2bfa85a26787238264cdbf551f19 b/modules/lfs/tests/repos/simple-lfs/objects/b5/3619fbbc3d2bfa85a26787238264cdbf551f19
new file mode 100644
index 0000000000..33bd13e08f
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/b5/3619fbbc3d2bfa85a26787238264cdbf551f19 differ
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/c7/5c2ef6293177b3bcd7f23f5f49e2727fe7dbb6 b/modules/lfs/tests/repos/simple-lfs/objects/c7/5c2ef6293177b3bcd7f23f5f49e2727fe7dbb6
new file mode 100644
index 0000000000..e0c154b400
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/c7/5c2ef6293177b3bcd7f23f5f49e2727fe7dbb6 differ
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/eb/e522c4e7b48a1d939281654589366a63120444 b/modules/lfs/tests/repos/simple-lfs/objects/eb/e522c4e7b48a1d939281654589366a63120444
new file mode 100644
index 0000000000..fa39fd57c1
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/eb/e522c4e7b48a1d939281654589366a63120444 differ
diff --git a/modules/lfs/tests/repos/simple-lfs/objects/ec/e720b78753aca2c27fd69c42f5578f5bcfbe0e b/modules/lfs/tests/repos/simple-lfs/objects/ec/e720b78753aca2c27fd69c42f5578f5bcfbe0e
new file mode 100644
index 0000000000..e23129ab0d
Binary files /dev/null and b/modules/lfs/tests/repos/simple-lfs/objects/ec/e720b78753aca2c27fd69c42f5578f5bcfbe0e differ
diff --git a/modules/lfs/tests/repos/simple-lfs/packed-refs b/modules/lfs/tests/repos/simple-lfs/packed-refs
new file mode 100644
index 0000000000..08e7d087a5
--- /dev/null
+++ b/modules/lfs/tests/repos/simple-lfs/packed-refs
@@ -0,0 +1,2 @@
+# pack-refs with: peeled fully-peeled sorted 
+ece720b78753aca2c27fd69c42f5578f5bcfbe0e refs/heads/main
diff --git a/modules/lfs/tests/repos/simple-lfs/refs/heads/.gitkeep b/modules/lfs/tests/repos/simple-lfs/refs/heads/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/modules/lfs/tests/repos/simple-lfs/refs/tags/.gitkeep b/modules/lfs/tests/repos/simple-lfs/refs/tags/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/modules/markup/html.go b/modules/markup/html.go
index 83ce87aea4..2fe0caa5b6 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -55,10 +55,13 @@ var (
 	shortLinkPattern = regexp.MustCompile(`\[\[(.*?)\]\](\w*)`)
 
 	// anyHashPattern splits url containing SHA into parts
-	anyHashPattern = regexp.MustCompile(`https?://(?:(?:\S+/){3,4}(?:commit|tree|blob)/)([0-9a-f]{7,64})(/[-+~_%.a-zA-Z0-9/]+)?(\?[-+~_%\.a-zA-Z0-9=&]+)?(#[-+~_%.a-zA-Z0-9]+)?`)
+	anyHashPattern = regexp.MustCompile(`https?://[^\s/]+/(\S+/(?:commit|tree|blob))/([0-9a-f]{7,64})(/[-+~_%.a-zA-Z0-9/]+)?(\?[-+~_%\.a-zA-Z0-9=&]+)?(#[-+~_%.a-zA-Z0-9]+)?`)
 
 	// comparePattern matches "http://domain/org/repo/compare/COMMIT1...COMMIT2#hash"
-	comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{7,64})(\.\.\.?)([0-9a-f]{7,64})?(#[-+~_%.a-zA-Z0-9]+)?`)
+	comparePattern = regexp.MustCompile(`https?://[^\s/]+/(?:\S+/)?([^\s/]+/[^\s/]+)/compare/([0-9a-f]{7,64})(\.\.\.?)([0-9a-f]{7,64})?(\?[-+~_%\.a-zA-Z0-9=&/]+)?(#[-+~_%.a-zA-Z0-9]+)?`)
+
+	// pullReviewCommitPattern matches "https://domain.tld/<subpath...>/<owner>/<repo>/pulls/<id>/commits/<sha>"
+	pullReviewCommitPattern = regexp.MustCompile(`https?://[^\s/]+/(?:\S+/)?([^\s/]+/[^\s/]+)/pulls/(\d+)/commits/([0-9a-f]{7,64})(#[-+~_%.a-zA-Z0-9]+)?`)
 
 	validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`)
 
@@ -147,6 +150,7 @@ func (p *postProcessError) Error() string {
 type processor func(ctx *RenderContext, node *html.Node)
 
 var defaultProcessors = []processor{
+	pullReviewCommitPatternProcessor,
 	fullIssuePatternProcessor,
 	comparePatternProcessor,
 	filePreviewPatternProcessor,
@@ -177,6 +181,7 @@ func PostProcess(
 }
 
 var commitMessageProcessors = []processor{
+	pullReviewCommitPatternProcessor,
 	fullIssuePatternProcessor,
 	comparePatternProcessor,
 	fullHashPatternProcessor,
@@ -209,6 +214,7 @@ func RenderCommitMessage(
 }
 
 var commitMessageSubjectProcessors = []processor{
+	pullReviewCommitPatternProcessor,
 	fullIssuePatternProcessor,
 	comparePatternProcessor,
 	fullHashPatternProcessor,
@@ -796,6 +802,64 @@ func shortLinkProcessor(ctx *RenderContext, node *html.Node) {
 	}
 }
 
+// pullReviewCommitPatternProcessor creates links to pull review commits.
+func pullReviewCommitPatternProcessor(ctx *RenderContext, node *html.Node) {
+	next := node.NextSibling
+	for node != nil && node != next {
+		m := pullReviewCommitPattern.FindStringSubmatchIndex(node.Data)
+		if m == nil {
+			return
+		}
+
+		urlFull := node.Data[m[0]:m[1]]
+		repoSlug := node.Data[m[2]:m[3]]
+		id := node.Data[m[4]:m[5]]
+		sha := base.ShortSha(node.Data[m[6]:m[7]])
+
+		// Create an `<a>` node with a text of
+		// `!123 (commit <code>abcdef1234</code>)`
+		aNode := &html.Node{
+			Type: html.ElementNode,
+			Data: atom.A.String(),
+			Attr: []html.Attribute{{Key: "href", Val: urlFull}, {Key: "class", Val: "commit"}},
+		}
+
+		text := "!" + id + " (commit "
+
+		baseURLEnd := strings.Index(urlFull, repoSlug) + len(repoSlug)
+		if len(ctx.Links.Base) > 0 && !strings.HasPrefix(ctx.Links.Base, urlFull[:baseURLEnd]) {
+			text = repoSlug + "@" + text
+		}
+
+		aNode.AppendChild(&html.Node{
+			Type: html.TextNode,
+			Data: text,
+		})
+
+		textNode := &html.Node{
+			Type: html.TextNode,
+			Data: sha,
+		}
+
+		codeNode := &html.Node{
+			Type: html.ElementNode,
+			Data: atom.Code.String(),
+			Attr: []html.Attribute{{Key: "class", Val: "nohighlight"}},
+		}
+
+		codeNode.AppendChild(textNode)
+		aNode.AppendChild(codeNode)
+
+		aNode.AppendChild(&html.Node{
+			Type: html.TextNode,
+			Data: ")",
+		})
+
+		replaceContent(node, m[0], m[1], aNode)
+		node = node.NextSibling.NextSibling
+	}
+}
+
 func fullIssuePatternProcessor(ctx *RenderContext, node *html.Node) {
 	if ctx.Metas == nil {
 		return
@@ -952,7 +1016,7 @@ func commitCrossReferencePatternProcessor(ctx *RenderContext, node *html.Node) {
 	}
 }
 
-// fullHashPatternProcessor renders SHA containing URLs
+// fullHashPatternProcessor renders URLs that contain a SHA
 func fullHashPatternProcessor(ctx *RenderContext, node *html.Node) {
 	if ctx.Metas == nil {
 		return
@@ -966,37 +1030,103 @@ func fullHashPatternProcessor(ctx *RenderContext, node *html.Node) {
 		}
 
 		urlFull := node.Data[m[0]:m[1]]
-		text := base.ShortSha(node.Data[m[2]:m[3]])
 
-		// 3rd capture group matches a optional path
-		subpath := ""
-		if m[5] > 0 {
-			subpath = node.Data[m[4]:m[5]]
+		// In most cases, the URL will look like this:
+		// `https://domain.tld/<owner>/<repo>/<path>/<sha>`.
+		// The amount of components in `<path>` is variable, but that alone is doable with regexp.
+		//
+		// However, Forgejo also allows being hosted on a sub path, i.e.
+		// `https://domain.tld/<sub>/<owner>/<repo>/<path>/<sha>`.
+		// And this sub path can also have any amount of components. But fishing out a section
+		// between two variable length matches is not something regular grammars are capable of.
+		//
+		// Instead, the regexp extracts the entire path section before the SHA
+		// (i.e. `<sub>/<owner>/<repo>/<path>`), and we find the components we need by counting.
+		// `<sub>` is unknown, but the possible values for `<path>` are defined by us
+		// (see `router/web/web.go`). So we count from the back.
+		subPath := node.Data[m[2]:m[3]]
+
+		components := strings.Split(subPath, "/")
+		componentCount := len(components)
+
+		// In most cases, the `<owner>` component is right at the start of the path.
+		ownerIndex := 0
+
+		// But if there are more than three components, this could be `<sub>` or an app route
+		// with two components. Or both.
+		if componentCount > 3 {
+			// As mentioned, we count from the back. We decrement for the `<repo>` component, and the one
+			// component from the app route that's guaranteed to be there.
+			// We also adjust this to be an array index, so we subtract one more.
+			ownerIndex = componentCount - 3
+
+			// We then check for known app routes that use two components.
+			// Currently, this checks for:
+			// - `src/commit`
+			// - `commits/commit`
+			//
+			// This does have one scenario where we cannot figure things out reliably:
+			// If there is a sub path, and the repository is named like one of the known app routes
+			// (e.g. `src`), we cannot distinguish between the repo and the app route.
+			// We assume that naming a repository like that is uncommon, and prioritize the case where its
+			// part of the app route.
+			if components[componentCount-1] == "commit" &&
+				(components[componentCount-2] == "src" || components[componentCount-2] == "commits") {
+				ownerIndex--
+			}
+		}
+
+		repoSlug := components[ownerIndex] + "/" + components[ownerIndex+1]
+
+		text := base.ShortSha(node.Data[m[4]:m[5]])
+
+		// We need to figure out the base of the provided URL, which is up to and including the
+		// `<owner>/<repo>` slug.
+		// With that we can determine if it matches the current repo, or if the slug should be shown.
+		baseURLEnd := strings.Index(urlFull, repoSlug) + len(repoSlug)
+		if len(ctx.Links.Base) > 0 && !strings.HasPrefix(ctx.Links.Base, urlFull[:baseURLEnd]) {
+			text = repoSlug + "@" + text
+		}
+
+		// 3rd capture group matches an optional file path after the SHA
+		filePath := ""
+		if m[7] > 0 {
+			filePath = node.Data[m[6]:m[7]]
 		}
 
 		// 5th capture group matches a optional url hash
 		hash := ""
-		if m[9] > 0 {
-			hash = node.Data[m[8]:m[9]][1:]
+		if m[11] > 0 {
+			hash = node.Data[m[10]:m[11]][1:]
+
+			// Truncate long diff IDs
+			if len(hash) > 15 && strings.HasPrefix(hash, "diff-") {
+				hash = hash[:15]
+			}
 		}
 
 		start := m[0]
 		end := m[1]
 
-		// If url ends in '.', it's very likely that it is not part of the
-		// actual url but used to finish a sentence.
+		// If the URL ends in '.', it's very likely that it is not part of the
+		// actual URL but used to finish a sentence.
 		if strings.HasSuffix(urlFull, ".") {
 			end--
 			urlFull = urlFull[:len(urlFull)-1]
 			if hash != "" {
 				hash = hash[:len(hash)-1]
-			} else if subpath != "" {
-				subpath = subpath[:len(subpath)-1]
+			} else if filePath != "" {
+				filePath = filePath[:len(filePath)-1]
 			}
 		}
 
-		if subpath != "" {
-			text += subpath
+		if filePath != "" {
+			decoded, err := url.QueryUnescape(filePath)
+			if err != nil {
+				text += decoded
+			} else {
+				text += filePath
+			}
 		}
 
 		if hash != "" {
@@ -1019,41 +1149,71 @@ func comparePatternProcessor(ctx *RenderContext, node *html.Node) {
 			return
 		}
 
-		// Ensure that every group (m[0]...m[7]) has a match
-		for i := 0; i < 8; i++ {
+		// Ensure that every group (m[0]...m[9]) has a match
+		for i := 0; i < 10; i++ {
 			if m[i] == -1 {
 				return
 			}
 		}
 
 		urlFull := node.Data[m[0]:m[1]]
-		text1 := base.ShortSha(node.Data[m[2]:m[3]])
-		textDots := base.ShortSha(node.Data[m[4]:m[5]])
-		text2 := base.ShortSha(node.Data[m[6]:m[7]])
+		repoSlug := node.Data[m[2]:m[3]]
+		text1 := base.ShortSha(node.Data[m[4]:m[5]])
+		textDots := base.ShortSha(node.Data[m[6]:m[7]])
+		text2 := base.ShortSha(node.Data[m[8]:m[9]])
+
+		query := ""
+		if m[11] > 0 {
+			query = node.Data[m[10]:m[11]][1:]
+		}
 
 		hash := ""
-		if m[9] > 0 {
-			hash = node.Data[m[8]:m[9]][1:]
+		if m[13] > 0 {
+			hash = node.Data[m[12]:m[13]][1:]
 		}
 
 		start := m[0]
 		end := m[1]
 
-		// If url ends in '.', it's very likely that it is not part of the
-		// actual url but used to finish a sentence.
+		// If the URL ends in '.', it's very likely that it is not part of the
+		// actual URL but used to finish a sentence.
 		if strings.HasSuffix(urlFull, ".") {
 			end--
 			urlFull = urlFull[:len(urlFull)-1]
 			if hash != "" {
 				hash = hash[:len(hash)-1]
+			} else if query != "" {
+				query = query[:len(query)-1]
 			} else if text2 != "" {
 				text2 = text2[:len(text2)-1]
 			}
 		}
 
 		text := text1 + textDots + text2
+
+		baseURLEnd := strings.Index(urlFull, repoSlug) + len(repoSlug)
+		if len(ctx.Links.Base) > 0 && !strings.HasPrefix(ctx.Links.Base, urlFull[:baseURLEnd]) {
+			text = repoSlug + "@" + text
+		}
+
+		extra := ""
+		if query != "" {
+			query, err := url.ParseQuery(query)
+			if err == nil && query.Has("files") {
+				extra = query.Get("files")
+			}
+		}
+
 		if hash != "" {
-			text += " (" + hash + ")"
+			if extra != "" {
+				extra += "#"
+			}
+
+			extra += hash
+		}
+
+		if extra != "" {
+			text += " (" + extra + ")"
 		}
 		replaceContent(node, start, end, createCodeLink(urlFull, text, "compare"))
 		node = node.NextSibling.NextSibling
@@ -1094,7 +1254,7 @@ func filePreviewPatternProcessor(ctx *RenderContext, node *html.Node) {
 			// Specialized version of replaceContent, so the parent paragraph element is not destroyed from our div
 			before := node.Data[:(preview.start - offset)]
 			after := node.Data[(preview.end - offset):]
-			afterNode := &html.Node{
+			afterTextNode := &html.Node{
 				Type: html.TextNode,
 				Data: after,
 			}
@@ -1103,22 +1263,20 @@ func filePreviewPatternProcessor(ctx *RenderContext, node *html.Node) {
 			case "div", "li", "td", "th", "details":
 				nextSibling := node.NextSibling
 				node.Parent.InsertBefore(previewNode, nextSibling)
-				node.Parent.InsertBefore(afterNode, nextSibling)
+				node.Parent.InsertBefore(afterTextNode, nextSibling)
 			case "p", "span", "em", "strong":
-				nextSibling := node.Parent.NextSibling
-				node.Parent.Parent.InsertBefore(previewNode, nextSibling)
-				afterPNode := &html.Node{
+				nextParentSibling := node.Parent.NextSibling
+				node.Parent.Parent.InsertBefore(previewNode, nextParentSibling)
+				afterNode := &html.Node{
 					Type: html.ElementNode,
 					Data: node.Parent.Data,
 					Attr: node.Parent.Attr,
 				}
-				afterPNode.AppendChild(afterNode)
-				node.Parent.Parent.InsertBefore(afterPNode, nextSibling)
-				siblingNode := node.NextSibling
-				if siblingNode != nil {
-					node.NextSibling = nil
-					siblingNode.PrevSibling = nil
-					afterPNode.AppendChild(siblingNode)
+				afterNode.AppendChild(afterTextNode)
+				node.Parent.Parent.InsertBefore(afterNode, nextParentSibling)
+				for sibling := node.NextSibling; sibling != nil; sibling = node.NextSibling {
+					sibling.Parent.RemoveChild(sibling)
+					afterNode.AppendChild(sibling)
 				}
 			default:
 				matched = false
@@ -1126,7 +1284,7 @@ func filePreviewPatternProcessor(ctx *RenderContext, node *html.Node) {
 			if matched {
 				offset = preview.end
 				node.Data = before
-				node = afterNode
+				node = afterTextNode
 			}
 		}
 		node = node.NextSibling
diff --git a/modules/markup/html_internal_test.go b/modules/markup/html_internal_test.go
index 08b1fed505..1f717a78ed 100644
--- a/modules/markup/html_internal_test.go
+++ b/modules/markup/html_internal_test.go
@@ -303,12 +303,12 @@ func testRenderIssueIndexPattern(t *testing.T, input, expected string, ctx *Rend
 func TestRender_AutoLink(t *testing.T) {
 	setting.AppURL = TestAppURL
 
-	test := func(input, expected string) {
+	test := func(input, expected, base string) {
 		var buffer strings.Builder
 		err := PostProcess(&RenderContext{
 			Ctx: git.DefaultContext,
 			Links: Links{
-				Base: TestRepoURL,
+				Base: base,
 			},
 			Metas: localMetas,
 		}, strings.NewReader(input), &buffer)
@@ -319,7 +319,7 @@ func TestRender_AutoLink(t *testing.T) {
 		err = PostProcess(&RenderContext{
 			Ctx: git.DefaultContext,
 			Links: Links{
-				Base: TestRepoURL,
+				Base: base,
 			},
 			Metas:  localMetas,
 			IsWiki: true,
@@ -328,19 +328,87 @@ func TestRender_AutoLink(t *testing.T) {
 		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer.String()))
 	}
 
-	// render valid issue URLs
-	test(util.URLJoin(TestRepoURL, "issues", "3333"),
-		numericIssueLink(util.URLJoin(TestRepoURL, "issues"), "ref-issue", 3333, "#"))
+	t.Run("Issue", func(t *testing.T) {
+		// render valid issue URLs
+		test(util.URLJoin(TestRepoURL, "issues", "3333"),
+			numericIssueLink(util.URLJoin(TestRepoURL, "issues"), "ref-issue", 3333, "#"),
+			TestRepoURL)
+	})
 
-	// render valid commit URLs
-	tmp := util.URLJoin(TestRepoURL, "commit", "d8a994ef243349f321568f9e36d5c3f444b99cae")
-	test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24</code></a>")
-	tmp += "#diff-2"
-	test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24 (diff-2)</code></a>")
+	t.Run("Commit", func(t *testing.T) {
+		// render valid commit URLs
+		tmp := util.URLJoin(TestRepoURL, "commit", "d8a994ef243349f321568f9e36d5c3f444b99cae")
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24</code></a>", TestRepoURL)
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">"+TestOrgRepo+"@d8a994ef24</code></a>", "https://localhost/forgejo/forgejo")
+		test(
+			tmp+"#diff-2",
+			"<a href=\""+tmp+"#diff-2\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24 (diff-2)</code></a>",
+			TestRepoURL,
+		)
+		test(
+			tmp+"#diff-953bb4f01b7c77fa18f0cd54211255051e647dbc",
+			"<a href=\""+tmp+"#diff-953bb4f01b7c77fa18f0cd54211255051e647dbc\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24 (diff-953bb4f01b)</code></a>",
+			TestRepoURL,
+		)
 
-	// render other commit URLs
-	tmp = "https://external-link.gitea.io/go-gitea/gitea/commit/d8a994ef243349f321568f9e36d5c3f444b99cae#diff-2"
-	test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24 (diff-2)</code></a>")
+		// render other commit URLs
+		tmp = "https://external-link.gitea.io/go-gitea/gitea/commit/d8a994ef243349f321568f9e36d5c3f444b99cae#diff-2"
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24 (diff-2)</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">go-gitea/gitea@d8a994ef24 (diff-2)</code></a>", TestRepoURL)
+
+		tmp = "http://localhost:3000/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">190d949293</code></a>", "http://localhost:3000/gogits/gogs")
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+
+		tmp = "http://localhost:3000/sub/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">190d949293</code></a>", "http://localhost:3000/sub/gogits/gogs")
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "http://localhost:3000/gogits/gogs")
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+
+		tmp = "http://localhost:3000/sub1/sub2/sub3/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">190d949293</code></a>", "http://localhost:3000/sub1/sub2/sub3/gogits/gogs")
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "http://localhost:3000/sub1/gogits/gogs")
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+
+		// if the repository happens to be named like one of the known app routes (e.g. `src`),
+		// we can parse the URL correctly, if there is no sub path
+		tmp = "http://localhost:3000/gogits/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/src@190d949293</code></a>", TestRepoURL)
+		tmp = "http://localhost:3000/gogits/src/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/src@190d949293</code></a>", TestRepoURL)
+		// but if there is a sub path, we cannot reliably distinguish the repo name from the app route
+		tmp = "http://localhost:3000/sub/gogits/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
+		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">sub/gogits@190d949293</code></a>", TestRepoURL)
+	})
+
+	t.Run("Compare", func(t *testing.T) {
+		tmp := util.URLJoin(TestRepoURL, "compare", "d8a994ef243349f321568f9e36d5c3f444b99cae..190d9492934af498c3f669d6a2431dc5459e5b20")
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">d8a994ef24..190d949293</code></a>", TestRepoURL)
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">"+TestOrgRepo+"@d8a994ef24..190d949293</code></a>", "https://localhost/forgejo/forgejo")
+
+		tmp = "http://localhost:3000/sub/gogits/gogs/compare/190d9492934af498c3f669d6a2431dc5459e5b20..d8a994ef243349f321568f9e36d5c3f444b99cae"
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">190d949293..d8a994ef24</code></a>", "http://localhost:3000/sub/gogits/gogs")
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "http://localhost:3000/gogits/gogs")
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+
+		tmp = "http://localhost:3000/sub1/sub2/sub3/gogits/gogs/compare/190d9492934af498c3f669d6a2431dc5459e5b20..d8a994ef243349f321568f9e36d5c3f444b99cae"
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">190d949293..d8a994ef24</code></a>", "http://localhost:3000/sub1/sub2/sub3/gogits/gogs")
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "http://localhost:3000/sub1/gogits/gogs")
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+
+		tmp = "https://codeberg.org/forgejo/forgejo/compare/8bbac4c679bea930c74849c355a60ed3c52f8eb5...e2278e5a38187a1dc84dc41d583ec8b44e7257c1?files=options/locale/locale_fi-FI.ini"
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini)</code></a>", "https://codeberg.org/forgejo/forgejo")
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">forgejo/forgejo@8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini)</code></a>", TestRepoURL)
+		test(tmp+".", "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">forgejo/forgejo@8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini)</code></a>.", TestRepoURL)
+
+		tmp = "https://codeberg.org/forgejo/forgejo/compare/8bbac4c679bea930c74849c355a60ed3c52f8eb5...e2278e5a38187a1dc84dc41d583ec8b44e7257c1?files=options/locale/locale_fi-FI.ini#L2"
+		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini#L2)</code></a>", "https://codeberg.org/forgejo/forgejo")
+	})
+
+	t.Run("Invalid URLs", func(t *testing.T) {
+		tmp := "https://local host/gogits/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
+		test(tmp, "<a href=\"https://local\" class=\"link\">https://local</a> host/gogits/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20", TestRepoURL)
+	})
 }
 
 func TestRender_IssueIndexPatternRef(t *testing.T) {
@@ -429,45 +497,79 @@ func TestRegExp_hashCurrentPattern(t *testing.T) {
 func TestRegExp_anySHA1Pattern(t *testing.T) {
 	testCases := map[string][]string{
 		"https://github.com/jquery/jquery/blob/a644101ed04d0beacea864ce805e0c4f86ba1cd1/test/unit/event.js#L2703": {
+			"jquery/jquery/blob",
 			"a644101ed04d0beacea864ce805e0c4f86ba1cd1",
 			"/test/unit/event.js",
 			"",
 			"#L2703",
 		},
 		"https://github.com/jquery/jquery/blob/a644101ed04d0beacea864ce805e0c4f86ba1cd1/test/unit/event.js": {
+			"jquery/jquery/blob",
 			"a644101ed04d0beacea864ce805e0c4f86ba1cd1",
 			"/test/unit/event.js",
 			"",
 			"",
 		},
 		"https://github.com/jquery/jquery/commit/0705be475092aede1eddae01319ec931fb9c65fc": {
+			"jquery/jquery/commit",
 			"0705be475092aede1eddae01319ec931fb9c65fc",
 			"",
 			"",
 			"",
 		},
 		"https://github.com/jquery/jquery/tree/0705be475092aede1eddae01319ec931fb9c65fc/src": {
+			"jquery/jquery/tree",
 			"0705be475092aede1eddae01319ec931fb9c65fc",
 			"/src",
 			"",
 			"",
 		},
 		"https://try.gogs.io/gogs/gogs/commit/d8a994ef243349f321568f9e36d5c3f444b99cae#diff-2": {
+			"gogs/gogs/commit",
 			"d8a994ef243349f321568f9e36d5c3f444b99cae",
 			"",
 			"",
 			"#diff-2",
 		},
 		"https://codeberg.org/forgejo/forgejo/src/commit/949ab9a5c4cac742f84ae5a9fa186f8d6eb2cdc0/RELEASE-NOTES.md?display=source&w=1#L7-L9": {
+			"forgejo/forgejo/src/commit",
 			"949ab9a5c4cac742f84ae5a9fa186f8d6eb2cdc0",
 			"/RELEASE-NOTES.md",
 			"?display=source&w=1",
 			"#L7-L9",
 		},
+		"http://localhost:3000/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3": {
+			"gogits/gogs/src/commit",
+			"190d9492934af498c3f669d6a2431dc5459e5b20",
+			"/path/to/file.go",
+			"",
+			"#L2-L3",
+		},
+		"http://localhost:3000/sub/gogits/gogs/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3": {
+			"sub/gogits/gogs/commit",
+			"190d9492934af498c3f669d6a2431dc5459e5b20",
+			"/path/to/file.go",
+			"",
+			"#L2-L3",
+		},
+		"http://localhost:3000/sub/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3": {
+			"sub/gogits/gogs/src/commit",
+			"190d9492934af498c3f669d6a2431dc5459e5b20",
+			"/path/to/file.go",
+			"",
+			"#L2-L3",
+		},
+		"http://localhost:3000/sub1/sub2/sub3/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3": {
+			"sub1/sub2/sub3/gogits/gogs/src/commit",
+			"190d9492934af498c3f669d6a2431dc5459e5b20",
+			"/path/to/file.go",
+			"",
+			"#L2-L3",
+		},
 	}
 
 	for k, v := range testCases {
-		assert.Equal(t, anyHashPattern.FindStringSubmatch(k)[1:], v)
+		assert.Equal(t, v, anyHashPattern.FindStringSubmatch(k)[1:])
 	}
 
 	for _, v := range []string{"https://codeberg.org/forgejo/forgejo/attachments/774421a1-b0ae-4501-8fba-983874b76811"} {
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index fa3855ed34..c7c53e2678 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -241,6 +241,45 @@ func TestRender_links(t *testing.T) {
 	markup.CustomLinkURLSchemes(setting.Markdown.CustomURLSchemes)
 }
 
+func TestRender_PullReviewCommitLink(t *testing.T) {
+	setting.AppURL = markup.TestAppURL
+
+	sha := "190d9492934af498c3f669d6a2431dc5459e5b20"
+	prCommitLink := util.URLJoin(markup.TestRepoURL, "pulls", "1", "commits", sha)
+
+	test := func(input, expected, base string) {
+		buffer, err := markup.RenderString(&markup.RenderContext{
+			Ctx:          git.DefaultContext,
+			RelativePath: ".md",
+			Links: markup.Links{
+				AbsolutePrefix: true,
+				Base:           base,
+			},
+			Metas: localMetas,
+		}, input)
+		require.NoError(t, err)
+		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer))
+	}
+
+	test(prCommitLink, `<p><a href="`+prCommitLink+`" rel="nofollow">!1 (commit <code>`+sha[0:10]+`</code>)</a></p>`, markup.TestRepoURL)
+
+	prCommitLink = util.URLJoin(markup.TestAppURL, "sub1", "sub2", markup.TestOrgRepo, "pulls", "1", "commits", sha)
+	test(
+		prCommitLink,
+		`<p><a href="`+prCommitLink+`" rel="nofollow">!1 (commit <code>`+sha[0:10]+`</code>)</a></p>`,
+		util.URLJoin(markup.TestAppURL, "sub1", "sub2", markup.TestOrgRepo),
+	)
+	test(
+		prCommitLink,
+		`<p><a href="`+prCommitLink+`" rel="nofollow">`+markup.TestOrgRepo+`@!1 (commit <code>`+sha[0:10]+`</code>)</a></p>`,
+		markup.TestRepoURL,
+	)
+
+	prCommitLink = "https://codeberg.org/forgejo/forgejo/pulls/7979/commits/4d968c08e0a8d24bd2f3fb2a3a48b37e6d84a327#diff-7649acfa98a9ee3faf0d28b488bbff428317fc72"
+	test(prCommitLink, `<p><a href="`+prCommitLink+`" rel="nofollow">!7979 (commit <code>4d968c08e0</code>)</a></p>`, "https://codeberg.org/forgejo/forgejo")
+	test(prCommitLink, `<p><a href="`+prCommitLink+`" rel="nofollow">forgejo/forgejo@!7979 (commit <code>4d968c08e0</code>)</a></p>`, markup.TestRepoURL)
+}
+
 func TestRender_email(t *testing.T) {
 	setting.AppURL = markup.TestAppURL
 
@@ -686,6 +725,9 @@ func TestIssue18471(t *testing.T) {
 	err := markup.PostProcess(&markup.RenderContext{
 		Ctx:   git.DefaultContext,
 		Metas: localMetas,
+		Links: markup.Links{
+			Base: "http://domain/org/repo",
+		},
 	}, strings.NewReader(data), &res)
 
 	require.NoError(t, err)
@@ -723,6 +765,9 @@ func TestRender_FilePreview(t *testing.T) {
 			Ctx:          git.DefaultContext,
 			RelativePath: ".md",
 			Metas:        metas,
+			Links: markup.Links{
+				Base: markup.TestRepoURL,
+			},
 		}, input)
 		require.NoError(t, err)
 		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer))
@@ -835,7 +880,7 @@ func TestRender_FilePreview(t *testing.T) {
 
 		testRender(
 			urlWithSub,
-			`<p><a href="http://localhost:3000/sub/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3" rel="nofollow"><code>190d949293/path/to/file.go (L2-L3)</code></a></p>`,
+			`<p><a href="http://localhost:3000/sub/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3" rel="nofollow"><code>gogits/gogs@190d949293/path/to/file.go (L2-L3)</code></a></p>`,
 			localMetas,
 		)
 
@@ -1253,4 +1298,20 @@ func TestRender_FilePreview(t *testing.T) {
 			localMetas,
 		)
 	})
+
+	t.Run("file previews followed by new line", func(t *testing.T) {
+		testRender(
+			commitFileURLFirstLine+"\nand\n"+commitFileURLFirstLine,
+			"<p></p>"+filePreviewBox+"<p><br/>\nand<br/>\n</p>"+filePreviewBox+"<p></p>",
+			localMetas,
+		)
+	})
+
+	t.Run("file previews followed by new line in div", func(t *testing.T) {
+		testRender(
+			"<div>"+commitFileURLFirstLine+"\nand\n"+commitFileURLFirstLine+"</div>",
+			"<div>"+filePreviewBox+"\nand\n"+filePreviewBox+"</div>",
+			localMetas,
+		)
+	})
 }
diff --git a/modules/markup/renderer.go b/modules/markup/renderer.go
index 08502e12ab..05dd512815 100644
--- a/modules/markup/renderer.go
+++ b/modules/markup/renderer.go
@@ -17,6 +17,7 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
+	"forgejo.org/modules/util/donotpanic"
 
 	"github.com/yuin/goldmark/ast"
 )
@@ -267,6 +268,15 @@ sandbox="allow-scripts"
 	return err
 }
 
+func postProcessOrCopy(ctx *RenderContext, renderer Renderer, reader io.Reader, writer io.Writer) (err error) {
+	if r, ok := renderer.(PostProcessRenderer); ok && r.NeedPostProcess() {
+		err = PostProcess(ctx, reader, writer)
+	} else {
+		_, err = io.Copy(writer, reader)
+	}
+	return err
+}
+
 func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Writer) error {
 	var wg sync.WaitGroup
 	var err error
@@ -293,7 +303,7 @@ func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Wr
 
 		wg.Add(1)
 		go func() {
-			err = SanitizeReader(pr2, renderer.Name(), output)
+			err = donotpanic.SafeFuncWithError(func() error { return SanitizeReader(pr2, renderer.Name(), output) })
 			_ = pr2.Close()
 			wg.Done()
 		}()
@@ -303,11 +313,7 @@ func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Wr
 
 	wg.Add(1)
 	go func() {
-		if r, ok := renderer.(PostProcessRenderer); ok && r.NeedPostProcess() {
-			err = PostProcess(ctx, pr, pw2)
-		} else {
-			_, err = io.Copy(pw2, pr)
-		}
+		err = donotpanic.SafeFuncWithError(func() error { return postProcessOrCopy(ctx, renderer, pr, pw2) })
 		_ = pr.Close()
 		_ = pw2.Close()
 		wg.Done()
@@ -320,7 +326,7 @@ func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Wr
 	if r, ok := renderer.(ExternalRenderer); ok && r.DisplayInIFrame() {
 		// Append a short script to the iframe's contents, which will communicate the scroll height of the embedded document via postMessage, either once loaded (in case the containing page loads first) in response to a postMessage from external.js, in case the iframe loads first
 		// We use '*' as a target origin for postMessage, because can be certain we are embedded on the same domain, due to X-Frame-Options configured elsewhere. (Plus, the offsetHeight of an embedded document is likely not sensitive data anyway.)
-		_, _ = pw.Write([]byte("<script>{let postHeight = () => {window.parent.postMessage({frameHeight: document.documentElement.offsetHeight}, '*')}; window.addEventListener('load', postHeight); window.addEventListener('message', (event) => {if (event.source === window.parent && event.data.requestOffsetHeight) postHeight()});}</script>"))
+		_, _ = pw.Write([]byte("<script>{let postHeight = () => {window.parent.postMessage({frameHeight: document.documentElement.offsetHeight || document.documentElement.scrollHeight}, '*')}; window.addEventListener('load', postHeight); window.addEventListener('message', (event) => {if (event.source === window.parent && event.data.requestOffsetHeight) postHeight()});}</script>"))
 	}
 	_ = pw.Close()
 
diff --git a/modules/markup/renderer_test.go b/modules/markup/renderer_test.go
index 0791081f94..13890d4361 100644
--- a/modules/markup/renderer_test.go
+++ b/modules/markup/renderer_test.go
@@ -1,4 +1,49 @@
-// Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
 
-package markup_test
+package markup
+
+import (
+	"bytes"
+	"errors"
+	"strings"
+	"testing"
+
+	"forgejo.org/modules/test"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+type failReader struct{}
+
+func (*failReader) Read(p []byte) (n int, err error) {
+	return 0, errors.New("FAIL")
+}
+
+func TestRender_postProcessOrCopy(t *testing.T) {
+	renderContext := &RenderContext{Ctx: t.Context()}
+
+	t.Run("CopyOK", func(t *testing.T) {
+		input := "SOMETHING"
+		output := &bytes.Buffer{}
+		require.NoError(t, postProcessOrCopy(renderContext, nil, strings.NewReader(input), output))
+		assert.Equal(t, input, output.String())
+	})
+
+	renderer := GetRendererByType("markdown")
+
+	t.Run("PostProcessOK", func(t *testing.T) {
+		input := "SOMETHING"
+		output := &bytes.Buffer{}
+		defer test.MockVariableValue(&defaultProcessors, []processor{})()
+		require.NoError(t, postProcessOrCopy(renderContext, renderer, strings.NewReader(input), output))
+		assert.Equal(t, input, output.String())
+	})
+
+	t.Run("PostProcessError", func(t *testing.T) {
+		input := &failReader{}
+		defer test.MockVariableValue(&defaultProcessors, []processor{})()
+		assert.ErrorContains(t, postProcessOrCopy(renderContext, renderer, input, &bytes.Buffer{}), "FAIL")
+	})
+}
diff --git a/modules/setting/actions.go b/modules/setting/actions.go
index 52a3ad5309..303fd6363b 100644
--- a/modules/setting/actions.go
+++ b/modules/setting/actions.go
@@ -12,23 +12,25 @@ import (
 // Actions settings
 var (
 	Actions = struct {
-		Enabled               bool
-		LogStorage            *Storage          // how the created logs should be stored
-		LogRetentionDays      int64             `ini:"LOG_RETENTION_DAYS"`
-		LogCompression        logCompression    `ini:"LOG_COMPRESSION"`
-		ArtifactStorage       *Storage          // how the created artifacts should be stored
-		ArtifactRetentionDays int64             `ini:"ARTIFACT_RETENTION_DAYS"`
-		DefaultActionsURL     defaultActionsURL `ini:"DEFAULT_ACTIONS_URL"`
-		ZombieTaskTimeout     time.Duration     `ini:"ZOMBIE_TASK_TIMEOUT"`
-		EndlessTaskTimeout    time.Duration     `ini:"ENDLESS_TASK_TIMEOUT"`
-		AbandonedJobTimeout   time.Duration     `ini:"ABANDONED_JOB_TIMEOUT"`
-		SkipWorkflowStrings   []string          `ìni:"SKIP_WORKFLOW_STRINGS"`
-		LimitDispatchInputs   int64             `ini:"LIMIT_DISPATCH_INPUTS"`
+		Enabled                      bool
+		LogStorage                   *Storage          // how the created logs should be stored
+		LogRetentionDays             int64             `ini:"LOG_RETENTION_DAYS"`
+		LogCompression               logCompression    `ini:"LOG_COMPRESSION"`
+		ArtifactStorage              *Storage          // how the created artifacts should be stored
+		ArtifactRetentionDays        int64             `ini:"ARTIFACT_RETENTION_DAYS"`
+		DefaultActionsURL            defaultActionsURL `ini:"DEFAULT_ACTIONS_URL"`
+		ZombieTaskTimeout            time.Duration     `ini:"ZOMBIE_TASK_TIMEOUT"`
+		EndlessTaskTimeout           time.Duration     `ini:"ENDLESS_TASK_TIMEOUT"`
+		AbandonedJobTimeout          time.Duration     `ini:"ABANDONED_JOB_TIMEOUT"`
+		SkipWorkflowStrings          []string          `ìni:"SKIP_WORKFLOW_STRINGS"`
+		LimitDispatchInputs          int64             `ini:"LIMIT_DISPATCH_INPUTS"`
+		ConcurrencyGroupQueueEnabled bool              `ini:"CONCURRENCY_GROUP_QUEUE_ENABLED"`
 	}{
-		Enabled:             true,
-		DefaultActionsURL:   defaultActionsURLForgejo,
-		SkipWorkflowStrings: []string{"[skip ci]", "[ci skip]", "[no ci]", "[skip actions]", "[actions skip]"},
-		LimitDispatchInputs: 10,
+		Enabled:                      true,
+		DefaultActionsURL:            defaultActionsURLForgejo,
+		SkipWorkflowStrings:          []string{"[skip ci]", "[ci skip]", "[no ci]", "[skip actions]", "[actions skip]"},
+		LimitDispatchInputs:          10,
+		ConcurrencyGroupQueueEnabled: true,
 	}
 )
 
diff --git a/modules/setting/indexer_test.go b/modules/setting/indexer_test.go
index 8f0437be8a..498f8752a2 100644
--- a/modules/setting/indexer_test.go
+++ b/modules/setting/indexer_test.go
@@ -65,7 +65,7 @@ func checkGlobMatch(t *testing.T, globstr string, list []indexerMatchList) {
 			}
 		}
 		if !found {
-			assert.Equal(t, m.position, -1, "Test string `%s` doesn't match `%s` anywhere; expected @%d", m.value, globstr, m.position)
+			assert.Equal(t, -1, m.position, "Test string `%s` doesn't match `%s` anywhere; expected @%d", m.value, globstr, m.position)
 		}
 	}
 }
diff --git a/modules/setting/ui.go b/modules/setting/ui.go
index 9dafe350eb..61378e0596 100644
--- a/modules/setting/ui.go
+++ b/modules/setting/ui.go
@@ -7,35 +7,33 @@ import (
 	"time"
 
 	"forgejo.org/modules/container"
-	"forgejo.org/modules/log"
 )
 
 // UI settings
 var UI = struct {
-	ExplorePagingNum        int
-	SitemapPagingNum        int
-	IssuePagingNum          int
-	RepoSearchPagingNum     int
-	MembersPagingNum        int
-	FeedMaxCommitNum        int
-	FeedPagingNum           int
-	PackagesPagingNum       int
-	GraphMaxCommitNum       int
-	CodeCommentLines        int
-	ReactionMaxUserNum      int
-	MaxDisplayFileSize      int64
-	ShowUserEmail           bool
-	DefaultShowFullName     bool
-	DefaultTheme            string
-	Themes                  []string
-	Reactions               []string
-	ReactionsLookup         container.Set[string] `ini:"-"`
-	CustomEmojis            []string
-	CustomEmojisLookup      container.Set[string] `ini:"-"`
-	SearchRepoDescription   bool
-	OnlyShowRelevantRepos   bool
-	ExploreDefaultSort      string `ini:"EXPLORE_PAGING_DEFAULT_SORT"`
-	PreferredTimestampTense string
+	ExplorePagingNum      int
+	SitemapPagingNum      int
+	IssuePagingNum        int
+	RepoSearchPagingNum   int
+	MembersPagingNum      int
+	FeedMaxCommitNum      int
+	FeedPagingNum         int
+	PackagesPagingNum     int
+	GraphMaxCommitNum     int
+	CodeCommentLines      int
+	ReactionMaxUserNum    int
+	MaxDisplayFileSize    int64
+	ShowUserEmail         bool
+	DefaultShowFullName   bool
+	DefaultTheme          string
+	Themes                []string
+	Reactions             []string
+	ReactionsLookup       container.Set[string] `ini:"-"`
+	CustomEmojis          []string
+	CustomEmojisLookup    container.Set[string] `ini:"-"`
+	SearchRepoDescription bool
+	OnlyShowRelevantRepos bool
+	ExploreDefaultSort    string `ini:"EXPLORE_PAGING_DEFAULT_SORT"`
 
 	AmbiguousUnicodeDetection bool
 	SkipEscapeContexts        []string
@@ -71,24 +69,23 @@ var UI = struct {
 		Keywords    string
 	} `ini:"ui.meta"`
 }{
-	ExplorePagingNum:        20,
-	SitemapPagingNum:        20,
-	IssuePagingNum:          20,
-	RepoSearchPagingNum:     20,
-	MembersPagingNum:        20,
-	FeedMaxCommitNum:        5,
-	FeedPagingNum:           20,
-	PackagesPagingNum:       20,
-	GraphMaxCommitNum:       100,
-	CodeCommentLines:        4,
-	ReactionMaxUserNum:      10,
-	MaxDisplayFileSize:      8388608,
-	DefaultTheme:            `forgejo-auto`,
-	Themes:                  []string{`forgejo-auto`, `forgejo-light`, `forgejo-dark`, `gitea-auto`, `gitea-light`, `gitea-dark`, `forgejo-auto-deuteranopia-protanopia`, `forgejo-light-deuteranopia-protanopia`, `forgejo-dark-deuteranopia-protanopia`, `forgejo-auto-tritanopia`, `forgejo-light-tritanopia`, `forgejo-dark-tritanopia`},
-	Reactions:               []string{`+1`, `-1`, `laugh`, `hooray`, `confused`, `heart`, `rocket`, `eyes`},
-	CustomEmojis:            []string{`git`, `gitea`, `codeberg`, `gitlab`, `github`, `gogs`, `forgejo`},
-	ExploreDefaultSort:      "recentupdate",
-	PreferredTimestampTense: "mixed",
+	ExplorePagingNum:    20,
+	SitemapPagingNum:    20,
+	IssuePagingNum:      20,
+	RepoSearchPagingNum: 20,
+	MembersPagingNum:    20,
+	FeedMaxCommitNum:    5,
+	FeedPagingNum:       20,
+	PackagesPagingNum:   20,
+	GraphMaxCommitNum:   100,
+	CodeCommentLines:    4,
+	ReactionMaxUserNum:  10,
+	MaxDisplayFileSize:  8388608,
+	DefaultTheme:        `forgejo-auto`,
+	Themes:              []string{`forgejo-auto`, `forgejo-light`, `forgejo-dark`, `gitea-auto`, `gitea-light`, `gitea-dark`, `forgejo-auto-deuteranopia-protanopia`, `forgejo-light-deuteranopia-protanopia`, `forgejo-dark-deuteranopia-protanopia`, `forgejo-auto-tritanopia`, `forgejo-light-tritanopia`, `forgejo-dark-tritanopia`},
+	Reactions:           []string{`+1`, `-1`, `laugh`, `hooray`, `confused`, `heart`, `rocket`, `eyes`},
+	CustomEmojis:        []string{`git`, `gitea`, `codeberg`, `gitlab`, `github`, `gogs`, `forgejo`},
+	ExploreDefaultSort:  "recentupdate",
 
 	AmbiguousUnicodeDetection: true,
 	SkipEscapeContexts:        []string{},
@@ -150,10 +147,6 @@ func loadUIFrom(rootCfg ConfigProvider) {
 	UI.DefaultShowFullName = sec.Key("DEFAULT_SHOW_FULL_NAME").MustBool(false)
 	UI.SearchRepoDescription = sec.Key("SEARCH_REPO_DESCRIPTION").MustBool(true)
 
-	if UI.PreferredTimestampTense != "mixed" && UI.PreferredTimestampTense != "absolute" {
-		log.Fatal("ui.PREFERRED_TIMESTAMP_TENSE must be either 'mixed' or 'absolute'")
-	}
-
 	// OnlyShowRelevantRepos=false is important for many private/enterprise instances,
 	// because many private repositories do not have "description/topic", users just want to search by their names.
 	UI.OnlyShowRelevantRepos = sec.Key("ONLY_SHOW_RELEVANT_REPOS").MustBool(false)
diff --git a/modules/structs/admin_user.go b/modules/structs/admin_user.go
index 8a4d066d72..a7bd5643e9 100644
--- a/modules/structs/admin_user.go
+++ b/modules/structs/admin_user.go
@@ -50,4 +50,5 @@ type EditUserOption struct {
 	AllowCreateOrganization *bool   `json:"allow_create_organization"`
 	Restricted              *bool   `json:"restricted"`
 	Visibility              string  `json:"visibility" binding:"In(,public,limited,private)"`
+	HideEmail               *bool   `json:"hide_email"`
 }
diff --git a/modules/structs/commit_status.go b/modules/structs/commit_status.go
index dc880ef5eb..2a5dfb7546 100644
--- a/modules/structs/commit_status.go
+++ b/modules/structs/commit_status.go
@@ -4,7 +4,7 @@
 package structs
 
 // CommitStatusState holds the state of a CommitStatus
-// It can be "pending", "success", "error" and "failure"
+// It can be "pending", "success", "error", "failure" and "warning"
 type CommitStatusState string
 
 const (
diff --git a/modules/structs/repo_actions.go b/modules/structs/repo_actions.go
index b13f344738..eada2db09f 100644
--- a/modules/structs/repo_actions.go
+++ b/modules/structs/repo_actions.go
@@ -32,3 +32,27 @@ type ActionTaskResponse struct {
 	Entries    []*ActionTask `json:"workflow_runs"`
 	TotalCount int64         `json:"total_count"`
 }
+
+// ActionRunnerLabel represents a Runner Label
+type ActionRunnerLabel struct {
+	ID   int64  `json:"id"`
+	Name string `json:"name"`
+	Type string `json:"type"`
+}
+
+// ActionRunner represents a Runner
+type ActionRunner struct {
+	ID     int64  `json:"id"`
+	Name   string `json:"name"`
+	Status string `json:"status"`
+	Busy   bool   `json:"busy"`
+	// currently unused as forgejo does not support ephemeral runners, but they are defined in gh api spec
+	Ephemeral bool                 `json:"ephemeral"`
+	Labels    []*ActionRunnerLabel `json:"labels"`
+}
+
+// ActionRunnersResponse returns Runners
+type ActionRunnersResponse struct {
+	Entries    []*ActionRunner `json:"runners"`
+	TotalCount int64           `json:"total_count"`
+}
diff --git a/modules/templates/util_date.go b/modules/templates/util_date.go
index bb83bf692a..839d2701ef 100644
--- a/modules/templates/util_date.go
+++ b/modules/templates/util_date.go
@@ -144,8 +144,5 @@ func timeSinceTo(then any, now time.Time) template.HTML {
 
 // TimeSince renders relative time HTML given a time
 func TimeSince(then any) template.HTML {
-	if setting.UI.PreferredTimestampTense == "absolute" {
-		return dateTimeFormat("full", then)
-	}
 	return timeSinceTo(then, time.Now())
 }
diff --git a/modules/util/donotpanic/donotpanic.go b/modules/util/donotpanic/donotpanic.go
new file mode 100644
index 0000000000..e283ec9040
--- /dev/null
+++ b/modules/util/donotpanic/donotpanic.go
@@ -0,0 +1,28 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package donotpanic
+
+import (
+	"fmt"
+
+	"forgejo.org/modules/log"
+)
+
+type FuncWithError func() error
+
+func SafeFuncWithError(fun FuncWithError) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			log.Error("PANIC recovered: %v\nStacktrace: %s", r, log.Stack(2))
+			rErr, ok := r.(error)
+			if ok {
+				err = fmt.Errorf("PANIC recover with error: %w", rErr)
+			} else {
+				err = fmt.Errorf("PANIC recover: %v", r)
+			}
+		}
+	}()
+
+	return fun()
+}
diff --git a/modules/util/donotpanic/donotpanic_test.go b/modules/util/donotpanic/donotpanic_test.go
new file mode 100644
index 0000000000..6ddeafe06a
--- /dev/null
+++ b/modules/util/donotpanic/donotpanic_test.go
@@ -0,0 +1,28 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package donotpanic
+
+import (
+	"errors"
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDoNotPanic_SafeFuncWithError(t *testing.T) {
+	t.Run("OK", func(t *testing.T) {
+		assert.NoError(t, SafeFuncWithError(func() error { return nil }))
+	})
+
+	t.Run("PanickString", func(t *testing.T) {
+		errorMessage := "ERROR MESSAGE"
+		assert.ErrorContains(t, SafeFuncWithError(func() error { panic(errorMessage) }), fmt.Sprintf("recover: %s", errorMessage))
+	})
+
+	t.Run("PanickError", func(t *testing.T) {
+		errorMessage := "ERROR MESSAGE"
+		assert.ErrorContains(t, SafeFuncWithError(func() error { panic(errors.New(errorMessage)) }), fmt.Sprintf("recover with error: %s", errorMessage))
+	})
+}
diff --git a/options/locale/locale_ar.ini b/options/locale/locale_ar.ini
index a60fd7d5de..3b5be2c210 100644
--- a/options/locale/locale_ar.ini
+++ b/options/locale/locale_ar.ini
@@ -1174,8 +1174,6 @@ activity.period.quarterly = ثلاثة أشهر
 activity.period.semiyearly = ستة أشهر
 activity.period.yearly = عام واحد
 activity.overview = نظرة عامة
-activity.active_prs_count_1 = <strong>%d</strong> طلب دمج حالي
-activity.active_prs_count_n = <strong>%d</strong> طلب دمج حالي
 activity.merged_prs_count_1 = طلب دمج مقبول
 activity.merged_prs_count_n = طلب دمج مقبول
 activity.opened_prs_count_1 = طلب دمج مقترح
@@ -1188,8 +1186,6 @@ activity.title.prs_merged_by = %s دمجها %s
 activity.title.prs_opened_by = %s اقترحها %s
 activity.merged_prs_label = مقبول
 activity.opened_prs_label = مقترح
-activity.active_issues_count_1 = <strong>%d</strong> مسألة حالية
-activity.active_issues_count_n = <strong>%d</strong> مسألة حالية
 activity.closed_issues_count_1 = مسألة تامة
 activity.closed_issues_count_n = مسألة تامة
 activity.title.issues_1 = %d مسألة
diff --git a/options/locale/locale_bg.ini b/options/locale/locale_bg.ini
index 720c4fa1e5..ecde784a7f 100644
--- a/options/locale/locale_bg.ini
+++ b/options/locale/locale_bg.ini
@@ -761,8 +761,6 @@ activity.title.user_n = %d потребители
 activity.title.prs_n = %d заявки за сливане
 activity.merged_prs_count_1 = Слята заявка за сливане
 activity.merged_prs_count_n = Слети заявки за сливане
-activity.active_issues_count_1 = <strong>%d</strong> активна задача
-activity.active_issues_count_n = <strong>%d</strong> активни задачи
 activity.closed_issues_count_1 = Затворена задача
 activity.closed_issues_count_n = Затворени задачи
 activity.title.issues_1 = %d задача
@@ -774,13 +772,11 @@ wiki.save_page = Запазване на страницата
 activity.git_stats_author_n = %d автори
 wiki.delete_page_button = Изтриване на страницата
 activity.title.prs_1 = %d заявка за сливане
-activity.active_prs_count_n = <strong>%d</strong> активни заявки за сливане
 activity.period.filter_label = Период:
 activity.period.daily = 1 ден
 activity.period.halfweekly = 3 дни
 activity.period.weekly = 1 седмица
 activity.period.yearly = 1 година
-activity.active_prs_count_1 = <strong>%d</strong> активна заявка за сливане
 wiki.page_title = Заглавие на страницата
 wiki.page_content = Съдържание на страницата
 wiki.filter_page = Филтриране на страница
@@ -1370,8 +1366,6 @@ issues.review.comment = рецензира %s
 branch.deleted_by = Изтрит от %s
 branch.restore = Възстановяване на клона „%s“
 archive.title_date = Това хранилище е архивирано на %s. Можете да преглеждате файлове и да го клонирате, но не можете да правите промени в състоянието му, като изтласкване и създаване на нови задачи, заявки за сливане или коментари.
-release.download_count_one = %s изтегляне
-release.download_count_few = %s изтегляния
 branch.restore_success = Клонът „%s“ е възстановен.
 tag.create_tag_from = Създаване на нов маркер от „%s“
 branch.create_new_branch = Създаване на клон от клон:
@@ -1887,7 +1881,7 @@ org_full_name_holder = Пълно име на организацията
 teams = Екипи
 lower_members = участници
 lower_repositories = хранилища
-settings.repoadminchangeteam = Админ. на хранилището да може да добавя и премахва достъп за екипи
+settings.repoadminchangeteam = Админ. на хранилище да може да добавя и премахва достъп за екипи
 settings.email = Ел. поща за връзка
 settings.delete_account = Изтриване на тази организация
 settings.delete_org_title = Изтриване на организацията
@@ -1953,6 +1947,8 @@ teams.admin_access = Администраторски достъп
 settings.change_orgname_redirect_prompt.with_cooldown.one = Старото име на организацията ще бъде достъпно за всички след период на изчакване от %[1]d ден. Все още можете да си върнете старото име по време на периода на изчакване.
 teams.add_nonexistent_repo = Хранилището, което се опитвате да добавите, не съществува, моля, първо го създайте.
 teams.invite.by = Поканен от %s
+teams.owners_permission_desc = Притежателите имат пълен достъп до <strong>всички хранилища</strong> и имат <strong>администраторски достъп</strong> до организацията.
+teams.can_create_org_repo_helper = Участниците могат да създават нови хранилища в организацията. Създателят ще получи администраторски достъп до новото хранилище.
 
 [install]
 admin_password = Парола
@@ -2068,7 +2064,7 @@ projects = Проекти
 code = Код
 overview = Обзор
 watched = Наблюдавани хранилища
-unfollow = Прекратяване на следването
+unfollow = Отследване
 block = Блокиране
 settings = Потребителски настройки
 starred = Отбелязани хранилища
diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index de6d692410..b4d2d3895c 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -484,13 +484,13 @@ team_invite.subject = %[1]s us convida a unir-vos a l'organització %[2]s
 release.title = Títol: %s
 release.downloads = Baixades:
 release.download.zip = Codi font (ZIP)
-repo.transfer.subject_to_you = %s us vol transferir el repositori "%s"
+repo.transfer.subject_to_you = %s us vol transferir el repositori «%s»
 repo.collaborator.added.subject = %s us ha afegit a %s com a col·laborador
 repo.collaborator.added.text = Us han afegit com a col·laborador al repositori:
 issue_assigned.issue = @%[1]s us ha assignat l'incidència %[2]s del repositori %[3]s.
 issue.x_mentioned_you = <b>@%s</b> us ha mencionat:
 issue.action.new = <b>@%[1]s</b> ha creat #%[2]d.
-repo.transfer.subject_to = %s vol transferir el repositori "%s" a %s
+repo.transfer.subject_to = %s vol transferir el repositori «%s» a %s
 repo.transfer.to_you = tu
 register_notify.text_3 = Si algú altre us ha fet aquest compte, necessitareu <a href="%s">configurar la vostra contrasenya</a> abans.
 password_change.subject = S'ha canviat la vostra contrasenya
@@ -507,6 +507,24 @@ issue.action.reopen = <b>@%[1]s</b> ha reobert #%[2]s.
 issue.action.approve = <b>@%[1]s</b> ha aprovat aquesta sol·licitud d'extracció.
 issue.action.reject = <b>@%[1]s</b> ha sol·licitat canvis en aquesta sol·licitud d'extracció.
 register_notify.text_2 = Podeu iniciar sessió al vostre compte fent servir el vostre nom d'usuari: %s
+register_notify.text_1 = aquest és el vostre correu electrònic de confirmació pel registre de %s!
+password_change.text_1 = S'acaba de canviar la contrasenya pel vostre compte.
+issue.action.review = <b>@%[1]s</b> ha deixat un comentari a la vostra sol·licitud d'extracció.
+issue.action.review_dismissed = <b>@%[1]s</b> ha rebutjat l'última revisió de %[2]s per aquesta sol·licitud d'extracció.
+primary_mail_change.text_1 = S'ha canviat la vostra adreça de correu electrònic principal a %[1]s. Això vol dir que aquesta adreça de correu electrònic no rebrà més notificacions de correu pel vostre compte.
+totp_disabled.text_1 = S'han desactivat les contrasenyes d'un sol ús basades en el temps (TOTP) pel vostre compte.
+totp_disabled.no_2fa = Ja no hi ha altres mètodes d'autenticació de doble factor configurats, per la qual cosa ja no és necessari iniciar sessió al vostre compte mitjançat autenticació de doble factor.
+removed_security_key.no_2fa = Ja no hi ha altres mètodes d'autenticació de doble factor configurats, per la qual cosa ja no és necessari iniciar sessió al vostre compte mitjançat autenticació de doble factor.
+reset_password = Recupereu el vostre compte
+reset_password.text = Si heu sigut vós, cliqueu el següent enllaç per recuperar el vostre compte abans de <b>%s</b>:
+totp_enrolled.text_1.has_webauthn = Heu habilitat el TOTP per al vostre compte. Això vol dir que, per a totes les futures connexions al vostre compte, podreu utilitzar el TOTP com a mètode d'autenticació en dos passos (2FA) o bé utilitzar qualsevol de les vostres claus de seguretat.
+issue.action.force_push = <b>%[1]s</b> ha realitzat un «force push» de <b>%[2]s</b> des de %[3]s fins a %[4]s.
+issue.action.ready_for_review = <b>@%[1]s</b> ha marcat aquesta «pull request» com a preparada per a la revisió.
+issue.in_tree_path = A %s:
+issue.action.push_1 = <b>@%[1]s</b> ha pujat $[3]d commit a %[2]s
+issue.action.push_n = <b>@%[1]s</b> ha pujat $[3]d commits a %[2]s
+release.note = Nota:
+release.new.text = <b>@%[1]s</b> ha publicat %[2]s a %[3]s
 
 [modal]
 yes = Sí
@@ -579,6 +597,18 @@ require_error = ` no pot estar buit.`
 min_size_error = ` ha de contenir %s caràcters com a mínim.`
 max_size_error = ` ha de contenir %s caràcters com a màxim.`
 email_domain_is_not_allowed = El domini de l'adreça de correu electrònic <b>%s</b> de l'usuari entra en conflicte amb EMAIL_DOMAIN_ALLOWLIST o EMAIL_DOMAIN_BLOCKLIST. Assegureu-vos d'haver introduït l'adreça de correu electrònic correctament.
+Website = Lloc web
+Location = Ubicació
+AdminEmail = Correu electrònic de l'administrador
+AccessToken = Testimoni d'accés
+alpha_dash_error = ` hauria de contenir només caràcters alfanumèrics, guions ("-") i barres baixes ("_").`
+alpha_dash_dot_error = ` hauria de contenir només caràcters alfanumèrics, guions ("-"), barres baixes ("_") i punts (".").`
+regex_pattern_error = ` el patró d'expressió regular no és vàlid: %s.`
+required_prefix = L'entrada ha de començar amb "%s"
+CommitSummary = Resum del commit
+CommitMessage = Missatge del commit
+CommitChoice = Selecció de commit
+TreeName = Camí del fitxer
 
 [settings]
 pronouns = Pronoms
@@ -738,6 +768,105 @@ generate_token_success = S'ha generat el vostre nou testimoni. Copieu-lo ara, ja
 generate_token_name_duplicate = Ja s'ha usat <strong>%s</strong> com a nom d'aplicació. Si us plau, useu-ne un de nou.
 delete_token = Eliminar
 access_token_deletion =
+delete_email = Eliminar
+biography_placeholder = Explica una mica sobre tu als altres! (Compatible amb Markdown)
+add_new_email = Afegir una adreça de correu electrònic
+add_new_openid = Afegir una nova URI d'OpenID
+add_email = Afegir una adreça de correu electrònic
+add_openid = Afegir una URI d'OpenID
+keep_email_private = Oculta l'adreça de correu electrònic
+delete_key = Eliminar
+added_on = Afegit el %s
+last_used = Usat per últim cop el
+can_read_info = Llegir
+can_write_info = Escriure
+hide_openid = Ocultar del perfil
+show_openid = Mostrar al perfil
+ssh_disabled = SSH està deshabilitat
+access_token_deletion_desc = Eliminar un testimoni revocarà l'accés al vostre compte de les aplicacions que l'estiguin fent servir. Aquesta acció no es pot desfer. Voleu continuar?
+delete_token_success = S'ha eliminat el testimoni. Les aplicacions que l'estiguin fent servir ja no tenen accés al vostre compte.
+regenerate_token = Regenerar
+access_token_regeneration = Regenerar un testimoni d'accés
+access_token_regeneration_desc = Regenerar un testimoni revocarà l'accés al vostre compte de les aplicacions que l'estiguin fent servir. Aquesta acció no es pot desfer. Voleu continuar?
+regenerate_token_success = S'ha regenerat el testimoni. Les aplicacions que el fan servir ja no tenen accés al vostre compte i s'han actualitzar al nou testimoni.
+permissions_public_only = Només públic
+permissions_access_all = Tot (públic, privat i limitat)
+select_permissions = Selecció de permisos
+permission_no_access = Sense accés
+permission_read = Lectura
+permission_write = Lectura i escriptura
+at_least_one_permission = Heu de seleccionar un permís com a mínim per crear un testimoni
+permissions_list = Permisos:
+remove_oauth2_application = Eliminar aplicació OAuth2
+edit_oauth2_application = Modificar aplicació OAuth2
+manage_oauth2_applications = Gestionar aplicacions OAuth2
+remove_oauth2_application_success = S'ha eliminat l'aplicació.
+create_oauth2_application = Crear una nova aplicació OAuth2
+create_oauth2_application_button = Crear aplicació
+create_oauth2_application_success = Heu creat amb èxit una nova aplicació OAuth2.
+update_oauth2_application_success = Heu actualitzat amb èxit l'aplicació OAuth2.
+oauth2_application_name = Nom de l'aplicació
+oauth2_redirect_uris = URIs de redirecció. Si us plau, poseu cada URI en una línia nova.
+save_application = Guardar
+oauth2_client_id = ID del client
+oauth2_client_secret = Secret del client
+oauth2_regenerate_secret = Regenerar secret
+oauth2_regenerate_secret_hint = Heu perdut el vostre secret?
+oauth2_application_edit = Modificar
+authorized_oauth2_applications = Aplicacions OAuth2 autoritzades
+authorized_oauth2_applications_description = Heu permès accés al vostre compte personal de Forgejo a aquestes aplicacions de tercers. Si us plau, revoqueu l'accés de les aplicacions que ja no feu servir.
+revoke_key = Revocar
+revoke_oauth2_grant = Revocar l'accés
+revoke_oauth2_grant_description = Revocar l'accés d'aquesta aplicació de tercers impedirà que accedeixi a la vostra informació. N'esteu segurs?
+revoke_oauth2_grant_success = L'accés s'ha revocat amb èxit.
+twofa_desc = Per protegir el vostre compte del robatori de contrasenyes, podeu fer servir un telèfon intel·ligent o un altre dispositiu per rebre contrasenyes d'un sol ús basades en el temps ("TOTP").
+twofa_recovery_tip = Si perdeu el vostre dispositiu, podreu fer servir una clau de recuperació d'un sol ús per recuperar l'accés al vostre compte.
+twofa_disable = Desactivar l'autenticació de doble factor
+twofa_scratch_token_regenerate = Regenerar la clau de recuperació d'un sol ús
+twofa_scratch_token_regenerated = La vostra clau de recuperació d'un sol ús ara és %s. Emmagatzemeu-la en un lloc segur, ja que no es tornarà a mostrar.
+twofa_disable_note = L'autenticació de doble factor es pot desactivar si és necessari.
+twofa_disable_desc = Desactivar l'autenticació de doble factor farà que el vostre compte sigui menys segur. Voleu continuar?
+regenerate_scratch_token_desc = Si heu perdur la vostra clau de recuperació o ja l'heu fet servir per iniciar sessió, la podeu reiniciar aquí.
+twofa_disabled = S'ha desactivat l'autenticació de doble factor.
+scan_this_image = Escanegeu aquesta imatge amb la vostra aplicació d'autenticació:
+or_enter_secret = O introduïu el secret: %s
+then_enter_passcode = I introduïu el codi d'accés que es mostra a l'aplicació:
+passcode_invalid = El codi d'accés és incorrecte. Intenteu-ho de nou.
+twofa_failed_get_secret = No s'ha pogut obtenir el secret.
+webauthn_desc = Les claus de seguretat són dispositius que contenen claus criptogràfiques. Es poden fer servir per l'autenticació de doble factor. Les claus de seguretat han de ser compatibles amb l'estàndard <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a>.
+webauthn_register_key = Afegir una clau de seguretat
+webauthn_nickname = Sobrenom
+webauthn_delete_key_desc = Si elimineu una clau de seguretat no la podreu fer servir per iniciar sessió. Voleu continuar?
+webauthn_key_loss_warning = Si perdeu les vostres claus de seguretat, perdreu també l'accés al vostre compte.
+manage_account_links = Comptes vinculats
+manage_account_links_desc = Aquests comptes externs estan vinculats al vostre compte de Forgejo.
+link_account = Vincular un compte
+remove_account_link_desc = Eliminar un compte vinculat revocarà el seu accés al vostre compte de Forgejo. Voleu continuar?
+remove_account_link_success = S'ha eliminat el compte vinculat.
+orgs_none = No sou membres de cap organització.
+repos_none = No sou propietaris de cap repositori.
+blocked_users_none = No hi ha cap usuari bloquejat.
+delete_account = Eliminar el vostre compte
+delete_prompt = Aquest acció eliminarà permanentment el vostre compte. Aquesta acció <strong>no</strong> es pot desfer.
+confirm_delete_account = Confirmar l'eliminació
+delete_account_title = Eliminar el compte d'usuari
+delete_account_desc = Esteu segurs de voler eliminar permanentment aquest compte d'usuari?
+email_notifications.enable = Activar les notificacions per correu electrònic
+email_notifications.disable = Desactivar les notificacions per correu electrònic
+visibility.public_tooltip = Visible per a tothom
+visibility.limited_tooltip = Visible només pels usuaris que hagin iniciat sessió
+visibility.private_tooltip = Visible només pels membres de les organitzacions a les quals us hàgiu unit
+user_unblock_success = S'ha desbloquejat l'usuari amb èxit.
+user_block_success = S'ha bloquejat l'usuari amb èxit.
+quota.sizes.repos.all = Repositoris
+quota.sizes.repos.public = Repositoris públics
+quota.sizes.repos.private = Repositoris privats
+quota.sizes.git.all = Contingut de Git
+quota.sizes.git.lfs = Git LFS
+quota.sizes.assets.attachments.all = Fitxers adjunts
+quota.sizes.assets.attachments.issues = Fitxers adjunts a incidències
+quota.sizes.assets.artifacts = Artefactes
+quota.sizes.assets.packages.all = Paquets
 
 [repo]
 settings.basic_settings = Configuració bàsica
@@ -951,4 +1080,6 @@ public_activity.visibility_hint.self_public = La vostra activitat és visible pe
 public_activity.visibility_hint.admin_public = Aquesta activitat és visible per tothom, però com a administrador també podeu veure interaccions en espais privats.
 public_activity.visibility_hint.self_private = La vostra activitat és visible només per vós i pels administradors de la instància. <a href="%s">Configurar</a>.
 public_activity.visibility_hint.admin_private = Aquesta activitat és visible per vós perquè sou un administrador, però l'usuari vol que romangui privada.
-public_activity.visibility_hint.self_private_profile = La vostra activitat és visible només per vós i pels administradors de la instància perquè el vostre perfil és privat. <a href="%s">Configurar</a>.
\ No newline at end of file
+public_activity.visibility_hint.self_private_profile = La vostra activitat és visible només per vós i pels administradors de la instància perquè el vostre perfil és privat. <a href="%s">Configurar</a>.
+change_avatar = Canvieu el vostre avatar…
+joined_on = S'ha unit el %s
\ No newline at end of file
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 7ca734930b..5021549a37 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -1968,8 +1968,6 @@ activity.period.quarterly=3 měsíce
 activity.period.semiyearly=6 měsíců
 activity.period.yearly=1 rok
 activity.overview=Přehled
-activity.active_prs_count_1=<strong>%d</strong> aktivní žádost o sloučení
-activity.active_prs_count_n=<strong>%d</strong> aktivních žádostí o sloučení
 activity.merged_prs_count_1=Sloučená žádost
 activity.merged_prs_count_n=Sloučené žádosti
 activity.opened_prs_count_1=Navrhovaná žádost o sloučení
@@ -1982,8 +1980,6 @@ activity.title.prs_merged_by=%s sloučil %s
 activity.title.prs_opened_by=%s navrhl %s
 activity.merged_prs_label=Sloučený
 activity.opened_prs_label=Navrhovaný
-activity.active_issues_count_1=<strong>%d</strong> aktivní problém
-activity.active_issues_count_n=<strong>%d</strong> aktivních problémů
 activity.closed_issues_count_1=Uzavřený problém
 activity.closed_issues_count_n=Uzavřené problémy
 activity.title.issues_1=%d problémy
@@ -2667,8 +2663,6 @@ settings.enforce_on_admins_desc = Správci repozitáře nemohou obejít toto pra
 issues.num_participants_one = %d účastník
 size_format = %[1]s: %[2]s, %[3]s: %[4]s
 issues.archived_label_description = (Archivován) %s
-release.download_count_one = %s stažení
-release.download_count_few = %s stažení
 release.system_generated = Tato příloha byla automaticky vygenerována.
 settings.add_webhook.invalid_path = Cesta nesmí obsahovat část, která je „.“ nebo „..“ nebo prázdný řetězec. Nesmí začínat ani končit lomítkem.
 settings.web_hook_name_sourcehut_builds = Sestavení SourceHut
diff --git a/options/locale/locale_da.ini b/options/locale/locale_da.ini
index 129c831bef..aa68be4f2a 100644
--- a/options/locale/locale_da.ini
+++ b/options/locale/locale_da.ini
@@ -2070,7 +2070,6 @@ settings.federation_settings = Føderationsindstillinger
 settings.hooks = Webhooks
 activity.title.issues_created_by = %s oprettet af %s
 activity.new_issue_label = Åbnet
-activity.active_issues_count_n = <strong>%d</strong> aktive problemer
 activity.closed_issue_label = Lukket
 activity.commit = Commit aktivitet
 settings.collaboration = Samarbejdspartnere
@@ -2102,7 +2101,6 @@ activity.merged_prs_label = Flettet
 activity.merged_prs_count_n = Flettede pull-anmodninger
 activity.title.prs_n = %d pull-anmodninger
 activity.opened_prs_label = Foreslået
-activity.active_issues_count_1 = <strong>%d</strong> aktivt problem
 activity.new_issues_count_1 = Nyt problem
 activity.new_issues_count_n = Nye problemer
 activity.git_stats_commit_1 = %d commit
@@ -2125,8 +2123,6 @@ settings.mirror_settings.docs.disabled_push_mirror.info = Push-spejle er blevet
 settings.mirror_settings.docs.no_new_mirrors = Dit depot spejler ændringer til eller fra et andet depot. Husk på, at du ikke kan oprette nye spejle på nuværende tidspunkt.
 settings.mirror_settings.docs.can_still_use = Selvom du ikke kan ændre eksisterende spejle eller oprette nye, kan du stadig bruge dit eksisterende spejle.
 settings.mirror_settings.docs.doc_link_title = Hvordan spejler jeg depoter?
-activity.active_prs_count_1 = <strong>%d</strong> aktiv pull-anmodning
-activity.active_prs_count_n = <strong>%d</strong> aktive pull-anmodninger
 activity.merged_prs_count_1 = Sammenflettet pull-anmodning
 activity.opened_prs_count_1 = Foreslået pull anmodning
 activity.opened_prs_count_n = Foreslåede pull-anmodninger
@@ -2668,8 +2664,6 @@ diff.file_suppressed_line_too_long = Filforskellen er undertrykt, fordi en eller
 diff.review = Afslut gennemgangen
 diff.review.header = Send anmeldelse
 diff.review.placeholder = Gennemgå kommentar
-release.download_count_one = %s download
-release.download_count_few = %s downloads
 topic.format_prompt = Emner skal starte med et bogstav eller tal, kan indeholde bindestreger ("-") og prikker ("."), kan være op til 35 tegn lange. Bogstaver skal være små.
 branch.warning_rename_default_branch = Du omdøber standardgrenen.
 topic.done = Færdig
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 7ca3e4de71..091bfbc273 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -793,7 +793,7 @@ add_email_success=Die neue E-Mail-Addresse wurde hinzugefügt.
 email_preference_set_success=E-Mail-Einstellungen wurden erfolgreich aktualisiert.
 add_openid_success=Die neue OpenID-Adresse wurde hinzugefügt.
 keep_email_private=E-Mail-Adresse verbergen
-keep_email_private_popup=Deine Mailadresse wird nicht in deinem Profil angezeigt und wird nicht der Standard für Commits über das Webinterface sein, wie zum Beispiel Dateiuploads, Bearbeitungen, und Merge-Commits. Stattdessen kann eine besondere Adresse %s benutzt werden, um Commits mit deinem Account zu verbinden. Diese Option wirkt sich nicht auf bestehende Commits aus.
+keep_email_private_popup=Die E-Mail-Adresse wird nicht im Profil angezeigt und wird nicht der Standard für Commits über das Webinterface sein, wie zum Beispiel Dateiuploads, Bearbeitungen, und Merge-Commits. Stattdessen kann eine besondere Adresse %s benutzt werden, um Commits mit dem Benutzeraccount zu verbinden. Diese Option wirkt sich nicht auf bestehende Commits aus.
 openid_desc=Mit OpenID kannst du dich über einen Drittanbieter authentifizieren.
 
 manage_ssh_keys=SSH-Schlüssel verwalten
@@ -1653,8 +1653,8 @@ issues.add_time=Zeit manuell hinzufügen
 issues.del_time=Diese Zeiterfassung löschen
 issues.add_time_short=Zeit hinzufügen
 issues.add_time_cancel=Abbrechen
-issues.add_time_history=`hat %s den Zeitaufwand hinzugefügt`
-issues.del_time_history=`hat %s den Zeitaufwand gelöscht`
+issues.add_time_history=`hat den Zeitaufwand von %s hinzugefügt`
+issues.del_time_history=`hat den Zeitaufwand von %s gelöscht`
 issues.add_time_hours=Stunden
 issues.add_time_minutes=Minuten
 issues.add_time_sum_to_small=Es wurde keine Zeit eingegeben.
@@ -1961,8 +1961,6 @@ activity.period.quarterly=3 Monate
 activity.period.semiyearly=6 Monate
 activity.period.yearly=1 Jahr
 activity.overview=Übersicht
-activity.active_prs_count_1=<strong>%d</strong> aktiver Pull-Request
-activity.active_prs_count_n=<strong>%d</strong> aktive Pull-Requests
 activity.merged_prs_count_1=Zusammengeführter Pull-Request
 activity.merged_prs_count_n=Zusammengeführte Pull-Requests
 activity.opened_prs_count_1=Vorgeschlagener Pull-Request
@@ -1975,8 +1973,6 @@ activity.title.prs_merged_by=%s durch %s zusammengeführt
 activity.title.prs_opened_by=%s von %s vorgeschlagen
 activity.merged_prs_label=Zusammengeführt
 activity.opened_prs_label=Vorgeschlagen
-activity.active_issues_count_1=<strong>%d</strong> aktives Issue
-activity.active_issues_count_n=<strong>%d</strong> aktive Issues
 activity.closed_issues_count_1=Geschlossenes Issue
 activity.closed_issues_count_n=Geschlossene Issues
 activity.title.issues_1=%d Issue
@@ -2668,8 +2664,6 @@ settings.enforce_on_admins = Erzwinge diese Regel für alle Repositoryadministra
 settings.event_pull_request_enforcement = Erzwingung
 size_format = %[1]s: %[2]s, %[3]s: %[4]s
 issues.archived_label_description = (Archiviert) %s
-release.download_count_one = %s Download
-release.download_count_few = %s Downloads
 release.system_generated = Dieser Anhang wurde automatisch generiert.
 settings.add_webhook.invalid_path = Der Pfad darf kein „.“ oder „..“ enhalten und darf auch nicht leer sein. Er darf auch nicht mit einem Schrägstrich anfangen oder enden.
 settings.sourcehut_builds.manifest_path = Build-Manifest-Pfad
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 890e7e2db7..696fe04541 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -1969,8 +1969,6 @@ activity.period.quarterly=3 μήνες
 activity.period.semiyearly=6 μήνες
 activity.period.yearly=1 έτος
 activity.overview=Επισκόπηση
-activity.active_prs_count_1=<strong>%d</strong> ενεργό pull request
-activity.active_prs_count_n=<strong>%d</strong> ενεργά pull request
 activity.merged_prs_count_1=Συγχωνευμένο pull request
 activity.merged_prs_count_n=Συγχωνευμένα pull request
 activity.opened_prs_count_1=Νέα pull request
@@ -1983,8 +1981,6 @@ activity.title.prs_merged_by=%s συγχωνεύθηκε από %s
 activity.title.prs_opened_by=%s προτάθηκε από %s
 activity.merged_prs_label=Συγχωνευμένο
 activity.opened_prs_label=Προτεινόμενα
-activity.active_issues_count_1=<strong>%d</strong> ενεργό ζήτημα
-activity.active_issues_count_n=<strong>%d</strong> ενεργά ζητήματα
 activity.closed_issues_count_1=Κλεισμένα ζητήματα
 activity.closed_issues_count_n=Κλειστά ζητήματα
 activity.title.issues_1=%d ζήτημα
@@ -2659,8 +2655,6 @@ size_format = %[1]s: %[2]s, %[3]s: %[4]s
 issues.archived_label_description = (Αρχειοθετημένη) %s
 vendored = Εξωτερικό
 open_with_editor = Άνοιγμα με %s
-release.download_count_one = %s λήψη
-release.download_count_few = %s λήψεις
 release.system_generated = Αυτό το αρχείο παράγεται αυτόματα.
 pulls.ready_for_review = Έτοιμο για αξιολόγηση;
 settings.rename_branch_failed_protected = Δεν είναι δυνατή η μετονομασία του κλάδου %s, επειδή είναι προστατευόμενος.
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 0378160338..bb0478ba4f 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -440,7 +440,6 @@ reset_password_wrong_user = You are signed in as %s, but the account recovery li
 password_too_short = Password length cannot be less than %d characters.
 non_local_account = Non-local users cannot update their password through the Forgejo web interface.
 verify = Verify
-;As https://codeberg.org/forgejo/forgejo/issues/2809 progresses, please update this error message if possible
 unauthorized_credentials = Credentials are incorrect or have expired. Retry your command or see %s for more information
 scratch_code = Scratch code
 use_scratch_code = Use a scratch code
@@ -837,7 +836,7 @@ add_email_success = The new email address has been added.
 email_preference_set_success = Email preference has been set successfully.
 add_openid_success = The new OpenID address has been added.
 keep_email_private = Hide email address
-keep_email_private_popup = Your email address will not be shown on your profile and will not be the default for commits made via the web interface, like file uploads, edits, and merge commits. Instead, a special address %s can be used to link commits to your account. This option will not affect existing commits.
+keep_email_private_popup = Email address will not be shown on the profile page and will not be the default for commits made via the web interface, like file uploads, edits, and merge commits. Instead, a special address %s can be used to link commits to the user account. This option will not affect existing commits.
 keep_pronouns_private = Only show pronouns to authenticated users
 keep_pronouns_private.description = This will hide your pronouns from visitors that are not logged in.
 openid_desc = OpenID lets you delegate authentication to an external provider.
@@ -1579,6 +1578,7 @@ issues.filter_poster = Author
 issues.filter_poster_no_select = All authors
 issues.filter_type = Type
 issues.filter_type.all_pull_requests = All pull requests
+issues.filter_type.all_issues = All issues
 issues.filter_type.assigned_to_you = Assigned to you
 issues.filter_type.created_by_you = Created by you
 issues.filter_type.mentioning_you = Mentioning you
@@ -1823,7 +1823,6 @@ issues.review.resolve_conversation = Resolve conversation
 issues.review.un_resolve_conversation = Unresolve conversation
 issues.review.resolved_by = marked this conversation as resolved
 issues.reference_issue.body = Body
-issues.content_history.deleted = deleted
 issues.content_history.edited = edited
 issues.content_history.created = created
 issues.content_history.delete_from_history = Delete from history
@@ -2090,8 +2089,6 @@ activity.period.quarterly = 3 months
 activity.period.semiyearly = 6 months
 activity.period.yearly = 1 year
 activity.overview = Overview
-activity.active_prs_count_1 = <strong>%d</strong> active pull request
-activity.active_prs_count_n = <strong>%d</strong> active pull requests
 activity.merged_prs_count_1 = Merged pull request
 activity.merged_prs_count_n = Merged pull requests
 activity.opened_prs_count_1 = Proposed pull request
@@ -2104,8 +2101,6 @@ activity.title.prs_merged_by = %s merged by %s
 activity.title.prs_opened_by = %s proposed by %s
 activity.merged_prs_label = Merged
 activity.opened_prs_label = Proposed
-activity.active_issues_count_1 = <strong>%d</strong> active issue
-activity.active_issues_count_n = <strong>%d</strong> active issues
 activity.closed_issues_count_1 = Closed issue
 activity.closed_issues_count_n = Closed issues
 activity.title.issues_1 = %d issue
@@ -2721,8 +2716,6 @@ release.tag_name_already_exist = A release with this tag name already exists.
 release.tag_name_invalid = The tag name is not valid.
 release.tag_name_protected = The tag name is protected.
 release.downloads = Downloads
-release.download_count_one = %s download
-release.download_count_few = %s downloads
 release.add_tag_msg = Use the title and content of release as tag message.
 release.hide_archive_links = Hide automatically generated archives
 release.hide_archive_links_helper = Hide automatically generated source code archives for this release. For example, if you are uploading your own.
@@ -3854,7 +3847,6 @@ type-3.display_name = Organization project
 
 [git.filemode]
 changed_filemode = %[1]s → %[2]s
-; Ordered by git filemode value, ascending. E.g. directory has "040000", normal file has "100644", …
 directory = Directory
 normal_file = Normal file
 executable_file = Executable file
diff --git a/options/locale/locale_eo.ini b/options/locale/locale_eo.ini
index df40c8eb93..4d81f85b4a 100644
--- a/options/locale/locale_eo.ini
+++ b/options/locale/locale_eo.ini
@@ -98,7 +98,7 @@ ok = Bone
 download_logs = Elsuti protokolojn
 unknown = Nekonata
 issues = Eraroj
-error404 = Aŭ tiu ĉi paĝo <strong>ne ekzistas</strong>, <strong>estis forigita</strong> aŭ <strong>vi ne rajtas</strong> vidi ĝin.
+error404 = Aŭ tiu ĉi paĝo <strong>ne ekzistas</strong>, <strong>estas forigita</strong> aŭ <strong>vi ne rajtas</strong> vidi ĝin.
 retry = Reprovi
 activities = Aktivecoj
 confirm_delete_selected = Konfirmi forigon de ĉiu elektito?
@@ -141,10 +141,11 @@ new_migrate.link = Novan migrigon
 new_org.link = Novan organizaĵon
 error413 = Vi plenkonsumis vian kvoton.
 twofa_scratch = Sukuranta kodo por duobla aŭtentikigo
+copy_path = Kopii dosiervojon
 
 [editor]
 buttons.list.ordered.tooltip = Aldoni nombran liston
-buttons.bold.tooltip = Aldoni grasan tekston
+buttons.bold.tooltip = Aldoni grasan tekston (Ctrl+B / ⌘B)
 buttons.quote.tooltip = Citi tekston
 buttons.code.tooltip = Aldoni kodtekston
 buttons.list.unordered.tooltip = Aldoni punktan liston
@@ -154,7 +155,7 @@ buttons.ref.tooltip = Citi eraron aŭ tirpeton
 buttons.list.task.tooltip = Aldoni liston de taskoj
 buttons.enable_monospace_font = Ŝalti egallarĝan signoformaron
 buttons.mention.tooltip = Mencii uzanton aŭ grupon
-buttons.italic.tooltip = Aldoni oblikvan tekston
+buttons.italic.tooltip = Aldoni oblikvan tekston (Ctrl+I / ⌘I)
 buttons.link.tooltip = Aldoni ligilon
 buttons.disable_monospace_font = Malsalti egallarĝan signoformaron
 buttons.indent.tooltip = Krommarĝeni erojn je unu nivelo
@@ -166,6 +167,9 @@ table_modal.placeholder.content = Enhavo
 table_modal.label.rows = Horizontaloj
 table_modal.label.columns = Vertikaloj
 link_modal.description = Priskribo
+link_modal.header = Aldoni ligilon
+link_modal.url = Url
+link_modal.paste_reminder = Aludo: kun URL en via tondujo, vi povas alglui senpere al la redaktilo por krei ligilon.
 
 [aria]
 navbar = Esplora breto
@@ -202,6 +206,7 @@ install_desc = Simple aŭ <a target="_blank" rel="noopener noreferrer" href="%[1
 lightweight_desc = Forgejo ne penigos vian servilon, kaj eĉ ruleblas je Raspberry Pi. Konservu vian komputpotencon!
 platform = Plursistema
 license_desc = Ek, prenu <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejon</a>! Aliĝu kaj <a target="_blank" rel="noopener noreferrer" href="%[2]s">helpu</a> nin plibonigi la projekton. Ne timu kontribui!
+platform_desc = Forgejo estas konfirmita ruli sur liberaj operaciumoj kiel Linukso kaj FreeBSD, kaj malsamaj arkitekturprocesoroj. Elektu tion, kion vi preferas.
 
 [install]
 title = Komenca agordado
@@ -311,7 +316,7 @@ enable_update_checker = Aktivigi novversian kontrolanton
 password_algorithm = Pasvorthaketiga algoritmo
 env_config_keys = Mediagordoj
 invalid_password_algorithm = Malvalida pasvorthakeita algoritmo
-password_algorithm_helper = Agordas la pasvorthaketigan algoritmon. Algoritmoj havas malsamajn postulojn kaj efikecojn. La algoritmo argon2 sufiĉe sekuras, sed postulas multan memoron kaj eble ne taŭgas por nepotencaj serviloj.
+password_algorithm_helper = Agordu la pasvorthaketigan algoritmon. Algoritmoj havas malsamajn postulojn kaj efikecojn. La algoritmo argon2 sufiĉe sekuras, sed postulas multan memoron kaj eble ne taŭgas por nepotencaj serviloj.
 internal_token_failed = Malsukcesis krei internan ĵetonon: %v
 smtp_from_invalid = La «Sendu retleterojn kiel» adreso malvalidas
 allow_only_external_registration = Permesi registriĝon nur per fremdaj servoj
@@ -398,7 +403,7 @@ openid_register_title = Krei novan konton
 email_domain_blacklisted = Vi ne povas registriĝi per via retpoŝtadreso.
 verify = Konfirmi
 oauth_signup_submit = Finfari konton
-prohibit_login_desc = Via konto estas suspendita kaj ne povas interagi kun la instanco. Bonvolu kontakti vian retejestron por regajni aliron.
+prohibit_login_desc = Via konto estas suspendita kaj ne povas interagi kun la instanco. Bonvolu kontakti la retejestron por regajni aliron.
 openid_connect_desc = La elektita OpenID URI estas nekonata. Ligu ĝin al nova konto ĉi tie.
 oauth.signin.error = Eraris traktante aprobpeton. Se plu eraros, bonvolu kunparoli la retejestron.
 invalid_code = Via konfirmkodo malvalidas aŭ eksdatiĝis.
@@ -428,7 +433,7 @@ hint_login = Ĉu vi jam havas konton? <a href="%s">Salutu nun!</a>
 hint_register = Ĉu vi bezonas konton? <a href="%s">Reĝistriĝi nun.</a>
 sign_up_button = Reĝistriĝi nun.
 sign_in_openid = Daŭrigi kun OpenID
-back_to_sign_in = Reen en la saluton
+back_to_sign_in = Reen en la ensaluton
 use_onetime_code = Uzi unufojan kodon
 
 [mail]
@@ -484,13 +489,19 @@ password_change.text_1 = La pasvorto de via konto ĵus ŝanĝiĝis.
 primary_mail_change.subject = Via ĉefa retpoŝtadreso ŝanĝiĝis
 totp_disabled.text_1 = La tempobazita unufoja pasvorto (TOTP) en via konto ĵus malaktiviĝis.
 admin.new_user.text = Bonvolu <a href="%s">klaki ĉi tie</a> por konduki ĉi tiun uzanton el la administranta agordilo.
-removed_security_key.subject = Sekureca ŝlosilo estas forigita
+removed_security_key.subject = Sekurŝlosilo estas forigita
 removed_security_key.text_1 = La sekureca ŝlosilo "%[1]s" ĵus estas forigita de via konton.
 totp_enrolled.text_1.has_webauthn = Vi ĵus aktivigis TOTP-n por via konto. Tio volas diri ke por ĉiuj venontaj salutoj al via konto, vi povus uzi TOTP-n kiel 2FA metodo aŭ ajnan sekurecan ŝlosilon.
 totp_enrolled.text_1.no_webauthn = Vi ĵus aktivigis TOTP-n por via konto. Tio volas diri ke por ĉiuj venontaj salutoj al via konto, vi devos uzi TOTP-n kiel 2FA metodo.
 removed_security_key.no_2fa = Ne estas aliaj 2FA agorditaj metodoj, tio estas ke ne plus necesas uzi 2FA-n por saluti.
 totp_disabled.no_2fa = Ne estas plu aliaj 2FA agorditaj metodoj, tio estas ke ne plus necesas uzi 2FA-n por saluti.
 account_security_caution.text_1 = Se tio estis vi, vi povas sekure ignori ĉi tiun retmesaĝon.
+account_security_caution.text_2 = Se ne estis vi, via konto estas kompromitata. Bonvolu kontakti la administrantojn de la retpaĝaro.
+issue_assigned.pull = @%[1]s asignis al vi la tirpeton %[2]s en la deponejo %[3]s.
+issue.action.review_dismissed = <b>@%[1]s</b> maldungis la lastan revizion de %[2]s por ĉi tiu tirpeto.
+repo.transfer.subject_to_you = %s volas reposedigi la deponejon "%s" al vi
+totp_enrolled.subject = Vi aktivigis TOTP-n kiel 2FA metodo
+issue_assigned.issue = @%[1]s asignis al vi ĉi tiun eraron %[2]s en la deponejo %[3]s.
 
 [form]
 TeamName = Gruponomo
@@ -559,6 +570,15 @@ password_not_match = La pasvortoj ne samas.
 last_org_owner = Vi ne povas forigi la lastan uzanton de la «posendantoj» grupo. Organizaĵo bezonas almenaŭ unu posedanton.
 still_has_org = "Via konto anas de almenaŭ unu organizaĵoj, forlasu ilin unue."
 invalid_ssh_key = Ne povis konfirmi vian SSH-ŝlosilon: %s
+FullName = Plena nomo
+Description = Priskribo
+Pronouns = Pronomoj
+Biography = Biografio
+Website = Retpaĝaro
+Location = Kieo
+To = Branĉonomo
+AccessToken = Atingoĵetono
+required_prefix = La enigaĵo devas komenciĝi per "%s"
 
 [modal]
 confirm = Konfirmi
@@ -727,6 +747,90 @@ permissions_list = Permesoj:
 permission_write = Lega kaj Skriba
 key_content = Enhavo
 key_signature_gpg_placeholder = Komenciĝas per «-----BEGIN PGP SIGNATURE-----»
+storage_overview = Stokada superrigardo
+quota = Kvoto
+pronouns = Pronomoj
+pronouns_unspecified = Nespecifitaj
+change_username_redirect_prompt.with_cooldown.one = La malnova uzantnomo disponeblos al ĉiuj post atendoperiodo de %[1]d tago. Vi povas ankoraŭ reakiri la malnovan uzantnomon dum ĉi tiu periodo.
+change_username_redirect_prompt.with_cooldown.few = La malnova uzantnomo disponeblos al ĉiuj post atendoperiodo de %[1]d tagoj. Vi povas ankoraŭ reakiri la malnovan uzantnomon dum ĉi tiu periodo.
+language.title = Defaŭlta lingvo
+language.description = Ĉi tiu lingvo estos konservota en via konto kaj estos uzota kiel defaŭlta post kiam vi ensalutos.
+language.localization_project = Helpu nin traduki Forgejo-n en via lingvo! <a href="%s">Lerni plu</a>.
+hints = Sugestoj
+update_hints = Ĝisdatigi la sugestojn
+update_hints_success = La sugestoj ĝisdatiĝis.
+hidden_comment_types.ref_tooltip = Komentoj, kie ĉi tiu eraro estas referencita de alia eraro/enmeto/…
+comment_type_group_reference = Referenco
+comment_type_group_milestone = Celo
+comment_type_group_assignee = Asignito
+comment_type_group_lock = Rigli staton
+comment_type_group_review_request = Revizia peto
+comment_type_group_issue_ref = Referenco de la eraro
+keep_activity_private = Kaŝi la aktivecon de la profilpaĝo
+keep_activity_private.description = Via <a href="%s">publika aktiveco</a> nur videblos al vi kaj la instancaj administrantoj.
+enable_custom_avatar = Uzi propran profilbildon
+change_password = Ŝanĝi pasvorton
+keep_pronouns_private = Montri pronomojn nur al la aŭtentikigitaj uzantoj
+keep_pronouns_private.description = Tio maskos viajn pronomojn kontraŭ neaŭtentikigitaj vizitantoj.
+add_new_principal =
+gpg_token_required = Vi devas disponigi signaturon por la malsupran ĵetono
+gpg_token = Ĵetono
+gpg_token_help = Vi povas generi signaturon uzante:
+ssh_token_required = Vi devas disponigi signaturon for la malsupran ĵetono
+ssh_token = Ĵetono
+ssh_token_help = Vi povas generi signaturon uzante:
+no_activity = Neniu ĵusa aktiveco
+token_state_desc = Ĉi tiu ĵetono estis uzata dum la 7 lastaj tagoj
+manage_access_token = Atingoĵetonoj
+generate_new_token = Generi novan ĵetonon
+token_name = Ĵetono-nomo
+generate_token = Generi ĵetonon
+generate_token_success = Via nova ĵetono estas generita. Kopiu ĝin nun, ĉar ĝi ne estos montrata ree.
+access_token_deletion = Forigi atingoĵetonon
+delete_token_success = La ĵetono estas forigita. Aplikaĵoj uzantaj ĝin ne atingos plu vian konton.
+regenerate_token = Regeneri
+access_token_regeneration = Regeneri atingoĵetonon
+at_least_one_permission = Vi devas selekti almenaŭ unu permeson por krei ĵetonon
+remove_oauth2_application = Forigi OAuth2-aplikaĵon
+remove_oauth2_application_success = La aplikaĵo estas forigita.
+create_oauth2_application = Krei novan OAuth2-aplikaĵon
+create_oauth2_application_button = Krei aplikaĵon
+oauth2_application_name = Aplikaĵonomo
+save_application = Konservi
+oauth2_client_secret = Klienta sekreto
+oauth2_client_id = Klienta ID
+oauth2_regenerate_secret = Regeneri sekreton
+oauth2_regenerate_secret_hint = Ĉu vi perdis vian sekreton?
+oauth2_application_edit = Redakti
+authorized_oauth2_applications = Permesitaj OAuth2-aplikaĵoj
+create_oauth2_application_success = Vi sukcese kreis novan OAuth2 aplikaĵon.
+update_oauth2_application_success = Vi sukcese ĝisdatigis la OAuth2 aplikaĵon.
+visibility = Uzanta videbleco
+visibility.public = Publika
+visibility.public_tooltip = Videbla al ĉiuj
+visibility.limited = Limigata
+visibility.limited_tooltip = Videbla nur al ensalutitaj uzantoj
+visibility.private = Privata
+visibility.private_tooltip = Videbla nur al membroj de organizaĵoj, kiujn vi aliĝis
+blocked_since = Blokata ekde %s
+user_unblock_success = La uzanto sukcese estas malblokita.
+user_block_success = La uzanto sukcese estas blokita.
+user_block_yourself = Vi ne povas bloki vin mem.
+quota.applies_to_user = La sekvantaj kvotaj reguloj aplikiĝas al via konto
+quota.applies_to_org = La sekvantaj kvotaj reguloj aplikiĝas al ĉi tiu organizaĵo
+quota.rule.exceeded = Superita
+quota.sizes.all = Ĉio
+quota.sizes.repos.all = Deponejoj
+quota.sizes.repos.public = Publikaj deponejoj
+quota.sizes.repos.private = Privataj deponejoj
+quota.sizes.git.all = Git-enhavo
+quota.sizes.git.lfs = Git LFS
+quota.sizes.assets.attachments.all = Kunsendaĵoj
+quota.sizes.assets.attachments.issues = Kunsendaĵoj de eraro
+quota.sizes.assets.attachments.releases = Kunsendaĵoj de eldono
+quota.sizes.assets.artifacts = Artfaritaĵoj
+quota.sizes.assets.packages.all = Pakaĵoj
+quota.sizes.wiki = Vikio
 
 [user]
 form.name_reserved = La uzantonomo «%s» estas protektita.
@@ -754,6 +858,21 @@ followers_few = %d abonantoj
 block_user.detail_2 = La uzanto ne povos interagi viajn deponejojn, erarojn, kaj komentojn.
 block_user = Bloki uzanton
 change_avatar = Ŝanĝi vian profilbildon…
+activity = Publika aktiveco
+followers.title.one = Sekvanto
+followers.title.few = Sekvantoj
+following.title.one = Sekvata
+following.title.few = Sekvataj
+followers_one = %d sekvanto
+following_one = %d sekvataj
+overview = Superrigardo
+disabled_public_activity = Ĉi tiu uzanto malaktivigis la publikan videblecon de sia aktiveco.
+public_activity.visibility_hint.self_public = Via aktiveco videblas al ĉiuj, escepte de interagoj en privataj spacoj. <a href="%s">Agordi</a>.
+public_activity.visibility_hint.admin_public = Ĉi tiu aktiveco videblas al ĉiuj, sed kiel administranto vi povas ankaŭ vidi interagojn en privataj spacoj.
+public_activity.visibility_hint.self_private = Via aktiveco nur videblas al vi kaj la instancaj administrantoj. <a href="%s">Agordi</a>.
+public_activity.visibility_hint.admin_private = Ĉi tiu aktiveco videblas al vi ĉar vi estas administranto, sed la uzanto volas ke ĝi restu privata.
+public_activity.visibility_hint.self_private_profile = Via aktiveco nur videblas al vi kaj la instancaj administrantoj, ĉar via profilo estas privata. <a href="%s">Agordi</a>.
+form.name_pattern_not_allowed = La ŝablono "%s" ne estas permesata en uzantnomo.
 
 
 [repo]
@@ -802,6 +921,7 @@ activity.active_prs_count_n = <strong>%d</strong> aktivaj tirpetoj
 settings.archive.text = Arĥivigi la deponejon igus ĝin sole legebla. Ĝi kaŝiĝos de la labortablo. Neniu (ne eĉ vi!) povos fari enmetojn, raportojn, kaj tirpetojn.
 migrate_items_releases = Eldonoj
 commits.commits = Enmetoj
+rss.must_be_on_branch = Vi devas esti en branĉo por havi RSS-fluon.
 
 [org]
 code = Fontkodo
@@ -837,4 +957,27 @@ regexp_tooltip = Interpretas la serĉoterminoj kiel regulesprimo
 fuzzy = Svaga
 branch_kind = Serĉi disbranĉigojn…
 runner_kind = Serĉi rulantojn…
-pull_kind = Serĉi tirpetojn…
\ No newline at end of file
+pull_kind = Serĉi tirpetojn…
+
+[markup]
+filepreview.truncated = La superrigardo estas mallongigita
+filepreview.line = Linio %[1]d en %[2]s
+filepreview.lines = Linioj %[1]d ĝis %[2]d en %[3]s
+
+[actions]
+variables.creation.success = La variablo "%s" estas aldonita.
+variables.update.failed = Ne eblas redakti la variablon.
+variables.update.success = La variablo estas redaktita.
+
+[projects]
+deleted.display_name = Forigita projekto
+type-1.display_name = Persona projekto
+type-2.display_name = Deponejoprojekto
+
+[git.filemode]
+changed_filemode = %[1]s → %[2]s
+directory = Dosierujo
+normal_file = Normala dosiero
+executable_file = Rulebla dosiero
+symbolic_link = Simbola ligilo
+submodule = Submodulo
\ No newline at end of file
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 0a029655c2..2558a7e2b2 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -1960,8 +1960,6 @@ activity.period.quarterly=3 meses
 activity.period.semiyearly=6 meses
 activity.period.yearly=1 año
 activity.overview=Resumen
-activity.active_prs_count_1=<strong>%d</strong> pull request activa
-activity.active_prs_count_n=<strong>%d</strong> pull requests activas
 activity.merged_prs_count_1=Pull request fusionado
 activity.merged_prs_count_n=Pull requests fusionados
 activity.opened_prs_count_1=Pull request propuesta
@@ -1974,8 +1972,6 @@ activity.title.prs_merged_by=%s fusionado por %s
 activity.title.prs_opened_by=%s propuesto por %s
 activity.merged_prs_label=Fusionado
 activity.opened_prs_label=Propuesto
-activity.active_issues_count_1=<strong>%d</strong> incidencia activa
-activity.active_issues_count_n=<strong>%d</strong> incidencias activas
 activity.closed_issues_count_1=Incidencia cerrada
 activity.closed_issues_count_n=Incidencias cerradas
 activity.title.issues_1=%d incidencia
@@ -2705,10 +2701,8 @@ release.hide_archive_links = Ocultar archivos generados automaticamente
 settings.mirror_settings.pushed_repository = Repositorio pusheado
 settings.rename_branch_failed_protected = No se puede renombrar la rama %a porque es un rama protegida.
 release.invalid_external_url = URL externa inválida: %s
-release.download_count_one = %s descarga
 diff.git-notes.add = Añadir nota
 diff.git-notes.remove-header = Eliminar nota
-release.download_count_few = %s descargas
 diff.git-notes.remove-body = Esta nota será eliminada.
 editor.add_tmpl.filename = nombre de fichero
 issues.reaction.add = Añadir reacción
diff --git a/options/locale/locale_eu.ini b/options/locale/locale_eu.ini
index 7df55f2761..a2dc60dfe6 100644
--- a/options/locale/locale_eu.ini
+++ b/options/locale/locale_eu.ini
@@ -1 +1,2 @@
 [common]
+home = Etxea
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index da60974680..16c6b0228b 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -1478,8 +1478,6 @@ activity.period.quarterly=سه ماه
 activity.period.semiyearly=6 ماه
 activity.period.yearly=1 سال
 activity.overview=مرور
-activity.active_prs_count_1=<strong>%d</strong> تقاضای واکشی فعال
-activity.active_prs_count_n=<strong>%d</strong> تقاضاهای واکشی فعال
 activity.merged_prs_count_1=تقاضای واکشی ادغام شد
 activity.merged_prs_count_n=تقاضاهای واکشی ادغام شد
 activity.opened_prs_count_1=تقاضای واکشی پیشنهاد شده
@@ -1492,8 +1490,6 @@ activity.title.prs_merged_by=%s ادغام شده توسط %s
 activity.title.prs_opened_by=%s پیشنهاد شده توسط %s
 activity.merged_prs_label=ادغام شده
 activity.opened_prs_label=پیشنهاد شده
-activity.active_issues_count_1=<strong>%d</strong> مسئله فعال
-activity.active_issues_count_n=<strong>%d</strong> مسئله فعال
 activity.closed_issues_count_1=مسئله حل شده
 activity.closed_issues_count_n=مسائل حل شده
 activity.title.issues_1=%d مسئله
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 5c6665148e..cd66ac83d5 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -40,7 +40,7 @@ webauthn_use_twofa=Käytä kaksivaihesta todennusta puhelimestasi
 webauthn_error=Turva-avainta ei voitu lukea.
 webauthn_unsupported_browser=Selaimesi ei tällä hetkellä tue WebAuthnia.
 webauthn_error_unknown=Tuntematon virhe. Yritä uudelleen.
-webauthn_error_insecure=WebAuthn tukee vain suojattuja yhteyksiä. Testatessa HTTP-yhteydellä voit käyttää osoitetta "localhost" tai "127.0.0.1"
+webauthn_error_insecure=WebAuthn tukee vain turvallisia yhteyksiä. Testaamista varten HTTP-välityksellä voit käyttää alkuperää "localhost" tai "127.0.0.1"
 webauthn_error_unable_to_process=Palvelin ei pystynyt käsittelemään pyyntöä.
 webauthn_error_duplicated=Turva-avainta ei ole sallittu tässä pyynnössä. Varmista, ettei avainta ole jo rekisteröity.
 webauthn_error_empty=Sinun täytyy asettaa nimi tälle avaimelle.
@@ -848,7 +848,7 @@ twofa_enroll=Ota kaksivaiheinen todennus käyttöön
 twofa_disabled=Kaksivaiheinen todennus on otettu pois käytöstä.
 scan_this_image=Skannaa tämä kuva todennussovelluksellasi:
 or_enter_secret=Tai kirjoita salainen avain: %s
-twofa_enrolled=Tiliisi on otettu käyttöön kaksivaiheinen todennus. Ota kertakäyttöinen palautusavain (%s) talteen turvalliseen paikkaan, sillä se näytetään vain kerran!
+twofa_enrolled=Tilisi on otettu mukaan onnistuneesti. Säilytä kertakäyttöistä palautusavainta (%s) turvallisessa paikassa, sillä sitä ei enää näytetä.
 
 webauthn_nickname=Nimimerkki
 
@@ -1012,6 +1012,7 @@ ssh_principal_deletion_desc = SSH-varmenneprinsipaalin poistaminen kumoaa sen p
 ssh_principal_deletion_success = Prinsipaali on poistettu.
 principal_state_desc = Tätä prinsipaalia on käytetty viimeisen seitsemän päivän aikana
 regenerate_token_success = Poletti on luotu uudelleen. Sovellukset, jotka käyttivät polettia, eivät enää pääse tilillesi. Kyseiset sovellukset tulee päivittää uudella poletilla.
+quota.sizes.assets.all = Resurssit
 
 [repo]
 owner=Omistaja
@@ -1072,7 +1073,7 @@ migrate_items_pullrequests=Vetopyynnöt
 migrate_items_releases=Julkaisut
 migrate_repo=Suorita tietovaraston migraatio
 migrate.clone_address=Migraatio/kloonaus URL-osoitteesta
-migrate.github_token_desc=Voit laittaa yhden tai useamman pääsypoletin pilkulla erotellen tähän nopeuttaaksesi migraatiota GitHubin rajapinnan tahtirajojen takia. VAROITUS: Tämän ominaisuuden väärinkäyttö voi rikkoa palveluntarjoajan ehtoja ja johtaa tilin estämiseen.
+migrate.github_token_desc=Voit lisätä tähän yhden tai useamman tunnuksen pilkuilla erotettuna nopeuttaaksesi migraatiota kiertämällä GitHub API:n nopeusrajoituksen. Varoitus: Tämän ominaisuuden väärinkäyttö voi rikkoa palveluntarjoajan käytäntöä ja johtaa tiliesi sulkemiseen.
 migrate.permission_denied=Paikallisten tietovarastojen tuominen ei ole sallittua.
 migrate.failed=Migraatio epäonnistui: %v
 migrate.migrate_items_options=Lisäkohteiden migraatiota varten vaaditaan pääsypoletti
@@ -1081,7 +1082,7 @@ migrate.migrating_failed=Migraatio lähteestä <b>%s</b> epäonnistui.
 migrate.migrating_git=Suoritetaan Git-datan migraatiota
 
 mirror_from=peili kohteelle
-forked_from=forkattu lähteestä
+forked_from=forkattu tietovarastosta
 unwatch=Lopeta tarkkailu
 watch=Tarkkaile
 unstar=Poista tähti
@@ -1117,7 +1118,7 @@ file_permalink=Pysyväislinkki
 
 video_not_supported_in_browser=Selaimesi ei tue HTML5:n video-tagia.
 audio_not_supported_in_browser=Selaimesi ei tue HTML5:n audio-tagia.
-blame=Blame
+blame=Syyllistynyt
 download_file=Lataa tiedosto
 normal_view=Normaali näkymä
 line=rivi
@@ -1180,7 +1181,7 @@ projects.open=Avaa
 projects.close=Sulje
 
 issues.desc=Ongelmien, tehtävien ja merkkipaalujen hallinta.
-issues.filter_assignees=Suodata käyttäjiä
+issues.filter_assignees=Suodata vastuuhenkilö
 issues.filter_milestones=Suodata merkkipaalu
 issues.new=Uusi ongelma
 issues.new.labels=Nimilaput
@@ -1215,7 +1216,7 @@ issues.self_assign_at=`itse otti tämän käsittelyyn %s`
 issues.change_title_at=`muutti otsikon <b><strike>%s</strike></b> otsikoksi <b>%s</b> %s`
 issues.delete_branch_at=`poisti haaran <b>%s</b> %s`
 issues.filter_label=Nimilappu
-issues.filter_label_exclude=`Käytä <code>alt</code> + <code>napsautus/rivinvaihto</code> poissulkeaksesi nimilappuja`
+issues.filter_label_exclude=Käytä <kbd>Alt</kbd> + <kbd>Click</kbd>-näppäinyhdistelmää nimiöiden poissulkemiseksi
 issues.filter_label_no_select=Kaikki nimilaput
 issues.filter_milestone=Merkkipaalu
 issues.filter_project=Projekti
@@ -1264,9 +1265,9 @@ issues.close_comment_issue=Kommentoi ja sulje
 issues.reopen_issue=Avaa uudelleen
 issues.reopen_comment_issue=Kommentoi ja avaa uudelleen
 issues.create_comment=Kommentoi
-issues.closed_at=`sulki tämän ongelman %s`
-issues.reopened_at=`uudelleenavasi tämän ongelman %s`
-issues.commit_ref_at=`viittasi tähän ongelmaan kommitissa %s`
+issues.closed_at=`sulki tämän tukipyynnön %s`
+issues.reopened_at=`avasi tämän tukipyynnön uudelleen %s`
+issues.commit_ref_at=`viittasi tähän tukipyyntöön sitoumuksesta %s`
 issues.author=Tekijä
 issues.role.owner=Omistaja
 issues.role.member=Jäsen
@@ -1417,11 +1418,7 @@ activity.period.quarterly=3 kuukautta
 activity.period.semiyearly=6 kuukautta
 activity.period.yearly=1 vuosi
 activity.overview=Yleiskatsaus
-activity.active_prs_count_1=<strong>%d</strong> aktiivinen vetopyyntö
-activity.active_prs_count_n=<strong>%d</strong> aktiivista vetopyyntöä
 activity.merged_prs_label=Yhdistetty
-activity.active_issues_count_1=<strong>%d</strong> aktiivinen ongelma
-activity.active_issues_count_n=<strong>%d</strong> aktiivista ongelmaa
 activity.closed_issues_count_1=suljettu ongelma
 activity.closed_issues_count_n=suljettua ongelmaa
 activity.title.issues_created_by=%s luonut %s
@@ -1547,7 +1544,7 @@ settings.web_hook_name_larksuite_only =Lark Suite
 settings.web_hook_name_packagist=Packagist
 settings.deploy_keys=Toimitusavaimet
 settings.add_deploy_key=Lisää toimitusavain
-settings.deploy_key_desc=Toimitusavaimilla on pelkkä lukuoikeus tietovarastoon.
+settings.deploy_key_desc=Käyttöönottoavaimilla voi olla vain luku- tai luku-kirjoitusoikeudet tietovarastoon.
 settings.is_writable_info=Salli tämän toimitusavaimen <strong>työntää</strong> tietovarastoon.
 settings.no_deploy_keys=Toimitusavaimia ei ole käytössä vielä.
 settings.title=Otsikko
@@ -1586,7 +1583,7 @@ settings.archive.header=Arkistoi tämä tietovarasto
 settings.archive.tagsettings_unavailable=Tagi-asetukset eivät ole käytettävissä arkistoiduissa tietovarastoissa.
 settings.lfs=LFS
 settings.lfs_filelist=Tähän tietovarastoon tallennetut LFS-tiedostot
-settings.lfs_no_lfs_files=LFS-tiedostoja ei ole tallennettu tähän tietovarastoon.
+settings.lfs_no_lfs_files=Tähän tietovarastoon ei ole tallennettu LFS-tiedostoja
 settings.lfs_findcommits=Etsi kommitteja
 settings.lfs_lfs_file_no_commits=Tälle LFS-tiedostolle ei löytynyt kommitteja
 settings.lfs_noattribute=Tällä polulla ei ole lukittavaa attribuuttia oletushaarassa
@@ -1801,7 +1798,6 @@ wiki.cancel = Peruuta
 issues.dependency.remove_header = Poista riippuvuus
 issues.dependency.issue_remove_text = Riippuvuus poistetaan tästä ongelmasta. Jatketaanko?
 issues.dependency.pr_remove_text = Riippuvuus poistetaan tästä vetopyynnöstä. Jatketaanko?
-release.download_count_few = %s latausta
 diff.data_not_available = Diff-sisältö ei ole saatavilla
 diff.image.side_by_side = Rinnakkain
 release.ahead.target = haaraan %s tämän julkaisun jälkeen
@@ -1970,7 +1966,6 @@ branch.create_new_branch = Luo haara haarasta:
 settings.archive.error_ismirror = Et voi arkistoida peilattua tietovarastoa.
 branch.warning_rename_default_branch = Olet nimeämässä oletushaaran uudelleen.
 settings.web_hook_name_msteams = Microsoft Teams
-release.download_count_one = %s lataus
 settings.update_hook_success = Webkoukku on päivitetty.
 diff.file_before = Ennen
 diff.file_after = Jälkeen
@@ -2148,7 +2143,7 @@ issues.add_label = lisäsi nimilapun %s %s
 issues.due_date_added = lisäsi eräpäivän %s %s
 issues.review.add_review_request = pyysi katselmointia käyttäjältä %[1]s %[2]s
 issues.ref_pull_from = `<a href="%[2]s">viittasi tähän vetopyyntöön %[3]s</a> %[1]s`
-pulls.commit_ref_at = `viittasi tähän vetopyyntöön kommitista %s`
+pulls.commit_ref_at = `viittasi tähän vetopyyntöön sitoumuksesta %s`
 issues.review.comment = katselmoi %s
 issues.add_labels = lisäsi nimilaput %s %s
 issues.review.add_review_requests = pyysi katselmointeja käyttäjiltä %[1]s %[2]s
@@ -2329,9 +2324,9 @@ wiki.page_name_desc = Kirjoita tämän wikisivun nimi. Joitain erikoisnimiä ova
 pulls.blocked_by_changed_protected_files_1 = Tämä vetopyyntö sisältää suojatun tiedoston ja on siksi estetty:
 pulls.status_checks_warning = Jotkin tarkistukset raportoivat varoituksia
 pulls.status_checks_error = Jotkin tarkistukset raportoivat virheitä
-pulls.reopened_at = `avasi uudelleen tämän vetopyynnön %s`
+pulls.reopened_at = `avasi tämän vetopyynnön uudelleen %s`
 pulls.auto_merge_when_succeed = Yhdistä automaatisesti kun kaikki tarkistukset onnistuvat
-signing.wont_sign.error = Tapahtui virhe tarkistaessa voiko kommitin allekirjoittaa.
+signing.wont_sign.error = Tapahtui virhe tarkistettaessa, voiko sitoumus allekirjoittaa.
 signing.wont_sign.twofa = Sinulla tulee olla kaksivaiheinen todennus käytössä, jotta kommitit voi allekirjoittaa.
 pulls.data_broken = Tämä vetopyyntö on rikki johtuen puuttuvasta forkkitiedosta.
 pulls.files_conflicted = Tämä vetopyyntö sisältää muutoksia, jotka ovat ristiriidassa kohdehaaran kanssa.
@@ -3051,7 +3046,7 @@ auths.attribute_username_placeholder = Jätä tyhjäksi käyttääksesi Forgejo:
 auths.oauth2_authURL = Valtuutuksen URL-osoite
 auths.new_success = Todennus "%s" on lisätty.
 users.still_own_repo = Tämä käyttäjä omistaa yhden tai useamman tietovaraston. Poista tai siirrä nämä tietovarastot ensin.
-dashboard.cleanup_hook_task_table = Siivoa hook_task-taulu
+dashboard.cleanup_hook_task_table = Siivoa koukku -_tehtävätaulukko
 dashboard.delete_old_actions = Poista kaikki vanhat aktiviteetit tietokannasta
 auths.attribute_mail = Sähköpostiosoitteen attribuutti
 auths.attribute_ssh_public_key = Julkisen SSH-avaimen attribuutti
@@ -3119,7 +3114,7 @@ dashboard.resync_all_sshprincipals = Päivitä ".ssh/authorized_principals"-tied
 create_repo=loi tietovaraston <a href="%s">%s</a>
 rename_repo=asetti tietovaraston <code>%[1]s</code> uudeksi nimeksi <a href="%[2]s">%[3]s</a>
 transfer_repo=siirsi tietovaraston <code>%s</code> käyttäjälle <a href="%s">%s</a>
-push_tag=työnsi tagin <a href="%[2]s">%[3]s</a> kohteeseen <a href="%[1]s">%[4]s</a>
+push_tag=työnsi tagin <a href="%[2]s">%[3]s</a> tietovarastoon <a href="%[1]s">%[4]s</a>
 delete_tag=poisti tagin %[2]s kohteesta <a href="%[1]s">%[3]s</a>
 compare_commits_general=Vertaa kommitteja
 create_branch=loi haaran <a href="%[2]s">%[3]s</a> tietovarastossa <a href="%[1]s">%[4]s</a>
@@ -3142,6 +3137,7 @@ watched_repo = aloitti tietovaraston <a href="%[1]s">%[2]s</a> tarkkailun
 approve_pull_request = `hyväksyi <a href="%[1]s">%[3]s#%[2]s</a>`
 starred_repo = lisäsi tähden tietovarastolle <a href="%[1]s">%[2]s</a>
 reject_pull_request = `ehdotti muutoksia kohteeseen <a href="%[1]s">%[3]s#%[2]s</a>`
+publish_release = `julkaisi <a href="%[2]s">%[4]s</a> tietovarastossa <a href="%[1]s">%[3]s</a>`
 
 [tool]
 now=nyt
@@ -3233,7 +3229,7 @@ helm.install = Asenna paketti komennolla:
 owner.settings.chef.keypair = Luo avainpari
 settings.delete.error = Paketin poistaminen epäonnistui.
 requirements = Vaatimukset
-published_by_in = Julkaistu %[1]s, julkaisija <a href="%[2]s">%[3]s</a> projektissa <a href="%[4]s"><strong>%[5]s</strong></a>
+published_by_in = Julkaistu %[1]s, julkaisija <a href="%[2]s">%[3]s</a> tietovarastossa <a href="%[4]s"><strong>%[5]s</strong></a>
 pypi.requires = Vaatii Pythonin
 alpine.install = Asenna paketti seuraavalla komennolla:
 debian.repository.components = Komponentit
@@ -3355,6 +3351,7 @@ debian.repository = Tietovaraston tiedot
 conda.registry = Määritä tämä rekisteri Conda-tietovarastoksi <code>.condarc</code>-tiedostossa:
 container.labels = Nimilaput
 settings.link.description = Jos linkität paketin tietovarastoon, paketti listataan tietovaraston pakettilistalla.
+assets = Resurssit
 
 [secrets]
 creation.failed = Salaisuuden lisääminen epäonnistui.
@@ -3523,4 +3520,4 @@ wiki.write = <b>Kirjoita:</b> Luo, päivitä ja poista integroidun wikin sivuja.
 filepreview.truncated = Esikatselu on typistetty
 
 [translation_meta]
-test = This is a test string. It is not displayed in Forgejo UI but is used for testing purposes. Feel free to enter "ok" to save time (or a fun fact of your choice) to hit that sweet 100% completion mark :) :) :)
\ No newline at end of file
+test = Tämä on testimerkkijono. Sitä ei näytetä Forgejo-käyttöliittymässä, mutta sitä käytetään testaustarkoituksiin. Voit vapaasti kirjoittaa "selvä" säästääksesi aikaa (tai käyttää hauskaa faktaa) ja saavuttaaksesi sen makean 100 %:n valmistumisrajan :)
\ No newline at end of file
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index d5a583861e..8f61ead1f9 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -1856,7 +1856,6 @@ activity.git_stats_file_n = %d mga file
 activity.git_stats_file_1 = %d file
 pulls.desc = Paganahin ang mga hiling sa paghila at mga pagsuri sa code.
 activity.git_stats_exclude_merges = Maliban sa mga pagsali,
-activity.active_prs_count_n = <strong>%d</strong> aktibong mga hiling sa paghila
 issues.author.tooltip.issue = May-akda ng iysung ito ang user.
 issues.author.tooltip.pr = May-akda ng hiling sa paghila na ito ang user na ito.
 issues.dependency.add_error_dep_exists = Umiiral na and dependency.
@@ -1925,13 +1924,11 @@ pulls.collapse_files = I-collapse ang lahat ng mga file
 pulls.add_prefix = Magdagdag ng <strong>%s</strong> na prefix
 pulls.still_in_progress = Ginagawa pa?
 activity.title.prs_1 = %d hiling sa paghila
-activity.active_issues_count_n = <strong>%d</strong> mga aktibong isyu
 pulls.required_status_check_missing = Nawawala ang ilang mga kinakailangang pagsusuri.
 pulls.required_status_check_administrator = Bilang tagapangasiwa, maaari mo pa ring isama ang hiling sa paghila na ito.
 pulls.blocked_by_approvals = Wala pang sapat na pag-apruba ang hiling sa paghila na ito. %d ng %d na pag-apruba ang ibinigay.
 settings.options = Repositoryo
 wiki.back_to_wiki = Bumalik sa pahina ng wiki
-activity.active_issues_count_1 = <strong>%d</strong> aktibong isyu
 activity.closed_issues_count_1 = Saradong isyu
 settings.federation_apapiurl = Federation URL ng repositoryo na ito. Kopyahin at i-paste ito sa Mga Setting ng Federation ng ibang repositoryo bilang URL ng isang Sinusundan na Repositoryo.
 pulls.select_commit_hold_shift_for_range = Piliin ang commit. I-hold ang shift + click para pumili ng pagitan
@@ -1951,7 +1948,6 @@ pulls.data_broken = Sira ang hiling sa paghila na ito dahil sa nawawalang imporm
 pulls.files_conflicted = May mga pagbabago ang hiling sa paghila na ito na sumasalungat sa target na branch.
 pulls.is_checking = Ginagawa pa ang pagsuri ng merge conflict. Subukang muli sa ilang sandali.
 wiki.welcome_desc = Pinapayagan ng wiki ang pagsulat at pagbahagi ng dokumentasyon sa mga katulong.
-activity.active_prs_count_1 = <strong>%d</strong> aktibong hiling sa paghila
 settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = Sa ngayon, magagawa lang ito sa "Bagong Paglipat" na menu. Para sa karagdagang impormasyon, mangyaring kumonsulta sa:
 settings.mirror_settings.docs.disabled_push_mirror.info = Na-disable ng iyong tagapangasiwa ng site ang mga push mirror.
 settings.mirror_settings.docs.disabled_push_mirror.instructions = I-set up ang iyong proyekto na awtomatikong hilahin ang mga commit, tag at branch mula sa isa pang repositoryo.
@@ -2532,8 +2528,6 @@ release.deletion_success = Binura na ang release.
 release.deletion_tag_success = Nabura na ang tag na ito.
 release.tag_name_already_exist = Umiiral na ang release na may pangalan ng tag na ito.
 release.tag_already_exist = Umiiral na ang pangalan ng tag na ito.
-release.download_count_one = %s download
-release.download_count_few = %s mga download
 release.tags_for = Mga tag para sa %s
 release.system_generated = Awtomatikong na-generate ang attachment na ito.
 release.type_attachment = Attachment
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index fb79e68da6..bc6d086162 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -1972,8 +1972,6 @@ activity.period.quarterly=3 mois
 activity.period.semiyearly=6 mois
 activity.period.yearly=1 an
 activity.overview=Vue d'ensemble
-activity.active_prs_count_1=<strong>%d</strong> demande d'ajout active
-activity.active_prs_count_n=<strong>%d</strong> demandes d'ajout actives
 activity.merged_prs_count_1=Demande d'ajout fusionnée
 activity.merged_prs_count_n=Demandes d'ajout fusionnées
 activity.opened_prs_count_1=Demande d'ajout proposée
@@ -1986,8 +1984,6 @@ activity.title.prs_merged_by=%s fusionnée par %s
 activity.title.prs_opened_by=%s proposée par %s
 activity.merged_prs_label=Fusionnée
 activity.opened_prs_label=Proposée
-activity.active_issues_count_1=<strong>%d</strong> ticket actif
-activity.active_issues_count_n=<strong>%d</strong> tickets actifs
 activity.closed_issues_count_1=Ticket fermé
 activity.closed_issues_count_n=Tickets fermés
 activity.title.issues_1=%d ticket
@@ -2666,8 +2662,6 @@ size_format = %[1]s : %[2]s, %[3]s : %[4]s ; %[3]s : %[4]s
 settings.sourcehut_builds.visibility = Visibilité du job
 settings.sourcehut_builds.secrets = Secrets
 settings.sourcehut_builds.manifest_path = Chemin du manifest de build
-release.download_count_one = %s téléchargement
-release.download_count_few = %s téléchargements
 release.system_generated = Cet attachement a été généré automatiquement.
 settings.enforce_on_admins_desc = Les administrateurs du dépôt ne peuvent pas passer outre cette règle.
 settings.web_hook_name_sourcehut_builds = Builds SourceHut
diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini
index ddf766aa71..41a4f51227 100644
--- a/options/locale/locale_ga-IE.ini
+++ b/options/locale/locale_ga-IE.ini
@@ -1541,8 +1541,6 @@ activity.period.quarterly = 3 mhí
 activity.period.semiyearly = 6 mhí
 activity.period.yearly = 1 bhliain
 activity.overview = Forbhreathnú
-activity.active_prs_count_1 = <strong>%d</strong> Iarratas Tarraingthe Gníomhach
-activity.active_prs_count_n = <strong>%d</strong> Iarratais Tharraing Ghníomhach
 activity.merged_prs_count_1 = Iarratas Tarraing Cumaisc
 activity.merged_prs_count_n = Iarratais Tharraing Chomhcheangail
 activity.opened_prs_count_1 = Iarratas Tarraing Beartaithe
@@ -1555,8 +1553,6 @@ activity.title.prs_merged_by = %s a chumasc ag %s
 activity.title.prs_opened_by = %s arna mholadh ag %s
 activity.merged_prs_label = Cumaiscthe
 activity.opened_prs_label = Molta
-activity.active_issues_count_1 = <strong>%d</strong> Eagrán Gníomhach
-activity.active_issues_count_n = <strong>%d</strong> Ceisteanna Gníomhacha
 activity.closed_issues_count_1 = Saincheist Dúnta
 activity.closed_issues_count_n = Saincheisteanna Dúnta
 activity.title.issues_1 = Saincheist %d
diff --git a/options/locale/locale_hi.ini b/options/locale/locale_hi.ini
index 37115162e7..909254103b 100644
--- a/options/locale/locale_hi.ini
+++ b/options/locale/locale_hi.ini
@@ -224,4 +224,99 @@ confirm_password = पासवर्ड पक्का करें
 admin_email = ईमेल एड्रेस
 config_location_hint = ये सञ्चालन के तरीके यहाँ सेव होंगे :
 install_btn_confirm = इनस्टॉल फॉरगेजो
-test_git_failed = git कमांड टेस्ट नहीं हुई: %v
\ No newline at end of file
+test_git_failed = git कमांड टेस्ट नहीं हुई: %v
+sqlite3_not_available = इस फॉरगेजो के वर्शन में SQLite३ नहीं है। कृपया डाउनलोड करें बाइनरी वर्शन यहाँ से %s (“gobuild” वर्शन नहीं करें)।
+invalid_db_setting = ये डेटाबेस सेटिंग्स मान्य नहीं हैं %v
+invalid_db_table = डेटाबेस टेबल “%s” मान्य नहीं: %v
+invalid_repo_path = इस रिपॉजिटरी की मूल पथ मान्य नहीं है: %v
+invalid_app_data_path = एप्प की डाटा पथ अमान्य है: %v
+run_user_not_match = “यूजर को ऐसे चलाएं” उसरनाम अभी का उसरनाम नहीं है: %s -> %s
+internal_token_failed = अंदरूनी टोकन बना नहीं पाए: %v
+secret_key_failed = गुप्त चाभी बना नहीं पाए: %v
+save_config_failed = संरूपण को सेव नहीं कर पाए: %v
+enable_update_checker_helper_forgejo = ये समय-समय पर चेक करेगा फॉरगेजो वर्शन नया है की नहीं TXT DNS रिकॉर्ड से यहाँ release.forgejo.org।
+invalid_admin_setting = प्रशासक अकाउंट सेटिंग अमान्य है: %v
+invalid_log_root_path = लॉग का रास्ता अमान्य है: %v
+no_reply_address = गुप्त ईमेल डोमेन
+no_reply_address_helper = डोमेन का नाम उसेर्स के गुप्त ईमेल पते से हैं। जैसे की, जब यूजर “जोई” लॉग करेगा Git पे “जोई@noreply.example.org” अगर गुप्त ईमेल पता पड़ा है “noreply.example.org”।
+password_algorithm = पासवर्ड का हैश कलन विधि (algorithm)
+invalid_password_algorithm = अमान्य पासवर्ड का हैश कलन विधि (algorithm)
+password_algorithm_helper = पासवर्ड हैश अल्गोरिथम सेट करें। अल्गोरिथ्म्स की अलग-अलग ज़रूरतें और मज़बूतियाँ हैं। आर्गन2 अल्गोरिथम मज़बूत है पर मेमोरी ज़्यादा लेता है और छोटे सिस्टम्स के लिए सही नहीं होता।
+enable_update_checker = अपडेट चेकर चालू करें
+env_config_keys = पर्यावरण संरूपण
+env_config_keys_prompt = पर्यावरण वेरिएबल्स को संरूपण फाइल पर भी लागू किया जायेगा:
+
+[home]
+uname_holder = उसरनाम या ईमेल एड्रेस
+switch_dashboard_context = डैशबोर्ड का सन्दर्भ बदलें
+my_repos = रेपोसिटोरिएस
+my_orgs = संस्थाएं
+view_home = व्यू: %s
+filter = बाकी फिल्टर्स
+filter_by_team_repositories = फ़िल्टर करें टीम रेपोसिट्रीज़ से
+feed_of = फीड इसकी "%s"
+show_archived = संग्रहीत
+show_both_archived_unarchived = संग्रहीत और असंग्रहीत देखिए
+show_only_archived = सिर्फ संग्रहीत देखिए
+show_only_unarchived = सिर्फ असंग्रहीत देखिए
+show_private = निजी
+show_both_private_public = निजी और सार्वजनिक देखिए
+show_only_private = सिर्फ निजी देखिए
+show_only_public = सिर्फ सार्वजनिक देखिए
+issues.in_your_repos = आपकी रेपोसिटोरिस में
+
+[explore]
+repos = रेपोसिटोरिस
+users = उसेर्स
+stars_one = %d सितारा
+stars_few = %d सितारे
+forks_one = %d फोर्क
+forks_few = %d फोर्कस
+organizations = संस्थाएं
+go_to = जाएं इधर
+code = कोड
+code_last_indexed_at = आखरी संस्थापित %s
+relevant_repositories_tooltip = रेपोसिटोरिस जो की फोर्क्स या जिनका शीर्षक नहीं है, आइकॉन नहीं और विश्लेषण नहीं गुप्त हैं।
+relevant_repositories = सिर्फ इस काम की रेपोस्टिरिस दिखाई जा रहीं हैं. <a href="%s">बिना फ़िल्टर के रिजल्ट दिखाएं</a>।
+
+[auth]
+create_new_account = अकाउंट रजिस्टर करें
+disable_register_prompt = रजिस्ट्रेशन खुला नहीं। कृपया साइट प्रशासक से बात करें।
+disable_register_mail = ईमेल से रजिस्ट्रेशन पक्का करना बंद हैं अभी।
+manual_activation_only = अपने साइट प्रशासक बात करें एक्टिवेशन पूरा करने के लिए।
+remember_me = इस डिवाइस को याद रखें
+forgot_password_title = पासवर्ड भूल गए
+forgot_password = पासवर्ड भूल गए?
+hint_login = पहले से अकाउंट है? <a href="%s">अभी सिग्न इन करें!</a>
+hint_register = अकाउंट चाहिए? <a href="%s">रजिस्टर करें</a>
+sign_up_button = अभी रजिस्टर करें।
+sign_up_successful = अकाउंट बन गया है। स्वागत!
+back_to_sign_in = sign in में फिर से जाएं
+sign_in_openid = OpenID के साथ आगे बढ़ें
+
+[mail]
+link_not_working_do_paste = क्या कड़ी चल नहीं पाई? उसे कॉपी करके URL बार में जोड़ें।
+hi_user_x = नमस्ते <b>%s</b>,
+activate_account = कृपया अपना खाता चालू करें
+activate_account.text_1 = नमस्ते <b>%[1]s</b>, संपादित करने के लिए शुक्रिया यहां %[2]s!
+activate_account.text_2 = कृपया यहां की कड़ी को क्लिक करें अपने अकाउंट को चालू करने के लिए <b>%s</b>:
+activate_email = अपना ईमेल एड्रेस पुख्ता करें
+activate_email.text = कृपया इस कड़ी को क्लिक करें अपना अकाउंट पुख्ता करने के लिए <b>%s</b>:
+admin.new_user.subject = नया यूजर %s अभी sign up हुआ
+admin.new_user.user_info = यूजर की जानकारी
+admin.new_user.text = कृपया <a href="%s"> क्लिक करें यहाँ </a> अपने यूजर को प्रशासक पैनल से चलाने के लिए।
+register_notify = स्वागत है %s
+register_notify.text_1 = ये आपका रजिस्टर्ड ईमेल पुख्ता करने के लिए है %s!
+register_notify.text_2 = आप अपने अकाउंट में हस्ताक्षर कर सकते हैं इस उसर-नाम के साथ: %s
+register_notify.text_3 = अगर किसी और ने आपका अकाउंट बनाया है, तो आपको चाहिए <a href="%s"> पासवर्ड संरक्षित करें </a> पहले।
+reset_password = अपना अकाउंट निकाल पाएं
+reset_password.text = अगर ये आप थे, कृपया इस कड़ी को क्लिक करें अपने अकाउंट को फिर से चालू करने को <b>%s</b>:
+password_change.subject = आपका पासवर्ड बदला गया
+password_change.text_1 = आपके अकाउंट का पासवर्ड बदला गया है।
+primary_mail_change.subject = आपका प्राथमिक ईमेल बदला गया है
+primary_mail_change.text_1 = आपका प्राथमिक ईमेल बदला गया है इससे %[1]s. यानी इस ईमेल एड्रेस से आप ईमेल अधिसूचना प्राप्त नहीं कर पाएंगे।
+totp_disabled.subject = टीओटीपी रोक दिया गया
+totp_disabled.text_1 = समय निर्धारित एक बार के पासवर्ड (टीओटीपी) आपके अकाउंट पर रोक दिया गया।
+totp_disabled.no_2fa = और कोई 2FA के तरीके संचालित नहीं हैं, यानी आपके अकाउंट पर 2FA से लॉगिन की ज़रुरत नहीं होगी।
+removed_security_key.subject = सुरक्षक चाभी हटाई गई
+removed_security_key.text_1 = सुरक्षक चाभी "%[1]s" अभी-अभी आपके अकाउंट से हटाई गई।
\ No newline at end of file
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 3d73336fc4..2bf82ad025 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -1050,8 +1050,6 @@ activity.period.quarterly=3 hónap
 activity.period.semiyearly=6 hónap
 activity.period.yearly=1 év
 activity.overview=Áttekintés
-activity.active_prs_count_1=<strong>%d</strong> Aktív Egyesítési Kérés
-activity.active_prs_count_n=<strong>%d</strong> Aktív Egyesítési Kérések
 activity.merged_prs_count_1=Végrehajtott Egyesítési Kérés
 activity.merged_prs_count_n=Végrehajtott egyesítési kérések
 activity.opened_prs_count_1=Javasolt Egyesítési Kérés
@@ -1064,8 +1062,6 @@ activity.title.prs_merged_by=%s egyesítette %s
 activity.title.prs_opened_by=%s javasolta %s
 activity.merged_prs_label=Egyesítve
 activity.opened_prs_label=Javasolta
-activity.active_issues_count_1=<strong>%d</strong> Aktív hibajegy
-activity.active_issues_count_n=<strong>%d</strong> Aktív hibajegy
 activity.closed_issues_count_1=Lezárt Hibajegy
 activity.closed_issues_count_n=Lezárt hibajegyek
 activity.title.issues_1=%d Hibajegy
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index c8ad014ac8..fe89ddd715 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -845,8 +845,6 @@ activity.period.weekly=1 minggu
 activity.period.monthly=1 bulan
 activity.period.yearly=1 tahun
 activity.overview=Tinjauan
-activity.active_prs_count_1=<strong>%d</strong> Tarik permintaan aktif
-activity.active_prs_count_n=<strong>%d</strong> Tarik permintaan aktif
 activity.merged_prs_count_1=Mengabungkan Permintaan Tarik
 activity.merged_prs_count_n=Menggabungkan permintaan tarik
 activity.opened_prs_count_1=Meminta tarik usulan
@@ -859,8 +857,6 @@ activity.title.prs_merged_by=%s dibuat oleh %s
 activity.title.prs_opened_by=%s Dikemukakan oleh %s
 activity.merged_prs_label=Bergabung
 activity.opened_prs_label=Dikemukakan
-activity.active_issues_count_1=<strong>%d</strong> Masalah Aktif
-activity.active_issues_count_n=<strong>%d</strong> Masalah aktif
 activity.closed_issues_count_1=Masalah tertutup
 activity.closed_issues_count_n=Masalah tertutup
 activity.title.issues_1=%d Masalah
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 5ee1f63223..7874f68a8c 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -1792,8 +1792,6 @@ activity.period.quarterly=3 mesi
 activity.period.semiyearly=6 mesi
 activity.period.yearly=1 anno
 activity.overview=Riepilogo
-activity.active_prs_count_1=<strong>%d</strong> richiesta di modifica attiva
-activity.active_prs_count_n=<strong>%d</strong> richieste di modifiche attive
 activity.merged_prs_count_1=Richiesta di modifica fusa
 activity.merged_prs_count_n=Richieste di modifica fuse
 activity.opened_prs_count_1=Richiesta di modifica proposta
@@ -1806,8 +1804,6 @@ activity.title.prs_merged_by=%s unita da %s
 activity.title.prs_opened_by=%s proposta da %s
 activity.merged_prs_label=Unite
 activity.opened_prs_label=Proposta
-activity.active_issues_count_1=<strong>%d</strong> segnalazione attiva
-activity.active_issues_count_n=<strong>%d</strong> segnalazioni attive
 activity.closed_issues_count_1=Segnalazione chiusa
 activity.closed_issues_count_n=Segnalazioni chiuse
 activity.title.issues_1=%d segnalazione
@@ -2668,8 +2664,6 @@ settings.sourcehut_builds.secrets_helper = Fornisci l'accesso ai segreti della b
 settings.add_webhook.invalid_path = Il percorso non deve contenere dei componenti quali ".", "..", o una stringa vuota. Non può iniziare o finire con uno slash.
 n_commit_one = %s commit
 settings.enforce_on_admins = Imponi questa regola agli amministratori del repository
-release.download_count_one = %s download
-release.download_count_few = %s downloads
 release.system_generated = Questo allegato è stato generato automaticamente.
 pulls.ready_for_review = Pronto alla revisione?
 editor.commit_id_not_matching = L'ID del commit non combacia con quello del commit che stavi modificando. Conferma le tue modifiche su un nuovo ramo, poi fondilo col ramo desiderato.
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 7ef4703b5f..a64274c2d6 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -1929,8 +1929,6 @@ activity.period.quarterly=3ヶ月
 activity.period.semiyearly=6ヶ月
 activity.period.yearly=1年
 activity.overview=概要
-activity.active_prs_count_1=<strong>%d</strong>件のアクティブなプルリクエスト
-activity.active_prs_count_n=<strong>%d</strong>件のアクティブなプルリクエスト
 activity.merged_prs_count_1=マージされたプルリクエスト
 activity.merged_prs_count_n=マージされたプルリクエスト
 activity.opened_prs_count_1=提案されたプルリクエスト
@@ -1943,8 +1941,6 @@ activity.title.prs_merged_by=%sが%sによってマージされました
 activity.title.prs_opened_by=%sが%sによって提案されました
 activity.merged_prs_label=マージ済み
 activity.opened_prs_label=提案中
-activity.active_issues_count_1=<strong>%d</strong>件のアクティブなイシュー
-activity.active_issues_count_n=<strong>%d</strong>件のアクティブなイシュー
 activity.closed_issues_count_1=クローズされたイシュー
 activity.closed_issues_count_n=クローズされたイシュー
 activity.title.issues_1=%d件のイシュー
@@ -2607,8 +2603,6 @@ activity.navbar.code_frequency = コードの更新頻度
 settings.wiki_branch_rename_failure = リポジトリ wiki のブランチ名を正規化できませんでした。
 settings.ignore_stale_approvals = 古い承認を無視する
 open_with_editor = %s で開く
-release.download_count_one = %s のダウンロード
-release.download_count_few = %s のダウンロード
 release.system_generated = この添付ファイルは自動的に生成されます。
 settings.archive.mirrors_unavailable = リポジトリがアーカイブされている場合、ミラーは利用できません。
 settings.rename_branch_failed_protected = 保護されたブランチのため、ブランチ %s の名前を変更できません。
diff --git a/options/locale/locale_kab.ini b/options/locale/locale_kab.ini
index fb815015bd..1425ad361f 100644
--- a/options/locale/locale_kab.ini
+++ b/options/locale/locale_kab.ini
@@ -43,7 +43,7 @@ captcha = CAPČA
 passcode = Angal n wadduf
 settings = Iɣewwaren
 your_profile = Amaɣnu
-your_settings = Iɣewwaren
+your_settings = Tawila
 activities = Irmad
 ok = Ih
 view = Wali
@@ -55,6 +55,12 @@ never = Weṛǧin
 concept_system_global = Amatu
 concept_user_organization = Tuddsa
 filter = Imsizdeg
+your_starred = S yitran
+issues = Uguren
+preview = Taskant
+loading = Aɛebbi…
+new_repo.title = Akufi amaynut
+new_repo.link = Akufi amaynut
 
 [user]
 code = Tangalt
@@ -68,9 +74,12 @@ followers.title.few = Imeḍfaṛen
 following.title.one = Yeṭṭafaṛ
 following.title.few = Yeṭṭafaṛ
 unfollow = Ur ṭṭafar ara
+overview = Tamuɣli s umata
 
 [org]
 code = Tanglat
+team_desc = Aglam
+org_desc = Aglam
 
 [repo]
 release.source_code = Tangalt taɣbalut
@@ -124,6 +133,82 @@ projects.description_placeholder = Aglam
 projects.title = Azwel
 projects.type.none = Ula yiwen
 projects.template.desc = Tamudemt
+mirror_sync = yemtawa
+migrate_items_issues = Uguren
+star = Rnu-yas itri
+branches = Tiṣeḍwa
+issues = Uguren
+projects.column.edit_title = Isem
+projects.column.new_title = Isem
+projects.column.color = Ini
+projects.open = Ldi
+projects.close = Mdel
+issues.new.labels = Tibzimin
+issues.new.projects = Isenfaren
+issues.choose.open_external_link = Ldi
+issues.choose.blank = Amezwer
+issues.new_label_desc_placeholder = Aglam
+issues.filter_label = Tabzimt
+issues.filter_project = Asenfar
+issues.filter_poster = Ameskar
+issues.filter_type = Tawsit
+issues.filter_sort = Semyizwer
+issues.action_open = Ldi
+issues.action_close = Mdel
+issues.action_label = Tabzimt
+issues.previous = Uzwir
+issues.next = Uḍfir
+issues.all_title = Akk
+issues.draft_title = Arewway
+issues.context.edit = Ẓreg
+issues.context.delete = Kkes
+issues.reopen_issue = Ales tulya
+issues.create_comment = Awennit
+issues.author = Ameskar
+issues.role.owner = Bab-is
+issues.role.member = Aɛeggal
+issues.role.contributor = Amɛiwen
+issues.edit = Ẓreg
+issues.cancel = Semmet
+issues.save = Sekles
+issues.label_edit = Ẓreg
+issues.label_delete = Kkes
+issues.label.filter_sort.alphabetically = S ugemmay
+issues.delete = Kkes
+issues.add_time_cancel = Semmet
+issues.add_time_hours = Isragen
+issues.due_date_form = yyyy-mm-dd
+issues.due_date_form_edit = Ẓreg
+issues.dependency.cancel = Semmet
+issues.content_history.options = Tixtiṛiyin
+pulls.made_using_agit = AGit
+milestones.open = Ldi
+milestones.close = Mdel
+milestones.title = Azwel
+milestones.desc = Aglam
+milestones.clear = Sfeḍ
+milestones.cancel = Semmet
+milestones.filter_sort.name = Isem
+wiki = Awiki
+wiki.page = Asebter
+wiki.new_page = Asebter
+wiki.cancel = Semmet
+wiki.edit_page_button = Ẓreg
+wiki.pages = Isebtar
+activity = Armud
+activity.navbar.contributors = Iwiziwen
+activity.overview = Tamuɣli s umata
+issues.label_description = Aglam
+no_desc = Ur yesɛi ara aglam
+projects.description = Aglam (d afrayan)
+issues.label_title = Isem
+issues.label_color = Ini
+settings.slack_color = Ini
+repo_name = Isem n ukufi
+repo_size = Tiddi n ukufi
+create_repo = Snulfu-d akufi
+settings.confirm_delete = Kkes akufi
+settings.delete = Kkes akufi-a
 
 [install]
 admin_password = Awal n uɛeddi
@@ -134,6 +219,7 @@ user = Isem n useqdac
 db_schema = Azenziɣ
 ssl_mode = SSL
 path = Abrid
+db_name = Isem n taffa n yisefka
 
 [admin]
 notices.type_1 = Akufi
@@ -141,6 +227,15 @@ packages.repository = Akufi
 config.db_user = Isem n useqdac
 users.name = Isem n useqdac
 emails.filter_sort.name = Isem n useqdac
+notices.desc = Aglam
+orgs.name = Isem
+repos.name = Isem
+packages.name = Isem
+auths.name = Isem
+config.db_name = Isem
+config.mailer_name = Isem
+monitor.name = Isem
+monitor.queue.name = Isem
 
 [search]
 code_kind = Nadi tangalt…
@@ -159,11 +254,14 @@ table_modal.placeholder.content = Agbur
 table_modal.label.columns = Tigejda
 link_modal.url = Url
 link_modal.description = Aglam
+table_modal.placeholder.header = Aqeṛṛu
+table_modal.label.rows = Izirigen
 
 [explore]
 code = Tanglat
 repos = Ikufan
 users = Iseqdacen
+organizations = Tuddsiwin
 
 [form]
 UserName = Isem n useqdac
@@ -173,6 +271,8 @@ Website = Asmel web
 Content = Agbur
 Biography = Tameddurt
 Location = Asun
+RepoName = Isem n ukufi
+TeamName = Isem n terbaɛt
 
 [aria]
 footer.links = Iseɣwan
@@ -187,6 +287,7 @@ lightweight = D afessas
 [home]
 my_repos = Ikufan
 show_private = Uslig
+my_orgs = Tuddsiwin
 
 [auth]
 openid_connect_submit = Tuqqna
@@ -234,4 +335,27 @@ quota.sizes.all = Akk
 quota.sizes.repos.all = Ikufan
 quota.sizes.assets.attachments.all = Imeddayen
 quota.sizes.assets.packages.all = Ikemmusen
-quota.sizes.wiki = Wiki
\ No newline at end of file
+quota.sizes.wiki = Wiki
+appearance = Udem
+avatar = Avataṛ
+orgs = Tuddsiwin
+organization = Tuddsiwin
+quota = Amur
+location = Asun
+comment_type_group_reference = Tamsisɣelt
+visibility.private = Uslig
+quota.rule.no_limit = War talast
+quota.sizes.assets.all = Igburen
+
+[packages]
+arch.version.description = Aglam
+alpine.repository.branches = Tiṣeḍwa
+alpine.repository.repositories = Ikufan
+settings.link.select = Fren akufi
+
+[actions]
+runners.description = Aglam
+runners.name = Isem
+
+[projects]
+type-2.display_name = Asenfar n ukufi
\ No newline at end of file
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index e5fb9a8757..1ac2ad1444 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -363,7 +363,7 @@ allow_password_change=사용자에게 비밀번호 변경을 요청 (권장됨)
 reset_password_mail_sent_prompt=확인 메일이 <b>%s</b>로 전송되었습니다. 받은 편지함으로 도착한 메일을 %s 안에 확인해서 비밀번호 찾기 절차를 완료하십시오.
 active_your_account=계정 활성화
 account_activated=계정이 활성화 되었습니다
-prohibit_login =
+prohibit_login = 
 resent_limit_prompt=활성화를 위한 이메일을 이미 전송했습니다. 3분 내로 이메일을 받지 못한 경우 재시도해주세요.
 has_unconfirmed_mail=안녕하세요 %s, 이메일 주소(<b>%s</b>)가 확인되지 않았습니다. 확인 메일을 받으시지 못하겼거나 새로운 확인 메일이 필요하다면, 아래 버튼을 클릭해 재발송하실 수 있습니다.
 resend_mail=여기를 눌러 확인 메일 재전송
@@ -1058,8 +1058,6 @@ activity.title.prs_merged_by=%s 가 %s 로부터 병합되었음
 activity.title.prs_opened_by=%s 가 %s 로 부터 제안됨
 activity.merged_prs_label=병합됨
 activity.opened_prs_label=제안중
-activity.active_issues_count_1=<strong>%d</strong> 개의 활성화된 이슈
-activity.active_issues_count_n=<strong>%d</strong> 개의 활성화된 이슈
 activity.closed_issues_count_1=클로즈된 이슈
 activity.closed_issues_count_n=클로즈된 이슈
 activity.title.issues_1=이슈 %d개
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index c65185c037..9632ddffe6 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -1249,7 +1249,7 @@ file_history=Vēsture
 file_view_source=Skatīt avotu
 file_view_rendered=Skatīt atveidojumu
 file_view_raw=Apskatīt neapstrādātu
-file_permalink=Patstāvīgā saite
+file_permalink=Pastāvīgā saite
 file_too_large=Datne ir pārāk liela, lai to parādītu.
 invisible_runes_header=Šī datne satur neredzamas unikoda rakstzīmes
 invisible_runes_description=`Šī datne satur neredzamas unikoda rakstzīmes, kas ir neatšķiramas cilvēkiem, bet dators tās var apstrādāt atšķirīgi. Ja šķiet, ka tas ir ar nolūku, šo brīdinājumu var droši neņemt vērā. Jāizmanto atsoļa taustiņš (Esc), lai atklātu tās.`
@@ -1921,7 +1921,7 @@ milestones.filter_sort.least_issues=Vismazāk pieteikumu
 
 signing.will_sign=Šis iesūtījums tiks parakstīts ar atslēgu "%s".
 signing.wont_sign.error=Atgadījās kļūda pārbaudot, vai iesūtījums var tikt parakstīts.
-signing.wont_sign.nokey=Nav pieejamas atslēgas, ar ko parakstīt šo iesūtījumu.
+signing.wont_sign.nokey=Šajā serverī nav atslēgas, ar ko parakstīt šo iesūtījumu.
 signing.wont_sign.never=Iesūtījumi nekad netiek parakstīti.
 signing.wont_sign.always=Iesūtījumi vienmēr tiek parakstīti.
 signing.wont_sign.pubkey=Iesūtījums netiks parakstīts, jo kontam nav piesaistīta publiska atslēga.
@@ -1971,8 +1971,6 @@ activity.period.quarterly=3 mēneši
 activity.period.semiyearly=6 mēneši
 activity.period.yearly=1 gads
 activity.overview=Pārskats
-activity.active_prs_count_1=<strong>%d</strong> atvērts izmaiņu pieprasījums
-activity.active_prs_count_n=<strong>%d</strong> atvērti izmaiņu pieprasījumi
 activity.merged_prs_count_1=Iekļauts izmaiņu pieprasījums
 activity.merged_prs_count_n=Iekļauti izmaiņu pieprasījumi
 activity.opened_prs_count_1=Ierosināts izmaiņu pieprasījums
@@ -1985,8 +1983,6 @@ activity.title.prs_merged_by=%s iekļāva %s
 activity.title.prs_opened_by=%s ierosināja %s
 activity.merged_prs_label=Iekļauts
 activity.opened_prs_label=Ierosināts
-activity.active_issues_count_1=<strong>%d</strong> atvērts pieteikums
-activity.active_issues_count_n=<strong>%d</strong> atvērti pieteikumi
 activity.closed_issues_count_1=Aizvērts pieteikums
 activity.closed_issues_count_n=Aizvērti pieteikumi
 activity.title.issues_1=%d pieteikumu
@@ -2307,7 +2303,7 @@ settings.packagist_api_token=API pilnvara
 settings.packagist_package_url=Packagist pakotnes URL
 settings.deploy_keys=Izvietošanas atslēgas
 settings.add_deploy_key=Pievienot izvietošanas atslēgu
-settings.deploy_key_desc=Izvietošanas atslēgām ir lasīšanas piekļuve glabātavai.
+settings.deploy_key_desc=Izvietošanas atslēgām var būt tikai lasīšanas vai lasīšanas un rakstīšanas piekļuve glabātavai.
 settings.is_writable=Iespējot rakstīšanas piekļuvi
 settings.is_writable_info=Atļaut šai izvietošanas atslēgai <strong>aizgādāt</strong> uz glabātavu.
 settings.no_deploy_keys=Pagaidām nav nevienas izvietošanas atslēgas.
@@ -2364,7 +2360,7 @@ settings.protect_protected_file_patterns=Aizsargāto datņu paraugs (vairākus a
 settings.protect_protected_file_patterns_desc=Aizsargātās datnes nav ļauts tiešā veidā mainīt, pat ja lietotājam šajā zarā ir tiesības pievienot, labot vai izdzēst datnes. Vairākus paraugus var atdalīt ar semikolu (";"). Paraugu pieraksts ir skatāms <a href="%[1]s">%[2]s</a> dokumentācijā. Piemēri: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Neaizsargāto datņu paraugs (vairākus atdala ar semikolu ";")
 settings.protect_unprotected_file_patterns_desc=Neaizsargātās datnes, kuras ir ļauts izmainīt tiešā veidā, apejot aizgādāšanas ierobežojumu, ja lietotājam ir rakstīšanas piekļuve. Vairāki paraugi ir atdalāmi ar semikolu (";"). Paraugu pierakstu skatīt <a href="%[1]s">%[2]s</a> dokumentācijā. Piemēri: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
-settings.update_protect_branch_success=Zara aizsargāšanas kārtula "%s" tika atjaunināta.
+settings.update_protect_branch_success=Zara aizsargāšanas kārtula “%s” tika atjaunināta.
 settings.remove_protected_branch_success=Zara aizsargāšanas kārtula "%s" tika noņemta.
 settings.remove_protected_branch_failed=Zara aizsargāšanas kārtulas "%s" noņemšana neizdevās.
 settings.protected_branch_deletion=Izdzēst zara aizsargāšanu
@@ -2659,7 +2655,6 @@ settings.transfer.modal.title = Nodot īpašumtiesības
 settings.mirror_settings.push_mirror.copy_public_key = Ievietot publisko atslēgu starpliktuvē
 pulls.agit_explanation = Izveidots ar AGit darbplūsmu. AGit ļauj līdzalībniekiem ieteikt izmaiņas ar "git push" bez atzarojuma vai jauna zara izveidošanas.
 settings.wiki_rename_branch_main_notices_1 = Šo darbību <strong>NEVAR</strong> atsaukt.
-release.download_count_few = %s lejupielādes/žu
 settings.rename_branch_failed_protected = Nevar pārdēvēt zaru %s, jo tas ir aizsargāts zars.
 release.type_external_asset = Ārējs līdzeklis
 release.hide_archive_links = Paslēpt automātiski izveidotos arhīvus
@@ -2671,7 +2666,6 @@ settings.ignore_stale_approvals = Neņemt vērā novecojušus apstiprinājumus
 release.system_generated = Šis pielikums ir izveidots automātiski.
 settings.ignore_stale_approvals_desc = Neskaitīt apstiprinājumus, kas tika veikti vecākiem iesūtījumiem (novecojušas izskatīšanas), kopējā izmaiņu pieprasījuma apstiprinājumu skaitā. Neattiecas, ja novecojušas izskatīšanas jau ir atmestas.
 settings.enforce_on_admins = Uzspiest šo kārtulu glabātavas pārvaldītājiem
-release.download_count_one = %s lejupielāde
 release.hide_archive_links_helper = Šajā laidienā paslēpt automātiski izveidotos pirmkoda arhīvus. Piemēram, ja tiek augšupielādēts savs.
 diff.git-notes.add = Pievienot piezīmi
 diff.git-notes.remove-header = Noņemt piezīmi
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index 4d5b4772e2..fea603b0be 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -842,7 +842,7 @@ email_deletion_desc = Deese E-Mail-Adress un daarmit verbunnen Informatioon word
 principal_desc = Deese SSH-Zertifikaat-Höövdmannen sünd mit dienem Konto verbunnen un geven kumpleten Togriep up diene Repositoriums.
 add_email_confirmation_sent = Eene Utwiesens-E-Mail is an »%s« schickt worden. Um diene E-Mail-Adress uttowiesen, kiek bidde in dienen E-Mail-Ingang un folg de Verwies daarin in de anner %s.
 ssh_desc = Deese publiken SSH-Slötels sünd mit dienem Konto verbunnen. De tohörig privaate Slötel gifft kumpleten Togriep up diene Repositoriums. SSH-Slötels, wat utwiest worden sünd, könen bruukt worden, um SSH-unnerschreven Git-Kommitterens uttowiesen.
-keep_email_private_popup = Diene E-Mail-Adress word vun dienem Profil verbargen un is nich de Normaalweert för Kommitterens, wat du över de Internett-Schnittstee maakst, so as Datei-Upladens, Bewarkens un Tosamenföhrens-Kommitterens. In Stee daarvun kann eene besünnere Adress %s bruukt worden, um Kommitterens mit dienem Konto to verbinnen. Deese Instellen ännert keene bestahn Kommitterens.
+keep_email_private_popup = De E-Mail-Adress word vun de Profil verbargen un is nich de Normaalweert för Kommitterens, wat över de Internett-Schnittstee maakt worden, so as Datei-Upladens, Bewarkens un Tosamenföhrens-Kommitterens. In Stee daarvun kann eene besünnere Adress %s bruukt worden, um Kommitterens mit de Brukerkonto to verbinnen. Deese Instellen ännert keene bestahn Kommitterens.
 ssh_helper = <strong>Bruukst du Hülp?</strong> Kiek de Inföhren an, wo du <a href="%s">diene eegenen SSH-Slötels maakst</a> of hülp <a href="%s">gewohnten Probleemen</a> of, över wat man mit SSH mennigmaal strukelt.
 access_token_desc = Utköört Teken-Verlöövnissen begrenzen dat Anmellen blots up de tohörig <a href="%[1]s" target="_blank">API</a>-Padden. Lees de <a href="%[2]s" target="_blank">Dokumenteren</a> för mehr Informatioonen.
 oauth2_confidential_client = Diskreeter Klient. Köör dat för Programmen ut, wat dat Geheemst diskreet behanneln, as Internett-Sieden. Köör dat nich för stedenwies Programmen ut, as Schrievdisk- un Telefoon-Programmens.
@@ -1821,7 +1821,6 @@ activity.period.filter_label = Tied:
 activity.period.daily = 1 Dag
 activity.period.halfweekly = 3 Dagen
 activity.overview = Översicht
-activity.active_prs_count_1 = <strong>%d</strong> aktiiv Haalvörslag
 activity.merged_prs_count_1 = Tosamenföhrt Haalvörslag
 activity.opened_prs_count_1 = Nejer Haalvörslag
 activity.title.user_n = %d Brukers
@@ -1830,7 +1829,6 @@ activity.title.prs_merged_by = %s vun %s tosamenföhrt
 activity.title.prs_opened_by = %s vun %s opmaakt
 activity.merged_prs_label = Tosamenföhrt
 activity.opened_prs_label = Neei vörslagen
-activity.active_issues_count_1 = <strong>%d</strong> aktiiv Gefall
 activity.closed_issues_count_1 = Dichtmaakt Gefall
 activity.title.issues_closed_from = %s vun %s dichtmaakt
 activity.title.issues_created_by = %s vun %s opmaakt
@@ -1977,11 +1975,9 @@ settings.convert_desc = Du kannst deesen Spegel in een normaales Repositorium um
 settings.transfer_abort_success = Dat Repositoriums-Överdragen na %s is ofbroken worden.
 signing.wont_sign.error = Bi’m Nakieken, of dat Kommitteren unnerschrieven worden kann, hett dat eenen Fehler geven.
 signing.wont_sign.pubkey = Deeses Kommitteren word nich unnerschrieven, denn du hest in dienem Konto keenen publiken Slötel angeven.
-activity.active_prs_count_n = <strong>%d</strong> aktiiv Haalvörslagen
 activity.merged_prs_count_n = Tosamenföhrt Haalvörslagen
 activity.title.user_1 = %d Bruker
 activity.title.prs_1 = %d Haalvörslag
-activity.active_issues_count_n = <strong>%d</strong> aktiiv Gefallens
 activity.title.issues_n = %d Gefallens
 activity.title.unresolved_conv_n = %d nich lööst Snacks
 activity.title.releases_1 = %d Publizeren
@@ -2402,8 +2398,6 @@ release.tag_name_already_exist = Een Publizeren mit deesem Mark-Naam gifft dat a
 release.tag_name_invalid = De Mark-Naam is nich gültig.
 release.tag_name_protected = De Mark-Naam is schütt.
 release.downloads = Runnerladens
-release.download_count_one = %s maal runnerladen
-release.download_count_few = %s maal runnerladen
 release.hide_archive_links = Automatisk maakt Archiven verbargen
 release.releases_for = Publizerens för %s
 release.tags_for = Markens för %s
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index 66a0d0632b..42b4b3f576 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -178,7 +178,7 @@ contributions_format = {contributions} op {month} {day}, {year}
 
 [editor]
 buttons.heading.tooltip = Koptekst toevoegen
-buttons.bold.tooltip = Vetgedrukte tekst toevoegen
+buttons.bold.tooltip = Vetgedrukte tekst toevoegen (Ctrl+B / ⌘B)
 buttons.quote.tooltip = Tekst citeren
 buttons.code.tooltip = Code toevoegen
 buttons.link.tooltip = Link toevoegen
@@ -188,7 +188,7 @@ buttons.mention.tooltip = Vermeld een gebruiker of team
 buttons.ref.tooltip = Verwijs naar een issue of pull verzoek
 buttons.switch_to_legacy.tooltip = Gebruik in plaats daarvan de oude editor
 buttons.enable_monospace_font = Lettertype monospace inschakelen
-buttons.italic.tooltip = Schuingedrukte tekst toevoegen
+buttons.italic.tooltip = Schuingedrukte tekst toevoegen (Ctrl+I / ⌘I)
 buttons.list.task.tooltip = Een lijst met taken toevoegen
 buttons.disable_monospace_font = Lettertype monospace uitschakelen
 buttons.indent.tooltip = Items één niveau lager plaatsen
@@ -1790,8 +1790,6 @@ activity.period.quarterly=3 maanden
 activity.period.semiyearly=6 maanden
 activity.period.yearly=1 jaar
 activity.overview=Overzicht
-activity.active_prs_count_1=<strong>%d</strong> actieve pull request
-activity.active_prs_count_n=<strong>%d</strong> actieve pull requests
 activity.merged_prs_count_1=Samengevoegde pull request
 activity.merged_prs_count_n=Samengevoegde pull requests
 activity.opened_prs_count_1=Voorgestelde pull request
@@ -1804,8 +1802,6 @@ activity.title.prs_merged_by=%s samengevoegd door %s
 activity.title.prs_opened_by=%s voorgesteld door %s
 activity.merged_prs_label=Samengevoegd
 activity.opened_prs_label=Voorgesteld
-activity.active_issues_count_1=<strong>%d</strong> actieve issue
-activity.active_issues_count_n=<strong>%d</strong> actieve issues
 activity.closed_issues_count_1=Gesloten issue
 activity.closed_issues_count_n=Gesloten issues
 activity.title.issues_1=%d issue
@@ -2035,7 +2031,7 @@ settings.packagist_api_token=API token
 settings.packagist_package_url=Packagist pakket URL
 settings.deploy_keys=Deploy sleutels
 settings.add_deploy_key=Deploy sleutel toevoegen
-settings.deploy_key_desc=Deploy keys hebben alleen-lezen pull-toegang tot de repository.
+settings.deploy_key_desc=Deploy sleutels kunnen alleen-lezen of alleen-lezen-schrijftoegang hebben tot de repository.
 settings.is_writable=Schrijftoegang inschakelen
 settings.is_writable_info=Sta deze deploy toets toe om te <strong>pushen</strong> naar de repository.
 settings.no_deploy_keys=Er zijn nog geen deploy sleutels.
@@ -2663,8 +2659,6 @@ settings.enforce_on_admins = Handhaaf deze regel voor repository admins
 settings.event_pull_request_enforcement = Handhaving
 settings.enforce_on_admins_desc = Admins van deze repository kunnen deze regel niet omzeilen.
 issues.archived_label_description = (Gearchiveerd) %s
-release.download_count_one = %s download
-release.download_count_few = %s downloads
 release.system_generated = Deze bijlage wordt automatisch gegenereerd.
 settings.sourcehut_builds.secrets = Geheimen
 settings.web_hook_name_sourcehut_builds = SourceHut Builds
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index bbb2a1de13..fbc9ac4e67 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -1658,8 +1658,6 @@ activity.period.quarterly=3 miesiące
 activity.period.semiyearly=6 miesięcy
 activity.period.yearly=1 rok
 activity.overview=Przegląd
-activity.active_prs_count_1=<strong>%d</strong> aktywny pull request
-activity.active_prs_count_n=<strong>%d</strong> aktywne pull requesty
 activity.merged_prs_count_1=Scalono pull request
 activity.merged_prs_count_n=Scalone pull requesty
 activity.opened_prs_count_1=Proponowany pull request
@@ -1672,8 +1670,6 @@ activity.title.prs_merged_by=%s zmergowane przez %s
 activity.title.prs_opened_by=%s zaproponowane przez %s
 activity.merged_prs_label=Scalone
 activity.opened_prs_label=Proponowane
-activity.active_issues_count_1=<strong>%d</strong> aktywne zgłoszenie
-activity.active_issues_count_n=<strong>%d</strong> aktywne zgłoszenia
 activity.closed_issues_count_1=Zamknięte zgłoszenie
 activity.closed_issues_count_n=Zamknięte zgłoszenia
 activity.title.issues_1=%d zgłoszenie
@@ -2240,7 +2236,6 @@ settings.sourcehut_builds.secrets_helper = Uprawnij pracę do budowania sekretó
 vendored = Dołączone
 editor.add = Dodaj %s
 release.message = Opisz to wydanie
-release.download_count_few = %s pobrania
 tag.create_tag_operation = Utwórz tag
 tag.create_success = Tag "%s" został utworzony.
 editor.commit_email = E-mail commitu
@@ -2634,7 +2629,6 @@ branch.delete = Usuń gałąź "%s"
 wiki.search = Szukaj na wiki
 activity.commit = Aktywność commitów
 release.tag_helper_new = Nowy tag. Ten tag będzie utworzony z wydania docelowego.
-release.download_count_one = %s pobranie
 branch.deletion_failed = Nie udało się usunąć gałęzi "%s".
 pulls.merged_by_fake = przez %[2]s został scalony %[1]s
 settings.admin_stats_indexer = Indekser statystyk kodu
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 6f561b93b2..8bf7ddabd5 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -158,7 +158,7 @@ new_repo.link = Novo repositório
 new_migrate.link = Nova migração
 new_org.link = Nova organização
 test = Teste
-error413 = Você esgotou sua cota.
+error413 = Você exauriu sua cota.
 copy_path = Copiar caminho
 
 [aria]
@@ -222,7 +222,7 @@ platform=Multi-plataforma
 lightweight=Leve e rápido
 lightweight_desc=Forgejo utiliza poucos recursos e consegue mesmo rodar no barato Raspberry Pi. Economize energia elétrica da sua máquina!
 license=Código aberto
-license_desc=Está tudo no <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Contribua e torne este projeto ainda melhor. Não tenha vergonha de contribuir!
+license_desc=Está tudo no <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Junte-se a nós e <a target="_blank" rel="noopener noreferrer" href="%[2]s">contribua</a> para tornar este projeto ainda melhor. Não tenha vergonha de contribuir!
 install_desc = Apenas <a target="_blank" rel="noopener noreferrer" href="%[1]s">rode o binário</a> para a sua plataforma, execute-o com <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>, ou obtenha-o <a target="_blank" rel="noopener noreferrer" href="%[3]s">empacotado</a>.
 platform_desc = Forgejo roda em sistemas operacionais livres, como Linux e FreeBSD, assim como em diferentes arquiteturas de processador. Escolha o seu sistema preferido!
 
@@ -528,7 +528,7 @@ totp_disabled.subject = A autenticação em dois fatores foi desabilitada
 removed_security_key.subject = Uma chave de segurança foi removida
 removed_security_key.text_1 = A chave de segurança "%[1]s" foi removida de sua conta.
 account_security_caution.text_1 = Caso tenha sido você, este e-mail pode ser ignorado.
-totp_enrolled.subject = Você ativou TOTP como método 2FA
+totp_enrolled.subject = Ativação de TOTP como método de A2F
 totp_disabled.text_1 = A senha de uso único baseada em tempo (TOTP) na sua conta foi desativada.
 totp_disabled.no_2fa = Já não existem mais outros métodos de autenticação em dois fatores (2FA) configurados, ou seja, não é mais necessário acessar sua conta com 2FA.
 removed_security_key.no_2fa = Já não existem mais outros métodos de autenticação em dois fatores (2FA) configurados, ou seja, não é mais necessário acessar sua conta com 2FA.
@@ -644,7 +644,7 @@ email_domain_is_not_allowed = O domínio do endereço de email da conta <b>%s</b
 
 
 [user]
-change_avatar=Altere seu avatar...
+change_avatar=Altere seu avatar…
 joined_on=Inscreveu-se em %s
 repositories=Repositórios
 activity=Atividade pública
@@ -681,7 +681,7 @@ following.title.one = seguindo
 followers.title.one = seguidor
 followers.title.few = seguidores
 public_activity.visibility_hint.self_private = Sua atividade está visível apenas para você e para os administradores da instância. <a href="%s">Configurar</a>.
-public_activity.visibility_hint.self_public = Sua atividade está visível para todos, exceto interações em espaços privados. <a href="%s">Configurar</a>.
+public_activity.visibility_hint.self_public = Sua atividade está visível para todos, exceto as interações em espaços privados. <a href="%s">Clique para configurar</a>.
 public_activity.visibility_hint.admin_public = Sua atividade está visível para todos, mas como um administrador você também pode ver interações em espaços privados.
 public_activity.visibility_hint.admin_private = Essa atividade está visível para você porque você é um administrador, mas o usuário dejesa que ela seja mantida em privado.
 public_activity.visibility_hint.self_private_profile = Sua atividade só é visível para você e para os administradores do servidor porque seu perfil é privado. <a href="%s">Configurar</a>.
@@ -992,7 +992,7 @@ pronouns_unspecified = Não especificado
 language.title = Idioma padrão
 additional_repo_units_hint = Sugira habilitar unidades de repositório adicionais
 additional_repo_units_hint_description = Exibir uma sugestão para "Habilitar mais" em repositórios que não possuem todas as unidades disponíveis habilitadas.
-update_hints = Dicas de atualização
+update_hints = Atualizar dicas
 update_hints_success = As dicas foram atualizadas.
 keep_activity_private.description = A sua <a href="%s">atividade pública</a> estará visível apenas para si e para os administradores do servidor.
 language.localization_project = Ajude-nos a traduzir Forgejo para o seu idioma! <a href="%s">Mais informações</a>.
@@ -1303,14 +1303,14 @@ editor.patch=Aplicar correção
 editor.patching=Corrigindo:
 editor.fail_to_apply_patch=`Não foi possível aplicar a correção "%s"`
 editor.new_patch=Novo patch
-editor.commit_message_desc=Adicione uma descrição detalhada (opcional)...
+editor.commit_message_desc=Adicione uma descrição detalhada (opcional)…
 editor.signoff_desc=Adicione um assinado-por-committer no final do log do commit.
 editor.commit_directly_to_this_branch=Commit diretamente no branch <strong class="%[2]s">%[1]s</strong>.
 editor.create_new_branch=Crie um <strong>novo branch</strong> para este commit e crie um pull request.
 editor.create_new_branch_np=Crie um <strong>novo branch</strong> para este commit.
 editor.propose_file_change=Propor alteração de arquivo
 editor.new_branch_name=Nome do novo branch para este commit
-editor.new_branch_name_desc=Novo nome do branch...
+editor.new_branch_name_desc=Nome do novo ramo…
 editor.cancel=Cancelar
 editor.filename_cannot_be_empty=Nome do arquivo não pode ser em branco.
 editor.filename_is_invalid=O nome do arquivo é inválido: "%s".
@@ -1331,7 +1331,7 @@ editor.fail_to_update_file_summary=Mensagem de erro:
 editor.push_rejected_no_message=A alteração foi rejeitada pelo servidor sem uma mensagem. Por favor, verifique os Git hooks .
 editor.push_rejected=A alteração foi rejeitada pelo servidor. Por favor, verifique os Git hooks .
 editor.push_rejected_summary=Mensagem completa de rejeição:
-editor.add_subdir=Adicionar um subdiretório...
+editor.add_subdir=Adicionar uma pasta…
 editor.unable_to_upload_files=Ocorreu um erro ao enviar arquivos para "%s": %v
 editor.upload_file_is_locked=Arquivo "%s" está bloqueado por %s.
 editor.upload_files_to_dir=`Enviar arquivos para "%s"`
@@ -1523,7 +1523,7 @@ issues.action_assignee_no_select=Sem responsável
 issues.action_check=Marcar/Desmarcar
 issues.action_check_all=Marcar/Desmarcar todos os itens
 issues.opened_by=aberto por <a href="%[2]s">%[3]s</a> %[1]s
-pulls.merged_by=por <a href="%[2]s">%[3]s</a> foi aplicado em %[1]s
+pulls.merged_by=por <a href="%[2]s">%[3]s</a> foi aplicado %[1]s
 pulls.merged_by_fake=por %[2]s foi aplicado %[1]s
 issues.closed_by=por <a href="%[2]s">%[3]s</a> foi fechada %[1]s
 issues.opened_by_fake=%[1]s abertas por %[2]s
@@ -1942,8 +1942,6 @@ activity.period.quarterly=3 meses
 activity.period.semiyearly=6 meses
 activity.period.yearly=1 ano
 activity.overview=Visão geral
-activity.active_prs_count_1=<strong>%d</strong> pull request ativo
-activity.active_prs_count_n=<strong>%d</strong> pull requests ativos
 activity.merged_prs_count_1=Pull request com merge concluído
 activity.merged_prs_count_n=Pull requests com merge concluído
 activity.opened_prs_count_1=Pull request proposto
@@ -1956,8 +1954,6 @@ activity.title.prs_merged_by=%s com merge aplicado por %s
 activity.title.prs_opened_by=%s proposto(s) por %s
 activity.merged_prs_label=Merge aplicado
 activity.opened_prs_label=Proposto
-activity.active_issues_count_1=<strong>%d</strong> issue ativa
-activity.active_issues_count_n=<strong>%d</strong> issues ativas
 activity.closed_issues_count_1=Issue fechada
 activity.closed_issues_count_n=Issues fechadas
 activity.title.issues_1=%d issue
@@ -2258,7 +2254,7 @@ settings.packagist_api_token=Token de API
 settings.packagist_package_url=URL do pacote do Packagist
 settings.deploy_keys=Chaves de deploy
 settings.add_deploy_key=Adicionar chave de deploy
-settings.deploy_key_desc=As chaves de deploy possuem somente acesso de leitura (pull) ao repositório.
+settings.deploy_key_desc=As chaves de deploy podem ter acesso ao repositório somente para leitura ou para leitura e escrita.
 settings.is_writable=Habilitar acesso de escrita
 settings.is_writable_info=Permitir que esta chave de deploy faça <strong>push</strong> para o repositório.
 settings.no_deploy_keys=Não há nenhuma chave de deploy ainda.
@@ -2321,7 +2317,7 @@ settings.block_outdated_branch_desc=O merge não será possível quando o branch
 settings.default_branch_desc=Selecione um branch padrão para pull requests e commits de código:
 settings.merge_style_desc=Estilos de merge
 settings.default_merge_style_desc=Estilo de merge padrão
-settings.choose_branch=Escolha um branch...
+settings.choose_branch=Escolha um ramo…
 settings.no_protected_branch=Não há branches protegidos.
 settings.edit_protected_branch=Editar
 settings.protected_branch_required_rule_name=Nome da regra é obrigatório
@@ -2624,7 +2620,6 @@ activity.navbar.code_frequency = Frequência de código
 settings.protect_status_check_matched = Correspondente
 branch.tag_collision = O ramo "%s" não pode ser criado porque já existe uma etiqueta com o mesmo nome no repositório.
 settings.archive.mirrors_unavailable = Réplicas não estão disponíveis em repositórios arquivados.
-release.download_count_one = %s download
 settings.mirror_settings.docs.no_new_mirrors = O seu repositório está replicando alterações de ou para outro repositório. Observe que não é possível criar novas réplicas no momento.
 settings.mirror_settings.docs.pull_mirror_instructions = Para configurar uma réplica de outro repositório, consulte:
 settings.wiki_rename_branch_main_desc = Renomear o branch usado internamente pela Wiki para "%s". Esta ação é permanente e não pode ser desfeita.
@@ -2636,7 +2631,6 @@ settings.trust_model.committer.desc = Uma assinatura de commit é considerada "c
 settings.wiki_branch_rename_success = O nome do ramo da wiki do repositório foi regularizado com sucesso.
 pulls.nothing_to_compare_have_tag = Os branches/etiquetas escolhidos são iguais.
 settings.sourcehut_builds.secrets = Segredos
-release.download_count_few = %s downloads
 release.hide_archive_links = Ocultar arquivos gerados automaticamente
 release.system_generated = Este anexo foi gerado automaticamente.
 settings.wiki_branch_rename_failure = Falha ao regularizar o nome do ramo da wiki do repositório.
@@ -2768,8 +2762,8 @@ issues.filter_no_results_placeholder = Tente ajustar seus filtros de pesquisa.
 archive.nocomment = Não é possível comentar pois o repositório foi arquivado.
 migrate.repo_desc_helper = Deixe em branco para importar a descrição existente
 comment.blocked_by_user = Não é possível comentar pois você foi bloqueado pelo dono ou autor do repositório.
-sync_fork.branch_behind_few = Este branch está %[1]d commits atrás de %[2]s
-sync_fork.branch_behind_one = Este branch está %[1]d commit atrás de %[2]s
+sync_fork.branch_behind_few = Este ramo está %[1]d commits atrás de %[2]s
+sync_fork.branch_behind_one = Este ramo está %[1]d commit(s) atrás de %[2]s
 sync_fork.button = Sincronizar
 settings.event_header_action = Eventos de execução de Actions
 settings.event_action_failure = Falha
@@ -3001,9 +2995,9 @@ dashboard.delete_old_actions.started=A exclusão de todas as atividades antigas
 dashboard.update_checker=Verificador de atualização
 dashboard.delete_old_system_notices=Excluir todos os avisos de sistema antigos do banco de dados
 dashboard.gc_lfs=Coletar lixos dos meta-objetos LFS
-dashboard.stop_zombie_tasks=Parar tarefas de actions zumbi
-dashboard.stop_endless_tasks=Parar tarefas infinitas de actions
-dashboard.cancel_abandoned_jobs=Cancelar trabalhos abandonados de actions
+dashboard.stop_zombie_tasks=Parar tarefas de Actions zumbis
+dashboard.stop_endless_tasks=Parar tarefas de Actions intermináveis
+dashboard.cancel_abandoned_jobs=Cancelar trabalhos abandonados de Actions
 
 users.user_manage_panel=Gerenciar contas de usuário
 users.new_account=Criar conta de usuário
@@ -3406,7 +3400,7 @@ notices.delete_success=Os avisos do sistema foram excluídos.
 identity_access = Identidade e acesso
 settings = Configurações de administrador
 users.bot = Robô
-dashboard.start_schedule_tasks = Iniciar tarefas de actions programadas
+dashboard.start_schedule_tasks = Iniciar tarefas de Actions programadas
 users.reserved = Reservado
 emails.change_email_text = Tem certeza de que deseja atualizar este endereço de e-mail?
 self_check = Autoverificação
@@ -3817,7 +3811,7 @@ variables.id_not_exist = A variável com o ID %d não existe.
 variables.deletion.failed = Falha ao remover a variável.
 variables.creation.failed = Falha ao adicionar a variável.
 runs.no_results = Nenhum resultado.
-variables.description = As variáveis serão passadas para certas ações e não poderão ser lidas de outra forma.
+variables.description = As variáveis serão passadas para certas Actions e não poderão ser lidas de outra forma.
 workflow.dispatch.trigger_found = Este workflow tem um disparador de evento <c>workflow_dispatch</c>.
 workflow.dispatch.run = Executar workflow
 runs.no_runs = O workflow ainda não foi executado.
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 5bf44426e1..b34da528ea 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1979,8 +1979,6 @@ activity.period.quarterly=3 meses
 activity.period.semiyearly=6 meses
 activity.period.yearly=1 ano
 activity.overview=Panorama geral
-activity.active_prs_count_1=<strong>%d</strong> pedido de integração vigente
-activity.active_prs_count_n=<strong>%d</strong> pedidos de integração vigentes
 activity.merged_prs_count_1=Pedido de integração executado
 activity.merged_prs_count_n=Pedidos de integração executados
 activity.opened_prs_count_1=Pedido de integração proposto
@@ -1993,8 +1991,6 @@ activity.title.prs_merged_by=%s executado(s) por %s
 activity.title.prs_opened_by=%s proposto por %s
 activity.merged_prs_label=Integrado
 activity.opened_prs_label=Proposto
-activity.active_issues_count_1=<strong>%d</strong> questão vigente
-activity.active_issues_count_n=<strong>%d</strong> questões vigentes
 activity.closed_issues_count_1=Questão encerrada
 activity.closed_issues_count_n=Questões encerradas
 activity.title.issues_1=%d questão
@@ -2319,7 +2315,7 @@ settings.packagist_api_token=Código da API
 settings.packagist_package_url=URL do pacote Packagist
 settings.deploy_keys=Chaves de instalação
 settings.add_deploy_key=Adicionar chave de instalação
-settings.deploy_key_desc=Chaves de instalação têm acesso para puxar do repositório apenas em modo de leitura.
+settings.deploy_key_desc=Chaves de instalação podem ter acesso ao repositório apenas para leitura ou de leitura e escrita.
 settings.is_writable=Habilitar acesso de escrita
 settings.is_writable_info=Permitir a esta chave de instalação <strong>enviar</strong> para o repositório.
 settings.no_deploy_keys=Ainda não existem quaisquer chaves de instalação.
@@ -2660,8 +2656,6 @@ wiki.cancel = Cancelar
 settings.wiki_rename_branch_main = Normalizar o nome do ramo do Wiki
 settings.enforce_on_admins = Impor esta regra nos administradores de repositórios
 settings.enforce_on_admins_desc = Os administradores de repositórios não podem contornar esta regra.
-release.download_count_one = %s descarga
-release.download_count_few = %s descargas
 release.system_generated = Este anexo é gerado automaticamente.
 pulls.ready_for_review = Pronto/a para rever?
 settings.units.units = Unidades
diff --git a/options/locale/locale_pt.ini b/options/locale/locale_pt.ini
deleted file mode 100644
index cae467f52e..0000000000
--- a/options/locale/locale_pt.ini
+++ /dev/null
@@ -1,31 +0,0 @@
-
-
-
-[common]
-create_new = Criar…
-home = Início
-dashboard = Painel
-explore = Explorar
-help = Ajuda
-logo = Logótipo
-sign_in = Entrar
-sign_in_with_provider = Entrar com %s
-sign_in_or = ou
-sign_out = Sair
-sign_up = Registar
-register = Registar
-powered_by = À base de %s
-page = Página
-template = Template
-notifications = Notificações
-link_account = Conectar conta
-version = Versão
-active_stopwatch = Cronómetro ativo
-tracked_time_summary = Resumo do tempo cronometrado baseado nos filtros da lista de issues
-user_profile_and_more = Perfil e definições…
-signed_in_as = Conectado como
-enable_javascript = Este website requer JavaScript.
-toc = Índice
-licenses = Licenças
-return_to_forgejo = Voltar ao Forgejo
-toggle_menu = Abrir/fechar menu
\ No newline at end of file
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index d3804aa524..ee2972751e 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -1940,8 +1940,6 @@ activity.period.quarterly=3 месяца
 activity.period.semiyearly=6 месяцев
 activity.period.yearly=1 год
 activity.overview=Обзор
-activity.active_prs_count_1=<strong>%d</strong> активный запрос слияния
-activity.active_prs_count_n=<strong>%d</strong> активных запросов слияния
 activity.merged_prs_count_1=Принятый запрос слияния
 activity.merged_prs_count_n=Принятых запросов слияния
 activity.opened_prs_count_1=Новый запрос слияния
@@ -1954,8 +1952,6 @@ activity.title.prs_merged_by=%s приняты %s
 activity.title.prs_opened_by=%s предложены %s
 activity.merged_prs_label=Принято
 activity.opened_prs_label=Предложено
-activity.active_issues_count_1=<strong>%d</strong> активная задача
-activity.active_issues_count_n=<strong>%d</strong> активных задач
 activity.closed_issues_count_1=Закрытая задача
 activity.closed_issues_count_n=Закрытых задач
 activity.title.issues_1=%d задача
@@ -2271,7 +2267,7 @@ settings.packagist_api_token=Токен API
 settings.packagist_package_url=Ссылка на пакет Packagist
 settings.deploy_keys=Ключи развёртывания
 settings.add_deploy_key=Добавить ключ развёртывания
-settings.deploy_key_desc=Ключи развёртывания предоставляют доступ к репозиторию только для чтения.
+settings.deploy_key_desc=Ключи развёртывания дают доступ к просмотру репозитория и опционально к отправке изменений.
 settings.is_writable=Разрешить запись
 settings.is_writable_info=Может ли этот ключ быть использован для выполнения <strong>push</strong> в репозиторий? Ключи развёртывания всегда имеют доступ на pull.
 settings.no_deploy_keys=Вы не добавляли ключи развёртывания.
@@ -2670,8 +2666,6 @@ settings.web_hook_name_sourcehut_builds = Сборки SourceHut
 settings.sourcehut_builds.manifest_path = Путь манифеста сборки
 settings.sourcehut_builds.visibility = Видимость задач
 settings.sourcehut_builds.secrets = Секреты
-release.download_count_one = %s скачивание
-release.download_count_few = %s скачиваний
 release.system_generated = Это вложение сгенерировано автоматически.
 settings.event_pull_request_enforcement = Форсирование
 pulls.cmd_instruction_checkout_desc = В репозитории вашего проекта перейдите на эту ветвь и протестируйте изменения.
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index 658acd26e9..8ad4571000 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -1334,8 +1334,6 @@ activity.period.quarterly=මාස 3
 activity.period.semiyearly=මාස 6
 activity.period.yearly=වසර 1
 activity.overview=දළ විශ්ලේෂණය
-activity.active_prs_count_1=<strong>%d</strong> ක්රියාකාරී අදින්න ඉල්ලීම
-activity.active_prs_count_n=<strong>%d</strong> ක්රියාකාරී අදින්න ඉල්ලීම්
 activity.merged_prs_count_1=ඒකාබද්ධ අදින්න ඉල්ලීම
 activity.merged_prs_count_n=ඒකාබද්ධ අදින්න ඉල්ලීම්
 activity.opened_prs_count_1=යෝජිත අදින්න ඉල්ලීම
@@ -1348,8 +1346,6 @@ activity.title.prs_merged_by=%s විසින් ඒකාබද්ධ කර
 activity.title.prs_opened_by=%s විසින් යෝජනා කරන ලද %s
 activity.merged_prs_label=සංයුක්ත කෙරිණි
 activity.opened_prs_label=යෝජිත
-activity.active_issues_count_1=<strong>%d</strong> ක්රියාකාරී නිකුතුව
-activity.active_issues_count_n=<strong>%d</strong> ක්රියාකාරී ගැටළු
 activity.closed_issues_count_1=සංවෘත නිකුතුව
 activity.closed_issues_count_n=සංවෘත ගැටළු
 activity.title.issues_1=%d නිකුතුව
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index a71b0ad114..88a19e10ac 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -182,8 +182,8 @@ buttons.quote.tooltip = Citera text
 buttons.code.tooltip = Lägg till kod
 buttons.link.tooltip = Lägg till en länk
 buttons.heading.tooltip = Lägg till rubrik
-buttons.bold.tooltip = Lägg till fetstilt text
-buttons.italic.tooltip = Lägg till kursiv text
+buttons.bold.tooltip = Lägg till fetstilt text (CTRL+B / ⌘B)
+buttons.italic.tooltip = Lägg till kursiv text (CTRL+I / ⌘I)
 buttons.list.unordered.tooltip = Lägg till en punktlista
 buttons.list.ordered.tooltip = Lägg till en numrerad lista
 buttons.list.task.tooltip = Lägg till en lista med sysslor
@@ -321,7 +321,7 @@ app_slogan_helper = Skriv in din slogan här. Lämna tom för att stänga av.
 domain = Serverdomän
 domain_helper = Domän eller värdadress för servern.
 reinstall_error = Du försöker att installera i en existerande Forgejo-databas
-password_algorithm_helper = Ställ in hashalgoritmen för lösenord. Algoritmer har olika krav och styrka. Argon2-algoritmen är ganska säker men använder mycket minne och kan vara olämplig för små system.
+password_algorithm_helper = Ställ in hashalgoritmen för lösenord. Algoritmer har olika krav och styrkor. Argon2-algoritmen är ganska säker men använder mycket minne och kan vara olämplig för små system.
 config_location_hint = Dessa konfigurationsinställningar kommer att sparas i:
 invalid_db_table = Databastabellen "%s" är ogiltig: %v
 secret_key_failed = Misslyckades att generera hemlig nyckel: %v
@@ -650,7 +650,7 @@ activate_email=Skicka aktivering
 activations_pending=Väntar på aktivering
 delete_email=Ta Bort
 email_deletion=Ta bort e-postadress
-email_deletion_desc=Mejladressen och relaterad information kommer tas bort från ditt konto. Git-commits med denna mejladress förblir oförändrade. Vill du fortsätta?
+email_deletion_desc=Denna mejladress och relaterad information kommer tas bort från ditt konto. Git-commits med denna mejladress förblir oförändrade. Vill du fortsätta?
 email_deletion_success=Mejladressen har tagits bort.
 theme_update_success=Ditt tema ändrades.
 theme_update_error=Det valda temat finns inte.
@@ -822,7 +822,7 @@ license_helper_desc=En licens styr vad andra kan och inte kan göra med din kod.
 readme=README
 readme_helper=Välj en mall för README-filen
 readme_helper_desc=Här kan du skriva en fullständig beskrivning för ditt projekt.
-auto_init=Initiera utvecklingskatalog (Lägger till .gitignore, License and README)
+auto_init=Initiera utvecklingskatalog
 create_repo=Skapa utvecklingskatalog
 default_branch=Standardgren
 default_branch_helper=Den förvalda grenen är bas-gren för pull requests och kod-commits.
@@ -866,7 +866,7 @@ migrate_items_wiki=Wiki
 migrate_items_milestones=Milstenar
 migrate_items_labels=Etiketter
 migrate_items_issues=Ärenden
-migrate_items_pullrequests=Pull Requester
+migrate_items_pullrequests=Pull-förfrågningar
 migrate_items_merge_requests=Begäran om sammanslagning
 migrate_items_releases=Releaser
 migrate_repo=Migrera utvecklingskatalog
@@ -966,7 +966,7 @@ editor.propose_file_change=Föreslå filändring
 editor.new_branch_name_desc=Nytt branchnamn…
 editor.cancel=Avbryt
 editor.filename_cannot_be_empty=Filnamnet kan inte vara tomt.
-editor.file_changed_while_editing=Filens innehåll har ändrats sedan du påbörjade din ändring.<a target="_blank" rel="noopener noreferrer" href="%s">Klicka här</a> för att se ändringarna eller <strong>commita ändringarna igen</strong> för att skriva över dem.
+editor.file_changed_while_editing=Filens innehåll har ändrats sedan du öppnade filen.<a target="_blank" rel="noopener noreferrer" href="%s">Klicka här</a> för att se ändringarna eller <strong>commita ändringarna igen</strong> för att skriva över dem.
 editor.commit_empty_file_header=Committa en tom fil
 editor.commit_empty_file_text=Filen du vill committa är tom. Vill du fortsätta?
 editor.no_changes_to_show=Det finns inga ändringar att visa.
@@ -1062,7 +1062,7 @@ issues.remove_self_assignment=`tog bort sin tilldelning %s`
 issues.change_title_at='ändrade titeln från <b><strike>%s</strike></b> till <b>%s</b> %s'
 issues.delete_branch_at='tog bort grenen <b>%s</b> %s'
 issues.filter_label=Etikett
-issues.filter_label_exclude=`Använd <code>alt</code> + <code>klicka/enter</code> för att exkludera etiketter`
+issues.filter_label_exclude=Använd <kbd>Alt</kbd> + <kbd>klicka/enter</kbd> för att exkludera etiketter
 issues.filter_label_no_select=Alla etiketter
 issues.filter_milestone=Milsten
 issues.filter_project_none=Inget projekt
@@ -1342,8 +1342,6 @@ activity.period.quarterly=3 månader
 activity.period.semiyearly=6 månader
 activity.period.yearly=1 år
 activity.overview=Översikt
-activity.active_prs_count_1=<strong>%d</strong> aktiv pull-förfrågan
-activity.active_prs_count_n=<strong>%d</strong> aktiva pull-förfrågningar
 activity.merged_prs_count_1=Sammanfogad Pull-förfrågan
 activity.merged_prs_count_n=Sammanfogade Pull-förfrågningar
 activity.opened_prs_count_1=Föreslagen pull-förfrågan
@@ -1356,8 +1354,6 @@ activity.title.prs_merged_by=%s sammanfogad av %s
 activity.title.prs_opened_by=%s föreslås av %s
 activity.merged_prs_label=Sammanfogad
 activity.opened_prs_label=Föreslagen
-activity.active_issues_count_1=<strong>%d</strong> aktivt ärende
-activity.active_issues_count_n=<strong>%d</strong> aktiva ärenden
 activity.closed_issues_count_1=Stängt ärende
 activity.closed_issues_count_n=Stängda ärenden
 activity.title.issues_1=%d ärende
@@ -2247,7 +2243,7 @@ team_kind = Sök team…
 org_kind = Sök organisationer…
 issue_kind = Sök ärenden…
 regexp_tooltip = Tolka söktermen som ett reguljärt uttryck
-code_search_unavailable = Kodsökning är för närvarande inte tillgänglig. Vänligen kontakta webbplatsadministratören.
+code_search_unavailable = Kodsökning är för närvarande inte tillgängligt. Vänligen kontakta webbplatsadministratören.
 fuzzy_tooltip = Inkludera resultat som är närliggande till söktermen
 no_results = Inga matchande resultat hittades.
 fuzzy = Ungefärlig
diff --git a/options/locale/locale_tok.ini b/options/locale/locale_tok.ini
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/options/locale/locale_tok.ini
@@ -0,0 +1 @@
+
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 04b62259aa..7419aa2fde 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -7,9 +7,9 @@ logo=Logo
 sign_in=Giriş Yap
 sign_in_with_provider=%s ile oturum aç
 sign_in_or=veya
-sign_out=Çıkış Yap
+sign_out=Çıkış yap
 sign_up=Kaydol
-link_account=Bağlantı hesabı
+link_account=Hesap Bağla
 register=Üye Ol
 version=Sürüm
 powered_by=%s tarafından desteklenen
@@ -159,7 +159,7 @@ toggle_menu = Menüyü aç-kapa
 new_migrate.title = Yeni göç
 new_migrate.link = Yeni göç
 copy_path = Dizini kopyala
-confirm_delete_artifact = "%s" adlı öğeyi silmek istediğinizden emin misiniz?
+confirm_delete_artifact = "%s" adlı öğeyi silmek istediğinize emin misiniz?
 
 [aria]
 navbar=Gezinti çubuğu
@@ -178,8 +178,8 @@ contributions_format = {day} {month} {year} tarihinde {contributions} katkı
 
 [editor]
 buttons.heading.tooltip=Başlık ekle
-buttons.bold.tooltip=Kalın metin ekle
-buttons.italic.tooltip=Eğik metin ekle
+buttons.bold.tooltip=Kalın metin ekle (Ctrl+B / ⌘B)
+buttons.italic.tooltip=Eğik metin ekle (Ctrl+I / ⌘I)
 buttons.quote.tooltip=Metni alıntıla
 buttons.code.tooltip=Kod ekle
 buttons.link.tooltip=Bağlantı ekle
@@ -228,7 +228,7 @@ platform_desc = Forgejo'nun Linux ve FreeBSD gibi özgür işletim sistemlerinde
 
 [install]
 install=Kurulum
-title=Başlangıç Yapılandırması
+title=Başlangıç yapılandırması
 docker_helper=Eğer Forgejo'yı Docker içerisinde çalıştırıyorsanız, lütfen herhangi bir değişiklik yapmadan önce <a target="_blank" rel="noopener noreferrer" href="%s">belgeleri</a> okuyun.
 require_db_desc=Forgejo MySQL, PostgreSQL, SQLite3 veya TiDB (MySQL protokolü) gerektirir.
 db_title=Veritabanı ayarları
@@ -257,7 +257,7 @@ err_admin_name_is_invalid=Yönetici kullanıcı adı geçersiz
 
 general_title=Genel ayarlar
 app_name=Site Başlığı
-app_name_helper=Şirket adınızı buraya girebilirsiniz.
+app_name_helper=Buraya örnek adınızı girin. Her sayfada görüntülenecektir.
 repo_path=Depo kök dizini
 repo_path_helper=Tüm uzak Git depoları bu dizine kaydedilecektir.
 lfs_path=Git LFS kök dizini
@@ -266,9 +266,9 @@ run_user=Şu Kullanıcı Olarak Çalıştır
 run_user_helper=Forgejo'nin çalışacağı işletim sistemi kullanıcı adı. Bu kullanıcının depo kök yoluna erişiminin olması gerektiğini unutmayın.
 domain=Sunucu alan adı
 domain_helper=Sunucu için alan adı veya ana bilgisayar adresi.
-ssh_port=SSH Sunucu Portu
-ssh_port_helper=SSH sunucusunun dinleyeceği port numarası. Etkisizleştimek için boş bırakın.
-http_port=Forgejo HTTP Dinleme Portu
+ssh_port=SSH sunucu portu
+ssh_port_helper=SSH sunucusunun dinleyeceği port numarası. SSH sunucusunu devre dışı bırakmak için boş bırakın.
+http_port=HTTP dinleme portu
 http_port_helper=Forgejo'nın web sunucusunun dinleyeceği port numarası.
 app_url=Forgejo Kök URL
 app_url_helper=HTTP(S) kopyalama URL'leri ve e-posta bildirimleri için temel adres.
@@ -1925,8 +1925,6 @@ activity.period.quarterly=3 ay
 activity.period.semiyearly=6 ay
 activity.period.yearly=1 yıl
 activity.overview=Genel Bakış
-activity.active_prs_count_1=<strong>%d</strong> Aktif Değişiklik İsteği
-activity.active_prs_count_n=<strong>%d</strong> Aktif Değişiklik İsteği
 activity.merged_prs_count_1=Birleştirilmiş Değişiklik İsteği
 activity.merged_prs_count_n=Birleştirilmiş Değişiklik İsteği
 activity.opened_prs_count_1=Önerilen Değişiklik İsteği
@@ -1939,8 +1937,6 @@ activity.title.prs_merged_by=%s %s tarafından birleştirildi
 activity.title.prs_opened_by=%s %s tarafından önerildi
 activity.merged_prs_label=Birleştirilen
 activity.opened_prs_label=Önerilen
-activity.active_issues_count_1=<strong>%d</strong> Aktif Konu
-activity.active_issues_count_n=<strong>%d</strong> Aktif Konu
 activity.closed_issues_count_1=Kapalı Konu
 activity.closed_issues_count_n=Kapalı Konu
 activity.title.issues_1=%d Konu
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 047f1a4d03..5ad3680709 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -776,7 +776,7 @@ ssh_desc=Ці відкриті ключі SSH повʼязані з вашим 
 principal_desc=Ці настройки SSH сертифікатів вказані у вашому обліковому записі та надають повний доступ до ваших репозиторіїв.
 gpg_desc=Ці відкриті ключі GPG пов'язані з вашим обліковим записом і використовуються для підтвердження комітів. Тримайте свої приватні ключі в безпеці, оскільки вони дозволяють підписувати коміти вашим особистим підписом.
 ssh_helper=<strong>Потрібна допомога?</strong> Дивіться гід на GitHub з <a href="%s"> генерації ключів SSH</a> або виправлення <a href="%s">типових неполадок SSH</a>.
-gpg_helper=<strong> Потрібна допомога? </strong> Перегляньте посібник GitHub <a href="%s"> про GPG </a>.
+gpg_helper=<strong>Потрібна допомога?</strong> Перегляньте посібник <a href="%s">про GPG</a>.
 key_content_ssh_placeholder=Починається з «ssh-ed25519», «ssh-rsa», «ecdsa-sha2-nistp256», «ecdsa-sha2-nistp384», «ecdsa-sha2-nistp521», «sk-ecdsa-sha2-nistp256@openssh.com» або «sk-ssh-ed25519@openssh.com»
 key_content_gpg_placeholder=Починається з «-----BEGIN PGP PUBLIC KEY BLOCK-----»
 add_new_principal=Додати принципал
@@ -950,7 +950,7 @@ permissions_public_only = Тільки публічні
 select_permissions = Виберіть дозволи
 permissions_access_all = Усі (публічні, приватні й обмежені)
 create_oauth2_application_success = Ви успішно створили нову програму OAuth2.
-keep_email_private_popup = Ваша адреса електронної пошти не буде відображатися у вашому профілі і не буде використовуватися за замовчуванням для комітів, зроблених через веб-інтерфейс, таких як завантаження файлів, редагування і об'єднання комітів. Натомість ви можете використовувати спеціальну адресу %s для прив'язки комітів до свого облікового запису. Ця опція не вплине на існуючі коміти.
+keep_email_private_popup = Адреса електронної пошти не буде відображатися у вашому профілі і не буде використовуватися за замовчуванням для комітів, зроблених через веб-інтерфейс, таких як завантаження файлів, редагування і об'єднання комітів. Натомість ви можете використовувати спеціальну адресу %s для прив'язки комітів до свого облікового запису. Ця опція не вплине на існуючі коміти.
 blocked_since = Заблокований з %s
 can_not_add_email_activations_pending = Очікується активація, спробуйте ще раз за кілька хвилин, якщо хочете додати нову адресу електронної пошти.
 ssh_signonly = SSH наразі вимкнено, тому ці ключі використовуються лише для перевірки підпису комітів.
@@ -1030,7 +1030,7 @@ ssh_token_help_ssh_agent = або, якщо ви використовуєте а
 
 [repo]
 owner=Власник
-owner_helper=Деякі організації можуть не відображатися у випадаючому списку через максимальну кількість репозиторііїв.
+owner_helper=Деякі організації можуть не відображатися у випадаючому списку через обмеження на максимальну кількість репозиторіїв.
 repo_name=Назва репозиторію
 repo_name_helper=Хороші назви репозиторіїв використовують короткі, унікальні ключові слова що легко запам'ятати.
 repo_size=Розмір репозиторію
@@ -1039,7 +1039,7 @@ template_select=Виберіть шаблон
 template_helper=Зробити репозиторій шаблоном
 template_description=Шаблонні репозиторії дозволяють користувачам генерувати нові репозиторії із такою ж структурою директорій, файлами та додатковими налаштуваннями.
 visibility=Видимість
-visibility_description=Тільки власник або члени організації які мають віповідні права, зможуть побачити.
+visibility_description=Тільки власник або члени організації, які мають відповідні права, зможуть побачити.
 visibility_helper_forced=Адміністратор вашого сайту налаштував параметри: всі нові репозиторії будуть приватними.
 visibility_fork_helper=(Буде змінено видимість усіх форків.)
 clone_helper=Потрібна допомога у клонуванні? Відвідайте сторінку <a target="_blank" rel="noopener" href="%s">Допомога</a>.
@@ -1384,7 +1384,7 @@ issues.filter_assignee=Виконавець
 issues.filter_assginee_no_select=Всі виконавці
 issues.filter_assginee_no_assignee=Немає виконавця
 issues.filter_type=Тип
-issues.filter_type.all_issues=Всі задачі
+issues.filter_type.all_issues=Усі задачі
 issues.filter_type.assigned_to_you=Призначене вам
 issues.filter_type.created_by_you=Створено вами
 issues.filter_type.mentioning_you=Вас згадано
@@ -1508,7 +1508,7 @@ issues.add_time_minutes=Хвилини
 issues.add_time_sum_to_small=Час не введено.
 issues.time_spent_total=Загальний витрачений час
 issues.time_spent_from_all_authors=`Загальний витрачений час: %s`
-issues.due_date=Дата завершення
+issues.due_date=Термін виконання
 issues.push_commit_1=додає %d коміт %s
 issues.push_commits_n=додає %d коміти(-ів) %s
 issues.force_push_codes=`примусово залито %[1]s з <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s до <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s %[6]s`
@@ -1517,10 +1517,10 @@ issues.due_date_form=рррр-мм-дд
 issues.due_date_form_edit=Редагувати
 issues.due_date_form_remove=Видалити
 issues.due_date_not_set=Термін виконання не встановлено.
-issues.due_date_added=додав(ла) дату завершення %s %s
-issues.due_date_remove=видалив(ла) дату завершення %s %s
+issues.due_date_added=додає термін виконання %s %s
+issues.due_date_remove=видаляє термін виконання %s %s
 issues.due_date_overdue=Прострочено
-issues.due_date_invalid=Термін дії недійсний або знаходиться за межами допустимого діапазону. Будь ласка, використовуйте формат «рррр-мм-дд».
+issues.due_date_invalid=Термін виконання недійсний або знаходиться за межами допустимого діапазону. Будь ласка, використовуйте формат «рррр-мм-дд».
 issues.dependency.title=Залежності
 issues.dependency.add=Додати залежність…
 issues.dependency.cancel=Відмінити
@@ -1631,7 +1631,7 @@ pulls.no_merge_desc=Цей запити на злиття неможливо з
 pulls.no_merge_helper=Увімкніть параметри злиття в налаштуваннях репозиторія або злийте запити на злиття вручну.
 pulls.no_merge_wip=Цей пулл-реквест не можливо об'єднати, тому-що він вже виконується.
 pulls.no_merge_not_ready=Цей запит не готовий до злиття, перевірте статус рецензіювання і статус перевірки.
-pulls.no_merge_access=Ви не авторизовані, щоб виконати цей запит на злиття.
+pulls.no_merge_access=У вас нема дозволу злити цей запит.
 pulls.merge_pull_request=Створити коміт зі злиттям
 pulls.rebase_merge_pull_request=Перебазувати, а потім виконати злиття перемотуванням
 pulls.rebase_merge_commit_pull_request=Перебазувати, а потім створити коміт злиття
@@ -1679,7 +1679,7 @@ milestones.completeness=%d%% завершено
 milestones.create=Створити етап
 milestones.title=Заголовок
 milestones.desc=Опис
-milestones.due_date=Дата завершення (опціонально)
+milestones.due_date=Термін виконання (необов'язково)
 milestones.clear=Очистити
 milestones.invalid_due_date_format=Термін виконання має бути у форматі «рррр-мм-дд».
 milestones.edit=Редагувати етап
@@ -1727,8 +1727,6 @@ activity.period.quarterly=3 місяці
 activity.period.semiyearly=6 місяців
 activity.period.yearly=1 рік
 activity.overview=Огляд
-activity.active_prs_count_1=<strong>%d</strong> активний запит на злиття
-activity.active_prs_count_n=<strong>%d</strong> активних запитів на злиття
 activity.merged_prs_count_1=Об'єднаний запит на злиття
 activity.merged_prs_count_n=Об'єднані запити на злиття
 activity.opened_prs_count_1=Запропоновані запити на злиття
@@ -1741,8 +1739,6 @@ activity.title.prs_merged_by=%s злито %s
 activity.title.prs_opened_by=%s запропоновано %s
 activity.merged_prs_label=Злито
 activity.opened_prs_label=Запропоновано
-activity.active_issues_count_1=<strong>%d</strong> активна задача
-activity.active_issues_count_n=<strong>%d</strong> активних задач
 activity.closed_issues_count_1=Закрита задача
 activity.closed_issues_count_n=Закриті задачі
 activity.title.issues_1=%d задача
@@ -2287,8 +2283,6 @@ migrate.migrating_failed.error = Міграція не вдалася: %s
 all_branches = Усі гілки
 settings.tracker_issue_style.regexp_pattern = Шаблон регулярного виразу
 settings.tracker_issue_style.regexp = Регулярний вираз
-release.download_count_one = %s завантаження
-release.download_count_few = %s завантажень
 release.invalid_external_url = Неправильна зовнішня URL-адреса: «%s»
 issues.role.collaborator_helper = Цього користувача запрошено до співпраці над репозиторієм.
 settings.add_collaborator_owner = Неможливо додати власника в якості співавтора.
@@ -2737,6 +2731,10 @@ tree_path_not_found.commit = Шлях %[1]s не існує в коміті %[2]
 tree_path_not_found.tag = Шлях %[1]s не існує в тегу %[2]s
 tree_path_not_found.branch = Шлях %[1]s не існує в гілці %[2]s
 pulls.recently_pushed_new_branches = Ви надіслали зміни до гілки <a href="%[3]s"><strong>%[1]s</strong></a> %[2]s
+issues.due_date_modified = змінює термін виконання з %[2]s на %[1]s %[3]s
+milestones.filter_sort.earliest_due_data = Найближчий термін виконання
+milestones.filter_sort.latest_due_date = Найдальший термін виконання
+settings.mirror_settings.pushed_repository = Цільовий репозиторій
 
 [graphs]
 contributors.what = внески
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index dce4adc7e5..34d992ce73 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -173,8 +173,8 @@ contributions_zero=没有贡献
 less=较少
 more=较多
 contributions_format = {year}年{month}{day}日有{contributions}
-contributions_few = 贡献
-contributions_one = 贡献
+contributions_few = 项贡献
+contributions_one = 项贡献
 
 [editor]
 buttons.heading.tooltip=添加标题
@@ -328,7 +328,7 @@ default_allow_create_organization=默认情况下允许创建组织
 default_allow_create_organization.description=默认允许新用户创建组织。禁用此选项时，管理员必须向新用户授予创建组织的权限。
 default_enable_timetracking=默认情况下启用时间跟踪
 default_enable_timetracking.description=默认允许新仓库使用时间跟踪功能。
-no_reply_address=隐藏电子邮件
+no_reply_address=隐藏的电子邮件域名
 no_reply_address_helper=用于设置隐藏电子邮件地址的用户使用的电子邮件域名。例如，如果用于隐藏电子邮件地址的域名设为“noreply.example.org”，则用户名 “joe” 在 Git 中将以 “joe@noreply.example.org” 表示。
 password_algorithm=密码哈希算法
 invalid_password_algorithm=无效的密码哈希算法
@@ -445,8 +445,8 @@ password_pwned=此密码出现在 <a target="_blank" rel="noopener noreferrer" h
 password_pwned_err=无法完成对 HaveIBeenPwned 的请求
 last_admin=您不能删除最后一个管理员。必须至少保留一个管理员。
 change_unconfirmed_email = 如果您在注册时提供了错误的邮箱地址，您可以在下方修改，激活邮件会发送到修改后的邮箱地址。
-change_unconfirmed_email_summary = 修改用来接收激活邮件的邮箱地址。
-change_unconfirmed_email_error = 无法修改邮箱地址：%v
+change_unconfirmed_email_summary = 更改接收激活邮件的电子邮件地址。
+change_unconfirmed_email_error = 无法更改电子邮件地址：%v
 hint_login = 已经有账户了吗？<a href="%s">立即登录！</a>
 back_to_sign_in = 返回登录
 sign_in_openid = 继续使用 OpenID
@@ -762,7 +762,7 @@ password_incorrect=当前密码不正确。
 change_password_success=您的密码已更新。从现在开始请使用您的新密码登录。
 password_change_disabled=非本地帐户不能通过 Forgejo 的 web 界面更改密码。
 
-manage_emails=管理邮箱地址
+manage_emails=管理电子邮件地址
 manage_themes=默认主题
 manage_openid=OpenID 地址
 email_desc=您的主要电子邮件地址将用于通知、密码恢复，基于网页界面的Git操作（只要它不是设置为隐藏的）。
@@ -783,16 +783,16 @@ theme_update_error=所选主题不存在。
 openid_deletion=移除 OpenID 地址
 openid_deletion_desc=删除此 OpenID 地址将会阻止你使用它进行登录。你确定要继续吗？
 openid_deletion_success=OpenID地址已被移除。
-add_new_email=添加邮箱地址
+add_new_email=添加电子邮件地址
 add_new_openid=添加新的 OpenID URI
-add_email=增加电子邮件地址
+add_email=添加电子邮件地址
 add_openid=添加 OpenID URI
 add_email_confirmation_sent=确认邮件已发送至“%s”。请检查您的收件箱并在接下来的 %s 内点击提供的链接以确认您的电子邮件地址。
 add_email_success=新的电子邮件地址已添加。
 email_preference_set_success=电子邮件首选项已成功设置。
 add_openid_success=新的 OpenID 地址已添加。
-keep_email_private=隐藏邮箱地址
-keep_email_private_popup=您的邮件地址不会在个人资料中显示，也不会成为通过网页界面提交的默认地址，例如文件上传、编辑和合并提交。相反，可以使用特殊地址 %s 将提交链接到您的账号。此选项不会影响现有提交。
+keep_email_private=隐藏电子邮件地址
+keep_email_private_popup=电子邮件地址不会显示在个人资料页面上，且不会成为通过网页界面提交的默认地址，例如文件上传、编辑和合并提交。相反，可以使用特殊地址 %s 将提交链接到用户账号。此选项不会影响现有提交。
 openid_desc=OpenID 让你可以将认证转发到外部服务。
 
 manage_ssh_keys=管理 SSH 密钥
@@ -1975,8 +1975,6 @@ activity.period.quarterly=3个月
 activity.period.semiyearly=6 个月
 activity.period.yearly=1年
 activity.overview=概览
-activity.active_prs_count_1=<strong>%d</strong> 个活跃合并请求
-activity.active_prs_count_n=<strong>%d</strong> 个活跃合并请求
 activity.merged_prs_count_1=已合并的合并请求
 activity.merged_prs_count_n=已合并的合并请求
 activity.opened_prs_count_1=新合并请求
@@ -1989,8 +1987,6 @@ activity.title.prs_merged_by=%[2]s 共合并了 %[1]s
 activity.title.prs_opened_by=%[2]s 共创建了 %[1]s
 activity.merged_prs_label=已合并
 activity.opened_prs_label=已创建
-activity.active_issues_count_1=<strong>%d</strong> 项活动的议题
-activity.active_issues_count_n=<strong>%d</strong> 项活动的议题
 activity.closed_issues_count_1=已关闭的议题
 activity.closed_issues_count_n=已关闭的议题
 activity.title.issues_1=%d 项议题
@@ -2315,7 +2311,7 @@ settings.packagist_api_token=API 令牌
 settings.packagist_package_url=Packagist 软件包 URL
 settings.deploy_keys=部署密钥
 settings.add_deploy_key=添加部署密钥
-settings.deploy_key_desc=部署密钥具有对仓库的只读拉取权限。
+settings.deploy_key_desc=部署密钥对仓库可具有只读或读写访问权限。
 settings.is_writable=启用写权限
 settings.is_writable_info=允许此部署密钥 <strong>推送</strong> 提交到仓库。
 settings.no_deploy_keys=没有部署密钥。
@@ -2668,8 +2664,6 @@ settings.sourcehut_builds.secrets = 密钥
 size_format = %[1]s：%[2]s, %[3]s：%[4]s
 settings.add_webhook.invalid_path = 路径中不能包含“.”或“..”，也不能在开头或结尾中使用斜杠。
 settings.sourcehut_builds.secrets_helper = 给予任务访问构建密钥的权限（需要 SECRETS:RO 权限）
-release.download_count_one = %s 下载
-release.download_count_few = %s 下载
 release.system_generated = 此附件是自动生成的。
 pulls.ready_for_review = 准备好接受评审了吗？
 settings.web_hook_name_sourcehut_builds = SourceHut Builds
@@ -3298,7 +3292,7 @@ config.enable_timetracking=启用时间跟踪
 config.default_enable_timetracking=默认情况下启用时间跟踪
 config.allow_dots_in_usernames = 允许用户在用户名中使用英文句号。不影响已有的帐户。
 config.default_allow_only_contributors_to_track_time=仅允许成员跟踪时间
-config.no_reply_address=隐藏电子邮件域名
+config.no_reply_address=隐藏的电子邮件域名
 config.default_visibility_organization=新组织的默认可见性
 config.default_enable_dependencies=默认情况下启用议题依赖
 
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index bc6f47686f..6e21fd6b03 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -1863,8 +1863,6 @@ activity.period.quarterly=3 個月
 activity.period.semiyearly=6 個月
 activity.period.yearly=1 年
 activity.overview=概覽
-activity.active_prs_count_1=<strong>%d</strong> 個合併請求
-activity.active_prs_count_n=<strong>%d</strong> 個合併請求
 activity.merged_prs_count_1=已合併合併請求
 activity.merged_prs_count_n=已合併合併請求
 activity.opened_prs_count_1=已提出合併請求
@@ -1877,8 +1875,6 @@ activity.title.prs_merged_by=%[2]s合併了 %[1]s
 activity.title.prs_opened_by=%[2]s提出了 %[1]s
 activity.merged_prs_label=已合併
 activity.opened_prs_label=提案
-activity.active_issues_count_1=<strong>%d</strong> 個問題
-activity.active_issues_count_n=<strong>%d</strong> 個問題
 activity.closed_issues_count_1=已關閉的問題
 activity.closed_issues_count_n=已關閉的問題
 activity.title.issues_1=%d 個問題
@@ -2609,8 +2605,6 @@ settings.units.overview = 概覽
 settings.federation_settings = 聯邦設定
 issues.author.tooltip.issue = 這個使用者是這個問題的作者。
 settings.units.add_more = 啟用更多
-release.download_count_one = %s 次下載
-release.download_count_few = %s 次下載
 pulls.cmd_instruction_checkout_title = 簽出
 pulls.made_using_agit = AGit
 branch.rename = 重新命名分支「%s」
diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index fbae0843d5..e434d7dd7e 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -153,5 +153,13 @@
     "migrate.codebase.description": "ترحيل البيانات من codebasehq.com.",
     "migrate.forgejo.description": "ترحيل المعلومات من كودبيرج أو خوادم فورجيو الأخرى.",
     "user.ghost.tooltip": "تم حذف هذا المستخدم أو لا يمكن مطابقته.",
-    "migrate.form.error.url_credentials": "يحتوي عنوان الرابط على بيانات اعتماد، ضعها في حقلي اسم المستخدم وكلمة المرور على التوالي"
+    "migrate.form.error.url_credentials": "يحتوي عنوان الرابط على بيانات اعتماد، ضعها في حقلي اسم المستخدم وكلمة المرور على التوالي",
+    "pulse.n_active_issues": {
+        "one": "%s مسألة حالية",
+        "other": "%s مسألة حالية"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s طلب دمج حالي",
+        "other": "%s طلب دمج حالي"
+    }
 }
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index 1ee15bda2d..029db1b5fc 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s изтегляне",
+        "other": "%s изтегляния"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "сля %[1]d подаване от <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
         "other": "сля %[1]d подавания от <code>%[2]s</code> в <code>%[3]s</code> %[4]s"
@@ -98,5 +102,13 @@
     "feed.atom.link": "Atom емисия",
     "keys.gpg.link": "GPG ключове",
     "profile.edit.link": "Редактиране на профила",
-    "profile.actions.tooltip": "Още действия"
+    "profile.actions.tooltip": "Още действия",
+    "pulse.n_active_issues": {
+        "one": "%s активна задача",
+        "other": "%s активни задачи"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s активна заявка за сливане",
+        "other": "%s активни заявки за сливане"
+    }
 }
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index 4d64570526..9ce7bf55bb 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -74,7 +74,7 @@
     "keys.ssh.link": "Claus SSH",
     "keys.gpg.link": "Claus GPG",
     "admin.config.moderation_config": "Configuració de la moderació",
-    "admin.moderation.reports": "Informes",
+    "admin.moderation.reports": "Denúncies",
     "admin.moderation.moderation_reports": "Informes de moderació",
     "admin.moderation.no_open_reports": "No hi ha cap denúncia oberta.",
     "moderation.report_abuse": "Denunciar abús",
@@ -133,7 +133,7 @@
     "admin.config.global_2fa_requirement.admin": "Administradors",
     "settings.visibility.description": "La visibilitat del perfil afecta la capacitat dels altres per accedir als vostres repositoris no privats. <a href=\"%s\" target=\"_blank\">Saber-ne més</a>.",
     "settings.twofa_unroll_unavailable": "El vostre compte requereix l'autenticació de doble factor i no es pot desactivar.",
-    "settings.twofa_reenroll.description": "Torneu-vos a inscriure a l'autenticació de doble factor",
+    "settings.twofa_reenroll.description": "Torneu-vos a inscriure a la vostra autenticació de doble factor",
     "settings.must_enable_2fa": "Aquesta instància de Forgejo requereix que els usuaris habilitin l'autenticació de doble factor abans de poder accedir als seus comptes.",
     "error.must_enable_2fa": "Aquesta instància de Forgejo requereix que els usuaris habilitin l'autenticació de doble factor abans de poder accedir als seus comptes. Habiliteu-la a: %s",
     "avatar.constraints_hint": "Els avatars personalitzats no poden pesar més de %[1]s ni tenir una dimensió superior a %[2]dx%[3]d píxels",
@@ -143,7 +143,41 @@
     "migrate.pagure.incorrect_url": "S'ha proporcionat una URL del repositori font incorrecta",
     "migrate.pagure.project_url": "URL del projecte de Pagure",
     "migrate.pagure.project_example": "L'URL del projecte de pagure, per exemple: https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Testimoni",
-    "migrate.pagure.token_body_a": "Proporcioneu un testimoni d'API de Pagure amb accés a les incidències privades per crear un repositori que contingui només les incidències privades",
-    "meta.last_line": "Molt estudiar anglès i vinga a fer espíquings i ràitings i tal... I què passa amb el català? Eh?! Me'l noto una mica oxidat! També és important."
+    "migrate.pagure.token_label": "Testimoni de l'API de Pagure",
+    "meta.last_line": "Molt estudiar anglès i vinga a fer espíquings i ràitings i tal... I què passa amb el català? Eh?! Me'l noto una mica oxidat! També és important.",
+    "pulse.n_active_issues": {
+        "one": "%s incidència activa",
+        "many": "%s incidències actives",
+        "other": "%s incidències actives"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s sol·licitud d'extracció activa",
+        "many": "%s sol·licituds d'extracció actives",
+        "other": "%s sol·licituds d'extracció actives"
+    },
+    "user.ghost.tooltip": "Aquest usuari ha sigut eliminat, o no es pot trobar.",
+    "repo.pulls.maintainers_can_edit": "Els responsables poden editar aquesta sol·licitud d'extracció.",
+    "repo.pulls.maintainers_cannot_edit": "Els responsables no poden editar aquesta sol·licitud d'extracció.",
+    "mail.issue.action.close_by_commit": "%[1]s ha tancat %[2]s al commit %[3]s.",
+    "admin.dashboard.cleanup_offline_runners": "Neteja els executors fora de línia",
+    "settings.twofa_reenroll": "Torneu-vos a inscriure a l'autenticació de doble factor",
+    "migrate.pagure.private_issues.summary": "Incidències privades (opcional)",
+    "migrate.pagure.private_issues.description": "Aquesta funció està pensada per crear un segon repositori amb només les incidències privades del vostre projecte de Pragure amb la finalitat d'arxivar-lo. Primer, feu una migració normal (sense cap testimoni) per importar tot el contingut públic. Després, si teniu incidències privades que voleu preservar, creeu un repositori separat emprant aquesta opció de testimoni per arxivar-les.",
+    "migrate.pagure.token.placeholder": "Només per crear un arxiu d'incidències privades",
+    "actions.runs.viewing_out_of_date_run": "Esteu veient una execució desactualitzada d'aquesta tasca que va ser executada %[1]s.",
+    "actions.runs.view_most_recent_run": "Veure l'execució més recent",
+    "actions.workflow.pre_execution_error": "No s'ha executat el flux de treball degut a un error que ha bloquejat l'intent d'execució.",
+    "relativetime.future": "en el futur",
+    "migrate.pagure.private_issues.warning": "Assegureu-vos de configurar la visibilitat del repositori com a privada si esteu usant la clau API per importar incidències privades. Això evitarà exposar accidentalment el contingut privat en un repositori públic.",
+    "actions.runs.run_attempt_label": "Intent d'execució #%[1]s (%[2]s)",
+    "actions.workflow.job_parsing_error": "No s'han pogut analitzar les tasques al flux de treball: %v",
+    "release.n_downloads": {
+        "one": "%s baixada",
+        "many": "%s baixades",
+        "other": "%s baixades"
+    },
+    "actions.workflow.event_detection_error": "No s'han pogut analitzar els esdeveniments compatibles al flux de treball: %v",
+    "og.repo.summary_card.alt_description": "La targeta de resum del repositori %[1]s, descrita com a: %[2]s",
+    "stars.list.none": "Ningú ha marcat aquest repositori com a favorit.",
+    "mail.actions.run_info_trigger": "Activat per: %[1]s per: %[2]s"
 }
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 691cb1b447..c44f9ec54d 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s stažení",
+        "other": "%s stažení"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "sloučil/a %[1]d revizi z větve <code>%[2]s</code> do větve <code>%[3]s</code> %[4]s",
         "few": "sloučil/a %[1]d revize z větve <code>%[2]s</code> do větve <code>%[3]s</code> před %[4]s",
@@ -130,9 +134,7 @@
     "migrate.pagure.incorrect_url": "Byla zadána nesprávná adresa URL zdrojového repozitáře",
     "migrate.pagure.project_url": "Adresa projektu Pagure",
     "migrate.pagure.project_example": "Adresa URL projektu Pagure, např. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Token",
-    "migrate.pagure.token_body_a": "Zadejte token API Pagure s přístupem k soukromým problémům pro vytvoření repozitáře obsahujícího pouze soukromé problémy",
-    "migrate.pagure.token_body_b": "Nezapomeňte nastavit repozitář jako soukromý výše, pokud chcete, aby byl repozitář soukromý",
+    "migrate.pagure.token_label": "Token API Pagure",
     "migrate.github.description": "Migrovat data z github.com nebo serveru GitHub Enterprise.",
     "migrate.git.description": "Migrovat pouze repozitář z libovolné služby Git.",
     "migrate.gitea.description": "Migrovat data z gitea.com nebo jiných instancí Gitea.",
@@ -156,5 +158,25 @@
     "migrate.form.error.url_credentials": "Adresa obsahuje údaje, zadejte je do odpovídajících polí uživatelského jména a hesla",
     "actions.runs.viewing_out_of_date_run": "Prohlížíte si zastaralý běh této úlohy, který byl spuštěn %[1]s.",
     "actions.runs.run_attempt_label": "Pokus o běh #%[1]s (%[2]s)",
-    "actions.runs.view_most_recent_run": "Zobrazit nejnovější běh"
+    "actions.runs.view_most_recent_run": "Zobrazit nejnovější běh",
+    "pulse.n_active_issues": {
+        "one": "%s aktivní problém",
+        "few": "%s aktivní problémy",
+        "other": "%s aktivních problémů"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s aktivní žádost o sloučení",
+        "few": "%s aktivní žádosti o sloučení",
+        "other": "%s aktivních žádostí o sloučení"
+    },
+    "repo.pulls.maintainers_can_edit": "Správci mohou upravit tuto žádost o sloučení.",
+    "repo.pulls.maintainers_cannot_edit": "Správci nemohou upravit tuto žádost o sloučení.",
+    "mail.issue.action.close_by_commit": "%[1]s zavřel/a %[2]s v revizi %[3]s.",
+    "migrate.pagure.private_issues.summary": "Soukromé problémy (volitelné)",
+    "migrate.pagure.private_issues.description": "Tato funkce je navržená pro vytvoření druhého repozitáře obsahujícího pouze soukromé problémy z vašeho projektu Pagure pro účely archivace. Nejprve proveďte normální migraci (bez tokenu) pro importování veškerého veřejného obsahu. Poté, pokud máte soukromé problémy k uchování, vytvořte oddělený repozitář pomocí této možnosti tokenu k archivování daných soukromých problémů.",
+    "migrate.pagure.private_issues.warning": "Ujistěte se, že je viditelnost repozitáře výše nastavena na Soukromou, pokud používáte klíč API k importování soukromých problémů. Tím zabráníte nechtěnému zveřejněný soukromého obsahu ve veřejném repozitáři.",
+    "migrate.pagure.token.placeholder": "Pouze pro vytvoření archivu soukromých problémů",
+    "actions.workflow.job_parsing_error": "Nepodařilo se zpracovat úlohy ve workflow: %v",
+    "actions.workflow.event_detection_error": "Nepodařilo se zpracovat podporované události ve workflow: %v",
+    "actions.workflow.pre_execution_error": "Workflow nebyl vykonán z důvodu chyby, která zablokovala pokus o vykonání."
 }
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index c0ea12f50f..3d20be657a 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s download",
+        "other": "%s downloads"
+    },
     "search.milestone_kind": "Søg milepæle…",
     "repo.pulls.title_desc": {
         "one": "ønsker at flette %[1]d commit fra <code>%[2]s</code> til <code id=\"%[4]s\">%[3]s</code>",
@@ -110,5 +114,13 @@
     "migrate.onedev.description": "Migrer data fra code.onedev.io eller andre OneDev-instanser.",
     "migrate.gitbucket.description": "Migrer data fra GitBucket-instanser.",
     "migrate.codebase.description": "Migrer data fra codebasehq.com.",
-    "migrate.forgejo.description": "Migrer data fra codeberg.org eller andre Forgejo-instanser."
+    "migrate.forgejo.description": "Migrer data fra codeberg.org eller andre Forgejo-instanser.",
+    "pulse.n_active_issues": {
+        "one": "%s aktivt problem",
+        "other": "%s aktive problemer"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s aktiv pull-anmodning",
+        "other": "%s aktive pull-anmodninger"
+    }
 }
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 17b63b4ecc..e922d09828 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s Download",
+        "other": "%s Downloads"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "hat %[1]d Commit von <code>%[2]s</code> nach <code>%[3]s</code> %[4]s zusammengeführt",
         "other": "hat %[1]d Commits von <code>%[2]s</code> nach <code>%[3]s</code> %[4]s zusammengeführt"
@@ -117,7 +121,6 @@
     "admin.auths.allow_username_change": "Benutzernamen ändern zulassen",
     "admin.auths.allow_username_change.description": "Benutzern erlauben, ihren Benutzernamen in den Profileinstellungen zu ändern",
     "warning.repository.out_of_sync": "Die Datenbankdarstellung dieses Repositorys ist nicht synchronisiert. Falls diese Warnung immer noch angezeigt wird, nachdem ein Commit zu diesem Repository gepusht wurde, kontaktieren Sie den Administrator.",
-    "migrate.pagure.token_body_b": "Stellen Sie sicher, dass das Flag für private Repos oben gesetzt ist, wenn Sie möchten, dass dieses Repo privat ist",
     "migrate.github.description": "Daten von github.com oder GitHub-Enterprise-Server migrieren.",
     "migrate.git.description": "Ein Repository von einem beliebigen Git-Dienst klonen.",
     "migrate.gitea.description": "Daten von gitea.com oder anderen Gitea-Instanzen migrieren.",
@@ -129,10 +132,9 @@
     "migrate.forgejo.description": "Daten von codeberg.org oder anderen Forgejo-Instanzen migrieren.",
     "repo.pulls.already_merged": "Zusammenführung fehlgeschlagen. Der Pull-Request wurde bereits zusammengeführt.",
     "migrate.pagure.incorrect_url": "Falsche Quellrepository-URL wurde angegeben",
-    "migrate.pagure.token_body_a": "Stellen Sie ein Pagure-API-Token mit Zugriff auf die privaten Issues zur Verfügung, um ein Repository mit nur den privaten Issues darin zu erstellen",
     "migrate.pagure.project_example": "Die URL des Pagure-Projekts, z. B. https://pagure.io/pagure",
     "migrate.pagure.description": "Daten von pagure.io oder anderen Pagure-Instanzen migrieren.",
-    "migrate.pagure.token_label": "Token",
+    "migrate.pagure.token_label": "Pagure-API-Token",
     "migrate.pagure.project_url": "Pagure-Projekt-URL",
     "admin.config.security": "Sicherheitskonfiguration",
     "settings.twofa_unroll_unavailable": "Für deinen Account wird die Zwei-Faktor-Authentifizierung benötigt; sie kann nicht deaktiviert werden.",
@@ -148,5 +150,23 @@
     "actions.runs.view_most_recent_run": "Letzten Run betrachten",
     "actions.runs.viewing_out_of_date_run": "Sie sehen einen veralteten Run dieses Jobs, der %[1]s ausgeführt wurde.",
     "actions.runs.run_attempt_label": "Run-Versuch #%[1]s (%[2]s)",
-    "migrate.form.error.url_credentials": "Die URL enthält Anmeldedaten; diese sollten in das jeweilige Benutzername- und Passwortfeld eingetragen werden"
+    "migrate.form.error.url_credentials": "Die URL enthält Anmeldedaten; diese sollten in das jeweilige Benutzername- und Passwortfeld eingetragen werden",
+    "repo.pulls.maintainers_can_edit": "Maintainer können diesen Pull-Request bearbeiten.",
+    "repo.pulls.maintainers_cannot_edit": "Maintainer können diesen Pull-Request nicht bearbeiten.",
+    "pulse.n_active_issues": {
+        "one": "%s aktives Issue",
+        "other": "%s aktive Issues"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s aktiver Pull-Request",
+        "other": "%s aktive Pull-Requests"
+    },
+    "migrate.pagure.private_issues.summary": "Private Issues (optional)",
+    "migrate.pagure.private_issues.description": "Dieses Feature wurde dafür entworfen, um ein zweites Repository zu erstellen, das nur private Issues von deinem Pagure-Projekt für Archivierungszwecke enthält. Nimm zuerst eine normale Migration (ohne ein Token) vor, um alle öffentliche Inhalte zu importieren. Anschließend, wenn du private Issues hast, die du aufbewahren willst, erstelle mit diesem Token ein separates Repository, um diese privaten Issues zu archivieren.",
+    "migrate.pagure.private_issues.warning": "Stell sicher, dass du die Repository-Sichtbarkeit oben auf Privat stellst, falls du den API-Schlüssel benutzt, um private Issues zu importieren. Damit verhindest du, dass du aus Versehen private Inhalte in einem öffentlichen Repository offenlegst.",
+    "migrate.pagure.token.placeholder": "Nur für die Erstellung eines privaten Issue-Archivs",
+    "mail.issue.action.close_by_commit": "%[1]s hat %[2]s in Commit %[3]s geschlossen.",
+    "actions.workflow.job_parsing_error": "Jobs im Workflow konnten nicht geparst werden: %v",
+    "actions.workflow.event_detection_error": "Unterstützte Ereignisse im Workflow konnten nicht geparst werden: %v",
+    "actions.workflow.pre_execution_error": "Der Workflow wurde aufgrund eines Fehlers, der den Ausführungsversuch blockierte, nicht ausgeführt."
 }
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index 6403cd1038..dbba91e250 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s λήψη",
+        "other": "%s λήψεις"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "συγχώνευθηκε %[1]d υποβολή από τον κλάδο <code>%[2]s</code> στον κλάδο <code>%[3]s</code> %[4]s",
         "other": "συγχώνευσε %[1]d υποβολές από <code>%[2]s</code> σε <code>%[3]s</code> %[4]s"
@@ -99,8 +103,6 @@
     "repo.pulls.already_merged": "Αποτυχία συγχώνευσης: Αυτό το pull request έχει ήδη συγχωνευτεί.",
     "repo.issue_indexer.title": "Ευρετηρητής Ζητημάτων",
     "migrate.pagure.token_label": "Διακριτικό",
-    "migrate.pagure.token_body_a": "Παρέχεται ένα διακριτικό Pagure API με πρόσβαση στα ιδιωτικά ζητήματα για τη δημιουργία ενός αποθετηρίου με μόνο τα ιδιωτικά ζητήματα σε αυτό",
-    "migrate.pagure.token_body_b": "Φροντίστε να ορίσετε το αποθετήριο με ιδιωτικό σήμα αν θέλετε από το αποθετήριο να είναι ιδιωτικό",
     "migrate.pagure.incorrect_url": "Δόθηκε λανθασμένο URL αποθετηρίου πηγής",
     "migrate.pagure.project_url": "URL έργου Pagure",
     "migrate.pagure.description": "Μετανάστευση δεδομένων από το pagure.io ή άλλες εγκαταστάσεις Pagure.",
@@ -148,5 +150,13 @@
     "settings.visibility.description": "Η ορατότητα το προφίλ σας, ελέγχει την δυνατότητα άλλων να έχουν πρόσβαση στα μη-ιδιωτικά σας αποθετήρια. <a href=\"%s\" target=\"_blank\">Μάθετε περισσότερα</a>.",
     "actions.runs.run_attempt_label": "Προσπάθεια εκτέλεσης #%[1]s (%[2]s)",
     "actions.runs.viewing_out_of_date_run": "Εμφανίζεται μια παρωχημένη εκτέλεση αυτής της εργασίας που έτρεξε %[1]s.",
-    "actions.runs.view_most_recent_run": "Εμφάνιση της πιο πρόσφατης εκτέλεσης"
+    "actions.runs.view_most_recent_run": "Εμφάνιση της πιο πρόσφατης εκτέλεσης",
+    "pulse.n_active_issues": {
+        "one": "%s ενεργό ζήτημα",
+        "other": "%s ενεργά ζητήματα"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s ενεργό pull request",
+        "other": "%s ενεργά pull request"
+    }
 }
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 41fd09be40..485ef63092 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -53,6 +53,8 @@
         "one": "wants to merge %[1]d commit from <code>%[2]s</code> into <code id=\"%[4]s\">%[3]s</code>",
         "other": "wants to merge %[1]d commits from <code>%[2]s</code> into <code id=\"%[4]s\">%[3]s</code>"
     },
+    "repo.pulls.maintainers_can_edit": "Maintainers can edit this pull request.",
+    "repo.pulls.maintainers_cannot_edit": "Maintainers cannot edit this pull request.",
     "repo.form.cannot_create": "All spaces in which you can create repositories have reached the limit of repositories.",
     "migrate.form.error.url_credentials": "The URL contains credentials, put them in the username and password fields respectively",
     "migrate.github.description": "Migrate data from github.com or GitHub Enterprise server.",
@@ -112,6 +114,7 @@
     "mail.actions.run_info_previous_status": "Previous Run's Status: %[1]s",
     "mail.actions.run_info_sha": "Commit: %[1]s",
     "mail.actions.run_info_trigger": "Triggered because: %[1]s by: %[2]s",
+    "mail.issue.action.close_by_commit": "%[1]s closed %[2]s in commit %[3]s.",
     "repo.diff.commit.next-short": "Next",
     "repo.diff.commit.previous-short": "Prev",
     "discussion.locked": "This discussion has been locked. Commenting is limited to contributors.",
@@ -142,11 +145,28 @@
     "migrate.pagure.incorrect_url": "Incorrect source repository URL has been provided",
     "migrate.pagure.project_url": "Pagure project URL",
     "migrate.pagure.project_example": "The Pagure project URL, e.g. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Token",
-    "migrate.pagure.token_body_a": "Provide a Pagure API token with access to the private issues to create a repository with just the private issues in it",
-    "migrate.pagure.token_body_b": "Be sure to set the private repo flag above if you want this repo to be private",
+    "migrate.pagure.token_label": "Pagure API Token",
+    "migrate.pagure.private_issues.summary": "Private Issues (Optional)",
+    "migrate.pagure.private_issues.description": "This feature is designed to create a second repository containing only private issues from your Pagure project for archive purposes. First, perform a normal migration (without a token) to import all public content. Then, if you have private issues to preserve, create a separate repository using this token option to archive those private issues.",
+    "migrate.pagure.private_issues.warning": "Be sure to set the repository visibility above to Private if you are using the API key to import private issues. This prevents accidentally exposing private content in a public repository.",
+    "migrate.pagure.token.placeholder": "Only for creating private issues archive",
+    "release.n_downloads": {
+        "one": "%s download",
+        "other": "%s downloads"
+    },
     "actions.runs.run_attempt_label": "Run attempt #%[1]s (%[2]s)",
     "actions.runs.viewing_out_of_date_run": "You are viewing an out-of-date run of this job that was executed %[1]s.",
     "actions.runs.view_most_recent_run": "View most recent run",
+    "actions.workflow.job_parsing_error": "Unable to parse jobs in workflow: %v",
+    "actions.workflow.event_detection_error": "Unable to parse supported events in workflow: %v",
+    "actions.workflow.pre_execution_error": "Workflow was not executed due to an error that blocked the execution attempt.",
+    "pulse.n_active_issues": {
+        "one": "%s active issue",
+        "other": "%s active issues"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s active pull request",
+        "other": "%s active pull requests"
+    },
     "meta.last_line": "Thank you for translating Forgejo! This line isn't seen by the users but it serves other purposes in the translation management. You can place a fun fact in the translation instead of translating it."
 }
diff --git a/options/locale_next/locale_eo.json b/options/locale_next/locale_eo.json
index 1f4124b2ea..72b33f927e 100644
--- a/options/locale_next/locale_eo.json
+++ b/options/locale_next/locale_eo.json
@@ -1,3 +1,62 @@
 {
-    "search.milestone_kind": "Serĉi celojn..."
+    "search.milestone_kind": "Serĉi celojn…",
+    "home.welcome.no_activity": "Neniu aktiveco",
+    "home.explore_repos": "Esplori deponejojn",
+    "home.explore_users": "Esplori uzantojn",
+    "home.explore_orgs": "Esplori organizaĵojn",
+    "stars.list.none": "Neniu stelumis ĉi tiun deponejon.",
+    "relativetime.now": "nun",
+    "relativetime.mins": {
+        "one": "antaŭ %d minuto",
+        "other": "antaŭ %d minutoj"
+    },
+    "relativetime.hours": {
+        "one": "antaŭ %d horo",
+        "other": "antaŭ %d horoj"
+    },
+    "relativetime.days": {
+        "one": "antaŭ %d tago",
+        "other": "antaŭ %d tagoj"
+    },
+    "relativetime.weeks": {
+        "one": "antaŭ %d semajno",
+        "other": "antaŭ %d semajnoj"
+    },
+    "relativetime.months": {
+        "one": "antaŭ %d monato",
+        "other": "antaŭ %d monatoj"
+    },
+    "relativetime.years": {
+        "one": "antaŭ %d jaro",
+        "other": "antaŭ %d jaroj"
+    },
+    "relativetime.1day": "hieraŭ",
+    "relativetime.2days": "antaŭ du tagoj",
+    "relativetime.1week": "je lasta semajno",
+    "relativetime.2weeks": "antaŭ du semajnoj",
+    "relativetime.1month": "je lasta monato",
+    "relativetime.2months": "antaŭ du monatoj",
+    "relativetime.1year": "je lasta jaro",
+    "relativetime.2years": "antaŭ du jaroj",
+    "migrate.github.description": "Migrigi datumojn el github.com aŭ Github Enterprise server.",
+    "migrate.git.description": "Migrigi nur deponejon el ajna Git servilo.",
+    "migrate.gitea.description": "Migrigi datumojn el gitea.com aŭ aliaj Gitea instancoj.",
+    "migrate.gitlab.description": "Migrigi datumojn el gitlab.com aŭ aliaj GitLab instancoj.",
+    "migrate.gogs.description": "Migrigi datumojn el notabug.org aŭ aliaj Gogs instancoj.",
+    "migrate.onedev.description": "Migrigi datumojn el code.onedev.io aŭ aliaj OneDev instancoj.",
+    "migrate.gitbucket.description": "Migrigi datumojn el GitBucket instancoj.",
+    "migrate.codebase.description": "Migrigi datumojn el codebasehq.com.",
+    "migrate.forgejo.description": "Migrigi datumojn el codeberg.org aŭ aliaj Forgejo instancoj.",
+    "repo.settings.push_mirror.branch_filter.label": "Branĉa filtrilo (malnepra)",
+    "themes.names.forgejo-auto": "Forgejo (konformi kun sistema etoso)",
+    "themes.names.forgejo-light": "Forgejo hela",
+    "themes.names.forgejo-dark": "Forgejo malhela",
+    "error.not_found.title": "Paĝo ne trovita",
+    "alert.range_error": " devas esti nombro inter %[1]s kaj %[2]s.",
+    "profile.edit.link": "Redakti profilon",
+    "feed.atom.link": "Atomfluo",
+    "keys.ssh.link": "SSH ŝlosiloj",
+    "keys.gpg.link": "GPG ŝlosiloj",
+    "admin.moderation.reports": "Raportoj",
+    "admin.moderation.no_open_reports": "Ne estas malfermataj raportoj."
 }
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index 8d027f8cc6..c7dc326e71 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s descarga",
+        "other": "%s descargas"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "fusionó %[1]d confirmación de <code>%[2]s</code> en <code>%[3]s</code> %[4]s",
         "many": "fusionó %[1]d confirmaciones de <code>%[2]s</code> en <code>%[3]s</code> %[4]s",
@@ -115,5 +119,13 @@
     "migrate.gitbucket.description": "Migrar datos de instancias de GitBucket.",
     "migrate.codebase.description": "Migrar datos desde codebasehq.com.",
     "migrate.forgejo.description": "Migrar datos desde codeberg.org u otras instancias de Forgejo.",
-    "moderation.abuse_category.spam": "Spam"
+    "moderation.abuse_category.spam": "Spam",
+    "pulse.n_active_issues": {
+        "one": "%s incidencia activa",
+        "other": "%s incidencias activas"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s pull request activa",
+        "other": "%s pull requests activas"
+    }
 }
diff --git a/options/locale_next/locale_fa-IR.json b/options/locale_next/locale_fa-IR.json
index 96486b29b1..ec3d5e16e0 100644
--- a/options/locale_next/locale_fa-IR.json
+++ b/options/locale_next/locale_fa-IR.json
@@ -19,5 +19,13 @@
     "migrate.gogs.description": "مهاجرت داده از notabug.com یا پیاده‌سازی‌های دیگر Gogs.",
     "migrate.onedev.description": "مهاجرت داده از code.onedev.io یا پیاده‌سازی‌های دیگر OneDev.",
     "migrate.gitbucket.description": "مهاجرت داده از نمونه های GitBucket",
-    "migrate.codebase.description": "مهاجر داده ها از codebasehq.com."
+    "migrate.codebase.description": "مهاجر داده ها از codebasehq.com.",
+    "pulse.n_active_issues": {
+        "one": "%s مسئله فعال",
+        "other": "%s مسئله فعال"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s تقاضای واکشی فعال",
+        "other": "%s تقاضاهای واکشی فعال"
+    }
 }
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index 96f7f7b6ce..bcb8e60564 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s lataus",
+        "other": "%s latausta"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "yhdistetty %[1]d sitoumus <code>%[2]s</code>:sta kohteeseen <code>%[3]s</code> %[4]s",
         "other": "yhdistetty %[1]d sitoumusta <code>%[2]s</code>:sta kohteeseen <code>%[3]s</code> %[4]s"
@@ -132,5 +136,24 @@
     "avatar.constraints_hint": "Mukautettu profiilikuva voi olla kooltaan enintään %[1]s tai enintään %[2]dx%[3]d pikseliä",
     "repo.commit.load_tags_failed": "Tagien lataaminen epäonnistui sisäisen virheen vuoksi",
     "actions.runs.run_attempt_label": "Suoritusyritys #%[1]s (%[2]s)",
-    "migrate.pagure.description": "Tee migraatio pagure.io:sta tai muista Pagure-instansseista."
+    "migrate.pagure.description": "Tee migraatio pagure.io:sta tai muista Pagure-instansseista.",
+    "pulse.n_active_issues": {
+        "one": "%s aktiivinen ongelma",
+        "other": "%s aktiivista ongelmaa"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s aktiivinen vetopyyntö",
+        "other": "%s aktiivista vetopyyntöä"
+    },
+    "repo.pulls.maintainers_can_edit": "Ylläpitäjät voivat muokata tätä vetopyyntöä.",
+    "repo.pulls.maintainers_cannot_edit": "Ylläpitäjät eivät voi muokata tätä vetopyyntöä.",
+    "repo.form.cannot_create": "Kaikki tilat, joihin voit luoda tietovarastoja, ovat saavuttaneet tietovarastojen rajan.",
+    "migrate.form.error.url_credentials": "URL-osoite sisältää valtuustiedot, laita ne vastaavasti käyttäjänimi- ja salasanakenttiin",
+    "warning.repository.out_of_sync": "Tämän tietotietovaraston tietokantaesitys ei ole synkronoitu. Jos tämä varoitus näkyy edelleen tämän tietovaraston sitoumuksen lähettämisen jälkeen, ota yhteyttä järjestelmänvalvojaan.",
+    "admin.moderation.deleted_content_ref": "Ilmoitettua sisältöä, jonka tyyppi on %[1]v ja tunnus %[2]d, ei enää ole olemassa",
+    "settings.twofa_reenroll.description": "Ota mukaan kaksivaiheinen todennus uudelleen",
+    "user.ghost.tooltip": "Tämä käyttäjä on poistettu tai häntä ei voida yhdistää.",
+    "og.repo.summary_card.alt_description": "Yhteenvetokortti tietovarastosta %[1]s, kuvattu seuraavasti: %[2]s",
+    "migrate.pagure.incorrect_url": "Virheellinen lähdetietovaraston URL-osoite on syötetty",
+    "actions.runs.viewing_out_of_date_run": "Katselet tämän työn vanhentunutta suorituskertaa, joka suoritettiin %[1]s."
 }
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index c9e97d6e55..d1d3d79940 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s download",
+        "other": "%s mga download"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "isinali ang %[1]d commit mula <code>%[2]s</code> patungong <code>%[3]s</code> %[4]s",
         "other": "isinali ang %[1]d mga commit mula sa <code>%[2]s</code> patungong <code>%[3]s</code> %[4]s"
@@ -120,10 +124,8 @@
     "repo.pulls.already_merged": "Nabigo ang pagsasama: Naisama na ang hiling sa paghila na ito.",
     "migrate.pagure.incorrect_url": "Maling pinagmulang URL ng repositoryo ang ibinigay",
     "migrate.pagure.project_url": "URL ng Pagure na proyekto",
-    "migrate.pagure.token_label": "Token",
-    "migrate.pagure.token_body_a": "Magbigay ng Pagure API token na may access sa mga pribadong isyu para gumawa ng repositoryo na may mga pribadong isyu lang",
+    "migrate.pagure.token_label": "Pagure API Token",
     "migrate.pagure.project_example": "Ang URL ng Pagure na proyekto, hal. https://pagure.io/pagure",
-    "migrate.pagure.token_body_b": "Siguraduhin na itakda ang pribadong repositoryo na flag sa itaas kung gusto mo na pribado ang repositoryong ito",
     "migrate.pagure.description": "Mag-migrate ng data mula sa pagure.io o sa ibang mga Pagure na instansya.",
     "migrate.github.description": "Magmigrate ng data mula sa github.com o GitHub Enterprise server.",
     "migrate.git.description": "Mag-migrate lang ng repositoryo mula sa anumang serbisyo ng Git.",
@@ -148,5 +150,23 @@
     "migrate.form.error.url_credentials": "Naglalaman ng mga kredensyal ang URL, ilagay ang mga ito sa mga patlang ng username at password ayon sa pagkakabanggit",
     "actions.runs.viewing_out_of_date_run": "Tumitingin ka sa isang hindi napapanahong paktabo ng trabahong ito na na-execute %[1]s.",
     "actions.runs.view_most_recent_run": "Tignan ang pinakabagong pagtakbo",
-    "actions.runs.run_attempt_label": "Tangka sa pagtakbo #%[1]s (%[2]s)"
+    "actions.runs.run_attempt_label": "Tangka sa pagtakbo #%[1]s (%[2]s)",
+    "pulse.n_active_issues": {
+        "one": "%s aktibong isyu",
+        "other": "%s mga aktibong isyu"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s aktibong hiling sa paghila",
+        "other": "%s aktibong mga hiling sa paghila"
+    },
+    "repo.pulls.maintainers_can_edit": "Maaaring i-edit ng mga tagapangaiswa ang hiling sa paghila na ito.",
+    "repo.pulls.maintainers_cannot_edit": "Hindi maaaring i-edit ng mga tagapangasiwa ang hiling sa paghila na ito.",
+    "migrate.pagure.private_issues.summary": "Mga Pribadong Isyu (Opsyonal)",
+    "migrate.pagure.private_issues.description": "Dinisenyo ang feature na ito na gumawa ng isa pang repositoryo na naglalaman lamang ng mga pribadong isyu mula sa iyong proyekto sa Pagure para sa layunin ng pag-archive. Una, magsagawa ng isang normal na pag-migrate (nang walang token) para i-import ang lahat ng mga nilalaman. At, kung may mga pribadong isyu na gusto mong panatilihin, gumawa ng isang hiwalay na repositoryo gamit ng opsyon ng token na ito para i-archive ang mga pribadong isyu.",
+    "migrate.pagure.private_issues.warning": "Siguraduhing itakda ang visibility ng repositoryo sa itaas sa Pribado kung ginagamit mo ang API key para i-import ang mga pribadong isyu. Pinipigilan nito ang paglalantag ng mga pribadong nilalaman sa isang pampublikong repositoryo.",
+    "migrate.pagure.token.placeholder": "Para lamang sa paggawa ng archive ng mga pribadong isyu",
+    "mail.issue.action.close_by_commit": "Isinara ni %[1]s ang %[2]s sa commit na %[3]s.",
+    "actions.workflow.job_parsing_error": "Hindi ma-parse ang mga trabaho sa workflow: %v",
+    "actions.workflow.event_detection_error": "Hindi ma-parse ang mga sinusuportahang event sa workflow: %v",
+    "actions.workflow.pre_execution_error": "Hindi na-execute ang workflow dahil sa isang error na hinarang ang pagtangka sa pag-execute."
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index 11b7713778..dce2900a60 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s téléchargement",
+        "other": "%s téléchargements"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "a fusionné %[1]d commit depuis <code>%[2]s</code> vers <code>%[3]s</code> %[4]s",
         "many": "fusionné %[1]d de commits depuis <code>%[2]s</code> vers <code>%[3]s</code> %[4]s",
@@ -155,6 +159,22 @@
     "migrate.pagure.project_url": "URL du projet Pagure",
     "migrate.pagure.project_example": "L'URL du projet Pagure, ex. https://pagure.io/pagure",
     "migrate.pagure.token_label": "Jeton",
-    "migrate.pagure.token_body_a": "Veuillez fournir un jeton API Pagure avec l'accès aux problèmes privés pour créer un dépôt contenant seulement les problèmes privés",
-    "migrate.pagure.token_body_b": "Assurez-vous de définir le drapeau dépôt privé ci-dessus si vous souhaitez que ce dépôt soit privé"
+    "pulse.n_active_issues": {
+        "one": "%s ticket actif",
+        "many": "%s tickets actifs",
+        "other": ""
+    },
+    "pulse.n_active_prs": {
+        "one": "%s demande d'ajout active",
+        "many": "%s demandes d'ajout actives",
+        "other": ""
+    },
+    "repo.pulls.maintainers_can_edit": "Les mainteneurs peuvent modifier cette pull request.",
+    "repo.pulls.maintainers_cannot_edit": "Les mainteneurs ne peuvent pas éditer cette pull request.",
+    "mail.issue.action.close_by_commit": "%[1]s a fermé %[2]s dans le commit %[3]s.",
+    "migrate.pagure.private_issues.summary": "Tickets privés (Optionnel)",
+    "migrate.pagure.private_issues.description": "Cette fonctionnalité est conçue pour créer un deuxième dépôt contenant uniquement des tickets privés de votre projet Pagure à des fins d'archive. Premièrement, effectuer une migration normale (sans jeton) pour importer tout le contenu public. Ensuite, si vous avez des tickets privés à préserver, créez un dépôt séparé en utilisant cette option de jeton pour archiver ces tickets privés.",
+    "migrate.pagure.private_issues.warning": "Assurez-vous de définir la visibilité du dépôt ci-dessus à Privé si vous utilisez la clé API pour importer des tickets privés. Cela empêche d'exposer accidentellement du contenu privé dans un dépôt public.",
+    "migrate.pagure.token.placeholder": "Seulement pour créer des archives de tickets privés",
+    "actions.workflow.pre_execution_error": "Workflow n'a pas été exécuté en raison d'une erreur qui a bloqué la tentative d'exécution."
 }
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index 71efcd489b..0734ca8447 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -5,5 +5,13 @@
     "migrate.gogs.description": "Aistrigh sonraí ó notabug.org nó ó chásanna eile de chuid Gogs.",
     "migrate.onedev.description": "Aistrigh sonraí ó code.onedev.io nó ó chásanna OneDev eile.",
     "migrate.gitbucket.description": "Aistrigh sonraí ó chásanna GitBucket.",
-    "migrate.codebase.description": "Aistrigh sonraí ó codebasehq.com."
+    "migrate.codebase.description": "Aistrigh sonraí ó codebasehq.com.",
+    "pulse.n_active_issues": {
+        "one": "%s Eagrán Gníomhach",
+        "other": "%s Ceisteanna Gníomhacha"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s Iarratas Tarraingthe Gníomhach",
+        "other": "%s Iarratais Tharraing Ghníomhach"
+    }
 }
diff --git a/options/locale_next/locale_hu-HU.json b/options/locale_next/locale_hu-HU.json
index 1c02002e6e..8698473f66 100644
--- a/options/locale_next/locale_hu-HU.json
+++ b/options/locale_next/locale_hu-HU.json
@@ -2,5 +2,13 @@
     "repo.pulls.merged_title_desc": "egyesítve %[1]d változás(ok) a <code>%[2]s</code>-ból <code>%[3]s</code>-ba %[4]s",
     "repo.pulls.title_desc": "egyesíteni szeretné %[1]d változás(oka)t a(z) <code>%[2]s</code>-ból <code id=\"%[4]s\">%[3]s</code>-ba",
     "search.milestone_kind": "Mérföldkövek keresése...",
-    "moderation.abuse_category.malware": "Malware"
+    "moderation.abuse_category.malware": "Malware",
+    "pulse.n_active_issues": {
+        "one": "%s Aktív hibajegy",
+        "other": "%s Aktív hibajegy"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s Aktív Egyesítési Kérés",
+        "other": "%s Aktív Egyesítési Kérések"
+    }
 }
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index 14bf491789..1ad3f2158a 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -1,5 +1,142 @@
 {
     "repo.pulls.merged_title_desc": "commit %[1]d telah digabungkan dari <code>%[2]s</code> menjadi <code>%[3]s</code> %[4]s",
     "repo.pulls.title_desc": "ingin menggabungkan komit %[1]d dari <code>%[2]s</code> menuju <code id=\"%[4]s\">%[3]s</code>",
-    "moderation.abuse_category.malware": "Perangkat pembahaya"
+    "moderation.abuse_category.malware": "Perangkat pembahaya",
+    "pulse.n_active_issues": {
+        "other": "%s Masalah Aktif"
+    },
+    "pulse.n_active_prs": {
+        "other": "%s Tarik permintaan aktif"
+    },
+    "home.welcome.no_activity": "Tidak ada aktivitas",
+    "home.welcome.activity_hint": "Belum ada konten di feed Anda. Aktivitas dan tindakan Anda dari repositori yang Anda ikuti akan ditampilkan di sini.",
+    "home.explore_repos": "Jelajahi repositori",
+    "home.explore_users": "Jelajahi pengguna",
+    "home.explore_orgs": "Jelajahi organisasi",
+    "stars.list.none": "Tidak ada yang memberikan bintang pada repositori ini.",
+    "watch.list.none": "Tidak ada yang memantau repositori ini.",
+    "followers.incoming.list.self.none": "Tidak ada yang mengikuti profil Anda.",
+    "followers.incoming.list.none": "Tidak ada yang mengikuti pengguna ini.",
+    "followers.outgoing.list.self.none": "Anda tidak mengikuti siapa pun.",
+    "followers.outgoing.list.none": "%s tidak mengikuti siapa pun.",
+    "relativetime.now": "sekarang",
+    "relativetime.future": "di masa depan",
+    "relativetime.mins": "%d menit yang lalu",
+    "relativetime.hours": "%d jam yang lalu",
+    "relativetime.days": "%d hari yang lalu",
+    "relativetime.weeks": "%d minggu yang lalu",
+    "relativetime.months": "%d bulan yang lalu",
+    "relativetime.years": "%d tahun yang lalu",
+    "relativetime.1day": "kemarin",
+    "relativetime.2days": "dua hari yang lalu",
+    "relativetime.1week": "minggu lalu",
+    "relativetime.2weeks": "dua minggu yang lalu",
+    "relativetime.1month": "bulan lalu",
+    "relativetime.2months": "dua bulan yang lalu",
+    "relativetime.1year": "tahun lalu",
+    "relativetime.2years": "dua tahun yang lalu",
+    "repo.pulls.already_merged": "Penggabungan (merge) gagal: Permintaan pull (pull request) ini sudah digabungkan.",
+    "repo.pulls.maintainers_can_edit": "Pengelola dapat mengedit permintaan pull ini.",
+    "repo.pulls.maintainers_cannot_edit": "Pengelola tidak dapat mengedit permintaan pull ini.",
+    "repo.form.cannot_create": "Semua ruang di mana Anda dapat membuat repositori telah mencapai batas jumlah repositori.",
+    "migrate.form.error.url_credentials": "URL tersebut mengandung kredensial, masukkan kredensial tersebut ke dalam kolom nama pengguna dan kata sandi masing-masing",
+    "migrate.github.description": "Migrasikan data dari github.com atau server GitHub Enterprise.",
+    "migrate.git.description": "Migrasikan repositori hanya dari layanan Git mana pun.",
+    "migrate.gitea.description": "Migrasikan data dari gitea.com atau instance Gitea lainnya.",
+    "migrate.gitlab.description": "Migrasikan data dari gitlab.com atau instance GitLab lainnya.",
+    "migrate.gogs.description": "Migrasikan data dari notabug.org atau instance Gogs lainnya.",
+    "migrate.onedev.description": "Migrasikan data dari code.onedev.io atau instance OneDev lainnya.",
+    "migrate.gitbucket.description": "Migrasikan data dari instance GitBucket.",
+    "migrate.codebase.description": "Migrasikan data dari codebasehq.com.",
+    "migrate.forgejo.description": "Migrasikan data dari codeberg.org atau instance Forgejo lainnya.",
+    "repo.issue_indexer.title": "Indeks Masalah",
+    "search.milestone_kind": "Cari milestone…",
+    "repo.settings.push_mirror.branch_filter.label": "Filter cabang (opsional)",
+    "repo.settings.push_mirror.branch_filter.description": "Cabang yang akan disalin. Biarkan kosong untuk menyalin semua cabang. Lihat <a href=\"%[1]s\">%[2]s dokumentasi</a> untuk sintaksis. Contoh: <code>main, release/*</code>",
+    "incorrect_root_url": "Instance Forgejo ini dikonfigurasi untuk diakses melalui “%s”. Saat ini Anda mengakses Forgejo melalui URL yang berbeda, yang dapat menyebabkan sebagian fungsi aplikasi tidak berfungsi dengan baik. URL kanonik dikendalikan oleh admin Forgejo melalui pengaturan ROOT_URL di berkas app.ini.",
+    "themes.names.forgejo-auto": "Forgejo (mengikuti tema sistem)",
+    "themes.names.forgejo-light": "Forgejo terang",
+    "themes.names.forgejo-dark": "Forgejo gelap",
+    "error.not_found.title": "Halaman tidak ditemukan",
+    "warning.repository.out_of_sync": "Representasi basis data repositori ini tidak sinkron. Jika peringatan ini masih ditampilkan setelah melakukan commit ke repositori ini, hubungi administrator.",
+    "alert.asset_load_failed": "Gagal memuat berkas aset dari {path}. Pastikan berkas aset dapat diakses.",
+    "alert.range_error": " Harus berupa angka antara %[1]s dan %[2]s.",
+    "install.invalid_lfs_path": "Tidak dapat membuat direktori root LFS di jalur yang ditentukan: %[1]s",
+    "profile.actions.tooltip": "Lebih banyak tindakan",
+    "profile.edit.link": "Edit profil",
+    "feed.atom.link": "Atom feed",
+    "keys.ssh.link": "Kunci SSH",
+    "keys.gpg.link": "Kunci GPG",
+    "admin.config.moderation_config": "Konfigurasi moderasi",
+    "admin.moderation.moderation_reports": "Konfigurasi moderasi",
+    "admin.moderation.reports": "Laporan",
+    "admin.moderation.no_open_reports": "Saat ini tidak ada laporan yang terbuka.",
+    "admin.moderation.deleted_content_ref": "Konten yang dilaporkan dengan tipe %[1]v dan ID %[2]d tidak lagi tersedia",
+    "moderation.report_abuse": "Laporkan penyalahgunaan",
+    "moderation.report_content": "Isi laporan",
+    "moderation.report_abuse_form.header": "Laporkan penyalahgunaan kepada administrator",
+    "moderation.report_abuse_form.details": "Formulir ini harus digunakan untuk melaporkan pengguna yang membuat profil spam, repositori, masalah, komentar, atau berperilaku tidak pantas.",
+    "moderation.report_abuse_form.invalid": "Argumen tidak valid",
+    "moderation.report_abuse_form.already_reported": "Anda sudah melaporkan konten ini",
+    "moderation.abuse_category": "Kategori",
+    "moderation.abuse_category.placeholder": "Pilih kategori",
+    "moderation.abuse_category.spam": "Spam",
+    "moderation.abuse_category.illegal_content": "Konten ilegal",
+    "moderation.abuse_category.other_violations": "Pelanggaran lain terhadap aturan platform",
+    "moderation.report_remarks": "Catatan",
+    "moderation.report_remarks.placeholder": "Silakan berikan beberapa detail mengenai penyalahgunaan yang Anda laporkan.",
+    "moderation.submit_report": "Kirimkan laporan",
+    "moderation.reporting_failed": "Tidak dapat kirimkan laporan penyalahgunaan baru: %v",
+    "moderation.reported_thank_you": "Terima kasih atas laporan yang Anda sampaikan. Pihak administrasi telah mengetahui hal tersebut.",
+    "mail.actions.successful_run_after_failure_subject": "Alur kerja %[1] telah dipulihkan di repositori %[2]",
+    "mail.actions.not_successful_run_subject": "Alur kerja %[1] gagal di repositori %[2]",
+    "mail.actions.successful_run_after_failure": "Alur kerja %[1] telah dipulihkan di repositori %[2]",
+    "mail.actions.not_successful_run": "Alur kerja %[1] gagal di repositori %[2]",
+    "mail.actions.run_info_cur_status": "Status Lari Ini: %[1]s (baru saja diperbarui dari %[2]s)",
+    "mail.actions.run_info_previous_status": "Status Eksekusi Sebelumnya: %[1]s",
+    "mail.actions.run_info_sha": "Komitmen: %[1]s",
+    "mail.actions.run_info_trigger": "Dipicu oleh: %[1]s oleh: %[2]s",
+    "mail.issue.action.close_by_commit": "%[1]s ditutup %[2]s dalam commit %[3]s.",
+    "repo.diff.commit.next-short": "Selanjutnya",
+    "repo.diff.commit.previous-short": "Sebelumnya",
+    "discussion.locked": "Diskusi ini telah dikunci. Komentar hanya dapat dilakukan oleh kontributor.",
+    "discussion.sidebar.reference": "Referensi",
+    "editor.textarea.tab_hint": "Baris sudah diindentasi. Tekan <kbd>Tab</kbd> lagi atau <kbd>Escape</kbd> untuk keluar dari editor.",
+    "editor.textarea.shift_tab_hint": "Tidak ada indentasi pada baris ini. Tekan <kbd>Shift</kbd> + <kbd>Tab</kbd> lagi atau <kbd>Escape</kbd> untuk keluar dari editor.",
+    "admin.auths.allow_username_change": "Izinkan perubahan nama pengguna",
+    "admin.auths.allow_username_change.description": "Izinkan pengguna untuk mengubah nama pengguna mereka di pengaturan profil",
+    "admin.dashboard.cleanup_offline_runners": "Pembersihan pelari offline",
+    "admin.dashboard.remove_resolved_reports": "Hapus laporan yang telah diselesaikan",
+    "admin.config.security": "Konfigurasi keamanan",
+    "admin.config.global_2fa_requirement.title": "Persyaratan dua faktor global",
+    "admin.config.global_2fa_requirement.none": "Tidak",
+    "admin.config.global_2fa_requirement.all": "Semua pengguna",
+    "admin.config.global_2fa_requirement.admin": "Administrator",
+    "settings.visibility.description": "Visibilitas profil memengaruhi kemampuan orang lain untuk mengakses repositori non-pribadi Anda. <a href=\"%s\" target=\"_blank\">Pelajari lebih lanjut</a>.",
+    "settings.twofa_unroll_unavailable": "Otentikasi dua faktor diwajibkan untuk akun Anda dan tidak dapat dinonaktifkan.",
+    "settings.twofa_reenroll": "Aktifkan kembali otentikasi dua faktor",
+    "settings.twofa_reenroll.description": "Daftarkan ulang otentikasi dua faktor Anda",
+    "settings.must_enable_2fa": "Instance Forgejo ini mengharuskan pengguna untuk mengaktifkan otentikasi dua faktor sebelum mereka dapat mengakses akun mereka.",
+    "error.must_enable_2fa": "Instance Forgejo ini mengharuskan pengguna untuk mengaktifkan otentikasi dua faktor sebelum mereka dapat mengakses akun mereka. Aktifkan di: %s",
+    "avatar.constraints_hint": "Avatar kustom tidak boleh melebihi %[1]s dalam ukuran atau lebih besar dari %[2]dx%[3]d piksel",
+    "user.ghost.tooltip": "Pengguna ini telah dihapus, atau tidak dapat diidentifikasi.",
+    "og.repo.summary_card.alt_description": "Kartu ringkasan repositori %[1]s, dijelaskan sebagai: %[2]s",
+    "repo.commit.load_tags_failed": "Pemuatan tag gagal karena kesalahan internal",
+    "compare.branches.title": "Bandingkan cabang",
+    "migrate.pagure.description": "Migrasikan data dari pagure.io atau instance Pagure lainnya.",
+    "migrate.pagure.incorrect_url": "URL repositori sumber yang salah telah disediakan",
+    "migrate.pagure.project_url": "URL Proyek Pagure",
+    "migrate.pagure.project_example": "URL proyek Pagure, misalnya https://pagure.io/pagure",
+    "migrate.pagure.token_label": "Token API Pagure",
+    "migrate.pagure.private_issues.summary": "Masalah Pribadi (Opsional)",
+    "migrate.pagure.private_issues.description": "Fitur ini dirancang untuk membuat repositori kedua yang hanya berisi masalah pribadi dari proyek Pagure Anda untuk tujuan arsip. Pertama, lakukan migrasi normal (tanpa token) untuk mengimpor semua konten publik. Kemudian, jika Anda memiliki masalah pribadi yang ingin disimpan, buat repositori terpisah menggunakan opsi token ini untuk mengarsipkan masalah pribadi tersebut.",
+    "migrate.pagure.private_issues.warning": "Pastikan untuk mengatur visibilitas repositori di atas menjadi Pribadi jika Anda menggunakan kunci API untuk mengimpor masalah pribadi. Hal ini mencegah pengungkapan konten pribadi secara tidak sengaja di repositori publik.",
+    "migrate.pagure.token.placeholder": "Hanya untuk membuat arsip masalah pribadi",
+    "actions.runs.run_attempt_label": "Upaya eksekusi #%[1]s (%[2]s)",
+    "actions.runs.viewing_out_of_date_run": "Anda sedang melihat hasil eksekusi yang sudah kadaluwarsa dari tugas ini yang dijalankan pada %[1]s.",
+    "actions.runs.view_most_recent_run": "Lihat hasil terbaru",
+    "actions.workflow.job_parsing_error": "Tidak dapat memproses pekerjaan dalam alur kerja: %v",
+    "actions.workflow.event_detection_error": "Tidak dapat memproses peristiwa yang didukung dalam alur kerja: %v",
+    "actions.workflow.pre_execution_error": "Alur kerja tidak dijalankan karena terjadi kesalahan yang menghalangi upaya eksekusi.",
+    "meta.last_line": "Terima kasih telah menerjemahkan Forgejo! Baris ini tidak terlihat oleh pengguna, tetapi memiliki fungsi lain dalam manajemen terjemahan. Anda dapat menambahkan fakta menarik dalam terjemahan alih-alih menerjemahkannya."
 }
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index 2bc51f624b..fee4263633 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s download",
+        "other": "%s downloads"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "ha fuso %[1]d commit da <code>%[2]s</code> in <code>%[3]s</code> %[4]s",
         "many": "ha unito %[1]d commit da <code>%[2]s</code> a <code>%[3]s</code> %[4]s",
@@ -137,14 +141,12 @@
     "user.ghost.tooltip": "Questo utente è stato eliminato, o non può essere trovato.",
     "og.repo.summary_card.alt_description": "Scheda di riepilogo del repositorio %[1]s, descritta come: %[2]s",
     "repo.commit.load_tags_failed": "Caricamento dei tag fallito a causa di un errore interno",
-    "migrate.pagure.token_body_a": "Fornisci un token API di Pagure con accesso alle segnalazioni private per creare un repositorio che contenga solo le segnalazioni private",
     "actions.runs.run_attempt_label": "Esegui tentativo #%[1]s (%[2]s)",
     "actions.runs.viewing_out_of_date_run": "Stai visualizzando un'esecuzione obsoleta di questo lavoro che è stata eseguita il %[1]s.",
     "actions.runs.view_most_recent_run": "Visualizza l'esecuzione più recente",
     "settings.visibility.description": "La visibilità del profilo influisce sulla capacità degli altri di accedere ai tuoi repository non privati. <a href=\"%s\" target=\"_blank\">Scopri di più</a>.",
     "error.must_enable_2fa": "Questa istanza Forgejo richiede che gli utenti attivino la verifica in due passaggi prima di poter accedere ai propri account. Attivala su: %s",
     "migrate.pagure.token_label": "Token",
-    "migrate.pagure.token_body_b": "Assicurati di impostare sopra l'attributo del repositorio privato se desideri che questo repositorio sia privato",
     "admin.config.security": "Configurazione della sicurezza",
     "admin.config.global_2fa_requirement.title": "Requisito globale di autenticazione a due fattori",
     "admin.config.global_2fa_requirement.none": "No",
@@ -156,5 +158,18 @@
     "migrate.pagure.project_url": "URL del progetto Pagure",
     "migrate.pagure.project_example": "L'URL del progetto Pagure, ad esempio https://pagure.io/pagure",
     "mail.actions.not_successful_run": "Flusso di lavoro %[1]s non riuscito nel repositorio %[2]s",
-    "settings.twofa_reenroll.description": "Reinserisci la verifica in due passaggi"
+    "settings.twofa_reenroll.description": "Reinserisci la verifica in due passaggi",
+    "pulse.n_active_issues": {
+        "one": "%s segnalazione attiva",
+        "many": "%s segnalazioni attive",
+        "other": ""
+    },
+    "pulse.n_active_prs": {
+        "one": "%s richiesta di modifica attiva",
+        "many": "%s richieste di modifiche attive",
+        "other": ""
+    },
+    "repo.pulls.maintainers_can_edit": "I gestori possono modificare questa richiesta di modifica.",
+    "repo.pulls.maintainers_cannot_edit": "I gestori non possono modificare questa richiesta di modifica.",
+    "migrate.pagure.private_issues.summary": "Segnalazioni Private (opzionale)"
 }
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index 21cfae2aa7..f8d25020cf 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s のダウンロード",
+        "other": "%s のダウンロード"
+    },
     "repo.pulls.merged_title_desc": "が %[1]d 個のコミットを <code>%[2]s</code> から <code>%[3]s</code> へマージ %[4]s",
     "repo.pulls.title_desc": "が <code>%[2]s</code> から <code id=\"%[4]s\">%[3]s</code> への %[1]d コミットのマージを希望しています",
     "search.milestone_kind": "マイルストーンを検索...",
@@ -11,5 +15,13 @@
     "migrate.onedev.description": "code.onedev.io やその他の OneDev インスタンスからデータを移行します。",
     "migrate.gitbucket.description": "GitBucket インスタンスからデータを移行します。",
     "migrate.codebase.description": "codebasehq.com からデータを移行します。",
-    "migrate.forgejo.description": "codeberg.orgまたは他のインスタンスからデータを移行する。"
+    "migrate.forgejo.description": "codeberg.orgまたは他のインスタンスからデータを移行する。",
+    "pulse.n_active_issues": {
+        "one": "%s件のアクティブなイシュー",
+        "other": "%s件のアクティブなイシュー"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s件のアクティブなプルリクエスト",
+        "other": "%s件のアクティブなプルリクエスト"
+    }
 }
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index 143ed17608..e64c287a38 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -9,5 +9,25 @@
     "repo.diff.commit.previous-short": "Uzwir",
     "admin.config.global_2fa_requirement.none": "Uhu",
     "admin.config.global_2fa_requirement.admin": "Inedbalen",
-    "migrate.pagure.token_label": "Ajiṭun"
+    "migrate.pagure.token_label": "Ajiṭun API n Pagure",
+    "home.explore_repos": "Snirem ikufan",
+    "home.explore_users": "Snirem iseqdacen",
+    "relativetime.1week": "dduṛt yezrin",
+    "relativetime.1month": "ayyur yezrin",
+    "relativetime.1year": "ilindi",
+    "themes.names.forgejo-light": "Forgejo aceɛlal",
+    "themes.names.forgejo-dark": "Forgejo ubrik",
+    "profile.actions.tooltip": "Ugar n tigawin",
+    "profile.edit.link": "Ẓreg amaɣnu",
+    "keys.ssh.link": "Tasarut SSH",
+    "keys.gpg.link": "Tisura GPG",
+    "admin.config.security": "Tawila n tɣellist",
+    "admin.config.global_2fa_requirement.all": "Akk iseqdacen",
+    "relativetime.2days": "sin n wussan aya",
+    "relativetime.2months": "sin n wayyuren aya",
+    "relativetime.2years": "sin n iseggasen aya",
+    "error.not_found.title": "Asebtar ulac-it",
+    "moderation.abuse_category.placeholder": "Fren taggayt",
+    "migrate.pagure.project_url": "Tansa URL n usenfar Pagure",
+    "themes.names.forgejo-auto": "Forgejo (akken i yella usentel n unagraw)"
 }
diff --git a/options/locale_next/locale_ko-KR.json b/options/locale_next/locale_ko-KR.json
index 2e51144cb7..2af68b520e 100644
--- a/options/locale_next/locale_ko-KR.json
+++ b/options/locale_next/locale_ko-KR.json
@@ -2,5 +2,9 @@
     "repo.pulls.merged_title_desc": "님이 <code>%[2]s</code> 에서 <code>%[3]s</code> 로 %[1]d 커밋을 %[4]s 병합함",
     "repo.pulls.title_desc": "<code>%[2]s</code> 에서 <code id=\"%[4]s\">%[3]s</code> 로 %[1]d개의 커밋들을 병합하려함",
     "home.welcome.no_activity": "활동 없음",
-    "moderation.abuse_category.malware": "악성 소프트웨어"
+    "moderation.abuse_category.malware": "악성 소프트웨어",
+    "pulse.n_active_issues": {
+        "one": "%s 개의 활성화된 이슈",
+        "other": "%s 개의 활성화된 이슈"
+    }
 }
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 75a3769dbb..573e335aab 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -1,4 +1,9 @@
 {
+    "release.n_downloads": {
+        "zero": "%s lejupielāžu",
+        "one": "%s lejupielāde",
+        "other": "%s lejupielādes"
+    },
     "repo.pulls.merged_title_desc": {
         "zero": "iekļāva %[1]d iesūtījumu no <code>%[2]s</code> <code>%[3]s</code> %[4]s",
         "one": "Iekļāva %[1]d iesūtījumu no <code>%[2]s</code> zarā <code>%[3]s</code> %[4]s",
@@ -129,9 +134,7 @@
     "migrate.pagure.incorrect_url": "Ir norādīts nepareizs avota glabātavas URL",
     "migrate.pagure.project_url": "Pagure projekta URL",
     "migrate.pagure.project_example": "Pagure projekta URL, piem., https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Pilnvara",
-    "migrate.pagure.token_body_a": "Jānorāda Pagura API pilnvara ar piekļuvi privātajiem pieteikumiem, lai izveidotu glabātavu tikai ar privātiem pieteikumiem tajā",
-    "migrate.pagure.token_body_b": "Jāpārliecinās, ka augstāk ir iestatīts privātas glabātavas karogs, ja vēlies, lai šī glabātava būtu privāta",
+    "migrate.pagure.token_label": "Pagure API ilnvara",
     "migrate.github.description": "Pārcelt datus no github.com vai GitHub Enterprise servera.",
     "migrate.git.description": "Pārcelt tikai glabātavu no jebkura Git pakalpojuma.",
     "migrate.gitea.description": "Pārcelt datus no gitea.com vai citiem Gitea serveriem.",
@@ -156,5 +159,25 @@
     "migrate.form.error.url_credentials": "URL satur pieteikšanās datus, tie ir attiecīgi jāievieto lietotājvārda un paroles laukā",
     "actions.runs.view_most_recent_run": "Apskatīt visnesenāko palaišanu",
     "actions.runs.run_attempt_label": "Palaišanas mēģinājums #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Tu skati novecojušu šī darba palaišanu, kas tika izpildīta %[1]s."
+    "actions.runs.viewing_out_of_date_run": "Tu skati novecojušu šī darba palaišanu, kas tika izpildīta %[1]s.",
+    "repo.pulls.maintainers_can_edit": "Uzturētāji var labot šo izmaiņu pieprasījumu.",
+    "repo.pulls.maintainers_cannot_edit": "Uzturētāji nevar labot šo izmaiņu pieprasījumu.",
+    "pulse.n_active_issues": {
+        "zero": "%s atvērtu pieteikumu",
+        "one": "%s atvērts pieteikums",
+        "other": "%s atvērti pieteikumi"
+    },
+    "pulse.n_active_prs": {
+        "zero": "%s atvērtu izmaiņu pieprasījumu",
+        "one": "%s atvērts izmaiņu pieprasījums",
+        "other": "%s atvērti izmaiņu pieprasījumi"
+    },
+    "mail.issue.action.close_by_commit": "%[1] aizvēra %[2]s iesūtījumā %[3]s.",
+    "migrate.pagure.private_issues.summary": "Privātie pieteikumi (izvēles)",
+    "migrate.pagure.private_issues.description": "Šī iespēja ir izstrādāta, lai izveidotu otrēju glabātavu, kurā arhivēšanas nolūkā atrodas tikai privātie pieteikumi no Pagure projekta. Vispirms jāveic parasta pārcelšana (bez pilnvaras), lai ievietotu visu publisko saturu. Tad, ja ir saglabājami privāti pieteikumi, jāizveido atsevišķa glabātava, izmantojot šo pilnvaras iespēju, lai arhivētu privātos pieteikumus.",
+    "migrate.pagure.private_issues.warning": "Jāpārliecinās, ka glabātavas redzamība augstāk ir iestatīta kā privāta, ja izmanto API atslēgu, lai ievietotu privātos pieteikumus. Tas novērš nejaušu privāta satura atklāšanu publiskā glabātavā.",
+    "migrate.pagure.token.placeholder": "Tikai privātu pieteikumu arhīva izveidošanai",
+    "actions.workflow.job_parsing_error": "Nebija iespējams apstrādāt darbus darbplūsmā: %v",
+    "actions.workflow.event_detection_error": "Nebija iespējams apstrādāt atbalstītos notikumus darbplūsmā: %v",
+    "actions.workflow.pre_execution_error": "Darbplūsma netika izpildīta kļūdas, kura aizturēja izpildes mēģinājumu, dēļ."
 }
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 2eefcd2eef..c1c8ed9635 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s maal runnerladen",
+        "other": "%s maal runnerladen"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "hett %[4]s %[1]d Kommitteren vun <code>%[2]s</code> na <code>%[3]s</code> tosamenföhrt",
         "other": "hett %[4]s %[1]d Kommitterens vun <code>%[2]s</code> na <code>%[3]s</code> tosamenföhrt"
@@ -121,10 +125,8 @@
     "migrate.pagure.description": "Daten vun pagure.io of anner Pagure-Instanzen umtrecken.",
     "migrate.pagure.project_url": "Pagure-Projekt-URL",
     "migrate.pagure.project_example": "De URL vum Projekt up Pagure, to’n Bispööl https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Teken",
-    "migrate.pagure.token_body_b": "Wees wiss, boven the Flagg för een privaates Repo to setten, wenn du willst, dat deeses Repo privaat wesen sall",
+    "migrate.pagure.token_label": "Pagure-API-Teken",
     "migrate.pagure.incorrect_url": "Ungültige Quell-Repositoriums-URL is angeven worden",
-    "migrate.pagure.token_body_a": "Giff een Pagure-API-Teken mit Togang to de privaaten Gefallens an, um een Repositorium mit blots the privaaten Gefallens daarin to maken",
     "migrate.github.description": "Daten vun github.com of eenem GitHub-Enterprise-Server umtrecken.",
     "migrate.git.description": "Een Repositorium blots vun elkeen Git-Deenst umtrecken.",
     "migrate.gitea.description": "Daten vun gitea.com of anner Gitea-Instanzen umtrecken.",
@@ -148,5 +150,23 @@
     "migrate.form.error.url_credentials": "De URL enthollt Anmell-Daten, legg se in de Felden för Brukernaam un Passwoord",
     "actions.runs.viewing_out_of_date_run": "Du bekiekst eenen verollten Loop vun deeser Upgaav, wat %[1]s utföhrt worden is.",
     "actions.runs.view_most_recent_run": "Neeisten Loop ankieken",
-    "actions.runs.run_attempt_label": "Loop-Versöök #%[1]s (%[2]s)"
+    "actions.runs.run_attempt_label": "Loop-Versöök #%[1]s (%[2]s)",
+    "repo.pulls.maintainers_can_edit": "Liddmaten könen deesen Haalvörslag bewarken.",
+    "repo.pulls.maintainers_cannot_edit": "Liddmaten könen deesen Haalvörslag nich bewarken.",
+    "pulse.n_active_issues": {
+        "one": "%s aktiiv Gefall",
+        "other": "%s aktiiv Gefallens"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s aktiiv Haalvörslag",
+        "other": "%s aktiiv Haalvörslagen"
+    },
+    "migrate.pagure.private_issues.summary": "Privaate Gefallens (wenn du willst)",
+    "migrate.pagure.token.placeholder": "Blots, um een Archiv vun privaaten Gefallens to maken",
+    "migrate.pagure.private_issues.description": "Deese Funktioon lett di een twedes Repositorium maken, wat blots privaate Gefallens ut dienem Pagure-Projekt för Archivzwecken enthollt. Maak toeerst eenen normaalen Umtreck (sünner een Teken), um alle publiken Inhollen to importeren. Dann, wenn du privaate Gefallens hest, wat du behollen willst, maak noch een anner Repositorium mit deesem Teken, um deese privaaten Gefallens to archiveren.",
+    "migrate.pagure.private_issues.warning": "Wees wiss, de Sichtbaarkeid vun de Repositorium up Privaat to setten, wenn du de API-Slötel bruukst, um privaate Gefallens to importeren. Dat verhinnert, dat du privaaten Inholl ut Versehn in eenem publiken Repositorium blootmaakst.",
+    "mail.issue.action.close_by_commit": "%[1]s hett %[2]s in Kommitteren %[3]s dichtmaakt.",
+    "actions.workflow.job_parsing_error": "Kann de Upgaven in de Warkwies nich lesen: %v",
+    "actions.workflow.event_detection_error": "Kann de unnerstütt Vörfallen in de Warkwies nich lesen: %v",
+    "actions.workflow.pre_execution_error": "Warkwies is nich utföhrt worden, denn een Fehler is uptreden, wat de Utföhrens-Versöök blockeert hett."
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index 112deb04ab..426d8eb644 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s download",
+        "other": "%s downloads"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "heeft %[1]d commit van <code>%[2]s</code> samengevoegd in <code>%[3]s</code> %[4]s",
         "other": "heeft %[1]d commits van <code>%[2]s</code> samengevoegd in <code>%[3]s</code> %[4]s"
@@ -123,8 +127,6 @@
     "migrate.pagure.project_url": "Pagure-project URL",
     "migrate.pagure.project_example": "De url van het Pagure-project, bijvoorbeeld https://pagure.io/pagure",
     "migrate.pagure.token_label": "Token",
-    "migrate.pagure.token_body_a": "Geef een Pagure API-token met toegang tot de privé-issues om een repository te maken met alleen de privé-issues erin",
-    "migrate.pagure.token_body_b": "Zorg ervoor dat u de vlag voor privé-repository hierboven instelt als u wilt dat deze repository privé is",
     "migrate.github.description": "Migreer gegevens van github.com of GitHub Enterprise server.",
     "migrate.git.description": "Migreer een repositorie van elke Git service.",
     "migrate.gitea.description": "Gegevens overzetten van gitea.com of andere Gitea instanties.",
@@ -146,5 +148,17 @@
     "user.ghost.tooltip": "Deze gebruiker is verwijderd of kan niet worden gevonden.",
     "error.must_enable_2fa": "Deze Forgejo-instantie vereist dat gebruikers tweefactorauthenticatie inschakelen voordat ze toegang krijgen tot hun accounts. Schakel dit in op: %s",
     "migrate.form.error.url_credentials": "De URL bevat inloggegevens. Vul deze in de velden voor gebruikersnaam en wachtwoord respectievelijk",
-    "actions.runs.view_most_recent_run": "Bekijk de meest recente run"
+    "actions.runs.view_most_recent_run": "Bekijk de meest recente run",
+    "actions.runs.run_attempt_label": "Uitvoerpoging #%[1]s (%[2]s)",
+    "actions.runs.viewing_out_of_date_run": "U bekijkt een verouderde uitvoer van deze opdracht die %[1]s is uitgevoerd.",
+    "repo.pulls.maintainers_can_edit": "Maintainers kan deze pull request bewerken.",
+    "repo.pulls.maintainers_cannot_edit": "Maintainers kunnen deze pull request niet bewerken.",
+    "pulse.n_active_issues": {
+        "one": "%s actieve issue",
+        "other": "%s actieve issues"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s actieve pull request",
+        "other": "%s actieve pull requests"
+    }
 }
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index 31ab6d15f3..7845a5e12d 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s pobranie",
+        "many": "%s pobrania"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "scala %[1]d commit z <code>%[2]s</code> do <code>%[3]s</code> %[4]s",
         "few": "scala %[1]d commity z <code>%[2]s</code> do <code>%[3]s</code> %[4]s",
@@ -108,5 +112,17 @@
     "moderation.report_abuse_form.invalid": "Niepoprawne parametry",
     "moderation.submit_report": "Wyślij zgłoszenie",
     "repo.diff.commit.next-short": "Następny",
-    "repo.diff.commit.previous-short": "Poprzedni"
+    "repo.diff.commit.previous-short": "Poprzedni",
+    "pulse.n_active_issues": {
+        "one": "%s aktywne zgłoszenie",
+        "few": "%s aktywne zgłoszenia",
+        "many": ""
+    },
+    "pulse.n_active_prs": {
+        "one": "%s aktywny pull request",
+        "few": "%s aktywne pull requesty",
+        "many": ""
+    },
+    "repo.pulls.maintainers_can_edit": "Opiekunowie mogą edytować ten pull request.",
+    "repo.pulls.maintainers_cannot_edit": "Opiekunowie nie mogą edytować tego pull requestu."
 }
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index 415ed1706d..3106af1471 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -1,4 +1,9 @@
 {
+    "release.n_downloads": {
+        "one": "%s download",
+        "many": "%s downloads",
+        "other": "%s downloads"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "mesclou %[1]d commit de <code>%[2]s</code> em <code>%[3]s</code> %[4]s",
         "many": "mesclou %[1]d de commits de <code>%[2]s</code> em <code>%[3]s</code> %[4]s",
@@ -11,7 +16,7 @@
     },
     "search.milestone_kind": "Pesquisar marcos…",
     "home.welcome.no_activity": "Sem atividade",
-    "home.welcome.activity_hint": "Ainda não tem nada no seu feed. Suas ações e atividade dos seus repositórios vigiados aparecerão aqui.",
+    "home.welcome.activity_hint": "Ainda não tem nada no seu feed. Suas Actions e atividade dos seus repositórios vigiados aparecerão aqui.",
     "home.explore_repos": "Explorar repositórios",
     "home.explore_users": "Explorar usuários",
     "home.explore_orgs": "Explorar organizações",
@@ -125,7 +130,6 @@
     "admin.auths.allow_username_change.description": "Permitir que usuários alterem seus nomes de usuário nas configurações do perfil",
     "repo.commit.load_tags_failed": "Carregamento de etiquetas falhou devido a um erro interno",
     "migrate.pagure.description": "Migre dados do pagure.io ou outras instâncias do Pagure.",
-    "migrate.pagure.token_body_a": "Forneça um token da API Pagure com acesso aos issues privados para criar um repositório com apenas os issues privados nele",
     "migrate.github.description": "Migre dados do servidor github.com ou GitHub Enterprise.",
     "migrate.git.description": "Migrar um repositório somente de qualquer serviço Git.",
     "migrate.gitea.description": "Migrar dados de gitea.com ou de outras instâncias do Gitea.",
@@ -140,8 +144,7 @@
     "migrate.pagure.incorrect_url": "Uma URL incorreta do repositório fonte foi fornecida",
     "migrate.pagure.project_example": "URL do projeto Pagure, por exemplo: https://pagure.io/pagure",
     "migrate.pagure.project_url": "URL do projeto Pagure",
-    "migrate.pagure.token_label": "Token",
-    "migrate.pagure.token_body_b": "Certifique-se de definir o sinalizador de repositório privado acima se você deseja que este repositório seja privado",
+    "migrate.pagure.token_label": "Token de API Pagure",
     "admin.config.global_2fa_requirement.title": "Exigência global de segundo fator",
     "admin.config.global_2fa_requirement.none": "Não",
     "admin.config.global_2fa_requirement.all": "Todos os usuários",
@@ -156,5 +159,25 @@
     "migrate.form.error.url_credentials": "A URL contém credenciais, coloque-as nos campos de usuário e senha respectivamente",
     "actions.runs.viewing_out_of_date_run": "Você está visualizando uma execução desatualizada deste trabalho que foi executada %[1]s.",
     "actions.runs.view_most_recent_run": "Ver execução mais recente",
-    "actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)"
+    "actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
+    "repo.pulls.maintainers_can_edit": "Mantenedores podem editar este pull request.",
+    "repo.pulls.maintainers_cannot_edit": "Mantenedores não podem editar este pull request.",
+    "pulse.n_active_issues": {
+        "one": "%s issue ativa",
+        "many": "%s issues ativas",
+        "other": ""
+    },
+    "pulse.n_active_prs": {
+        "one": "%s pull request ativo",
+        "many": "%s pull requests ativos",
+        "other": "%s pull requests ativos"
+    },
+    "migrate.pagure.private_issues.summary": "Questões Privadas (Opcional)",
+    "migrate.pagure.private_issues.description": "Esta funcionalidade foi projetada para criar um segundo repositório contendo somente questões privadas do seu projeto Pagure para a finalidade de arquivo. Primeiro, faça uma migração normal (sem token) para importar todo o conteúdo público. Depois, se você tem questões privadas que deseja preservar, crie um repositório separado usando esta opção de token para arquivar estas questões privadas.",
+    "migrate.pagure.private_issues.warning": "Certifique-se de definir a visibilidade do repositório acima para Privado se você está usando a chave de API para importar questões privadas. Isso evita expor acidentalmente conteúdo privado em um repositório público.",
+    "migrate.pagure.token.placeholder": "Somente para criar um arquivo de questões privadas",
+    "mail.issue.action.close_by_commit": "%[1]s fechou %[2]s no commit %[3]s.",
+    "actions.workflow.job_parsing_error": "Não foi possível processar alguns trabalhos do workflow: %v",
+    "actions.workflow.event_detection_error": "Não foi possível processar eventos suportados no workflow: %v",
+    "actions.workflow.pre_execution_error": "Workflow não foi executado devido a um erro que bloqueou a tentativa de execução."
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 71444f2e10..715a812079 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -1,4 +1,9 @@
 {
+    "release.n_downloads": {
+        "one": "%s descarga",
+        "many": "%s descargas",
+        "other": "%s descargas"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "integrou %[1]d cometimento do ramo <code>%[2]s</code> no ramo <code>%[3]s</code> %[4]s",
         "many": "integrou %[1]d cometimentos do ramo <code>%[2]s</code> no ramo <code>%[3]s</code> %[4]s",
@@ -140,9 +145,7 @@
     "migrate.pagure.incorrect_url": "Foi fornecida uma URL incorreta do repositório de origem",
     "migrate.pagure.project_url": "URL do projeto Pagure",
     "migrate.pagure.project_example": "URL do projeto Pagure, por exemplo, https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Token",
-    "migrate.pagure.token_body_a": "Forneça um token da API Pagure com acesso às questões privadas para criar um repositório contendo apenas as questões privadas",
-    "migrate.pagure.token_body_b": "Certifique-se de definir o marcador de repositório privado acima se desejar que este repositório seja privado",
+    "migrate.pagure.token_label": "Código da API do Pagure",
     "migrate.github.description": "Migrar dados do github.com ou do GitHub Enterprise server.",
     "migrate.git.description": "Migrar um repositório somente de qualquer serviço Git.",
     "migrate.gitea.description": "Migrar dados de gitea.com ou de outras instâncias do Gitea.",
@@ -156,5 +159,25 @@
     "user.ghost.tooltip": "Este utilizador foi eliminado ou não é possível encontrar uma correspondência.",
     "actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
     "actions.runs.viewing_out_of_date_run": "Está a visualizar uma execução desatualizada deste trabalho que foi executado %[1]s.",
-    "actions.runs.view_most_recent_run": "Ver execução mais recente"
+    "actions.runs.view_most_recent_run": "Ver execução mais recente",
+    "pulse.n_active_issues": {
+        "one": "%s questão vigente",
+        "many": "%s questões vigentes",
+        "other": "%s questões vigentes"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s pedido de integração vigente",
+        "many": "%s pedidos de integração vigentes",
+        "other": "%s pedidos de integração vigentes"
+    },
+    "repo.pulls.maintainers_can_edit": "Os responsáveis podem editar este pedido de integração.",
+    "repo.pulls.maintainers_cannot_edit": "Os responsáveis não podem editar este pedido de integração.",
+    "mail.issue.action.close_by_commit": "%[1]s fechou %[2]s no cometimento %[3]s.",
+    "migrate.pagure.private_issues.summary": "Questões privadas (opcional)",
+    "migrate.pagure.private_issues.description": "Esta funcionalidade está desenhada para criar um segundo repositório contendo apenas questões privadas do seu repositório Pagure para efeitos de arquivo. Primeiro, faça uma migração normal (sem um código) para importar todo o conteúdo público. Depois, se tiver questões privadas a preservar, crie um repositório separado usando esta opção com código para arquivar essas questões privadas.",
+    "migrate.pagure.private_issues.warning": "Certifique-se que passa a visibilidade do repositório para Privado se estiver a usar a chave de API para importar questões privadas. Isso irá evitar que exponha acidentalmente conteúdo privado num repositório público.",
+    "migrate.pagure.token.placeholder": "Somente para criar arquivo com questões privadas",
+    "actions.workflow.job_parsing_error": "Não foi possível analisar os trabalhos na sequência de trabalho: %v",
+    "actions.workflow.event_detection_error": "Não foi possível analisar eventos suportados na sequência de trabalho: %v",
+    "actions.workflow.pre_execution_error": "A sequência de trabalho não foi executada por causa de um erro que bloqueou a tentativa de execução."
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 731ebb4087..71762b6e91 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -1,4 +1,9 @@
 {
+    "release.n_downloads": {
+        "one": "%s скачивание",
+        "few": "%s скачивания",
+        "many": "%s скачиваний"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "слит %[1]d коммит из <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
         "few": "слито %[1]d коммита из <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
@@ -23,7 +28,7 @@
     "alert.asset_load_failed": "Не удалось получить ресурсы из {path}. Убедитесь, что файлы ресурсов доступны.",
     "install.invalid_lfs_path": "Не удалось расположить корень LFS по указанному пути: %[1]s",
     "alert.range_error": " - число должно быть в диапазоне от %[1]s-%[2]s.",
-    "meta.last_line": "This magic string will cause Codeberg Translate to create a new pull request in the Forgejo repository. Test.",
+    "meta.last_line": "This magic string will cause Codeberg Translate to create a new pull request in the Forgejo repository. Again.",
     "mail.actions.not_successful_run_subject": "Провал раб. потока %[1]s в репозитории %[2]s",
     "mail.actions.successful_run_after_failure_subject": "Возобновление раб. потока %[1]s в репозитории %[2]s",
     "mail.actions.run_info_trigger": "Причина срабатывания: %[1]s by: %[2]s",
@@ -140,9 +145,7 @@
     "migrate.pagure.incorrect_url": "Введена неправильная ссылка на источник",
     "migrate.pagure.project_url": "Ссылка проекта на Pagure",
     "migrate.pagure.project_example": "Ссылка проекта. Например, https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Токен",
-    "migrate.pagure.token_body_a": "Если предоставить токен API Pagure с доступом к секретным задачам проекта, будет создан отдельный репозиторий, в котором они будут размещены",
-    "migrate.pagure.token_body_b": "Поставьте флажок на пункте видимости репозитория выше, если хотите, чтобы этот репозиторий был частным",
+    "migrate.pagure.token_label": "Токен API Pagure",
     "migrate.github.description": "Перенести данные с github.com или сервера GitHub Enterprise.",
     "migrate.git.description": "Перенести Git-репозиторий из любого совместимого сервиса.",
     "migrate.gitea.description": "Перенести данные с gitea.com или другого сервера Gitea.",
@@ -156,5 +159,25 @@
     "migrate.form.error.url_credentials": "Ссылка содержит данные авторизации. Поместите их в соответствующие поля",
     "actions.runs.run_attempt_label": "Попытка №%[1]s (%[2]s)",
     "actions.runs.viewing_out_of_date_run": "Это устаревший результат. Задание было выполнено %[1]s.",
-    "actions.runs.view_most_recent_run": "Перейти к актуальному"
+    "actions.runs.view_most_recent_run": "Перейти к актуальному",
+    "repo.pulls.maintainers_can_edit": "Сопровождающие могут вносить правки.",
+    "repo.pulls.maintainers_cannot_edit": "Сопровождающие не могут вносить правки.",
+    "pulse.n_active_issues": {
+        "one": "%s активная задача",
+        "few": "%s активных задачи",
+        "many": "%s активных задач"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s активный запрос слияния",
+        "few": "%s активных запроса слияния",
+        "many": "%s активных запросов слияния"
+    },
+    "migrate.pagure.private_issues.summary": "Скрытые задачи (необязательно)",
+    "migrate.pagure.private_issues.description": "Эта функция позволяет создать дополнительный репозиторий для архивации в нём скрытых задач из вашего проекта Pagure. Сперва выполните нормальный перенос репозитория без токена, чтобы скопировать всё публичное содержимое. Затем, если нужно, выполните ещё один перенос и укажите токен, чтобы разместить скрытые задачи в дополнительном репозитории.",
+    "migrate.pagure.private_issues.warning": "Не забудьте указать видимость репозитория как Частную при переносе скрытых задач, чтобы их никто не увидел.",
+    "migrate.pagure.token.placeholder": "Только для переноса скрытых задач",
+    "mail.issue.action.close_by_commit": "%[1]s закрыл %[2]s из коммита %[2]s.",
+    "actions.workflow.job_parsing_error": "Не удалось прочитать задачи в раб. потоке: %v",
+    "actions.workflow.event_detection_error": "Не удалось прочитать поддерживаемые события в раб. потоке: %v",
+    "actions.workflow.pre_execution_error": "Рабочий поток не был выполнен из-за ошибки, возникшей при попытке начать выполнение."
 }
diff --git a/options/locale_next/locale_si-LK.json b/options/locale_next/locale_si-LK.json
index 15ab8c0108..4748bf6eb5 100644
--- a/options/locale_next/locale_si-LK.json
+++ b/options/locale_next/locale_si-LK.json
@@ -10,5 +10,13 @@
     "migrate.gitlab.description": "gitlab.com හෝ වෙනත් GitLab අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
     "migrate.gogs.description": "notabug.org හෝ වෙනත් Gogs අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
     "migrate.onedev.description": "code.onedev.io හෝ වෙනත් OnedeV අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
-    "migrate.gitbucket.description": "GitBucket අවස්ථා වලින් දත්ත සංක්රමණය කරන්න."
+    "migrate.gitbucket.description": "GitBucket අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
+    "pulse.n_active_issues": {
+        "one": "%s ක්රියාකාරී නිකුතුව",
+        "other": "%s ක්රියාකාරී ගැටළු"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s ක්රියාකාරී අදින්න ඉල්ලීම",
+        "other": "%s ක්රියාකාරී අදින්න ඉල්ලීම්"
+    }
 }
diff --git a/options/locale_next/locale_sk-SK.json b/options/locale_next/locale_sk-SK.json
index f665801786..fc71d1b6fb 100644
--- a/options/locale_next/locale_sk-SK.json
+++ b/options/locale_next/locale_sk-SK.json
@@ -96,7 +96,6 @@
     "moderation.reported_thank_you": "Ďakujeme za Vaše hlásenie. Administrátori boli o ňom informovaný.",
     "admin.dashboard.cleanup_offline_runners": "Vymazať odpojené spúštače",
     "migrate.pagure.project_example": "URL adresa projektu Pagure, napr. https://pagure.io/pagure",
-    "migrate.pagure.token_body_a": "Poskytnite API token rozhrania Pagure s prístupom k súkromným problémom, aby ste vytvorili repozitár, ktorý bude obsahovať iba súkromné problémy",
     "migrate.gitea.description": "Migrovať dáta z gitea.com alebo iných inštancií Gitea.",
     "migrate.gitlab.description": "Migrovať dáta z gitlab.com alebo iných inštancií GitLab.",
     "migrate.gogs.description": "Migrovať dáta z notabug.org alebo iných inštancií Gogs.",
@@ -124,7 +123,6 @@
     "settings.twofa_reenroll.description": "Znovu zaregistrujte Vaše dvojfaktorové overenie",
     "settings.must_enable_2fa": "Táto inštancia Forgejo vyžaduje, aby používatelia povolili dvojfaktorové overenie predtým, ako budú môcť pristupovať k svojim účtom.",
     "error.must_enable_2fa": "Táto inštancia Forgejo vyžaduje, aby používatelia povolili dvojfaktorové overenie predtým, ako budú môcť pristupovať k svojim účtom. Povolíte ho tu: %s",
-    "migrate.pagure.token_body_b": "Ak chcete, aby bol tento repozitár súkromný, nezabudnite vyššie nastaviť príznak súkromného repozitára",
     "meta.last_line": "Ďakujem za preklad Forgejo! Tento riadok používatelia nevidia, ale slúži na iné účely v správe prekladov. Namiesto prekladu môžete do prekladu vložiť zaujímavý fakt.",
     "moderation.abuse_category": "Kategória",
     "warning.repository.out_of_sync": "Databázová reprezentácia tohto repozitára nie je synchronizovaná. Ak sa toto upozornenie zobrazuje aj po odoslaní commitu do tohto repozitára, kontaktujte administrátora.",
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index 1195647bf5..a0344468cb 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -93,7 +93,7 @@
     "moderation.abuse_category.placeholder": "Välj en kategori",
     "moderation.abuse_category.spam": "Skräppost",
     "moderation.abuse_category.malware": "Skadlig kod",
-    "settings.visibility.description": "Profilens synlighet påverkar andras möjlighet att komma åt dina icke-privata förråd. <a href=\"%s\" target=\"_blank\">Läs mer</a>",
+    "settings.visibility.description": "Profilens synlighet påverkar andras möjlighet att komma åt dina icke-privata förråd. <a href=\"%s\" target=\"_blank\">Läs mer</a>.",
     "avatar.constraints_hint": "Anpassade avatarer får inte vara större än %[1] eller %[2]dx%[3] bildpunkter",
     "og.repo.summary_card.alt_description": "Sammanfattningskort för arkivet %[1]s, beskrivet som: %[2]s",
     "profile.actions.tooltip": "Fler åtgärder",
@@ -102,5 +102,71 @@
     "keys.ssh.link": "SSH-nycklar",
     "repo.diff.commit.next-short": "Nästa",
     "repo.diff.commit.previous-short": "Föreg",
-    "feed.atom.link": "Atom-flöde"
+    "feed.atom.link": "Atom-flöde",
+    "repo.pulls.already_merged": "Sammanfogning misslyckades: Denna pulka förfrågning har redan blivit sammanfogad.",
+    "pulse.n_active_issues": {
+        "one": "%s aktivt ärende",
+        "other": "%s aktiva ärenden"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s aktiv pull-förfrågan",
+        "other": "%s aktiva pull-förfrågningar"
+    },
+    "migrate.form.error.url_credentials": "URL:en innehåller inloggningsuppgifter, sätt dem i respektive användarnamn- och lösenordsfält",
+    "migrate.git.description": "Migrera endast utvecklingskatalogen från vilken Git-tjänst som helst.",
+    "migrate.gitea.description": "Migrera data från gitea.com eller andra Gitea-instanser.",
+    "migrate.gitlab.description": "Migrera data från gitlab.com eller annan GitLab-instans.",
+    "migrate.gogs.description": "Migrera data från notabug.org eller annan Gogs-instans.",
+    "migrate.onedev.description": "Migrera data från code.onedev.io eller annan OneDev-instans.",
+    "migrate.gitbucket.description": "Migrera data från GitBucket-instans.",
+    "migrate.codebase.description": "Migrera data från codebasehq.com.",
+    "migrate.forgejo.description": "Migrera data från codeberg.org eller annan Forgejo-instans.",
+    "repo.settings.push_mirror.branch_filter.label": "Grenfilter (frivilligt)",
+    "repo.settings.push_mirror.branch_filter.description": "Grenar att speglas. Lämna tom för att spegla alla grenar. Se <a href=\"%[1]s\">%[2]s dokumentation</a> för syntax. Exempel: <code>main, release/*</code>",
+    "admin.moderation.moderation_reports": "Moderationsrapporter",
+    "admin.moderation.reports": "Rapporter",
+    "admin.moderation.no_open_reports": "Det finns för tillfället inga öppna rapporter.",
+    "mail.actions.run_info_sha": "Commit: %[1]s",
+    "discussion.sidebar.reference": "Referens",
+    "admin.auths.allow_username_change": "Tillåt användarnamnsändring",
+    "admin.auths.allow_username_change.description": "Tillåt användare att ändra sitt användarnamn i profilinställningarna",
+    "admin.dashboard.remove_resolved_reports": "Ta bort lösta rapporter",
+    "admin.config.security": "Säkerhetskonfiguration",
+    "admin.config.global_2fa_requirement.title": "Globalt tvåfaktorskrav",
+    "admin.config.global_2fa_requirement.none": "Nej",
+    "admin.config.global_2fa_requirement.all": "Alla användare",
+    "admin.config.global_2fa_requirement.admin": "Administratörer",
+    "settings.twofa_unroll_unavailable": "Tvåfaktorsautentisering krävs för ditt konto och kan inte inaktiveras.",
+    "settings.must_enable_2fa": "Denna Forgejo-instans kräver användare att aktivera tvåfaktorsautentisering innan de kan komma at deras konto.",
+    "error.must_enable_2fa": "Denna Forgejo-instans kräver användare att aktivera tvåfaktorsautentisering innan de kan komma åt deras konto. Aktivera det på: %s",
+    "repo.commit.load_tags_failed": "Laddning av taggar misslyckades på grund av internt fel",
+    "compare.branches.title": "Jämför grenar",
+    "migrate.pagure.description": "Migrera data från pagure.io eller andra Pagure-instanser.",
+    "migrate.pagure.project_url": "Pagure projekt-URL",
+    "migrate.pagure.project_example": "Pagure-projektets URL, t.ex. https://pagure.io/pagure",
+    "migrate.pagure.token_label": "Pagure API-token",
+    "actions.runs.run_attempt_label": "Kör försök #%[1]s (%[2]s)",
+    "migrate.github.description": "Migrera data från github.com eller GitHub Enterprise server.",
+    "repo.pulls.maintainers_can_edit": "Underhållsansvariga kan redigera denna pull-begäran.",
+    "repo.pulls.maintainers_cannot_edit": "Underhållsansvariga kan inte redigera denna pull-begäran.",
+    "mail.issue.action.close_by_commit": "%[1]s stängde %[2]s i commit %[3]s.",
+    "user.ghost.tooltip": "Denna användare har tagits bort eller kan inte matchas.",
+    "migrate.pagure.private_issues.summary": "Privata ärenden (valfritt)",
+    "release.n_downloads": {
+        "one": "%s nedladdning",
+        "other": "%s nedladdningar"
+    },
+    "actions.runs.view_most_recent_run": "Visa senaste körning",
+    "actions.workflow.job_parsing_error": "Kunde inte tolka jobb i arbetsflöde: %v",
+    "actions.workflow.pre_execution_error": "Arbetsflödet kördes inte på grund av ett fel som blockerade körningsförsöket.",
+    "warning.repository.out_of_sync": "Databasrepresentationen av detta arkiv är inte synkroniserad. Om denna varning fortfarande visas efter att du har skickat en commit till detta arkiv, kontakta administratören.",
+    "admin.moderation.deleted_content_ref": "Rapporterat innehåll med typ %[1]v och id %[2]d finns inte längre",
+    "settings.twofa_reenroll": "Registrera om tvåfaktorsautentisering",
+    "settings.twofa_reenroll.description": "Registrera om din tvåfaktorsautentisering",
+    "migrate.pagure.incorrect_url": "Felaktig URL till källarkivet har angetts",
+    "migrate.pagure.private_issues.description": "Denna funktion är utformad för att skapa ett andra arkiv som endast innehåller privata ärenden från ditt Pagure-projekt för arkiveringsändamål. Utför först en normal migrering (utan token) för att importera allt publika innehåll. Om du har privata ärenden som du vill bevara skapar du sedan ett separat arkiv med hjälp av denna token-option för att arkivera dessa privata ärenden.",
+    "migrate.pagure.private_issues.warning": "Se till att ställa in synligheten för arkivet ovan till Privat om du använder API-nyckeln för att importera privata ärenden. Detta förhindrar att privat innehåll av misstag exponeras i ett publikt arkiv.",
+    "migrate.pagure.token.placeholder": "Endast för att skapa privata ärendearkiv",
+    "actions.runs.viewing_out_of_date_run": "Du tittar på en föråldrad körning av detta jobb som utfördes %[1]s.",
+    "actions.workflow.event_detection_error": "Det går inte att tolka stödda händelser i arbetsflödet: %v"
 }
diff --git a/options/locale_next/locale_pt.json b/options/locale_next/locale_tok.json
similarity index 100%
rename from options/locale_next/locale_pt.json
rename to options/locale_next/locale_tok.json
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index a2734f99ed..e0905a865c 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -10,5 +10,13 @@
     "migrate.gogs.description": "Notabug.org veya diğer Gogs sunucularından veri aktar.",
     "migrate.onedev.description": "Code.onedev.io ve diğer OneDev sunucularından veri aktar.",
     "migrate.gitbucket.description": "GitBucket sunucularından veri aktar.",
-    "migrate.codebase.description": "Codebasehq.com sitesinden veri aktar."
+    "migrate.codebase.description": "Codebasehq.com sitesinden veri aktar.",
+    "pulse.n_active_issues": {
+        "one": "%s Aktif Konu",
+        "other": "%s Aktif Konu"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s Aktif Değişiklik İsteği",
+        "other": "%s Aktif Değişiklik İsteği"
+    }
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index e0f4682076..509985daed 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -1,4 +1,9 @@
 {
+    "release.n_downloads": {
+        "one": "%s завантаження",
+        "few": "%s завантаження",
+        "many": "%s завантажень"
+    },
     "repo.pulls.merged_title_desc": {
         "one": "об'єднує %[1]d коміт з <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
         "few": "об'єднує %[1]d коміти з <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
@@ -127,12 +132,10 @@
     "warning.repository.out_of_sync": "База даних цього репозиторію не синхронізована. Якщо ви знову бачите це попередження після відправлення коміту в цей репозиторій, зверніться до адміністратора.",
     "repo.pulls.already_merged": "Не вдалося об'єднати: цей запит на злиття вже об'єднано.",
     "migrate.pagure.description": "Перенести дані з pagure.io або інших екземплярів Pagure.",
-    "migrate.pagure.token_label": "Токен",
+    "migrate.pagure.token_label": "Токен API Pagure",
     "migrate.pagure.project_url": "URL-адреса проєкту Pagure",
     "migrate.pagure.project_example": "URL-адреса проєкту Pagure, наприклад, https://pagure.io/pagure",
-    "migrate.pagure.token_body_b": "Якщо хочете зробити цей репозиторій приватним, обов'язково встановіть прапорець «Приватний репозиторій» вище",
     "migrate.pagure.incorrect_url": "Вказано неправильну URL-адресу репозиторію-джерела",
-    "migrate.pagure.token_body_a": "Уведіть токен API Pagure з доступом до приватних задач, щоб створити репозиторій, який міститиме лише приватні задачі",
     "migrate.github.description": "Перенести дані з github.com або сервера GitHub Enterprise.",
     "migrate.git.description": "Перенести репозиторій з будь-якої служби Git.",
     "migrate.gitea.description": "Перенести дані з gitea.com та інших екземплярів Gitea.",
@@ -156,5 +159,25 @@
     "migrate.form.error.url_credentials": "URL-адреса містить дані для входу, введіть їх у поля «Ім'я користувача» і «Пароль» відповідно",
     "actions.runs.run_attempt_label": "Спроба запуску №%[1]s (%[2]s)",
     "actions.runs.view_most_recent_run": "Переглянути останній запуск",
-    "actions.runs.viewing_out_of_date_run": "Ви переглядаєте застарілий запуск цього завдання, який було виконано %[1]s."
+    "actions.runs.viewing_out_of_date_run": "Ви переглядаєте застарілий запуск цього завдання, який було виконано %[1]s.",
+    "repo.pulls.maintainers_can_edit": "Супроводжувачі можуть редагувати цей запит на злиття.",
+    "repo.pulls.maintainers_cannot_edit": "Супроводжувачі не можуть редагувати цей запит на злиття.",
+    "pulse.n_active_issues": {
+        "one": "%s активна задача",
+        "few": "%s активних задачі",
+        "many": "%s активних задач"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s активний запит на злиття",
+        "few": "%s активних запити на злиття",
+        "many": "%s активних запитів на злиття"
+    },
+    "migrate.pagure.private_issues.summary": "Приватні задачі (необов'язково)",
+    "migrate.pagure.private_issues.description": "Ця функція дозволяє створити додатковий репозиторій для архівування в ньому приватних задач із вашого проєкту Pagure. Спочатку виконайте звичайну міграцію (без токена), щоб імпортувати весь публічний вміст. Потім, якщо у вас є приватні задачі, які потрібно зберегти, створіть окремий репозиторій, використовуючи токен, щоб архівувати ці приватні задачі.",
+    "migrate.pagure.private_issues.warning": "Обов'язково встановіть видимість репозиторію на «Приватний», якщо використовуєте ключ API для імпорту приватних задач. Це запобігає випадковому розкриттю приватного вмісту в публічному репозиторії.",
+    "migrate.pagure.token.placeholder": "Тільки для створення архіву приватних задач",
+    "mail.issue.action.close_by_commit": "%[1]s закриває %[2]s в коміті %[3]s.",
+    "actions.workflow.job_parsing_error": "Не вдалося розібрати завдання в робочому потоці: %v",
+    "actions.workflow.event_detection_error": "Не вдалося розібрати підтримувані події в робочому потоці: %v",
+    "actions.workflow.pre_execution_error": "Спробу виконання робочого потоку було заблоковано через помилку."
 }
diff --git a/options/locale_next/locale_uz.json b/options/locale_next/locale_uz.json
index 0967ef424b..69da5f01f1 100644
--- a/options/locale_next/locale_uz.json
+++ b/options/locale_next/locale_uz.json
@@ -1 +1,45 @@
-{}
+{
+    "home.explore_repos": "Omborlarni kashf etish",
+    "home.explore_users": "Foydalanuvchilarni kashf etish",
+    "home.explore_orgs": "`tashkilotlarni` kashf etish",
+    "stars.list.none": "Hech kim bu omborga yulduz bosmagan.",
+    "watch.list.none": "Bu ombor hech kimning ko'ruv'ida emas",
+    "followers.incoming.list.self.none": "Hech kim sizning profilingizga tirkalmagan.",
+    "followers.incoming.list.none": "Hech kim bu foydalanuvchiga tirkalmagan.",
+    "followers.outgoing.list.self.none": "Siz hech kimga tirkalmagansiz.",
+    "followers.outgoing.list.none": "%s hech kimga tirkalmagan.",
+    "relativetime.now": "hozir",
+    "relativetime.future": "kelajakda",
+    "relativetime.mins": {
+        "one": "%d daqiqa oldin.",
+        "other": "%d daqiqa oldin."
+    },
+    "relativetime.hours": {
+        "one": "%d soat oldin.",
+        "other": "%d soat oldin."
+    },
+    "relativetime.days": {
+        "one": "%d kun oldin.",
+        "other": "%d kun oldin."
+    },
+    "relativetime.weeks": {
+        "one": "%d hafta oldin.",
+        "other": "%d hafta oldin."
+    },
+    "relativetime.months": {
+        "one": "%d oy oldin.",
+        "other": "%d oy oldin."
+    },
+    "relativetime.years": {
+        "one": "%d yil oldin.",
+        "other": "%d yil oldin."
+    },
+    "relativetime.1day": "kecha",
+    "relativetime.2days": "2 kun oldin",
+    "relativetime.1week": "oxirgi hafta",
+    "relativetime.2weeks": "ikki hafta oldin",
+    "relativetime.1month": "oxirgi oy",
+    "relativetime.2months": "ikki oy oldin",
+    "relativetime.1year": "oxirgi yil",
+    "relativetime.2years": "ikki yil oldin"
+}
diff --git a/options/locale_next/locale_vi.json b/options/locale_next/locale_vi.json
index 01931302ae..24b751d544 100644
--- a/options/locale_next/locale_vi.json
+++ b/options/locale_next/locale_vi.json
@@ -111,7 +111,6 @@
     "migrate.pagure.incorrect_url": "URL kho mã nguồn được cung cấp không chính xác",
     "migrate.pagure.project_url": "URL dự án Pagure",
     "migrate.pagure.project_example": "URL dự án Pagure, vd: https://pagure.io/pagure",
-    "migrate.pagure.token_body_b": "Đảm bảo đặt nhãn kho mã riêng tư ở trên nếu bạn muốn kho mã này trở nên riêng tư",
     "actions.runs.run_attempt_label": "Lần chạy #%[1]s (%[2]s)",
     "actions.runs.viewing_out_of_date_run": "Bạn đang xem một lần chạy lỗi thời của công việc này mà đã chạy %[1]s.",
     "actions.runs.view_most_recent_run": "Xem lần chạy gần đây nhất",
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 638b90427c..3d83d164fc 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -1,4 +1,5 @@
 {
+    "release.n_downloads": "%s 次下载",
     "repo.pulls.merged_title_desc": "于 %[4]s 将 %[1]d 次代码提交从 <code>%[2]s</code> 合并至 <code>%[3]s</code>",
     "repo.pulls.title_desc": "请求将 %[1]d 次代码提交从 <code>%[2]s</code> 合并至 <code id=\"%[4]s\">%[3]s</code>",
     "search.milestone_kind": "搜索里程碑…",
@@ -15,7 +16,7 @@
     "alert.asset_load_failed": "无法从 {path} 加载资源文件。请确保资源文件可被访问。",
     "install.invalid_lfs_path": "无法在指定路径创建 LFS 根目录：%[1]s",
     "alert.range_error": " 必须是一个介于 %[1]s 和 %[2]s 之间的数字。",
-    "meta.last_line": "感谢各位对Forgejo翻译的支持和帮助！不需要翻译这个。",
+    "meta.last_line": "感谢各位对Forgejo翻译的支持和帮助！不需要翻译这个。(三维鱼)。",
     "mail.actions.successful_run_after_failure_subject": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
     "mail.actions.not_successful_run_subject": "仓库 %[2]s 中的工作流 %[1]s 已失败",
     "mail.actions.successful_run_after_failure": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
@@ -116,13 +117,23 @@
     "migrate.pagure.incorrect_url": "提供了错误的源仓库URL",
     "migrate.pagure.project_url": "Pagure 项目 URL",
     "migrate.pagure.project_example": "Pagure 项目 URL，例如：https://pagure.io/pagure",
-    "migrate.pagure.token_label": "令牌",
-    "migrate.pagure.token_body_a": "提供可访问私有议题的 Pagure API 令牌以创建一个只有私有议题的仓库",
-    "migrate.pagure.token_body_b": "如果你希望此仓库为私有，记得选择上面的私有仓库选项！",
+    "migrate.pagure.token_label": "Pagure API 令牌",
     "repo.pulls.already_merged": "合并失败：此合并请求已被合并。",
     "user.ghost.tooltip": "该用户已被删除或无法找到。",
     "migrate.form.error.url_credentials": "URL 包含凭据，请分别将凭据填入用户名和密码字段",
     "actions.runs.view_most_recent_run": "查看最新运行",
     "actions.runs.run_attempt_label": "运行尝试 #%[1]s（%[2]s）",
-    "actions.runs.viewing_out_of_date_run": "您正在查看于 %[1]s 执行的过期运行。"
+    "actions.runs.viewing_out_of_date_run": "您正在查看于 %[1]s 执行的过期运行。",
+    "pulse.n_active_issues": "%s 项活动的议题",
+    "pulse.n_active_prs": "%s 个活跃的合并请求",
+    "repo.pulls.maintainers_can_edit": "维护者可以编辑此合并请求。",
+    "repo.pulls.maintainers_cannot_edit": "维护者无法编辑此合并请求。",
+    "migrate.pagure.private_issues.summary": "私有议题（可选）",
+    "migrate.pagure.private_issues.description": "此功能将创建一个单独的、只包含私有议题的仓库，以供存档。首先，不带令牌进行一次普通迁移以导入公开内容，然后若有需要，填写令牌并再次迁移以创建一个新的仓库并存档私有议题。",
+    "migrate.pagure.private_issues.warning": "请确保在导入私有议题时将仓库可见性设置为私有，以避免意外将私有内容泄漏至公开仓库。",
+    "migrate.pagure.token.placeholder": "仅用于创建私有议题归档",
+    "mail.issue.action.close_by_commit": "%[1]s 于提交 %[3]s 中关闭了 %[2]s。",
+    "actions.workflow.job_parsing_error": "无法解析工作流中的任务：%v",
+    "actions.workflow.event_detection_error": "无法解析工作流中受支持的事件：%v",
+    "actions.workflow.pre_execution_error": "因有错误阻止了执行尝试，工作流未被执行。"
 }
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index 1b6f4d539f..58ecf296ed 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -1,4 +1,8 @@
 {
+    "release.n_downloads": {
+        "one": "%s 次下載",
+        "other": "%s 次下載"
+    },
     "repo.pulls.merged_title_desc": "將 %[1]d 次提交從 <code>%[2]s</code> 合併至 <code>%[3]s</code> %[4]s",
     "repo.pulls.title_desc": "請求將 %[1]d 次程式碼提交從 <code>%[2]s</code> 合併至 <code id=\"%[4]s\">%[3]s</code>",
     "search.milestone_kind": "搜尋里程碑…",
@@ -81,5 +85,13 @@
     "migrate.onedev.description": "從 code.onedev.io 或其他 OneDev 站點遷移資料。",
     "migrate.gitbucket.description": "從 GitBucket 站點遷移資料。",
     "migrate.codebase.description": "從 codebasehq.com 遷移資料。",
-    "migrate.forgejo.description": "從 codeberg.org 或其他 Forgejo 站點遷移資料。"
+    "migrate.forgejo.description": "從 codeberg.org 或其他 Forgejo 站點遷移資料。",
+    "pulse.n_active_issues": {
+        "one": "%s 個問題",
+        "other": "%s 個問題"
+    },
+    "pulse.n_active_prs": {
+        "one": "%s 個合併請求",
+        "other": "%s 個合併請求"
+    }
 }
diff --git a/package-lock.json b/package-lock.json
index 4fd3990eb4..e6f26f6110 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,8 +16,8 @@
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
-        "asciinema-player": "3.8.2",
-        "chart.js": "4.5.0",
+        "asciinema-player": "3.12.1",
+        "chart.js": "4.5.1",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
         "clippie": "4.1.7",
@@ -25,18 +25,18 @@
         "dayjs": "1.11.18",
         "dropzone": "6.0.0-beta.2",
         "easymde": "2.18.0",
-        "esbuild-loader": "4.3.0",
+        "esbuild-loader": "4.4.0",
         "escape-goat": "4.0.0",
         "fast-glob": "3.3.3",
         "htmx.org": "2.0.7",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
-        "katex": "0.16.22",
+        "katex": "0.16.24",
         "mermaid": "11.12.0",
         "mini-css-extract-plugin": "2.9.3",
         "minimatch": "10.0.3",
         "monaco-editor": "0.52.2",
-        "monaco-editor-webpack-plugin": "7.1.0",
+        "monaco-editor-webpack-plugin": "7.1.1",
         "pdfobject": "2.3.0",
         "postcss": "8.5.6",
         "postcss-loader": "8.2.0",
@@ -44,7 +44,7 @@
         "pretty-ms": "9.0.0",
         "sortablejs": "1.15.6",
         "swagger-ui-dist": "5.17.14",
-        "tailwindcss": "3.4.17",
+        "tailwindcss": "3.4.18",
         "throttle-debounce": "5.0.0",
         "tinycolor2": "1.6.0",
         "tippy.js": "6.3.7",
@@ -56,49 +56,49 @@
         "vue-chartjs": "5.3.1",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.101.3",
+        "webpack": "5.102.1",
         "webpack-cli": "6.0.1",
         "wrap-ansi": "9.0.2"
       },
       "devDependencies": {
         "@axe-core/playwright": "4.10.2",
         "@eslint-community/eslint-plugin-eslint-comments": "4.5.0",
-        "@playwright/test": "1.55.0",
+        "@playwright/test": "1.56.0",
         "@stoplight/spectral-cli": "6.15.0",
-        "@stylistic/eslint-plugin": "5.2.3",
+        "@stylistic/eslint-plugin": "5.4.0",
         "@stylistic/stylelint-plugin": "4.0.0",
         "@vitejs/plugin-vue": "6.0.1",
         "@vitest/coverage-v8": "3.2.4",
-        "@vitest/eslint-plugin": "1.3.4",
+        "@vitest/eslint-plugin": "1.3.16",
         "@vue/test-utils": "2.4.6",
-        "eslint": "9.33.0",
+        "eslint": "9.37.0",
         "eslint-import-resolver-typescript": "4.4.4",
-        "eslint-plugin-array-func": "5.0.2",
+        "eslint-plugin-array-func": "5.1.0",
         "eslint-plugin-import-x": "4.16.1",
         "eslint-plugin-no-jquery": "3.1.1",
         "eslint-plugin-no-use-extend-native": "0.7.2",
         "eslint-plugin-playwright": "2.2.2",
         "eslint-plugin-regexp": "2.10.0",
-        "eslint-plugin-sonarjs": "3.0.4",
+        "eslint-plugin-sonarjs": "3.0.5",
         "eslint-plugin-toml": "0.12.0",
-        "eslint-plugin-unicorn": "61.0.1",
+        "eslint-plugin-unicorn": "61.0.2",
         "eslint-plugin-vitest-globals": "1.5.0",
-        "eslint-plugin-vue": "10.4.0",
-        "eslint-plugin-vue-scoped-css": "2.11.0",
-        "eslint-plugin-wc": "3.0.1",
+        "eslint-plugin-vue": "10.5.1",
+        "eslint-plugin-vue-scoped-css": "2.12.0",
+        "eslint-plugin-wc": "3.0.2",
         "globals": "16.4.0",
-        "happy-dom": "18.0.1",
+        "happy-dom": "20.0.1",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.45.0",
         "postcss-html": "1.8.0",
         "sharp": "0.34.4",
-        "stylelint": "16.23.1",
+        "stylelint": "16.25.0",
         "stylelint-declaration-block-no-ignored-properties": "2.8.0",
         "stylelint-declaration-strict-value": "1.10.11",
         "stylelint-value-no-unknown-custom-properties": "6.0.1",
         "svgo": "4.0.0",
-        "typescript": "5.8.3",
-        "typescript-eslint": "8.39.0",
+        "typescript": "5.9.3",
+        "typescript-eslint": "8.46.1",
         "vite-string-plugin": "1.4.6",
         "vitest": "3.2.4"
       },
@@ -146,9 +146,9 @@
       }
     },
     "node_modules/@antfu/utils": {
-      "version": "9.2.1",
-      "resolved": "https://registry.npmjs.org/@antfu/utils/-/utils-9.2.1.tgz",
-      "integrity": "sha512-TMilPqXyii1AsiEii6l6ubRzbo76p6oshUSYPaKsmXDavyMLqjzVDkcp3pHp5ELMUNJHATcEOGxKTTsX9yYhGg==",
+      "version": "9.3.0",
+      "resolved": "https://registry.npmjs.org/@antfu/utils/-/utils-9.3.0.tgz",
+      "integrity": "sha512-9hFT4RauhcUzqOE4f1+frMKLZrgNog5b06I7VmZQV1BkvwvqrbC8EBZf3L1eEL2AKb6rNKjER0sEvJiSP1FXEA==",
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/antfu"
@@ -269,33 +269,33 @@
       "license": "MIT"
     },
     "node_modules/@cacheable/memoize": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/@cacheable/memoize/-/memoize-2.0.1.tgz",
-      "integrity": "sha512-WBLH37SynkCa39S6IrTSMQF3Wdv4/51WxuU5TuCNEqZcLgLGHme8NUxRTcDIO8ZZFXlslWbh9BD3DllixgPg6Q==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/@cacheable/memoize/-/memoize-2.0.3.tgz",
+      "integrity": "sha512-hl9wfQgpiydhQEIv7fkjEzTGE+tcosCXLKFDO707wYJ/78FVOlowb36djex5GdbSyeHnG62pomYLMuV/OT8Pbw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@cacheable/utils": "^2.0.1"
+        "@cacheable/utils": "^2.0.3"
       }
     },
     "node_modules/@cacheable/memory": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/@cacheable/memory/-/memory-2.0.1.tgz",
-      "integrity": "sha512-Ufc7iQnRKFC8gjZVGOTOsMwM/vZtmsw3LafvctVXPm835ElgK3DpMe1U5i9sd6OieSkyJhXbAT2Q2FosXBBbAQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/@cacheable/memory/-/memory-2.0.3.tgz",
+      "integrity": "sha512-R3UKy/CKOyb1LZG/VRCTMcpiMDyLH7SH3JrraRdK6kf3GweWCOU3sgvE13W3TiDRbxnDKylzKJvhUAvWl9LQOA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@cacheable/memoize": "^2.0.1",
-        "@cacheable/utils": "^2.0.1",
-        "@keyv/bigmap": "^1.0.0",
-        "hookified": "^1.12.0",
-        "keyv": "^5.5.1"
+        "@cacheable/memoize": "^2.0.3",
+        "@cacheable/utils": "^2.0.3",
+        "@keyv/bigmap": "^1.0.2",
+        "hookified": "^1.12.1",
+        "keyv": "^5.5.3"
       }
     },
     "node_modules/@cacheable/memory/node_modules/keyv": {
-      "version": "5.5.2",
-      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.5.2.tgz",
-      "integrity": "sha512-TXcFHbmm/z7MGd1u9ASiCSfTS+ei6Z8B3a5JHzx3oPa/o7QzWVtPRpc4KGER5RR469IC+/nfg4U5YLIuDUua2g==",
+      "version": "5.5.3",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.5.3.tgz",
+      "integrity": "sha512-h0Un1ieD+HUrzBH6dJXhod3ifSghk5Hw/2Y4/KHBziPlZecrFyE9YOTPU6eOs0V9pYl8gOs86fkr/KN8lUX39A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -303,11 +303,24 @@
       }
     },
     "node_modules/@cacheable/utils": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/@cacheable/utils/-/utils-2.0.1.tgz",
-      "integrity": "sha512-sxHjO6wKn4/0wHCFYbh6tljj+ciP9BKgyBi09NLsor3sN+nu/Rt3FwLw6bYp7bp8usHpmcwUozrB/u4RuSw/eg==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/@cacheable/utils/-/utils-2.1.0.tgz",
+      "integrity": "sha512-ZdxfOiaarMqMj+H7qwlt5EBKWaeGihSYVHdQv5lUsbn8MJJOTW82OIwirQ39U5tMZkNvy3bQE+ryzC+xTAb9/g==",
       "dev": true,
-      "license": "MIT"
+      "license": "MIT",
+      "dependencies": {
+        "keyv": "^5.5.3"
+      }
+    },
+    "node_modules/@cacheable/utils/node_modules/keyv": {
+      "version": "5.5.3",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.5.3.tgz",
+      "integrity": "sha512-h0Un1ieD+HUrzBH6dJXhod3ifSghk5Hw/2Y4/KHBziPlZecrFyE9YOTPU6eOs0V9pYl8gOs86fkr/KN8lUX39A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@keyv/serialize": "^1.1.1"
+      }
     },
     "node_modules/@chevrotain/cst-dts-gen": {
       "version": "11.0.3",
@@ -1150,19 +1163,22 @@
       }
     },
     "node_modules/@eslint/config-helpers": {
-      "version": "0.3.1",
-      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.3.1.tgz",
-      "integrity": "sha512-xR93k9WhrDYpXHORXpxVL5oHj3Era7wo6k/Wd8/IsQNnZUTzkGS29lyn3nAT05v6ltUuTFVCCYDEGfy2Or/sPA==",
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.0.tgz",
+      "integrity": "sha512-WUFvV4WoIwW8Bv0KeKCIIEgdSiFOsulyN0xrMu+7z43q/hkOLXjvb5u7UC9jDxvRzcrbEmuZBX5yJZz1741jog==",
       "dev": true,
       "license": "Apache-2.0",
+      "dependencies": {
+        "@eslint/core": "^0.16.0"
+      },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       }
     },
     "node_modules/@eslint/core": {
-      "version": "0.15.2",
-      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.15.2.tgz",
-      "integrity": "sha512-78Md3/Rrxh83gCxoUc0EiciuOHsIITzLy53m3d9UyiW8y9Dj2D29FeETqyKA+BRK76tnTp6RXWb3pCay8Oyomg==",
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.16.0.tgz",
+      "integrity": "sha512-nmC8/totwobIiFcGkDza3GIKfAw1+hLiYVrh3I1nIomQ8PEr5cxg34jnkmGawul/ep52wGRAcyeDCNtWKSOj4Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -1247,9 +1263,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.33.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.33.0.tgz",
-      "integrity": "sha512-5K1/mKhWaMfreBGJTwval43JJmkip0RmM+3+IuqupeSKNC/Th2Kc7ucaq5ovTSra/OOKB9c58CGSz3QMVbWt0A==",
+      "version": "9.37.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz",
+      "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1270,13 +1286,13 @@
       }
     },
     "node_modules/@eslint/plugin-kit": {
-      "version": "0.3.5",
-      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.5.tgz",
-      "integrity": "sha512-Z5kJ+wU3oA7MMIqVR9tyZRtjYPr4OC004Q4Rw7pgOKUOKkJfZ3O24nz3WYfGRpMDNmcOi3TwQOmgm7B7Tpii0w==",
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.4.0.tgz",
+      "integrity": "sha512-sB5uyeq+dwCWyPi31B2gQlVlo+j5brPlWx4yZBrEaRo/nhdDE8Xke1gsGgtiBdaBTxuTkceLVuVt/pclrasb0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@eslint/core": "^0.15.2",
+        "@eslint/core": "^0.16.0",
         "levn": "^0.4.1"
       },
       "engines": {
@@ -2075,9 +2091,9 @@
       }
     },
     "node_modules/@keyv/bigmap": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/@keyv/bigmap/-/bigmap-1.0.2.tgz",
-      "integrity": "sha512-KR03xkEZlAZNF4IxXgVXb+uNIVNvwdh8UwI0cnc7WI6a+aQcDp8GL80qVfeB4E5NpsKJzou5jU0r6yLSSbMOtA==",
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@keyv/bigmap/-/bigmap-1.0.3.tgz",
+      "integrity": "sha512-jUEkNlnE9tYzX2AIBeoSe1gVUvSOfIOQ5EFPL5Un8cFHGvjD9L/fxpxlS1tEivRLHgapO2RZJ3D93HYAa049pg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2167,9 +2183,9 @@
       }
     },
     "node_modules/@mermaid-js/parser": {
-      "version": "0.6.2",
-      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-0.6.2.tgz",
-      "integrity": "sha512-+PO02uGF6L6Cs0Bw8RpGhikVvMWEysfAyl27qTlroUB8jSWr1lL0Sf6zi78ZxlSnmgSY2AMMKVgghnN9jTtwkQ==",
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-0.6.3.tgz",
+      "integrity": "sha512-lnjOhe7zyHjc+If7yT4zoedx2vo4sHaTmtkl1+or8BRTnCtDmcTpAjpzDSfCZrshM5bCoz0GyidzadJAH1xobA==",
       "license": "MIT",
       "dependencies": {
         "langium": "3.3.1"
@@ -2266,13 +2282,13 @@
       }
     },
     "node_modules/@playwright/test": {
-      "version": "1.55.0",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.55.0.tgz",
-      "integrity": "sha512-04IXzPwHrW69XusN/SIdDdKZBzMfOT9UNT/YiJit/xpy2VuAoB8NHc8Aplb96zsWDddLnbkPL3TsmrS04ZU2xQ==",
+      "version": "1.56.0",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.56.0.tgz",
+      "integrity": "sha512-Tzh95Twig7hUwwNe381/K3PggZBZblKUe2wv25oIpzWLr6Z0m4KgV1ZVIjnR6GM9ANEqjZD7XsZEa6JL/7YEgg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright": "1.55.0"
+        "playwright": "1.56.0"
       },
       "bin": {
         "playwright": "cli.js"
@@ -2355,9 +2371,9 @@
       "license": "MIT"
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.52.0.tgz",
-      "integrity": "sha512-VxDYCDqOaR7NXzAtvRx7G1u54d2kEHopb28YH/pKzY6y0qmogP3gG7CSiWsq9WvDFxOQMpNEyjVAHZFXfH3o/A==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.52.4.tgz",
+      "integrity": "sha512-BTm2qKNnWIQ5auf4deoetINJm2JzvihvGb9R6K/ETwKLql/Bb3Eg2H1FBp1gUb4YGbydMA3jcmQTR73q7J+GAA==",
       "cpu": [
         "arm"
       ],
@@ -2369,9 +2385,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.52.0.tgz",
-      "integrity": "sha512-pqDirm8koABIKvzL59YI9W9DWbRlTX7RWhN+auR8HXJxo89m4mjqbah7nJZjeKNTNYopqL+yGg+0mhCpf3xZtQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.52.4.tgz",
+      "integrity": "sha512-P9LDQiC5vpgGFgz7GSM6dKPCiqR3XYN1WwJKA4/BUVDjHpYsf3iBEmVz62uyq20NGYbiGPR5cNHI7T1HqxNs2w==",
       "cpu": [
         "arm64"
       ],
@@ -2383,9 +2399,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.52.0.tgz",
-      "integrity": "sha512-YCdWlY/8ltN6H78HnMsRHYlPiKvqKagBP1r+D7SSylxX+HnsgXGCmLiV3Y4nSyY9hW8qr8U9LDUx/Lo7M6MfmQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.52.4.tgz",
+      "integrity": "sha512-QRWSW+bVccAvZF6cbNZBJwAehmvG9NwfWHwMy4GbWi/BQIA/laTIktebT2ipVjNncqE6GLPxOok5hsECgAxGZg==",
       "cpu": [
         "arm64"
       ],
@@ -2397,9 +2413,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.52.0.tgz",
-      "integrity": "sha512-z4nw6y1j+OOSGzuVbSWdIp1IUks9qNw4dc7z7lWuWDKojY38VMWBlEN7F9jk5UXOkUcp97vA1N213DF+Lz8BRg==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.52.4.tgz",
+      "integrity": "sha512-hZgP05pResAkRJxL1b+7yxCnXPGsXU0fG9Yfd6dUaoGk+FhdPKCJ5L1Sumyxn8kvw8Qi5PvQ8ulenUbRjzeCTw==",
       "cpu": [
         "x64"
       ],
@@ -2411,9 +2427,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.52.0.tgz",
-      "integrity": "sha512-Q/dv9Yvyr5rKlK8WQJZVrp5g2SOYeZUs9u/t2f9cQ2E0gJjYB/BWoedXfUT0EcDJefi2zzVfhcOj8drWCzTviw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.52.4.tgz",
+      "integrity": "sha512-xmc30VshuBNUd58Xk4TKAEcRZHaXlV+tCxIXELiE9sQuK3kG8ZFgSPi57UBJt8/ogfhAF5Oz4ZSUBN77weM+mQ==",
       "cpu": [
         "arm64"
       ],
@@ -2425,9 +2441,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.52.0.tgz",
-      "integrity": "sha512-kdBsLs4Uile/fbjZVvCRcKB4q64R+1mUq0Yd7oU1CMm1Av336ajIFqNFovByipciuUQjBCPMxwJhCgfG2re3rg==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.52.4.tgz",
+      "integrity": "sha512-WdSLpZFjOEqNZGmHflxyifolwAiZmDQzuOzIq9L27ButpCVpD7KzTRtEG1I0wMPFyiyUdOO+4t8GvrnBLQSwpw==",
       "cpu": [
         "x64"
       ],
@@ -2439,9 +2455,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.52.0.tgz",
-      "integrity": "sha512-aL6hRwu0k7MTUESgkg7QHY6CoqPgr6gdQXRJI1/VbFlUMwsSzPGSR7sG5d+MCbYnJmJwThc2ol3nixj1fvI/zQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.52.4.tgz",
+      "integrity": "sha512-xRiOu9Of1FZ4SxVbB0iEDXc4ddIcjCv2aj03dmW8UrZIW7aIQ9jVJdLBIhxBI+MaTnGAKyvMwPwQnoOEvP7FgQ==",
       "cpu": [
         "arm"
       ],
@@ -2453,9 +2469,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.52.0.tgz",
-      "integrity": "sha512-BTs0M5s1EJejgIBJhCeiFo7GZZ2IXWkFGcyZhxX4+8usnIo5Mti57108vjXFIQmmJaRyDwmV59Tw64Ap1dkwMw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.52.4.tgz",
+      "integrity": "sha512-FbhM2p9TJAmEIEhIgzR4soUcsW49e9veAQCziwbR+XWB2zqJ12b4i/+hel9yLiD8pLncDH4fKIPIbt5238341Q==",
       "cpu": [
         "arm"
       ],
@@ -2467,9 +2483,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.52.0.tgz",
-      "integrity": "sha512-uj672IVOU9m08DBGvoPKPi/J8jlVgjh12C9GmjjBxCTQc3XtVmRkRKyeHSmIKQpvJ7fIm1EJieBUcnGSzDVFyw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.52.4.tgz",
+      "integrity": "sha512-4n4gVwhPHR9q/g8lKCyz0yuaD0MvDf7dV4f9tHt0C73Mp8h38UCtSCSE6R9iBlTbXlmA8CjpsZoujhszefqueg==",
       "cpu": [
         "arm64"
       ],
@@ -2481,9 +2497,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.52.0.tgz",
-      "integrity": "sha512-/+IVbeDMDCtB/HP/wiWsSzduD10SEGzIZX2945KSgZRNi4TSkjHqRJtNTVtVb8IRwhJ65ssI56krlLik+zFWkw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.52.4.tgz",
+      "integrity": "sha512-u0n17nGA0nvi/11gcZKsjkLj1QIpAuPFQbR48Subo7SmZJnGxDpspyw2kbpuoQnyK+9pwf3pAoEXerJs/8Mi9g==",
       "cpu": [
         "arm64"
       ],
@@ -2495,9 +2511,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-loong64-gnu": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.52.0.tgz",
-      "integrity": "sha512-U1vVzvSWtSMWKKrGoROPBXMh3Vwn93TA9V35PldokHGqiUbF6erSzox/5qrSMKp6SzakvyjcPiVF8yB1xKr9Pg==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.52.4.tgz",
+      "integrity": "sha512-0G2c2lpYtbTuXo8KEJkDkClE/+/2AFPdPAbmaHoE870foRFs4pBrDehilMcrSScrN/fB/1HTaWO4bqw+ewBzMQ==",
       "cpu": [
         "loong64"
       ],
@@ -2509,9 +2525,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.52.0.tgz",
-      "integrity": "sha512-X/4WfuBAdQRH8cK3DYl8zC00XEE6aM472W+QCycpQJeLWVnHfkv7RyBFVaTqNUMsTgIX8ihMjCvFF9OUgeABzw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.52.4.tgz",
+      "integrity": "sha512-teSACug1GyZHmPDv14VNbvZFX779UqWTsd7KtTM9JIZRDI5NUwYSIS30kzI8m06gOPB//jtpqlhmraQ68b5X2g==",
       "cpu": [
         "ppc64"
       ],
@@ -2523,9 +2539,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.52.0.tgz",
-      "integrity": "sha512-xIRYc58HfWDBZoLmWfWXg2Sq8VCa2iJ32B7mqfWnkx5mekekl0tMe7FHpY8I72RXEcUkaWawRvl3qA55og+cwQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.52.4.tgz",
+      "integrity": "sha512-/MOEW3aHjjs1p4Pw1Xk4+3egRevx8Ji9N6HUIA1Ifh8Q+cg9dremvFCUbOX2Zebz80BwJIgCBUemjqhU5XI5Eg==",
       "cpu": [
         "riscv64"
       ],
@@ -2537,9 +2553,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.52.0.tgz",
-      "integrity": "sha512-mbsoUey05WJIOz8U1WzNdf+6UMYGwE3fZZnQqsM22FZ3wh1N887HT6jAOjXs6CNEK3Ntu2OBsyQDXfIjouI4dw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.52.4.tgz",
+      "integrity": "sha512-1HHmsRyh845QDpEWzOFtMCph5Ts+9+yllCrREuBR/vg2RogAQGGBRC8lDPrPOMnrdOJ+mt1WLMOC2Kao/UwcvA==",
       "cpu": [
         "riscv64"
       ],
@@ -2551,9 +2567,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.52.0.tgz",
-      "integrity": "sha512-qP6aP970bucEi5KKKR4AuPFd8aTx9EF6BvutvYxmZuWLJHmnq4LvBfp0U+yFDMGwJ+AIJEH5sIP+SNypauMWzg==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.52.4.tgz",
+      "integrity": "sha512-seoeZp4L/6D1MUyjWkOMRU6/iLmCU2EjbMTyAG4oIOs1/I82Y5lTeaxW0KBfkUdHAWN7j25bpkt0rjnOgAcQcA==",
       "cpu": [
         "s390x"
       ],
@@ -2565,9 +2581,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.52.0.tgz",
-      "integrity": "sha512-nmSVN+F2i1yKZ7rJNKO3G7ZzmxJgoQBQZ/6c4MuS553Grmr7WqR7LLDcYG53Z2m9409z3JLt4sCOhLdbKQ3HmA==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.52.4.tgz",
+      "integrity": "sha512-Wi6AXf0k0L7E2gteNsNHUs7UMwCIhsCTs6+tqQ5GPwVRWMaflqGec4Sd8n6+FNFDw9vGcReqk2KzBDhCa1DLYg==",
       "cpu": [
         "x64"
       ],
@@ -2579,9 +2595,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.52.0.tgz",
-      "integrity": "sha512-2d0qRo33G6TfQVjaMR71P+yJVGODrt5V6+T0BDYH4EMfGgdC/2HWDVjSSFw888GSzAZUwuska3+zxNUCDco6rQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.52.4.tgz",
+      "integrity": "sha512-dtBZYjDmCQ9hW+WgEkaffvRRCKm767wWhxsFW3Lw86VXz/uJRuD438/XvbZT//B96Vs8oTA8Q4A0AfHbrxP9zw==",
       "cpu": [
         "x64"
       ],
@@ -2593,9 +2609,9 @@
       ]
     },
     "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.52.0.tgz",
-      "integrity": "sha512-A1JalX4MOaFAAyGgpO7XP5khquv/7xKzLIyLmhNrbiCxWpMlnsTYr8dnsWM7sEeotNmxvSOEL7F65j0HXFcFsw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.52.4.tgz",
+      "integrity": "sha512-1ox+GqgRWqaB1RnyZXL8PD6E5f7YyRUJYnCqKpNzxzP0TkaUh112NDrR9Tt+C8rJ4x5G9Mk8PQR3o7Ku2RKqKA==",
       "cpu": [
         "arm64"
       ],
@@ -2607,9 +2623,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.52.0.tgz",
-      "integrity": "sha512-YQugafP/rH0eOOHGjmNgDURrpYHrIX0yuojOI8bwCyXwxC9ZdTd3vYkmddPX0oHONLXu9Rb1dDmT0VNpjkzGGw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.52.4.tgz",
+      "integrity": "sha512-8GKr640PdFNXwzIE0IrkMWUNUomILLkfeHjXBi/nUvFlpZP+FA8BKGKpacjW6OUUHaNI6sUURxR2U2g78FOHWQ==",
       "cpu": [
         "arm64"
       ],
@@ -2621,9 +2637,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.52.0.tgz",
-      "integrity": "sha512-zYdUYhi3Qe2fndujBqL5FjAFzvNeLxtIqfzNEVKD1I7C37/chv1VxhscWSQHTNfjPCrBFQMnynwA3kpZpZ8w4A==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.52.4.tgz",
+      "integrity": "sha512-AIy/jdJ7WtJ/F6EcfOb2GjR9UweO0n43jNObQMb6oGxkYTfLcnN7vYYpG+CN3lLxrQkzWnMOoNSHTW54pgbVxw==",
       "cpu": [
         "ia32"
       ],
@@ -2635,9 +2651,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-gnu": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.52.0.tgz",
-      "integrity": "sha512-fGk03kQylNaCOQ96HDMeT7E2n91EqvCDd3RwvT5k+xNdFCeMGnj5b5hEgTGrQuyidqSsD3zJDQ21QIaxXqTBJw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.52.4.tgz",
+      "integrity": "sha512-UF9KfsH9yEam0UjTwAgdK0anlQ7c8/pWPU2yVjyWcF1I1thABt6WXE47cI71pGiZ8wGvxohBoLnxM04L/wj8mQ==",
       "cpu": [
         "x64"
       ],
@@ -2649,9 +2665,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.52.0.tgz",
-      "integrity": "sha512-6iKDCVSIUQ8jPMoIV0OytRKniaYyy5EbY/RRydmLW8ZR3cEBhxbWl5ro0rkUNe0ef6sScvhbY79HrjRm8i3vDQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.52.4.tgz",
+      "integrity": "sha512-bf9PtUa0u8IXDVxzRToFQKsNCRz9qLYfR/MpECxl4mRoWYjAeFjgxj1XdZr2M/GNVpT05p+LgQOHopYDlUu6/w==",
       "cpu": [
         "x64"
       ],
@@ -2662,6 +2678,36 @@
         "win32"
       ]
     },
+    "node_modules/@solid-primitives/refs": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@solid-primitives/refs/-/refs-1.1.2.tgz",
+      "integrity": "sha512-K7tf2thy7L+YJjdqXspXOg5xvNEOH8tgEWsp0+1mQk3obHBRD6hEjYZk7p7FlJphSZImS35je3UfmWuD7MhDfg==",
+      "license": "MIT",
+      "dependencies": {
+        "@solid-primitives/utils": "^6.3.2"
+      },
+      "peerDependencies": {
+        "solid-js": "^1.6.12"
+      }
+    },
+    "node_modules/@solid-primitives/transition-group": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@solid-primitives/transition-group/-/transition-group-1.1.2.tgz",
+      "integrity": "sha512-gnHS0OmcdjeoHN9n7Khu8KNrOlRc8a2weETDt2YT6o1zeW/XtUC6Db3Q9pkMU/9cCKdEmN4b0a/41MKAHRhzWA==",
+      "license": "MIT",
+      "peerDependencies": {
+        "solid-js": "^1.6.12"
+      }
+    },
+    "node_modules/@solid-primitives/utils": {
+      "version": "6.3.2",
+      "resolved": "https://registry.npmjs.org/@solid-primitives/utils/-/utils-6.3.2.tgz",
+      "integrity": "sha512-hZ/M/qr25QOCcwDPOHtGjxTD8w2mNyVAYvcfgwzBHq2RwNqHNdDNsMZYap20+ruRwW4A3Cdkczyoz0TSxLCAPQ==",
+      "license": "MIT",
+      "peerDependencies": {
+        "solid-js": "^1.6.12"
+      }
+    },
     "node_modules/@stoplight/better-ajv-errors": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/@stoplight/better-ajv-errors/-/better-ajv-errors-1.0.3.tgz",
@@ -3170,14 +3216,14 @@
       }
     },
     "node_modules/@stylistic/eslint-plugin": {
-      "version": "5.2.3",
-      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-5.2.3.tgz",
-      "integrity": "sha512-oY7GVkJGVMI5benlBDCaRrSC1qPasafyv5dOBLLv5MTilMGnErKhO6ziEfodDDIZbo5QxPUNW360VudJOFODMw==",
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-5.4.0.tgz",
+      "integrity": "sha512-UG8hdElzuBDzIbjG1QDwnYH0MQ73YLXDFHgZzB4Zh/YJfnw8XNsloVtytqzx0I2Qky9THSdpTmi8Vjn/pf/Lew==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/types": "^8.38.0",
+        "@eslint-community/eslint-utils": "^4.9.0",
+        "@typescript-eslint/types": "^8.44.0",
         "eslint-visitor-keys": "^4.2.1",
         "espree": "^10.4.0",
         "estraverse": "^5.3.0",
@@ -3613,9 +3659,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "20.19.17",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.17.tgz",
-      "integrity": "sha512-gfehUI8N1z92kygssiuWvLiwcbOB3IRktR6hTDgJlXMYh5OvkPSRmgfoBUmfZt+vhwJtX7v1Yw4KvvAf7c5QKQ==",
+      "version": "20.19.21",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.21.tgz",
+      "integrity": "sha512-CsGG2P3I5y48RPMfprQGfy4JPRZ6csfC3ltBZSRItG3ngggmNY/qs2uZKp4p9VbrpqNNSMzUZNFZKzgOGnd/VA==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~6.21.0"
@@ -3665,17 +3711,17 @@
       "license": "MIT"
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.39.0.tgz",
-      "integrity": "sha512-bhEz6OZeUR+O/6yx9Jk6ohX6H9JSFTaiY0v9/PuKT3oGK0rn0jNplLmyFUGV+a9gfYnVNwGDwS/UkLIuXNb2Rw==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.1.tgz",
+      "integrity": "sha512-rUsLh8PXmBjdiPY+Emjz9NX2yHvhS11v0SR6xNJkm5GM1MO9ea/1GoDKlHHZGrOJclL/cZ2i/vRUYVtjRhrHVQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.39.0",
-        "@typescript-eslint/type-utils": "8.39.0",
-        "@typescript-eslint/utils": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0",
+        "@typescript-eslint/scope-manager": "8.46.1",
+        "@typescript-eslint/type-utils": "8.46.1",
+        "@typescript-eslint/utils": "8.46.1",
+        "@typescript-eslint/visitor-keys": "8.46.1",
         "graphemer": "^1.4.0",
         "ignore": "^7.0.0",
         "natural-compare": "^1.4.0",
@@ -3689,7 +3735,7 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.39.0",
+        "@typescript-eslint/parser": "^8.46.1",
         "eslint": "^8.57.0 || ^9.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
@@ -3705,16 +3751,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.39.0.tgz",
-      "integrity": "sha512-g3WpVQHngx0aLXn6kfIYCZxM6rRJlWzEkVpqEFLT3SgEDsp9cpCbxxgwnE504q4H+ruSDh/VGS6nqZIDynP+vg==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.1.tgz",
+      "integrity": "sha512-6JSSaBZmsKvEkbRUkf7Zj7dru/8ZCrJxAqArcLaVMee5907JdtEbKGsZ7zNiIm/UAkpGUkaSMZEXShnN2D1HZA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.39.0",
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/typescript-estree": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0",
+        "@typescript-eslint/scope-manager": "8.46.1",
+        "@typescript-eslint/types": "8.46.1",
+        "@typescript-eslint/typescript-estree": "8.46.1",
+        "@typescript-eslint/visitor-keys": "8.46.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -3730,14 +3776,14 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.39.0.tgz",
-      "integrity": "sha512-CTzJqaSq30V/Z2Og9jogzZt8lJRR5TKlAdXmWgdu4hgcC9Kww5flQ+xFvMxIBWVNdxJO7OifgdOK4PokMIWPew==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.1.tgz",
+      "integrity": "sha512-FOIaFVMHzRskXr5J4Jp8lFVV0gz5ngv3RHmn+E4HYxSJ3DgDzU7fVI1/M7Ijh1zf6S7HIoaIOtln1H5y8V+9Zg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.39.0",
-        "@typescript-eslint/types": "^8.39.0",
+        "@typescript-eslint/tsconfig-utils": "^8.46.1",
+        "@typescript-eslint/types": "^8.46.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -3752,14 +3798,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.39.0.tgz",
-      "integrity": "sha512-8QOzff9UKxOh6npZQ/4FQu4mjdOCGSdO3p44ww0hk8Vu+IGbg0tB/H1LcTARRDzGCC8pDGbh2rissBuuoPgH8A==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.1.tgz",
+      "integrity": "sha512-weL9Gg3/5F0pVQKiF8eOXFZp8emqWzZsOJuWRUNtHT+UNV2xSJegmpCNQHy37aEQIbToTq7RHKhWvOsmbM680A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0"
+        "@typescript-eslint/types": "8.46.1",
+        "@typescript-eslint/visitor-keys": "8.46.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3770,9 +3816,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.39.0.tgz",
-      "integrity": "sha512-Fd3/QjmFV2sKmvv3Mrj8r6N8CryYiCS8Wdb/6/rgOXAWGcFuc+VkQuG28uk/4kVNVZBQuuDHEDUpo/pQ32zsIQ==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.1.tgz",
+      "integrity": "sha512-X88+J/CwFvlJB+mK09VFqx5FE4H5cXD+H/Bdza2aEWkSb8hnWIQorNcscRl4IEo1Cz9VI/+/r/jnGWkbWPx54g==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3787,15 +3833,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.39.0.tgz",
-      "integrity": "sha512-6B3z0c1DXVT2vYA9+z9axjtc09rqKUPRmijD5m9iv8iQpHBRYRMBcgxSiKTZKm6FwWw1/cI4v6em35OsKCiN5Q==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.1.tgz",
+      "integrity": "sha512-+BlmiHIiqufBxkVnOtFwjah/vrkF4MtKKvpXrKSPLCkCtAp8H01/VV43sfqA98Od7nJpDcFnkwgyfQbOG0AMvw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/typescript-estree": "8.39.0",
-        "@typescript-eslint/utils": "8.39.0",
+        "@typescript-eslint/types": "8.46.1",
+        "@typescript-eslint/typescript-estree": "8.46.1",
+        "@typescript-eslint/utils": "8.46.1",
         "debug": "^4.3.4",
         "ts-api-utils": "^2.1.0"
       },
@@ -3812,9 +3858,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.39.0.tgz",
-      "integrity": "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.1.tgz",
+      "integrity": "sha512-C+soprGBHwWBdkDpbaRC4paGBrkIXxVlNohadL5o0kfhsXqOC6GYH2S/Obmig+I0HTDl8wMaRySwrfrXVP8/pQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3826,16 +3872,16 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.39.0.tgz",
-      "integrity": "sha512-ndWdiflRMvfIgQRpckQQLiB5qAKQ7w++V4LlCHwp62eym1HLB/kw7D9f2e8ytONls/jt89TEasgvb+VwnRprsw==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.1.tgz",
+      "integrity": "sha512-uIifjT4s8cQKFQ8ZBXXyoUODtRoAd7F7+G8MKmtzj17+1UbdzFl52AzRyZRyKqPHhgzvXunnSckVu36flGy8cg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.39.0",
-        "@typescript-eslint/tsconfig-utils": "8.39.0",
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0",
+        "@typescript-eslint/project-service": "8.46.1",
+        "@typescript-eslint/tsconfig-utils": "8.46.1",
+        "@typescript-eslint/types": "8.46.1",
+        "@typescript-eslint/visitor-keys": "8.46.1",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -3888,16 +3934,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.39.0.tgz",
-      "integrity": "sha512-4GVSvNA0Vx1Ktwvf4sFE+exxJ3QGUorQG1/A5mRfRNZtkBT2xrA/BCO2H0eALx/PnvCS6/vmYwRdDA41EoffkQ==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.1.tgz",
+      "integrity": "sha512-vkYUy6LdZS7q1v/Gxb2Zs7zziuXN0wxqsetJdeZdRe/f5dwJFglmuvZBfTUivCtjH725C1jWCDfpadadD95EDQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.39.0",
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/typescript-estree": "8.39.0"
+        "@typescript-eslint/scope-manager": "8.46.1",
+        "@typescript-eslint/types": "8.46.1",
+        "@typescript-eslint/typescript-estree": "8.46.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3912,13 +3958,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.39.0.tgz",
-      "integrity": "sha512-ldgiJ+VAhQCfIjeOgu8Kj5nSxds0ktPOSO9p4+0VDH2R2pLvQraaM5Oen2d7NxzMCm+Sn/vJT+mv2H5u6b/3fA==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.1.tgz",
+      "integrity": "sha512-ptkmIf2iDkNUjdeu2bQqhFPV1m6qTnFFjg7PPDjxKWaMaP0Z6I9l30Jr3g5QqbZGdw8YdYvLp+XnqnWWZOg/NA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
+        "@typescript-eslint/types": "8.46.1",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -4260,12 +4306,13 @@
       }
     },
     "node_modules/@vitest/eslint-plugin": {
-      "version": "1.3.4",
-      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.3.4.tgz",
-      "integrity": "sha512-EOg8d0jn3BAiKnR55WkFxmxfWA3nmzrbIIuOXyTe6A72duryNgyU+bdBEauA97Aab3ho9kLmAwgPX63Ckj4QEg==",
+      "version": "1.3.16",
+      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.3.16.tgz",
+      "integrity": "sha512-EvXGiZpz3L1G/pmebcmMe61UzqgR8LFwmm+QGgQEHcrTCFkMgl+c0mj2jneo38/CkHhofbK3zc3xafV6/SpzNw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
+        "@typescript-eslint/scope-manager": "^8.41.0",
         "@typescript-eslint/utils": "^8.24.1"
       },
       "peerDependencies": {
@@ -4974,29 +5021,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/array-includes": {
-      "version": "3.1.9",
-      "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.9.tgz",
-      "integrity": "sha512-FmeCCAenzH0KH381SPT5FZmiA/TmpndpcaShhfgEN9eCVjnFBqq3l1xrI42y8+PPLI6hypzou4GXw00WHmPBLQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "call-bind": "^1.0.8",
-        "call-bound": "^1.0.4",
-        "define-properties": "^1.2.1",
-        "es-abstract": "^1.24.0",
-        "es-object-atoms": "^1.1.1",
-        "get-intrinsic": "^1.3.0",
-        "is-string": "^1.1.1",
-        "math-intrinsics": "^1.1.0"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/array-union": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
@@ -5007,25 +5031,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/array.prototype.flat": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.3.tgz",
-      "integrity": "sha512-rwG/ja1neyLqCuGZ5YYrznA62D4mZXg0i1cIskIUKSiqF3Cje9/wXAls9B9s1Wa2fomMsIv8czB8jZcPmxCXFg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "call-bind": "^1.0.8",
-        "define-properties": "^1.2.1",
-        "es-abstract": "^1.23.5",
-        "es-shim-unscopables": "^1.0.2"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/arraybuffer.prototype.slice": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.4.tgz",
@@ -5059,13 +5064,14 @@
       }
     },
     "node_modules/asciinema-player": {
-      "version": "3.8.2",
-      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.8.2.tgz",
-      "integrity": "sha512-Lgcnj9u/H6sRpGRX1my7Azcay6llLmB/GVkCGcDbPwdTVTisS1ir8SQ9jRWRvjlLUjpSJkN0euruvy3sLRM8tw==",
+      "version": "3.12.1",
+      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.12.1.tgz",
+      "integrity": "sha512-X4tIjZEIsD7Keeu1cJbrsZZCbPSO85w2OiDRGui68JHQPjthIG2jh68TARDrf2CP2l1Lko4mevnBdwwmJfD0iw==",
       "license": "Apache-2.0",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
-        "solid-js": "^1.3.0"
+        "solid-js": "^1.3.0",
+        "solid-transition-group": "^0.2.3"
       }
     },
     "node_modules/assertion-error": {
@@ -5217,9 +5223,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.8.6",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.6.tgz",
-      "integrity": "sha512-wrH5NNqren/QMtKUEEJf7z86YjfqW/2uw3IL3/xpqZUC95SSVIFXYQeeGjL6FT/X68IROu6RMehZQS5foy2BXw==",
+      "version": "2.8.16",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.16.tgz",
+      "integrity": "sha512-OMu3BGQ4E7P1ErFsIPpbJh0qvDudM/UuJeHgkAvfWe+0HFJCXh+t/l8L6fVLR55RI/UbKrVLnAXZSVwd9ysWYw==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.js"
@@ -5284,9 +5290,9 @@
       }
     },
     "node_modules/browserslist": {
-      "version": "4.26.2",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.26.2.tgz",
-      "integrity": "sha512-ECFzp6uFOSB+dcZ5BK/IBaGWssbSYBHvuMeMt3MMFyhI0Z8SqGgEkBLARgpRH3hutIgPVsALcMwbDrJqPxQ65A==",
+      "version": "4.26.3",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.26.3.tgz",
+      "integrity": "sha512-lAUU+02RFBuCKQPj/P6NgjlbCnLBMp4UtgTx7vNHd3XSIJF87s9a5rA3aH2yw3GS9DqZAUbOtZdCCiZeVRqt0w==",
       "funding": [
         {
           "type": "opencollective",
@@ -5303,9 +5309,9 @@
       ],
       "license": "MIT",
       "dependencies": {
-        "baseline-browser-mapping": "^2.8.3",
-        "caniuse-lite": "^1.0.30001741",
-        "electron-to-chromium": "^1.5.218",
+        "baseline-browser-mapping": "^2.8.9",
+        "caniuse-lite": "^1.0.30001746",
+        "electron-to-chromium": "^1.5.227",
         "node-releases": "^2.0.21",
         "update-browserslist-db": "^1.1.3"
       },
@@ -5387,23 +5393,24 @@
       }
     },
     "node_modules/cacheable": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-2.0.1.tgz",
-      "integrity": "sha512-MSKxcybpxB5kcWKpj+1tPBm2os4qKKGxDovsZmLhZmWIDYp8EgtC45C5zk1fLe1IC9PpI4ZE4eyryQH0N10PKA==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-2.1.0.tgz",
+      "integrity": "sha512-zzL1BxdnqwD69JRT0dihnawAcLkBMwAH+hZSKjUzeBbPedVhk3qYPjRw9VOMYWwt5xRih5xd8S+3kEdGohZm/g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@cacheable/memoize": "^2.0.1",
-        "@cacheable/memory": "^2.0.1",
-        "@cacheable/utils": "^2.0.1",
-        "hookified": "^1.12.0",
-        "keyv": "^5.5.1"
+        "@cacheable/memoize": "^2.0.3",
+        "@cacheable/memory": "^2.0.3",
+        "@cacheable/utils": "^2.1.0",
+        "hookified": "^1.12.1",
+        "keyv": "^5.5.3",
+        "qified": "^0.5.0"
       }
     },
     "node_modules/cacheable/node_modules/keyv": {
-      "version": "5.5.2",
-      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.5.2.tgz",
-      "integrity": "sha512-TXcFHbmm/z7MGd1u9ASiCSfTS+ei6Z8B3a5JHzx3oPa/o7QzWVtPRpc4KGER5RR469IC+/nfg4U5YLIuDUua2g==",
+      "version": "5.5.3",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.5.3.tgz",
+      "integrity": "sha512-h0Un1ieD+HUrzBH6dJXhod3ifSghk5Hw/2Y4/KHBziPlZecrFyE9YOTPU6eOs0V9pYl8gOs86fkr/KN8lUX39A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5479,9 +5486,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001743",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001743.tgz",
-      "integrity": "sha512-e6Ojr7RV14Un7dz6ASD0aZDmQPT/A+eZU+nuTNfjqmRrmkmQlnTNWH0SKmqagx9PeW87UVqapSurtAXifmtdmw==",
+      "version": "1.0.30001750",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001750.tgz",
+      "integrity": "sha512-cuom0g5sdX6rw00qOoLNSFCJ9/mYIsuSOA+yzpDw8eopiFqcVwQvZHqov0vmEighRxX++cfC0Vg1G+1Iy/mSpQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -5572,9 +5579,9 @@
       }
     },
     "node_modules/chart.js": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.5.0.tgz",
-      "integrity": "sha512-aYeC/jDgSEx8SHWZvANYMioYMZ2KX02W6f6uVfyteuCGcadDLcYVHdfdygsTQkQ4TKn5lghoojAsPj5pu0SnvQ==",
+      "version": "4.5.1",
+      "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.5.1.tgz",
+      "integrity": "sha512-GIjfiT9dbmHRiYi6Nl2yFCq7kkwdkp1W/lp2J99rX0yo9tgJGn3lKQATztIjb5tVtevcBtIdICNWqlq5+E8/Pw==",
       "license": "MIT",
       "dependencies": {
         "@kurkle/color": "^0.3.0"
@@ -5691,9 +5698,9 @@
       }
     },
     "node_modules/ci-info": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-4.3.0.tgz",
-      "integrity": "sha512-l+2bNRMiQgcfILUi33labAZYIWlH1kWDp+ecNo5iisRKrbm0xcRyCww71/YU0Fkw0mAFpz9bJayXPjey6vkmaQ==",
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-4.3.1.tgz",
+      "integrity": "sha512-Wdy2Igu8OcBpI2pZePZ5oWjPC38tmDVx5WKUXKwlLYkA0ozo85sLsLvkBbBn/sZaSCMFOGZJ14fvW9t5/d7kdA==",
       "dev": true,
       "funding": [
         {
@@ -5889,13 +5896,13 @@
       }
     },
     "node_modules/core-js-compat": {
-      "version": "3.45.1",
-      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.45.1.tgz",
-      "integrity": "sha512-tqTt5T4PzsMIZ430XGviK4vzYSoeNJ6CXODi6c/voxOT6IZqBht5/EKaSNnYiEjjRYxjVz7DQIsOsY0XNi8PIA==",
+      "version": "3.46.0",
+      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.46.0.tgz",
+      "integrity": "sha512-p9hObIIEENxSV8xIu+V68JjSeARg6UVMG5mR+JEUguG3sI6MsiS1njz2jHmyJDvA+8jX/sytkBHup6kxhM9law==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "browserslist": "^4.25.3"
+        "browserslist": "^4.26.3"
       },
       "funding": {
         "type": "opencollective",
@@ -6809,9 +6816,9 @@
       }
     },
     "node_modules/detect-libc": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.0.tgz",
-      "integrity": "sha512-vEtk+OcP7VBRtQZ1EJ3bdgzSfBjgnEalLTp5zjJrS+2Z1w2KZly4SBdac/WDU3hhsNAZ9E8SC96ME4Ey8MZ7cg==",
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
+      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -7031,9 +7038,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.222",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.222.tgz",
-      "integrity": "sha512-gA7psSwSwQRE60CEoLz6JBCQPIxNeuzB2nL8vE03GK/OHxlvykbLyeiumQy1iH5C2f3YbRAZpGCMT12a/9ih9w==",
+      "version": "1.5.234",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.234.tgz",
+      "integrity": "sha512-RXfEp2x+VRYn8jbKfQlRImzoJU01kyDvVPBmG39eU2iuRVhuS6vQNocB8J0/8GrIMLnPzgz4eW6WiRnJkTuNWg==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -7086,9 +7093,9 @@
       }
     },
     "node_modules/envinfo": {
-      "version": "7.14.0",
-      "resolved": "https://registry.npmjs.org/envinfo/-/envinfo-7.14.0.tgz",
-      "integrity": "sha512-CO40UI41xDQzhLB1hWyqUKgFhs250pNcGbyGKe1l/e4FSaI/+YE4IMG76GDt0In67WLPACIITC+sOi08x4wIvg==",
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/envinfo/-/envinfo-7.18.0.tgz",
+      "integrity": "sha512-02QGCLRW+Jb8PC270ic02lat+N57iBaWsvHjcJViqp6UVupRB+Vsg7brYPTqEFXvsdTql3KnSczv5ModZFpl8Q==",
       "license": "MIT",
       "bin": {
         "envinfo": "dist/cli.js"
@@ -7253,19 +7260,6 @@
         "node": ">= 0.4"
       }
     },
-    "node_modules/es-shim-unscopables": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/es-shim-unscopables/-/es-shim-unscopables-1.1.0.tgz",
-      "integrity": "sha512-d9T8ucsEhh8Bi1woXCf+TIKDIROLG5WCkxg8geBCbvk22kzwC5G2OnXVMO6FUsvQlgUUXQ2itephWDLqDzbeCw==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "hasown": "^2.0.2"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
     "node_modules/es-to-primitive": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.3.0.tgz",
@@ -7326,13 +7320,13 @@
       }
     },
     "node_modules/esbuild-loader": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/esbuild-loader/-/esbuild-loader-4.3.0.tgz",
-      "integrity": "sha512-D7HeJNdkDKKMarPQO/3dlJT6RwN2YJO7ENU6RPlpOz5YxSHnUNi2yvW41Bckvi1EVwctIaLzlb0ni5ag2GINYA==",
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/esbuild-loader/-/esbuild-loader-4.4.0.tgz",
+      "integrity": "sha512-4J+hXTpTtEdzUNLoY8ReqDNJx2NoldfiljRCiKbeYUuZmVaiJeDqFgyAzz8uOopaekwRoCcqBFyEroGQLFVZ1g==",
       "license": "MIT",
       "dependencies": {
         "esbuild": "^0.25.0",
-        "get-tsconfig": "^4.7.0",
+        "get-tsconfig": "^4.10.1",
         "loader-utils": "^2.0.4",
         "webpack-sources": "^1.4.3"
       },
@@ -7378,20 +7372,20 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.33.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.33.0.tgz",
-      "integrity": "sha512-TS9bTNIryDzStCpJN93aC5VRSW3uTx9sClUn4B87pwiCaJh220otoI0X8mJKr+VcPtniMdN8GKjlwgWGUv5ZKA==",
+      "version": "9.37.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.37.0.tgz",
+      "integrity": "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@eslint-community/eslint-utils": "^4.2.0",
+        "@eslint-community/eslint-utils": "^4.8.0",
         "@eslint-community/regexpp": "^4.12.1",
         "@eslint/config-array": "^0.21.0",
-        "@eslint/config-helpers": "^0.3.1",
-        "@eslint/core": "^0.15.2",
+        "@eslint/config-helpers": "^0.4.0",
+        "@eslint/core": "^0.16.0",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.33.0",
-        "@eslint/plugin-kit": "^0.3.5",
+        "@eslint/js": "9.37.0",
+        "@eslint/plugin-kit": "^0.4.0",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@humanwhocodes/retry": "^0.4.2",
@@ -7515,9 +7509,9 @@
       }
     },
     "node_modules/eslint-plugin-array-func": {
-      "version": "5.0.2",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-array-func/-/eslint-plugin-array-func-5.0.2.tgz",
-      "integrity": "sha512-iyLex2+pTcxHZ6OLL80oMy+CtffpJ9j6A/57VQi1VN5bK1IS/0o+mWvezDHeAlwXjn6ksRO9L5SGU329BBuY8A==",
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-array-func/-/eslint-plugin-array-func-5.1.0.tgz",
+      "integrity": "sha512-+OULB0IQdENBmBf8pHMPPObgV6QyfeXFin483jPonOaiurI9UFmc8UydWriK5f5Gel8xBhQLA6NzMwbck1BUJw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -7648,9 +7642,9 @@
       }
     },
     "node_modules/eslint-plugin-sonarjs": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-3.0.4.tgz",
-      "integrity": "sha512-ftQcP811kRJNXapqpQXHErEoVOdTPfYPPYd7n3AExIPwv4qWKKHf4slFvXmodiOnfgy1Tl3waPZZLD7lcvJOtw==",
+      "version": "3.0.5",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-3.0.5.tgz",
+      "integrity": "sha512-dI62Ff3zMezUToi161hs2i1HX1ie8Ia2hO0jtNBfdgRBicAG4ydy2WPt0rMTrAe3ZrlqhpAO3w1jcQEdneYoFA==",
       "dev": true,
       "license": "LGPL-3.0-only",
       "dependencies": {
@@ -7658,7 +7652,7 @@
         "builtin-modules": "3.3.0",
         "bytes": "3.1.2",
         "functional-red-black-tree": "1.0.1",
-        "jsx-ast-utils": "3.3.5",
+        "jsx-ast-utils-x": "0.1.0",
         "lodash.merge": "4.6.2",
         "minimatch": "9.0.5",
         "scslre": "0.3.0",
@@ -7725,9 +7719,9 @@
       }
     },
     "node_modules/eslint-plugin-unicorn": {
-      "version": "61.0.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-61.0.1.tgz",
-      "integrity": "sha512-RwXXqS8oTxW7dVs6e4ZBpZkn1wB4qqNZSbCJektP8/Nzp/woJdfN/t7LVNcpGMZ57xWBs33K0ymZ7MV+VeQnbA==",
+      "version": "61.0.2",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-61.0.2.tgz",
+      "integrity": "sha512-zLihukvneYT7f74GNbVJXfWIiNQmkc/a9vYBTE4qPkQZswolWNdu+Wsp9sIXno1JOzdn6OUwLPd19ekXVkahRA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7760,6 +7754,33 @@
         "eslint": ">=9.29.0"
       }
     },
+    "node_modules/eslint-plugin-unicorn/node_modules/@eslint/core": {
+      "version": "0.15.2",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.15.2.tgz",
+      "integrity": "sha512-78Md3/Rrxh83gCxoUc0EiciuOHsIITzLy53m3d9UyiW8y9Dj2D29FeETqyKA+BRK76tnTp6RXWb3pCay8Oyomg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@types/json-schema": "^7.0.15"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      }
+    },
+    "node_modules/eslint-plugin-unicorn/node_modules/@eslint/plugin-kit": {
+      "version": "0.3.5",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.5.tgz",
+      "integrity": "sha512-Z5kJ+wU3oA7MMIqVR9tyZRtjYPr4OC004Q4Rw7pgOKUOKkJfZ3O24nz3WYfGRpMDNmcOi3TwQOmgm7B7Tpii0w==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@eslint/core": "^0.15.2",
+        "levn": "^0.4.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      }
+    },
     "node_modules/eslint-plugin-vitest-globals": {
       "version": "1.5.0",
       "resolved": "https://registry.npmjs.org/eslint-plugin-vitest-globals/-/eslint-plugin-vitest-globals-1.5.0.tgz",
@@ -7768,9 +7789,9 @@
       "license": "MIT"
     },
     "node_modules/eslint-plugin-vue": {
-      "version": "10.4.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-10.4.0.tgz",
-      "integrity": "sha512-K6tP0dW8FJVZLQxa2S7LcE1lLw3X8VvB3t887Q6CLrFVxHYBXGANbXvwNzYIu6Ughx1bSJ5BDT0YB3ybPT39lw==",
+      "version": "10.5.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-10.5.1.tgz",
+      "integrity": "sha512-SbR9ZBUFKgvWAbq3RrdCtWaW0IKm6wwUiApxf3BVTNfqUIo4IQQmreMg2iHFJJ6C/0wss3LXURBJ1OwS/MhFcQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7785,20 +7806,24 @@
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       },
       "peerDependencies": {
+        "@stylistic/eslint-plugin": "^2.0.0 || ^3.0.0 || ^4.0.0 || ^5.0.0",
         "@typescript-eslint/parser": "^7.0.0 || ^8.0.0",
         "eslint": "^8.57.0 || ^9.0.0",
         "vue-eslint-parser": "^10.0.0"
       },
       "peerDependenciesMeta": {
+        "@stylistic/eslint-plugin": {
+          "optional": true
+        },
         "@typescript-eslint/parser": {
           "optional": true
         }
       }
     },
     "node_modules/eslint-plugin-vue-scoped-css": {
-      "version": "2.11.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-vue-scoped-css/-/eslint-plugin-vue-scoped-css-2.11.0.tgz",
-      "integrity": "sha512-rrJgLY8iroTIUMSyxhyhJzFcRxABbk3gFrOLkl41F9G1VBqNNpDShyf6PmDoBEWDk07/bJlnqYlvnQ3giUrRYQ==",
+      "version": "2.12.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-vue-scoped-css/-/eslint-plugin-vue-scoped-css-2.12.0.tgz",
+      "integrity": "sha512-gEbuvYetNbsPA0IsmERFkVC2/vOHCInfFekNSOsAxWI/7C/bc8PoLal+fRibWfnzWryY6iL8YoluMtrEqWRj1A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7837,9 +7862,9 @@
       }
     },
     "node_modules/eslint-plugin-wc": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-3.0.1.tgz",
-      "integrity": "sha512-0p1wkSlA2Ue3FA4qW+5LZ+15sy0p1nUyVl1eyBMLq4rtN1LtE9IdI49BXNWMz8N8bM/y7Ulx8SWGAni5f8XO5g==",
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-3.0.2.tgz",
+      "integrity": "sha512-siwTrxPTw6GU2JmP3faInw8nhi0ZCnKsiSRM3j7EAkZmBTGYdDAToeseLYsvPrc5Urp/vPz+g7Ewh7XcICLxww==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8352,6 +8377,16 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/generator-function": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/generator-function/-/generator-function-2.0.1.tgz",
+      "integrity": "sha512-SFdFmIJi+ybC0vjlHN0ZGVGHc3lgE0DxPAT0djjVg+kjOnSqclqmj0KQ7ykTOLP6YxoqOvuAODGdcHJn+43q3g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/get-caller-file": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
@@ -8453,9 +8488,9 @@
       }
     },
     "node_modules/get-tsconfig": {
-      "version": "4.10.1",
-      "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.10.1.tgz",
-      "integrity": "sha512-auHyJ4AgMz7vgS8Hp3N6HXSmlMdUyhSUrfBF16w153rxtLIEOE+HGqaBppczZvnHLqQJfiHotCYpNhl0lUROFQ==",
+      "version": "4.12.0",
+      "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.12.0.tgz",
+      "integrity": "sha512-LScr2aNr2FbjAjZh2C6X6BxRx1/x+aTDExct/xyq2XKbYOiG5c0aK7pMsSuyc0brz3ibr/lbQiHD9jzt4lccJw==",
       "license": "MIT",
       "dependencies": {
         "resolve-pkg-maps": "^1.0.0"
@@ -8658,9 +8693,9 @@
       }
     },
     "node_modules/happy-dom": {
-      "version": "18.0.1",
-      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-18.0.1.tgz",
-      "integrity": "sha512-qn+rKOW7KWpVTtgIUi6RVmTBZJSe2k0Db0vh1f7CWrWclkkc7/Q+FrOfkZIb2eiErLyqu5AXEzE7XthO9JVxRA==",
+      "version": "20.0.1",
+      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-20.0.1.tgz",
+      "integrity": "sha512-LLvZwSHE4XUB6m3G6GQCxfJik6Og7ChaRb4fs11dmPKz6QLqZIihUVsr7qum1VIrJdDQ1HvVlHX+XGMy4OJLTA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9300,14 +9335,15 @@
       }
     },
     "node_modules/is-generator-function": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.1.0.tgz",
-      "integrity": "sha512-nPUB5km40q9e8UfN/Zc24eLlzdSf9OfKByBw9CIdw4H1giPMeA0OIJvbchsCu4npfI2QcMVBsGEBHKZ7wLTWmQ==",
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.1.2.tgz",
+      "integrity": "sha512-upqt1SkGkODW9tsGNG5mtXTXtECizwtS2kA161M+gJPc1xdb/Ax629af6YrTwcOeQHbewrPNlE5Dx7kzvXTizA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "call-bound": "^1.0.3",
-        "get-proto": "^1.0.0",
+        "call-bound": "^1.0.4",
+        "generator-function": "^2.0.0",
+        "get-proto": "^1.0.1",
         "has-tostringtag": "^1.0.2",
         "safe-regex-test": "^1.1.0"
       },
@@ -9757,9 +9793,9 @@
       }
     },
     "node_modules/jiti": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.5.1.tgz",
-      "integrity": "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w==",
+      "version": "2.6.1",
+      "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.6.1.tgz",
+      "integrity": "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==",
       "license": "MIT",
       "bin": {
         "jiti": "lib/jiti-cli.mjs"
@@ -10016,20 +10052,14 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/jsx-ast-utils": {
-      "version": "3.3.5",
-      "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.5.tgz",
-      "integrity": "sha512-ZZow9HBI5O6EPgSJLUb8n2NKgmVWTwCvHGwFuJlMjvLFqlGG6pjirPhtdsseaLZjSibD8eegzmYpUZwoIlj2cQ==",
+    "node_modules/jsx-ast-utils-x": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/jsx-ast-utils-x/-/jsx-ast-utils-x-0.1.0.tgz",
+      "integrity": "sha512-eQQBjBnsVtGacsG9uJNB8qOr3yA8rga4wAaGG1qRcBzSIvfhERLrWxMAM1hp5fcS6Abo8M4+bUBTekYR0qTPQw==",
       "dev": true,
       "license": "MIT",
-      "dependencies": {
-        "array-includes": "^3.1.6",
-        "array.prototype.flat": "^1.3.1",
-        "object.assign": "^4.1.4",
-        "object.values": "^1.1.6"
-      },
       "engines": {
-        "node": ">=4.0"
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       }
     },
     "node_modules/just-extend": {
@@ -10039,9 +10069,9 @@
       "license": "MIT"
     },
     "node_modules/katex": {
-      "version": "0.16.22",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.22.tgz",
-      "integrity": "sha512-XCHRdUw4lf3SKBaJe4EvgqIuWwkPSo9XoeO8GjQW94Bp7TWv9hNhzZjZ+OH9yf1UmLygb7DIT5GSFQiyt16zYg==",
+      "version": "0.16.24",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.24.tgz",
+      "integrity": "sha512-g/PXUTqqppA6XL2beQtIxoYBPdO1u3vnc2FHMQqJ53n9L5faHDm7UYa+tlYvnNQRuSX6eVusF30/v7ADkcFC8A==",
       "funding": [
         "https://opencollective.com/katex",
         "https://github.com/sponsors/katex"
@@ -10242,12 +10272,16 @@
       }
     },
     "node_modules/loader-runner": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.0.tgz",
-      "integrity": "sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg==",
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.1.tgz",
+      "integrity": "sha512-IWqP2SCPhyVFTBtRcgMHdzlf9ul25NwaFx4wCEH/KjAXuuHY4yNjvPXsBokp8jCB936PyWRaPKUNh8NvylLp2Q==",
       "license": "MIT",
       "engines": {
         "node": ">=6.11.5"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
       }
     },
     "node_modules/loader-utils": {
@@ -10555,9 +10589,9 @@
       "license": "MIT"
     },
     "node_modules/markdownlint-cli/node_modules/lru-cache": {
-      "version": "11.2.1",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.1.tgz",
-      "integrity": "sha512-r8LA6i4LP4EeWOhqBaZZjDWwehd1xUJPCJd9Sv300H0ZmcUER4+JPh7bqqZeqs1o5pgtgvXm+d9UGrB5zZGDiQ==",
+      "version": "11.2.2",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.2.tgz",
+      "integrity": "sha512-F9ODfyqML2coTIsQpSkRHnLSZMtkU8Q+mSfcaIyKwy58u+8k5nvAYeiNhsyMARvzNcXJ9QfWVrcPsC9e9rAxtg==",
       "dev": true,
       "license": "ISC",
       "engines": {
@@ -10685,9 +10719,9 @@
       }
     },
     "node_modules/mermaid/node_modules/marked": {
-      "version": "16.3.0",
-      "resolved": "https://registry.npmjs.org/marked/-/marked-16.3.0.tgz",
-      "integrity": "sha512-K3UxuKu6l6bmA5FUwYho8CfJBlsUWAooKtdGgMcERSpF7gcBUrCGsLH7wDaaNOzwq18JzSUDyoEb/YsrqMac3w==",
+      "version": "16.4.0",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-16.4.0.tgz",
+      "integrity": "sha512-CTPAcRBq57cn3R8n3hwc2REddc28hjR7RzDXQ+lXLmMJYqn20BaI2cGw6QjgZGIgVfp2Wdfw4aMzgNteQ6qJgQ==",
       "license": "MIT",
       "bin": {
         "marked": "bin/marked.js"
@@ -11369,9 +11403,9 @@
       "license": "MIT"
     },
     "node_modules/monaco-editor-webpack-plugin": {
-      "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/monaco-editor-webpack-plugin/-/monaco-editor-webpack-plugin-7.1.0.tgz",
-      "integrity": "sha512-ZjnGINHN963JQkFqjjcBtn1XBtUATDZBMgNQhDQwd78w2ukRhFXAPNgWuacaQiDZsUr4h1rWv5Mv6eriKuOSzA==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/monaco-editor-webpack-plugin/-/monaco-editor-webpack-plugin-7.1.1.tgz",
+      "integrity": "sha512-WxdbFHS3Wtz4V9hzhe/Xog5hQRSMxmDLkEEYZwqMDHgJlkZo00HVFZR0j5d0nKypjTUkkygH3dDSXERLG4757A==",
       "license": "MIT",
       "dependencies": {
         "loader-utils": "^2.0.2"
@@ -11423,9 +11457,9 @@
       }
     },
     "node_modules/napi-postinstall": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/napi-postinstall/-/napi-postinstall-0.3.3.tgz",
-      "integrity": "sha512-uTp172LLXSxuSYHv/kou+f6KW3SMppU9ivthaVTXian9sOt3XM/zHYHpRZiLgQoxeWfYUnslNWQHF1+G71xcow==",
+      "version": "0.3.4",
+      "resolved": "https://registry.npmjs.org/napi-postinstall/-/napi-postinstall-0.3.4.tgz",
+      "integrity": "sha512-PHI5f1O0EP5xJ9gQmFGMS6IZcrVvTjpXjz7Na41gTE7eE2hK11lg04CECCYEEjdc17EV4DO+fkGEtt7TpTaTiQ==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -11492,9 +11526,9 @@
       }
     },
     "node_modules/node-releases": {
-      "version": "2.0.21",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.21.tgz",
-      "integrity": "sha512-5b0pgg78U3hwXkCM8Z9b2FJdPZlr9Psr9V2gQPESdGHqbntyFJKFW4r5TeWGFzafGY3hzs1JC62VEQMbl1JFkw==",
+      "version": "2.0.23",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.23.tgz",
+      "integrity": "sha512-cCmFDMSm26S6tQSDpBCg/NR8NENrVPhAJSf+XbxBG4rPFaaonlEoE9wHQmun+cls499TQGSb7ZyPBRlzgKfpeg==",
       "license": "MIT"
     },
     "node_modules/node-sarif-builder": {
@@ -11647,25 +11681,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/object.values": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.2.1.tgz",
-      "integrity": "sha512-gXah6aZrcUxjWg2zR2MwouP2eHlCBzdV4pygudehaKXSGW4v2AsRQUK+lwwXhii6KFZcunEnmSUoYp5CXibxtA==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "call-bind": "^1.0.8",
-        "call-bound": "^1.0.3",
-        "define-properties": "^1.2.1",
-        "es-object-atoms": "^1.0.0"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@@ -11760,9 +11775,9 @@
       "license": "BlueOak-1.0.0"
     },
     "node_modules/package-manager-detector": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/package-manager-detector/-/package-manager-detector-1.3.0.tgz",
-      "integrity": "sha512-ZsEbbZORsyHuO00lY1kV3/t72yp6Ysay6Pd17ZAlNGuGwmWDLCJxFpRs0IzfXfj1o4icJOkUEioexFHzyPurSQ==",
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/package-manager-detector/-/package-manager-detector-1.4.0.tgz",
+      "integrity": "sha512-rRZ+pR1Usc+ND9M2NkmCvE/LYJS+8ORVV9X0KuNSY/gFsp7RBHJM/ADh9LYq4Vvfq6QkKrW6/weuh8SMEtN5gw==",
       "license": "MIT"
     },
     "node_modules/parent-module": {
@@ -12033,13 +12048,13 @@
       }
     },
     "node_modules/playwright": {
-      "version": "1.55.0",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.55.0.tgz",
-      "integrity": "sha512-sdCWStblvV1YU909Xqx0DhOjPZE4/5lJsIS84IfN9dAZfcl/CIZ5O8l3o0j7hPMjDvqoTF8ZUcc+i/GL5erstA==",
+      "version": "1.56.0",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.56.0.tgz",
+      "integrity": "sha512-X5Q1b8lOdWIE4KAoHpW3SE8HvUB+ZZsUoN64ZhjnN8dOb1UpujxBtENGiZFE+9F/yhzJwYa+ca3u43FeLbboHA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.55.0"
+        "playwright-core": "1.56.0"
       },
       "bin": {
         "playwright": "cli.js"
@@ -12052,9 +12067,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.55.0",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.55.0.tgz",
-      "integrity": "sha512-GvZs4vU3U5ro2nZpeiwyb0zuFaqb9sUiAJuyrWpcGouD8y9/HLgGbNRjIph7zU9D3hnPaisMl9zG9CgFi/biIg==",
+      "version": "1.56.0",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.56.0.tgz",
+      "integrity": "sha512-1SXl7pMfemAMSDn5rkPeZljxOCYAmQnYLBTExuh6E8USHXGSX3dx6lYZN/xPpTz1vimXmPA9CDnILvmJaB8aSQ==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
@@ -12196,6 +12211,48 @@
         "postcss": "^8.4.21"
       }
     },
+    "node_modules/postcss-load-config": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-6.0.1.tgz",
+      "integrity": "sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "lilconfig": "^3.1.1"
+      },
+      "engines": {
+        "node": ">= 18"
+      },
+      "peerDependencies": {
+        "jiti": ">=1.21.0",
+        "postcss": ">=8.0.9",
+        "tsx": "^4.8.1",
+        "yaml": "^2.4.2"
+      },
+      "peerDependenciesMeta": {
+        "jiti": {
+          "optional": true
+        },
+        "postcss": {
+          "optional": true
+        },
+        "tsx": {
+          "optional": true
+        },
+        "yaml": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/postcss-loader": {
       "version": "8.2.0",
       "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-8.2.0.tgz",
@@ -12523,6 +12580,19 @@
         "node": ">=6"
       }
     },
+    "node_modules/qified": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/qified/-/qified-0.5.0.tgz",
+      "integrity": "sha512-Zj6Q/Vc/SQ+Fzc87N90jJUzBzxD7MVQ2ZvGyMmYtnl2u1a07CejAhvtk4ZwASos+SiHKCAIylyGHJKIek75QBw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "hookified": "^1.12.1"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
     "node_modules/quansync": {
       "version": "0.2.11",
       "resolved": "https://registry.npmjs.org/quansync/-/quansync-0.2.11.tgz",
@@ -13091,9 +13161,9 @@
       "license": "ISC"
     },
     "node_modules/schema-utils": {
-      "version": "4.3.2",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.3.2.tgz",
-      "integrity": "sha512-Gn/JaSk/Mt9gYubxTtSn/QCV4em9mpAPiR1rqy/Ocu19u/G9J5WWdNoUT4SiV6mFC3y6cxyFcFwdzPM3FgxGAQ==",
+      "version": "4.3.3",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.3.3.tgz",
+      "integrity": "sha512-eflK8wEtyOE6+hsaRVPxvUKYCpRgzLqDTb8krvAsRIwOGlHoSgYLgBXoubGgLd2fT41/OUYdb48v4k4WWHQurA==",
       "license": "MIT",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
@@ -13461,6 +13531,23 @@
         "seroval-plugins": "~1.3.0"
       }
     },
+    "node_modules/solid-transition-group": {
+      "version": "0.2.3",
+      "resolved": "https://registry.npmjs.org/solid-transition-group/-/solid-transition-group-0.2.3.tgz",
+      "integrity": "sha512-iB72c9N5Kz9ykRqIXl0lQohOau4t0dhel9kjwFvx81UZJbVwaChMuBuyhiZmK24b8aKEK0w3uFM96ZxzcyZGdg==",
+      "license": "MIT",
+      "dependencies": {
+        "@solid-primitives/refs": "^1.0.5",
+        "@solid-primitives/transition-group": "^1.0.2"
+      },
+      "engines": {
+        "node": ">=18.0.0",
+        "pnpm": ">=8.6.0"
+      },
+      "peerDependencies": {
+        "solid-js": "^1.6.12"
+      }
+    },
     "node_modules/sortablejs": {
       "version": "1.15.6",
       "resolved": "https://registry.npmjs.org/sortablejs/-/sortablejs-1.15.6.tgz",
@@ -13751,9 +13838,9 @@
       }
     },
     "node_modules/strip-indent": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-4.1.0.tgz",
-      "integrity": "sha512-OA95x+JPmL7kc7zCu+e+TeYxEiaIyndRx0OrBcK2QPPH09oAndr2ALvymxWA+Lx1PYYvFUm4O63pRkdJAaW96w==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-4.1.1.tgz",
+      "integrity": "sha512-SlyRoSkdh1dYP0PzclLE7r0M9sgbFKKMFXpFRUMNuKhQSbC6VQIGzq3E0qsfvGJaUFJPGv6Ws1NZ/haTAjfbMA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -13777,9 +13864,9 @@
       }
     },
     "node_modules/strip-literal": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-3.0.0.tgz",
-      "integrity": "sha512-TcccoMhJOM3OebGhSBEmp3UZ2SfDMZUEBdRA/9ynfLi8yYajyWX3JiXArcJt4Umh4vISpspkQIY8ZZoCqjbviA==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-3.1.0.tgz",
+      "integrity": "sha512-8r3mkIM/2+PpjHoOtiAW8Rg3jJLHaV7xPwG+YRGrv6FP0wwk/toTpATxWYOW0BKdWwl82VT2tFYi5DlROa0Mxg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -13797,9 +13884,9 @@
       "license": "ISC"
     },
     "node_modules/stylelint": {
-      "version": "16.23.1",
-      "resolved": "https://registry.npmjs.org/stylelint/-/stylelint-16.23.1.tgz",
-      "integrity": "sha512-dNvDTsKV1U2YtiUDfe9d2gp902veFeo3ecCWdGlmLm2WFrAV0+L5LoOj/qHSBABQwMsZPJwfC4bf39mQm1S5zw==",
+      "version": "16.25.0",
+      "resolved": "https://registry.npmjs.org/stylelint/-/stylelint-16.25.0.tgz",
+      "integrity": "sha512-Li0avYWV4nfv1zPbdnxLYBGq4z8DVZxbRgx4Kn6V+Uftz1rMoF1qiEI3oL4kgWqyYgCgs7gT5maHNZ82Gk03vQ==",
       "dev": true,
       "funding": [
         {
@@ -13817,16 +13904,16 @@
         "@csstools/css-tokenizer": "^3.0.4",
         "@csstools/media-query-list-parser": "^4.0.3",
         "@csstools/selector-specificity": "^5.0.0",
-        "@dual-bundle/import-meta-resolve": "^4.1.0",
+        "@dual-bundle/import-meta-resolve": "^4.2.1",
         "balanced-match": "^2.0.0",
         "colord": "^2.9.3",
         "cosmiconfig": "^9.0.0",
         "css-functions-list": "^3.2.3",
         "css-tree": "^3.1.0",
-        "debug": "^4.4.1",
+        "debug": "^4.4.3",
         "fast-glob": "^3.3.3",
         "fastest-levenshtein": "^1.0.16",
-        "file-entry-cache": "^10.1.3",
+        "file-entry-cache": "^10.1.4",
         "global-modules": "^2.0.0",
         "globby": "^11.1.0",
         "globjoin": "^0.1.4",
@@ -13913,13 +14000,13 @@
       }
     },
     "node_modules/stylelint/node_modules/flat-cache": {
-      "version": "6.1.14",
-      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.14.tgz",
-      "integrity": "sha512-ExZSCSV9e7v/Zt7RzCbX57lY2dnPdxzU/h3UE6WJ6NtEMfwBd8jmi1n4otDEUfz+T/R+zxrFDpICFdjhD3H/zw==",
+      "version": "6.1.18",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.18.tgz",
+      "integrity": "sha512-JUPnFgHMuAVmLmoH9/zoZ6RHOt5n9NlUw/sDXsTbROJ2SFoS2DS4s+swAV6UTeTbGH/CAsZIE6M8TaG/3jVxgQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "cacheable": "^2.0.1",
+        "cacheable": "^2.1.0",
         "flatted": "^3.3.3",
         "hookified": "^1.12.0"
       }
@@ -14216,9 +14303,9 @@
       }
     },
     "node_modules/tailwindcss": {
-      "version": "3.4.17",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.17.tgz",
-      "integrity": "sha512-w33E2aCvSDP0tW9RZuNXadXlkHXqFzSkQew/aIa2i/Sj8fThxwovwlXHSPXTbAHwEIhBFXAedUhP2tueAKP8Og==",
+      "version": "3.4.18",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.18.tgz",
+      "integrity": "sha512-6A2rnmW5xZMdw11LYjhcI5846rt9pbLSabY5XPxo+XWdxwZaFEn47Go4NzFiHu9sNNmr/kXivP1vStfvMaK1GQ==",
       "license": "MIT",
       "dependencies": {
         "@alloc/quick-lru": "^5.2.0",
@@ -14229,7 +14316,7 @@
         "fast-glob": "^3.3.2",
         "glob-parent": "^6.0.2",
         "is-glob": "^4.0.3",
-        "jiti": "^1.21.6",
+        "jiti": "^1.21.7",
         "lilconfig": "^3.1.3",
         "micromatch": "^4.0.8",
         "normalize-path": "^3.0.0",
@@ -14238,7 +14325,7 @@
         "postcss": "^8.4.47",
         "postcss-import": "^15.1.0",
         "postcss-js": "^4.0.1",
-        "postcss-load-config": "^4.0.2",
+        "postcss-load-config": "^4.0.2 || ^5.0 || ^6.0",
         "postcss-nested": "^6.2.0",
         "postcss-selector-parser": "^6.1.2",
         "resolve": "^1.22.8",
@@ -14261,41 +14348,6 @@
         "jiti": "bin/jiti.js"
       }
     },
-    "node_modules/tailwindcss/node_modules/postcss-load-config": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz",
-      "integrity": "sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==",
-      "funding": [
-        {
-          "type": "opencollective",
-          "url": "https://opencollective.com/postcss/"
-        },
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/ai"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "lilconfig": "^3.0.0",
-        "yaml": "^2.3.4"
-      },
-      "engines": {
-        "node": ">= 14"
-      },
-      "peerDependencies": {
-        "postcss": ">=8.0.9",
-        "ts-node": ">=9.0.0"
-      },
-      "peerDependenciesMeta": {
-        "postcss": {
-          "optional": true
-        },
-        "ts-node": {
-          "optional": true
-        }
-      }
-    },
     "node_modules/tailwindcss/node_modules/postcss-selector-parser": {
       "version": "6.1.2",
       "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz",
@@ -14310,9 +14362,9 @@
       }
     },
     "node_modules/tapable": {
-      "version": "2.2.3",
-      "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.3.tgz",
-      "integrity": "sha512-ZL6DDuAlRlLGghwcfmSn9sK3Hr6ArtyudlSAiCqQ6IfE+b+HHbydbYDIG15IfS5do+7XQQBdBiubF/cV2dnDzg==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.0.tgz",
+      "integrity": "sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==",
       "license": "MIT",
       "engines": {
         "node": ">=6"
@@ -14808,9 +14860,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "5.8.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.3.tgz",
-      "integrity": "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ==",
+      "version": "5.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
       "devOptional": true,
       "license": "Apache-2.0",
       "bin": {
@@ -14822,16 +14874,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.39.0.tgz",
-      "integrity": "sha512-lH8FvtdtzcHJCkMOKnN73LIn6SLTpoojgJqDAxPm1jCR14eWSGPX8ul/gggBdPMk/d5+u9V854vTYQ8T5jF/1Q==",
+      "version": "8.46.1",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.46.1.tgz",
+      "integrity": "sha512-VHgijW803JafdSsDO8I761r3SHrgk4T00IdyQ+/UsthtgPRsBWQLqoSxOolxTpxRKi1kGXK0bSz4CoAc9ObqJA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.39.0",
-        "@typescript-eslint/parser": "8.39.0",
-        "@typescript-eslint/typescript-estree": "8.39.0",
-        "@typescript-eslint/utils": "8.39.0"
+        "@typescript-eslint/eslint-plugin": "8.46.1",
+        "@typescript-eslint/parser": "8.46.1",
+        "@typescript-eslint/typescript-estree": "8.46.1",
+        "@typescript-eslint/utils": "8.46.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -15044,9 +15096,9 @@
       "license": "MIT"
     },
     "node_modules/vite": {
-      "version": "7.1.6",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.6.tgz",
-      "integrity": "sha512-SRYIB8t/isTwNn8vMB3MR6E+EQZM/WG1aKmmIUCfDXfVvKfc20ZpamngWHKzAmmu9ppsgxsg4b2I7c90JZudIQ==",
+      "version": "7.1.9",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.9.tgz",
+      "integrity": "sha512-4nVGliEpxmhCL8DslSAUdxlB6+SMrhB0a1v5ijlh1xB1nEPuy1mxaHxysVucLHuWryAxLWg6a5ei+U4TLn/rFg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -15202,9 +15254,9 @@
       }
     },
     "node_modules/vite/node_modules/rollup": {
-      "version": "4.52.0",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.52.0.tgz",
-      "integrity": "sha512-+IuescNkTJQgX7AkIDtITipZdIGcWF0pnVvZTWStiazUmcGA2ag8dfg0urest2XlXUi9kuhfQ+qmdc5Stc3z7g==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.52.4.tgz",
+      "integrity": "sha512-CLEVl+MnPAiKh5pl4dEWSyMTpuflgNQiLGhMv8ezD5W/qP8AKvmYpCOKRRNOh7oRKnauBZ4SyeYkMS+1VSyKwQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -15218,28 +15270,28 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.52.0",
-        "@rollup/rollup-android-arm64": "4.52.0",
-        "@rollup/rollup-darwin-arm64": "4.52.0",
-        "@rollup/rollup-darwin-x64": "4.52.0",
-        "@rollup/rollup-freebsd-arm64": "4.52.0",
-        "@rollup/rollup-freebsd-x64": "4.52.0",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.52.0",
-        "@rollup/rollup-linux-arm-musleabihf": "4.52.0",
-        "@rollup/rollup-linux-arm64-gnu": "4.52.0",
-        "@rollup/rollup-linux-arm64-musl": "4.52.0",
-        "@rollup/rollup-linux-loong64-gnu": "4.52.0",
-        "@rollup/rollup-linux-ppc64-gnu": "4.52.0",
-        "@rollup/rollup-linux-riscv64-gnu": "4.52.0",
-        "@rollup/rollup-linux-riscv64-musl": "4.52.0",
-        "@rollup/rollup-linux-s390x-gnu": "4.52.0",
-        "@rollup/rollup-linux-x64-gnu": "4.52.0",
-        "@rollup/rollup-linux-x64-musl": "4.52.0",
-        "@rollup/rollup-openharmony-arm64": "4.52.0",
-        "@rollup/rollup-win32-arm64-msvc": "4.52.0",
-        "@rollup/rollup-win32-ia32-msvc": "4.52.0",
-        "@rollup/rollup-win32-x64-gnu": "4.52.0",
-        "@rollup/rollup-win32-x64-msvc": "4.52.0",
+        "@rollup/rollup-android-arm-eabi": "4.52.4",
+        "@rollup/rollup-android-arm64": "4.52.4",
+        "@rollup/rollup-darwin-arm64": "4.52.4",
+        "@rollup/rollup-darwin-x64": "4.52.4",
+        "@rollup/rollup-freebsd-arm64": "4.52.4",
+        "@rollup/rollup-freebsd-x64": "4.52.4",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.52.4",
+        "@rollup/rollup-linux-arm-musleabihf": "4.52.4",
+        "@rollup/rollup-linux-arm64-gnu": "4.52.4",
+        "@rollup/rollup-linux-arm64-musl": "4.52.4",
+        "@rollup/rollup-linux-loong64-gnu": "4.52.4",
+        "@rollup/rollup-linux-ppc64-gnu": "4.52.4",
+        "@rollup/rollup-linux-riscv64-gnu": "4.52.4",
+        "@rollup/rollup-linux-riscv64-musl": "4.52.4",
+        "@rollup/rollup-linux-s390x-gnu": "4.52.4",
+        "@rollup/rollup-linux-x64-gnu": "4.52.4",
+        "@rollup/rollup-linux-x64-musl": "4.52.4",
+        "@rollup/rollup-openharmony-arm64": "4.52.4",
+        "@rollup/rollup-win32-arm64-msvc": "4.52.4",
+        "@rollup/rollup-win32-ia32-msvc": "4.52.4",
+        "@rollup/rollup-win32-x64-gnu": "4.52.4",
+        "@rollup/rollup-win32-x64-msvc": "4.52.4",
         "fsevents": "~2.3.2"
       }
     },
@@ -15513,9 +15565,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/webpack": {
-      "version": "5.101.3",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.101.3.tgz",
-      "integrity": "sha512-7b0dTKR3Ed//AD/6kkx/o7duS8H3f1a4w3BYpIriX4BzIhjkn4teo05cptsxvLesHFKK5KObnadmCHBwGc+51A==",
+      "version": "5.102.1",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.102.1.tgz",
+      "integrity": "sha512-7h/weGm9d/ywQ6qzJ+Xy+r9n/3qgp/thalBbpOi5i223dPXKi04IBtqPN9nTd+jBc7QKfvDbaBnFipYp4sJAUQ==",
       "license": "MIT",
       "dependencies": {
         "@types/eslint-scope": "^3.7.7",
@@ -15526,7 +15578,7 @@
         "@webassemblyjs/wasm-parser": "^1.14.1",
         "acorn": "^8.15.0",
         "acorn-import-phases": "^1.0.3",
-        "browserslist": "^4.24.0",
+        "browserslist": "^4.26.3",
         "chrome-trace-event": "^1.0.2",
         "enhanced-resolve": "^5.17.3",
         "es-module-lexer": "^1.2.1",
@@ -15538,10 +15590,10 @@
         "loader-runner": "^4.2.0",
         "mime-types": "^2.1.27",
         "neo-async": "^2.6.2",
-        "schema-utils": "^4.3.2",
-        "tapable": "^2.1.1",
+        "schema-utils": "^4.3.3",
+        "tapable": "^2.3.0",
         "terser-webpack-plugin": "^5.3.11",
-        "watchpack": "^2.4.1",
+        "watchpack": "^2.4.4",
         "webpack-sources": "^3.3.3"
       },
       "bin": {
@@ -15967,18 +16019,6 @@
         "node": ">=10"
       }
     },
-    "node_modules/yaml": {
-      "version": "2.8.1",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz",
-      "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==",
-      "license": "ISC",
-      "bin": {
-        "yaml": "bin.mjs"
-      },
-      "engines": {
-        "node": ">= 14.6"
-      }
-    },
     "node_modules/yargs": {
       "version": "17.7.2",
       "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
diff --git a/package.json b/package.json
index 0e5481d188..aabfec6263 100644
--- a/package.json
+++ b/package.json
@@ -15,8 +15,8 @@
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",
-    "asciinema-player": "3.8.2",
-    "chart.js": "4.5.0",
+    "asciinema-player": "3.12.1",
+    "chart.js": "4.5.1",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",
     "clippie": "4.1.7",
@@ -24,18 +24,18 @@
     "dayjs": "1.11.18",
     "dropzone": "6.0.0-beta.2",
     "easymde": "2.18.0",
-    "esbuild-loader": "4.3.0",
+    "esbuild-loader": "4.4.0",
     "escape-goat": "4.0.0",
     "fast-glob": "3.3.3",
     "htmx.org": "2.0.7",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
-    "katex": "0.16.22",
+    "katex": "0.16.24",
     "mermaid": "11.12.0",
     "mini-css-extract-plugin": "2.9.3",
     "minimatch": "10.0.3",
     "monaco-editor": "0.52.2",
-    "monaco-editor-webpack-plugin": "7.1.0",
+    "monaco-editor-webpack-plugin": "7.1.1",
     "pdfobject": "2.3.0",
     "postcss": "8.5.6",
     "postcss-loader": "8.2.0",
@@ -43,7 +43,7 @@
     "pretty-ms": "9.0.0",
     "sortablejs": "1.15.6",
     "swagger-ui-dist": "5.17.14",
-    "tailwindcss": "3.4.17",
+    "tailwindcss": "3.4.18",
     "throttle-debounce": "5.0.0",
     "tinycolor2": "1.6.0",
     "tippy.js": "6.3.7",
@@ -55,49 +55,49 @@
     "vue-chartjs": "5.3.1",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.101.3",
+    "webpack": "5.102.1",
     "webpack-cli": "6.0.1",
     "wrap-ansi": "9.0.2"
   },
   "devDependencies": {
     "@axe-core/playwright": "4.10.2",
     "@eslint-community/eslint-plugin-eslint-comments": "4.5.0",
-    "@playwright/test": "1.55.0",
+    "@playwright/test": "1.56.0",
     "@stoplight/spectral-cli": "6.15.0",
-    "@stylistic/eslint-plugin": "5.2.3",
+    "@stylistic/eslint-plugin": "5.4.0",
     "@stylistic/stylelint-plugin": "4.0.0",
     "@vitejs/plugin-vue": "6.0.1",
     "@vitest/coverage-v8": "3.2.4",
-    "@vitest/eslint-plugin": "1.3.4",
+    "@vitest/eslint-plugin": "1.3.16",
     "@vue/test-utils": "2.4.6",
-    "eslint": "9.33.0",
+    "eslint": "9.37.0",
     "eslint-import-resolver-typescript": "4.4.4",
-    "eslint-plugin-array-func": "5.0.2",
+    "eslint-plugin-array-func": "5.1.0",
     "eslint-plugin-import-x": "4.16.1",
     "eslint-plugin-no-jquery": "3.1.1",
     "eslint-plugin-no-use-extend-native": "0.7.2",
     "eslint-plugin-playwright": "2.2.2",
     "eslint-plugin-regexp": "2.10.0",
-    "eslint-plugin-sonarjs": "3.0.4",
+    "eslint-plugin-sonarjs": "3.0.5",
     "eslint-plugin-toml": "0.12.0",
-    "eslint-plugin-unicorn": "61.0.1",
+    "eslint-plugin-unicorn": "61.0.2",
     "eslint-plugin-vitest-globals": "1.5.0",
-    "eslint-plugin-vue": "10.4.0",
-    "eslint-plugin-vue-scoped-css": "2.11.0",
-    "eslint-plugin-wc": "3.0.1",
+    "eslint-plugin-vue": "10.5.1",
+    "eslint-plugin-vue-scoped-css": "2.12.0",
+    "eslint-plugin-wc": "3.0.2",
     "globals": "16.4.0",
-    "happy-dom": "18.0.1",
+    "happy-dom": "20.0.1",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.45.0",
     "postcss-html": "1.8.0",
     "sharp": "0.34.4",
-    "stylelint": "16.23.1",
+    "stylelint": "16.25.0",
     "stylelint-declaration-block-no-ignored-properties": "2.8.0",
     "stylelint-declaration-strict-value": "1.10.11",
     "stylelint-value-no-unknown-custom-properties": "6.0.1",
     "svgo": "4.0.0",
-    "typescript": "5.8.3",
-    "typescript-eslint": "8.39.0",
+    "typescript": "5.9.3",
+    "typescript-eslint": "8.46.1",
     "vite-string-plugin": "1.4.6",
     "vitest": "3.2.4"
   },
diff --git a/release-notes-published/10.0.0.md b/release-notes-published/10.0.0.md
index deaf181cfb..5c71971991 100644
--- a/release-notes-published/10.0.0.md
+++ b/release-notes-published/10.0.0.md
@@ -72,6 +72,18 @@
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/5372): <!--number 5372 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC85ZDM0NzMxMTk4OTNmZmRlMGFiMzZkOThlN2EwZTQxYzVkMGJhOWEzKSBBZGQgYmluIHRvIENvbXBvc2VyIE1ldGFkYXRhLg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/9d3473119893ffde0ab36d98e7a0e41c5d0ba9a3) Add bin to Composer Metadata.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/4968): <!--number 4968 --><!--line 0 --><!--description U3VwcG9ydCByZWdleHAgaW4gZ2l0LWdyZXAgc2VhcmNo-->Support regexp in git-grep search<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/4753): <!--number 4753 --><!--line 0 --><!--description R2l0IG5vdGVzIGNhbiBiZSBtb2RpZmllZCB2aWEgdGhlIEFQSSBvciB0aGUgVUk=-->Git notes can be modified via the API or the UI<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6553): Update of Chroma from v2.14.0: to v2.15.0:
+    - add Beeflang support
+    - add CSV lexer
+    - add Eclipse ATL language
+    - add hare done keyword
+    - add JSONata Lexer
+    - add Jsonnet Lexer
+    - add Typst Lexer
+    - add WebVTT lexer
+    - import NSIS Lexer from Pygments
+    - port Minecraft lexers from Pygments
+    - update the Materialize lexer
 - Bug fixes
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/6343): <!--number 6343 --><!--line 0 --><!--description YXZvaWQgR2l0ZWEgbWlncmF0aW9uIHdhcm5pbmdz-->avoid Gitea migration warnings<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/6329): <!--number 6329 --><!--line 0 --><!--description bWF2ZW4gcGFja2FnZSB3aGVyZSBhY3R1YWwgcG9tIGhhcyBubyBncm91cC1pZCBkZWZpbmVkLCBmYWxsYmFjayB0byBwYXJlbnQgZ3JvdXAtaWQ=-->maven package where actual pom has no group-id defined, fallback to parent group-id<!--description-->
@@ -105,6 +117,14 @@
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/5416): <!--number 5416 --><!--line 1 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9iNDk2MzE3YjVhMmFlYTk3MGJjOTRjY2Y2ZmNkZTM1Y2Q0MTdlYzIwKSBBZnRlciBtaWdyYXRpbmcgYSByZXBvc2l0b3J5IHRoYXQgY29udGFpbnMgbWVyZ2VkIHB1bGwgcmVxdWVzdHMsIHRoZSBicmFuY2ggaXMgbWlzc2luZyBhbmQgY2Fubm90IGJlIGRlbGV0ZWQu-->[commit](https://codeberg.org/forgejo/forgejo/commit/b496317b5a2aea970bc94ccf6fcde35cd417ec20) After migrating a repository that contains merged pull requests, the branch is missing and cannot be deleted.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/5416): <!--number 5416 --><!--line 2 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC9hMjI2MDY0NzExODk5ZGEwN2Q2YjE0NTVhNjhlZjc1OGYyZjNlN2UwKSBGb3JnZWpvIEFjdGlvbnMgYXJ0aWZhY3QgdjQgdXBsb2FkIGFib3ZlIDhNQi4=-->[commit](https://codeberg.org/forgejo/forgejo/commit/a226064711899da07d6b1455a68ef758f2f3e7e0) Forgejo Actions artifact v4 upload above 8MB.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/5307): <!--number 5307 --><!--line 0 --><!--description RG9uJ3QgYWxsb3cgbW9kaWZpY2F0aW9uIHRvIGludGVybmFsIHJlZmVyZW5jZQ==-->Don't allow modification to internal reference<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6553): Update of Chroma from v2.14.0: to v2.15.0:
+    - go: add any as a builtin type
+    - go: single line comment without consuming endline, disable EnsureNL
+    - haskell: add underscore parsing in numbers
+    - markdown: remove whitespace tokenizing rule
+    - typescript: allow nested generics
+    - typescript: highlight string literal type parameters
+    - yaml: don't output extra whitespace in multiline
 - Other changes without a feature or bug label
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/5789): <!--number 5789 --><!--line 1 --><!--description Y2hvcmU6IFtjb21taXRdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9jb21taXQvYjMwOGJjY2E3Yzk1MGI3ZjBkMTI3ZWU0MjgyMDE5YzJhOTkyMzI5OSkgSW1wcm92ZWQgZGlmZiB2aWV3IHBlcmZvcm1hbmNl-->chore: [commit](https://codeberg.org/forgejo/forgejo/commit/b308bcca7c950b7f0d127ee4282019c2a9923299) Improved diff view performance<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/5714): <!--number 5714 --><!--line 1 --><!--description Y2hvcmU6IFtjb21taXRdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9jb21taXQvYWIyNmQ4ODA5MzJkYmMxMTZjNDNlYTI3NzAyOTk4NGM3YTZkNGU5NCkgRW1pdCBhIGxvZyBtZXNzYWdlIHdoZW4gZmFpbGluZyB0byBkZWxldGUgYW4gaW5hY3RpdmUgdXNlcg==-->chore: [commit](https://codeberg.org/forgejo/forgejo/commit/ab26d880932dbc116c43ea277029984c7a6d4e94) Emit a log message when failing to delete an inactive user<!--description-->
diff --git a/release-notes-published/12.0.0.md b/release-notes-published/12.0.0.md
index f52480cc88..b160502750 100644
--- a/release-notes-published/12.0.0.md
+++ b/release-notes-published/12.0.0.md
@@ -78,6 +78,15 @@
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7387): <!--number 7387 --><!--line 0 --><!--description aW5jbHVkZSBhIGRlZmF1bHQgcm9ib3RzLnR4dCB0byByZWR1Y2UgdGhlIGltcGFjdCBvZiBjcmF3bGVycw==-->include a default robots.txt to reduce the impact of crawlers. [Read more in the v12.0 companion blog post](https://forgejo.org/2025-07-release-v12-0/#default-robotstxt).<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7212): <!--number 7212 --><!--line 0 --><!--description dXNlIFhPUk0gRW5naW5lR3JvdXAgaW5zdGVhZCBvZiBzaW5nbGUgRW5naW5lIGNvbm5lY3Rpb24=-->use XORM EngineGroup instead of single Engine connection. [Read more in the v12.0 companion blog post](https://forgejo.org/2025-07-release-v12-0/#xorm-enginegroup-connections-for-optimized-database-query-routing-and-load-balancing).<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/2364): <!--number 2364 --><!--line 0 --><!--description c3luYyBmb3Jrcw==-->sync forks. [Read more in the v12.0 companion blog post](https://forgejo.org/2025-07-release-v12-0/#keeping-forks-in-sync).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7459): Update of Chroma from v2.15.0: to v2.16.0:
+    - [`0bf0e9f`](https://github.com/alecthomas/chroma/commit/0bf0e9f): add luau file extension and alias to lua lexer
+    - [`4b0882a`](https://github.com/alecthomas/chroma/commit/4b0882a): add Janet lexer
+    - [`dc982d2`](https://github.com/alecthomas/chroma/commit/dc982d2): add Mojo lexer
+    - [`f0d460e`](https://github.com/alecthomas/chroma/commit/f0d460e): odin: support the new build tag feature
+  [PR](https://codeberg.org/forgejo/forgejo/pulls/7607): Update of Chroma from v2.16.0: to v2.17.0:
+    - [`22859e6`](https://github.com/alecthomas/chroma/commit/22859e6): add Lean lexer
+  [PR](https://codeberg.org/forgejo/forgejo/pulls/7890): Update of Chroma from v2.17.2: to v2.18.0:
+    - [`79dde77`](https://github.com/alecthomas/chroma/commit/79dde77): add IBM RPG lexer
 - Bug fixes
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/8511) ([backported](https://codeberg.org/forgejo/forgejo/pulls/8516)): <!--number 8516 --><!--line 0 --><!--description Zml4OiBQUiBub3QgYmxvY2tlZCBieSByZXZpZXcgcmVxdWVzdCBmb3IgYSB3aGl0ZWxpc3RlZCB0ZWFt-->pull requests were not blocked by review request for a whitelisted team.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/8475) ([backported](https://codeberg.org/forgejo/forgejo/pulls/8480)): <!--number 8480 --><!--line 0 --><!--description c2V2ZXJhbCBmaXhlcyBvZiBBTFQgUGFja2FnZSByZWdpc3RyeQ==-->several fixes of the ALT RPM package registry.<!--description-->
@@ -96,6 +105,19 @@
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7454): <!--number 7454 --><!--line 0 --><!--description Q2FuY2VsIGEgcmV2aWV3-->fix a border case where it was not possible to cancel a pull request review.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/7409): <!--number 7409 --><!--line 0 --><!--description Zml4IGFjbWUgcmVuZXdhbA==-->fix acme renewal.<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/6352): <!--number 6352 --><!--line 0 --><!--description bWlncmF0ZSBNYXZlbiBwYWNrYWdlcyB0byAiZ3JvdXBJZDphcnRpZmFjdElkIiBuYW1lIGNvbmNhdGVuYXRpb24sIHJlZ2VuZXJhdGUgbWV0YWRhdGEgYW5kIGZpeCBtaXNzaW5nIGdyb3VwSWQ=-->migrate Maven packages to "groupId:artifactId" name concatenation, regenerate metadata and fix missing groupId.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7459): Update of Chroma from v2.15.0: to v2.16.0:
+    - [`88084b6`](https://github.com/alecthomas/chroma/commit/88084b6): terraform: dot in a string breaks the highlighting
+    - [`e0c7747`](https://github.com/alecthomas/chroma/commit/e0c7747): nginx conf: IP address as name detection
+    - [`79621af`](https://github.com/alecthomas/chroma/commit/79621af): solidity: handling of inline assembly
+    - [`d829579`](https://github.com/alecthomas/chroma/commit/d829579): ocaml: support multistring
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7607): Update of Chroma from v2.16.0: to v2.17.0:
+    - [`8fa488c`](https://github.com/alecthomas/chroma/commit/8fa488c): fix Gleam lexer
+    - [`5409db0`](https://github.com/alecthomas/chroma/commit/5409db0): vue: handle more edge cases for tags
+    - [`3df29af`](https://github.com/alecthomas/chroma/commit/3df29af): rrt: add proper diff styling to
+    - [`9077658`](https://github.com/alecthomas/chroma/commit/9077658): terraform: properly tokenizes default_tags attribute
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7738): Update of Chroma from v2.17.0: to v2.17.2:
+    - [`2cbcfa9`](https://github.com/alecthomas/chroma/commit/2cbcfa9): fix a bunch of styles did not correctly fallback to parent styles
+    - [`8f4cf56`](https://github.com/alecthomas/chroma/commit/8f4cf56): zig: add rule for function calls
 - Included for completeness but not worth a release note
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/8534): <!--number 8534 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/8530) ([backported](https://codeberg.org/forgejo/forgejo/pulls/8532)): <!--number 8532 --><!--line 0 --><!--description Zml4KHBhY2thZ2VzKTogc2tpcCBhbm90aGVyIHN0YWNrIGZyYW1lIGZyb20gbG9nZ2luZw==-->fix(packages): skip another stack frame from logging<!--description-->
diff --git a/release-notes-published/13.0.0.md b/release-notes-published/13.0.0.md
index e69de29bb2..7ab0679455 100644
--- a/release-notes-published/13.0.0.md
+++ b/release-notes-published/13.0.0.md
@@ -0,0 +1,499 @@
+A [companion blog post](https://forgejo.org/2025-10-release-v13-0/) provides additional context on this major release.
+
+This release contains [a regression](https://codeberg.org/forgejo/forgejo/issues/9421) when `RENDER_CONTENT_MODE = iframe` is set in `app.ini` that sometime forces the height to be 300px. It will be fixed in [Forgejo v13.0.1](https://codeberg.org/forgejo/forgejo/milestone/29090).
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8753): <!--number 8753 --><!--line 0 --><!--description QWRkIGNvbmZpZ3VyYWJsZSBnbG9iYWwgMkZBIGVuZm9yY2VtZW50-->Add configurable global 2FA enforcement<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8692): <!--number 8692 --><!--line 0 --><!--description bWlncmF0ZSBhY3Rpb24gc2VjcmV0cyB0byBga2V5aW5nYCB0byBzdG9yZSB0aGVtIG1vcmUgc2VjdXJlbHk=-->migrate action secrets to `keying` to store them more securely<!--description-->
+- Breaking features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8328): <!--number 8328 --><!--line 0 --><!--description YnVtcCB0aGUgbWluaW11bSByZXF1aXJlZCBHaXQgdmVyc2lvbiBmcm9tIDIuMC4wIHRvIDIuMzQuMQ==-->bump the minimum required Git version from 2.0.0 to 2.34.1<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8502): <!--number 8502 --><!--line 0 --><!--description Rm9yZ2VqbyBBY3Rpb25zIHdvcmtmbG93cyBhcmUgdmVyaWZpZWQgd2l0aCBhIFlBTUwgc2NoZW1hIGFuZCBjb21tb24gZXJyb3JzIHN1Y2ggYXMgdXNpbmcgYW4gaW5jb3JyZWN0IGNvbnRleHQgKGUuZy4gYCR7eyBiYWRjb250ZXh0LkZPUkdFSk9fUkVQT1NJVE9SWSB9fWApIG9yIGEgdHlwbyBpbiBhIHJlcXVpcmVkIGtleXdvcmQgKGUuZy4gYHJ1aW5zLW9uOmAgaW5zdGVhZCBvZiBgcnVucy1vbjpgKSB3aWxsIGJlIHJlcG9ydGVkIGluIHRoZSBhY3Rpb24gcGFnZSBhbmQgdGhlIHdlYiBwYWdlIHRoYXQgZGlzcGxheXMgdGhlIGZpbGUgaW4gdGhlIHJlcG9zaXRvcnkuIEl0IGlzIHJlY29tbWVuZGVkIHRvIHZlcmlmeSBleGlzdGluZyB3b3JrZmxvd3MgYXJlIHN1Y2Nlc3NmdWxseSB2ZXJpZmllZCBwcmlvciB0byB1cGdyYWRpbmcsIFthcyBleHBsYWluZWQgaW4gdGhlIEZvcmdlam8gcnVubmVyIHJlbGVhc2Ugbm90ZXNdKGh0dHBzOi8vY29kZS5mb3JnZWpvLm9yZy9mb3JnZWpvL3J1bm5lci9zcmMvYnJhbmNoL21haW4vUkVMRUFTRS1OT1RFUy5tZCM4LTAtMCku-->Forgejo Actions workflows are verified with a YAML schema and common errors such as using an incorrect context (e.g. `${{ badcontext.FORGEJO_REPOSITORY }}`) or a typo in a required keyword (e.g. `ruins-on:` instead of `runs-on:`) will be reported in the action page and the web page that displays the file in the repository. It is recommended to verify existing workflows are successfully verified prior to upgrading, [as explained in the Forgejo runner release notes](https://code.forgejo.org/forgejo/runner/releases/tag/v9.0.0).<!--description-->
+- Breaking bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9023): <!--number 9023 --><!--line 0 --><!--description VGhlIGBhcnRpZmFjdC11cmxgIG91cHV0IFtyZXR1cm5lZCBieSB0aGUgdXBsb2FkLWFydGlmYWN0QHY0IGFjdGlvbl0oaHR0cHM6Ly9jb2RlLmZvcmdlam8ub3JnL2FjdGlvbnMvdXBsb2FkLWFydGlmYWN0I291dHB1dHMpIGNhbiBiZSB1c2VkIHRvIGRvd25sb2FkIHRoZSBhcnRpZmFjdC4gSXQgd2FzIHByZXZpb3VzbHkgNDA0LiBUbyBpbXBsZW1lbnQgdGhpcyBjb21wYXRpYmlsaXR5IGZpeCwgdGhlIHdlYiBVSSBVUkwgdG8gZG93bmxvYWQgYXJ0aWZhY3RzIChpLmUuIGAve293bmVyfS97cmVwb30vYWN0aW9ucy9ydW5zL3tydW5faWR9L2FydGlmYWN0cy97YXJ0aWZhY3RfbmFtZX1gKSBub3cgcmVsaWVzIG9uIGFuIGlkZW50aWZpZXIgdGhhdCBpcyB1bmlxdWUgYWNjcm9zcyB0aGUgaW5zdGFuY2UuIFVSTHMgdG8gZG93bmxvYWQgYXJ0aWZhY3RzIHRoYXQgd2VyZSBib29rbWFya2VkIG9yIGNvcGllZCBwcmlvciB0byB0aGlzIGNoYW5nZSB1c2UgYW4gaWQgcmVsYXRpdmUgdG8gdGhlIHJlcG9zaXRvcnkgYW5kIHdpbGwgbm8gbG9uZ2VyIHdvcmsuIEl0IHByZXZpb3VzbHkgd2FzIGAve293bmVyfS97cmVwb30vYWN0aW9ucy9ydW5zL3tydW5faW5kZXh9L2FydGlmYWN0cy97YXJ0aWZhY3RfbmFtZX1gLCBub3RlIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4gYHtydW5faWR9YCBhbmQgYHtydW5faW5kZXh9YC4gVGhlIG5ldyBVUkwgY2FuIGJlIG9idGFpbmVkIGFnYWluIGJ5IHZpc2l0aW5nIHRoZSBwYXJlbnQgcGFnZSwgd2hpY2ggc3RpbGwgdXNlcyB0aGUgcmVsYXRpdmUgaWQgKGAve293bmVyfS97cmVwb30vYWN0aW9ucy9ydW5zL3tydW5faW5kZXh9YCku-->The `artifact-url` ouput [returned by the upload-artifact@v4 action](https://code.forgejo.org/actions/upload-artifact#outputs) can be used to download the artifact. It was previously 404. To implement this compatibility fix, the web UI URL to download artifacts (i.e. `/{owner}/{repo}/actions/runs/{run_id}/artifacts/{artifact_name}`) now relies on an identifier that is unique accross the instance. URLs to download artifacts that were bookmarked or copied prior to this change use an id relative to the repository and will no longer work. It previously was `/{owner}/{repo}/actions/runs/{run_index}/artifacts/{artifact_name}`, note the difference between `{run_id}` and `{run_index}`. The new URL can be obtained again by visiting the parent page, which still uses the relative id (`/{owner}/{repo}/actions/runs/{run_index}`).<!--description-->
+- User Interface features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9017): <!--number 9017 --><!--line 0 --><!--description YWJpbGl0eSB0byB2aWV3IHByZXZpb3VzIGxvZ3MgZm9yIEFjdGlvbnMgcnVucyB0aGF0IGhhdmUgYmVlbiByZXRyaWVk-->ability to view previous logs for Actions runs that have been retried<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8655): <!--number 8655 --><!--line 0 --><!--description c2hvdyBDSSBzdGF0dXMgb24gZm9yY2UtcHVzaGVz-->show CI status on force-pushes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8859): <!--number 8859 --><!--line 0 --><!--description Zmlyc3QgbmF0aXZlIGRpYWxvZyBmb3IgbW9kYWw=-->first native dialog for modal<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8572): <!--number 8572 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgb3JnIGhlYWRlciB3aXRoIG5ldyBub0pTIGRyb3Bkb3duIGFuZCBtb3JlIG9wdGlvbnM=-->feat(ui): improve org header with new noJS dropdown and more options<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9145): <!--number 9145 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgbXVsdGlsaW5lIGZpbGUgcHJldmlldyBhbmQgYW5jaG9yIGRldGVjdGlvbg==-->feat(ui): improve multiline file preview and anchor detection<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9184): <!--number 9184 --><!--line 0 --><!--description ZmVhdCh1aSk6IHJlbmRlciBvcmRlcmVkIGNoZWNrYm94IGxpc3RzIHdpdGggbnVtYmVycw==-->feat(ui): render ordered checkbox lists with numbers<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7905): <!--number 7905 --><!--line 0 --><!--description QWRtaW4gaW50ZXJmYWNlIGZvciBhYnVzZSByZXBvcnRz-->Admin interface for abuse reports<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8757): <!--number 8757 --><!--line 0 --><!--description c2hvdyB0aW1lc3RhbXAgb24gcmVsZWFzZSBhdHRhY2htZW50cw==-->show timestamp on release attachments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8759): <!--number 8759 --><!--line 0 --><!--description YWRkIHRhZyBsYWJlbCB0byBjb21taXQgbGlzdCB2aWV3-->add tag label to commit list view<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9110): <!--number 9110 --><!--line 0 --><!--description c3VwcG9ydCBNYXJrZG93biBlZGl0b3IgYm9sZCAmIGl0YWxpYyBrZXlib2FyZCBzaG9ydGN1dHM=-->support Markdown editor bold & italic keyboard shortcuts<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9146) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9493)): <!--number 9493 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgcmVuZGVyaW5nIGNvbW1pdCBsaW5rcyBmb3IgUFIgY29tbWl0cywgZXh0ZXJuYWwgcmVwb3MgYW5kIGRpZmZz-->feat(ui): improve rendering commit links for PR commits, external repos and diffs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8138): <!--number 8138 --><!--line 0 --><!--description dWk6IHJlZmFjdG9yIGRpc3BsYXkgb2YgcmV2aWV3IHRocmVhZHMgb24gcHIgdmlldw==-->ui: refactor display of review threads on pr view<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8264): <!--number 8264 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFkZCBsaW5rcyB0byBhc3NpZ25lcnMgaW4gaXNzdWUgY29tbWVudHM=-->feat(ui): add links to assigners in issue comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8350): <!--number 8350 --><!--line 0 --><!--description cmVkdWNlIGFtb3VudCBvZiBtb3JwaGluZyBmb3IgbWlsZXN0b25l-->reduce amount of morphing for milestone<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8582): <!--number 8582 --><!--line 0 --><!--description ZmVhdCh1aSk6IHVzZSBzaW1wbGlmaWVkIHZpc2liaWxpdHkgbGFiZWwgaW4gZGFzaGJvYXJkIG9yZ3MgbGlzdA==-->feat(ui): use simplified visibility label in dashboard orgs list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8855): <!--number 8855 --><!--line 0 --><!--description aW1wcm92ZSBjdXN0b20gZW1vamlz-->improve custom emojis<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9336): <!--number 9336 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgdGhlIGdsb2JhbCBub0pTIG5vdGljZQ==-->feat(ui): improve the global noJS notice<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9402): <!--number 9402 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgZGlzcGxheSBvZiByZXBvIHRvcGljcw==-->feat(ui): improve display of repo topics<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8239): <!--number 8239 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFkZCBsaW5rcyB0byByZXZpZXcgcmVxdWVzdCB0YXJnZXRzIGluIGlzc3VlIGNvbW1lbnRz-->feat(ui): add links to review request targets in issue comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9192): <!--number 9192 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgc3Vic2NyaXB0aW9ucyBzY3JlZW4gZmlsdGVycw==-->feat(ui): improve subscriptions screen filters<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9057): <!--number 9057 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcGxlbWVudCBob3ZlciBmb3Igc3dpdGNo-->feat(ui): implement hover for switch<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8704): <!--number 8704 --><!--line 0 --><!--description UHJldHR5LXByaW50IGNvbW1pdCBjb3VudHMgYW5kIG90aGVyIG51bWJlcnM=-->Pretty-print commit counts and other numbers<!--description-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9634) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9667)): <!--number 9667 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIGBtYXJrdXBgIGNsYXNzIHRvIHByb2plY3QgZGVzY3JpcHRpb25z-->fix(ui): add `markup` class to project descriptions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8399): <!--number 8399 --><!--line 0 --><!--description Zml4KHVpKTogbWFrZSByZWxlYXNlcyBmaWx0ZXJpbmcgcmVzcG9uc2l2ZQ==-->fix(ui): make releases filtering responsive<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9181): <!--number 9181 --><!--line 0 --><!--description Zml4KHVpKTogcmV3b3JrZWQgZmlsZSBwcmV2aWV3IHBsYWNlbWVudCB0b3dhcmRzIGJldHRlciBIVE1MIHZhbGlkaXR5-->fix(ui): reworked file preview placement towards better HTML validity<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9398): <!--number 9398 --><!--line 0 --><!--description Zml4KHVpKTogZml4IGFsaWdubWVudCBvZiBpdGVtcyBpbiB0YWcgc2lnbmF0dXJl-->fix(ui): fix alignment of items in tag signature<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9182): <!--number 9182 --><!--line 0 --><!--description Zml4KHVpKTogdW5lc2NhcGUgZmlsZSBuYW1lcyBpbiBjb21taXQgaGFzaCBsaW5rcw==-->fix(ui): unescape file names in commit hash links<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8418): <!--number 8418 --><!--line 0 --><!--description Zml4KHVpKTogdmlzdWFsbHkgZGlzdGluZ3Vpc2ggdGhlIGJyYW5jaCBuYW1lIGluIGFjdGlvbiBkZXNjcmlwdGlvbg==-->fix(ui): visually distinguish the branch name in action description<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8943): <!--number 8943 --><!--line 0 --><!--description cHJlc2VydmVkICdDdXN0b20gYWNjZXNzJyBldmVuIGFmdGVyIG5vIHBlcm1pc3Npb25z-->preserved 'Custom access' even after no permissions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8363): <!--number 8363 --><!--line 0 --><!--description Zml4KHVpKTogc2hvdyBwYXJ0aWNpcGFudHMgaW4gbWVudGlvbiBzdWdnZXN0aW9ucyBpbiBwciByZXZpZXc=-->fix(ui): show participants in mention suggestions in pr review<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9400): <!--number 9400 --><!--line 0 --><!--description Zml4KHVpKTogYXBwbHkgYmFja2dyb3VuZCBjb2xvciB0byB3aWtpIGNvbnRlbnQ=-->fix(ui): apply background color to wiki content<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8984): <!--number 8984 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBzaWduYXR1cmUgYm94IHJlc3BvbnNpdmVuZXNz-->fix(ui): improve signature box responsiveness<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9262): <!--number 9262 --><!--line 0 --><!--description aWdub3JlIGV4aXN0ZW5jZSBvZiBjb21taXRzIGZvciBmb3JjZSBwdXNoZXM=-->ignore existence of commits for force pushes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8923): <!--number 8923 --><!--line 0 --><!--description Zml4KHVpKTogbWFrZSB1bmljb2RlIGVzY2FwZSB3b3JrIGluIHdpa2k=-->fix(ui): make unicode escape work in wiki<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9099): <!--number 9099 --><!--line 0 --><!--description cHJldmVudCBpbml0aWFsICdibGFuaycgZGlzcGxheSBvZiBhY3Rpb24gbG9ncyB2aWV3LCByZW1vdmUgdW5uZWNlc3NhcnkgQVBJIGNhbGxz-->prevent initial 'blank' display of action logs view, remove unnecessary API calls<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9052): <!--number 9052 --><!--line 0 --><!--description ZG9uJ3QgYWxsb3cgY29tbWVudCBib3hlcyB0byBzdHJldGNoIG91dHNpZGUgZGlmZiBib3VuZHJpZXMgb24gc21hbGwgZGV2aWNlIFVJ-->don't allow comment boxes to stretch outside diff boundries on small device UI<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7703): <!--number 7703 --><!--line 0 --><!--description aGlkZSBlZGl0IGJ1dHRvbiBvbiB0YWcgcmVsZWFzZXMsIGltcHJvdmUgZ2hvc3QgdXNlciBkaXNwbGF5LCBmaXggdGFnIHNpZ25hdHVyZSBiYW5uZXI=-->hide edit button on tag releases, improve ghost user display, fix tag signature banner<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8266): <!--number 8266 --><!--line 0 --><!--description Zml4KHVpKTogcmVzb2x2ZWQgNTAwIGVycm9yIHVwb24gY2xpY2tpbmcgICdDbGVhciBtaWxlc3RvbmUnIGJ1dHRvbiB3aGVuIHRoZXJlJ3Mgbm8gbWlsZXN0b25lcyBhdmFpbGFibGUgaW4gSXNzdWUgcGFnZQ==-->fix(ui): resolved 500 error upon clicking  'Clear milestone' button when there's no milestones available in Issue page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8496): <!--number 8496 --><!--line 0 --><!--description Zml4KHVpKTogY29tcGFyZSBicmFuY2hlcyBldmVuIHdpdGggcHVsbCByZXF1ZXN0cyBkaXNhYmxlZA==-->fix(ui): compare branches even with pull requests disabled<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9600): <!--number 9600 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8977): <!--number 8977 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9347): <!--number 9347 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9259): <!--number 9259 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9108): <!--number 9108 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9013): <!--number 9013 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8535): <!--number 8535 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8673): <!--number 8673 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8744): <!--number 8744 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8826): <!--number 8826 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8891): <!--number 8891 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8490): <!--number 8490 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8410): <!--number 8410 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8295): <!--number 8295 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8238): <!--number 8238 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
+- Features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9638) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9689)): <!--number 9689 --><!--line 0 --><!--description VXBsb2FkZWQgYXZhdGFyIGltYWdlcyBjYW4gc29tZXRpbWVzIGNvbnRhaW4gdW5leHBlY3RlZCBtZXRhZGF0YSBzdWNoIGFzIHRoZSBsb2NhdGlvbiB3aGVyZSB0aGUgaW1hZ2Ugd2FzIGNyZWF0ZWQsIG9yIHRoZSBkZXZpY2UgdGhlIGltYWdlIHdhcyBjcmVhdGVkIHdpdGgsIHN0b3JlZCBpbiBhIGZvcm1hdCBjYWxsZWQgRVhJRi4gRm9yZ2VqbyBub3cgcmVtb3ZlcyBFWElGIGRhdGEgd2hlbiBjdXN0b20gdXNlciBhbmQgcmVwb3NpdG9yeSBpbWFnZXMgYXJlIHVwbG9hZGVkIGluIG9yZGVyIHRvIHJlZHVjZSB0aGUgcmlzayBvZiBwZXJzb25hbGx5IGlkZW50aWZpYWJsZSBpbmZvcm1hdGlvbiBiZWluZyBsZWFrZWQgdW5leHBlY3RlZGx5LiBBIG5ldyBDTEkgc3ViY29tbWFuZCBgZm9yZ2VqbyBkb2N0b3IgYXZhdGFyLXN0cmlwLWV4aWZgIGNhbiBiZSB1c2VkIHRvIHN0cmlwIEVYSUYgaW5mb3JtYXRpb24gZnJvbSBhbGwgZXhpc3RpbmcgYXZhdGFyczsgd2UgcmVjb21tZW5kIHRoYXQgYWRtaW5pc3RyYXRvcnMgcnVuIHRoaXMgY29tbWFuZCBvbmNlIGFmdGVyIHVwZ3JhZGUgaW4gb3JkZXIgdG8gbWluaW1pemUgdGhpcyByaXNrIGZvciBleGlzdGluZyBzdG9yZWQgZmlsZXMu-->Uploaded avatar images can sometimes contain unexpected metadata such as the location where the image was created, or the device the image was created with, stored in a format called EXIF. Forgejo now removes EXIF data when custom user and repository images are uploaded in order to reduce the risk of personally identifiable information being leaked unexpectedly. A new CLI subcommand `forgejo doctor avatar-strip-exif` can be used to strip EXIF information from all existing avatars; we recommend that administrators run this command once after upgrade in order to minimize this risk for existing stored files.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8708): <!--number 8708 --><!--line 0 --><!--description YXNzb3J0ZWQgQWN0aXZpdHlQdWIgY29kZSBvbmx5IHJlZmFjdG9ycw==-->assorted ActivityPub code only refactors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8667): <!--number 8667 --><!--line 0 --><!--description ZmVhdChsb2dnZXIpOiByZW5hbWUgc2V0dGluZ3MgZm9yIGNvbnNpc3RlbmN5IGFuZCByZW1vdmUgb2Jzb2xldGUgc2V0dGluZ3M=-->feat(logger): rename settings for consistency and remove obsolete settings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8831): <!--number 8831 --><!--line 0 --><!--description QnJpbmcgInJlbW92ZSBhIGxhYmVsIGZyb20gaXNzdWUiIEFQSSBpbiBsaW5lIHdpdGggR2l0SHViIGVxdWl2YWxlbnQ=-->Bring "remove a label from issue" API in line with GitHub equivalent<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9060): <!--number 9060 --><!--line 0 --><!--description cmVqZWN0IHBhc3N3b3JkIHJlc2V0IGF0dGVtcHRzIGZvciBPQXV0aDIgdXNlcnMgd2l0aG91dCBhIGN1cnJlbnQgcGFzc3dvcmQ=-->reject password reset attempts for OAuth2 users without a current password<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9056): <!--number 9056 --><!--line 0 --><!--description ZmVhdChsb2cpOiBiZXR0ZXIgcGFyc2VhYmxlIGFuZCBjb25maWd1cmFibGUgc3NoLWxvZ3M=-->feat(log): better parseable and configurable ssh-logs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7940): <!--number 7940 --><!--line 0 --><!--description YWRkIGNvbmZpZ3VyYWJsZSB0aW1lb3V0IGZvciBhdXRvbWF0aWNhbGx5IHJlbW92aW5nIHJlc29sdmVkIHJlcG9ydHM=-->add configurable timeout for automatically removing resolved reports<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8513): <!--number 8513 --><!--line 0 --><!--description QWRkIHN1cHBvcnQgZm9yIG1pZ3JhdGluZyBmcm9tIFBhZ3VyZQ==-->Add support for migrating from Pagure<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8116): <!--number 8116 --><!--line 0 --><!--description YWRkIF9VUkkgZW50cmllcyBmb3IgbWFpbCBjb25maWc=-->add _URI entries for mail config<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8275): <!--number 8275 --><!--line 0 --><!--description SW1wcm92ZWQgc2lnbmF0dXJlIGhhbmRsaW5nICYgaW5zdGFuY2UgYWN0b3I=-->Improved signature handling & instance actor<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8792): <!--number 8792 --><!--line 0 --><!--description U2VudCB1c2VyIGFjdGl2aXRpZXMgdG8gZGlzdGFudCBmZWRlcmF0ZWQgc2VydmVy-->Sent user activities to distant federated server<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8720): <!--number 8720 --><!--line 0 --><!--description QWRkIEFjdGl2aXR5UHViIFBlcnNvbiBmb2xsb3cgZnJvbSBkaXN0YW50-->Add ActivityPub Person follow from distant<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8851): <!--number 8851 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBnb3JvdXRpbmUgUElEIGxvZ2dpbmc=-->chore: remove goroutine PID logging<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8297): <!--number 8297 --><!--line 0 --><!--description Z2l0L2Jsb2I6IEdldENvbnRlbnRCYXNlNjQgd2l0aCBmZXdlciBhbGxvY2F0aW9ucyBhbmQgbm8gZ29yb3V0aW5l-->git/blob: GetContentBase64 with fewer allocations and no goroutine<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8332): <!--number 8332 --><!--line 0 --><!--description bWFrZSBBUEkgcHVsbCBhbmQgY29tcGFyZSBlbmRwb2ludCByZWZlcmVuY2VzIHRvIGhlYWQgbW9yZSByb2J1c3Q=-->make API pull and compare endpoint references to head more robust<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8438): <!--number 8438 --><!--line 0 --><!--description Z2l0L2NvbW1pdDogcmUtaW1wbGVtZW50IHN1Ym1vZHVsZXMgZmlsZSByZWFkZXI=-->git/commit: re-implement submodules file reader<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8212): <!--number 8212 --><!--line 0 --><!--description YWRkIEVYQ0xVU0lPTiB0byBsb2dnaW5nIG1vZGU=-->add EXCLUSION to logging mode<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8594): <!--number 8594 --><!--line 0 --><!--description YWRkIHNvcnQgcGFyYW1ldGVyIGZvciB1c2Vycy9zZWFyY2ggYXBpIGVuZHBvaW50-->add sort parameter for users/search api endpoint<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8932): <!--number 8932 --><!--line 0 --><!--description QWxsb3cgY29udmVydGluZyBtaXJyb3IgcmVwb3MgdG8gbm9ybWFsIHRocm91Z2ggdGhlIEFQSQ==-->Allow converting mirror repos to normal through the API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8820): <!--number 8820 --><!--line 0 --><!--description dXBkYXRlIGJyb2tlbiBnaXQgaG9vayBlcnJvcg==-->update broken git hook error<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9309): <!--number 9309 --><!--line 0 --><!--description YXZvaWQgZXhwZW5zaXZlIFNRTCBmb3Igb3JnIGhvbWU=-->avoid expensive SQL for org home<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9285): <!--number 9285 --><!--line 0 --><!--description bWFrZSB1cGxvYWQgVVJMIGNvbXBhdGlibGUgd2l0aCBHaXRIdWIgQVBJ-->make upload URL compatible with GitHub API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8798): <!--number 8798 --><!--line 0 --><!--description YWxsb3cgbW9yZSBSRUFETUUgZm9ybWF0cyBmb3IgYC5wcm9maWxlYA==-->allow more README formats for `.profile`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8479): <!--number 8479 --><!--line 0 --><!--description QUdpdCBwdXNoIG9wdGlvbnMgc3RhcnRpbmcgd2l0aCBge2Jhc2U2NH1gIGFyZSBkZWNvZGVk-->AGit push options starting with `{base64}` are decoded<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8863): <!--number 8863 --><!--line 0 --><!--description c2VhcmNoIGluIHRoZSBgZG9jc2AgZGlyZWN0b3J5IGZvciBpc3N1ZSBhbmQgcHVsbCByZXF1ZXN0IHRlbXBsYXRlcw==-->search in the `docs` directory for issue and pull request templates<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8451): <!--number 8451 --><!--line 0 --><!--description aW1wcm92ZSBjaGVja2luZyBpZiBkaWZmcyBkaWZmZXI=-->improve checking if diffs differ<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8861): <!--number 8861 --><!--line 0 --><!--description ZW5hYmxlIEgyQyBmb3IgdGhlIEhUVFAgc2VydmVy-->enable H2C for the HTTP server<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8377): <!--number 8377 --><!--line 0 --><!--description ZGV0ZWN0IEludGVybGlzcCBzb3VyY2VzIGFzIHRleHQ=-->detect Interlisp sources as text<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8714): <!--number 8714 --><!--line 0 --><!--description YWRkIG9wdGlvbiB0byBhbGxvdyBub24tbG9jYWwgdXNlcnMgdG8gY2hhbmdlIHVzZXJuYW1lcw==-->add option to allow non-local users to change usernames<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8783): <!--number 8783 --><!--line 0 --><!--description W2A1ZDU2OTcwYF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC81ZDU2OTcwKSBBZGQgYHV2LmxvY2tgIHRvIFRPTUwgbGV4ZXI=-->chroma: [`5d56970`](https://github.com/alecthomas/chroma/commit/5d56970) Add `uv.lock` to TOML lexer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8783): <!--number 8783 --><!--line 1 --><!--description W2BhNTNjOTI0YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC9hNTNjOTI0KSBjcmVhdGUgTGV4ZXIgZm9yIE51-->chroma: [`a53c924`](https://github.com/alecthomas/chroma/commit/a53c924) create Lexer for Nu<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8783): <!--number 8783 --><!--line 2 --><!--description W2BhYmUwMTk1YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC9hYmUwMTk1KSBjcmVhdGUgbGV4ZXIgZm9yIGxveA==-->chroma: [`abe0195`](https://github.com/alecthomas/chroma/commit/abe0195) create lexer for lox<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8783): <!--number 8783 --><!--line 3 --><!--description W2BmM2JlNGM2YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC9mM2JlNGM2KSBjcmVhdGUgbGV4ZXIgZm9yIEdlbXRleHQ=-->chroma: [`f3be4c6`](https://github.com/alecthomas/chroma/commit/f3be4c6) create lexer for Gemtext<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8783): <!--number 8783 --><!--line 4 --><!--description W2BhY2QyMWM2YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC9hY2QyMWM2KSBhZGQgYXNwZWN0LXJhdGlvIHByb3BlcnR5IHRvIGNzcy54bWw=-->chroma: [`acd21c6`](https://github.com/alecthomas/chroma/commit/acd21c6) add aspect-ratio property to css.xml<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8783): <!--number 8783 --><!--line 5 --><!--description W2BkMGFkNjc5YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC9kMGFkNjc5KSBpbXByb3ZlIEdvIGxleGVy-->chroma: [`d0ad679`](https://github.com/alecthomas/chroma/commit/d0ad679) improve Go lexer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8347): <!--number 8347 --><!--line 0 --><!--description SW50cm9kdWNlIGdsb2JhbCBNZXJnZSBNZXNzYWdlIFRlbXBsYXRlcw==-->Introduce global Merge Message Templates<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8393): <!--number 8393 --><!--line 0 --><!--description W2A5NzBlYWNjYF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC85NzBlYWNjKSBhZGQgTW9vblNjcmlwdCBsZXhlcg==-->chroma: [`970eacc`](https://github.com/alecthomas/chroma/commit/970eacc) add MoonScript lexer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8393): <!--number 8393 --><!--line 1 --><!--description W2BiYzYwODI2YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC9iYzYwODI2KSBhZGQgQ29yZSBsZXhlcg==-->chroma: [`bc60826`](https://github.com/alecthomas/chroma/commit/bc60826) add Core lexer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7823): <!--number 7823 --><!--line 0 --><!--description cHVzaCBtaXJyb3IgdG8gaGF2ZSBvcHRpb24gdG8gb25seSBwdXNoIHNlbGVjdGVkIGJyYW5jaGVz-->push mirror to have option to only push selected branches<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8426): <!--number 8426 --><!--line 0 --><!--description aWYgT0F1dGgyIGlzIGRpc2FibGVkIHJldHVybiAnTm90IGZvdW5kJyBmb3Igb3BlbmlkIGNvbmZpZ3VyYXRpb24=-->if OAuth2 is disabled return 'Not found' for openid configuration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8383): <!--number 8383 --><!--line 0 --><!--description YWRkIGAtLWF0dHJpYnV0ZS1zc2gtcHViaWMta2V5YCB0byBmb3JnZWpvIGFkbWluIGF1dGggYWRkLW9hdXRoIGFuZCB1cGRhdGUtb2F1dGggQ0xJ-->add `--attribute-ssh-pubic-key` to forgejo admin auth add-oauth and update-oauth CLI<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8325): <!--number 8325 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFkZCByZXBvc2l0b3J5IGRlc2NyaXB0aW9uIHRvIG9nOmltYWdlOmFsdA==-->feat(ui): add repository description to og:image:alt<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9033): <!--number 9033 --><!--line 0 --><!--description cXVvdGEgZXZhbHVhdGlvbiBydWxlcyBub3Qgd29ya2luZyBwcm9wZXJseQ==-->quota evaluation rules not working properly<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8957): <!--number 8957 --><!--line 0 --><!--description YXJ0aWZhY3RzIGNhbiBiZSBkb3dubG9hZGVkIHVzaW5nIHRoZWlyIGlkIGluc3RlYWQgb2YgdGhlaXIgbmFtZQ==-->artifacts can be downloaded using their id instead of their name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9536): <!--number 9536 --><!--line 0 --><!--description Zml4OiBmYWlsdXJlIHRvIHBhcnNlIGBvbmAgYmxvY2sgcmVzdWx0cyBpbiB1bmNvbmRpdGlvbmFsIHdvcmtmbG93IGV4ZWN1dGlvbg==-->fix: failure to parse `on` block results in unconditional workflow execution<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8378): <!--number 8378 --><!--line 0 --><!--description Rml4IGludmlzaWJsZSBpZnJhbWVzIHdpdGggUkVOREVSX0NPTlRFTlRfTU9ERT1pZnJhbWU=-->Fix invisible iframes with RENDER_CONTENT_MODE=iframe<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9468) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9471)): <!--number 9471 --><!--line 0 --><!--description Zml4OiBwYWNrYWdlIGNsZWFuZWQgcnVsZSBmYWlscyBpZiB0aGUga2VlcCBjb3VudCBpcyB0b28gaGlnaA==-->fix: package cleaned rule fails if the keep count is too high<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8844): <!--number 8844 --><!--line 0 --><!--description cHJldmVudCB1c2VyLWVudGVyZWQgdGV4dCB3aXRoIHwgY2hhcmFjdGVycyBmcm9tIGJlaW5nIHRydW5jYXRlZCBpbiBhY3Rpdml0eSBmZWVk-->prevent user-entered text with | characters from being truncated in activity feed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8853): <!--number 8853 --><!--line 0 --><!--description UFIgcmV2aWV3IGRpc21pc3NhbHMgd2VyZSBub3QgYXBwZWFyaW5nIGluIGFjdGl2aXR5IGZlZWQ=-->PR review dismissals were not appearing in activity feed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8896): <!--number 8896 --><!--line 0 --><!--description Y29tbWVudCBzdGFydGluZyB3aXRoIGEgbWVybWFpZCBibG9jayBkaXNwbGF5cyBlcnJvciBpbiBhY3Rpdml0eSBmZWVk-->comment starting with a mermaid block displays error in activity feed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8880): <!--number 8880 --><!--line 0 --><!--description TWFya2Rvd246IGdlbmVyYXRlIHVuaXF1ZSBwZXIgY29tbWVudCBIVE1MIElEcyBmb3IgZm9vdG5vdGVzIGFuZCBoZWFkZXJz-->Markdown: generate unique per comment HTML IDs for footnotes and headers<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9098): <!--number 9098 --><!--line 0 --><!--description dmVyeSBsb25nIGNvbW1pdCBtZXNzYWdlcyBjYXVzZSBwdXNoZWQgY29tbWl0cyB0byBmYWlsIHRvIGRpc3BsYXkgb24gdGhlIGFjdGlvbiBmZWVkIG9uIE15U1FM-->very long commit messages cause pushed commits to fail to display on the action feed on MySQL<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8900): <!--number 8900 --><!--line 0 --><!--description cGFyc2UgZXh0cmEgd2VpcmQgdHJlZSBtb2RlIHZhbHVl-->parse extra weird tree mode value<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9307): <!--number 9307 --><!--line 0 --><!--description cmVzcGVjdCBVSSBERUZBVUxUX1NIT1dfRlVMTF9OQU1FIHNldHRpbmcgaW4gZW1haWwgRnJvbTogaGVhZGVycw==-->respect UI DEFAULT_SHOW_FULL_NAME setting in email From: headers<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9360): <!--number 9360 --><!--line 0 --><!--description Y2hlY2sgdGFyZ2V0IHJlcG8gbGltaXQgaW5zdGVhZCBvZiB1c2VyIHJlcG8gbGltaXQ=-->check target repo limit instead of user repo limit<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8424): <!--number 8424 --><!--line 0 --><!--description ZW5hYmxlIG11bHRpLWxpbmUgbWF0aCBlcXVhdGlvbnMgaW4gd2lraQ==-->enable multi-line math equations in wiki<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9158): <!--number 9158 --><!--line 0 --><!--description QWN0aW9ucyBsb2cgdmlldyBzdG9wcyByZWZyZXNoaW5nIGFmdGVyIHRoZSBkaXNwbGF5ZWQgam9iIGlzIGZpbmlzaGVkLCBldmVuIGlmIG90aGVyIGpvYnMgYXJlIHN0aWxsIHJ1bm5pbmc=-->Actions log view stops refreshing after the displayed job is finished, even if other jobs are still running<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8854): <!--number 8854 --><!--line 0 --><!--description c3RhbmRhcmRpemUgdHJ1bmNhdGlvbiBvZiB1c2VyLWVudGVyZWQgY29tbWVudCB0ZXh0IGluIGFjdGl2aXR5IGZlZWQ=-->standardize truncation of user-entered comment text in activity feed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8889): <!--number 8889 --><!--line 0 --><!--description YWxsb3cgQWN0aW9ucyB0b2tlbnMgdG8gYWNjZXNzIHJlcG9zIHJlYWRhYmxlIGJ5IHNpZ25lZCBpbiB1c2Vycw==-->allow Actions tokens to access repos readable by signed in users<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8850): <!--number 8850 --><!--line 0 --><!--description YWxsb3cgRm9yZ2VqbyBBY3Rpb25zIGVudmlyb25tZW50IHZhcmlhYmxlcyBzdGFydGluZyB3aXRoIENJ-->allow Forgejo Actions environment variables starting with CI<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8783): <!--number 8783 --><!--line 6 --><!--description W2AxY2EyNGM5YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC8xY2EyNGM5KSBjb3JyZWN0IGxleGluZyBBUyBrZXl3b3JkIGZvciBkb2NrZXI=-->chroma: [`1ca24c9`](https://github.com/alecthomas/chroma/commit/1ca24c9) correct lexing AS keyword for docker<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8783): <!--number 8783 --><!--line 7 --><!--description W2AxZjQ4ZTY1YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC8xZjQ4ZTY1KSBtYXJrZG93bjogZG9uJ3QgZGVsZWdhdGUgdG8gSFRNTCBsZXhlcg==-->chroma: [`1f48e65`](https://github.com/alecthomas/chroma/commit/1f48e65) markdown: don't delegate to HTML lexer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8783): <!--number 8783 --><!--line 8 --><!--description W2BkZmIyODE5YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC9kZmIyODE5KSBGaXhlZCBPYmplY3RQYXNjYWwgY29tbWVudCBpc3N1ZQ==-->chroma: [`dfb2819`](https://github.com/alecthomas/chroma/commit/dfb2819) Fixed ObjectPascal comment issue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8393): <!--number 8393 --><!--line 2 --><!--description W2AyYzIwNDczYF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC8yYzIwNDczKSBSUEdMRTogdmFyaW91cyBsZXhlciAmIHN0eWxlIGZpeGVz-->chroma: [`2c20473`](https://github.com/alecthomas/chroma/commit/2c20473) RPGLE: various lexer & style fixes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8393): <!--number 8393 --><!--line 3 --><!--description W2BjODAzZDc5YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC9jODAzZDc5KSB6aWc6IGRldGVjdCB6aWcgb2JqZWN0IG5vdGF0aW9uIGZpbGVzIGFzIHppZw==-->chroma: [`c803d79`](https://github.com/alecthomas/chroma/commit/c803d79) zig: detect zig object notation files as zig<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8393): <!--number 8393 --><!--line 4 --><!--description W2BmZmVkYmY0YF0oaHR0cHM6Ly9naXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL2NvbW1pdC9mZmVkYmY0KSBrb3RsaW46IGRldGVjdCBrb3RsaW4gc2NyaXB0IGZpbGVzIGFzIGtvdGxpbg==-->chroma: [`ffedbf4`](https://github.com/alecthomas/chroma/commit/ffedbf4) kotlin: detect kotlin script files as kotlin<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9687): <!--number 9687 --><!--line 0 --><!--description cmUtYWRkIGFjY2lkZW50YWxseSByZW1vdmVkIGNsb3NpbmcgdGFnIG9mIGRpdg==-->re-add accidentally removed closing tag of div<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9680): <!--number 9680 --><!--line 0 --><!--description cmV2ZXJ0cyAiZml4OiB0ZW1wb3JhcmlseSBwaW4gcmVsZWFzZSBidWlsZHMgdG8gR28gMS4yNC43ICgjOTY1OCki-->reverts "fix: temporarily pin release builds to Go 1.24.7 (#9658)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9658): <!--number 9658 --><!--line 0 --><!--description Zml4OiB0ZW1wb3JhcmlseSBwaW4gcmVsZWFzZSBidWlsZHMgdG8gR28gMS4yNC43-->fix: temporarily pin release builds to Go 1.24.7<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9645) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9674)): <!--number 9674 --><!--line 0 --><!--description Zml4OiBhdm9pZCBqdW1waW5nIHRvIGJlZ2luIG9mIHBhZ2Ugb24gZWRpdCBjb21tZW50IGFjdGlvbiAoIzk2NDUp-->fix: avoid jumping to begin of page on edit comment action (#9645)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9662) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9672)): <!--number 9672 --><!--line 0 --><!--description Y2hvcmUoZTJlKTogdGVzdCBmbGFraW5lc3MgaW4gd2ViYXV0aG4udGVzdC5lMmUudHM=-->chore(e2e): test flakiness in webauthn.test.e2e.ts<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9092): <!--number 9092 --><!--line 0 --><!--description Zml4KGkxOG4vZW4pOiB1cGRhdGUgYSBmZXcgc291cmNlIHN0cmluZ3M=-->fix(i18n/en): update a few source strings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9626) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9637)): <!--number 9637 --><!--line 0 --><!--description Zml4KHVpL3JlbGVhc2VzKTogc3RyZWNoIGVsZW1lbnRzIGFwYXJ0IHdoZW4gbm8gc2VhcmNoIGJhcg==-->fix(ui/releases): strech elements apart when no search bar<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8936): <!--number 8936 --><!--line 0 --><!--description Y2hvcmU6IGRvIG5vdCBpbXBvc2UgbWVyZ2UgcmVxdWlyZW1lbnRzIHRvIGNhc2NhZGluZyBwdWxsIHJlcXVlc3Rz-->chore: do not impose merge requirements to cascading pull requests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9011): <!--number 9011 --><!--line 0 --><!--description Y2hvcmUoaTE4bik6IGNsZWFuIHVwIG9ycGhhbnM=-->chore(i18n): clean up orphans<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9504) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9515)): <!--number 9515 --><!--line 0 --><!--description Zml4OiBhbGxvdyB1bmFjdGl2YXRlZCB1c2VycyB0byBzZW5kIHJlY292ZXJ5IG1haWxz-->fix: allow unactivated users to send recovery mails<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9134): <!--number 9134 --><!--line 0 --><!--description Y2hvcmU6IGZpeCBhIGZldyB0eXBvcyBpbiB0aGUgZG9jdW1lbnRhdGlvbg==-->chore: fix a few typos in the documentation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9611) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9620)): <!--number 9620 --><!--line 0 --><!--description Y2hvcmUoY2kpOiBsaW1pdCBMREFQIHNlcnZpY2UgY29udGFpbmVyIG1lbW9yeSB1c2FnZSB0byA1MDBN-->chore(ci): limit LDAP service container memory usage to 500M<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8908) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9622)): <!--number 9622 --><!--line 0 --><!--description Y2hvcmU6IFRlc3RQYXJzZUdpdFVSTHMgbXVzdCB1c2UgYSB2YWxpZCBJUHY2IGFkZHJlc3M=-->chore: TestParseGitURLs must use a valid IPv6 address<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8709): <!--number 8709 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBtaXNzaW5nIHRyYW5zbGF0aW9u-->chore: add missing translation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9534) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9540)): <!--number 9540 --><!--line 0 --><!--description Zml4KHVpKTogcmV3b3JrZWQgZmlsZSBwcmV2aWV3IHBsYWNlbWVudCB0b3dhcmRzIGJldHRlciBIVE1MIHZhbGlkaXR5LCB0YWtlIDI=-->fix(ui): reworked file preview placement towards better HTML validity, take 2<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8689): <!--number 8689 --><!--line 0 --><!--description Zml4KHVpKTogaXNzdWUgY29tbWVudCByZXZpZXcgcmVxdWVzdCB0YXJnZXRzIHdoZW4gYWdncmVnYXRlZA==-->fix(ui): issue comment review request targets when aggregated<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8267): <!--number 8267 --><!--line 0 --><!--description YWJ1c2UgcmVwb3J0cyBzdHJpbmcgZGF0YSB0eXBlcw==-->abuse reports string data types<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9257): <!--number 9257 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgZGlzcGxheSBvZiB0YWdzIGluIGNvbW1pdCBsaXN0-->feat(ui): improve display of tags in commit list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9293): <!--number 9293 --><!--line 0 --><!--description bG9hZGluZyBhY3Rpb24gbG9ncyBvbiBhIHRhc2sgdGhhdCBpc24ndCBmZXRjaGVkIHlldCwgZmFpbHMgd2hlbiB0aGUgam9iIGlzIGZldGNoZWQ=-->loading action logs on a task that isn't fetched yet, fails when the job is fetched<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9417): <!--number 9417 --><!--line 0 --><!--description dXBncmFkZSB0byB0aGUgbGRhcCB2ZXJzaW9uIHVzZWQgZm9yIHRlc3RpbmcgdG8gMi41-->upgrade to the ldap version used for testing to 2.5<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9502) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9506)): <!--number 9506 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBQYWd1cmUgbWlncmF0b3IgcHJpdmF0ZSBpc3N1ZXMgY2xhcml0eQ==-->fix(ui): improve Pagure migrator private issues clarity<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9478) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9479)): <!--number 9479 --><!--line 0 --><!--description Zml4OiBtYXJrdXAgcmVuZGVyaW5nIHBhbmljIG11c3Qgbm90IGFib3J0IHRoZSBwcm9jZXNz-->fix: markup rendering panic must not abort the process<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9401) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9445)): <!--number 9445 --><!--line 0 --><!--description UmVwbGFjZSAiQWxsIHB1bGwgcmVxdWVzdHMiIGluIHJlcG8gaXNzdWUgZmlsdGVy-->Replace "All pull requests" in repo issue filter<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9326): <!--number 9326 --><!--line 0 --><!--description Y2hvcmU6IHJlcGxhY2UgeG9ybSB2MS4zLjkgd2l0aCB2MS4zLjktZm9yZ2Vqby4xLCBwcmVwYXJhdGlvbiBmb3IgZm9yZWlnbiBrZXkgYWRkaXRpb25z-->chore: replace xorm v1.3.9 with v1.3.9-forgejo.1, preparation for foreign key additions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9317): <!--number 9317 --><!--line 0 --><!--description Y2hvcmUodWkpOiBpbXByb3ZlIGRyb3Bkb3duIG9wZW5lciB2aXNpYmlsaXR5-->chore(ui): improve dropdown opener visibility<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8992): <!--number 8992 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9wcm90b2J1ZiB0byB2MS4zNi44IChmb3JnZWpvKQ==-->Update module google.golang.org/protobuf to v1.36.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8736): <!--number 8736 --><!--line 0 --><!--description ZmVhdChidWlsZCk6IGltcHJvdmUgbGludC1sb2NhbGUtdXNhZ2UgZnVydGhlcg==-->feat(build): improve lint-locale-usage further<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9049): <!--number 9049 --><!--line 0 --><!--description dGVzdHM6IERpc2FibGUgYENyZWF0ZSByZXZpZXcgZnJvbSBjb21taXRgIGZsYWt5IGUyZSB0ZXN0-->tests: Disable `Create review from commit` flaky e2e test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9395): <!--number 9395 --><!--line 0 --><!--description Q2xhcmlmeSBkZXNjcmlwdGlvbiBvZiBkZXBsb3kga2V5cw==-->Clarify description of deploy keys<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9337): <!--number 9337 --><!--line 0 --><!--description Y2hvcmUodWkpOiBSZXBsYWNlIHJlcG8tY29kZSBqUXVlcnkgdXNlLCBjb252ZXJ0IGZpbGUgdG8gdHlwZXNjcmlwdA==-->chore(ui): Replace repo-code jQuery use, convert file to typescript<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9138): <!--number 9138 --><!--line 0 --><!--description VXBkYXRlIFN3YWdnZXIgYW5ub3RhdGlvbnMgdG8gcmVmbGVjdCBhY3R1YWwgYmVoYXZpb3I=-->Update Swagger annotations to reflect actual behavior<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9381): <!--number 9381 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4xMjIuMyAoZm9yZ2Vqbyk=-->Update renovate to v41.122.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9383): <!--number 9383 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9378): <!--number 9378 --><!--line 0 --><!--description UmVtb3ZlIHJlZHVuZGFudCBjb2Rl-->Remove redundant code<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9236): <!--number 9236 --><!--line 0 --><!--description Y2hvcmU6IGZpeCB0cmFuc2llbnQgZXJyb3IgaW4gVGVzdFBhdGNoU3RhdHVzIHRlc3Rz-->chore: fix transient error in TestPatchStatus tests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9205): <!--number 9205 --><!--line 0 --><!--description Y2hvcmU6IGJ1aWxkLXJlbGVhc2UgbXVzdCBjbG9zZSB0aGUgY2FzY2FkaW5nIHB1bGwgcmVxdWVzdA==-->chore: build-release must close the cascading pull request<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9241): <!--number 9241 --><!--line 0 --><!--description Y2hvcmU6IGZpeCB0cmFuc2llbnQgZXJyb3IgaW4gVGVzdFBhdGNoU3RhdHVzIHRlc3RzICh0YWtlIDIp-->chore: fix transient error in TestPatchStatus tests (take 2)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9376): <!--number 9376 --><!--line 0 --><!--description ZG9jczogdXBkYXRlIGV4YW1wbGUgY29uZmlnIGRvY3MgZm9yIE1BWF9DUkVBVElPTl9MSU1JVA==-->docs: update example config docs for MAX_CREATION_LIMIT<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9353): <!--number 9353 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTIuMCAoZm9yZ2Vqbyk=-->Update dependency mermaid to v11.12.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9338): <!--number 9338 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc2hhcnAgdG8gdjAuMzQuNCAoZm9yZ2Vqbyk=-->Update dependency sharp to v0.34.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9366): <!--number 9366 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuNCAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.0.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9368): <!--number 9368 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEyLjAuNCBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v12.0.4 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9367): <!--number 9367 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjExLjAuNiBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v11.0.6 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9356): <!--number 9356 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHBsYXl3cmlnaHQvdGVzdCB0byB2MS41NS4wIChmb3JnZWpvKQ==-->Update dependency @playwright/test to v1.55.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9354): <!--number 9354 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMSB0byB2MTEuMS4xIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v11 to v11.1.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9301): <!--number 9301 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLXdlYmF1dGhuL3dlYmF1dGhuIHRvIHYwLjE0LjAgKGZvcmdlam8p-->Update module github.com/go-webauthn/webauthn to v0.14.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9314): <!--number 9314 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBTUUwgZmF1bHQgaW5qZWN0b3IgdGVzdGluZw==-->chore: add SQL fault injector testing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9062): <!--number 9062 --><!--line 0 --><!--description ZmVhdCh1aSk6IHJlZmFjdG9yIGluaXQgJiBjbGVhcmluZyBvZiBwYW5lbCBmb3JtcyB3aXRob3V0IGpRdWVyeQ==-->feat(ui): refactor init & clearing of panel forms without jQuery<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9327): <!--number 9327 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21ob2x0L2FyY2hpdmVzIHRvIHYwLjEuNCAoZm9yZ2Vqbyk=-->Update module github.com/mholt/archives to v0.1.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9319): <!--number 9319 --><!--line 0 --><!--description Y2hvcmU6IGRvY3VtZW50IHRoYXQgW2kxOG5dLkxBTkdTIG11c3QgY29udGFpbiBlbi1VUw==-->chore: document that [i18n].LANGS must contain en-US<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9310): <!--number 9310 --><!--line 0 --><!--description ZmFpbGluZyBiYWNrZW5kIHRlc3Rz-->failing backend tests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9302): <!--number 9302 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9299): <!--number 9299 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4xMTMuMyAoZm9yZ2Vqbyk=-->Update renovate to v41.113.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9275): <!--number 9275 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21laWxpc2VhcmNoL21laWxpc2VhcmNoLWdvIHRvIHYwLjM0LjAgKGZvcmdlam8p-->Update module github.com/meilisearch/meilisearch-go to v0.34.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9295): <!--number 9295 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvb2F1dGgyIHRvIHYwLjMxLjAgKGZvcmdlam8p-->Update module golang.org/x/oauth2 to v0.31.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9294): <!--number 9294 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjQ0LjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.44.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9291): <!--number 9291 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzEuMCAoZm9yZ2Vqbyk=-->Update module golang.org/x/image to v0.31.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9278): <!--number 9278 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQyLjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.42.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9251): <!--number 9251 --><!--line 0 --><!--description Y2hvcmU6IGltcHJvdmVtZW50cyB0byB0YWcgbGFiZWwgZGlzcGxheQ==-->chore: improvements to tag label display<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9266): <!--number 9266 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Nhc2NhZGluZy1wciBhY3Rpb24gdG8gdjIuMy4wIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/actions/cascading-pr action to v2.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9265): <!--number 9265 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS40LjEgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.4.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9194): <!--number 9194 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tYXAvanNvbmxkIGRpZ2VzdCB0byA4NDgwYjBmIChmb3JnZWpvKQ==-->Update github.com/go-ap/jsonld digest to 8480b0f (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9212): <!--number 9212 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaHRteC5vcmcgdG8gdjIuMC43IChmb3JnZWpvKQ==-->Update dependency htmx.org to v2.0.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9246): <!--number 9246 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTEuMCAoZm9yZ2Vqbyk=-->Update dependency mermaid to v11.11.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9245): <!--number 9245 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTYuNC4wIChmb3JnZWpvKQ==-->Update dependency globals to v16.4.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9218): <!--number 9218 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3Y5IHRvIHYxMSAoZm9yZ2Vqbyk=-->Update module code.forgejo.org/forgejo/runner/v9 to v11 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9229): <!--number 9229 --><!--line 0 --><!--description VXBkYXRlIHJlZ2lzdHJ5LnJlZGljdC5pby9yZWRpY3QgRG9ja2VyIHRhZyB0byB2Ny4zLjUgKGZvcmdlam8p-->Update registry.redict.io/redict Docker tag to v7.3.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9211): <!--number 9211 --><!--line 0 --><!--description dXBkYXRlIGFjdGlvbiBxdWljayBzdGFydCB1cmw=-->update action quick start url<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9228): <!--number 9228 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9wcm90b2J1ZiB0byB2MS4zNi45IChmb3JnZWpvKQ==-->Update module google.golang.org/protobuf to v1.36.9 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9227): <!--number 9227 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuMyAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.0.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9217): <!--number 9217 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBkb24ndCB1c2UgZ28gcHJveHkgZm9yIGZvcmdlam8tY29kZQ==-->chore(renovate): don't use go proxy for forgejo-code<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9208): <!--number 9208 --><!--line 0 --><!--description cmVmYWN0b3JlZCBmb3IgbGF6eSBldmFsdWF0aW9uIG9mIE1JR1JBVElPTl9QQUNLQUdFUyBhbmQgR09fVEVTVF9QQUNLQUdFUw==-->refactored for lazy evaluation of MIGRATION_PACKAGES and GO_TEST_PACKAGES<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9213): <!--number 9213 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd3JhcC1hbnNpIHRvIHY5LjAuMiAoZm9yZ2Vqbyk=-->Update dependency wrap-ansi to v9.0.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8592): <!--number 8592 --><!--line 0 --><!--description Y2hvcmU6IFVzZSBjb21tb24gU2V0Q2FwdGNoYURhdGEgaW4gbGluayBhY2NvdW50-->chore: Use common SetCaptchaData in link account<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9198): <!--number 9198 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNsaW50LXBsdWdpbi11bmljb3JuIHRvIHY2MSAoZm9yZ2Vqbyk=-->Update dependency eslint-plugin-unicorn to v61 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9197): <!--number 9197 --><!--line 0 --><!--description VXBkYXRlIHBvc3Rjc3MgKGZvcmdlam8p-->Update postcss (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9157): <!--number 9157 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9pbmZyYXN0cnVjdHVyZS9uZXh0LWRpZ2VzdCBhY3Rpb24gdG8gdjEuMi4wIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/infrastructure/next-digest action to v1.2.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8666): <!--number 8666 --><!--line 0 --><!--description cXVlcnkgdG9rZW4gYXV0aCB2ZXJzaW9uIG1pc21hdGNo-->query token auth version mismatch<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8847): <!--number 8847 --><!--line 0 --><!--description Zml4KHRlc3QpOiBUZXN0QWN0aW9uc0FydGlmYWN0T3ZlcndyaXRlIG5lZWRzIG9yZGVyZWQgcXVlcnkgZm9yIHBnc3Fs-->fix(test): TestActionsArtifactOverwrite needs ordered query for pgsql<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8842): <!--number 8842 --><!--line 0 --><!--description cHJldmVudCBwdWxsIHJlcXVlc3RzIGZyb20gYmVpbmcgbWVyZ2VkIG11bHRpcGxlIHRpbWVz-->prevent pull requests from being merged multiple times<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8771): <!--number 8771 --><!--line 0 --><!--description bWlncmF0ZSBuZXcgR2l0aHViIHJlbGVhc2UgYXNzZXRz-->migrate new Github release assets<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8690): <!--number 8690 --><!--line 0 --><!--description cmV0dXJuIGVycm9yIHdoZW4gdXNlciBpcyBub3QgcmVwbyB3cml0ZXI=-->return error when user is not repo writer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8727): <!--number 8727 --><!--line 0 --><!--description Y2hvcmUoY2kpOiBzZW5kIG1haWwgd2hlbiBkYWlseSBpbnRlZ3JhdGlvbiB0ZXN0cyBmYWls-->chore(ci): send mail when daily integration tests fail<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8897): <!--number 8897 --><!--line 0 --><!--description bWluaW8gaW5pdGlhbGl6YXRpb24gY2FuIGZyZWV6ZSBpbmRlZmluaXRlbHkgaWYgbWlzY29uZmlndXJlZA==-->minio initialization can freeze indefinitely if misconfigured<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8671): <!--number 8671 --><!--line 0 --><!--description YWxsb3cgZG91YmxlIGRpZ2l0IGVwb2NoIGZvciBEZWJpYW4gcGFja2FnZXM=-->allow double digit epoch for Debian packages<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8882): <!--number 8882 --><!--line 0 --><!--description Y29tcGFyZSB3ZWVrIGFzIG51bWJlcnMgYW5kIG5vdCBhcyBzdHJpbmdz-->compare week as numbers and not as strings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9189): <!--number 9189 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9pbmZyYXN0cnVjdHVyZS9uZXh0LWRpZ2VzdCBhY3Rpb24gdG8gdjEuMi4yIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/infrastructure/next-digest action to v1.2.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9178): <!--number 9178 --><!--line 0 --><!--description ZXh0ZW5kIG9wdGlvbnMgaW4gYnVnLXJlcG9ydHMgcmVnYXJkaW5nIHJlcHJvZHVjaWJpbGl0eSBvbiB0aGUgRm9yZ2VqbyB0ZXN0IGluc3RhbmNl-->extend options in bug-reports regarding reproducibility on the Forgejo test instance<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9187): <!--number 9187 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEyLjAuMyBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v12.0.3 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9186): <!--number 9186 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjExLjAuNSBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v11.0.5 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9172): <!--number 9172 --><!--line 0 --><!--description YWN0aW9uIHZpZXcgJ1JlLXJ1biBhbGwgam9icycgbGVhdmVzIFVJIG9uIHRoZSBsYXN0IGF0dGVtcHQsIG5vdCB0aGUgbmV3IGF0dGVtcHQ=-->action view 'Re-run all jobs' leaves UI on the last attempt, not the new attempt<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9036): <!--number 9036 --><!--line 0 --><!--description dGVzdChlMmUpOiBGaXggYW5kIHJlZmFjdG9yIHJlcG8tc2V0dGluZ3MgZmxha3kgdGVzdA==-->test(e2e): Fix and refactor repo-settings flaky test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9175): <!--number 9175 --><!--line 0 --><!--description Y2hvcmU6IGNhc2NhZGluZyBwciBhY3Rpb24gaW5wdXQgaXMgY2xvc2UsIG5vdCBjbG9zZS1tZXJnZQ==-->chore: cascading pr action input is close, not close-merge<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9169): <!--number 9169 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBtaXNzaW5nIGdvdGVzdHN1bSB0byBuaXggZGV2IHNoZWxs-->chore: add missing gotestsum to nix dev shell<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9161): <!--number 9161 --><!--line 0 --><!--description ZG8gYmV0dGVyIHBhcnNpbmcgb2YgZmlsZSBtb2Rlcw==-->do better parsing of file modes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9151): <!--number 9151 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTAuMCBbU0VDVVJJVFldIChmb3JnZWpvKQ==-->Update dependency mermaid to v11.10.0 [SECURITY] (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8991): <!--number 8991 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdnVlIHRvIHYzLjUuMjEgKGZvcmdlam8p-->Update dependency vue to v3.5.21 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9159): <!--number 9159 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZGF5anMgdG8gdjEuMTEuMTggKGZvcmdlam8p-->Update dependency dayjs to v1.11.18 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9163): <!--number 9163 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWNoaS9jaGkvdjUgdG8gdjUuMi4zIChmb3JnZWpvKQ==-->Update module github.com/go-chi/chi/v5 to v5.2.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9164): <!--number 9164 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3VsaWt1bml0ei94ei9jbWQvZ3h6IHRvIHYwLjUuMTUgKGZvcmdlam8p-->Update module github.com/ulikunitz/xz/cmd/gxz to v0.5.15 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9148): <!--number 9148 --><!--line 0 --><!--description Y2hvcmU6IGZpeCByZW5vdmF0ZS5qc29uIGZvcm1hdCBlcnJvcg==-->chore: fix renovate.json format error<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8742): <!--number 8742 --><!--line 0 --><!--description Y2hvcmU6IGdpdGh1Yi5jb20vbmVrdG9zL2FjdCBpcyBub3cgYXQgY29kZS5mb3JnZWpvLm9yZy9mb3JnZWpvL3J1bm5lci92OQ==-->chore: github.com/nektos/act is now at code.forgejo.org/forgejo/runner/v9<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9160): <!--number 9160 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTAuMSAoZm9yZ2Vqbyk=-->Update dependency mermaid to v11.10.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9156): <!--number 9156 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjQuNyAoZm9yZ2Vqbyk=-->Update dependency go to v1.24.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9150): <!--number 9150 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3VsaWt1bml0ei94eiB0byB2MC41LjE1IFtTRUNVUklUWV0gKGZvcmdlam8p-->Update module github.com/ulikunitz/xz to v0.5.15 [SECURITY] (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9137): <!--number 9137 --><!--line 0 --><!--description dGVzdHM6IGluY3JlYXNlIGBjaGVja0FjY2Vzc2liaWxpdHlgIHRpbWVvdXQgdG8gMnM=-->tests: increase `checkAccessibility` timeout to 2s<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9127): <!--number 9127 --><!--line 0 --><!--description Y2FzaW5nIG9mIFVSTCBmb3IgUGFndXJlIG1pZ3JhdGlvbiBwYWdl-->casing of URL for Pagure migration page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9051): <!--number 9051 --><!--line 0 --><!--description dGVzdChlMmUpOiBpbXByb3ZlIHJlc2lsaWVuY3kgb2YgYWNjZXNzaWJpbGl0eUNoZWNr-->test(e2e): improve resiliency of accessibilityCheck<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9105): <!--number 9105 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjExLjAuNCBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v11.0.4 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9104): <!--number 9104 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEyLjAuMiBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v12.0.2 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9041): <!--number 9041 --><!--line 0 --><!--description Y2hvcmUoaTE4bik6IG1pZ3JhdGUgbWlncmF0aW9uIGRlc2NyaXB0aW9ucyB0byBqc29u-->chore(i18n): migrate migration descriptions to json<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8987): <!--number 8987 --><!--line 0 --><!--description Zml4KHVpKTogdXNlIGNvcnJlY3Qgc3RyaW5nIGZvciBwYWd1cmUgZGVzY3JpcHRpb24=-->fix(ui): use correct string for pagure description<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9059): <!--number 9059 --><!--line 0 --><!--description dGVzdChlMmUpOiBpbXByb3ZlIHJlbGlhYmlsaXR5IG9mIHdvcmtmbG93IGxpc3QgZHluYW1pYyByZWZyZXNoIHRlc3Q=-->test(e2e): improve reliability of workflow list dynamic refresh test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9053): <!--number 9053 --><!--line 0 --><!--description Zml4KHVpKTogcmVzdG9yZSBjb2RlIHNlYXJjaCB0eXBlcw==-->fix(ui): restore code search types<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9004): <!--number 9004 --><!--line 0 --><!--description Y2hvcmU6IGNvbGxlY3QgY292ZXJhZ2UgdXNpbmcgR09DT1ZFUkRJUg==-->chore: collect coverage using GOCOVERDIR<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9035): <!--number 9035 --><!--line 0 --><!--description Y2hvcmU6IHByZWZpeCBhbGwgQWN0aW9ucyByZWxhdGVkIGludGVncmF0aW9uIHRlc3RzIHdpdGggVGVzdEFjdGlvbnM=-->chore: prefix all Actions related integration tests with TestActions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9039): <!--number 9039 --><!--line 0 --><!--description dXNlIG1vY2tlZCBIVFRQIHJlc3BvbnNlIGZvciBwYWd1cmUgbWlncmF0aW9u-->use mocked HTTP response for pagure migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8541): <!--number 8541 --><!--line 0 --><!--description c3RvcmFnZShtaW5pbyk6IHByZXZlbnQgaW8uUmVhZGVyIGNsb3Nl-->storage(minio): prevent io.Reader close<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8527): <!--number 8527 --><!--line 0 --><!--description aWdub3JlICJDbG9zZSIgZXJyb3Igd2hlbiB1cGxvYWRpbmcgY29udGFpbmVyIGJsb2I=-->ignore "Close" error when uploading container blob<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8816): <!--number 8816 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21pbmlvL21pbmlvLWdvL3Y3IHRvIHY3LjAuOTU=-->Update module github.com/minio/minio-go/v7 to v7.0.95<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8999): <!--number 8999 --><!--line 0 --><!--description Y2hvcmU6IG1ha2UgbWlncmF0aW9uIHRlc3RzIHJlbGF0aXZlIHRvIHRoZSByb290IG9mIHRoZSByZXBvc2l0b3J5-->chore: make migration tests relative to the root of the repository<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8947): <!--number 8947 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDEuMyAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.101.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8980): <!--number 8980 --><!--line 0 --><!--description Y2hvcmU6IGRlcGd1YXJkIGdvcGtnLmluL3lhbWwudjM=-->chore: depguard gopkg.in/yaml.v3<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8975): <!--number 8975 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3Y5IHRvIHY5LjEuMSAoZm9yZ2Vqbyk=-->Update module code.forgejo.org/forgejo/runner/v9 to v9.1.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8953): <!--number 8953 --><!--line 0 --><!--description Y2hvcmU6IFVwZGF0ZSB2YWx1ZSBvZiBhbGxvd1RlbXBsYXRlTGl0ZXJhbHMgYmVjYXVzZSBvZiBkZXByZWNhdGlvbiBvZiAndHJ1ZSc=-->chore: Update value of allowTemplateLiterals because of deprecation of 'true'<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8956): <!--number 8956 --><!--line 0 --><!--description Y2hvcmU6IHJlcGxhY2UgZ29wa2cuaW4veWFtbC52MyB3aXRoIGdvLnlhbWwuaW4veWFtbC92Mw==-->chore: replace gopkg.in/yaml.v3 with go.yaml.in/yaml/v3<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8374): <!--number 8374 --><!--line 0 --><!--description ZGlzYWJsZSBGb3JnZWpvIEFjdGlvbnMgZW1haWwgbm90aWZpY2F0aW9ucyBvbiByZWNvdmVyeQ==-->disable Forgejo Actions email notifications on recovery<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8258): <!--number 8258 --><!--line 0 --><!--description Y29ycnVwdGVkIHdpa2kgdW5pdCBkZWZhdWx0IHBlcm1pc3Npb24gKCM4MjM0IGZvbGxvdy11cCk=-->corrupted wiki unit default permission (#8234 follow-up)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8326): <!--number 8326 --><!--line 0 --><!--description bWFrZSBBUEkgL3JlcG9zL3tvd25lcn0ve3JlcG99L2NvbXBhcmUve2Jhc2VoZWFkfSB3b3JrIHdpdGggZm9ya3M=-->make API /repos/{owner}/{repo}/compare/{basehead} work with forks<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8461): <!--number 8461 --><!--line 0 --><!--description Y2hvcmU6IGRvIG5vdCBuYXZpZ2F0ZSB0byBzYW1lIFVSTCBpbiBFMkUgdGVzdA==-->chore: do not navigate to same URL in E2E test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8271): <!--number 8271 --><!--line 0 --><!--description Q0kgZGVidWc6IHRlc3RTbGVlcDogc2hvdyBhY3R1YWwgdGltZXMgb24gZmFpbHVyZXM=-->CI debug: testSleep: show actual times on failures<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8261): <!--number 8261 --><!--line 0 --><!--description c2tpcCBlbXB0eSB0b2tlbnMgaW4gU2VhcmNoT3B0aW9ucy5Ub2tlbnMoKQ==-->skip empty tokens in SearchOptions.Tokens()<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8320): <!--number 8320 --><!--line 0 --><!--description Y2hvcmU6IHNvcnQgYmxvY2tlZCB1c2VycyBsaXN0IGZvciBkZXRlcm1pc3RpYyByZXN1bHRz-->chore: sort blocked users list for determistic results<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8366): <!--number 8366 --><!--line 0 --><!--description Y2FuY2VsbGVkIG9yIHNraXBwZWQgcnVucyBhcmUgbm90IGZhaWx1cmVzIGZvciBub3RpZmljYXRpb25z-->cancelled or skipped runs are not failures for notifications<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8304): <!--number 8304 --><!--line 0 --><!--description cGFzcyBkb2VyJ3MgSUQgZm9yIENSVUQgaW5zdGFuY2Ugc2lnbmluZw==-->pass doer's ID for CRUD instance signing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8464): <!--number 8464 --><!--line 0 --><!--description dXNlIHBhcmVudCBjb250ZXh0IGZvciBuZXcgdHJhbnNhY3Rpb25z-->use parent context for new transactions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8460): <!--number 8460 --><!--line 0 --><!--description Y2hvcmU6IGRpc2FibGUgbWlzbWF0Y2hlZCByb290IFVSTCBlMmUgdGVzdCBmb3Igc2FmYXJp-->chore: disable mismatched root URL e2e test for safari<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8286): <!--number 8286 --><!--line 0 --><!--description UmV2ZXJ0ICJmaXgoYXBpKTogZG9jdW1lbnQgYGlzX3N5c3RlbV93ZWJob29rYCBmaWVsZCAoIzc3ODQpIg==-->Revert "fix(api): document `is_system_webhook` field (#7784)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8448): <!--number 8448 --><!--line 0 --><!--description Zml4KGVtYWlsKTogYWN0aW9ucyBub3RpZmljYXRpb24gdGVtcGxhdGUgY29uZnVzZXMgYnJhbmNoIHdpdGggUFI=-->fix(email): actions notification template confuses branch with PR<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8400): <!--number 8400 --><!--line 0 --><!--description Y2hvcmU6IGltcHJvdmUgcmVsaWFiaWxpdHkgb2Ygd2ViYXV0aG4gZTJlIHRlc3Q=-->chore: improve reliability of webauthn e2e test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8002): <!--number 8002 --><!--line 0 --><!--description Zml4KHVpKTogcmVsZWFzZTogbmFtZSBpcyBvdmVycmlkZGVuIHdpdGggdGFnIG5hbWUgb24gZWRpdA==-->fix(ui): release: name is overridden with tag name on edit<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8524): <!--number 8524 --><!--line 0 --><!--description Y2hvcmU6IGZhaWxlZCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0cyBhcmUgbm90IGVycm9ycyBhbmQgYXJlIGRpc3BsYXllZCBhdCB0aGUgbG9nIGluZm8gbGV2ZWw=-->chore: failed authentication attempts are not errors and are displayed at the log info level<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8492): <!--number 8492 --><!--line 0 --><!--description Zml4KGNvZGUtc2VhcmNoKTogSGlnaGxpZ2h0U2VhcmNoUmVzdWx0Q29kZSBzaG91bGQgY291bnQgdGhlIG51bWJlciBvZiBieXRlcyBhbmQgbm90IHRoZSBudW1iZXIgb2YgcnVuZXM=-->fix(code-search): HighlightSearchResultCode should count the number of bytes and not the number of runes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8611): <!--number 8611 --><!--line 0 --><!--description Y2hvcmU6IGRpc2FibGUgRTJFIHRlc3QgZm9yIHdlYmtpdA==-->chore: disable E2E test for webkit<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8638): <!--number 8638 --><!--line 0 --><!--description UmV2ZXJ0ICJmaXgoY2kpOiBwdWxsIHN0eWx1cyBmcm9tIGdpdGh1YjpzdHlsdXMvc3R5bHVzIzAuNTcuMCAoIzg2MjUpIg==-->Revert "fix(ci): pull stylus from github:stylus/stylus#0.57.0 (#8625)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8301): <!--number 8301 --><!--line 0 --><!--description Y2hvcmU6IHVzZSBldmVudHVhbGx5IGZvciBteXNxbCBjb2xsYXRpb24gdGVzdA==-->chore: use eventually for mysql collation test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8625): <!--number 8625 --><!--line 0 --><!--description Zml4KGNpKTogcHVsbCBzdHlsdXMgZnJvbSBnaXRodWI6c3R5bHVzL3N0eWx1cyMwLjU3LjA=-->fix(ci): pull stylus from github:stylus/stylus#0.57.0<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8519): <!--number 8519 --><!--line 0 --><!--description ZXhwYW5kaW5nIGV4YWN0bHkgMjAgbGluZXMgYmV0d2VlbiBkaWZmIHNlY3Rpb25zIGxlYXZlcyB2aXN1YWwgYXJ0aWZhY3Q=-->expanding exactly 20 lines between diff sections leaves visual artifact<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8530): <!--number 8530 --><!--line 0 --><!--description Zml4KHBhY2thZ2VzKTogc2tpcCBhbm90aGVyIHN0YWNrIGZyYW1lIGZyb20gbG9nZ2luZw==-->fix(packages): skip another stack frame from logging<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8948): <!--number 8948 --><!--line 0 --><!--description VXBkYXRlIGdvbW9jayBtb25vcmVwbyB0byB2MC42LjAgKGZvcmdlam8p-->Update gomock monorepo to v0.6.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8925): <!--number 8925 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS43Ni4wIChmb3JnZWpvKQ==-->Update renovate to v41.76.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8927): <!--number 8927 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8874): <!--number 8874 --><!--line 0 --><!--description cmVkaXJlY3QgZnJvbSAve3VzZXJuYW1lfS97cmVwb25hbWV9L3B1bGxzL3tpbmRleH0gdG8gaXNzdWUgaWYgaW5kZXggaXMgYSBpc3N1ZQ==-->redirect from /{username}/{reponame}/pulls/{index} to issue if index is a issue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8663): <!--number 8663 --><!--line 0 --><!--description Y2hvcmU6IG1vdmUgdGVtcGxhdGUgY29udGV4dA==-->chore: move template context<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8910): <!--number 8910 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgdG8gdjAuMzYuMCAoZm9yZ2Vqbyk=-->Update x/tools to v0.36.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8890): <!--number 8890 --><!--line 0 --><!--description UHVsbCBSZXF1ZXN0IFJlZmVyZW5jZSBzaG91bGQgdXNlIFB1bGwgUmVxdWVzdCBmb3JtYXQgKCEsIG5vdCAjKQ==-->Pull Request Reference should use Pull Request format (!, not #)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8902): <!--number 8902 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuMiAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.0.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8895): <!--number 8895 --><!--line 0 --><!--description Y2hvcmUoZG9jcyk6IGFkZCBpbnN0cnVjdGlvbnMgdG8gcnVuIFMzIHRlc3RzIGxvY2FsbHk=-->chore(docs): add instructions to run S3 tests locally<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8903): <!--number 8903 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21hdHRuL2dvLXNxbGl0ZTMgdG8gdjEuMTQuMzIgKGZvcmdlam8p-->Update module github.com/mattn/go-sqlite3 to v1.14.32 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8878): <!--number 8878 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDEuMSAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.101.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8879): <!--number 8879 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3VyZmF2ZS9jbGkvdjMgdG8gdjMuNC4xIChmb3JnZWpvKQ==-->Update module github.com/urfave/cli/v3 to v3.4.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8870): <!--number 8870 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3VyZmF2ZS9jbGkvdjMgdG8gdjMuMy45IChmb3JnZWpvKQ==-->Update module github.com/urfave/cli/v3 to v3.3.9 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8858): <!--number 8858 --><!--line 0 --><!--description dGVzdDogZml4IGZhaWx1cmUgaW4gcmVsYXRpdmUtdGltZSB0ZXN0cyBpbiBVUy9DYW5hZGEgRFNULWF3YXJlIHRpbWV6b25lcw==-->test: fix failure in relative-time tests in US/Canada DST-aware timezones<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8856): <!--number 8856 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS42MS4wIChmb3JnZWpvKQ==-->Update renovate to v41.61.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8857): <!--number 8857 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8834): <!--number 8834 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21ob2x0L2FyY2hpdmVzIHRvIHYwLjEuMyAoZm9yZ2Vqbyk=-->Update module github.com/mholt/archives to v0.1.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8832): <!--number 8832 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8824): <!--number 8824 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQxLjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.41.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8822): <!--number 8822 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9wcm90b2J1ZiB0byB2MS4zNi43IChmb3JnZWpvKQ==-->Update module google.golang.org/protobuf to v1.36.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8825): <!--number 8825 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzAuMCAoZm9yZ2Vqbyk=-->Update module golang.org/x/image to v0.30.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7025): <!--number 7025 --><!--line 0 --><!--description VXNlIG1ob2x0L2FyY2hpdmVzIGluIHBsYWNlIG9mIGRlcHJlY2F0ZWQgbWhvbHQvYXJjaGl2ZXIvdjM=-->Use mholt/archives in place of deprecated mholt/archiver/v3<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8711): <!--number 8711 --><!--line 0 --><!--description cmVxdWlyZSBgZGF0YS1tb2RhbC1pZGAgZm9yIGRlbGV0ZSBidXR0b25z-->require `data-modal-id` for delete buttons<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8691): <!--number 8691 --><!--line 0 --><!--description RW5oYW5jZSBteXNxbEdldE5leHRSZXNvdXJjZUluZGV4IHRvIHVzZSBjdXJyZW50IE1hcmlhREIgZmVhdHVyZXM=-->Enhance mysqlGetNextResourceIndex to use current MariaDB features<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8815): <!--number 8815 --><!--line 0 --><!--description Y2k6IGZpeCBtYXJpYWRiIHBhdGg=-->ci: fix mariadb path<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8810): <!--number 8810 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBNYXJpYURCIHRvIGRhaWx5IHRlc3Rz-->chore: add MariaDB to daily tests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8688): <!--number 8688 --><!--line 0 --><!--description Zml4KHVpKTogd3Jvbmcgb3JnIGRhc2hib2FyZCBsaW5rcyB3aGVuIHN3aXRjaGluZyBkYXNoYm9hcmQgY29udGV4dA==-->fix(ui): wrong org dashboard links when switching dashboard context<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8788): <!--number 8788 --><!--line 0 --><!--description Y2hvcmUoZGVwKTogVXBkYXRlIG1vZHVsZSBtZWlsaXNlYXJjaCB0byB2MC4zMw==-->chore(dep): Update module meilisearch to v0.33<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8807): <!--number 8807 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjQuNiAoZm9yZ2Vqbyk=-->Update dependency go to v1.24.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8796): <!--number 8796 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2NhZGR5c2VydmVyL2NlcnRtYWdpYyB0byB2MC4yNC4wIChmb3JnZWpvKQ==-->Update module github.com/caddyserver/certmagic to v0.24.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8795): <!--number 8795 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3Y5IHRvIHY5LjAuMyAoZm9yZ2Vqbyk=-->Update module code.forgejo.org/forgejo/runner/v9 to v9.0.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8782): <!--number 8782 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWluaS1jc3MtZXh0cmFjdC1wbHVnaW4gdG8gdjIuOS4zIChmb3JnZWpvKQ==-->Update dependency mini-css-extract-plugin to v2.9.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8777): <!--number 8777 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8776): <!--number 8776 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNC4xIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.4.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8775): <!--number 8775 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS41MS4xIChmb3JnZWpvKQ==-->Update renovate to v41.51.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8721): <!--number 8721 --><!--line 0 --><!--description Y2hvcmUodWkpOiBpbXByb3ZlIGhhc2hib3g=-->chore(ui): improve hashbox<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8762): <!--number 8762 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3Y5IHRvIHY5LjAuMiAoZm9yZ2Vqbyk=-->Update module code.forgejo.org/forgejo/runner/v9 to v9.0.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8766): <!--number 8766 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNsaW50LXBsdWdpbi11bmljb3JuIHRvIHY2MCAoZm9yZ2Vqbyk=-->Update dependency eslint-plugin-unicorn to v60 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8765): <!--number 8765 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHN0eWxpc3RpYy9zdHlsZWxpbnQtcGx1Z2luIHRvIHY0IChmb3JnZWpvKQ==-->Update dependency @stylistic/stylelint-plugin to v4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8761): <!--number 8761 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHBsYXl3cmlnaHQvdGVzdCB0byB2MS41NC4yIChmb3JnZWpvKQ==-->Update dependency @playwright/test to v1.54.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8763): <!--number 8763 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMy4xIChmb3JnZWpvKQ==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.3.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8749): <!--number 8749 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVqcy9wbHVnaW4tdnVlIHRvIHY2LjAuMSAoZm9yZ2Vqbyk=-->Update dependency @vitejs/plugin-vue to v6.0.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8739): <!--number 8739 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZy1qd3Qvand0L3Y1IHRvIHY1LjMuMCAoZm9yZ2Vqbyk=-->Update module github.com/golang-jwt/jwt/v5 to v5.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8738): <!--number 8738 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21hdHRuL2dvLXNxbGl0ZTMgdG8gdjEuMTQuMzAgKGZvcmdlam8p-->Update module github.com/mattn/go-sqlite3 to v1.14.30 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8752): <!--number 8752 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMy4wIChmb3JnZWpvKQ==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8750): <!--number 8750 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8728): <!--number 8728 --><!--line 0 --><!--description Y2hvcmUoYXBpKTogdXBkYXRlIHN3YWdnZXIgbWV0aG9kIGRlc2NyaXBpdG9ucw==-->chore(api): update swagger method descripitons<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8729): <!--number 8729 --><!--line 0 --><!--description dGVzdDogYWRkIGxvZ2dlciBzZXR0aW5ncyB0ZXN0cw==-->test: add logger settings tests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8717): <!--number 8717 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDEuMCAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.101.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8726): <!--number 8726 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS4zLjYgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.3.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8722): <!--number 8722 --><!--line 0 --><!--description Y2hvcmU6IHJldmVydCByZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS4zLjM=-->chore: revert release-notes-assistant to v1.3.3<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8274): <!--number 8274 --><!--line 0 --><!--description YXNzb3J0ZWQgQWN0aXZpdHlQdWIgY29kZSBvbmx5IHJlZmFjdG9ycw==-->assorted ActivityPub code only refactors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8705): <!--number 8705 --><!--line 0 --><!--description UmV2ZXJ0ICJmaXg6ICBhc3NvcnRlZCBBY3Rpdml0eVB1YiBjb2RlIG9ubHkgcmVmYWN0b3JzICgjODI3NCki-->Revert "fix:  assorted ActivityPub code only refactors (#8274)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8700): <!--number 8700 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS40My41IChmb3JnZWpvKQ==-->Update renovate to v41.43.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8701): <!--number 8701 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS4zLjUgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.3.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8703): <!--number 8703 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8642): <!--number 8642 --><!--line 0 --><!--description ZG9uJ3QgbWFyayBmaWxlcyBpbiBBR2l0IFBScyBhcyBlZGl0YWJsZQ==-->don't mark files in AGit PRs as editable<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8686): <!--number 8686 --><!--line 0 --><!--description Y2hvcmU6IGNvcnJlY3RseSBwcmVwYXJlIHRlc3QgZW52-->chore: correctly prepare test env<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8680): <!--number 8680 --><!--line 0 --><!--description YWRkIHRyYWNpbmcgbG9ncyBhZnRlciBwcm9jZXNzIGlzIGNvbXBsZXRl-->add tracing logs after process is complete<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8675): <!--number 8675 --><!--line 0 --><!--description UkVMRUFTRS1OT1RFUy5tZCB0byByZWZlciB0byB0aGUgcmVsZWFzZSBub3RlcyBkaXJlY3Rvcnkgb24gbWFzdGVyICBbc2tpcCBjaV0=-->RELEASE-NOTES.md to refer to the release notes directory on master  [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8664): <!--number 8664 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEyLjAuMSBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v12.0.1 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8660): <!--number 8660 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21hdHRuL2dvLXNxbGl0ZTMgdG8gdjEuMTQuMjkgKGZvcmdlam8p-->Update module github.com/mattn/go-sqlite3 to v1.14.29 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8661): <!--number 8661 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vYWN0IHRvIHYxLjMzLjAgKGZvcmdlam8p-->Update module code.forgejo.org/forgejo/act to v1.33.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8659): <!--number 8659 --><!--line 0 --><!--description dGVzdHMoZTJlKTogU2lsZW5jZSBoZWFkaW5nIGxldmVsIHdhcm5pbmc=-->tests(e2e): Silence heading level warning<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8635): <!--number 8635 --><!--line 0 --><!--description Y2hvcmU6IGludGVncmF0aW9uIHRlc3Qgd2hlbiByZWJhc2Ugc2hvdWxkIGhhcHBlbg==-->chore: integration test when rebase should happen<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7909): <!--number 7909 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjUtMTkgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2025-19 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8629): <!--number 8629 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiB1c2UgYGZvcmdlam9gIHBsYXRmb3Jt-->chore(renovate): use `forgejo` platform<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8623): <!--number 8623 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdnVlIHRvIHYzLjUuMTggKGZvcmdlam8p-->Update dependency vue to v3.5.18 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8510): <!--number 8510 --><!--line 0 --><!--description ZnJvbnRlbmQ6IGdlbmVyaWMgbGF6eSBsb2FkZXIgZm9yIHdlYmNvbXBvbmVudHM=-->frontend: generic lazy loader for webcomponents<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8621): <!--number 8621 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3l1aW4vZ29sZG1hcmsgdG8gdjEuNy4xMyAoZm9yZ2Vqbyk=-->Update module github.com/yuin/goldmark to v1.7.13 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8620): <!--number 8620 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS4zLjMgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.3.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8578): <!--number 8578 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLXdlYmF1dGhuL3dlYmF1dGhuIHRvIHYwLjEzLjQgKGZvcmdlam8p-->Update module github.com/go-webauthn/webauthn to v0.13.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8593): <!--number 8593 --><!--line 0 --><!--description Zml4KGkxOG4pOiBpbXByb3ZlIGVuIGxvY2FsZQ==-->fix(i18n): improve en locale<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8615): <!--number 8615 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS40Mi41IChmb3JnZWpvKQ==-->Update renovate to v41.42.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8606): <!--number 8606 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS4zLjIgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.3.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8605): <!--number 8605 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS40Mi4yIChmb3JnZWpvKQ==-->Update renovate to v41.42.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8583): <!--number 8583 --><!--line 0 --><!--description Y2hvcmU6IHR3ZWFrIGZvbWFudGljIGNvbmZpZw==-->chore: tweak fomantic config<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8587): <!--number 8587 --><!--line 0 --><!--description cmVtb3ZlIGZvbWFudGljJ3MgdGFiIG1vZHVsZQ==-->remove fomantic's tab module<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8395): <!--number 8395 --><!--line 0 --><!--description Y2hvcmUoY2kpOiB0ZW1wb3JhcmlseSBkaXNhYmxlIGZsYWt5IEFjdGl2aXR5UHViIHJlbGF0ZWQgdGVzdHM=-->chore(ci): temporarily disable flaky ActivityPub related tests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8588): <!--number 8588 --><!--line 0 --><!--description TWlncmF0ZSByZW5vdmF0ZSBjb25maWc=-->Migrate renovate config<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8586): <!--number 8586 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Nhc2NhZGluZy1wciBhY3Rpb24gdG8gdjIuMi4xIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/actions/cascading-pr action to v2.2.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8585): <!--number 8585 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS40MC4wIChmb3JnZWpvKQ==-->Update renovate to v41.40.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8568): <!--number 8568 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS4zLjEgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.3.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8562): <!--number 8562 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/actions/setup-forgejo action to v3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8573): <!--number 8573 --><!--line 0 --><!--description Zml4KHVpKTogcmVtb3ZlIHVudXNlZCBydWxlIHdpdGggdW51c2VkIGNsYXNzIC50aWdodA==-->fix(ui): remove unused rule with unused class .tight<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8560): <!--number 8560 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8558): <!--number 8558 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHBsYXl3cmlnaHQvdGVzdCB0byB2MS41NC4xIChmb3JnZWpvKQ==-->Update dependency @playwright/test to v1.54.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8561): <!--number 8561 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgdG8gdjAuMzUuMCAoZm9yZ2Vqbyk=-->Update x/tools to v0.35.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8559): <!--number 8559 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdml0ZS1zdHJpbmctcGx1Z2luIHRvIHYxLjQuNiAoZm9yZ2Vqbyk=-->Update dependency vite-string-plugin to v1.4.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8557): <!--number 8557 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMi4yIChmb3JnZWpvKQ==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.2.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8556): <!--number 8556 --><!--line 0 --><!--description Y2hvcmUoY2kpOiBjYWNoZSByZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB3b3JraW5nIGRpcmVjdG9yeSBbc2tpcCBjaV0=-->chore(ci): cache release-notes-assistant working directory [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8372): <!--number 8372 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHBsYXl3cmlnaHQvdGVzdCB0byB2MS41My4yIChmb3JnZWpvKQ==-->Update dependency @playwright/test to v1.53.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8547): <!--number 8547 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZSBub3Rlcyk6IHNxdWFzaCByZXBlYXRpbmcgbG9jYWxpemF0aW9uIHVwZGF0ZXM=-->chore(release notes): squash repeating localization updates<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8540): <!--number 8540 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEyLjAuMCBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v12.0.0 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8542): <!--number 8542 --><!--line 0 --><!--description Y2hvcmU6IGltcHJvdmUgdGhlIHdvcmRpbmcgb2YgdGhlICJub3Qgd29ydGggYSByZWxlYXNlIG5vdGUiIGNhdGVnb3J5-->chore: improve the wording of the "not worth a release note" category<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8506): <!--number 8506 --><!--line 0 --><!--description ZmVhdCh1aSk6IG1ha2UgJ1JlZmVyZW5jZScgaW4gaXNzdWUgc2lkZWJhciBtb3JlIHVuaWZvcm0=-->feat(ui): make 'Reference' in issue sidebar more uniform<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8525): <!--number 8525 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBlbmFibGUgdjEyIGJyYW5jaA==-->chore(renovate): enable v12 branch<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8521): <!--number 8521 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZy1qd3Qvand0L3Y1IHRvIHY1LjIuMyAoZm9yZ2Vqbyk=-->Update module github.com/golang-jwt/jwt/v5 to v5.2.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8520): <!--number 8520 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDAuMiAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.100.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8509): <!--number 8509 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBicmFuY2ggZmlsdGVyIGhlbHA=-->fix(ui): improve branch filter help<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8503): <!--number 8503 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8501): <!--number 8501 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4zMi4xIChmb3JnZWpvKQ==-->Update renovate to v41.32.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8494): <!--number 8494 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLXdlYmF1dGhuL3dlYmF1dGhuIHRvIHYwLjEzLjMgKGZvcmdlam8p-->Update module github.com/go-webauthn/webauthn to v0.13.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8493): <!--number 8493 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDAuMSAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.100.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8484): <!--number 8484 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjQyLjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.42.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8481): <!--number 8481 --><!--line 0 --><!--description cmVwbGFjZSB7d29ya2Zsb3duYW1lfSB3aXRoIHt3b3JrZmxvd2ZpbGVuYW1lfSBpbiBkaXNwYXRjaCBBUEk=-->replace {workflowname} with {workflowfilename} in dispatch API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8483): <!--number 8483 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQwLjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.40.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8482): <!--number 8482 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc2hhcnAgdG8gdjAuMzQuMyAoZm9yZ2Vqbyk=-->Update dependency sharp to v0.34.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8470): <!--number 8470 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvc3lzIHRvIHYwLjM0LjAgKGZvcmdlam8p-->Update module golang.org/x/sys to v0.34.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8469): <!--number 8469 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvc3luYyB0byB2MC4xNi4wIChmb3JnZWpvKQ==-->Update module golang.org/x/sync to v0.16.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8467): <!--number 8467 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDAuMCAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.100.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8472): <!--number 8472 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjExLjAuMw==-->chore(release-notes): Forgejo v11.0.3<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8473): <!--number 8473 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjcuMC4xNg==-->chore(release-notes): Forgejo v7.0.16<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8415): <!--number 8415 --><!--line 0 --><!--description ZmlsZSBhY3Rpb24gYnV0dG9uIHNwYWNpbmcgd2hlbiB3cmFwcGVk-->file action button spacing when wrapped<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8433): <!--number 8433 --><!--line 0 --><!--description dGVzdChjbGkpOiB0ZXN0IGBhZG1pbiBhdXRoYCBzdWJjb21tYW5kcw==-->test(cli): test `admin auth` subcommands<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8440): <!--number 8440 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuOC4xIChmb3JnZWpvKQ==-->Update dependency mermaid to v11.8.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8442): <!--number 8442 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vYWN0IHRvIHYxLjI5LjAgKGZvcmdlam8p-->Update module code.forgejo.org/forgejo/act to v1.29.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8436): <!--number 8436 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8434): <!--number 8434 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4yMy4yIChmb3JnZWpvKQ==-->Update renovate to v41.23.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8431): <!--number 8431 --><!--line 0 --><!--description Y2hlY2sgUFIgcmVmZXJlbmNlIG9uIGJhc2UgcmVwb3NpdG9yeQ==-->check PR reference on base repository<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8425): <!--number 8425 --><!--line 0 --><!--description Y2hvcmU6IFJlZmFjdG9yIGBJc3tSZWZlcmVuY2UsQnJhbmNofUV4aXN0YA==-->chore: Refactor `Is{Reference,Branch}Exist`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8427): <!--number 8427 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLXdlYmF1dGhuL3dlYmF1dGhuIHRvIHYwLjEzLjEgKGZvcmdlam8p-->Update module github.com/go-webauthn/webauthn to v0.13.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8422): <!--number 8422 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMi4xIChmb3JnZWpvKQ==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.2.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8420): <!--number 8420 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVzdC9lc2xpbnQtcGx1Z2luIHRvIHYxLjMuNCAoZm9yZ2Vqbyk=-->Update dependency @vitest/eslint-plugin to v1.3.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8419): <!--number 8419 --><!--line 0 --><!--description Y2hvcmU6IHJlZmFjdG9yIGBMaW5lQmxhbWVg-->chore: refactor `LineBlame`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8421): <!--number 8421 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8405): <!--number 8405 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuOC4wIChmb3JnZWpvKQ==-->Update dependency mermaid to v11.8.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8380): <!--number 8380 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWNoaS9jb3JzIHRvIHYxLjIuMiAoZm9yZ2Vqbyk=-->Update module github.com/go-chi/cors to v1.2.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8381): <!--number 8381 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTYuMy4wIChmb3JnZWpvKQ==-->Update dependency globals to v16.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8003): <!--number 8003 --><!--line 0 --><!--description TWFrZSBpc3N1ZSBkcm9wZG93biBzaG93IG1vcmUgcmVsZXZhbnQgcmVzdWx0cy4=-->Make issue dropdown show more relevant results.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8368): <!--number 8368 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ29vZ2xlL3Bwcm9mIGRpZ2VzdCB0byA2ZTc2YTJiIChmb3JnZWpvKQ==-->Update github.com/google/pprof digest to 6e76a2b (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8369): <!--number 8369 --><!--line 0 --><!--description VXBkYXRlIGdoY3IuaW8vZGV2Y29udGFpbmVycy9mZWF0dXJlcy9naXQtbGZzIERvY2tlciB0YWcgdG8gdjEuMi41IChmb3JnZWpvKQ==-->Update ghcr.io/devcontainers/features/git-lfs Docker tag to v1.2.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8371): <!--number 8371 --><!--line 0 --><!--description VXBkYXRlIHZpdGVzdCBtb25vcmVwbyB0byB2My4yLjQgKGZvcmdlam8p-->Update vitest monorepo to v3.2.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8322): <!--number 8322 --><!--line 0 --><!--description Zml4KHVpKTogcmVwbyBzZXR0aW5ncyB1bml0cyBvdmVydmlldyBhbmNob3I=-->fix(ui): repo settings units overview anchor<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8353): <!--number 8353 --><!--line 0 --><!--description Y2hvcmU6IGRvIG5vdCByZXF1aXJlIGVtcHR5IGZpeHR1cmVzIHRvIGNsZWFuIHRhYmxlcw==-->chore: do not require empty fixtures to clean tables<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8356): <!--number 8356 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8355): <!--number 8355 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4xNy4yIChmb3JnZWpvKQ==-->Update renovate to v41.17.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8352): <!--number 8352 --><!--line 0 --><!--description ZGV0ZWN0IGluY29ycmVjdCBpbnRlZ3JhdGlvbiB0ZXN0IGZ1bmN0aW9ucw==-->detect incorrect integration test functions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8327): <!--number 8327 --><!--line 0 --><!--description Zml4KHVpKTogc21hbGwgb3JnIGRhc2hib2FyZCB1aSBjbGVhbnVw-->fix(ui): small org dashboard ui cleanup<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8343): <!--number 8343 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc3ZnbyB0byB2NCAoZm9yZ2Vqbyk=-->Update dependency svgo to v4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8342): <!--number 8342 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaHRteC5vcmcgdG8gdjIgKGZvcmdlam8p-->Update dependency htmx.org to v2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8345): <!--number 8345 --><!--line 0 --><!--description Zml4KGNpKTogYWRkIGluc3RhbGwtbWluaW11bS1naXQtdmVyc2lvbiBoZWxwZXIgZm9yIHdvcmtmbG93cw==-->fix(ci): add install-minimum-git-version helper for workflows<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8340): <!--number 8340 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHN0eWxpc3RpYy9lc2xpbnQtcGx1Z2luIHRvIHY1IChmb3JnZWpvKQ==-->Update dependency @stylistic/eslint-plugin to v5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8341): <!--number 8341 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVqcy9wbHVnaW4tdnVlIHRvIHY2IChmb3JnZWpvKQ==-->Update dependency @vitejs/plugin-vue to v6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8337): <!--number 8337 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYxOC4wLjEgKGZvcmdlam8p-->Update dependency happy-dom to v18.0.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8336): <!--number 8336 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHN0eWxpc3RpYy9zdHlsZWxpbnQtcGx1Z2luIHRvIHYzLjEuMyAoZm9yZ2Vqbyk=-->Update dependency @stylistic/stylelint-plugin to v3.1.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8335): <!--number 8335 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL25pa2xhc2Zhc2NoaW5nL2dvLW9yZyB0byB2MS45LjAgKGZvcmdlam8p-->Update module github.com/niklasfasching/go-org to v1.9.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8323): <!--number 8323 --><!--line 0 --><!--description Z2l0L1RyZWVFbnRyeTogTGlua1RhcmdldCBzaW1wbGlmaWNhdGlvbg==-->git/TreeEntry: LinkTarget simplification<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8254): <!--number 8254 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2poaWxseWVyZC9lbm1pbWUvdjIgdG8gdjIuMi4wIChmb3JnZWpvKQ==-->Update module github.com/jhillyerd/enmime/v2 to v2.2.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8257): <!--number 8257 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8270): <!--number 8270 --><!--line 0 --><!--description Z2l0L2Jsb2I6IHJlZmFjdG9yIGxpbmUtY291bnRpbmcgbG9naWM=-->git/blob: refactor line-counting logic<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8249): <!--number 8249 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuNy4wIChmb3JnZWpvKQ==-->Update dependency mermaid to v11.7.0 (forgejo)<!--description-->
+- Already announced in the release notes of an older stable release
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8892): <!--number 8892 --><!--line 0 --><!--description bWlncmF0aW9uIGZhaWxpbmcgd2hlbiBpbXBvcnRpbmcgZWl0aGVyIGlzc3VlcyBvciBQUnMgYnV0IG5vdCB0aGUgb3RoZXI=-->migration failing when importing either issues or PRs but not the other<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8818): <!--number 8818 --><!--line 0 --><!--description Zml4KHVpKTogbW92ZSBmaWxlIHJlbmFtZSBub3RpY2UgdG8gYmVmb3JlIHBhZ2luYXRpb24=-->fix(ui): move file rename notice to before pagination<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9075): <!--number 9075 --><!--line 0 --><!--description ZW5zdXJlIEdldFVzZXJCeUVtYWlsIG9ubHkgY29uc2lkZXJzIHZhbGlkYXRlZCBlbWFpbHM=-->ensure GetUserByEmail only considers validated emails<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9264): <!--number 9264 --><!--line 0 --><!--description dXNlIGNvcnJlY3QgY29tbWl0IHdoZW4gZmV0Y2hpbmcgcGF0Y2ggdmlldyBmb3IgcmV2aWV3IGNvbW1lbnRz-->use correct commit when fetching patch view for review comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9219): <!--number 9219 --><!--line 0 --><!--description cGFja2FnZSBjbGVhbnVwIHJ1bGVzIGFyZSBub3QgYXBwbGllZCB3aGVuIHRoZXJlIGFyZSBtb3JlIHRoYW4gMjAwIHBhY2thZ2VzIChkZXBlbmRzIG9uIGBNQVhfUkVTUE9OU0VfSVRFTVNgKQ==-->package cleanup rules are not applied when there are more than 200 packages (depends on `MAX_RESPONSE_ITEMS`)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8802): <!--number 8802 --><!--line 0 --><!--description Y29ycmVjdCByZWxlYXNlIGxpbmsgaW4gZmVlZA==-->correct release link in feed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9362): <!--number 9362 --><!--line 0 --><!--description RG8gbm90IGRpc3BsYXkgdGhlIHRpdGxlIG9mIHVuc3Vic2NyaWJlZCBpc3N1ZXMgb3IgcHVsbCByZXF1ZXN0cyBpbiB0aGUgbm90aWZpY2F0aW9uIHdlYiBwYWdlIC4gVGhlIHRpdGxlIG9mIHNvbWUgcmFuZG9tIGlzc3VlcyBvciBwdWxsIHJlcXVlc3RzIGZyb20gcmVwb3NpdG9yaWVzIHdlcmUgYWNjaWRlbnRhbGx5IGRpc3BsYXllZCBpbiB0aGUgbm90aWZpY2F0aW9ucyBvZiBhIHVzZXIuIEl0IHdhcyBhIHJhcmUgb2NjdXJyZW5jZSwgY2F1c2VkIGJ5IGFuIGluY29ycmVjdCBjb21wYXJpc29uIG9mIHR3byB1bnJlbGF0ZWQgdW5pcXVlIGlkZW50aWZpZXJzIHRoYXQgYXJlIHVubGlrZWx5IHRvIG1hdGNoICh0aGUgaWQgb2YgdGhlIG5vdGlmaWNhdGlvbiBhbmQgdGhlIGlkIG9mIGEgcmVwb3NpdG9yeSkuIElmIHRoZSBpc3N1ZSBvciB0aGUgcHVsbCByZXF1ZXN0IGJlbG9uZ2VkIHRvIGEgcHJpdmF0ZSByZXBvc2l0b3J5IHRvIHdoaWNoIHRoZSB1c2VyIGhhZCBubyByZWFkIGFjY2Vzcywgb25seSB0aGUgdGl0bGUgd2FzIGxlYWtlZC4gVGhlIHVzZXIgd2FzIGRlbmllZCBwZXJtaXNzaW9uIHRvIHZpZXcgdGhlIGlzc3VlIG9yIHRoZSBwdWxsIHJlcXVlc3Qgd2hlbiBjbGlja2luZyBvbiB0aGUgbGluayBkaXNwbGF5ZWQgaW4gdGhlIG5vdGlmaWNhdGlvbnMgd2ViIHBhZ2Uu-->Do not display the title of unsubscribed issues or pull requests in the notification web page . The title of some random issues or pull requests from repositories were accidentally displayed in the notifications of a user. It was a rare occurrence, caused by an incorrect comparison of two unrelated unique identifiers that are unlikely to match (the id of the notification and the id of a repository). If the issue or the pull request belonged to a private repository to which the user had no read access, only the title was leaked. The user was denied permission to view the issue or the pull request when clicking on the link displayed in the notifications web page.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9201): <!--number 9201 --><!--line 0 --><!--description Zml4KGFwaSk6IHNldCBkZWZhdWx0IHBhZ2luYXRpb24gYW5kIExpbmsgaGVhZGVyIGZvciBgcmVwb0xpc3RUYWdzYA==-->fix(api): set default pagination and Link header for `repoListTags`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9202): <!--number 9202 --><!--line 0 --><!--description TEZTIEdDIGlzIG5ldmVyIHJ1bm5pbmcgYmVjYXVzZSBvZiBhIGJ1ZyBpbiB0aGUgcGFyc2luZyBvZiB0aGUgSU5JIGZpbGU=-->LFS GC is never running because of a bug in the parsing of the INI file<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9234): <!--number 9234 --><!--line 0 --><!--description cXVvdGFzIGRvdWJsZSBjb3VudGluZyByZXBvIHNpemUgd2hlbiBjYWxjdWxhdGluZyBzaXplOmFsbA==-->quotas double counting repo size when calculating size:all<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9252): <!--number 9252 --><!--line 0 --><!--description YFtxdW90YS5kZWZhdWx0XS5UT1RBTGAgY29uZmlnIHNldHRpbmcgc3VwcG9ydHMgdW5pdCBzdWZmaXhlcw==-->`[quota.default].TOTAL` config setting supports unit suffixes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9072): <!--number 9072 --><!--line 0 --><!--description b25seSByZWRpcmVjdCB0byBhIG5ldyBvd25lciAob3JnYW5pemF0aW9uIG9yIHVzZXIpIGlmIHRoZSB1c2VyIGhhcyBwZXJtaXNzaW9ucyB0byB2aWV3IHRoZSBuZXcgb3duZXI=-->only redirect to a new owner (organization or user) if the user has permissions to view the new owner<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8990): <!--number 8990 --><!--line 0 --><!--description Zml4KHVpKTogY2xlYXIgZmllbGRzIHdoZW4gY2FuY2VsaW5nIGFkZGluZyBzc2gga2V5-->fix(ui): clear fields when canceling adding ssh key<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8829): <!--number 8829 --><!--line 0 --><!--description Zml4KGFwaSk6IGRlYWN0aXZhdGUgaXNzdWUgYXBpIGZvciBkaXNhYmxlZCBvciBleHRlcm5hbCBpc3N1ZS10cmFja2Vy-->fix(api): deactivate issue api for disabled or external issue-tracker<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8794): <!--number 8794 --><!--line 0 --><!--description dHJpbSB0cmFpbGluZyBzbGFzaCBpbiBXZWJGaW5nZXIgT0lEQyBpc3N1ZXIgbGluaw==-->trim trailing slash in WebFinger OIDC issuer link<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9067): <!--number 9067 --><!--line 0 --><!--description dXNlIGNyZWRlbnRpYWxzIGhlbHBlcnMgZm9yIGdpdCBjbG9uZXM=-->use credentials helpers for git clones<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9070): <!--number 9070 --><!--line 0 --><!--description cmVxdWlyZSBwYXNzd29yZCBsb2dpbiBmb3IgY3JlYXRpb24gb2YgbmV3IHRva2Vu-->require password login for creation of new token<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8678): <!--number 8678 --><!--line 0 --><!--description c3RvcmUgY29kZSBjaGFsbGVuZ2UgY29ycmVjdGx5IGluIHNlc3Npb24=-->store code challenge correctly in session<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9076): <!--number 9076 --><!--line 0 --><!--description ZGVsZXRlIG9sZCBhdXRoIHRva2VuIHVwb24gcmVwbGFjaW5nIHByaW1hcnkgZW1haWw=-->delete old auth token upon replacing primary email<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9064): <!--number 9064 --><!--line 0 --><!--description ZG9uJ3QgYWxsb3cgY3JlZGVudGlhbHMgaW4gbWlncmF0ZS9wdXNoIG1pcnJvciBVUkw=-->don't allow credentials in migrate/push mirror URL<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8830): <!--number 8830 --><!--line 0 --><!--description d3JhcCBpdGVtcyBpbiBnaXRpZ25vcmUgZHJvcGRvd24=-->wrap items in gitignore dropdown<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8715): <!--number 8715 --><!--line 0 --><!--description YWxsb3cgYWRtaW5zIHRvIGFsd2F5cyByZW5hbWUgdXNlcnM=-->allow admins to always rename users<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8681): <!--number 8681 --><!--line 0 --><!--description c2hvdyBtZXJnZWJveCB3aGVuIG9ubHkgbWFudWFsIG1lcmdlIGlzIGFsbG93ZWQ=-->show mergebox when only manual merge is allowed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8756): <!--number 8756 --><!--line 0 --><!--description Y29ycmVjdGx5IGdldCBzdGF0cyBmb3IgQVBJIGNvbW1pdHM=-->correctly get stats for API commits<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9003): <!--number 9003 --><!--line 0 --><!--description QWN0aW9ucyB3b3JrZmxvd3MgdHJpZ2dlcmVkIGJ5IGNvbW1lbnRzIG9yIGxhYmVscyB0byBwdWxsIHJlcXVlc3RzIG1heSBhY2Nlc3Mgc2VjcmV0cw==-->Actions workflows triggered by comments or labels to pull requests may access secrets<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9074): <!--number 9074 --><!--line 0 --><!--description ZW1haWwgY29tbWVudHMgYXJlIHJlbW92ZWQgZnJvbSBlbWFpbCBhZGRyZXNzZXM=-->email comments are removed from email addresses<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9073): <!--number 9073 --><!--line 0 --><!--description Y29uc2lzdGVudGx5IGVuZm9yY2UgMkZBIG9uIE9wZW5JRCAyLjA=-->consistently enforce 2FA on OpenID 2.0<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9071): <!--number 9071 --><!--line 0 --><!--description dmFsaWRhdGUgQ1NSRiBvbiBub24tc2FmZSBtZXRob2Rz-->validate CSRF on non-safe methods<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8821): <!--number 8821 --><!--line 0 --><!--description bWFrZSBzc2gga2V5IHZlcmlmaWNhdGlvbiBjb21tYW5kIG1vcmUgcm9idXN0-->make ssh key verification command more robust<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8773): <!--number 8773 --><!--line 0 --><!--description YWRkIC5mb3JnZWpvL0NPREVPV05FUlMgc3VwcG9ydCAoIzg3NDYp-->add .forgejo/CODEOWNERS support (#8746)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9000): <!--number 9000 --><!--line 0 --><!--description Zml4KGNvZGUtc2VhcmNoKTogZml4IGJyb2tlbiBwYWdpbmF0aW9uLg==-->fix(code-search): fix broken pagination.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8450): <!--number 8450 --><!--line 0 --><!--description Y29ycmVjdGx5IG1hcmsgcmV2aWV3cyBhcyBzdGFsZSBmb3IgQUdpdCBQUnM=-->correctly mark reviews as stale for AGit PRs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7749): <!--number 7749 --><!--line 0 --><!--description Zml4KHVpKTogQWRkIHBhc3RlZCBpbWFnZXMgdG8gZHJvcHpvbmU=-->fix(ui): Add pasted images to dropzone<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8246): <!--number 8246 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIG1pc3NpbmcgbGF6eSBsb2FkIGF0dHJpYnV0ZSB0byBpbWFnZXM=-->fix(ui): add missing lazy load attribute to images<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8296): <!--number 8296 --><!--line 0 --><!--description YWRkIG1pc3NpbmcgdHJ1c3Qgc3RhdHVzIHRvIHB1bGwgcmV2aWV3IGNvbW1pdHM=-->add missing trust status to pull review commits<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8330): <!--number 8330 --><!--line 0 --><!--description bG9hZCBPbGRNaWxlc3RvbmUgYmFzZWQgb24gT2xkTWlsZXN0b25lSUQsIG5vdCBNaWxlc3RvbmVJRA==-->load OldMilestone based on OldMilestoneID, not MilestoneID<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8391): <!--number 8391 --><!--line 0 --><!--description QXV0aCBIZWFkZXI6IEFsbG93IGxvd2VyY2FzZSBhcyB3ZWxsIGFzIHVwcGVyY2FzZSB0b2tlbg==-->Auth Header: Allow lowercase as well as uppercase token<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8367): <!--number 8367 --><!--line 0 --><!--description dXNlciBhY3RpdmF0aW9uIHdpdGggdXBwZXJjYXNlIGVtYWlsIGFkZHJlc3M=-->user activation with uppercase email address<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8417): <!--number 8417 --><!--line 0 --><!--description Zml4KHVpKTogbXVsdGlwbGUgQ29tYm9NYXJrZG93bkVkaXRvcnMgb24gb25lIHBhZ2U=-->fix(ui): multiple ComboMarkdownEditors on one page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8565): <!--number 8565 --><!--line 0 --><!--description Y29ycmVjdCBpbWFnZSBzb3VyY2UgZm9yIHF1b3RlZCByZXBseQ==-->correct image source for quoted reply<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8475): <!--number 8475 --><!--line 0 --><!--description c2V2ZXJhbCBmaXhlcyBvZiBBTFQgUGFja2FnZSByZWdpc3RyeQ==-->several fixes of ALT Package registry<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8633): <!--number 8633 --><!--line 0 --><!--description UmV2ZXJ0ICJmZWF0OiByZW1vdmUgQVBJIGF1dGhlbnRpY2F0aW9uIG1ldGhvZHMgdGhhdCB1c2VzIHRoZSBVUkwgcXVlcnkgKCM3OTI0KSI=-->Revert "feat: remove API authentication methods that uses the URL query (#7924)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8596): <!--number 8596 --><!--line 0 --><!--description Zm9sbG93IHN5bWxpbmtzIGZvciBsb2NhbCBhc3NldHM=-->follow symlinks for local assets<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8644): <!--number 8644 --><!--line 0 --><!--description Zml4KHVpKTogdXBkYXRlIGkxOG4gdXNhZ2UgaW4gY29tbWVudHM=-->fix(ui): update i18n usage in comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8553): <!--number 8553 --><!--line 0 --><!--description Zml4KHVpKTogcHJldmVudCByZW5kZXIgZmFpbHVyZSBvbiBmYXVsdHkgb3JnIHNldHRpbmdzIHBvc3Q=-->fix(ui): prevent render failure on faulty org settings post<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8533): <!--number 8533 --><!--line 0 --><!--description bWFrZSBzdXJlIHRvIHVzZSB1bmFsdGVyZWQgZmllbGRzIHdoZW4gc2F2aW5nIGEgc2hhZG93IGNvcHkgZm9yIHVwZGF0ZWQgcHJvZmlsZXMgb3IgY29tbWVudHM=-->make sure to use unaltered fields when saving a shadow copy for updated profiles or comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8622): <!--number 8622 --><!--line 0 --><!--description cmViYXNlIGFuZCBmYXN0IGZvcndhcmQgbWVyZ2UgYnJlYWtzIGNvbW1pdCBzaWduYXR1cmVz-->rebase and fast forward merge breaks commit signatures<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8617): <!--number 8617 --><!--line 0 --><!--description bWFrZSB0aGUgYWN0aW9uIGZlZWQgcmVzaWxpZW50IHRvIGRhdGFiYXNlIGluY29uc2lzdGVuY2llcw==-->make the action feed resilient to database inconsistencies<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8609): <!--number 8609 --><!--line 0 --><!--description dXBncmFkZSBmYWlscyBvciBoYW5nIGF0IG1pZ3JhdGlvblszMV06IE1pZ3JhdGUgbWF2ZW4gcGFja2FnZSBuYW1lIGNvbmNhdGVuYXRpb24=-->upgrade fails or hang at migration[31]: Migrate maven package name concatenation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8550): <!--number 8550 --><!--line 0 --><!--description dXNlIGNvcnJlY3QgQUNNRSBkZWZhdWx0-->use correct ACME default<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8511): <!--number 8511 --><!--line 0 --><!--description UFIgbm90IGJsb2NrZWQgYnkgcmV2aWV3IHJlcXVlc3QgZm9yIGEgd2hpdGVsaXN0ZWQgdGVhbQ==-->PR not blocked by review request for a whitelisted team<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8575): <!--number 8575 --><!--line 0 --><!--description YWxsb3cgZm9yIHRyYWNrZWQgdGltZSB0byBiZSByZW1vdmVkIGFnYWlu-->allow for tracked time to be removed again<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8942): <!--number 8942 --><!--line 0 --><!--description YSBjb3JydXB0ZWQgRm9yZ2VqbyBBY3Rpb25zIHNjaGVkdWxlZCB3b3JrZmxvdyBpcyBkaXNhYmxlZA==-->a corrupted Forgejo Actions scheduled workflow is disabled<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8864): <!--number 8864 --><!--line 0 --><!--description ZGUtZHVwbGljYXRlIEZvcmdlam8gQWN0aW9ucyBqb2IgbmFtZXMgd2hlbiBuZWVkZWQ=-->de-duplicate Forgejo Actions job names when needed<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes-published/13.0.1.md b/release-notes-published/13.0.1.md
new file mode 100644
index 0000000000..bdf6f4c81a
--- /dev/null
+++ b/release-notes-published/13.0.1.md
@@ -0,0 +1,12 @@
+> **Warning** if your instance was already migrated to Forgejo v13.0.0 and is using a PostgreSQL database, make sure you [read the releases notes to verify Forgejo Actions secrets are sound](https://codeberg.org/forgejo/forgejo/milestone/21377). 
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9508) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9713)): <!--number 9713 --><!--line 0 --><!--description Zml4OiBVc2Ugc2Nyb2xsSGVpZ2h0IGZvciByZW5kZXJlZCBpZnJhbWUgaWYgb2Zmc2V0SGVpZ2h0IGlzIHVuYXZhaWxhYmxl-->fix: Use scrollHeight for rendered iframe if offsetHeight is unavailable<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9657) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9723)): <!--number 9723 --><!--line 0 --><!--description Zml4OiBkYi5JdGVyYXRlIGNhbiBtaXNzIHJlY29yZHMsIGNhbiByZXR1cm4gcmVjb3JkcyB0d2ljZQ==-->fix: db.Iterate can miss records, can return records twice which caused a [data corruption of the secret table in v13.0.0](https://codeberg.org/forgejo/forgejo/issues/9727)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9690) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9714)): <!--number 9714 --><!--line 0 --><!--description Zml4OiByZWxlYXNlIGVtYWlsIGxpbmtz-->fix: release email links<!--description-->
+<!--end release-notes-assistant-->
diff --git a/release-notes/3922.md b/release-notes/3952.md
similarity index 100%
rename from release-notes/3922.md
rename to release-notes/3952.md
diff --git a/release-notes/6553.md b/release-notes/6553.md
new file mode 100644
index 0000000000..53b8516986
--- /dev/null
+++ b/release-notes/6553.md
@@ -0,0 +1,19 @@
+feat: add Beeflang support
+feat: add CSV lexer
+feat: add Eclipse ATL language
+feat: add hare done keyword
+feat: add JSONata Lexer
+feat: add Jsonnet Lexer
+feat: add Typst Lexer
+feat: add WebVTT lexer
+feat: import NSIS Lexer from Pygments
+feat: port Minecraft lexers from Pygments
+feat: update the Materialize lexer
+
+fix: go: add any as a builtin type
+fix: go: single line comment without consuming endline, disable EnsureNL
+fix: haskell: add underscore parsing in numbers
+fix: markdown: remove whitespace tokenizing rule
+fix: typescript: allow nested generics
+fix: typescript: highlight string literal type parameters
+fix: yaml: don't output extra whitespace in multiline
diff --git a/release-notes/7459.md b/release-notes/7459.md
new file mode 100644
index 0000000000..f20c135abd
--- /dev/null
+++ b/release-notes/7459.md
@@ -0,0 +1,8 @@
+feat: [`0bf0e9f`](https://github.com/alecthomas/chroma/commit/0bf0e9f) add luau file extension and alias to lua lexer
+feat: [`4b0882a`](https://github.com/alecthomas/chroma/commit/4b0882a) add Janet lexer
+feat: [`dc982d2`](https://github.com/alecthomas/chroma/commit/dc982d2) add Mojo lexer
+feat: [`f0d460e`](https://github.com/alecthomas/chroma/commit/f0d460e) odin: support the new build tag feature
+fix: [`88084b6`](https://github.com/alecthomas/chroma/commit/88084b6) terraform: dot in a string breaks the highlighting.
+fix: [`e0c7747`](https://github.com/alecthomas/chroma/commit/e0c7747) nginx conf: IP address as name detection
+fix: [`79621af`](https://github.com/alecthomas/chroma/commit/79621af) solidity: handling of inline assembly
+fix: [`d829579`](https://github.com/alecthomas/chroma/commit/d829579) ocaml: support multistring
diff --git a/release-notes/7607.md b/release-notes/7607.md
new file mode 100644
index 0000000000..1725132a28
--- /dev/null
+++ b/release-notes/7607.md
@@ -0,0 +1,5 @@
+feat: [`22859e6`](https://github.com/alecthomas/chroma/commit/22859e6) Add Lean lexer
+fix: [`8fa488c`](https://github.com/alecthomas/chroma/commit/8fa488c) Fix Gleam lexer
+fix: [`5409db0`](https://github.com/alecthomas/chroma/commit/5409db0) vue: handle more edge cases for tags
+fix: [`3df29af`](https://github.com/alecthomas/chroma/commit/3df29af) rrt: add proper diff styling to
+fix: [`9077658`](https://github.com/alecthomas/chroma/commit/9077658) terraform: properly tokenizes default_tags attribute
diff --git a/release-notes/7738.md b/release-notes/7738.md
new file mode 100644
index 0000000000..6afd684033
--- /dev/null
+++ b/release-notes/7738.md
@@ -0,0 +1,2 @@
+fix: [`2cbcfa9`](https://github.com/alecthomas/chroma/commit/2cbcfa9) fix: a bunch of styles did not correctly fallback to parent styles
+fix: [`8f4cf56`](https://github.com/alecthomas/chroma/commit/8f4cf56) fix(zig): add rule for function calls
diff --git a/release-notes/7890.md b/release-notes/7890.md
new file mode 100644
index 0000000000..96d616dbec
--- /dev/null
+++ b/release-notes/7890.md
@@ -0,0 +1 @@
+feat: [`79dde77`](https://github.com/alecthomas/chroma/commit/79dde77) Added IBM RPG lexer
diff --git a/release-notes/8393.md b/release-notes/8393.md
new file mode 100644
index 0000000000..6e7a24517a
--- /dev/null
+++ b/release-notes/8393.md
@@ -0,0 +1,5 @@
+feat: [`970eacc`](https://github.com/alecthomas/chroma/commit/970eacc) add MoonScript lexer
+feat: [`bc60826`](https://github.com/alecthomas/chroma/commit/bc60826) add Core lexer
+fix: [`2c20473`](https://github.com/alecthomas/chroma/commit/2c20473) RPGLE: various lexer & style fixes
+fix: [`c803d79`](https://github.com/alecthomas/chroma/commit/c803d79) zig: detect zig object notation files as zig
+fix: [`ffedbf4`](https://github.com/alecthomas/chroma/commit/ffedbf4) kotlin: detect kotlin script files as kotlin
diff --git a/release-notes/8783.md b/release-notes/8783.md
new file mode 100644
index 0000000000..00d0ccff15
--- /dev/null
+++ b/release-notes/8783.md
@@ -0,0 +1,9 @@
+feat: [`5d56970`](https://github.com/alecthomas/chroma/commit/5d56970) Add `uv.lock` to TOML lexer
+feat: [`a53c924`](https://github.com/alecthomas/chroma/commit/a53c924) create Lexer for Nu
+feat: [`abe0195`](https://github.com/alecthomas/chroma/commit/abe0195) create lexer for lox
+feat: [`f3be4c6`](https://github.com/alecthomas/chroma/commit/f3be4c6) create lexer for Gemtext
+feat: [`acd21c6`](https://github.com/alecthomas/chroma/commit/acd21c6) add aspect-ratio property to css.xml
+feat: [`d0ad679`](https://github.com/alecthomas/chroma/commit/d0ad679) improve Go lexer
+fix: [`1ca24c9`](https://github.com/alecthomas/chroma/commit/1ca24c9) correct lexing AS keyword for docker
+fix: [`1f48e65`](https://github.com/alecthomas/chroma/commit/1f48e65) markdown: don't delegate to HTML lexer
+fix: [`dfb2819`](https://github.com/alecthomas/chroma/commit/dfb2819) Fixed ObjectPascal comment issue
diff --git a/release-notes/9373.md b/release-notes/9373.md
new file mode 100644
index 0000000000..5a48b57de1
--- /dev/null
+++ b/release-notes/9373.md
@@ -0,0 +1 @@
+Foreign keys have been added to the Forgejo database schema, which may identify data inconsistencies during the v41 database schema upgrade. If migration errors occur, `forgejo doctor check --all` can be used to identify the inconsistent records, which can be manually corrected or deleted. `forgejo doctor check --all --fix` will automatically delete the inconsistent records. Affected tables in this release are: `stopwatch` (references `issue` and `user`), and `tracked_time` (references `issue` and `user`).
\ No newline at end of file
diff --git a/release-notes/9458.md b/release-notes/9458.md
new file mode 100644
index 0000000000..444113eccb
--- /dev/null
+++ b/release-notes/9458.md
@@ -0,0 +1 @@
+Forgejo subcommands which only accept flag options would previously ignore any command-line arguments that were not flags and silently proceed to execute the command. This could lead to unexpected effects; for example, `--must-change-password false` is actually parsed as two arguments, `--must-change-password`, and `false`, where the `false` argument was ignored. In order to prevent misunderstandings where the user may have intended a supported argument format (`--must-change-password=false`), the presence of extra arguments that are not flags will now result in an error. Users of the Forgejo CLI who are relying on the previous behavior will find their commands are now resulting in errors.
\ No newline at end of file
diff --git a/release-notes/9513.md b/release-notes/9513.md
new file mode 100644
index 0000000000..e744c87a59
--- /dev/null
+++ b/release-notes/9513.md
@@ -0,0 +1 @@
+fix!: Prevent forked `.profile` repositories from displaying profile content. When a user forked a repository named `.profile` without having created their own `.profile` repository, the content from the forked repository was unexpectedly displayed on their public profile page. This could lead to users' profiles displaying content they did not intentionally create for that purpose. Forked `.profile` repositories are now treated as standard repositories and do not populate the user's public profile page. Users who wish to use the content from a forked `.profile` repository can convert the fork to a regular repository in the "Danger Zone" section of Repository settings. This issue was particularly problematic on instances where users had repository creation limits (-1) and would inappropriately use forked `.profile` repositories to obtain profile customization. 
diff --git a/release-notes/9638.md b/release-notes/9638.md
new file mode 100644
index 0000000000..c2f0008c20
--- /dev/null
+++ b/release-notes/9638.md
@@ -0,0 +1 @@
+Uploaded avatar images can sometimes contain unexpected metadata such as the location where the image was created, or the device the image was created with, stored in a format called EXIF. Forgejo now removes EXIF data when custom user and repository images are uploaded in order to reduce the risk of personally identifiable information being leaked unexpectedly. A new CLI subcommand `forgejo doctor avatar-strip-exif` can be used to strip EXIF information from all existing avatars; we recommend that administrators run this command once after upgrade in order to minimize this risk for existing stored files.
\ No newline at end of file
diff --git a/renovate.json b/renovate.json
index a184d5fe6a..d28721864c 100644
--- a/renovate.json
+++ b/renovate.json
@@ -9,13 +9,16 @@
   "baseBranchPatterns": [
     "$default",
     "/^v11\\.\\d+/forgejo$/",
-    "/^v12\\.\\d+/forgejo$/"
+    "/^v13\\.\\d+/forgejo$/"
   ],
   "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths", "npmDedupe"],
   "prConcurrentLimit": 10,
   "osvVulnerabilityAlerts": true,
   "automergeStrategy": "squash",
   "labels": ["dependency-upgrade", "test/not-needed"],
+  "constraints": {
+    "npm": "10"
+  },
   "packageRules": [
     {
       "description": "Require approval for python minor version",
diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index a971cd3fbf..2b3f0db1e5 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -14,6 +14,7 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/actions"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	actions_service "forgejo.org/services/actions"
 
@@ -224,6 +225,15 @@ func (s *Service) UpdateTask(
 		if err := actions_service.EmitJobsIfReady(task.Job.RunID); err != nil {
 			log.Error("Emit ready jobs of run %d: %v", task.Job.RunID, err)
 		}
+		// Reaching a finalized result for a task can cause other tasks in the same concurrency group to become
+		// unblocked. Increasing task version here allows all applicable runners to requery to the DB for that state.
+		// Because it is only useful for that condition, and it has system performance risks, only enable it when
+		// concurrency group queuing is enabled.
+		if setting.Actions.ConcurrencyGroupQueueEnabled {
+			if err := actions_model.IncreaseTaskVersion(ctx, runner.OwnerID, runner.RepoID); err != nil {
+				return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("fail to increase task version: %w", err))
+			}
+		}
 	}
 
 	return connect.NewResponse(&runnerv1.UpdateTaskResponse{
diff --git a/routers/api/packages/debian/debian.go b/routers/api/packages/debian/debian.go
index fd64e35657..49b2153724 100644
--- a/routers/api/packages/debian/debian.go
+++ b/routers/api/packages/debian/debian.go
@@ -298,11 +298,13 @@ func DeletePackageFile(ctx *context.Context) {
 
 	if pd != nil {
 		notify_service.PackageDelete(ctx, ctx.Doer, pd)
-	}
-
-	if err := debian_service.BuildSpecificRepositoryFiles(ctx, ctx.Package.Owner.ID, distribution, component, architecture); err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
-		return
+	} else {
+		// If the entire package version wasn't deleted and some other distribution/cmoponent/architecture remains for
+		// this package, we need to explicitly rebuild this part of the package index.
+		if err := debian_service.BuildSpecificRepositoryFiles(ctx, ctx.Package.Owner.ID, distribution, component, architecture); err != nil {
+			apiError(ctx, http.StatusInternalServerError, err)
+			return
+		}
 	}
 
 	ctx.Status(http.StatusNoContent)
diff --git a/routers/api/packages/nuget/auth.go b/routers/api/packages/nuget/auth.go
index 92868bdef5..139f84a0c6 100644
--- a/routers/api/packages/nuget/auth.go
+++ b/routers/api/packages/nuget/auth.go
@@ -9,7 +9,6 @@ import (
 	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
-	"forgejo.org/modules/timeutil"
 	"forgejo.org/services/auth"
 )
 
@@ -38,9 +37,8 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 		return nil, err
 	}
 
-	token.UpdatedUnix = timeutil.TimeStampNow()
-	if err := auth_model.UpdateAccessToken(req.Context(), token); err != nil {
-		log.Error("UpdateAccessToken:  %v", err)
+	if err := token.UpdateLastUsed(req.Context()); err != nil {
+		log.Error("UpdateLastUsed:  %v", err)
 	}
 
 	return u, nil
diff --git a/routers/api/v1/admin/runners.go b/routers/api/v1/admin/runners.go
index e459b947ff..7c53a717a9 100644
--- a/routers/api/v1/admin/runners.go
+++ b/routers/api/v1/admin/runners.go
@@ -14,7 +14,7 @@ import (
 func GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /admin/runners/registration-token admin adminGetRunnerRegistrationToken
 	// ---
-	// summary: Get an global actions runner registration token
+	// summary: Get a global actions runner registration token
 	// produces:
 	// - application/json
 	// parameters:
@@ -44,3 +44,81 @@ func SearchActionRunJobs(ctx *context.APIContext) {
 	//     "$ref": "#/responses/forbidden"
 	shared.GetActionRunJobs(ctx, 0, 0)
 }
+
+// CreateRegistrationToken returns the token to register global runners
+func CreateRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation POST /admin/actions/runners/registration-token admin adminCreateRunnerRegistrationToken
+	// ---
+	// summary: Get a global actions runner registration token
+	// produces:
+	// - application/json
+	// parameters:
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RegistrationToken"
+
+	shared.GetRegistrationToken(ctx, 0, 0)
+}
+
+// ListRunners get all runners
+func ListRunners(ctx *context.APIContext) {
+	// swagger:operation GET /admin/actions/runners admin getAdminRunners
+	// ---
+	// summary: Get all runners
+	// produces:
+	// - application/json
+	// responses:
+	//   "200":
+	//     "$ref": "#/definitions/ActionRunnersResponse"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.ListRunners(ctx, 0, 0)
+}
+
+// GetRunner get a global runner
+func GetRunner(ctx *context.APIContext) {
+	// swagger:operation GET /admin/actions/runners/{runner_id} admin getAdminRunner
+	// ---
+	// summary: Get a global runner
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: runner_id
+	//   in: path
+	//   description: id of the runner
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/definitions/ActionRunner"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.GetRunner(ctx, 0, 0, ctx.ParamsInt64("runner_id"))
+}
+
+// DeleteRunner delete a global runner
+func DeleteRunner(ctx *context.APIContext) {
+	// swagger:operation DELETE /admin/actions/runners/{runner_id} admin deleteAdminRunner
+	// ---
+	// summary: Delete a global runner
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: runner_id
+	//   in: path
+	//   description: id of the runner
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     description: runner has been deleted
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.DeleteRunner(ctx, 0, 0, ctx.ParamsInt64("runner_id"))
+}
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 6bc520f510..4c436aa070 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -254,6 +254,7 @@ func EditUser(ctx *context.APIContext) {
 		MaxRepoCreation:         optional.FromPtr(form.MaxRepoCreation),
 		AllowCreateOrganization: optional.FromPtr(form.AllowCreateOrganization),
 		IsRestricted:            optional.FromPtr(form.Restricted),
+		KeepEmailPrivate:        optional.FromPtr(form.HideEmail),
 	}
 
 	if err := user_service.UpdateUser(ctx, ctx.ContextUser, opts); err != nil {
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index fd8cf72003..f5f4bfc8bb 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -856,7 +856,11 @@ func Routes() *web.Route {
 			})
 
 			m.Group("/runners", func() {
+				m.Get("", reqToken(), reqChecker, act.ListRunners)
 				m.Get("/registration-token", reqToken(), reqChecker, act.GetRegistrationToken)
+				m.Post("/registration-token", reqToken(), reqChecker, act.CreateRegistrationToken)
+				m.Get("/{runner_id}", reqToken(), reqChecker, act.GetRunner)
+				m.Delete("/{runner_id}", reqToken(), reqChecker, act.DeleteRunner)
 				m.Get("/jobs", reqToken(), reqChecker, act.SearchActionRunJobs)
 			})
 		})
@@ -1014,7 +1018,11 @@ func Routes() *web.Route {
 				})
 
 				m.Group("/runners", func() {
+					m.Get("", reqToken(), user.ListRunners)
 					m.Get("/registration-token", reqToken(), user.GetRegistrationToken)
+					m.Post("/registration-token", reqToken(), user.CreateRegistrationToken)
+					m.Get("/{runner_id}", reqToken(), user.GetRunner)
+					m.Delete("/{runner_id}", reqToken(), user.DeleteRunner)
 					m.Get("/jobs", reqToken(), user.SearchActionRunJobs)
 				})
 			})
@@ -1689,6 +1697,12 @@ func Routes() *web.Route {
 					Patch(bind(api.EditHookOption{}), admin.EditHook).
 					Delete(admin.DeleteHook)
 			})
+			m.Group("/actions/runners", func() {
+				m.Get("", admin.ListRunners)
+				m.Post("/registration-token", admin.CreateRegistrationToken)
+				m.Get("/{runner_id}", admin.GetRunner)
+				m.Delete("/{runner_id}", admin.DeleteRunner)
+			})
 			m.Group("/runners", func() {
 				m.Get("/registration-token", admin.GetRegistrationToken)
 				m.Get("/jobs", admin.SearchActionRunJobs)
diff --git a/routers/api/v1/org/action.go b/routers/api/v1/org/action.go
index 4d7f1fa0f7..8f456fe02f 100644
--- a/routers/api/v1/org/action.go
+++ b/routers/api/v1/org/action.go
@@ -214,6 +214,27 @@ func (Action) SearchActionRunJobs(ctx *context.APIContext) {
 	shared.GetActionRunJobs(ctx, ctx.Org.Organization.ID, 0)
 }
 
+// https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
+// CreateRegistrationToken returns the token to register org runners
+func (Action) CreateRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation POST /orgs/{org}/actions/runners/registration-token organization orgCreateRunnerRegistrationToken
+	// ---
+	// summary: Get an organization's actions runner registration token
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RegistrationToken"
+
+	shared.GetRegistrationToken(ctx, ctx.Org.Organization.ID, 0)
+}
+
 // ListVariables list org-level variables
 func (Action) ListVariables(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/variables organization getOrgVariablesList
@@ -266,6 +287,85 @@ func (Action) ListVariables(ctx *context.APIContext) {
 	ctx.JSON(http.StatusOK, variables)
 }
 
+// ListRunners get org-level runners
+func (Action) ListRunners(ctx *context.APIContext) {
+	// swagger:operation GET /orgs/{org}/actions/runners organization getOrgRunners
+	// ---
+	// summary: Get org-level runners
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/definitions/ActionRunnersResponse"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.ListRunners(ctx, ctx.Org.Organization.ID, 0)
+}
+
+// GetRunner get an org-level runner
+func (Action) GetRunner(ctx *context.APIContext) {
+	// swagger:operation GET /orgs/{org}/actions/runners/{runner_id} organization getOrgRunner
+	// ---
+	// summary: Get an org-level runner
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// - name: runner_id
+	//   in: path
+	//   description: id of the runner
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/definitions/ActionRunner"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.GetRunner(ctx, ctx.Org.Organization.ID, 0, ctx.ParamsInt64("runner_id"))
+}
+
+// DeleteRunner delete an org-level runner
+func (Action) DeleteRunner(ctx *context.APIContext) {
+	// swagger:operation DELETE /orgs/{org}/actions/runners/{runner_id} organization deleteOrgRunner
+	// ---
+	// summary: Delete an org-level runner
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// - name: runner_id
+	//   in: path
+	//   description: id of the runner
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     description: runner has been deleted
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.DeleteRunner(ctx, ctx.Org.Organization.ID, 0, ctx.ParamsInt64("runner_id"))
+}
+
 // GetVariable gives organization's variable
 func (Action) GetVariable(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/variables/{variablename} organization getOrgVariable
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index c0b75e7de9..716a0b7fdb 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -504,6 +504,125 @@ func (Action) GetRegistrationToken(ctx *context.APIContext) {
 	shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
 }
 
+// CreateRegistrationToken returns the token to register repo runners
+func (Action) CreateRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation POST /repos/{owner}/{repo}/actions/runners/registration-token repository repoCreateRunnerRegistrationToken
+	// ---
+	// summary: Get a repository's actions runner registration token
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RegistrationToken"
+
+	shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
+}
+
+// ListRunners get repo-level runners
+func (Action) ListRunners(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/actions/runners repository getRepoRunners
+	// ---
+	// summary: Get repo-level runners
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/definitions/ActionRunnersResponse"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.ListRunners(ctx, 0, ctx.Repo.Repository.ID)
+}
+
+// GetRunner get a repo-level runner
+func (Action) GetRunner(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/actions/runners/{runner_id} repository getRepoRunner
+	// ---
+	// summary: Get a repo-level runner
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: runner_id
+	//   in: path
+	//   description: id of the runner
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/definitions/ActionRunner"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.GetRunner(ctx, 0, ctx.Repo.Repository.ID, ctx.ParamsInt64("runner_id"))
+}
+
+// DeleteRunner delete a repo-level runner
+func (Action) DeleteRunner(ctx *context.APIContext) {
+	// swagger:operation DELETE /repos/{owner}/{repo}/actions/runners/{runner_id} repository deleteRepoRunner
+	// ---
+	// summary: Delete a repo-level runner
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: runner_id
+	//   in: path
+	//   description: id of the runner
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     description: runner has been deleted
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.DeleteRunner(ctx, 0, ctx.Repo.Repository.ID, ctx.ParamsInt64("runner_id"))
+}
+
 // SearchActionRunJobs return a list of actions jobs filtered by the provided parameters
 func (Action) SearchActionRunJobs(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/actions/runners/jobs repository repoSearchRunJobs
@@ -688,7 +807,7 @@ func DispatchWorkflow(ctx *context.APIContext) {
 	if opt.ReturnRunInfo {
 		ctx.JSON(http.StatusCreated, workflowRun)
 	} else {
-		ctx.JSON(http.StatusNoContent, nil)
+		ctx.Status(http.StatusNoContent)
 	}
 }
 
diff --git a/routers/api/v1/repo/migrate.go b/routers/api/v1/repo/migrate.go
index e58545c2f6..874a05a3ac 100644
--- a/routers/api/v1/repo/migrate.go
+++ b/routers/api/v1/repo/migrate.go
@@ -4,7 +4,6 @@
 package repo
 
 import (
-	"bytes"
 	"errors"
 	"fmt"
 	"net/http"
@@ -195,10 +194,9 @@ func Migrate(ctx *context.APIContext) {
 
 	defer func() {
 		if e := recover(); e != nil {
-			var buf bytes.Buffer
-			fmt.Fprintf(&buf, "Handler crashed with error: %v", log.Stack(2))
-
-			err = errors.New(buf.String())
+			log.Error("PANIC recovered: %v\nStacktrace: %s", e, log.Stack(2))
+			err = fmt.Errorf("PANIC recover with error %v", e)
+			ctx.Error(http.StatusInternalServerError, "Recovered PANIC with error", err)
 		}
 
 		if err == nil {
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 812468f6b4..778a1c17b1 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -433,7 +433,7 @@ func CreatePullRequest(ctx *context.APIContext) {
 	)
 
 	// Get repo/branch information
-	headRepo, headGitRepo, compareInfo, baseBranch, headBranch := parseCompareInfo(ctx, form)
+	headRepo, headGitRepo, _, baseBranch, headBranch := parseCompareInfo(ctx, form)
 	if ctx.Written() {
 		return
 	}
@@ -522,7 +522,6 @@ func CreatePullRequest(ctx *context.APIContext) {
 		BaseBranch: baseBranch,
 		HeadRepo:   headRepo,
 		BaseRepo:   repo,
-		MergeBase:  compareInfo.MergeBase,
 		Type:       issues_model.PullRequestGitea,
 	}
 
@@ -1594,26 +1593,22 @@ func GetPullRequestFiles(ctx *context.APIContext) {
 
 	baseGitRepo := ctx.Repo.GitRepo
 
-	var prInfo *git.CompareInfo
+	baseRef := pr.BaseBranch
 	if pr.HasMerged {
-		prInfo, err = baseGitRepo.GetCompareInfo(pr.BaseRepo.RepoPath(), pr.MergeBase, pr.GetGitRefName(), true, false)
-	} else {
-		prInfo, err = baseGitRepo.GetCompareInfo(pr.BaseRepo.RepoPath(), pr.BaseBranch, pr.GetGitRefName(), true, false)
+		baseRef = pr.MergeBase
 	}
+	startCommitID, err := baseGitRepo.GetMergeBaseSimple(baseRef, pr.GetGitRefName())
 	if err != nil {
-		ctx.ServerError("GetCompareInfo", err)
-		return
+		// No merge base exists, fallback to use base reference.
+		startCommitID = baseRef
 	}
 
-	headCommitID, err := baseGitRepo.GetRefCommitID(pr.GetGitRefName())
+	endCommitID, err := baseGitRepo.GetRefCommitID(pr.GetGitRefName())
 	if err != nil {
 		ctx.ServerError("GetRefCommitID", err)
 		return
 	}
 
-	startCommitID := prInfo.MergeBase
-	endCommitID := headCommitID
-
 	maxLines := setting.Git.MaxGitDiffLines
 
 	// FIXME: If there are too many files in the repo, may cause some unpredictable issues.
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index 3f4edfe9b2..dba2142031 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -5,6 +5,7 @@ package shared
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
 	"strings"
 
@@ -12,7 +13,9 @@ import (
 	"forgejo.org/models/db"
 	"forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
+	"forgejo.org/routers/api/v1/utils"
 	"forgejo.org/services/context"
+	"forgejo.org/services/convert"
 )
 
 // RegistrationToken is a string used to register a runner with a server
@@ -69,3 +72,95 @@ func fromRunJobModelToResponse(job []*actions_model.ActionRunJob, labels []strin
 	}
 	return res
 }
+
+// ListRunners lists runners for api route validated ownerID and repoID
+// ownerID == 0 and repoID == 0 means all runners including global runners, does not appear in sql where clause
+// ownerID == 0 and repoID != 0 means all runners for the given repo
+// ownerID != 0 and repoID == 0 means all runners for the given user/org
+// ownerID != 0 and repoID != 0 undefined behavior
+// Access rights are checked at the API route level
+func ListRunners(ctx *context.APIContext, ownerID, repoID int64) {
+	if ownerID != 0 && repoID != 0 {
+		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("ownerID and repoID should not be both set: %d and %d", ownerID, repoID))
+		return
+	}
+	runners, total, err := db.FindAndCount[actions_model.ActionRunner](ctx, &actions_model.FindRunnerOptions{
+		OwnerID:     ownerID,
+		RepoID:      repoID,
+		ListOptions: utils.GetListOptions(ctx),
+	})
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "FindCountRunners", map[string]string{})
+		return
+	}
+
+	res := new(structs.ActionRunnersResponse)
+	res.TotalCount = total
+
+	res.Entries = make([]*structs.ActionRunner, len(runners))
+	for i, runner := range runners {
+		res.Entries[i] = convert.ToActionRunner(ctx, runner)
+	}
+
+	ctx.JSON(http.StatusOK, &res)
+}
+
+// GetRunner get the runner for api route validated ownerID and repoID
+// ownerID == 0 and repoID == 0 means any runner including global runners
+// ownerID == 0 and repoID != 0 means any runner for the given repo
+// ownerID != 0 and repoID == 0 means any runner for the given user/org
+// ownerID != 0 and repoID != 0 undefined behavior
+// Access rights are checked at the API route level
+func GetRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
+	if ownerID != 0 && repoID != 0 {
+		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("ownerID and repoID should not be both set: %d and %d", ownerID, repoID))
+		return
+	}
+	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "GetRunnerNotFound", err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "GetRunnerFailed", err)
+		}
+		return
+	}
+	if !runner.Editable(ownerID, repoID) {
+		ctx.Error(http.StatusNotFound, "RunnerEdit", "No permission to get this runner")
+		return
+	}
+	ctx.JSON(http.StatusOK, convert.ToActionRunner(ctx, runner))
+}
+
+// DeleteRunner deletes the runner for api route validated ownerID and repoID
+// ownerID == 0 and repoID == 0 means any runner including global runners
+// ownerID == 0 and repoID != 0 means any runner for the given repo
+// ownerID != 0 and repoID == 0 means any runner for the given user/org
+// ownerID != 0 and repoID != 0 undefined behavior
+// Access rights are checked at the API route level
+func DeleteRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
+	if ownerID != 0 && repoID != 0 {
+		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("ownerID and repoID should not be both set: %d and %d", ownerID, repoID))
+		return
+	}
+	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "DeleteRunnerNotFound", err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "DeleteRunnerFailed", err)
+		}
+		return
+	}
+	if !runner.Editable(ownerID, repoID) {
+		ctx.Error(http.StatusNotFound, "EditRunner", "No permission to delete this runner")
+		return
+	}
+
+	err = actions_model.DeleteRunner(ctx, runner)
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+	ctx.Status(http.StatusNoContent)
+}
diff --git a/routers/api/v1/swagger/action.go b/routers/api/v1/swagger/action.go
index 910c265150..cf853c986f 100644
--- a/routers/api/v1/swagger/action.go
+++ b/routers/api/v1/swagger/action.go
@@ -56,3 +56,17 @@ type swaggerRegistrationToken struct {
 	// in: body
 	Body shared.RegistrationToken `json:"body"`
 }
+
+// ActionRunner represents a Runner
+// swagger:response ActionRunner
+type swaggerActionRunner struct {
+	// in: body
+	Body api.ActionRunner `json:"body"`
+}
+
+// ActionRunnersResponse returns Runners
+// swagger:response ActionRunnersResponse
+type swaggerActionRunnerResponse struct {
+	// in: body
+	Body api.ActionRunnersResponse `json:"body"`
+}
diff --git a/routers/api/v1/user/runners.go b/routers/api/v1/user/runners.go
index 579e3eb932..2cfdd8a03a 100644
--- a/routers/api/v1/user/runners.go
+++ b/routers/api/v1/user/runners.go
@@ -50,3 +50,89 @@ func SearchActionRunJobs(ctx *context.APIContext) {
 	//     "$ref": "#/responses/forbidden"
 	shared.GetActionRunJobs(ctx, ctx.Doer.ID, 0)
 }
+
+// CreateRegistrationToken returns the token to register user runners
+func CreateRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation POST /user/actions/runners/registration-token user userCreateRunnerRegistrationToken
+	// ---
+	// summary: Get an user's actions runner registration token
+	// produces:
+	// - application/json
+	// parameters:
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RegistrationToken"
+	//   "401":
+	//     "$ref": "#/responses/unauthorized"
+
+	shared.GetRegistrationToken(ctx, ctx.Doer.ID, 0)
+}
+
+// ListRunners get user-level runners
+func ListRunners(ctx *context.APIContext) {
+	// swagger:operation GET /user/actions/runners user getUserRunners
+	// ---
+	// summary: Get user-level runners
+	// produces:
+	// - application/json
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/ActionRunnersResponse"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "401":
+	//     "$ref": "#/responses/unauthorized"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.ListRunners(ctx, ctx.Doer.ID, 0)
+}
+
+// GetRunner get an user-level runner
+func GetRunner(ctx *context.APIContext) {
+	// swagger:operation GET /user/actions/runners/{runner_id} user getUserRunner
+	// ---
+	// summary: Get an user-level runner
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: runner_id
+	//   in: path
+	//   description: id of the runner
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/ActionRunner"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "401":
+	//     "$ref": "#/responses/unauthorized"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.GetRunner(ctx, ctx.Doer.ID, 0, ctx.ParamsInt64("runner_id"))
+}
+
+// DeleteRunner delete an user-level runner
+func DeleteRunner(ctx *context.APIContext) {
+	// swagger:operation DELETE /user/actions/runners/{runner_id} user deleteUserRunner
+	// ---
+	// summary: Delete an user-level runner
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: runner_id
+	//   in: path
+	//   description: id of the runner
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     description: runner has been deleted
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "401":
+	//     "$ref": "#/responses/unauthorized"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	shared.DeleteRunner(ctx, ctx.Doer.ID, 0, ctx.ParamsInt64("runner_id"))
+}
diff --git a/routers/common/db.go b/routers/common/db.go
index ec31ced1bf..09c2c4072e 100644
--- a/routers/common/db.go
+++ b/routers/common/db.go
@@ -9,7 +9,7 @@ import (
 	"time"
 
 	"forgejo.org/models/db"
-	"forgejo.org/models/migrations"
+	"forgejo.org/models/gitea_migrations"
 	system_model "forgejo.org/models/system"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
@@ -43,15 +43,15 @@ func InitDBEngine(ctx context.Context) (err error) {
 
 func migrateWithSetting(x *xorm.Engine) error {
 	if setting.Database.AutoMigration {
-		return migrations.Migrate(x)
+		return gitea_migrations.Migrate(x)
 	}
 
-	if current, err := migrations.GetCurrentDBVersion(x); err != nil {
+	if current, err := gitea_migrations.GetCurrentDBVersion(x); err != nil {
 		return err
 	} else if current < 0 {
 		// execute migrations when the database isn't initialized even if AutoMigration is false
-		return migrations.Migrate(x)
-	} else if expected := migrations.ExpectedDBVersion(); current != expected {
+		return gitea_migrations.Migrate(x)
+	} else if expected := gitea_migrations.ExpectedDBVersion(); current != expected {
 		log.Fatal(`"database.AUTO_MIGRATION" is disabled, but current database version %d is not equal to the expected version %d.`+
 			`You can set "database.AUTO_MIGRATION" to true or migrate manually by running "forgejo [--config /path/to/app.ini] migrate"`, current, expected)
 	}
diff --git a/routers/install/install.go b/routers/install/install.go
index f64f395a7f..eaede217d3 100644
--- a/routers/install/install.go
+++ b/routers/install/install.go
@@ -17,7 +17,7 @@ import (
 
 	"forgejo.org/models/db"
 	db_install "forgejo.org/models/db/install"
-	"forgejo.org/models/migrations"
+	"forgejo.org/models/gitea_migrations"
 	system_model "forgejo.org/models/system"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/auth/password/hash"
@@ -362,7 +362,7 @@ func SubmitInstall(ctx *context.Context) {
 
 	// Init the engine with migration
 	// Wrap migrations.Migrate into a function of type func(db.Engine) error to fix diagnostics.
-	if err = db.InitEngineWithMigration(ctx, migrations.WrapperMigrate); err != nil {
+	if err = db.InitEngineWithMigration(ctx, gitea_migrations.WrapperMigrate); err != nil {
 		db.UnsetDefaultEngine()
 		ctx.Data["Err_DbSetting"] = true
 		ctx.RenderWithErr(ctx.Tr("install.invalid_db_setting", err), tplInstall, &form)
diff --git a/routers/private/default_branch.go b/routers/private/default_branch.go
index da185e1ab1..7e99e57b4b 100644
--- a/routers/private/default_branch.go
+++ b/routers/private/default_branch.go
@@ -10,11 +10,11 @@ import (
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/private"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 )
 
 // SetDefaultBranch updates the default branch
-func SetDefaultBranch(ctx *gitea_context.PrivateContext) {
+func SetDefaultBranch(ctx *app_context.PrivateContext) {
 	ownerName := ctx.Params(":owner")
 	repoName := ctx.Params(":repo")
 	branch := ctx.Params(":branch")
diff --git a/routers/private/hook_post_receive.go b/routers/private/hook_post_receive.go
index a856a7a00a..0acc09ab1b 100644
--- a/routers/private/hook_post_receive.go
+++ b/routers/private/hook_post_receive.go
@@ -27,12 +27,12 @@ import (
 	timeutil "forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	repo_service "forgejo.org/services/repository"
 )
 
 // HookPostReceive updates services and users
-func HookPostReceive(ctx *gitea_context.PrivateContext) {
+func HookPostReceive(ctx *app_context.PrivateContext) {
 	opts := web.GetForm(ctx).(*private.HookOptions)
 
 	// We don't rely on RepoAssignment here because:
@@ -325,7 +325,7 @@ func loadContextCacheUser(ctx context.Context, id int64) (*user_model.User, erro
 }
 
 // handlePullRequestMerging handle pull request merging, a pull request action should push at least 1 commit
-func handlePullRequestMerging(ctx *gitea_context.PrivateContext, opts *private.HookOptions, ownerName, repoName string, updates []*repo_module.PushUpdateOptions) {
+func handlePullRequestMerging(ctx *app_context.PrivateContext, opts *private.HookOptions, ownerName, repoName string, updates []*repo_module.PushUpdateOptions) {
 	if len(updates) == 0 {
 		ctx.JSON(http.StatusInternalServerError, private.HookPostReceiveResult{
 			Err: fmt.Sprintf("Pushing a merged PR (pr:%d) no commits pushed ", opts.PullRequestID),
diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
index 45992e8522..217e5d817f 100644
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@@ -23,12 +23,12 @@ import (
 	"forgejo.org/modules/private"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/web"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	pull_service "forgejo.org/services/pull"
 )
 
 type preReceiveContext struct {
-	*gitea_context.PrivateContext
+	*app_context.PrivateContext
 
 	// loadedPusher indicates that where the following information are loaded
 	loadedPusher        bool
@@ -175,7 +175,7 @@ func (ctx *preReceiveContext) quotaExceeded() {
 }
 
 // HookPreReceive checks whether a individual commit is acceptable
-func HookPreReceive(ctx *gitea_context.PrivateContext) {
+func HookPreReceive(ctx *app_context.PrivateContext) {
 	opts := web.GetForm(ctx).(*private.HookOptions)
 
 	ourCtx := &preReceiveContext{
diff --git a/routers/private/hook_proc_receive.go b/routers/private/hook_proc_receive.go
index 9f6e23f158..167036821b 100644
--- a/routers/private/hook_proc_receive.go
+++ b/routers/private/hook_proc_receive.go
@@ -11,11 +11,11 @@ import (
 	"forgejo.org/modules/private"
 	"forgejo.org/modules/web"
 	"forgejo.org/services/agit"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 )
 
 // HookProcReceive proc-receive hook - only handles agit Proc-Receive requests at present
-func HookProcReceive(ctx *gitea_context.PrivateContext) {
+func HookProcReceive(ctx *app_context.PrivateContext) {
 	opts := web.GetForm(ctx).(*private.HookOptions)
 
 	results, err := agit.ProcReceive(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, opts)
diff --git a/routers/private/internal_repo.go b/routers/private/internal_repo.go
index f237d2c676..dec020878f 100644
--- a/routers/private/internal_repo.go
+++ b/routers/private/internal_repo.go
@@ -12,13 +12,13 @@ import (
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/private"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 )
 
 // This file contains common functions relating to setting the Repository for the internal routes
 
 // RepoAssignment assigns the repository and gitrepository to the private context
-func RepoAssignment(ctx *gitea_context.PrivateContext) context.CancelFunc {
+func RepoAssignment(ctx *app_context.PrivateContext) context.CancelFunc {
 	ownerName := ctx.Params(":owner")
 	repoName := ctx.Params(":repo")
 
@@ -37,7 +37,7 @@ func RepoAssignment(ctx *gitea_context.PrivateContext) context.CancelFunc {
 		return nil
 	}
 
-	ctx.Repo = &gitea_context.Repository{
+	ctx.Repo = &app_context.Repository{
 		Repository: repo,
 		GitRepo:    gitRepo,
 	}
@@ -53,7 +53,7 @@ func RepoAssignment(ctx *gitea_context.PrivateContext) context.CancelFunc {
 	return cancel
 }
 
-func loadRepository(ctx *gitea_context.PrivateContext, ownerName, repoName string) *repo_model.Repository {
+func loadRepository(ctx *app_context.PrivateContext, ownerName, repoName string) *repo_model.Repository {
 	repo, err := repo_model.GetRepositoryByOwnerAndName(ctx, ownerName, repoName)
 	if err != nil {
 		log.Error("Failed to get repository: %s/%s Error: %v", ownerName, repoName, err)
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index c4727177ba..d4a32c03a0 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -48,7 +48,7 @@ func Users(ctx *context.Context) {
 	ctx.Data["PageIsAdminUsers"] = true
 
 	extraParamStrings := map[string]string{}
-	statusFilterKeys := []string{"is_active", "is_admin", "is_restricted", "is_2fa_enabled", "is_prohibit_login"}
+	statusFilterKeys := []string{"is_active", "is_admin", "is_restricted", "is_2fa_enabled", "is_prohibit_login", "account_type"}
 	statusFilterMap := map[string]string{}
 	for _, filterKey := range statusFilterKeys {
 		paramKey := "status_filter[" + filterKey + "]"
@@ -59,6 +59,19 @@ func Users(ctx *context.Context) {
 		}
 	}
 
+	accountType := statusFilterMap["account_type"]
+	accountTypeFilter := optional.None[user_model.UserType]()
+	if accountType != "" {
+		accountTypeInt, err := strconv.ParseInt(accountType, 10, 0)
+		if err != nil {
+			ctx.ServerError("account_type int", err)
+			return
+		}
+
+		accountTypeFilter = optional.Some(user_model.UserType(accountTypeInt))
+		extraParamStrings["account_type"] = accountType
+	}
+
 	sortType := ctx.FormString("sort")
 	if sortType == "" {
 		sortType = UserSearchDefaultAdminSort
@@ -81,6 +94,7 @@ func Users(ctx *context.Context) {
 		IsRestricted:       optional.ParseBool(statusFilterMap["is_restricted"]),
 		IsTwoFactorEnabled: optional.ParseBool(statusFilterMap["is_2fa_enabled"]),
 		IsProhibitLogin:    optional.ParseBool(statusFilterMap["is_prohibit_login"]),
+		AccountType:        accountTypeFilter,
 		IncludeReserved:    true, // administrator needs to list all accounts include reserved, bot, remote ones
 		Load2FAStatus:      true,
 		ExtraParamStrings:  extraParamStrings,
@@ -440,6 +454,7 @@ func EditUserPost(ctx *context.Context) {
 		IsRestricted:            optional.Some(form.Restricted),
 		Visibility:              optional.Some(form.Visibility),
 		Language:                optional.Some(form.Language),
+		KeepEmailPrivate:        optional.Some(form.HideEmail),
 	}
 
 	if err := user_service.UpdateUser(ctx, u, opts); err != nil {
diff --git a/routers/web/auth/password.go b/routers/web/auth/password.go
index 4f31f372b4..5d1da59ac5 100644
--- a/routers/web/auth/password.go
+++ b/routers/web/auth/password.go
@@ -61,7 +61,7 @@ func ForgotPasswdPost(ctx *context.Context) {
 	email := ctx.FormString("email")
 	ctx.Data["Email"] = email
 
-	u, err := user_model.GetUserByEmail(ctx, email)
+	u, err := user_model.GetUserByEmailSimple(ctx, email)
 	if err != nil {
 		if user_model.IsErrUserNotExist(err) {
 			ctx.Data["ResetPwdCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale)
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index b5e73e9d33..95f383b9a6 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -178,6 +178,7 @@ type ViewRunInfo struct {
 	Done              bool          `json:"done"`
 	Jobs              []*ViewJob    `json:"jobs"`
 	Commit            ViewCommit    `json:"commit"`
+	PreExecutionError string        `json:"preExecutionError"`
 }
 
 type ViewCurrentJob struct {
@@ -285,6 +286,7 @@ func getViewResponse(ctx *context_module.Context, req *ViewRequest, runIndex, jo
 	resp.State.Run.CanDeleteArtifact = run.Status.IsDone() && ctx.Repo.CanWrite(unit.TypeActions)
 	resp.State.Run.Jobs = make([]*ViewJob, 0, len(jobs)) // marshal to '[]' instead of 'null' in json
 	resp.State.Run.Status = run.Status.String()
+	resp.State.Run.PreExecutionError = run.PreExecutionError
 
 	// It's possible for the run to be marked with a finalized status (eg. failure) because of a  single job within the
 	// run; eg. one job fails, the run fails. But other jobs can still be running. The frontend RepoActionView uses the
diff --git a/routers/web/repo/card.go b/routers/web/repo/card.go
index 449e5c4890..26e97603a9 100644
--- a/routers/web/repo/card.go
+++ b/routers/web/repo/card.go
@@ -330,7 +330,7 @@ func drawIssueSummaryCard(ctx *context.Context, issue *issue_model.Issue) (*card
 		fmt.Sprintf(
 			"%s - %s",
 			issue.Poster.Name,
-			issue.Created.AsTime().Format(time.DateOnly),
+			issue.CreatedUnix.AsTime().Format(time.DateOnly),
 		),
 		color.Gray{128}, 36, card.Middle, card.Left)
 	if err != nil {
@@ -381,12 +381,8 @@ func drawReleaseSummaryCard(ctx *context.Context, release *repo_model.Release) (
 		return nil, err
 	}
 
-	downloadCountText := ctx.Locale.TrN(
-		strconv.FormatInt(downloadCount, 10),
-		"repo.release.download_count_one",
-		"repo.release.download_count_few",
-		strconv.FormatInt(downloadCount, 10),
-	)
+	downloadCountText := ctx.Locale.TrPluralString(downloadCount,
+		"release.n_downloads", strconv.FormatInt(downloadCount, 10))
 
 	_, err = downloadCountCard.DrawText(string(downloadCountText), color.Gray{128}, 36, card.Bottom, card.Left)
 	if err != nil {
diff --git a/routers/web/repo/compare.go b/routers/web/repo/compare.go
index feedeef945..41ad365ce1 100644
--- a/routers/web/repo/compare.go
+++ b/routers/web/repo/compare.go
@@ -358,7 +358,7 @@ func ParseCompareInfo(ctx *context.Context) *common.CompareInfo {
 	// "OwnForkRepo"
 	var ownForkRepo *repo_model.Repository
 	if ctx.Doer != nil && baseRepo.OwnerID != ctx.Doer.ID {
-		repo := repo_model.GetForkedRepo(ctx, ctx.Doer.ID, baseRepo.ID)
+		repo, _ := repo_model.GetUserForkLax(ctx, baseRepo, ctx.Doer.ID)
 		if repo != nil {
 			ownForkRepo = repo
 			ctx.Data["OwnForkRepo"] = ownForkRepo
@@ -386,18 +386,12 @@ func ParseCompareInfo(ctx *context.Context) *common.CompareInfo {
 		has = ci.HeadRepo != nil
 	}
 
-	// 6. If the baseRepo is a fork and the headUser has a fork of that use that
-	if !has && baseRepo.IsFork {
-		ci.HeadRepo = repo_model.GetForkedRepo(ctx, ci.HeadUser.ID, baseRepo.ForkID)
-		has = ci.HeadRepo != nil
-	}
-
-	// 7. Otherwise if we're not the same repo and haven't found a repo give up
+	// 6. Otherwise if we're not the same repo and haven't found a repo give up
 	if !isSameRepo && !has {
 		ctx.Data["PageIsComparePull"] = false
 	}
 
-	// 8. Finally open the git repo
+	// 7. Finally open the git repo
 	if isSameRepo {
 		ci.HeadRepo = ctx.Repo.Repository
 		ci.HeadGitRepo = ctx.Repo.GitRepo
diff --git a/routers/web/repo/editor.go b/routers/web/repo/editor.go
index 3e3cb0016d..ccbb3ac2eb 100644
--- a/routers/web/repo/editor.go
+++ b/routers/web/repo/editor.go
@@ -758,6 +758,7 @@ func UploadFilePost(ctx *context.Context) {
 		TreePath:     form.TreePath,
 		Message:      message,
 		Files:        form.Files,
+		FullPaths:    form.FullPaths,
 		Signoff:      form.Signoff,
 		Author:       gitIdentity,
 		Committer:    gitIdentity,
diff --git a/routers/web/repo/issue_content_history.go b/routers/web/repo/issue_content_history.go
index 11d0de90de..fd363855d6 100644
--- a/routers/web/repo/issue_content_history.go
+++ b/routers/web/repo/issue_content_history.go
@@ -5,6 +5,7 @@ package repo
 
 import (
 	"bytes"
+	"fmt"
 	"html"
 	"net/http"
 	"strings"
@@ -54,15 +55,18 @@ func GetContentHistoryList(ctx *context.Context) {
 	var results []map[string]any
 	for _, item := range items {
 		var actionText string
-		if item.IsDeleted {
-			actionTextDeleted := ctx.Locale.TrString("repo.issues.content_history.deleted")
-			actionText = "<i data-history-is-deleted='1'>" + actionTextDeleted + "</i>"
-		} else if item.IsFirstCreated {
+		contentFmt := "%s<strong>%s</strong> %s %s"
+		if item.IsFirstCreated {
 			actionText = ctx.Locale.TrString("repo.issues.content_history.created")
 		} else {
 			actionText = ctx.Locale.TrString("repo.issues.content_history.edited")
 		}
 
+		if item.IsDeleted {
+			actionText = "<span data-history-is-deleted='1'>" + actionText + "</span>"
+			contentFmt = "<s>" + contentFmt + "</s>"
+		}
+
 		username := item.UserName
 		if setting.UI.DefaultShowFullName && strings.TrimSpace(item.UserFullName) != "" {
 			username = strings.TrimSpace(item.UserFullName)
@@ -73,9 +77,10 @@ func GetContentHistoryList(ctx *context.Context) {
 		name := html.EscapeString(username)
 		avatarHTML := string(templates.AvatarHTML(src, 28, class, username))
 		timeSinceHTML := string(templates.TimeSince(item.EditedUnix))
+		content := fmt.Sprintf(contentFmt, avatarHTML, name, actionText, timeSinceHTML)
 
 		results = append(results, map[string]any{
-			"name":  avatarHTML + "<strong>" + name + "</strong> " + actionText + " " + timeSinceHTML,
+			"name":  content,
 			"value": item.HistoryID,
 		})
 	}
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index e484187b54..dee630d96b 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -1624,7 +1624,6 @@ func CompareAndPullRequestPost(ctx *context.Context) {
 		BaseBranch:          ci.BaseBranch,
 		HeadRepo:            ci.HeadRepo,
 		BaseRepo:            repo,
-		MergeBase:           ci.CompareInfo.MergeBase,
 		Type:                issues_model.PullRequestGitea,
 		AllowMaintainerEdit: form.AllowMaintainerEdit,
 	}
diff --git a/routers/web/shared/packages/packages.go b/routers/web/shared/packages/packages.go
index 538c1e4b71..0920beac5c 100644
--- a/routers/web/shared/packages/packages.go
+++ b/routers/web/shared/packages/packages.go
@@ -172,7 +172,8 @@ func SetRulePreviewContext(ctx *context.Context, owner *user_model.User) {
 			ctx.ServerError("SearchVersions", err)
 			return
 		}
-		for _, pv := range pvs[pcr.KeepCount:] {
+		keep := min(len(pvs), pcr.KeepCount)
+		for _, pv := range pvs[keep:] {
 			if skip, err := container_service.ShouldBeSkipped(ctx, pcr, p, pv); err != nil {
 				ctx.ServerError("ShouldBeSkipped", err)
 				return
diff --git a/routers/web/shared/user/header.go b/routers/web/shared/user/header.go
index 87feb966cb..745b3c1dca 100644
--- a/routers/web/shared/user/header.go
+++ b/routers/web/shared/user/header.go
@@ -97,6 +97,10 @@ func PrepareContextForProfileBigAvatar(ctx *context.Context) {
 func FindUserProfileReadme(ctx *context.Context, doer *user_model.User) (profileDbRepo *repo_model.Repository, profileGitRepo *git.Repository, profileReadmeBlob *git.Blob, profileClose func()) {
 	profileDbRepo, err := repo_model.GetRepositoryByName(ctx, ctx.ContextUser.ID, ".profile")
 	if err == nil {
+		// Don't show profile content if .profile repository is a fork
+		if profileDbRepo.IsFork {
+			return nil, nil, nil, func() {}
+		}
 		perm, err := access_model.GetUserRepoPermission(ctx, profileDbRepo, doer)
 		if err == nil && !profileDbRepo.IsEmpty && perm.CanRead(unit.TypeCode) {
 			if profileGitRepo, err = gitrepo.OpenRepository(ctx, profileDbRepo); err != nil {
diff --git a/routers/web/web.go b/routers/web/web.go
index 20d5376cfe..3b5564568f 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -53,6 +53,7 @@ import (
 
 	_ "forgejo.org/modules/session" // to registers all internal adapters
 
+	"code.forgejo.org/go-chi/binding"
 	"code.forgejo.org/go-chi/captcha"
 	chi_middleware "github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/cors"
@@ -1298,7 +1299,7 @@ func registerRoutes(m *web.Route) {
 					Post(web.Bind(forms.DeleteRepoFileForm{}), repo.DeleteFilePost)
 				m.Combo("/_upload/*", repo.MustBeAbleToUpload).
 					Get(repo.UploadFile).
-					Post(web.Bind(forms.UploadRepoFileForm{}), repo.UploadFilePost)
+					Post(BindUpload(), repo.UploadFilePost)
 				m.Combo("/_diffpatch/*").Get(repo.NewDiffPatch).
 					Post(web.Bind(forms.EditRepoFileForm{}), repo.NewDiffPatchPost)
 				m.Combo("/_cherrypick/{sha:([a-f0-9]{4,64})}/*").Get(repo.CherryPick).
@@ -1723,3 +1724,20 @@ func registerRoutes(m *web.Route) {
 		ctx.NotFound("", nil)
 	})
 }
+
+func BindUpload() http.HandlerFunc {
+	return func(resp http.ResponseWriter, req *http.Request) {
+		theObj := new(forms.UploadRepoFileForm) // create a new form obj for every request but not use obj directly
+		data := middleware.GetContextData(req.Context())
+		binding.Bind(req, theObj)
+		files := theObj.Files
+		var fullpaths []string
+		for _, fileID := range files {
+			fullPath := req.Form.Get("files_fullpath[" + fileID + "]")
+			fullpaths = append(fullpaths, fullPath)
+		}
+		theObj.FullPaths = fullpaths
+		data.GetData()["__form"] = theObj
+		middleware.AssignForm(theObj, data)
+	}
+}
diff --git a/services/actions/TestCancelPreviousJobs/action_run_job.yml b/services/actions/TestCancelPreviousJobs/action_run_job.yml
new file mode 100644
index 0000000000..98a39bbe4e
--- /dev/null
+++ b/services/actions/TestCancelPreviousJobs/action_run_job.yml
@@ -0,0 +1,14 @@
+-
+  id: 600
+  run_id: 894
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: job_1
+  task_id: 0
+  status: 6 # running
+  runs_on: '["fedora"]'
+  started: 1683636528
diff --git a/services/actions/TestCancelPreviousWithConcurrencyGroup/action_run.yml b/services/actions/TestCancelPreviousWithConcurrencyGroup/action_run.yml
new file mode 100644
index 0000000000..09555ec356
--- /dev/null
+++ b/services/actions/TestCancelPreviousWithConcurrencyGroup/action_run.yml
@@ -0,0 +1,38 @@
+-
+  id: 900
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 4
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
+-
+  id: 901
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 5
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
diff --git a/services/actions/TestCancelPreviousWithConcurrencyGroup/action_run_job.yml b/services/actions/TestCancelPreviousWithConcurrencyGroup/action_run_job.yml
new file mode 100644
index 0000000000..9e4fd930b6
--- /dev/null
+++ b/services/actions/TestCancelPreviousWithConcurrencyGroup/action_run_job.yml
@@ -0,0 +1,28 @@
+-
+  id: 600
+  run_id: 900
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: job_1
+  task_id: 0
+  status: 6 # running
+  runs_on: '["fedora"]'
+  started: 1683636528
+-
+  id: 601
+  run_id: 901
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: job_1
+  task_id: 0
+  status: 6 # running
+  runs_on: '["fedora"]'
+  started: 1683636528
diff --git a/services/actions/context.go b/services/actions/context.go
index bf187c56bf..f79d5affeb 100644
--- a/services/actions/context.go
+++ b/services/actions/context.go
@@ -14,11 +14,11 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/setting"
+
+	"code.forgejo.org/forgejo/runner/v11/act/model"
 )
 
-// GenerateGiteaContext generate the gitea context without token and gitea_runtime_token
-// job can be nil when generating a context for parsing workflow-level expressions
-func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.ActionRunJob) map[string]any {
+func generateGiteaContextForRun(run *actions_model.ActionRun) *model.GithubContext {
 	event := map[string]any{}
 	_ = json.Unmarshal([]byte(run.EventPayload), &event)
 
@@ -41,45 +41,64 @@ func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.Actio
 
 	refName := git.RefName(ref)
 
-	gitContext := map[string]any{
+	gitContextObj := &model.GithubContext{
 		// standard contexts, see https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
-		"action":            "",                                       // string, The name of the action currently running, or the id of a step. GitHub removes special characters, and uses the name __run when the current step runs a script without an id. If you use the same action more than once in the same job, the name will include a suffix with the sequence number with underscore before it. For example, the first script you run will have the name __run, and the second script will be named __run_2. Similarly, the second invocation of actions/checkout will be actionscheckout2.
-		"action_path":       "",                                       // string, The path where an action is located. This property is only supported in composite actions. You can use this path to access files located in the same repository as the action.
-		"action_ref":        "",                                       // string, For a step executing an action, this is the ref of the action being executed. For example, v2.
-		"action_repository": "",                                       // string, For a step executing an action, this is the owner and repository name of the action. For example, actions/checkout.
-		"action_status":     "",                                       // string, For a composite action, the current result of the composite action.
-		"actor":             run.TriggerUser.Name,                     // string, The username of the user that triggered the initial workflow run. If the workflow run is a re-run, this value may differ from github.triggering_actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
-		"api_url":           setting.AppURL + "api/v1",                // string, The URL of the GitHub REST API.
-		"base_ref":          baseRef,                                  // string, The base_ref or target branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either pull_request or pull_request_target.
-		"env":               "",                                       // string, Path on the runner to the file that sets environment variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
-		"event":             event,                                    // object, The full event webhook payload. You can access individual properties of the event using this context. This object is identical to the webhook payload of the event that triggered the workflow run, and is different for each event. The webhooks for each GitHub Actions event is linked in "Events that trigger workflows." For example, for a workflow run triggered by the push event, this object contains the contents of the push webhook payload.
-		"event_name":        run.TriggerEvent,                         // string, The name of the event that triggered the workflow run.
-		"event_path":        "",                                       // string, The path to the file on the runner that contains the full event webhook payload.
-		"graphql_url":       "",                                       // string, The URL of the GitHub GraphQL API.
-		"head_ref":          headRef,                                  // string, The head_ref or source branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either pull_request or pull_request_target.
-		"job":               "",                                       // string, The job_id of the current job.
-		"ref":               ref,                                      // string, The fully-formed ref of the branch or tag that triggered the workflow run. For workflows triggered by push, this is the branch or tag ref that was pushed. For workflows triggered by pull_request, this is the pull request merge branch. For workflows triggered by release, this is the release tag created. For other triggers, this is the branch or tag ref that triggered the workflow run. This is only set if a branch or tag is available for the event type. The ref given is fully-formed, meaning that for branches the format is refs/heads/<branch_name>, for pull requests it is refs/pull/<pr_number>/merge, and for tags it is refs/tags/<tag_name>. For example, refs/heads/feature-branch-1.
-		"ref_name":          refName.ShortName(),                      // string, The short ref name of the branch or tag that triggered the workflow run. This value matches the branch or tag name shown on GitHub. For example, feature-branch-1.
-		"ref_protected":     false,                                    // boolean, true if branch protections are configured for the ref that triggered the workflow run.
-		"ref_type":          refName.RefType(),                        // string, The type of ref that triggered the workflow run. Valid values are branch or tag.
-		"path":              "",                                       // string, Path on the runner to the file that sets system PATH variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
-		"repository":        run.Repo.OwnerName + "/" + run.Repo.Name, // string, The owner and repository name. For example, Codertocat/Hello-World.
-		"repository_owner":  run.Repo.OwnerName,                       // string, The repository owner's name. For example, Codertocat.
-		"repositoryUrl":     run.Repo.HTMLURL(),                       // string, The Git URL to the repository. For example, git://github.com/codertocat/hello-world.git.
-		"retention_days":    "",                                       // string, The number of days that workflow run logs and artifacts are kept.
-		"run_id":            "",                                       // string, A unique number for each workflow run within a repository. This number does not change if you re-run the workflow run.
-		"run_number":        fmt.Sprint(run.Index),                    // string, A unique number for each run of a particular workflow in a repository. This number begins at 1 for the workflow's first run, and increments with each new run. This number does not change if you re-run the workflow run.
-		"run_attempt":       "",                                       // string, A unique number for each attempt of a particular workflow run in a repository. This number begins at 1 for the workflow run's first attempt, and increments with each re-run.
-		"secret_source":     "Actions",                                // string, The source of a secret used in a workflow. Possible values are None, Actions, Dependabot, or Codespaces.
-		"server_url":        setting.AppURL,                           // string, The URL of the GitHub server. For example: https://github.com.
-		"sha":               sha,                                      // string, The commit SHA that triggered the workflow. The value of this commit SHA depends on the event that triggered the workflow. For more information, see "Events that trigger workflows." For example, ffac537e6cbbf934b08745a378932722df287a53.
-		"triggering_actor":  "",                                       // string, The username of the user that initiated the workflow run. If the workflow run is a re-run, this value may differ from github.actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
-		"workflow":          run.WorkflowID,                           // string, The name of the workflow. If the workflow file doesn't specify a name, the value of this property is the full path of the workflow file in the repository.
-		"workspace":         "",                                       // string, The default working directory on the runner for steps, and the default location of your repository when using the checkout action.
-
-		// additional contexts
-		"gitea_default_actions_url": setting.Actions.DefaultActionsURL.URL(),
+		APIURL:           setting.AppURL + "api/v1",                // string, The URL of the GitHub REST API.
+		Action:           "",                                       // string, The name of the action currently running, or the id of a step. GitHub removes special characters, and uses the name __run when the current step runs a script without an id. If you use the same action more than once in the same job, the name will include a suffix with the sequence number with underscore before it. For example, the first script you run will have the name __run, and the second script will be named __run_2. Similarly, the second invocation of actions/checkout will be actionscheckout2.
+		ActionPath:       "",                                       // string, The path where an action is located. This property is only supported in composite actions. You can use this path to access files located in the same repository as the action.
+		ActionRef:        "",                                       // string, For a step executing an action, this is the ref of the action being executed. For example, v2.
+		ActionRepository: "",                                       // string, For a step executing an action, this is the owner and repository name of the action. For example, actions/checkout.
+		BaseRef:          baseRef,                                  // string, The base_ref or target branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either pull_request or pull_request_target.
+		Event:            event,                                    // object, The full event webhook payload. You can access individual properties of the event using this context. This object is identical to the webhook payload of the event that triggered the workflow run, and is different for each event. The webhooks for each GitHub Actions event is linked in "Events that trigger workflows." For example, for a workflow run triggered by the push event, this object contains the contents of the push webhook payload.
+		EventName:        run.TriggerEvent,                         // string, The name of the event that triggered the workflow run.
+		EventPath:        "",                                       // string, The path to the file on the runner that contains the full event webhook payload.
+		GraphQLURL:       "",                                       // string, The URL of the GitHub GraphQL API.
+		HeadRef:          headRef,                                  // string, The head_ref or source branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either pull_request or pull_request_target.
+		Job:              "",                                       // string, The job_id of the current job.
+		Ref:              ref,                                      // string, The fully-formed ref of the branch or tag that triggered the workflow run. For workflows triggered by push, this is the branch or tag ref that was pushed. For workflows triggered by pull_request, this is the pull request merge branch. For workflows triggered by release, this is the release tag created. For other triggers, this is the branch or tag ref that triggered the workflow run. This is only set if a branch or tag is available for the event type. The ref given is fully-formed, meaning that for branches the format is refs/heads/<branch_name>, for pull requests it is refs/pull/<pr_number>/merge, and for tags it is refs/tags/<tag_name>. For example, refs/heads/feature-branch-1.
+		RefName:          refName.ShortName(),                      // string, The short ref name of the branch or tag that triggered the workflow run. This value matches the branch or tag name shown on GitHub. For example, feature-branch-1.
+		RefType:          refName.RefType(),                        // string, The type of ref that triggered the workflow run. Valid values are branch or tag.
+		Repository:       run.Repo.OwnerName + "/" + run.Repo.Name, // string, The owner and repository name. For example, Codertocat/Hello-World.
+		RepositoryOwner:  run.Repo.OwnerName,                       // string, The repository owner's name. For example, Codertocat.
+		RetentionDays:    "",                                       // string, The number of days that workflow run logs and artifacts are kept.
+		RunID:            "",                                       // string, A unique number for each workflow run within a repository. This number does not change if you re-run the workflow run.
+		RunNumber:        fmt.Sprint(run.Index),                    // string, A unique number for each run of a particular workflow in a repository. This number begins at 1 for the workflow's first run, and increments with each new run. This number does not change if you re-run the workflow run.
+		RunAttempt:       "",                                       // string, A unique number for each attempt of a particular workflow run in a repository. This number begins at 1 for the workflow run's first attempt, and increments with each re-run.
+		ServerURL:        setting.AppURL,                           // string, The URL of the GitHub server. For example: https://github.com.
+		Sha:              sha,                                      // string, The commit SHA that triggered the workflow. The value of this commit SHA depends on the event that triggered the workflow. For more information, see "Events that trigger workflows." For example, ffac537e6cbbf934b08745a378932722df287a53.
+		Workflow:         run.WorkflowID,                           // string, The name of the workflow. If the workflow file doesn't specify a name, the value of this property is the full path of the workflow file in the repository.
+		Workspace:        "",                                       // string, The default working directory on the runner for steps, and the default location of your repository when using the checkout action.
 	}
+	if run.TriggerUser != nil {
+		gitContextObj.Actor = run.TriggerUser.Name // string, The username of the user that triggered the initial workflow run. If the workflow run is a re-run, this value may differ from github.triggering_actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
+	}
+
+	return gitContextObj
+}
+
+// GenerateGiteaContext generate the gitea context without token and gitea_runtime_token
+// job can be nil when generating a context for parsing workflow-level expressions
+func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.ActionRunJob) map[string]any {
+	gitContextObj := generateGiteaContextForRun(run)
+
+	gitContext, _ := githubContextToMap(gitContextObj)
+
+	// standard contexts, see https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
+	gitContext["action_status"] = ""                                    // string, For a composite action, the current result of the composite action.
+	gitContext["actor"] = run.TriggerUser.Name                          // string, The username of the user that triggered the initial workflow run. If the workflow run is a re-run, this value may differ from github.triggering_actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
+	gitContext["env"] = ""                                              // string, Path on the runner to the file that sets environment variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
+	gitContext["path"] = ""                                             // string, Path on the runner to the file that sets system PATH variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
+	gitContext["ref_protected"] = false                                 // boolean, true if branch protections are configured for the ref that triggered the workflow run.
+	gitContext["repository_owner"] = run.Repo.OwnerName                 // string, The repository owner's name. For example, Codertocat.
+	gitContext["repository"] = run.Repo.OwnerName + "/" + run.Repo.Name // string, The owner and repository name. For example, Codertocat/Hello-World.
+	gitContext["repositoryUrl"] = run.Repo.HTMLURL()                    // string, The Git URL to the repository. For example, git://github.com/codertocat/hello-world.git.
+	gitContext["secret_source"] = "Actions"                             // string, The source of a secret used in a workflow. Possible values are None, Actions, Dependabot, or Codespaces.
+	gitContext["server_url"] = setting.AppURL                           // string, The URL of the GitHub server. For example: https://github.com.
+	gitContext["triggering_actor"] = ""                                 // string, The username of the user that initiated the workflow run. If the workflow run is a re-run, this value may differ from github.actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
+	gitContext["workflow"] = run.WorkflowID                             // string, The name of the workflow. If the workflow file doesn't specify a name, the value of this property is the full path of the workflow file in the repository.
+
+	// additional contexts
+	gitContext["gitea_default_actions_url"] = setting.Actions.DefaultActionsURL.URL()
 
 	if job != nil {
 		gitContext["job"] = job.JobID
@@ -90,6 +109,21 @@ func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.Actio
 	return gitContext
 }
 
+func githubContextToMap(gitContext *model.GithubContext) (map[string]any, error) {
+	jsonBytes, err := json.Marshal(gitContext)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal struct: %w", err)
+	}
+
+	var result map[string]any
+	err = json.Unmarshal(jsonBytes, &result)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal to map: %w", err)
+	}
+
+	return result, nil
+}
+
 type TaskNeed struct {
 	Result  actions_model.Status
 	Outputs map[string]string
diff --git a/services/actions/context_test.go b/services/actions/context_test.go
index c96094ade8..99a13f909f 100644
--- a/services/actions/context_test.go
+++ b/services/actions/context_test.go
@@ -7,7 +7,13 @@ import (
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
+	"forgejo.org/models/user"
+	actions_module "forgejo.org/modules/actions"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/setting"
+	webhook_module "forgejo.org/modules/webhook"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -27,3 +33,321 @@ func TestFindTaskNeeds(t *testing.T) {
 	assert.Equal(t, "abc", ret["job1"].Outputs["output_a"])
 	assert.Equal(t, "bbb", ret["job1"].Outputs["output_b"])
 }
+
+func TestGenerateGiteaContext(t *testing.T) {
+	testUser := &user.User{
+		ID:   1,
+		Name: "testuser",
+	}
+
+	testRepo := &repo.Repository{
+		ID:        1,
+		OwnerName: "testowner",
+		Name:      "testrepo",
+	}
+
+	emptyField := func(t *testing.T, context map[string]any, field string) {
+		v, ok := context[field]
+		assert.True(t, ok, "expected field %q to be present", field)
+		assert.Empty(t, v)
+	}
+
+	t.Run("Basic workflow run without job", func(t *testing.T) {
+		run := &actions_model.ActionRun{
+			ID:           1,
+			Index:        42,
+			TriggerUser:  testUser,
+			Repo:         testRepo,
+			TriggerEvent: "push",
+			Ref:          "refs/heads/main",
+			CommitSHA:    "abc123def456",
+			WorkflowID:   "test-workflow",
+			EventPayload: `{"repository": {"name": "testrepo"}}`,
+		}
+
+		context := GenerateGiteaContext(run, nil)
+
+		assert.Equal(t, "testuser", context["actor"])
+		assert.Equal(t, setting.AppURL+"api/v1", context["api_url"])
+		assert.Equal(t, "push", context["event_name"])
+		assert.Equal(t, "refs/heads/main", context["ref"])
+		assert.Equal(t, "main", context["ref_name"])
+		assert.Equal(t, "branch", context["ref_type"])
+		assert.Equal(t, "testowner/testrepo", context["repository"])
+		assert.Equal(t, "testowner", context["repository_owner"])
+		assert.Equal(t, "abc123def456", context["sha"])
+		assert.Equal(t, "42", context["run_number"])
+		assert.Equal(t, "test-workflow", context["workflow"])
+		assert.Equal(t, false, context["ref_protected"])
+		assert.Equal(t, "Actions", context["secret_source"])
+		assert.Equal(t, setting.AppURL, context["server_url"])
+
+		event, ok := context["event"].(map[string]any)
+		require.True(t, ok)
+		assert.Equal(t, "testrepo", event["repository"].(map[string]any)["name"])
+
+		emptyField(t, context, "action_path")
+		emptyField(t, context, "action_ref")
+		emptyField(t, context, "action_repository")
+		emptyField(t, context, "action_status")
+		emptyField(t, context, "action")
+		emptyField(t, context, "base_ref")
+		emptyField(t, context, "env")
+		emptyField(t, context, "event_path")
+		emptyField(t, context, "graphql_url")
+		emptyField(t, context, "head_ref")
+		emptyField(t, context, "job")
+		emptyField(t, context, "path")
+		emptyField(t, context, "retention_days")
+		emptyField(t, context, "run_attempt")
+		emptyField(t, context, "run_id")
+		emptyField(t, context, "triggering_actor")
+		emptyField(t, context, "workspace")
+	})
+
+	t.Run("Workflow run with job", func(t *testing.T) {
+		run := &actions_model.ActionRun{
+			ID:           1,
+			Index:        42,
+			TriggerUser:  testUser,
+			Repo:         testRepo,
+			TriggerEvent: "push",
+			Ref:          "refs/heads/main",
+			CommitSHA:    "abc123def456",
+			WorkflowID:   "test-workflow",
+			EventPayload: `{}`,
+		}
+
+		job := &actions_model.ActionRunJob{
+			ID:      100,
+			RunID:   1,
+			JobID:   "test-job",
+			Attempt: 1,
+		}
+
+		context := GenerateGiteaContext(run, job)
+
+		assert.Equal(t, "test-job", context["job"])
+		assert.Equal(t, "1", context["run_id"])
+		assert.Equal(t, "1", context["run_attempt"])
+	})
+
+	t.Run("Pull request event", func(t *testing.T) {
+		pullRequestPayload := map[string]any{
+			"pull_request": map[string]any{
+				"base": map[string]any{
+					"ref":   "main",
+					"label": "main",
+					"sha":   "base123sha",
+				},
+				"head": map[string]any{
+					"ref":   "feature-branch",
+					"label": "feature-branch",
+					"sha":   "head456sha",
+				},
+			},
+		}
+
+		payloadBytes, _ := json.Marshal(pullRequestPayload)
+
+		run := &actions_model.ActionRun{
+			ID:           1,
+			Index:        42,
+			TriggerUser:  testUser,
+			Repo:         testRepo,
+			TriggerEvent: "pull_request",
+			Ref:          "refs/pull/1/merge",
+			CommitSHA:    "merge789sha",
+			WorkflowID:   "test-workflow",
+			Event:        webhook_module.HookEventPullRequest,
+			EventPayload: string(payloadBytes),
+		}
+
+		context := GenerateGiteaContext(run, nil)
+
+		assert.Equal(t, "main", context["base_ref"])
+		assert.Equal(t, "feature-branch", context["head_ref"])
+		assert.Equal(t, "refs/pull/1/merge", context["ref"])
+		assert.Equal(t, "merge789sha", context["sha"])
+	})
+
+	t.Run("Pull request target event", func(t *testing.T) {
+		pullRequestPayload := map[string]any{
+			"pull_request": map[string]any{
+				"base": map[string]any{
+					"ref":   "main",
+					"label": "main",
+					"sha":   "base123sha",
+				},
+				"head": map[string]any{
+					"ref":   "feature-branch",
+					"label": "feature-branch",
+					"sha":   "head456sha",
+				},
+			},
+		}
+
+		payloadBytes, _ := json.Marshal(pullRequestPayload)
+
+		run := &actions_model.ActionRun{
+			ID:           1,
+			Index:        42,
+			TriggerUser:  testUser,
+			Repo:         testRepo,
+			TriggerEvent: actions_module.GithubEventPullRequestTarget,
+			Ref:          "refs/pull/1/merge",
+			CommitSHA:    "merge789sha",
+			WorkflowID:   "test-workflow",
+			Event:        webhook_module.HookEventPullRequest,
+			EventPayload: string(payloadBytes),
+		}
+
+		context := GenerateGiteaContext(run, nil)
+
+		assert.Equal(t, "main", context["base_ref"])
+		assert.Equal(t, "feature-branch", context["head_ref"])
+		// For pull_request_target, ref and sha should be from base
+		assert.Equal(t, "refs/heads/main", context["ref"])
+		assert.Equal(t, "base123sha", context["sha"])
+		assert.Equal(t, "main", context["ref_name"])
+		assert.Equal(t, "branch", context["ref_type"])
+	})
+}
+
+func TestGenerateGiteaContextForRun(t *testing.T) {
+	testUser := &user.User{
+		ID:   1,
+		Name: "testuser",
+	}
+
+	testRepo := &repo.Repository{
+		ID:        1,
+		OwnerName: "testowner",
+		Name:      "testrepo",
+	}
+
+	t.Run("Basic workflow run", func(t *testing.T) {
+		run := &actions_model.ActionRun{
+			ID:           1,
+			Index:        42,
+			TriggerUser:  testUser,
+			Repo:         testRepo,
+			TriggerEvent: "push",
+			Ref:          "refs/heads/main",
+			CommitSHA:    "abc123def456",
+			WorkflowID:   "test-workflow",
+			EventPayload: `{"repository": {"name": "testrepo"}}`,
+		}
+
+		gitContextObj := generateGiteaContextForRun(run)
+
+		assert.Equal(t, "testuser", gitContextObj.Actor)
+		assert.Equal(t, setting.AppURL+"api/v1", gitContextObj.APIURL)
+		assert.Equal(t, "push", gitContextObj.EventName)
+		assert.Equal(t, "refs/heads/main", gitContextObj.Ref)
+		assert.Equal(t, "main", gitContextObj.RefName)
+		assert.Equal(t, "branch", gitContextObj.RefType)
+		assert.Equal(t, "testowner/testrepo", gitContextObj.Repository)
+		assert.Equal(t, "testowner", gitContextObj.RepositoryOwner)
+		assert.Equal(t, "abc123def456", gitContextObj.Sha)
+		assert.Equal(t, "42", gitContextObj.RunNumber)
+		assert.Equal(t, "test-workflow", gitContextObj.Workflow)
+
+		assert.Equal(t, "testrepo", gitContextObj.Event["repository"].(map[string]any)["name"])
+
+		assert.Empty(t, gitContextObj.ActionPath)
+		assert.Empty(t, gitContextObj.ActionRef)
+		assert.Empty(t, gitContextObj.ActionRepository)
+		assert.Empty(t, gitContextObj.Action)
+		assert.Empty(t, gitContextObj.BaseRef)
+		assert.Empty(t, gitContextObj.EventPath)
+		assert.Empty(t, gitContextObj.GraphQLURL)
+		assert.Empty(t, gitContextObj.HeadRef)
+		assert.Empty(t, gitContextObj.Job)
+		assert.Empty(t, gitContextObj.RetentionDays)
+		assert.Empty(t, gitContextObj.RunAttempt)
+		assert.Empty(t, gitContextObj.RunID)
+		assert.Empty(t, gitContextObj.Workspace)
+	})
+
+	t.Run("Pull request event", func(t *testing.T) {
+		pullRequestPayload := map[string]any{
+			"pull_request": map[string]any{
+				"base": map[string]any{
+					"ref":   "main",
+					"label": "main",
+					"sha":   "base123sha",
+				},
+				"head": map[string]any{
+					"ref":   "feature-branch",
+					"label": "feature-branch",
+					"sha":   "head456sha",
+				},
+			},
+		}
+
+		payloadBytes, _ := json.Marshal(pullRequestPayload)
+
+		run := &actions_model.ActionRun{
+			ID:           1,
+			Index:        42,
+			TriggerUser:  testUser,
+			Repo:         testRepo,
+			TriggerEvent: "pull_request",
+			Ref:          "refs/pull/1/merge",
+			CommitSHA:    "merge789sha",
+			WorkflowID:   "test-workflow",
+			Event:        webhook_module.HookEventPullRequest,
+			EventPayload: string(payloadBytes),
+		}
+
+		gitContextObj := generateGiteaContextForRun(run)
+
+		assert.Equal(t, "main", gitContextObj.BaseRef)
+		assert.Equal(t, "feature-branch", gitContextObj.HeadRef)
+		assert.Equal(t, "refs/pull/1/merge", gitContextObj.Ref)
+		assert.Equal(t, "merge789sha", gitContextObj.Sha)
+	})
+
+	t.Run("Pull request target event", func(t *testing.T) {
+		pullRequestPayload := map[string]any{
+			"pull_request": map[string]any{
+				"base": map[string]any{
+					"ref":   "main",
+					"label": "main",
+					"sha":   "base123sha",
+				},
+				"head": map[string]any{
+					"ref":   "feature-branch",
+					"label": "feature-branch",
+					"sha":   "head456sha",
+				},
+			},
+		}
+
+		payloadBytes, _ := json.Marshal(pullRequestPayload)
+
+		run := &actions_model.ActionRun{
+			ID:           1,
+			Index:        42,
+			TriggerUser:  testUser,
+			Repo:         testRepo,
+			TriggerEvent: actions_module.GithubEventPullRequestTarget,
+			Ref:          "refs/pull/1/merge",
+			CommitSHA:    "merge789sha",
+			WorkflowID:   "test-workflow",
+			Event:        webhook_module.HookEventPullRequest,
+			EventPayload: string(payloadBytes),
+		}
+
+		gitContextObj := generateGiteaContextForRun(run)
+
+		assert.Equal(t, "main", gitContextObj.BaseRef)
+		assert.Equal(t, "feature-branch", gitContextObj.HeadRef)
+		// For pull_request_target, ref and sha should be from base
+		assert.Equal(t, "refs/heads/main", gitContextObj.Ref)
+		assert.Equal(t, "base123sha", gitContextObj.Sha)
+		assert.Equal(t, "main", gitContextObj.RefName)
+		assert.Equal(t, "branch", gitContextObj.RefType)
+	})
+}
diff --git a/services/actions/interface.go b/services/actions/interface.go
index 54a30061bc..a5e0543594 100644
--- a/services/actions/interface.go
+++ b/services/actions/interface.go
@@ -27,4 +27,12 @@ type API interface {
 	GetRegistrationToken(*context.APIContext)
 	// SearchActionRunJobs get pending Action run jobs
 	SearchActionRunJobs(*context.APIContext)
+	// CreateRegistrationToken get registration token
+	CreateRegistrationToken(*context.APIContext)
+	// ListRunners list runners
+	ListRunners(*context.APIContext)
+	// GetRunner get a runner
+	GetRunner(*context.APIContext)
+	// DeleteRunner delete runner
+	DeleteRunner(*context.APIContext)
 }
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index b24090cab4..2fc89e221d 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -26,6 +26,7 @@ import (
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/modules/translation"
 	"forgejo.org/modules/util"
 	webhook_module "forgejo.org/modules/webhook"
 	"forgejo.org/services/convert"
@@ -351,14 +352,17 @@ func handleWorkflows(
 			Status:            actions_model.StatusWaiting,
 		}
 
-		if workflow, err := model.ReadWorkflow(bytes.NewReader(dwf.Content), false); err == nil {
-			notifications, err := workflow.Notifications()
-			if err != nil {
-				log.Error("Notifications: %w", err)
-			}
-			run.NotifyEmail = notifications
+		workflow, err := model.ReadWorkflow(bytes.NewReader(dwf.Content), false)
+		if err != nil {
+			log.Error("unable to read workflow: %v", err)
 		}
 
+		notifications, err := workflow.Notifications()
+		if err != nil {
+			log.Error("Notifications: %w", err)
+		}
+		run.NotifyEmail = notifications
+
 		need, err := ifNeedApproval(ctx, run, input.Repo, input.Doer)
 		if err != nil {
 			log.Error("check if need approval for repo %d with user %d: %v", input.Repo.ID, input.Doer.ID, err)
@@ -378,26 +382,39 @@ func handleWorkflows(
 			continue
 		}
 
-		jobs, err := jobParser(dwf.Content, jobparser.WithVars(vars))
+		err = ConfigureActionRunConcurrency(workflow, run, vars, map[string]any{})
 		if err != nil {
+			log.Error("ConfigureActionRunConcurrency: %v", err)
+		}
+
+		var jobs []*jobparser.SingleWorkflow
+		if dwf.EventDetectionError != nil { // don't even bother trying to parse jobs due to event detection error
+			tr := translation.NewLocale(input.Doer.Language)
+			run.PreExecutionError = tr.TrString("actions.workflow.event_detection_error", dwf.EventDetectionError)
 			run.Status = actions_model.StatusFailure
-			log.Info("jobparser.Parse: invalid workflow, setting job status to failed: %v", err)
 			jobs = []*jobparser.SingleWorkflow{{
 				Name: dwf.EntryName,
 			}}
+		} else {
+			jobs, err = jobParser(dwf.Content, jobparser.WithVars(vars))
+			if err != nil {
+				log.Info("jobparser.Parse: invalid workflow, setting job status to failed: %v", err)
+				tr := translation.NewLocale(input.Doer.Language)
+				run.PreExecutionError = tr.TrString("actions.workflow.job_parsing_error", err)
+				run.Status = actions_model.StatusFailure
+				jobs = []*jobparser.SingleWorkflow{{
+					Name: dwf.EntryName,
+				}}
+			}
 		}
 
-		// cancel running jobs if the event is push or pull_request_sync
-		if run.Event == webhook_module.HookEventPush ||
-			run.Event == webhook_module.HookEventPullRequestSync {
-			if err := CancelPreviousJobs(
+		if run.ConcurrencyType == actions_model.CancelInProgress {
+			if err := CancelPreviousWithConcurrencyGroup(
 				ctx,
 				run.RepoID,
-				run.Ref,
-				run.WorkflowID,
-				run.Event,
+				run.ConcurrencyGroup,
 			); err != nil {
-				log.Error("CancelPreviousJobs: %v", err)
+				log.Error("CancelPreviousWithConcurrencyGroup: %v", err)
 			}
 		}
 
diff --git a/services/actions/notifier_helper_test.go b/services/actions/notifier_helper_test.go
index 525103927b..4a99340445 100644
--- a/services/actions/notifier_helper_test.go
+++ b/services/actions/notifier_helper_test.go
@@ -4,6 +4,8 @@
 package actions
 
 import (
+	"errors"
+	"slices"
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
@@ -144,3 +146,151 @@ func Test_OpenForkPullRequestEvent(t *testing.T) {
 	assert.Equal(t, webhook_module.HookEventPullRequest, runs[0].Event)
 	assert.True(t, runs[0].IsForkPullRequest)
 }
+
+func TestActionsNotifierConcurrencyGroup(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 10})
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 3})
+
+	commit := &git.Commit{
+		ID:            git.MustIDFromString("0000000000000000000000000000000000000000"),
+		CommitMessage: "test",
+	}
+	detectedWorkflows := []*actions_module.DetectedWorkflow{
+		{
+			EntryName: "test.yml",
+			TriggerEvent: &jobparser.Event{
+				Name: "pull_request",
+			},
+			Content: []byte("{ on: pull_request, jobs: { j1: {} }}"),
+		},
+	}
+	input := &notifyInput{
+		Repo:        repo,
+		Doer:        doer,
+		Event:       webhook_module.HookEventPullRequestSync,
+		PullRequest: pr,
+		Payload:     &api.PullRequestPayload{},
+	}
+
+	err := handleWorkflows(db.DefaultContext, detectedWorkflows, commit, input, "refs/head/main")
+	require.NoError(t, err)
+
+	runs, err := db.Find[actions_model.ActionRun](db.DefaultContext, actions_model.FindRunOptions{
+		RepoID: repo.ID,
+	})
+	require.NoError(t, err)
+	require.Len(t, runs, 1)
+	firstRun := runs[0]
+
+	assert.Equal(t, "refs/head/main_test.yml_pull_request__auto", firstRun.ConcurrencyGroup)
+	assert.Equal(t, actions_model.CancelInProgress, firstRun.ConcurrencyType)
+	assert.Equal(t, actions_model.StatusWaiting, firstRun.Status)
+
+	// Also... check if CancelPreviousWithConcurrencyGroup is invoked from handleWorkflows by firing off a second
+	// workflow and checking that the first one gets cancelled:
+
+	err = handleWorkflows(db.DefaultContext, detectedWorkflows, commit, input, "refs/head/main")
+	require.NoError(t, err)
+
+	runs, err = db.Find[actions_model.ActionRun](db.DefaultContext, actions_model.FindRunOptions{
+		RepoID: repo.ID,
+	})
+	require.NoError(t, err)
+	require.Len(t, runs, 2)
+
+	firstRunIndex := slices.IndexFunc(runs, func(run *actions_model.ActionRun) bool { return run.ID == firstRun.ID })
+	require.NotEqual(t, -1, firstRunIndex)
+	firstRun = runs[firstRunIndex]
+
+	assert.Equal(t, "refs/head/main_test.yml_pull_request__auto", firstRun.ConcurrencyGroup)
+	assert.Equal(t, actions_model.CancelInProgress, firstRun.ConcurrencyType)
+	assert.Equal(t, actions_model.StatusCancelled, firstRun.Status)
+}
+
+func TestActionsPreExecutionErrorInvalidJobs(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 10})
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 3})
+
+	commit := &git.Commit{
+		ID:            git.MustIDFromString("0000000000000000000000000000000000000000"),
+		CommitMessage: "test",
+	}
+	detectedWorkflows := []*actions_module.DetectedWorkflow{
+		{
+			EntryName: "test.yml",
+			TriggerEvent: &jobparser.Event{
+				Name: "pull_request",
+			},
+			Content: []byte("{ on: pull_request, jobs: 'hello, I am the jobs!' }"),
+		},
+	}
+	input := &notifyInput{
+		Repo:        repo,
+		Doer:        doer,
+		Event:       webhook_module.HookEventPullRequestSync,
+		PullRequest: pr,
+		Payload:     &api.PullRequestPayload{},
+	}
+
+	err := handleWorkflows(db.DefaultContext, detectedWorkflows, commit, input, "refs/head/main")
+	require.NoError(t, err)
+
+	runs, err := db.Find[actions_model.ActionRun](db.DefaultContext, actions_model.FindRunOptions{
+		RepoID: repo.ID,
+	})
+	require.NoError(t, err)
+	require.Len(t, runs, 1)
+	createdRun := runs[0]
+
+	assert.Equal(t, actions_model.StatusFailure, createdRun.Status)
+	assert.Contains(t, createdRun.PreExecutionError, "actions.workflow.job_parsing_error%!(EXTRA *fmt.wrapError=")
+}
+
+func TestActionsPreExecutionEventDetectionError(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 10})
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 3})
+
+	commit := &git.Commit{
+		ID:            git.MustIDFromString("0000000000000000000000000000000000000000"),
+		CommitMessage: "test",
+	}
+	detectedWorkflows := []*actions_module.DetectedWorkflow{
+		{
+			EntryName: "test.yml",
+			TriggerEvent: &jobparser.Event{
+				Name: "pull_request",
+			},
+			Content:             []byte("{ on: nothing, jobs: { j1: {} }}"),
+			EventDetectionError: errors.New("nothing is not a valid event"),
+		},
+	}
+	input := &notifyInput{
+		Repo:        repo,
+		Doer:        doer,
+		Event:       webhook_module.HookEventPullRequestSync,
+		PullRequest: pr,
+		Payload:     &api.PullRequestPayload{},
+	}
+
+	err := handleWorkflows(db.DefaultContext, detectedWorkflows, commit, input, "refs/head/main")
+	require.NoError(t, err)
+
+	runs, err := db.Find[actions_model.ActionRun](db.DefaultContext, actions_model.FindRunOptions{
+		RepoID: repo.ID,
+	})
+	require.NoError(t, err)
+	require.Len(t, runs, 1)
+	createdRun := runs[0]
+
+	assert.Equal(t, actions_model.StatusFailure, createdRun.Status)
+	assert.Equal(t, "actions.workflow.event_detection_error%!(EXTRA *errors.errorString=nothing is not a valid event)", createdRun.PreExecutionError)
+}
diff --git a/services/actions/schedule_tasks.go b/services/actions/schedule_tasks.go
index 07ff7b3187..e7dad2d948 100644
--- a/services/actions/schedule_tasks.go
+++ b/services/actions/schedule_tasks.go
@@ -57,20 +57,6 @@ func startTasks(ctx context.Context) error {
 
 		// Loop through each spec and create a schedule task for it
 		for _, row := range specs {
-			// cancel running jobs if the event is push
-			if row.Schedule.Event == webhook_module.HookEventPush {
-				// cancel running jobs of the same workflow
-				if err := CancelPreviousJobs(
-					ctx,
-					row.RepoID,
-					row.Schedule.Ref,
-					row.Schedule.WorkflowID,
-					webhook_module.HookEventSchedule,
-				); err != nil {
-					log.Error("CancelPreviousJobs: %v", err)
-				}
-			}
-
 			if row.Repo.IsArchived {
 				// Skip if the repo is archived
 				continue
@@ -166,6 +152,21 @@ func CreateScheduleTask(ctx context.Context, cron *actions_model.ActionSchedule)
 	}
 	run.NotifyEmail = notifications
 
+	err = ConfigureActionRunConcurrency(workflow, run, vars, map[string]any{})
+	if err != nil {
+		return err
+	}
+
+	if run.ConcurrencyType == actions_model.CancelInProgress {
+		if err := CancelPreviousWithConcurrencyGroup(
+			ctx,
+			run.RepoID,
+			run.ConcurrencyGroup,
+		); err != nil {
+			return err
+		}
+	}
+
 	// Parse the workflow specification from the cron schedule
 	workflows, err := jobParser(cron.Content, jobparser.WithVars(vars))
 	if err != nil {
@@ -185,7 +186,7 @@ func CreateScheduleTask(ctx context.Context, cron *actions_model.ActionSchedule)
 // It's useful when a new run is triggered, and all previous runs needn't be continued anymore.
 func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID string, event webhook_module.HookEventType) error {
 	// Find all runs in the specified repository, reference, and workflow with non-final status
-	runs, total, err := db.FindAndCount[actions_model.ActionRun](ctx, actions_model.FindRunOptions{
+	runs, _, err := db.FindAndCount[actions_model.ActionRun](ctx, actions_model.FindRunOptions{
 		RepoID:       repoID,
 		Ref:          ref,
 		WorkflowID:   workflowID,
@@ -196,58 +197,93 @@ func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID strin
 		return err
 	}
 
-	// If there are no runs found, there's no need to proceed with cancellation, so return nil.
-	if total == 0 {
-		return nil
+	// Iterate over each found run and cancel its associated jobs.
+	errorSlice := []error{}
+	for _, run := range runs {
+		err := cancelJobsForRun(ctx, run)
+		errorSlice = append(errorSlice, err)
+	}
+	err = errors.Join(errorSlice...)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Cancels all pending jobs in the same repository with the same concurrency group.
+func CancelPreviousWithConcurrencyGroup(ctx context.Context, repoID int64, concurrencyGroup string) error {
+	runs, _, err := db.FindAndCount[actions_model.ActionRun](ctx, actions_model.FindRunOptions{
+		RepoID:           repoID,
+		ConcurrencyGroup: concurrencyGroup,
+		Status:           []actions_model.Status{actions_model.StatusRunning, actions_model.StatusWaiting, actions_model.StatusBlocked},
+	})
+	if err != nil {
+		return err
 	}
 
 	// Iterate over each found run and cancel its associated jobs.
+	errorSlice := []error{}
 	for _, run := range runs {
-		// Find all jobs associated with the current run.
-		jobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{
-			RunID: run.ID,
-		})
-		if err != nil {
-			return err
+		err := cancelJobsForRun(ctx, run)
+		errorSlice = append(errorSlice, err)
+	}
+	err = errors.Join(errorSlice...)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func cancelJobsForRun(ctx context.Context, run *actions_model.ActionRun) error {
+	// Find all jobs associated with the current run.
+	jobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{
+		RunID: run.ID,
+	})
+	if err != nil {
+		return err
+	}
+
+	// Iterate over each job and attempt to cancel it.
+	errorSlice := []error{}
+	for _, job := range jobs {
+		// Skip jobs that are already in a terminal state (completed, cancelled, etc.).
+		status := job.Status
+		if status.IsDone() {
+			continue
 		}
 
-		// Iterate over each job and attempt to cancel it.
-		for _, job := range jobs {
-			// Skip jobs that are already in a terminal state (completed, cancelled, etc.).
-			status := job.Status
-			if status.IsDone() {
+		// If the job has no associated task (probably an error), set its status to 'Cancelled' and stop it.
+		if job.TaskID == 0 {
+			job.Status = actions_model.StatusCancelled
+			job.Stopped = timeutil.TimeStampNow()
+
+			// Update the job's status and stopped time in the database.
+			n, err := UpdateRunJob(ctx, job, builder.Eq{"task_id": 0}, "status", "stopped")
+			if err != nil {
+				errorSlice = append(errorSlice, err)
 				continue
 			}
 
-			// If the job has no associated task (probably an error), set its status to 'Cancelled' and stop it.
-			if job.TaskID == 0 {
-				job.Status = actions_model.StatusCancelled
-				job.Stopped = timeutil.TimeStampNow()
-
-				// Update the job's status and stopped time in the database.
-				n, err := UpdateRunJob(ctx, job, builder.Eq{"task_id": 0}, "status", "stopped")
-				if err != nil {
-					return err
-				}
-
-				// If the update affected 0 rows, it means the job has changed in the meantime, so we need to try again.
-				if n == 0 {
-					return errors.New("job has changed, try again")
-				}
-
-				// Continue with the next job.
+			// If the update affected 0 rows, it means the job has changed in the meantime, so we need to try again.
+			if n == 0 {
+				errorSlice = append(errorSlice, errors.New("job has changed, try again"))
 				continue
 			}
 
-			// If the job has an associated task, try to stop the task, effectively cancelling the job.
-			if err := StopTask(ctx, job.TaskID, actions_model.StatusCancelled); err != nil {
-				return err
-			}
+			// Continue with the next job.
+			continue
+		}
+
+		// If the job has an associated task, try to stop the task, effectively cancelling the job.
+		if err := StopTask(ctx, job.TaskID, actions_model.StatusCancelled); err != nil {
+			errorSlice = append(errorSlice, errors.New("job has changed, try again"))
+			continue
 		}
 	}
 
-	// Return nil to indicate successful cancellation of all running and waiting jobs.
-	return nil
+	return errors.Join(errorSlice...)
 }
 
 func CleanRepoScheduleTasks(ctx context.Context, repo *repo_model.Repository, cancelPreviousJobs bool) error {
diff --git a/services/actions/schedule_tasks_test.go b/services/actions/schedule_tasks_test.go
index 31ed5ec813..7601b39ebd 100644
--- a/services/actions/schedule_tasks_test.go
+++ b/services/actions/schedule_tasks_test.go
@@ -11,6 +11,7 @@ import (
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/timeutil"
 	webhook_module "forgejo.org/modules/webhook"
 
 	"github.com/stretchr/testify/assert"
@@ -86,6 +87,8 @@ func TestCreateScheduleTask(t *testing.T) {
 		assert.Equal(t, cron.EventPayload, run.EventPayload)
 		assert.Equal(t, cron.ID, run.ScheduleID)
 		assert.Equal(t, actions_model.StatusWaiting, run.Status)
+		assert.Equal(t, "branch_some.yml_schedule__auto", run.ConcurrencyGroup)
+		assert.Equal(t, actions_model.UnlimitedConcurrency, run.ConcurrencyType)
 	}
 
 	assertMutable := func(t *testing.T, expected, run *actions_model.ActionRun) {
@@ -173,3 +176,91 @@ jobs:
 		})
 	}
 }
+
+func TestCancelPreviousJobs(t *testing.T) {
+	defer unittest.OverrideFixtures("services/actions/TestCancelPreviousJobs")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 894})
+	assert.Equal(t, actions_model.StatusRunning, run.Status)
+	assert.EqualValues(t, 1683636626, run.Updated)
+	runJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: 894})
+	assert.Equal(t, actions_model.StatusRunning, runJob.Status)
+	assert.EqualValues(t, 1683636528, runJob.Started)
+
+	err := CancelPreviousJobs(t.Context(), 63, "refs/heads/main", "running.yaml", webhook_module.HookEventWorkflowDispatch)
+	require.NoError(t, err)
+
+	run = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 894})
+	assert.Equal(t, actions_model.StatusCancelled, run.Status)
+	assert.Greater(t, run.Updated, timeutil.TimeStamp(1683636626))
+	runJob = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: 894})
+	assert.Equal(t, actions_model.StatusCancelled, runJob.Status)
+	assert.Greater(t, runJob.Stopped, timeutil.TimeStamp(1683636528))
+}
+
+func TestCancelPreviousWithConcurrencyGroup(t *testing.T) {
+	for _, tc := range []struct {
+		name         string
+		updateRun901 map[string]any
+	}{
+		// run 900 & 901 in the fixture data have almost the same data and so should both be cancelled by
+		// TestCancelPreviousWithConcurrencyGroup -- but each test case will vary something different about 601 to
+		// ensure that only run 600 is targeted by the cancellation
+		{
+			name:         "only cancels target repo",
+			updateRun901: map[string]any{"repo_id": 2},
+		},
+		{
+			name:         "only cancels target concurrency group",
+			updateRun901: map[string]any{"concurrency_group": "321cba"},
+		},
+		{
+			name:         "only cancels running",
+			updateRun901: map[string]any{"status": actions_model.StatusSuccess},
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			defer unittest.OverrideFixtures("services/actions/TestCancelPreviousWithConcurrencyGroup")()
+			require.NoError(t, unittest.PrepareTestDatabase())
+
+			e := db.GetEngine(t.Context())
+
+			expected901Status := actions_model.StatusRunning
+			if tc.updateRun901 != nil {
+				affected, err := e.Table(&actions_model.ActionRun{}).Where("id = ?", 901).Update(tc.updateRun901)
+				require.NoError(t, err)
+				require.EqualValues(t, 1, affected)
+				newStatus, ok := tc.updateRun901["status"]
+				if ok {
+					expected901Status = newStatus.(actions_model.Status)
+				}
+			}
+
+			run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 900})
+			assert.Equal(t, actions_model.StatusRunning, run.Status)
+			assert.EqualValues(t, 1683636626, run.Updated)
+			assert.Equal(t, "abc123", run.ConcurrencyGroup)
+			run = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 901})
+			assert.Equal(t, expected901Status, run.Status)
+			runJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: 900})
+			assert.Equal(t, actions_model.StatusRunning, runJob.Status)
+			assert.EqualValues(t, 1683636528, runJob.Started)
+
+			// Search for concurrency group should be case-insensitive, which we test here by using a different capitalization
+			// than the fixture data
+			err := CancelPreviousWithConcurrencyGroup(t.Context(), 63, "ABC123")
+			require.NoError(t, err)
+
+			run = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 900})
+			assert.Equal(t, actions_model.StatusCancelled, run.Status)
+			assert.Greater(t, run.Updated, timeutil.TimeStamp(1683636626))
+			runJob = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: 900})
+			assert.Equal(t, actions_model.StatusCancelled, runJob.Status)
+			assert.Greater(t, runJob.Stopped, timeutil.TimeStamp(1683636528))
+
+			run = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 901})
+			assert.Equal(t, expected901Status, run.Status)
+		})
+	}
+}
diff --git a/services/actions/workflows.go b/services/actions/workflows.go
index 27d05c9043..bd429e77ab 100644
--- a/services/actions/workflows.go
+++ b/services/actions/workflows.go
@@ -69,6 +69,7 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 	}
 
 	inputs := make(map[string]string)
+	inputsAny := make(map[string]any)
 	if workflowDispatch := wf.WorkflowDispatchConfig(); workflowDispatch != nil {
 		for key, input := range workflowDispatch.Inputs {
 			val := inputGetter(key)
@@ -89,6 +90,7 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 				val = strconv.FormatBool(val == "on")
 			}
 			inputs[key] = val
+			inputsAny[key] = val
 		}
 	}
 
@@ -138,6 +140,21 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 		return nil, nil, err
 	}
 
+	err = ConfigureActionRunConcurrency(wf, run, vars, inputsAny)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if run.ConcurrencyType == actions_model.CancelInProgress {
+		if err := CancelPreviousWithConcurrencyGroup(
+			ctx,
+			run.RepoID,
+			run.ConcurrencyGroup,
+		); err != nil {
+			return nil, nil, err
+		}
+	}
+
 	jobs, err := jobParser(content, jobparser.WithVars(vars))
 	if err != nil {
 		return nil, nil, err
@@ -180,3 +197,38 @@ func GetWorkflowFromCommit(gitRepo *git.Repository, ref, workflowID string) (*Wo
 		GitEntry:   workflowEntry,
 	}, nil
 }
+
+// Sets the ConcurrencyGroup & ConcurrencyType on the provided ActionRun based upon the Workflow's `concurrency` data,
+// or appropriate defaults if not present.
+func ConfigureActionRunConcurrency(workflow *act_model.Workflow, run *actions_model.ActionRun, vars map[string]string, inputs map[string]any) error {
+	concurrencyGroup, cancelInProgress, err := jobparser.EvaluateWorkflowConcurrency(
+		workflow.RawConcurrency, generateGiteaContextForRun(run), vars, inputs)
+	if err != nil {
+		return fmt.Errorf("unable to evaluate workflow `concurrency` block: %w", err)
+	}
+	if concurrencyGroup != "" {
+		run.SetConcurrencyGroup(concurrencyGroup)
+	} else {
+		run.SetDefaultConcurrencyGroup()
+	}
+	if cancelInProgress == nil {
+		// Maintain compatible behavior from before concurrency groups were implemented -- if `cancel-in-progress`
+		// isn't defined in the workflow, cancel on push & PR sync events.
+		if run.Event == webhook.HookEventPush || run.Event == webhook.HookEventPullRequestSync {
+			run.ConcurrencyType = actions_model.CancelInProgress
+		} else {
+			run.ConcurrencyType = actions_model.UnlimitedConcurrency
+		}
+	} else if *cancelInProgress {
+		run.ConcurrencyType = actions_model.CancelInProgress
+	} else if concurrencyGroup == "" {
+		// A workflow has explicitly listed `cancel-in-progress: false`, but has *not* provided a concurrency group.  In
+		// this case we want to trigger a different concurrency behavior -- we won't cancel in-progress builds (we were
+		// asked not to), we won't queue behind other builds (we weren't given a concurrency group so it's reasonable to
+		// assume the user doesn't want a concurrency limit).
+		run.ConcurrencyType = actions_model.UnlimitedConcurrency
+	} else {
+		run.ConcurrencyType = actions_model.QueueBehind
+	}
+	return nil
+}
diff --git a/services/actions/workflows_test.go b/services/actions/workflows_test.go
new file mode 100644
index 0000000000..7f50d7f982
--- /dev/null
+++ b/services/actions/workflows_test.go
@@ -0,0 +1,123 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/repo"
+	"forgejo.org/modules/webhook"
+
+	act_model "code.forgejo.org/forgejo/runner/v11/act/model"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConfigureActionRunConcurrency(t *testing.T) {
+	for _, tc := range []struct {
+		name                     string
+		concurrency              *act_model.RawConcurrency
+		vars                     map[string]string
+		inputs                   map[string]any
+		runEvent                 webhook.HookEventType
+		expectedConcurrencyGroup string
+		expectedConcurrencyType  actions_model.ConcurrencyMode
+	}{
+		// Before the introduction of concurrency groups, push & pull_request_sync would cancel runs on the same repo,
+		// reference, workflow, and event -- these cases cover undefined concurrency group and backwards compatibility
+		// checks.
+		{
+			name:                     "backwards compatibility push",
+			runEvent:                 webhook.HookEventPush,
+			expectedConcurrencyGroup: "refs/head/main_testing.yml_push__auto",
+			expectedConcurrencyType:  actions_model.CancelInProgress,
+		},
+		{
+			name:                     "backwards compatibility pull_request_sync",
+			runEvent:                 webhook.HookEventPullRequestSync,
+			expectedConcurrencyGroup: "refs/head/main_testing.yml_pull_request_sync__auto",
+			expectedConcurrencyType:  actions_model.CancelInProgress,
+		},
+		{
+			name:                     "backwards compatibility other event",
+			runEvent:                 webhook.HookEventWorkflowDispatch,
+			expectedConcurrencyGroup: "refs/head/main_testing.yml_workflow_dispatch__auto",
+			expectedConcurrencyType:  actions_model.UnlimitedConcurrency,
+		},
+
+		{
+			name: "fully-specified cancel-in-progress",
+			concurrency: &act_model.RawConcurrency{
+				Group:            "abc",
+				CancelInProgress: "true",
+			},
+			runEvent:                 webhook.HookEventPullRequestSync,
+			expectedConcurrencyGroup: "abc",
+			expectedConcurrencyType:  actions_model.CancelInProgress,
+		},
+		{
+			name: "fully-specified queue-behind",
+			concurrency: &act_model.RawConcurrency{
+				Group:            "abc",
+				CancelInProgress: "false",
+			},
+			runEvent:                 webhook.HookEventPullRequestSync,
+			expectedConcurrencyGroup: "abc",
+			expectedConcurrencyType:  actions_model.QueueBehind,
+		},
+		{
+			name: "no concurrency group, cancel-in-progress: false",
+			concurrency: &act_model.RawConcurrency{
+				CancelInProgress: "false",
+			},
+			runEvent:                 webhook.HookEventPullRequestSync,
+			expectedConcurrencyGroup: "refs/head/main_testing.yml_pull_request_sync__auto",
+			expectedConcurrencyType:  actions_model.UnlimitedConcurrency,
+		},
+
+		{
+			name: "interpreted values",
+			concurrency: &act_model.RawConcurrency{
+				Group:            "${{ github.workflow }}-${{ github.ref }}",
+				CancelInProgress: "${{ !contains(github.ref, 'release/')}}",
+			},
+			runEvent:                 webhook.HookEventPullRequestSync,
+			expectedConcurrencyGroup: "testing.yml-refs/head/main",
+			expectedConcurrencyType:  actions_model.CancelInProgress,
+		},
+		{
+			name: "interpreted values with inputs and vars",
+			concurrency: &act_model.RawConcurrency{
+				Group: "${{ inputs.abc }}-${{ vars.def }}",
+			},
+			inputs:                   map[string]any{"abc": "123"},
+			vars:                     map[string]string{"def": "456"},
+			runEvent:                 webhook.HookEventPullRequestSync,
+			expectedConcurrencyGroup: "123-456",
+			expectedConcurrencyType:  actions_model.CancelInProgress,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			workflow := &act_model.Workflow{RawConcurrency: tc.concurrency}
+			run := &actions_model.ActionRun{
+				Ref:          "refs/head/main",
+				WorkflowID:   "testing.yml",
+				Event:        tc.runEvent,
+				TriggerEvent: string(tc.runEvent),
+				Repo:         &repo.Repository{},
+			}
+
+			err := ConfigureActionRunConcurrency(workflow, run, tc.vars, tc.inputs)
+			require.NoError(t, err)
+
+			if tc.expectedConcurrencyGroup == "" {
+				assert.Empty(t, run.ConcurrencyGroup, "empty ConcurrencyGroup")
+			} else {
+				assert.Equal(t, tc.expectedConcurrencyGroup, run.ConcurrencyGroup)
+			}
+			assert.Equal(t, tc.expectedConcurrencyType, run.ConcurrencyType)
+		})
+	}
+}
diff --git a/services/auth/auth.go b/services/auth/auth.go
index 85121b2d7f..dc7a283aa9 100644
--- a/services/auth/auth.go
+++ b/services/auth/auth.go
@@ -17,7 +17,7 @@ import (
 	"forgejo.org/modules/session"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/web/middleware"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	user_service "forgejo.org/services/user"
 )
 
@@ -101,7 +101,7 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore
 	middleware.SetLocaleCookie(resp, user.Language, 0)
 
 	// Clear whatever CSRF has right now, force to generate a new one
-	if ctx := gitea_context.GetWebContext(req); ctx != nil {
+	if ctx := app_context.GetWebContext(req); ctx != nil {
 		ctx.Csrf.DeleteCookie(ctx)
 	}
 }
diff --git a/services/auth/basic.go b/services/auth/basic.go
index 4ffe712744..f117494762 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -15,7 +15,6 @@ import (
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
-	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web/middleware"
 )
@@ -97,9 +96,8 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			return nil, err
 		}
 
-		token.UpdatedUnix = timeutil.TimeStampNow()
-		if err = auth_model.UpdateAccessToken(req.Context(), token); err != nil {
-			log.Error("UpdateAccessToken:  %v", err)
+		if err = token.UpdateLastUsed(req.Context()); err != nil {
+			log.Error("UpdateLastUsed:  %v", err)
 		}
 
 		store.GetData()["IsApiToken"] = true
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
index fa13c20a7f..ee9f64c91f 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@@ -16,7 +16,6 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
-	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web/middleware"
 	"forgejo.org/services/actions"
@@ -190,9 +189,8 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
 		}
 		return 0
 	}
-	t.UpdatedUnix = timeutil.TimeStampNow()
-	if err = auth_model.UpdateAccessToken(ctx, t); err != nil {
-		log.Error("UpdateAccessToken: %v", err)
+	if err := t.UpdateLastUsed(ctx); err != nil {
+		log.Error("UpdateLastUsed: %v", err)
 	}
 	store.GetData()["IsApiToken"] = true
 	store.GetData()["ApiTokenScope"] = t.Scope
diff --git a/services/auth/reverseproxy_test.go b/services/auth/reverseproxy_test.go
index cdcd845148..f6740a0134 100644
--- a/services/auth/reverseproxy_test.go
+++ b/services/auth/reverseproxy_test.go
@@ -22,7 +22,7 @@ func TestReverseProxyAuth(t *testing.T) {
 	defer test.MockVariableValue(&setting.Service.EnableReverseProxyFullName, true)()
 	require.NoError(t, unittest.PrepareTestDatabase())
 
-	require.NoError(t, db.TruncateBeans(db.DefaultContext, &user_model.User{}))
+	require.NoError(t, db.TruncateBeansCascade(db.DefaultContext, &user_model.User{}))
 	require.EqualValues(t, 0, user_model.CountUsers(db.DefaultContext, nil))
 
 	t.Run("First user should be admin", func(t *testing.T) {
diff --git a/services/context/repo.go b/services/context/repo.go
index e01e1ddafc..97ba21da09 100644
--- a/services/context/repo.go
+++ b/services/context/repo.go
@@ -750,7 +750,7 @@ func RepoAssignment(ctx *Context) context.CancelFunc {
 
 	// People who have push access or have forked repository can propose a new pull request.
 	canPush := ctx.Repo.CanWrite(unit_model.TypeCode) ||
-		(ctx.IsSigned && repo_model.HasForkedRepo(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID))
+		(ctx.IsSigned && repo_model.HasForkedRepoLax(ctx, ctx.Doer.ID, ctx.Repo.Repository))
 	canCompare := false
 
 	// Pull request is allowed if this is a fork repository
diff --git a/services/convert/convert.go b/services/convert/convert.go
index 2ea24a1b51..94e51de119 100644
--- a/services/convert/convert.go
+++ b/services/convert/convert.go
@@ -29,6 +29,8 @@ import (
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
 	"forgejo.org/services/gitdiff"
+
+	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
 )
 
 // ToEmail convert models.EmailAddress to api.Email
@@ -508,3 +510,27 @@ func ToChangedFile(f *gitdiff.DiffFile, repo *repo_model.Repository, commit stri
 
 	return file
 }
+
+func ToActionRunner(ctx context.Context, runner *actions_model.ActionRunner) *api.ActionRunner {
+	status := runner.Status()
+	apiStatus := "offline"
+	if runner.IsOnline() {
+		apiStatus = "online"
+	}
+	labels := make([]*api.ActionRunnerLabel, len(runner.AgentLabels))
+	for i, label := range runner.AgentLabels {
+		labels[i] = &api.ActionRunnerLabel{
+			ID:   int64(i),
+			Name: label,
+			Type: "custom",
+		}
+	}
+	return &api.ActionRunner{
+		ID:     runner.ID,
+		Name:   runner.Name,
+		Status: apiStatus,
+		Busy:   status == runnerv1.RunnerStatus_RUNNER_STATUS_ACTIVE,
+		// Ephemeral: runner.Ephemeral,
+		Labels: labels,
+	}
+}
diff --git a/services/convert/pull.go b/services/convert/pull.go
index ca965a0d18..41cbcc25aa 100644
--- a/services/convert/pull.go
+++ b/services/convert/pull.go
@@ -235,9 +235,10 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
 		// Calculate diff
 		startCommitID = pr.MergeBase
 
-		apiPullRequest.ChangedFiles, apiPullRequest.Additions, apiPullRequest.Deletions, err = gitRepo.GetDiffShortStat(startCommitID, endCommitID)
+		// startCommitID is already merge-base with endCommitID we can directly compare.
+		apiPullRequest.ChangedFiles, apiPullRequest.Additions, apiPullRequest.Deletions, err = gitRepo.GetShortStat(startCommitID, endCommitID, false)
 		if err != nil {
-			log.Error("GetDiffShortStat: %v", err)
+			log.Error("GetShortStat: %v", err)
 		}
 	}
 
diff --git a/services/doctor/dbconsistency.go b/services/doctor/dbconsistency.go
index 6fe4c9c5e6..d986558940 100644
--- a/services/doctor/dbconsistency.go
+++ b/services/doctor/dbconsistency.go
@@ -10,8 +10,8 @@ import (
 	activities_model "forgejo.org/models/activities"
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
+	"forgejo.org/models/gitea_migrations"
 	issues_model "forgejo.org/models/issues"
-	"forgejo.org/models/migrations"
 	org_model "forgejo.org/models/organization"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/log"
@@ -83,7 +83,7 @@ func checkDBConsistency(ctx context.Context, logger log.Logger, autofix bool) er
 		if err != nil {
 			return err
 		}
-		return migrations.EnsureUpToDate(engine)
+		return gitea_migrations.EnsureUpToDate(engine)
 	}
 	if err := db.InitEngineWithMigration(ctx, ensureUpToDateWrapper); err != nil {
 		logger.Critical("Model version on the database does not match the current Gitea version. Model consistency will not be checked until the database is upgraded")
@@ -121,6 +121,8 @@ func checkDBConsistency(ctx context.Context, logger log.Logger, autofix bool) er
 		// find tracked times without existing issues/pulls
 		genericOrphanCheck("Orphaned TrackedTimes without existing issue",
 			"tracked_time", "issue", "tracked_time.issue_id=issue.id"),
+		genericOrphanCheck("Orphaned TrackedTimes without existing user",
+			"tracked_time", "user", "tracked_time.user_id=`user`.id"),
 		// find attachments without existing issues or releases
 		{
 			Name:    "Orphaned Attachments without existing issues or releases",
diff --git a/services/doctor/dbversion.go b/services/doctor/dbversion.go
index c0ff22915d..c032a2c488 100644
--- a/services/doctor/dbversion.go
+++ b/services/doctor/dbversion.go
@@ -7,16 +7,16 @@ import (
 	"context"
 
 	"forgejo.org/models/db"
-	"forgejo.org/models/migrations"
+	"forgejo.org/models/gitea_migrations"
 	"forgejo.org/modules/log"
 
 	"xorm.io/xorm"
 )
 
 func checkDBVersion(ctx context.Context, logger log.Logger, autofix bool) error {
-	logger.Info("Expected database version: %d", migrations.ExpectedDBVersion())
+	logger.Info("Expected database version: %d", gitea_migrations.ExpectedDBVersion())
 	if err := db.InitEngineWithMigration(ctx, func(eng db.Engine) error {
-		return migrations.EnsureUpToDate(eng.(*xorm.Engine))
+		return gitea_migrations.EnsureUpToDate(eng.(*xorm.Engine))
 	}); err != nil {
 		if !autofix {
 			logger.Critical("Error: %v during ensure up to date", err)
@@ -26,7 +26,7 @@ func checkDBVersion(ctx context.Context, logger log.Logger, autofix bool) error
 		logger.Warn("Attempting to migrate to the latest DB version to fix this.")
 
 		err = db.InitEngineWithMigration(ctx, func(eng db.Engine) error {
-			return migrations.Migrate(eng.(*xorm.Engine))
+			return gitea_migrations.Migrate(eng.(*xorm.Engine))
 		})
 		if err != nil {
 			logger.Critical("Error: %v during migration", err)
diff --git a/services/forms/admin.go b/services/forms/admin.go
index 5a5d46634b..dc2cc9c909 100644
--- a/services/forms/admin.go
+++ b/services/forms/admin.go
@@ -53,6 +53,7 @@ type AdminEditUserForm struct {
 	ProhibitLogin           bool
 	Reset2FA                bool `form:"reset_2fa"`
 	Visibility              structs.VisibleType
+	HideEmail               bool `form:"hide_email"`
 }
 
 // Validate validates form fields
diff --git a/services/forms/repo_form.go b/services/forms/repo_form.go
index 11aac1fd52..e894b79a14 100644
--- a/services/forms/repo_form.go
+++ b/services/forms/repo_form.go
@@ -678,6 +678,7 @@ type UploadRepoFileForm struct {
 	CommitChoice  string `binding:"Required;MaxSize(50)"`
 	NewBranchName string `binding:"GitRefName;MaxSize(100)"`
 	Files         []string
+	FullPaths     []string
 	CommitMailID  int64 `binding:"Required"`
 	Signoff       bool
 }
diff --git a/services/gitdiff/gitdiff.go b/services/gitdiff/gitdiff.go
index 2f3d289c80..ae878a6b69 100644
--- a/services/gitdiff/gitdiff.go
+++ b/services/gitdiff/gitdiff.go
@@ -9,6 +9,7 @@ import (
 	"bytes"
 	"cmp"
 	"context"
+	"errors"
 	"fmt"
 	"html"
 	"html/template"
@@ -1285,31 +1286,21 @@ type PullDiffStats struct {
 
 // GetPullDiffStats
 func GetPullDiffStats(gitRepo *git.Repository, opts *DiffOptions) (*PullDiffStats, error) {
-	repoPath := gitRepo.Path
-
 	diff := &PullDiffStats{}
 
-	separator := "..."
-	if opts.DirectComparison {
-		separator = ".."
-	}
-
 	objectFormat, err := gitRepo.GetObjectFormat()
 	if err != nil {
 		return nil, err
 	}
 
-	diffPaths := []string{opts.BeforeCommitID + separator + opts.AfterCommitID}
 	if len(opts.BeforeCommitID) == 0 || opts.BeforeCommitID == objectFormat.EmptyObjectID().String() {
-		diffPaths = []string{objectFormat.EmptyTree().String(), opts.AfterCommitID}
+		opts.BeforeCommitID = objectFormat.EmptyTree().String()
+		opts.DirectComparison = true
 	}
 
-	diff.NumFiles, diff.TotalAddition, diff.TotalDeletion, err = git.GetDiffShortStat(gitRepo.Ctx, repoPath, nil, diffPaths...)
-	if err != nil && strings.Contains(err.Error(), "no merge base") {
-		// git >= 2.28 now returns an error if base and head have become unrelated.
-		// previously it would return the results of git diff --shortstat base head so let's try that...
-		diffPaths = []string{opts.BeforeCommitID, opts.AfterCommitID}
-		diff.NumFiles, diff.TotalAddition, diff.TotalDeletion, err = git.GetDiffShortStat(gitRepo.Ctx, repoPath, nil, diffPaths...)
+	diff.NumFiles, diff.TotalAddition, diff.TotalDeletion, err = gitRepo.GetShortStat(opts.BeforeCommitID, opts.AfterCommitID, !opts.DirectComparison)
+	if errors.Is(err, git.ErrNoMergebaseFound) {
+		diff.NumFiles, diff.TotalAddition, diff.TotalDeletion, err = gitRepo.GetShortStat(opts.BeforeCommitID, opts.AfterCommitID, false)
 	}
 	if err != nil {
 		return nil, err
diff --git a/services/issue/issue.go b/services/issue/issue.go
index 7071a912b0..24972c8f7a 100644
--- a/services/issue/issue.go
+++ b/services/issue/issue.go
@@ -265,6 +265,29 @@ func deleteIssue(ctx context.Context, issue *issues_model.Issue) error {
 		return err
 	}
 
+	// delete all database data still assigned to this issue
+	if err := db.DeleteBeans(ctx,
+		&issues_model.ContentHistory{IssueID: issue.ID},
+		&issues_model.Comment{IssueID: issue.ID},
+		&issues_model.IssueLabel{IssueID: issue.ID},
+		&issues_model.IssueDependency{IssueID: issue.ID},
+		&issues_model.IssueAssignees{IssueID: issue.ID},
+		&issues_model.IssueUser{IssueID: issue.ID},
+		&activities_model.Notification{IssueID: issue.ID},
+		&issues_model.Reaction{IssueID: issue.ID},
+		&issues_model.IssueWatch{IssueID: issue.ID},
+		&issues_model.Stopwatch{IssueID: issue.ID},
+		&issues_model.TrackedTime{IssueID: issue.ID},
+		&project_model.ProjectIssue{IssueID: issue.ID},
+		&repo_model.Attachment{IssueID: issue.ID},
+		&issues_model.PullRequest{IssueID: issue.ID},
+		&issues_model.Comment{RefIssueID: issue.ID},
+		&issues_model.IssueDependency{DependencyID: issue.ID},
+		&issues_model.Comment{DependentIssueID: issue.ID},
+	); err != nil {
+		return err
+	}
+
 	if _, err := e.ID(issue.ID).NoAutoCondition().Delete(issue); err != nil {
 		return err
 	}
@@ -298,29 +321,6 @@ func deleteIssue(ctx context.Context, issue *issues_model.Issue) error {
 		system_model.RemoveStorageWithNotice(ctx, storage.Attachments, "Delete issue attachment", issue.Attachments[i].RelativePath())
 	}
 
-	// delete all database data still assigned to this issue
-	if err := db.DeleteBeans(ctx,
-		&issues_model.ContentHistory{IssueID: issue.ID},
-		&issues_model.Comment{IssueID: issue.ID},
-		&issues_model.IssueLabel{IssueID: issue.ID},
-		&issues_model.IssueDependency{IssueID: issue.ID},
-		&issues_model.IssueAssignees{IssueID: issue.ID},
-		&issues_model.IssueUser{IssueID: issue.ID},
-		&activities_model.Notification{IssueID: issue.ID},
-		&issues_model.Reaction{IssueID: issue.ID},
-		&issues_model.IssueWatch{IssueID: issue.ID},
-		&issues_model.Stopwatch{IssueID: issue.ID},
-		&issues_model.TrackedTime{IssueID: issue.ID},
-		&project_model.ProjectIssue{IssueID: issue.ID},
-		&repo_model.Attachment{IssueID: issue.ID},
-		&issues_model.PullRequest{IssueID: issue.ID},
-		&issues_model.Comment{RefIssueID: issue.ID},
-		&issues_model.IssueDependency{DependencyID: issue.ID},
-		&issues_model.Comment{DependentIssueID: issue.ID},
-	); err != nil {
-		return err
-	}
-
 	return committer.Commit()
 }
 
diff --git a/services/issue/pull.go b/services/issue/pull.go
index 6245344ccb..fb68130433 100644
--- a/services/issue/pull.go
+++ b/services/issue/pull.go
@@ -6,7 +6,6 @@ package issue
 import (
 	"context"
 	"fmt"
-	"time"
 
 	issues_model "forgejo.org/models/issues"
 	org_model "forgejo.org/models/organization"
@@ -19,22 +18,6 @@ import (
 	"forgejo.org/modules/setting"
 )
 
-func getMergeBase(repo *git.Repository, pr *issues_model.PullRequest, baseBranch, headBranch string) (string, error) {
-	// Add a temporary remote
-	tmpRemote := fmt.Sprintf("mergebase-%d-%d", pr.ID, time.Now().UnixNano())
-	if err := repo.AddRemote(tmpRemote, repo.Path, false); err != nil {
-		return "", fmt.Errorf("AddRemote: %w", err)
-	}
-	defer func() {
-		if err := repo.RemoveRemote(tmpRemote); err != nil {
-			log.Error("getMergeBase: RemoveRemote: %v", err)
-		}
-	}()
-
-	mergeBase, _, err := repo.GetMergeBase(tmpRemote, baseBranch, headBranch)
-	return mergeBase, err
-}
-
 type ReviewRequestNotifier struct {
 	Comment    *issues_model.Comment
 	IsAdd      bool
@@ -81,8 +64,7 @@ func PullRequestCodeOwnersReview(ctx context.Context, issue *issues_model.Issue,
 		}
 	}
 
-	// get the mergebase
-	mergeBase, err := getMergeBase(repo, pr, git.BranchPrefix+pr.BaseBranch, pr.GetGitRefName())
+	mergeBase, err := repo.GetMergeBaseSimple(git.BranchPrefix+pr.BaseBranch, pr.GetGitRefName())
 	if err != nil {
 		return nil, err
 	}
diff --git a/services/mailer/mail.go b/services/mailer/mail.go
index c7dd9af6fa..36e198c57a 100644
--- a/services/mailer/mail.go
+++ b/services/mailer/mail.go
@@ -292,6 +292,11 @@ func composeIssueCommentMessages(ctx *mailCommentContext, lang string, recipient
 		"Language":        locale.Language(),
 		"CanReply":        setting.IncomingEmail.Enabled && commentType != issues_model.CommentTypePullRequestPush,
 	}
+	if closeIssueByCommit, ok := ctx.ActionAdditionalData.(ActionCloseIssueByCommit); ok {
+		mailMeta["CloseIssueByCommit"] = closeIssueByCommit.CommitID
+	} else {
+		mailMeta["CloseIssueByCommit"] = ""
+	}
 
 	var mailSubject bytes.Buffer
 	if err := subjectTemplates.ExecuteTemplate(&mailSubject, tplName, mailMeta); err == nil {
diff --git a/services/mailer/mail_issue.go b/services/mailer/mail_issue.go
index 0d8e054041..9a1c8be37e 100644
--- a/services/mailer/mail_issue.go
+++ b/services/mailer/mail_issue.go
@@ -25,6 +25,16 @@ func fallbackMailSubject(issue *issues_model.Issue) string {
 	return fmt.Sprintf("[%s] %s (Issue #%d)", issue.Repo.FullName(), issue.Title, issue.Index)
 }
 
+type ActionAdditionalData interface {
+	isActionAdditionalData()
+}
+
+type ActionCloseIssueByCommit struct {
+	CommitID string
+}
+
+func (ActionCloseIssueByCommit) isActionAdditionalData() {}
+
 type mailCommentContext struct {
 	context.Context
 	Issue                 *issues_model.Issue
@@ -33,6 +43,7 @@ type mailCommentContext struct {
 	Content               string
 	Comment               *issues_model.Comment
 	ForceDoerNotification bool
+	ActionAdditionalData  ActionAdditionalData
 }
 
 const (
@@ -174,7 +185,7 @@ func mailIssueCommentBatch(ctx *mailCommentContext, users []*user_model.User, vi
 
 // MailParticipants sends new issue thread created emails to repository watchers
 // and mentioned people.
-func MailParticipants(ctx context.Context, issue *issues_model.Issue, doer *user_model.User, opType activities_model.ActionType, mentions []*user_model.User) error {
+func MailParticipants(ctx context.Context, issue *issues_model.Issue, doer *user_model.User, opType activities_model.ActionType, mentions []*user_model.User, additionalData ActionAdditionalData) error {
 	if setting.MailService == nil {
 		// No mail service configured
 		return nil
@@ -196,6 +207,7 @@ func MailParticipants(ctx context.Context, issue *issues_model.Issue, doer *user
 			Content:               content,
 			Comment:               nil,
 			ForceDoerNotification: forceDoerNotification,
+			ActionAdditionalData:  additionalData,
 		}, mentions); err != nil {
 		log.Error("mailIssueCommentToParticipants: %v", err)
 	}
diff --git a/services/mailer/mail_issue_test.go b/services/mailer/mail_issue_test.go
new file mode 100644
index 0000000000..ad9e0aa525
--- /dev/null
+++ b/services/mailer/mail_issue_test.go
@@ -0,0 +1,61 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package mailer_test
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	issues_model "forgejo.org/models/issues"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	issue_service "forgejo.org/services/issue"
+	"forgejo.org/services/mailer"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCloseIssue(t *testing.T) {
+	defer require.NoError(t, unittest.PrepareTestDatabase())
+
+	called := false
+	defer mailer.MockMailSettings(func(msgs ...*mailer.Message) {
+		require.Len(t, msgs, 3)
+		msg := msgs[0]
+		assert.Equal(t, "Re: [user2/repo1] issue1 (Issue #1)", msg.Subject)
+		mailer.AssertTranslatedLocale(t, msg.Body, "mail.issue.action.close")
+		assert.Contains(t, msg.Body, "closed #1.")
+		called = true
+	})()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 1})
+	err := issue_service.ChangeStatus(db.DefaultContext, issue, user, "", true)
+	require.NoError(t, err)
+	assert.True(t, called)
+}
+
+func TestCloseIssueByCommit(t *testing.T) {
+	defer require.NoError(t, unittest.PrepareTestDatabase())
+
+	called := false
+	defer mailer.MockMailSettings(func(msgs ...*mailer.Message) {
+		require.Len(t, msgs, 3)
+		msg := msgs[0]
+		assert.Equal(t, "Re: [user2/repo1] issue1 (Issue #1)", msg.Subject)
+		mailer.AssertTranslatedLocale(t, msg.Body, "mail.issue.action.close_by_commit")
+		assert.Contains(t, msg.Body, "closed")
+		assert.Contains(t, msg.Body, "#1")
+		assert.Contains(t, msg.Body, "in commit")
+		assert.Contains(t, msg.Body, "abc123def")
+		called = true
+	})()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 1})
+	err := issue_service.ChangeStatus(db.DefaultContext, issue, user, "abc123def", true)
+	require.NoError(t, err)
+	assert.True(t, called)
+}
diff --git a/services/mailer/mail_test.go b/services/mailer/mail_test.go
index bd8692c19a..9beaa16a25 100644
--- a/services/mailer/mail_test.go
+++ b/services/mailer/mail_test.go
@@ -239,6 +239,13 @@ func TestMailerIssueTemplate(t *testing.T) {
 		Content: rejectComment.Content, Comment: rejectComment,
 	})
 	expect(t, msg, pull, rejectComment.Content)
+
+	msg = testCompose(t, &mailCommentContext{
+		Issue: issue, Doer: doer, ActionType: activities_model.ActionCloseIssue,
+		Content: comment.Content, Comment: comment,
+		ActionAdditionalData: ActionCloseIssueByCommit{CommitID: "abc123def"},
+	})
+	expect(t, msg, issue, comment.Content, "abc123def")
 }
 
 func TestTemplateSelection(t *testing.T) {
diff --git a/services/mailer/notify.go b/services/mailer/notify.go
index 640de31fcc..271ec8bc78 100644
--- a/services/mailer/notify.go
+++ b/services/mailer/notify.go
@@ -50,13 +50,14 @@ func (m *mailNotifier) CreateIssueComment(ctx context.Context, doer *user_model.
 }
 
 func (m *mailNotifier) NewIssue(ctx context.Context, issue *issues_model.Issue, mentions []*user_model.User) {
-	if err := MailParticipants(ctx, issue, issue.Poster, activities_model.ActionCreateIssue, mentions); err != nil {
+	if err := MailParticipants(ctx, issue, issue.Poster, activities_model.ActionCreateIssue, mentions, nil); err != nil {
 		log.Error("MailParticipants: %v", err)
 	}
 }
 
 func (m *mailNotifier) IssueChangeStatus(ctx context.Context, doer *user_model.User, commitID string, issue *issues_model.Issue, actionComment *issues_model.Comment, isClosed bool) {
 	var actionType activities_model.ActionType
+	var actionAdditionalData ActionAdditionalData
 	if issue.IsPull {
 		if isClosed {
 			actionType = activities_model.ActionClosePullRequest
@@ -66,12 +67,17 @@ func (m *mailNotifier) IssueChangeStatus(ctx context.Context, doer *user_model.U
 	} else {
 		if isClosed {
 			actionType = activities_model.ActionCloseIssue
+			if commitID != "" {
+				// An issue being closed *and* a commitID being present means that the issue was closed by a PR or
+				// commit message that closed it by reference.
+				actionAdditionalData = ActionCloseIssueByCommit{CommitID: commitID}
+			}
 		} else {
 			actionType = activities_model.ActionReopenIssue
 		}
 	}
 
-	if err := MailParticipants(ctx, issue, doer, actionType, nil); err != nil {
+	if err := MailParticipants(ctx, issue, doer, actionType, nil, actionAdditionalData); err != nil {
 		log.Error("MailParticipants: %v", err)
 	}
 }
@@ -82,14 +88,14 @@ func (m *mailNotifier) IssueChangeTitle(ctx context.Context, doer *user_model.Us
 		return
 	}
 	if issue.IsPull && issues_model.HasWorkInProgressPrefix(oldTitle) && !issue.PullRequest.IsWorkInProgress(ctx) {
-		if err := MailParticipants(ctx, issue, doer, activities_model.ActionPullRequestReadyForReview, nil); err != nil {
+		if err := MailParticipants(ctx, issue, doer, activities_model.ActionPullRequestReadyForReview, nil, nil); err != nil {
 			log.Error("MailParticipants: %v", err)
 		}
 	}
 }
 
 func (m *mailNotifier) NewPullRequest(ctx context.Context, pr *issues_model.PullRequest, mentions []*user_model.User) {
-	if err := MailParticipants(ctx, pr.Issue, pr.Issue.Poster, activities_model.ActionCreatePullRequest, mentions); err != nil {
+	if err := MailParticipants(ctx, pr.Issue, pr.Issue.Poster, activities_model.ActionCreatePullRequest, mentions, nil); err != nil {
 		log.Error("MailParticipants: %v", err)
 	}
 }
@@ -139,7 +145,7 @@ func (m *mailNotifier) MergePullRequest(ctx context.Context, doer *user_model.Us
 		log.Error("LoadIssue: %v", err)
 		return
 	}
-	if err := MailParticipants(ctx, pr.Issue, doer, activities_model.ActionMergePullRequest, nil); err != nil {
+	if err := MailParticipants(ctx, pr.Issue, doer, activities_model.ActionMergePullRequest, nil, nil); err != nil {
 		log.Error("MailParticipants: %v", err)
 	}
 }
@@ -149,7 +155,7 @@ func (m *mailNotifier) AutoMergePullRequest(ctx context.Context, doer *user_mode
 		log.Error("pr.LoadIssue: %v", err)
 		return
 	}
-	if err := MailParticipants(ctx, pr.Issue, doer, activities_model.ActionAutoMergePullRequest, nil); err != nil {
+	if err := MailParticipants(ctx, pr.Issue, doer, activities_model.ActionAutoMergePullRequest, nil, nil); err != nil {
 		log.Error("MailParticipants: %v", err)
 	}
 }
diff --git a/services/markup/processorhelper.go b/services/markup/processorhelper.go
index 2f1b1e738c..ea747645b0 100644
--- a/services/markup/processorhelper.go
+++ b/services/markup/processorhelper.go
@@ -15,7 +15,7 @@ import (
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/markup"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	file_service "forgejo.org/services/repository/files"
 )
 
@@ -28,7 +28,7 @@ func ProcessorHelper() *markup.ProcessorHelper {
 				return false
 			}
 
-			giteaCtx, ok := ctx.(*gitea_context.Context)
+			giteaCtx, ok := ctx.(*app_context.Context)
 			if !ok {
 				// when using general context, use user's visibility to check
 				return mentionedUser.Visibility.IsPublic()
@@ -45,7 +45,7 @@ func ProcessorHelper() *markup.ProcessorHelper {
 
 			var user *user.User
 
-			giteaCtx, ok := ctx.(*gitea_context.Context)
+			giteaCtx, ok := ctx.(*app_context.Context)
 			if ok {
 				user = giteaCtx.Doer
 			}
diff --git a/services/markup/processorhelper_test.go b/services/markup/processorhelper_test.go
index 8195451746..2494306d07 100644
--- a/services/markup/processorhelper_test.go
+++ b/services/markup/processorhelper_test.go
@@ -11,7 +11,7 @@ import (
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
 	"forgejo.org/models/user"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/services/contexttest"
 
 	"github.com/stretchr/testify/assert"
@@ -40,9 +40,9 @@ func TestProcessorHelper(t *testing.T) {
 	// when using web context, use user.IsUserVisibleToViewer to check
 	req, err := http.NewRequest("GET", "/", nil)
 	require.NoError(t, err)
-	base, baseCleanUp := gitea_context.NewBaseContext(httptest.NewRecorder(), req)
+	base, baseCleanUp := app_context.NewBaseContext(httptest.NewRecorder(), req)
 	defer baseCleanUp()
-	giteaCtx := gitea_context.NewWebContext(base, &contexttest.MockRender{}, nil)
+	giteaCtx := app_context.NewWebContext(base, &contexttest.MockRender{}, nil)
 
 	assert.True(t, ProcessorHelper().IsUsernameMentionable(giteaCtx, userPublic))
 	assert.False(t, ProcessorHelper().IsUsernameMentionable(giteaCtx, userPrivate))
diff --git a/services/migrations/lint-locale-usage/llu.go b/services/migrations/lint-locale-usage/llu.go
new file mode 100644
index 0000000000..e0ed031cbe
--- /dev/null
+++ b/services/migrations/lint-locale-usage/llu.go
@@ -0,0 +1,45 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package lintLocaleUsage
+
+import (
+	"go/ast"
+	"go/token"
+
+	llu "forgejo.org/build/lint-locale-usage"
+	"forgejo.org/modules/container"
+)
+
+// special case: services/migrations/migrate.go
+func HandleMessengerInFunc(handler llu.Handler, fset *token.FileSet, n2 *ast.FuncDecl) {
+	messenger := make(container.Set[string])
+	for _, i := range n2.Type.Params.List {
+		if ret, ok := i.Type.(*ast.SelectorExpr); ok && ret.Sel.Name == "Messenger" {
+			if ret, ok := ret.X.(*ast.Ident); ok && ret.Name == "base" {
+				for _, j := range i.Names {
+					messenger.Add(j.Name)
+				}
+			}
+		}
+	}
+	if len(messenger) == 0 {
+		return
+	}
+	ast.Inspect(n2.Body, func(n ast.Node) bool {
+		// search for "messenger" function calls
+		call, ok := n.(*ast.CallExpr)
+		if !ok {
+			return true
+		}
+		if ret, ok := call.Fun.(*ast.Ident); !(ok && messenger.Contains(ret.Name)) {
+			return true
+		}
+		if len(call.Args) != 1 {
+			handler.OnWarning(fset, call.Lparen, "unexpected invocation of base.Messenger (expected exactly 1 argument)")
+			return true
+		}
+		handler.HandleGoTrArgument(fset, call.Args[0], "")
+		return true
+	})
+}
diff --git a/services/notify/notify.go b/services/notify/notify.go
index 02c18272cb..3ca704f717 100644
--- a/services/notify/notify.go
+++ b/services/notify/notify.go
@@ -5,6 +5,7 @@ package notify
 
 import (
 	"context"
+	"slices"
 
 	actions_model "forgejo.org/models/actions"
 	issues_model "forgejo.org/models/issues"
@@ -24,6 +25,13 @@ func RegisterNotifier(notifier Notifier) {
 	notifiers = append(notifiers, notifier)
 }
 
+// Intended for undoing RegisterNotifier in tests only, not for production usage
+func UnregisterNotifier(notifier Notifier) {
+	notifiers = slices.DeleteFunc(notifiers, func(maybeNotifier Notifier) bool {
+		return notifier == maybeNotifier
+	})
+}
+
 // NewWikiPage notifies creating new wiki pages to notifiers
 func NewWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, page, comment string) {
 	for _, notifier := range notifiers {
diff --git a/services/packages/cleanup/cleanup.go b/services/packages/cleanup/cleanup.go
index 03ad853216..d938ac6970 100644
--- a/services/packages/cleanup/cleanup.go
+++ b/services/packages/cleanup/cleanup.go
@@ -69,7 +69,8 @@ func ExecuteCleanupRules(outerCtx context.Context) error {
 				return fmt.Errorf("CleanupRule [%d]: SearchVersions failed: %w", pcr.ID, err)
 			}
 			versionDeleted := false
-			for _, pv := range pvs[pcr.KeepCount:] {
+			keep := min(len(pvs), pcr.KeepCount)
+			for _, pv := range pvs[keep:] {
 				if pcr.Type == packages_model.TypeContainer {
 					if skip, err := container_service.ShouldBeSkipped(ctx, pcr, p, pv); err != nil {
 						return fmt.Errorf("CleanupRule [%d]: container.ShouldBeSkipped failed: %w", pcr.ID, err)
diff --git a/services/packages/debian/notifier.go b/services/packages/debian/notifier.go
new file mode 100644
index 0000000000..96a4ede7da
--- /dev/null
+++ b/services/packages/debian/notifier.go
@@ -0,0 +1,55 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package debian
+
+import (
+	"context"
+
+	packages_model "forgejo.org/models/packages"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/log"
+	debian_module "forgejo.org/modules/packages/debian"
+	"forgejo.org/services/notify"
+)
+
+func init() {
+	notify.RegisterNotifier(&debianPackageNotifier{})
+}
+
+type debianPackageNotifier struct {
+	notify.NullNotifier
+}
+
+func (m *debianPackageNotifier) PackageDelete(ctx context.Context, doer *user_model.User, pd *packages_model.PackageDescriptor) {
+	rebuildFromPackageEvent(ctx, pd)
+}
+
+func rebuildFromPackageEvent(ctx context.Context, pd *packages_model.PackageDescriptor) {
+	if pd.Package == nil || pd.Package.Type != packages_model.TypeDebian {
+		return
+	}
+
+	pv, err := GetOrCreateRepositoryVersion(ctx, pd.Owner.ID)
+	if err != nil {
+		log.Error("GetOrCreateRepositoryVersion failed with error: %v", err)
+		return
+	}
+
+	for _, file := range pd.Files {
+		distribution := file.Properties.GetByName(debian_module.PropertyDistribution)
+		component := file.Properties.GetByName(debian_module.PropertyComponent)
+		architecture := file.Properties.GetByName(debian_module.PropertyArchitecture)
+
+		if distribution == "" || component == "" || architecture == "" {
+			log.Warn("Debian package had file missing all expected properties; distribution = %q, component = %q, architecture = %q", distribution, component, architecture)
+			return
+		}
+
+		log.Trace("Debian package change triggered rebuild of repository index for distribution = %q, component = %q, architecture = %q", distribution, component, architecture)
+		err = buildRepositoryFiles(ctx, pd.Owner.ID, pv, distribution, component, architecture)
+		if err != nil {
+			log.Error("buildRepositoryFiles failed with error: %v", err)
+		}
+	}
+}
diff --git a/services/pull/pull.go b/services/pull/pull.go
index c1fe6c6b55..6a6be319c4 100644
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@@ -28,7 +28,7 @@ import (
 	repo_module "forgejo.org/modules/repository"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/sync"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	issue_service "forgejo.org/services/issue"
 	notify_service "forgejo.org/services/notify"
 )
@@ -911,7 +911,7 @@ type CommitInfo struct {
 // GetPullCommits returns all commits on given pull request and the last review commit sha
 // Attention: The last review commit sha must be from the latest review whose commit id is not empty.
 // So the type of the latest review cannot be "ReviewTypeRequest".
-func GetPullCommits(ctx *gitea_context.Context, issue *issues_model.Issue) ([]CommitInfo, string, error) {
+func GetPullCommits(ctx *app_context.Context, issue *issues_model.Issue) ([]CommitInfo, string, error) {
 	pull := issue.PullRequest
 
 	baseGitRepo := ctx.Repo.GitRepo
diff --git a/services/repository/adopt_test.go b/services/repository/adopt_test.go
index a66b4c5ac0..79e4fc0023 100644
--- a/services/repository/adopt_test.go
+++ b/services/repository/adopt_test.go
@@ -69,7 +69,7 @@ func TestCheckUnadoptedRepositories(t *testing.T) {
 func TestListUnadoptedRepositories_ListOptions(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	username := "user2"
-	unadoptedList := []string{path.Join(username, "unadopted1"), path.Join(username, "unadopted2")}
+	unadoptedList := []string{path.Join(username, "rendering-test"), path.Join(username, "unadopted1"), path.Join(username, "unadopted2")}
 	for _, unadopted := range unadoptedList {
 		_ = os.Mkdir(path.Join(setting.RepoRootPath, unadopted+".git"), 0o755)
 	}
@@ -77,13 +77,13 @@ func TestListUnadoptedRepositories_ListOptions(t *testing.T) {
 	opts := db.ListOptions{Page: 1, PageSize: 1}
 	repoNames, count, err := ListUnadoptedRepositories(db.DefaultContext, "", &opts)
 	require.NoError(t, err)
-	assert.Equal(t, 2, count)
+	assert.Equal(t, 3, count)
 	assert.Equal(t, unadoptedList[0], repoNames[0])
 
 	opts = db.ListOptions{Page: 2, PageSize: 1}
 	repoNames, count, err = ListUnadoptedRepositories(db.DefaultContext, "", &opts)
 	require.NoError(t, err)
-	assert.Equal(t, 2, count)
+	assert.Equal(t, 3, count)
 	assert.Equal(t, unadoptedList[1], repoNames[0])
 }
 
@@ -97,7 +97,7 @@ func TestAdoptRepository(t *testing.T) {
 		path.Join(setting.RepoRootPath, username, unadopted+".git"),
 	))
 
-	opts := db.ListOptions{Page: 1, PageSize: 1}
+	opts := db.ListOptions{Page: 2, PageSize: 1}
 	repoNames, _, err := ListUnadoptedRepositories(db.DefaultContext, "", &opts)
 	require.NoError(t, err)
 	require.Contains(t, repoNames, path.Join(username, unadopted))
diff --git a/services/repository/delete.go b/services/repository/delete.go
index f4124fb9e2..c826842d70 100644
--- a/services/repository/delete.go
+++ b/services/repository/delete.go
@@ -95,16 +95,6 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 		return err
 	}
 
-	if cnt, err := sess.ID(repoID).Delete(&repo_model.Repository{}); err != nil {
-		return err
-	} else if cnt != 1 {
-		return repo_model.ErrRepoNotExist{
-			ID:        repoID,
-			OwnerName: "",
-			Name:      "",
-		}
-	}
-
 	if org != nil && org.IsOrganization() {
 		teams, err := organization.FindOrgTeams(ctx, org.ID)
 		if err != nil {
@@ -193,6 +183,16 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 		return fmt.Errorf("deleteBeans: %w", err)
 	}
 
+	if cnt, err := sess.ID(repoID).Delete(&repo_model.Repository{}); err != nil {
+		return err
+	} else if cnt != 1 {
+		return repo_model.ErrRepoNotExist{
+			ID:        repoID,
+			OwnerName: "",
+			Name:      "",
+		}
+	}
+
 	// Delete Labels and related objects
 	if err := issues_model.DeleteLabelsByRepoID(ctx, repoID); err != nil {
 		return err
diff --git a/services/repository/files/pathutils.go b/services/repository/files/pathutils.go
new file mode 100644
index 0000000000..669ca50d70
--- /dev/null
+++ b/services/repository/files/pathutils.go
@@ -0,0 +1,61 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+package files
+
+import (
+	"fmt"
+	"path"
+	"strings"
+)
+
+// This is keep in for the case that in the future, parts of the filenames need sanitizing
+// var fileNameComponentSanitizeRegexp = regexp.MustCompile(`(?i)[<>:\"/\\|?*\x{0000}-\x{001F}]|^(con|prn|aux|nul|com\d|lpt\d)$`)
+
+// SanitizePath cleans and validates a file path
+func SanitizePath(inputPath string) (string, error) {
+	// Normalize path separators
+	s := strings.ReplaceAll(inputPath, "\\", "/")
+
+	// We don't want a / or \\ as the beginning of a path
+	if strings.HasPrefix(inputPath, "/") {
+		return "", fmt.Errorf("path starts with / : %s", inputPath)
+	}
+
+	// Make path temporarily absolute to ensure proper cleaning of all components
+	temp := "/" + s
+
+	// Clean the path (this will properly handle ../.. components when absolute)
+	temp = path.Clean(temp)
+
+	// Remove the leading / to make it relative again
+	s = strings.TrimPrefix(temp, "/")
+
+	// If the cleaned path is empty or becomes root, it's invalid
+	if s == "" {
+		return "", fmt.Errorf("path resolves to root or becomes empty after cleaning")
+	}
+
+	// Split the path components
+	pathComponents := strings.Split(s, "/")
+	// Sanitize each path component
+	var sanitizedComponents []string
+	for _, component := range pathComponents {
+		// Alternaitve option if parts of the filenames need sanitizing (Trim whitespace and apply regex sanitization)
+		// sanitizedComponent := strings.TrimSpace(fileNameComponentSanitizeRegexp.ReplaceAllString(component, "_"))
+
+		// Trim whitespace
+		sanitizedComponent := strings.TrimSpace(component)
+
+		// Skip empty components after sanitization
+		if sanitizedComponent != "" {
+			sanitizedComponents = append(sanitizedComponents, sanitizedComponent)
+		}
+	}
+	// Check if we have any components left after sanitization
+	if len(sanitizedComponents) == 0 {
+		return "", fmt.Errorf("path became empty after sanitization")
+	}
+	// Reconstruct the path
+	reconstructedPath := path.Join(sanitizedComponents...)
+	return reconstructedPath, nil
+}
diff --git a/services/repository/files/temp_repo.go b/services/repository/files/temp_repo.go
index 64d3e5887d..3ce6a3413c 100644
--- a/services/repository/files/temp_repo.go
+++ b/services/repository/files/temp_repo.go
@@ -358,7 +358,7 @@ func (t *TemporaryUploadRepository) DiffIndex() (*gitdiff.Diff, error) {
 		return nil, fmt.Errorf("unable to run diff-index pipeline in temporary repo: %w", err)
 	}
 
-	diff.NumFiles, diff.TotalAddition, diff.TotalDeletion, err = git.GetDiffShortStat(t.ctx, t.basePath, git.TrustedCmdArgs{"--cached"}, "HEAD")
+	diff.NumFiles, diff.TotalAddition, diff.TotalDeletion, err = git.GetIndexShortStat(t.ctx, t.basePath, "HEAD")
 	if err != nil {
 		return nil, err
 	}
diff --git a/services/repository/files/upload.go b/services/repository/files/upload.go
index 6359087e88..032cb107ad 100644
--- a/services/repository/files/upload.go
+++ b/services/repository/files/upload.go
@@ -28,6 +28,7 @@ type UploadRepoFileOptions struct {
 	Author       *IdentityOptions
 	Committer    *IdentityOptions
 	Files        []string // In UUID format.
+	FullPaths    []string
 	Signoff      bool
 }
 
@@ -56,16 +57,25 @@ func UploadRepoFiles(ctx context.Context, repo *repo_model.Repository, doer *use
 		return nil
 	}
 
-	uploads, err := repo_model.GetUploadsByUUIDs(ctx, opts.Files)
-	if err != nil {
-		return fmt.Errorf("GetUploadsByUUIDs [uuids: %v]: %w", opts.Files, err)
+	if len(opts.Files) != len(opts.FullPaths) {
+		return fmt.Errorf("the length of opts.Files and opts.FullPaths is not the same")
 	}
 
-	names := make([]string, len(uploads))
-	infos := make([]uploadInfo, len(uploads))
-	for i, upload := range uploads {
+	uploads := make([]*repo_model.Upload, len(opts.Files))
+	names := make([]string, len(opts.Files))
+	infos := make([]uploadInfo, len(opts.Files))
+	var err error
+	for i := 0; i < len(opts.Files); i++ {
+		uploads[i], err = repo_model.GetUploadByUUID(ctx, opts.Files[i])
+		if err != nil {
+			return fmt.Errorf("GetUploadByUUID [uuids: %v]: %w", opts.Files[i], err)
+		}
+		uploads[i].Name, err = SanitizePath(opts.FullPaths[i])
+		if err != nil {
+			return fmt.Errorf("SanitizePath [path: %v]: %w", opts.FullPaths[i], err)
+		}
 		// Check file is not lfs locked, will return nil if lock setting not enabled
-		filepath := path.Join(opts.TreePath, upload.Name)
+		filepath := path.Join(opts.TreePath, uploads[i].Name)
 		lfsLock, err := git_model.GetTreePathLock(ctx, repo.ID, filepath)
 		if err != nil {
 			return err
@@ -78,8 +88,8 @@ func UploadRepoFiles(ctx context.Context, repo *repo_model.Repository, doer *use
 			return git_model.ErrLFSFileLocked{RepoID: repo.ID, Path: filepath, UserName: u.Name}
 		}
 
-		names[i] = upload.Name
-		infos[i] = uploadInfo{upload: upload}
+		names[i] = uploads[i].Name
+		infos[i] = uploadInfo{upload: uploads[i]}
 	}
 
 	t, err := NewTemporaryUploadRepository(ctx, repo)
diff --git a/services/user/TestDeleteUser/stopwatch.yml b/services/user/TestDeleteUser/stopwatch.yml
new file mode 100644
index 0000000000..23fa9b9fc1
--- /dev/null
+++ b/services/user/TestDeleteUser/stopwatch.yml
@@ -0,0 +1,5 @@
+-
+  id: 10
+  user_id: 4
+  issue_id: 1
+  created_unix: 1500988001
diff --git a/services/user/TestDeleteUser/tracked_time.yml b/services/user/TestDeleteUser/tracked_time.yml
new file mode 100644
index 0000000000..7964dd9457
--- /dev/null
+++ b/services/user/TestDeleteUser/tracked_time.yml
@@ -0,0 +1,7 @@
+-
+  id: 10
+  user_id: 8
+  issue_id: 22
+  time: 401
+  created_unix: 946684800
+  deleted: false
diff --git a/services/user/delete.go b/services/user/delete.go
index bed7abde07..4801c6a29c 100644
--- a/services/user/delete.go
+++ b/services/user/delete.go
@@ -102,6 +102,12 @@ func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
 		return fmt.Errorf("deleteBeans: %w", err)
 	}
 
+	// Retain the fact that time was tracked, but set DB's `user_id` to NULL.
+	_, err = e.Table(&issues_model.TrackedTime{}).Where("user_id = ?", u.ID).Update(map[string]any{"user_id": nil})
+	if err != nil {
+		return fmt.Errorf("update tracked_time user_id: %w", err)
+	}
+
 	if err := auth_model.DeleteOAuth2RelictsByUserID(ctx, u.ID); err != nil {
 		return err
 	}
diff --git a/services/user/user_test.go b/services/user/user_test.go
index 7240813411..96d96d8055 100644
--- a/services/user/user_test.go
+++ b/services/user/user_test.go
@@ -15,6 +15,7 @@ import (
 	asymkey_model "forgejo.org/models/asymkey"
 	"forgejo.org/models/auth"
 	"forgejo.org/models/db"
+	"forgejo.org/models/issues"
 	"forgejo.org/models/moderation"
 	"forgejo.org/models/organization"
 	repo_model "forgejo.org/models/repo"
@@ -37,38 +38,81 @@ func TestMain(m *testing.M) {
 }
 
 func TestDeleteUser(t *testing.T) {
-	test := func(userID int64) {
-		require.NoError(t, unittest.PrepareTestDatabase())
-		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID})
+	// Note: an earlier revision of TestDeleteUser also tested for deleting user 2, but then failed to remove them from
+	// all organizations because ErrLastOrgOwner and considered a successful test -- since that didn't actually test
+	// DeleteUser in any way, that case has been removed from TestDeleteUser.
 
-		ownedRepos := make([]*repo_model.Repository, 0, 10)
-		require.NoError(t, db.GetEngine(db.DefaultContext).Find(&ownedRepos, &repo_model.Repository{OwnerID: userID}))
-		if len(ownedRepos) > 0 {
-			err := DeleteUser(db.DefaultContext, user, false)
-			require.Error(t, err)
-			assert.True(t, models.IsErrUserOwnRepos(err))
-			return
-		}
-
-		orgUsers := make([]*organization.OrgUser, 0, 10)
-		require.NoError(t, db.GetEngine(db.DefaultContext).Find(&orgUsers, &organization.OrgUser{UID: userID}))
-		for _, orgUser := range orgUsers {
-			if err := models.RemoveOrgUser(db.DefaultContext, orgUser.OrgID, orgUser.UID); err != nil {
-				assert.True(t, organization.IsErrLastOrgOwner(err))
-				return
-			}
-		}
-		require.NoError(t, DeleteUser(db.DefaultContext, user, false))
-		unittest.AssertNotExistsBean(t, &user_model.User{ID: userID})
-		unittest.CheckConsistencyFor(t, &user_model.User{}, &repo_model.Repository{})
+	testCases := []struct {
+		userID          int64
+		errUserOwnRepos bool
+		errContains     string
+	}{
+		{
+			userID:      3,
+			errContains: "is an organization not a user",
+		},
+		{
+			userID: 4,
+		},
+		{
+			userID: 8,
+		},
+		{
+			userID:          11,
+			errUserOwnRepos: true,
+		},
 	}
-	test(2)
-	test(4)
-	test(8)
-	test(11)
+	for _, tc := range testCases {
+		t.Run(fmt.Sprintf("delete %d", tc.userID), func(t *testing.T) {
+			defer unittest.OverrideFixtures("services/user/TestDeleteUser")()
+			require.NoError(t, unittest.PrepareTestDatabase())
+			user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: tc.userID})
 
-	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})
-	require.Error(t, DeleteUser(db.DefaultContext, org, false))
+			// Remove user from all organizations first
+			orgUsers := make([]*organization.OrgUser, 0, 10)
+			require.NoError(t, db.GetEngine(db.DefaultContext).Find(&orgUsers, &organization.OrgUser{UID: tc.userID}))
+			for _, orgUser := range orgUsers {
+				err := models.RemoveOrgUser(db.DefaultContext, orgUser.OrgID, orgUser.UID)
+				require.NoError(t, err)
+			}
+
+			err := DeleteUser(db.DefaultContext, user, false)
+			if tc.errUserOwnRepos {
+				require.Error(t, err)
+				assert.True(t, models.IsErrUserOwnRepos(err), "IsErrUserOwnRepos: %v", err)
+			} else if tc.errContains != "" {
+				assert.ErrorContains(t, err, tc.errContains)
+			} else {
+				require.NoError(t, err)
+				unittest.AssertNotExistsBean(t, &user_model.User{ID: tc.userID})
+				unittest.CheckConsistencyFor(t, &user_model.User{}, &repo_model.Repository{})
+			}
+		})
+	}
+}
+
+func TestDeleteUserRetainsTrackedTime(t *testing.T) {
+	defer unittest.OverrideFixtures("services/user/TestDeleteUser")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 8})
+
+	err := DeleteUser(db.DefaultContext, user, false)
+	require.NoError(t, err)
+
+	time := make([]*issues.TrackedTime, 0, 10)
+	err = db.GetEngine(db.DefaultContext).Find(&time, &issues.TrackedTime{IssueID: 22})
+	require.NoError(t, err)
+	require.Len(t, time, 1)
+	tt := time[0]
+	assert.EqualValues(t, 0, tt.UserID)
+	assert.EqualValues(t, 22, tt.IssueID)
+	assert.EqualValues(t, 401, tt.Time)
+
+	// Make sure other tracked time wasn't affected
+	time = make([]*issues.TrackedTime, 0, 10)
+	err = db.GetEngine(db.DefaultContext).Find(&time, &issues.TrackedTime{UserID: 2})
+	require.NoError(t, err)
+	assert.Len(t, time, 5)
 }
 
 func TestPurgeUser(t *testing.T) {
diff --git a/services/webhook/discord.go b/services/webhook/discord.go
index 7259c4a995..330498f630 100644
--- a/services/webhook/discord.go
+++ b/services/webhook/discord.go
@@ -24,7 +24,7 @@ import (
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
 	webhook_module "forgejo.org/modules/webhook"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/services/forms"
 	"forgejo.org/services/webhook/shared"
 
@@ -47,7 +47,7 @@ var _ binding.Validator = &discordForm{}
 
 // Validate implements binding.Validator.
 func (d *discordForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
-	ctx := gitea_context.GetWebContext(req)
+	ctx := app_context.GetWebContext(req)
 	if len([]rune(d.IconURL)) > 2048 {
 		errs = append(errs, binding.Error{
 			FieldNames: []string{"IconURL"},
diff --git a/services/webhook/msteams.go b/services/webhook/msteams.go
index 3b35c407e1..8b9004bcf1 100644
--- a/services/webhook/msteams.go
+++ b/services/webhook/msteams.go
@@ -373,7 +373,7 @@ func createMSTeamsPayload(r *api.Repository, s *api.User, title, text, actionTar
 		PotentialAction: []MSTeamsAction{
 			{
 				Type: "OpenUri",
-				Name: "View in Gitea",
+				Name: "View in Forgejo",
 				Targets: []MSTeamsActionTarget{
 					{
 						Os:  "default",
diff --git a/services/webhook/slack.go b/services/webhook/slack.go
index 8c61e7ba25..e44cc09297 100644
--- a/services/webhook/slack.go
+++ b/services/webhook/slack.go
@@ -17,7 +17,7 @@ import (
 	"forgejo.org/modules/log"
 	api "forgejo.org/modules/structs"
 	webhook_module "forgejo.org/modules/webhook"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/services/forms"
 	"forgejo.org/services/webhook/shared"
 
@@ -42,7 +42,7 @@ var _ binding.Validator = &slackForm{}
 
 // Validate implements binding.Validator.
 func (s *slackForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
-	ctx := gitea_context.GetWebContext(req)
+	ctx := app_context.GetWebContext(req)
 	if !IsValidSlackChannel(strings.TrimSpace(s.Channel)) {
 		errs = append(errs, binding.Error{
 			FieldNames:     []string{"Channel"},
diff --git a/services/webhook/sourcehut/builds.go b/services/webhook/sourcehut/builds.go
index 96ed55c8ff..a3efa2a5a7 100644
--- a/services/webhook/sourcehut/builds.go
+++ b/services/webhook/sourcehut/builds.go
@@ -21,7 +21,7 @@ import (
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	webhook_module "forgejo.org/modules/webhook"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/services/forms"
 	"forgejo.org/services/webhook/shared"
 
@@ -57,7 +57,7 @@ var _ binding.Validator = &buildsForm{}
 
 // Validate implements binding.Validator.
 func (f *buildsForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
-	ctx := gitea_context.GetWebContext(req)
+	ctx := app_context.GetWebContext(req)
 	if !fs.ValidPath(f.ManifestPath) {
 		errs = append(errs, binding.Error{
 			FieldNames:     []string{"ManifestPath"},
diff --git a/templates/admin/emails/list.tmpl b/templates/admin/emails/list.tmpl
index 0a9a28fa2d..035185c55c 100644
--- a/templates/admin/emails/list.tmpl
+++ b/templates/admin/emails/list.tmpl
@@ -75,13 +75,12 @@
 
 		{{template "base/paginate" .}}
 
-		<div class="ui g-modal-confirm modal" id="change-email-modal">
-			<div class="header">
-				{{ctx.Locale.Tr "admin.emails.change_email_header"}}
-			</div>
-			<div class="content">
-				<p class="center">{{ctx.Locale.Tr "admin.emails.change_email_text"}}</p>
-
+		<dialog id="change-email-modal">
+			<article>
+				<header>{{ctx.Locale.Tr "admin.emails.change_email_header"}}</header>
+				<div class="content">
+					<p class="center">{{ctx.Locale.Tr "admin.emails.change_email_text"}}</p>
+				</div>
 				<form class="ui form" id="email-action-form" action="{{AppSubUrl}}/admin/emails/activate" method="post">
 					{{$.CsrfTokenHtml}}
 
@@ -99,9 +98,8 @@
 						{{template "base/modal_actions_confirm" .}}
 					</div>
 				</form>
-			</div>
-		</div>
-
+			</article>
+		</dialog>
 	</div>
 
 <div class="ui g-modal-confirm delete modal" id="delete-email">
diff --git a/templates/admin/notice.tmpl b/templates/admin/notice.tmpl
index 08f0a4f204..5be1febe2e 100644
--- a/templates/admin/notice.tmpl
+++ b/templates/admin/notice.tmpl
@@ -62,9 +62,14 @@
 		{{template "base/paginate" .}}
 	</div>
 
-<div class="ui modal admin" id="detail-modal">
-	<div class="header">{{ctx.Locale.Tr "admin.notices.view_detail_header"}}</div>
-	<div class="content"><pre></pre></div>
-</div>
+<dialog id="detail-modal">
+	<article>
+		<header>{{ctx.Locale.Tr "admin.notices.view_detail_header"}}</header>
+		<div class="content"><pre></pre></div>
+			<div class="actions">
+				<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+			</div>
+	</article>
+</dialog>
 
 {{template "admin/layout_footer" .}}
diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl
index a1ff3d4117..cbf9d2df2d 100644
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@@ -69,6 +69,13 @@
 					<label for="email">{{ctx.Locale.Tr "email"}}</label>
 					<input id="email" name="email" type="email" value="{{.User.Email}}" autofocus required>
 				</div>
+				<div class="inline field">
+					<div class="ui checkbox">
+						<label>{{ctx.Locale.Tr "settings.keep_email_private"}}</label>
+						<input name="hide_email" type="checkbox" {{if .User.KeepEmailPrivate}}checked{{end}}>
+					</div>
+					<span class="help">{{ctx.Locale.Tr "settings.keep_email_private_popup" .User.GetPlaceholderEmail}}</span>
+				</div>
 				<div class="local field {{if .Err_Password}}error{{end}} {{if not (or (.User.IsLocal) (.User.IsOAuth2))}}tw-hidden{{end}}">
 					<label for="password">{{ctx.Locale.Tr "password"}}</label>
 					<input id="password" name="password" type="password" autocomplete="new-password">
diff --git a/templates/admin/user/list.tmpl b/templates/admin/user/list.tmpl
index 368e113d24..47df5002d5 100644
--- a/templates/admin/user/list.tmpl
+++ b/templates/admin/user/list.tmpl
@@ -32,6 +32,11 @@
 							<div class="divider"></div>
 							<label class="item"><input type="radio" name="status_filter[is_2fa_enabled]" value="1"> {{ctx.Locale.Tr "admin.users.list_status_filter.is_2fa_enabled"}}</label>
 							<label class="item"><input type="radio" name="status_filter[is_2fa_enabled]" value="0"> {{ctx.Locale.Tr "admin.users.list_status_filter.not_2fa_enabled"}}</label>
+							<div class="divider"></div>
+							<label class="item"><input type="radio" name="status_filter[account_type]" value="0"> {{ctx.Locale.Tr "admin.users.local"}}</label>
+							<label class="item"><input type="radio" name="status_filter[account_type]" value="2"> {{ctx.Locale.Tr "admin.users.reserved"}}</label>
+							<label class="item"><input type="radio" name="status_filter[account_type]" value="4"> {{ctx.Locale.Tr "admin.users.bot"}}</label>
+							<label class="item"><input type="radio" name="status_filter[account_type]" value="5"> {{ctx.Locale.Tr "admin.users.remote"}}</label>
 						</div>
 					</div>
 
diff --git a/templates/base/modal_actions_confirm.tmpl b/templates/base/modal_actions_confirm.tmpl
index 8c4e346088..d663c8a899 100644
--- a/templates/base/modal_actions_confirm.tmpl
+++ b/templates/base/modal_actions_confirm.tmpl
@@ -22,7 +22,7 @@ The ".ok.button" and ".cancel.button" selectors are also used by Fomantic Modal
 		{{if .ModalButtonCancelText}}{{$textNegitive = .ModalButtonCancelText}}{{end}}
 		{{if .ModalButtonOkText}}{{$textPositive = .ModalButtonOkText}}{{end}}
 
-		<button class="ui cancel button">{{svg "octicon-x"}} {{$textNegitive}}</button>
+		<button type="button" class="ui cancel button">{{svg "octicon-x"}} {{$textNegitive}}</button>
 		<button class="ui primary ok button">{{svg "octicon-check"}} {{$textPositive}}</button>
 	{{end}}
 </div>
diff --git a/templates/explore/search.tmpl b/templates/explore/search.tmpl
index 1d984a2e37..058bd39e87 100644
--- a/templates/explore/search.tmpl
+++ b/templates/explore/search.tmpl
@@ -1,23 +1,33 @@
-<div class="ui small secondary filter menu tw-items-center tw-mx-0">
-	<form class="ui form ignore-dirty tw-flex-1">
+<div class="list-header">
+	<form class="ui form ignore-dirty list-header-search">
 		{{if .PageIsExploreUsers}}
 			{{template "shared/search/combo" dict "Value" .Keyword "Placeholder" (ctx.Locale.Tr "search.user_kind")}}
 		{{else}}
 			{{template "shared/search/combo" dict "Value" .Keyword "Placeholder" (ctx.Locale.Tr "search.org_kind")}}
 		{{end}}
 	</form>
-	<!-- Sort -->
-	<div class="ui small dropdown type jump item tw-mr-0">
-		<span class="text">
-			{{ctx.Locale.Tr "repo.issues.filter_sort"}}
-		</span>
-		{{svg "octicon-triangle-down" 14 "dropdown icon"}}
-		<div class="menu">
-			<a class="{{if eq .SortType "newest"}}active {{end}}item" href="?sort=newest&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.issues.filter_sort.latest"}}</a>
-			<a class="{{if eq .SortType "oldest"}}active {{end}}item" href="?sort=oldest&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.issues.filter_sort.oldest"}}</a>
-			<a class="{{if eq .SortType "alphabetically"}}active {{end}}item" href="?sort=alphabetically&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.issues.label.filter_sort.alphabetically"}}</a>
-			<a class="{{if eq .SortType "reversealphabetically"}}active {{end}}item" href="?sort=reversealphabetically&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.issues.label.filter_sort.reverse_alphabetically"}}</a>
-		</div>
+	<div class="button-row">
+		<!-- Sort -->
+		<details class="dropdown dir-rtl">
+			<summary class="options">
+				{{ctx.Locale.Tr "repo.issues.filter_sort"}}
+				{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+			</summary>
+			<ul>
+				<li>
+					<a class="{{if eq .SortType "newest"}}active{{end}}" href="?sort=newest&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.issues.filter_sort.latest"}}</a>
+				</li>
+				<li>
+					<a class="{{if eq .SortType "oldest"}}active{{end}}" href="?sort=oldest&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.issues.filter_sort.oldest"}}</a>
+				</li>
+				<li>
+					<a class="{{if eq .SortType "alphabetically"}}active{{end}}" href="?sort=alphabetically&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.issues.label.filter_sort.alphabetically"}}</a>
+				</li>
+				<li>
+					<a class="{{if eq .SortType "reversealphabetically"}}active{{end}}" href="?sort=reversealphabetically&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.issues.label.filter_sort.reverse_alphabetically"}}</a>
+				</li>
+			</ul>
+		</details>
 	</div>
 </div>
 <div class="divider"></div>
diff --git a/templates/mail/issue/default.tmpl b/templates/mail/issue/default.tmpl
index a94a10e27b..39977299d2 100644
--- a/templates/mail/issue/default.tmpl
+++ b/templates/mail/issue/default.tmpl
@@ -35,7 +35,16 @@
 	{{end}}
 	<p>
 		{{if eq .ActionName "close"}}
-			{{.locale.Tr "mail.issue.action.close" .Doer.Name .Issue.Index}}
+			{{if ne .CloseIssueByCommit ""}}
+				{{$commitUrl := printf "%s/commit/%s" .Issue.Repo.HTMLURL .CloseIssueByCommit}}
+				{{$shortSha := ShortSha .CloseIssueByCommit}}
+				{{$commitLink := HTMLFormat "<a href='%[1]s'><b>%[2]s</b></a>" $commitUrl $shortSha}}
+				{{$doer := HTMLFormat "<b>@%[1]s</b>" .Doer.Name}}
+				{{$issue := HTMLFormat "<a href='%[1]s'>#%[2]d</a>" .Link .Issue.Index}}
+				{{.locale.Tr "mail.issue.action.close_by_commit" $doer $issue $commitLink}}
+			{{else}}
+				{{.locale.Tr "mail.issue.action.close" .Doer.Name .Issue.Index}}
+			{{end}}
 		{{else if eq .ActionName "reopen"}}
 			{{.locale.Tr "mail.issue.action.reopen" .Doer.Name .Issue.Index}}
 		{{else if eq .ActionName "merge"}}
diff --git a/templates/mail/release.tmpl b/templates/mail/release.tmpl
index 8c01aec209..ef74485410 100644
--- a/templates/mail/release.tmpl
+++ b/templates/mail/release.tmpl
@@ -32,10 +32,10 @@
 		<ul>
 			{{if not .DisableDownloadSourceArchives}}
 			<li>
-				<a href="{{.Release.Repo.Link}}/archive/{{.Release.TagName | PathEscapeSegments}}.zip" rel="nofollow"><strong>{{.locale.Tr "mail.release.download.zip"}}</strong></a>
+				<a href="{{.Release.ZipURL}}" rel="nofollow"><strong>{{.locale.Tr "mail.release.download.zip"}}</strong></a>
 			</li>
 			<li>
-				<a href="{{.Release.Repo.Link}}/archive/{{.Release.TagName | PathEscapeSegments}}.tar.gz" rel="nofollow"><strong>{{.locale.Tr "mail.release.download.targz"}}</strong></a>
+				<a href="{{.Release.TarURL}}" rel="nofollow"><strong>{{.locale.Tr "mail.release.download.targz"}}</strong></a>
 			</li>
 			{{end}}
 			{{if .Release.Attachments}}
diff --git a/templates/org/follow_unfollow.tmpl b/templates/org/follow_unfollow.tmpl
index 9175088da4..e8eab147bc 100644
--- a/templates/org/follow_unfollow.tmpl
+++ b/templates/org/follow_unfollow.tmpl
@@ -1,4 +1,4 @@
-<button class="ui basic button" hx-post="{{.Org.HomeLink}}?action={{if $.IsFollowing}}unfollow{{else}}follow{{end}}">
+<button class="secondary button" hx-post="{{.Org.HomeLink}}?action={{if $.IsFollowing}}unfollow{{else}}follow{{end}}">
 	{{if $.IsFollowing}}
 		{{ctx.Locale.Tr "user.unfollow"}}
 	{{else}}
diff --git a/templates/org/header.tmpl b/templates/org/header.tmpl
index 8f9a8a7043..8e796fb160 100644
--- a/templates/org/header.tmpl
+++ b/templates/org/header.tmpl
@@ -14,24 +14,26 @@
 					{{template "org/follow_unfollow" .}}
 				{{end}}
 				{{if .IsOrganizationMember}}
-					<a class="ui basic button" href="{{.OrgLink}}/dashboard">{{ctx.Locale.Tr "org.open_dashboard"}}</a>
+					<a class="secondary button" href="{{.OrgLink}}/dashboard">{{ctx.Locale.Tr "org.open_dashboard"}}</a>
 				{{end}}
 				{{$moderationEntryNeeded := and .IsModerationEnabled .IsSigned (not .IsOrganizationOwner)}}
 				{{if or .EnableFeed $moderationEntryNeeded}}
 					<details class="dropdown dir-rtl">
-						<summary data-tooltip-content="{{ctx.Locale.Tr "profile.actions.tooltip"}}">{{svg "octicon-kebab-horizontal" 20}}</summary>
+						<summary class="border" data-tooltip-content="{{ctx.Locale.Tr "profile.actions.tooltip"}}">
+							{{svg "octicon-kebab-horizontal" 20}}
+						</summary>
 						<ul>
 							{{if .EnableFeed}}
 								<li>
-									<a class="item" href="{{.Org.HomeLink}}.rss">{{svg "octicon-rss"}}{{ctx.Locale.Tr "rss_feed"}}</a>
+									<a href="{{.Org.HomeLink}}.rss">{{svg "octicon-rss"}}{{ctx.Locale.Tr "rss_feed"}}</a>
 								</li>
 								<li>
-									<a class="item" href="{{.Org.HomeLink}}.atom">{{svg "octicon-rss"}}{{ctx.Locale.Tr "feed.atom.link"}}</a>
+									<a href="{{.Org.HomeLink}}.atom">{{svg "octicon-rss"}}{{ctx.Locale.Tr "feed.atom.link"}}</a>
 								</li>
 							{{end}}
 							{{if $moderationEntryNeeded}}
 								<li>
-									<a class="item orange text" href="{{AppSubUrl}}/report_abuse?type=org&id={{$.Org.ID}}">{{svg "octicon-stop"}}{{ctx.Locale.Tr "moderation.report_abuse"}}</a>
+									<a class="orange text" href="{{AppSubUrl}}/report_abuse?type=org&id={{$.Org.ID}}">{{svg "octicon-stop"}}{{ctx.Locale.Tr "moderation.report_abuse"}}</a>
 								</li>
 							{{end}}
 						</ul>
diff --git a/templates/org/home.tmpl b/templates/org/home.tmpl
index ba13b9446c..d6f76e96ba 100644
--- a/templates/org/home.tmpl
+++ b/templates/org/home.tmpl
@@ -67,7 +67,7 @@
 					</div>
 					{{if .IsOrganizationOwner}}
 						<div class="ui bottom attached segment">
-							<a class="ui primary small button" href="{{.OrgLink}}/teams/new">{{ctx.Locale.Tr "org.create_new_team"}}</a>
+							<a class="primary small button" href="{{.OrgLink}}/teams/new">{{ctx.Locale.Tr "org.create_new_team"}}</a>
 						</div>
 					{{end}}
 				{{end}}
diff --git a/templates/projects/list.tmpl b/templates/projects/list.tmpl
index b97713ec12..8211ffed9d 100644
--- a/templates/projects/list.tmpl
+++ b/templates/projects/list.tmpl
@@ -1,5 +1,5 @@
 {{if and $.CanWriteProjects (not $.Repository.IsArchived)}}
-	<div class="tw-flex tw-justify-between tw-mb-4">
+	<div class="tw-flex tw-justify-between tw-mb-4 tw-gap-2">
 		<div class="switch list-header-toggle">
 			<a class="item{{if not .IsShowClosed}} active{{end}}" href="?state=open&q={{$.Keyword}}">
 				{{svg "octicon-project-symlink" 16}}
@@ -10,9 +10,7 @@
 				{{ctx.Locale.PrettyNumber .ClosedCount}}&nbsp;{{ctx.Locale.Tr "repo.issues.closed_title"}}
 			</a>
 		</div>
-		<div class="tw-text-right">
-			<a class="ui small primary button" href="{{$.Link}}/new">{{ctx.Locale.Tr "repo.projects.new"}}</a>
-		</div>
+		<a class="primary button" href="{{$.Link}}/new">{{ctx.Locale.Tr "repo.projects.new"}}</a>
 	</div>
 {{end}}
 
@@ -71,7 +69,7 @@
 				{{end}}
 			</div>
 			{{if .Description}}
-			<div class="content">
+			<div class="content markup">
 				{{.RenderedContent}}
 			</div>
 			{{end}}
diff --git a/templates/projects/view.tmpl b/templates/projects/view.tmpl
index e1141a398c..64def9cbca 100644
--- a/templates/projects/view.tmpl
+++ b/templates/projects/view.tmpl
@@ -58,7 +58,7 @@
 		{{end}}
 	</div>
 
-	<div class="content">{{$.Project.RenderedContent}}</div>
+	<div class="content markup">{{$.Project.RenderedContent}}</div>
 
 	<div class="divider"></div>
 </div>
diff --git a/templates/repo/actions/view.tmpl b/templates/repo/actions/view.tmpl
index 81f989b8e1..5b8b44639e 100644
--- a/templates/repo/actions/view.tmpl
+++ b/templates/repo/actions/view.tmpl
@@ -33,6 +33,7 @@
 		data-locale-run-attempt-label="{{ctx.Locale.Tr "actions.runs.run_attempt_label"}}"
 		data-locale-viewing-out-of-date-run="{{ctx.Locale.Tr "actions.runs.viewing_out_of_date_run"}}"
 		data-locale-view-most-recent-run="{{ctx.Locale.Tr "actions.runs.view_most_recent_run"}}"
+		data-locale-pre-execution-error="{{ctx.Locale.Tr "actions.workflow.pre_execution_error"}}"
 	>
 	</div>
 </div>
diff --git a/templates/repo/diff/comment_form.tmpl b/templates/repo/diff/comment_form.tmpl
index 6dcba36c9e..00b856dc51 100644
--- a/templates/repo/diff/comment_form.tmpl
+++ b/templates/repo/diff/comment_form.tmpl
@@ -27,7 +27,7 @@
 
 		<div class="field footer">
 			<span class="markup-info">{{svg "octicon-markdown"}} {{ctx.Locale.Tr "repo.diff.comment.markdown_info"}}</span>
-			<div class="right button-sequence">
+			<div class="button-sequence tw-justify-end">
 				{{if $.reply}}
 					<button class="ui submit primary tiny button" type="submit">{{ctx.Locale.Tr "repo.diff.comment.reply"}}</button>
 					<input type="hidden" name="reply" value="{{$.reply}}">
diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl
index c87d7d0bf8..d72b8aaa32 100644
--- a/templates/repo/home.tmpl
+++ b/templates/repo/home.tmpl
@@ -58,7 +58,7 @@
 		{{$l := Eval $n "-" 1}}
 		{{$isHomepage := (eq $n 0)}}
 		<div class="repo-button-row">
-			<div class="tw-gap-y-2 button-sequence">
+			<div class="button-sequence tw-gap-y-2">
 				{{template "repo/branch_dropdown" dict "root" .}}
 				{{if and .CanCompareOrPull .IsViewBranch (not .Repository.IsArchived)}}
 					{{$cmpBranch := ""}}
@@ -117,10 +117,10 @@
 					</span>
 				{{end}}
 			</div>
-			<div class="tw-flex tw-items-center">
+			<div class="tw-flex tw-items-center max-[390px]:tw-w-full">
 				<!-- Only show clone panel in repository home page -->
 				{{if $isHomepage}}
-					<div class="clone-panel ui action tiny input">
+					<div class="clone-panel ui action tiny input max-[390px]:tw-w-full">
 						{{template "repo/clone_buttons" .}}
 						<button class="ui small jump dropdown icon button" data-tooltip-content="{{ctx.Locale.Tr "repo.more_operations"}}">
 							{{svg "octicon-kebab-horizontal"}}
diff --git a/templates/repo/issue/filter_list.tmpl b/templates/repo/issue/filter_list.tmpl
index 84ba6e5358..bd46b04d39 100644
--- a/templates/repo/issue/filter_list.tmpl
+++ b/templates/repo/issue/filter_list.tmpl
@@ -127,7 +127,7 @@
 		</span>
 		{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 		<div class="menu">
-			<a rel="nofollow" class="{{if eq .ViewType "all"}}active {{end}}item" href="?q={{$.Keyword}}&type=all&sort={{$.SortType}}&state={{$.State}}&labels={{.SelectLabels}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_type.all_pull_requests"}}</a>
+			<a rel="nofollow" class="{{if eq .ViewType "all"}}active {{end}}item" href="?q={{$.Keyword}}&type=all&sort={{$.SortType}}&state={{$.State}}&labels={{.SelectLabels}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{if .PageIsPullList}}{{ctx.Locale.Tr "repo.issues.filter_type.all_pull_requests"}}{{else}}{{ctx.Locale.Tr "repo.issues.filter_type.all_issues"}}{{end}}</a>
 			<a rel="nofollow" class="{{if eq .ViewType "assigned"}}active {{end}}item" href="?q={{$.Keyword}}&type=assigned&sort={{$.SortType}}&state={{$.State}}&labels={{.SelectLabels}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_type.assigned_to_you"}}</a>
 			<a rel="nofollow" class="{{if eq .ViewType "created_by"}}active {{end}}item" href="?q={{$.Keyword}}&type=created_by&sort={{$.SortType}}&state={{$.State}}&labels={{.SelectLabels}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_type.created_by_you"}}</a>
 			{{if .PageIsPullList}}
diff --git a/templates/repo/issue/labels/edit_delete_label.tmpl b/templates/repo/issue/labels/edit_delete_label.tmpl
index a4732d35ec..31b8a03bc5 100644
--- a/templates/repo/issue/labels/edit_delete_label.tmpl
+++ b/templates/repo/issue/labels/edit_delete_label.tmpl
@@ -9,64 +9,64 @@
 	{{template "base/modal_actions_confirm" .}}
 </div>
 
-<div class="ui small edit-label modal">
-	<div class="header">
-		{{ctx.Locale.Tr "repo.issues.label_modify"}}
-	</div>
-	<div class="content">
-		<form class="ui edit-label form ignore-dirty" action="{{$.Link}}/edit" method="post">
-			{{.CsrfTokenHtml}}
-			<input id="label-modal-id" name="id" type="hidden">
-			<div class="required field">
-				<label for="name">{{ctx.Locale.Tr "repo.issues.label_title"}}</label>
-				<div class="ui small input">
-					<input class="label-name-input" name="title" placeholder="{{ctx.Locale.Tr "repo.issues.new_label_placeholder"}}" autofocus required maxlength="50">
+<dialog id="edit-label-modal">
+	<article>
+		<header>{{ctx.Locale.Tr "repo.issues.label_modify"}}</header>
+		<div class="content">
+			<form class="ui edit-label form ignore-dirty" action="{{$.Link}}/edit" method="post">
+				{{.CsrfTokenHtml}}
+				<input id="label-modal-id" name="id" type="hidden">
+				<div class="required field">
+					<label for="name">{{ctx.Locale.Tr "repo.issues.label_title"}}</label>
+					<div class="ui small input">
+						<input class="label-name-input" name="title" placeholder="{{ctx.Locale.Tr "repo.issues.new_label_placeholder"}}" autofocus required maxlength="50">
+					</div>
 				</div>
-			</div>
-			<div class="field label-exclusive-input-field">
-				<div class="ui checkbox">
-					<input class="label-exclusive-input" name="exclusive" type="checkbox">
-					<label>{{ctx.Locale.Tr "repo.issues.label_exclusive"}}</label>
+				<div class="field label-exclusive-input-field">
+					<div class="ui checkbox">
+						<input class="label-exclusive-input" name="exclusive" type="checkbox">
+						<label>{{ctx.Locale.Tr "repo.issues.label_exclusive"}}</label>
+					</div>
+					<br>
+					<small class="desc">{{ctx.Locale.Tr "repo.issues.label_exclusive_desc"}}</small>
+					<div class="desc tw-ml-1 tw-mt-2 tw-hidden label-exclusive-warning">
+						{{svg "octicon-alert"}} {{ctx.Locale.Tr "repo.issues.label_exclusive_warning"}}
+					</div>
+					<br>
 				</div>
-				<br>
-				<small class="desc">{{ctx.Locale.Tr "repo.issues.label_exclusive_desc"}}</small>
-				<div class="desc tw-ml-1 tw-mt-2 tw-hidden label-exclusive-warning">
-					{{svg "octicon-alert"}} {{ctx.Locale.Tr "repo.issues.label_exclusive_warning"}}
+				<div class="field label-is-archived-input-field">
+					<div class="ui checkbox">
+						<input class="label-is-archived-input" name="is_archived" type="checkbox">
+						<label>{{ctx.Locale.Tr "repo.issues.label_archive"}}</label>
+					</div>
+					<i class="tw-ml-1" data-tooltip-content={{ctx.Locale.Tr "repo.issues.label_archive_tooltip"}} data-tooltip-appendto="parent">
+						{{svg "octicon-info"}}
+					</i>
 				</div>
-				<br>
-			</div>
-			<div class="field label-is-archived-input-field">
-				<div class="ui checkbox">
-					<input class="label-is-archived-input" name="is_archived" type="checkbox">
-					<label>{{ctx.Locale.Tr "repo.issues.label_archive"}}</label>
+				<div class="field">
+					<label for="description">{{ctx.Locale.Tr "repo.issues.label_description"}}</label>
+					<div class="ui small fluid input">
+						<input class="label-desc-input" name="description" placeholder="{{ctx.Locale.Tr "repo.issues.new_label_desc_placeholder"}}" maxlength="200">
+					</div>
 				</div>
-				<i class="tw-ml-1" data-tooltip-content={{ctx.Locale.Tr "repo.issues.label_archive_tooltip"}}>
-					{{svg "octicon-info"}}
-				</i>
-			</div>
-			<div class="field">
-				<label for="description">{{ctx.Locale.Tr "repo.issues.label_description"}}</label>
-				<div class="ui small fluid input">
-					<input class="label-desc-input" name="description" placeholder="{{ctx.Locale.Tr "repo.issues.new_label_desc_placeholder"}}" maxlength="200">
+				<div class="field color-field">
+					<label for="color">{{ctx.Locale.Tr "repo.issues.label_color"}}</label>
+					<div class="column js-color-picker-input">
+						<input name="color" value="#70c24a"placeholder="#c320f6" required maxlength="7">
+						{{template "repo/issue/label_precolors"}}
+					</div>
 				</div>
-			</div>
-			<div class="field color-field">
-				<label for="color">{{ctx.Locale.Tr "repo.issues.label_color"}}</label>
-				<div class="column js-color-picker-input">
-					<input name="color" value="#70c24a"placeholder="#c320f6" required maxlength="7">
-					{{template "repo/issue/label_precolors"}}
-				</div>
-			</div>
-		</form>
-	</div>
-	<div class="actions">
-		<button class="ui small basic cancel button">
-			{{svg "octicon-x"}}
-			{{ctx.Locale.Tr "cancel"}}
-		</button>
-		<button class="ui primary small approve button">
-			{{svg "fontawesome-save"}}
-			{{ctx.Locale.Tr "save"}}
-		</button>
-	</div>
-</div>
+			</form>
+		</div>
+		<div class="actions">
+			<button class="ui small basic cancel button">
+				{{svg "octicon-x"}}
+				{{ctx.Locale.Tr "cancel"}}
+			</button>
+			<button class="ui primary small approve button">
+				{{svg "fontawesome-save"}}
+				{{ctx.Locale.Tr "save"}}
+			</button>
+		</div>
+	</article>
+</dialog>
diff --git a/templates/repo/issue/labels/label_new.tmpl b/templates/repo/issue/labels/label_new.tmpl
index 32fd8e76d7..30d1e45c3d 100644
--- a/templates/repo/issue/labels/label_new.tmpl
+++ b/templates/repo/issue/labels/label_new.tmpl
@@ -1,48 +1,48 @@
-<div class="ui small new-label modal">
-	<div class="header">
-		{{ctx.Locale.Tr "repo.issues.new_label"}}
-	</div>
-	<div class="content">
-		<form class="ui new-label form ignore-dirty" action="{{$.Link}}/new" method="post">
-			{{.CsrfTokenHtml}}
-			<div class="required field">
-				<label for="name">{{ctx.Locale.Tr "repo.issues.label_title"}}</label>
-				<div class="ui small input">
-					<input class="label-name-input" name="title" placeholder="{{ctx.Locale.Tr "repo.issues.new_label_placeholder"}}" autofocus required maxlength="50">
+<dialog id="new-label-modal">
+	<article>
+		<header>{{ctx.Locale.Tr "repo.issues.new_label"}}</header>
+		<div class="content">
+			<form class="ui new-label form ignore-dirty" action="{{$.Link}}/new" method="post">
+				{{.CsrfTokenHtml}}
+				<div class="required field">
+					<label for="name">{{ctx.Locale.Tr "repo.issues.label_title"}}</label>
+					<div class="ui small input">
+						<input class="label-name-input" name="title" placeholder="{{ctx.Locale.Tr "repo.issues.new_label_placeholder"}}" autofocus required maxlength="50">
+					</div>
 				</div>
-			</div>
-			<div class="field label-exclusive-input-field">
-				<div class="ui checkbox">
-					<input class="label-exclusive-input" name="exclusive" type="checkbox">
-					<label>{{ctx.Locale.Tr "repo.issues.label_exclusive"}}</label>
+				<div class="field label-exclusive-input-field">
+					<div class="ui checkbox">
+						<input class="label-exclusive-input" name="exclusive" type="checkbox">
+						<label>{{ctx.Locale.Tr "repo.issues.label_exclusive"}}</label>
+					</div>
+					<br>
+					<small class="desc">{{ctx.Locale.Tr "repo.issues.label_exclusive_desc"}}</small>
 				</div>
-				<br>
-				<small class="desc">{{ctx.Locale.Tr "repo.issues.label_exclusive_desc"}}</small>
-			</div>
-			<div class="field">
-				<label for="description">{{ctx.Locale.Tr "repo.issues.label_description"}}</label>
-				<div class="ui small fluid input">
-					<input class="label-desc-input" name="description" placeholder="{{ctx.Locale.Tr "repo.issues.new_label_desc_placeholder"}}" maxlength="200">
+				<div class="field">
+					<label for="description">{{ctx.Locale.Tr "repo.issues.label_description"}}</label>
+					<div class="ui small fluid input">
+						<input class="label-desc-input" name="description" placeholder="{{ctx.Locale.Tr "repo.issues.new_label_desc_placeholder"}}" maxlength="200">
+					</div>
 				</div>
-			</div>
-			<div class="field color-field">
-				<label for="color">{{ctx.Locale.Tr "repo.issues.label_color"}}</label>
-				<div class="js-color-picker-input column">
-					<input name="color" value="#70c24a" placeholder="#c320f6" required maxlength="7">
-					{{template "repo/issue/label_precolors"}}
+				<div class="field color-field">
+					<label for="color">{{ctx.Locale.Tr "repo.issues.label_color"}}</label>
+					<div class="js-color-picker-input column">
+						<input name="color" value="#70c24a" placeholder="#c320f6" required maxlength="7">
+						{{template "repo/issue/label_precolors"}}
+					</div>
 				</div>
-			</div>
-		</form>
-	</div>
+			</form>
+		</div>
 
-	<div class="actions">
-		<button class="ui cancel button">
-			{{svg "octicon-x"}}
-			{{ctx.Locale.Tr "cancel"}}
-		</button>
-		<button class="ui primary ok button">
-			{{svg "octicon-check"}}
-			{{ctx.Locale.Tr "repo.issues.create_label"}}
-		</button>
-	</div>
-</div>
+		<div class="actions">
+			<button class="ui cancel button">
+				{{svg "octicon-x"}}
+				{{ctx.Locale.Tr "cancel"}}
+			</button>
+			<button class="ui primary ok button">
+				{{svg "octicon-check"}}
+				{{ctx.Locale.Tr "repo.issues.create_label"}}
+			</button>
+		</div>
+	</article>
+</dialog>
diff --git a/templates/repo/issue/list.tmpl b/templates/repo/issue/list.tmpl
index 8c81bf02a1..5230ff2446 100644
--- a/templates/repo/issue/list.tmpl
+++ b/templates/repo/issue/list.tmpl
@@ -19,13 +19,13 @@
 			{{template "repo/issue/search" .}}
 			{{if not .Repository.IsArchived}}
 				{{if .PageIsIssueList}}
-					<a class="ui small primary button issue-list-new" href="{{.RepoLink}}/issues/new{{if .NewIssueChooseTemplate}}/choose{{end}}">{{ctx.Locale.Tr "repo.issues.new"}}</a>
+					<a class="primary button issue-list-new" href="{{.RepoLink}}/issues/new{{if .NewIssueChooseTemplate}}/choose{{end}}">{{ctx.Locale.Tr "repo.issues.new"}}</a>
 				{{else}}
-					<a class="ui small primary button new-pr-button issue-list-new{{if not .PullRequestCtx.Allowed}} disabled{{end}}" href="{{if .PullRequestCtx.Allowed}}{{.Repository.Link}}/compare/{{.Repository.DefaultBranch | PathEscapeSegments}}...{{if ne .Repository.Owner.Name .PullRequestCtx.BaseRepo.Owner.Name}}{{PathEscape .Repository.Owner.Name}}:{{end}}{{.Repository.DefaultBranch | PathEscapeSegments}}{{end}}">{{ctx.Locale.Tr "repo.pulls.new"}}</a>
+					<a class="primary button new-pr-button issue-list-new{{if not .PullRequestCtx.Allowed}} disabled{{end}}" href="{{if .PullRequestCtx.Allowed}}{{.Repository.Link}}/compare/{{.Repository.DefaultBranch | PathEscapeSegments}}...{{if ne .Repository.Owner.Name .PullRequestCtx.BaseRepo.Owner.Name}}{{PathEscape .Repository.Owner.Name}}:{{end}}{{.Repository.DefaultBranch | PathEscapeSegments}}{{end}}">{{ctx.Locale.Tr "repo.pulls.new"}}</a>
 				{{end}}
 			{{else}}
 				{{if not .PageIsIssueList}}
-					<a class="ui small primary small button issue-list-new{{if not .PullRequestCtx.Allowed}} disabled{{end}}" href="{{if .PullRequestCtx.Allowed}}{{.PullRequestCtx.BaseRepo.Link}}/compare/{{.PullRequestCtx.BaseRepo.DefaultBranch | PathEscapeSegments}}...{{if ne .Repository.Owner.Name .PullRequestCtx.BaseRepo.Owner.Name}}{{PathEscape .Repository.Owner.Name}}:{{end}}{{.Repository.DefaultBranch | PathEscapeSegments}}{{end}}">{{ctx.Locale.Tr "action.compare_commits_general"}}</a>
+					<a class="primary button issue-list-new{{if not .PullRequestCtx.Allowed}} disabled{{end}}" href="{{if .PullRequestCtx.Allowed}}{{.PullRequestCtx.BaseRepo.Link}}/compare/{{.PullRequestCtx.BaseRepo.DefaultBranch | PathEscapeSegments}}...{{if ne .Repository.Owner.Name .PullRequestCtx.BaseRepo.Owner.Name}}{{PathEscape .Repository.Owner.Name}}:{{end}}{{.Repository.DefaultBranch | PathEscapeSegments}}{{end}}">{{ctx.Locale.Tr "action.compare_commits_general"}}</a>
 				{{end}}
 			{{end}}
 		</div>
diff --git a/templates/repo/issue/search.tmpl b/templates/repo/issue/search.tmpl
index bdbb9a9daf..e9923b5287 100644
--- a/templates/repo/issue/search.tmpl
+++ b/templates/repo/issue/search.tmpl
@@ -1,5 +1,5 @@
 <form class="list-header-search ui form ignore-dirty issue-list-search">
-	<div class="ui small search fluid action input">
+	<div class="ui search fluid action input">
 		<input type="hidden" name="state" value="{{$.State}}">
 		{{if not .PageIsMilestones}}
 			<input type="hidden" name="type" value="{{$.ViewType}}">
diff --git a/templates/repo/issue/view_content.tmpl b/templates/repo/issue/view_content.tmpl
index e9cba3601c..8e90198709 100644
--- a/templates/repo/issue/view_content.tmpl
+++ b/templates/repo/issue/view_content.tmpl
@@ -101,10 +101,11 @@
 							{{template "repo/issue/comment_tab" .}}
 							{{.CsrfTokenHtml}}
 							<div class="field footer">
-								<div class="right button-sequence">
+								<div class="button-sequence tw-justify-end">
 									{{if and (or .HasIssuesOrPullsWritePermission .IsIssuePoster) (not .DisableStatusChange)}}
 										{{if .Issue.IsClosed}}
-											<button id="status-button" class="ui primary basic button" data-status="{{ctx.Locale.Tr "repo.issues.reopen_issue"}}" data-status-and-comment="{{ctx.Locale.Tr "repo.issues.reopen_comment_issue"}}" name="status" value="reopen">
+											<button id="status-button" class="secondary button" data-status="{{ctx.Locale.Tr "repo.issues.reopen_issue"}}" data-status-and-comment="{{ctx.Locale.Tr "repo.issues.reopen_comment_issue"}}" name="status" value="reopen">
+												{{svg "octicon-issue-reopened"}}
 												{{ctx.Locale.Tr "repo.issues.reopen_issue"}}
 											</button>
 										{{else}}
@@ -112,12 +113,13 @@
 											{{if .Issue.IsPull}}
 												{{$closeTranslationKey = "repo.pulls.close"}}
 											{{end}}
-											<button id="status-button" class="ui red basic button" data-status="{{ctx.Locale.Tr $closeTranslationKey}}" data-status-and-comment="{{ctx.Locale.Tr "repo.issues.close_comment_issue"}}" name="status" value="close">
+											<button id="status-button" class="secondary button" data-status="{{ctx.Locale.Tr $closeTranslationKey}}" data-status-and-comment="{{ctx.Locale.Tr "repo.issues.close_comment_issue"}}" name="status" value="close">
+												{{svg "octicon-issue-closed"}}
 												{{ctx.Locale.Tr $closeTranslationKey}}
 											</button>
 										{{end}}
 									{{end}}
-									<button class="ui primary button">
+									<button class="primary button">
 										{{ctx.Locale.Tr "repo.issues.create_comment"}}
 									</button>
 								</div>
diff --git a/templates/repo/issue/view_content/conversation.tmpl b/templates/repo/issue/view_content/conversation.tmpl
index a472229302..7a43d5cb69 100644
--- a/templates/repo/issue/view_content/conversation.tmpl
+++ b/templates/repo/issue/view_content/conversation.tmpl
@@ -113,7 +113,7 @@
 					</div>
 				{{end}}
 			</div>
-			<div class="right button-sequence">
+			<div class="button-sequence tw-justify-end">
 				{{if and $.CanMarkConversation $isNotPending}}
 					<button class="ui tiny basic button resolve-conversation" data-origin="timeline" data-action="{{if not $resolved}}Resolve{{else}}UnResolve{{end}}" data-comment-id="{{(index .comments 0).ID}}" data-update-url="{{$.RepoLink}}/issues/resolve_conversation">
 						{{if $resolved}}
diff --git a/templates/repo/issue/view_content/sidebar.tmpl b/templates/repo/issue/view_content/sidebar.tmpl
index 623023bd51..72e214c5aa 100644
--- a/templates/repo/issue/view_content/sidebar.tmpl
+++ b/templates/repo/issue/view_content/sidebar.tmpl
@@ -54,13 +54,26 @@
 
 	{{if and
 		.Issue.IsPull
-		.IsIssuePoster
 		(not .Issue.IsClosed)
 		.Issue.PullRequest.HeadRepo
 		(not (eq .Issue.PullRequest.HeadRepo.FullName .Issue.PullRequest.BaseRepo.FullName))
-		.CanWriteToHeadRepo
 	}}
-		<div class="divider"></div>
-		{{template "repo/issue/view_content/sidebar/pull_maintainer_edits" .}}
+		{{if and
+			.IsIssuePoster
+			.CanWriteToHeadRepo
+		}}
+			<div class="divider"></div>
+			{{template "repo/issue/view_content/sidebar/pull_maintainer_edits" .}}
+		{{else if and
+			(not .IsIssuePoster)
+			.CanWriteCode
+		}}
+			<div class="divider"></div>
+			{{if .Issue.PullRequest.AllowMaintainerEdit}}
+				<span class="maintainers-can-edit-status">{{svg "octicon-check"}} {{ctx.Locale.Tr "repo.pulls.maintainers_can_edit"}}</span>
+			{{else}}
+				<span class="maintainers-can-edit-status">{{svg "octicon-x"}} {{ctx.Locale.Tr "repo.pulls.maintainers_cannot_edit"}}</span>
+			{{end}}
+		{{end}}
 	{{end}}
 </div>
diff --git a/templates/repo/issue/view_content/sidebar/due_deadline.tmpl b/templates/repo/issue/view_content/sidebar/due_deadline.tmpl
index f2b00fd0b9..1f93fec360 100644
--- a/templates/repo/issue/view_content/sidebar/due_deadline.tmpl
+++ b/templates/repo/issue/view_content/sidebar/due_deadline.tmpl
@@ -30,7 +30,7 @@
 				<input required placeholder="{{ctx.Locale.Tr "repo.issues.due_date_form"}}" {{if gt .Issue.DeadlineUnix 0}}value="{{.Issue.DeadlineUnix.FormatDate}}"{{end}} type="date" name="deadlineDate" id="deadlineDate">
 				<button class="ui icon button">
 					{{if ne .Issue.DeadlineUnix 0}}
-						{{svg "octicon-pencil"}}
+						{{svg "octicon-check"}}
 					{{else}}
 						{{svg "octicon-plus"}}
 					{{end}}
diff --git a/templates/repo/migrate/pagure.tmpl b/templates/repo/migrate/pagure.tmpl
index 60dc8cb380..a6987a0ae9 100644
--- a/templates/repo/migrate/pagure.tmpl
+++ b/templates/repo/migrate/pagure.tmpl
@@ -97,12 +97,23 @@
 						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="divider"></div>
-					<div class="inline field {{if .Err_Auth}}error{{end}}">
-						<label for="auth_token">{{ctx.Locale.Tr "migrate.pagure.token_label"}}</label>
-						<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
-						<span class="help">{{ctx.Locale.Tr "migrate.pagure.token_body_a"}}</span>
-						<span class="help">{{ctx.Locale.Tr "migrate.pagure.token_body_b"}}</span>
-					</div>
+					<details class="ui optional field">
+						<summary class="tw-p-1">
+							{{ctx.Locale.Tr "migrate.pagure.private_issues.summary"}}
+						</summary>
+						<div class="tw-p-1">
+							<div class="ui blue message">
+								{{ctx.Locale.Tr "migrate.pagure.private_issues.description"}}
+							</div>
+							<div class="ui red message">
+								{{ctx.Locale.Tr "migrate.pagure.private_issues.warning"}}
+							</div>
+							<div class="field {{if .Err_Auth}}error{{end}}">
+								<label for="auth_token">{{ctx.Locale.Tr "migrate.pagure.token_label"}}</label>
+								<input id="auth_token" name="auth_token" value="{{.auth_token}}" placeholder="{{ctx.Locale.Tr "migrate.pagure.token.placeholder"}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
+							</div>
+						</div>
+					</details>
 					<div class="divider"></div>
 					<div class="inline field">
 						<label></label>
diff --git a/templates/repo/pulse.tmpl b/templates/repo/pulse.tmpl
index 3fdecf5cc3..4e54bb881f 100644
--- a/templates/repo/pulse.tmpl
+++ b/templates/repo/pulse.tmpl
@@ -35,7 +35,7 @@
 				<a class="table-cell tiny tw-bg-grey"></a>
 			</div>
 			{{end}}
-			{{ctx.Locale.TrN .Activity.ActivePRCount "repo.activity.active_prs_count_1" "repo.activity.active_prs_count_n" .Activity.ActivePRCount}}
+			{{ctx.Locale.TrPluralString .Activity.ActivePRCount "pulse.n_active_prs" (printf "<strong>%d</strong>" .Activity.ActivePRCount | SafeHTML)}}
 		</div>
 	{{end}}
 	{{if .Permission.CanRead $.UnitTypeIssues}}
@@ -52,7 +52,7 @@
 				<a class="table-cell tiny tw-bg-grey"></a>
 			</div>
 			{{end}}
-			{{ctx.Locale.TrN .Activity.ActiveIssueCount "repo.activity.active_issues_count_1" "repo.activity.active_issues_count_n" .Activity.ActiveIssueCount}}
+			{{ctx.Locale.TrPluralString .Activity.ActiveIssueCount "pulse.n_active_issues" (printf "<strong>%d</strong>" .Activity.ActiveIssueCount | SafeHTML)}}
 		</div>
 	{{end}}
 </div>
diff --git a/templates/repo/release/list.tmpl b/templates/repo/release/list.tmpl
index be5ad32878..9520e5eb6c 100644
--- a/templates/repo/release/list.tmpl
+++ b/templates/repo/release/list.tmpl
@@ -77,7 +77,7 @@
 												{{svg "octicon-file-zip" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.release.source_code"}} (ZIP)
 											</a>
 											<div class="tw-mr-1">
-												<span class="text grey">{{ctx.Locale.TrN .Release.ArchiveDownloadCount.Zip "repo.release.download_count_one" "repo.release.download_count_few" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.Zip)}}</span>
+												<span class="text grey">{{ctx.Locale.TrPluralString .Release.ArchiveDownloadCount.Zip "release.n_downloads" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.Zip)}}</span>
 											</div>
 											<span data-tooltip-content="{{ctx.Locale.Tr "repo.release.system_generated"}}">
 												{{svg "octicon-info"}}
@@ -88,7 +88,7 @@
 												{{svg "octicon-file-zip" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.release.source_code"}} (TAR.GZ)
 											</a>
 											<div class="tw-mr-1">
-												<span class="text grey">{{ctx.Locale.TrN .Release.ArchiveDownloadCount.TarGz "repo.release.download_count_one" "repo.release.download_count_few" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.TarGz)}}</span>
+												<span class="text grey">{{ctx.Locale.TrPluralString .Release.ArchiveDownloadCount.TarGz "release.n_downloads" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.TarGz)}}</span>
 											</div>
 											<span data-tooltip-content="{{ctx.Locale.Tr "repo.release.system_generated"}}">
 												{{svg "octicon-info"}}
@@ -109,7 +109,7 @@
 													{{svg "octicon-package" 16 "tw-mr-1"}}{{.Name}}
 												</a>
 												<div>
-													<span class="text grey">{{ctx.Locale.TrN .DownloadCount "repo.release.download_count_one" "repo.release.download_count_few" (ctx.Locale.PrettyNumber .DownloadCount)}} · {{DateUtils.TimeSince .CreatedUnix}} · {{.Size | ctx.Locale.TrSize}}</span>
+													<span class="text grey">{{ctx.Locale.TrPluralString .DownloadCount "release.n_downloads" (ctx.Locale.PrettyNumber .DownloadCount)}} · {{DateUtils.TimeSince .CreatedUnix}} · {{.Size | ctx.Locale.TrSize}}</span>
 												</div>
 											</li>
 										{{end}}
diff --git a/templates/repo/release/new.tmpl b/templates/repo/release/new.tmpl
index e0cb40b956..e35cec9e51 100644
--- a/templates/repo/release/new.tmpl
+++ b/templates/repo/release/new.tmpl
@@ -76,10 +76,8 @@
 							{{if .ExternalURL}}
 								<input name="attachment-edit-exturl-{{.UUID}}" placeholder="{{ctx.Locale.Tr "repo.release.asset_external_url"}}" class="attachment_edit" required value="{{.ExternalURL}}">
 							{{else}}
-								<span class="ui text grey tw-whitespace-nowrap tw-ml-auto tw-pl-3">{{ctx.Locale.TrN
-								.DownloadCount "repo.release.download_count_one"
-								"repo.release.download_count_few" (ctx.Locale.PrettyNumber
-								.DownloadCount)}} · {{.Size | ctx.Locale.TrSize}}</span>
+								<span class="ui text grey tw-whitespace-nowrap tw-ml-auto tw-pl-3">{{ctx.Locale.TrPluralString
+								.DownloadCount "release.n_downloads" (ctx.Locale.PrettyNumber .DownloadCount)}} · {{.Size | ctx.Locale.TrSize}}</span>
 							{{end}}
 						</div>
 						<a class="ui mini red button remove-rel-attach tw-ml-3" data-id="{{.ID}}" data-uuid="{{.UUID}}">
diff --git a/templates/repo/release_tag_header.tmpl b/templates/repo/release_tag_header.tmpl
index 75a115e31e..48d6eccfe6 100644
--- a/templates/repo/release_tag_header.tmpl
+++ b/templates/repo/release_tag_header.tmpl
@@ -2,7 +2,7 @@
 {{$canReadCode := $.Permission.CanRead $.UnitTypeCode}}
 
 {{if $canReadReleases}}
-	<div class="list-header">
+	<div class="list-header tw-justify-between">
 		<div class="switch">
 			<a class="{{if and .PageIsReleaseList (not .PageIsSingleTag)}}active {{end}}item" href="{{.RepoLink}}/releases{{if .Keyword}}?q={{.Keyword}}{{end}}">{{ctx.Locale.TrN .NumReleases "repo.n_release_one" "repo.n_release_few" (ctx.Locale.PrettyNumber .NumReleases)}}</a>
 			{{if $canReadCode}}
diff --git a/templates/repo/sub_menu.tmpl b/templates/repo/sub_menu.tmpl
index 6216ad6191..b79b14d059 100644
--- a/templates/repo/sub_menu.tmpl
+++ b/templates/repo/sub_menu.tmpl
@@ -20,26 +20,30 @@
 		{{end}}
 	</div>
 	{{if and (.Permission.CanRead $.UnitTypeCode) (not .IsEmptyRepo) .LanguageStats}}
-	<a class="ui segment show-panel toggle" id="language-stats-bar" data-panel="#language-stats-legend">
-		{{range .LanguageStats}}
-		<div class="bar" style="width: {{.Percentage}}%; background-color: {{.Color}}" data-tooltip-placement="top" data-tooltip-content={{.Language}} data-tooltip-follow-cursor="horizontal"></div>
-		{{end}}
-	</a>
-	<div class="ui segment sub-menu tw-hidden" id="language-stats-legend">
-		{{range .LanguageStats}}
-		<div class="item">
-			<i class="color-icon" style="background-color: {{.Color}}"></i>
-			<span class="tw-font-semibold">
-				{{if eq .Language "other"}}
-					{{ctx.Locale.Tr "repo.language_other"}}
-				{{else}}
-					{{.Language}}
+		<details class="stats" id="language-stats">
+			<summary>
+				<stats-bar>
+					{{range .LanguageStats}}
+						<div class="slice" style="width: {{.Percentage}}%; background-color: {{.Color}}" data-tooltip-placement="top" data-tooltip-content={{.Language}} data-tooltip-follow-cursor="horizontal"></div>
+					{{end}}
+				</stats-bar>
+			</summary>
+			<ul>
+				{{range .LanguageStats}}
+					<li>
+						<i class="color-icon" style="background-color: {{.Color}}"></i>
+						<span>
+							{{if eq .Language "other"}}
+								{{ctx.Locale.Tr "repo.language_other"}}
+							{{else}}
+								{{.Language}}
+							{{end}}
+						</span>
+						{{.Percentage}}%
+					</li>
 				{{end}}
-			</span>
-			{{.Percentage}}%
-		</div>
-		{{end}}
-	</div>
+			</ul>
+		</details>
 	{{end}}
 </div>
 {{end}}
diff --git a/templates/shared/combomarkdowneditor.tmpl b/templates/shared/combomarkdowneditor.tmpl
index ce1be8b48e..a7f7778db2 100644
--- a/templates/shared/combomarkdowneditor.tmpl
+++ b/templates/shared/combomarkdowneditor.tmpl
@@ -16,11 +16,9 @@ Template Attributes:
 
 	<markdown-toolbar>
 		{{if .MarkdownPreviewUrl}}
-		<div class="markdown-toolbar-switch">
 			<div class="switch">
-				<a href="#" class="active item" data-tab-for="markdown-writer">{{ctx.Locale.Tr "write"}}</a>
-				<a href="#" class="item" data-tab-for="markdown-previewer" data-preview-url="{{.MarkdownPreviewUrl}}" data-preview-context="{{.MarkdownPreviewContext}}">{{ctx.Locale.Tr "preview"}}</a>
-			</div>
+				<button type="button" class="active item" data-tab-for="markdown-writer">{{ctx.Locale.Tr "write"}}</button>
+				<button type="button" class="item" data-tab-for="markdown-previewer" data-preview-url="{{.MarkdownPreviewUrl}}" data-preview-context="{{.MarkdownPreviewContext}}">{{ctx.Locale.Tr "preview"}}</button>
 		</div>
 		{{end}}
 		<div class="markdown-toolbar-group">
@@ -31,7 +29,7 @@ Template Attributes:
 		<div class="markdown-toolbar-group">
 			<md-quote class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.quote.tooltip"}}">{{svg "octicon-quote"}}</md-quote>
 			<md-code class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.code.tooltip"}}">{{svg "octicon-code"}}</md-code>
-			<button class="markdown-toolbar-button show-modal button" data-md-button data-md-action="new-link" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.link.tooltip"}}">{{svg "octicon-link"}}</button>
+			<button class="markdown-toolbar-button show-modal" data-md-button data-md-action="new-link" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.link.tooltip"}}">{{svg "octicon-link"}}</button>
 		</div>
 		<div class="markdown-toolbar-group">
 			<md-unordered-list class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.list.unordered.tooltip"}}">{{svg "octicon-list-unordered"}}</md-unordered-list>
@@ -41,7 +39,7 @@ Template Attributes:
 			<button type="button" class="markdown-toolbar-button" data-md-button data-md-action="indent" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.indent.tooltip"}}">{{svg "octicon-arrow-right"}}</button>
 		</div>
 		<div class="markdown-toolbar-group">
-			<button type="button" class="markdown-toolbar-button show-modal button" data-md-button data-md-action="new-table" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.new_table.tooltip"}}">{{svg "octicon-table"}}</button>
+			<button type="button" class="markdown-toolbar-button show-modal" data-md-button data-md-action="new-table" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.new_table.tooltip"}}">{{svg "octicon-table"}}</button>
 			<md-mention class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.mention.tooltip"}}">{{svg "octicon-mention"}}</md-mention>
 			<md-ref class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.ref.tooltip"}}">{{svg "octicon-cross-reference"}}</md-ref>
 		</div>
@@ -70,17 +68,17 @@ Template Attributes:
 		<div class="header">{{ctx.Locale.Tr "editor.table_modal.header"}}</div>
 
 		<div class="ui form content" data-selector-name="form">
-			<input type="hidden" name="table-header" value="{{ctx.Locale.Tr "editor.table_modal.placeholder.header"}}">
-			<input type="hidden" name="table-content" value="{{ctx.Locale.Tr "editor.table_modal.placeholder.content"}}">
+			<input type="hidden" name="table-header" value="{{ctx.Locale.Tr "editor.table_modal.placeholder.header"}}" disabled>
+			<input type="hidden" name="table-content" value="{{ctx.Locale.Tr "editor.table_modal.placeholder.content"}}" disabled>
 			<table>
 				<tbody>
 					<tr>
 						<td><label>{{ctx.Locale.Tr "editor.table_modal.label.rows"}}</label></td>
-						<td><input type="number" name="table-rows" min="1" value="2" required></td>
+						<td><input type="number" name="table-rows" class="js-enable" min="1" value="2" disabled required></td>
 					</tr>
 					<tr>
 						<td><label>{{ctx.Locale.Tr "editor.table_modal.label.columns"}}</label></td>
-						<td><input type="number" name="table-columns" min="1" value="2" required></td>
+						<td><input type="number" name="table-columns" class="js-enable" min="1" value="2" disabled required></td>
 					</tr>
 				</tbody>
 			</table>
@@ -99,11 +97,11 @@ Template Attributes:
 			<div class="ui form" data-selector-name="form">
 				<label>
 					{{ctx.Locale.Tr "editor.link_modal.url"}}
-					<input name="link-url" required dir="auto" autocomplete="off">
+					<input name="link-url" class="js-enable" disabled required dir="auto" autocomplete="off">
 				</label>
 				<label>
 					{{ctx.Locale.Tr "editor.link_modal.description"}}
-					<input name="link-description" required dir="auto" autocomplete="off">
+					<input name="link-description" class="js-enable" disabled required dir="auto" autocomplete="off">
 				</label>
 
 				<div class="help">
diff --git a/templates/shared/quota_overview.tmpl b/templates/shared/quota_overview.tmpl
index cb8b57d724..82602f52a6 100644
--- a/templates/shared/quota_overview.tmpl
+++ b/templates/shared/quota_overview.tmpl
@@ -5,26 +5,43 @@
 	<p>{{if .ContextUser.IsOrganization}}{{ctx.Locale.Tr "settings.quota.applies_to_org"}}{{else}}{{ctx.Locale.Tr "settings.quota.applies_to_user"}}{{end}}:</p>
 	{{range $group := .QuotaGroups}}
 		<p class="tw-my-4"><strong>{{$group.Name}}</strong></p>
-		<div class="tw-ml-4">
+		<div class="tw-flex tw-flex-col tw-gap-1">
 		{{range $rule := .Rules}}
-			<div class="tw-flex tw-justify-between">
-				<span class="tw-flex tw-items-center tw-gap-2{{if eq $rule.Limit -1}} tw-mb-5{{end}}">
-					{{if $rule.Acceptable ($.SizeUsed)}}
-						{{svg "octicon-check-circle-fill" 16 "text green"}}
-						{{$rule.Name}}
-					{{else}}
-						{{svg "octicon-alert-fill" 16 "text red"}}
-						<span data-tooltip-content="{{ctx.Locale.Tr "settings.quota.rule.exceeded.helper"}}" data-tooltip-placement="top">
-							{{$rule.Name}} – {{ctx.Locale.Tr "settings.quota.rule.exceeded"}}
-						</span>
-					{{end}}
-				</span>
-				<span>{{ctx.Locale.TrSize ($rule.Sum $.SizeUsed)}} / {{if eq $rule.Limit -1 -}}{{ctx.Locale.Tr "settings.quota.rule.no_limit"}}{{else}}{{ctx.Locale.TrSize $rule.Limit}}{{end}}</span>
-			</div>
-			<div class="ui segment">
-				{{range $idx, $subject := .Subjects}}
-					<div class="bar" style="width: calc(max(1%, {{Eval 100.0 "*" ($.SizeUsed.CalculateFor $subject) "/" $rule.Limit}}%)); background-color: oklch(80% 30% {{call $.Color $subject}}deg)" data-tooltip-placement="top" data-tooltip-content="{{call $.PrettySubject $subject}} – {{ctx.Locale.TrSize ($.SizeUsed.CalculateFor $subject)}}" data-tooltip-follow-cursor="horizontal"></div>
-				{{end}}
+			<div class="tw-flex tw-flex-col tw-gap-3">
+				<details class="stats">
+					<summary>
+						<div class="tw-flex tw-justify-between tw-gap-3">
+							<span class="tw-flex tw-items-center tw-gap-2">
+								{{if $rule.Acceptable ($.SizeUsed)}}
+									{{svg "octicon-check-circle-fill" 16 "text green"}}
+									{{$rule.Name}}
+								{{else}}
+									{{svg "octicon-alert-fill" 16 "text red"}}
+									<span data-tooltip-content="{{ctx.Locale.Tr "settings.quota.rule.exceeded.helper"}}" data-tooltip-placement="top">
+										{{$rule.Name}} – {{ctx.Locale.Tr "settings.quota.rule.exceeded"}}
+									</span>
+								{{end}}
+							</span>
+							<span>{{ctx.Locale.TrSize ($rule.Sum $.SizeUsed)}} / {{if eq $rule.Limit -1 -}}{{ctx.Locale.Tr "settings.quota.rule.no_limit"}}{{else}}{{ctx.Locale.TrSize $rule.Limit}}{{end}}</span>
+						</div>
+						<stats-bar>
+							{{range $idx, $subject := .Subjects}}
+								<div class="slice" style="width: calc(max(1%, {{Eval 100.0 "*" ($.SizeUsed.CalculateFor $subject) "/" $rule.Limit}}%)); background-color: oklch(80% 30% {{call $.Color $subject}}deg)" data-tooltip-placement="top" data-tooltip-content="{{call $.PrettySubject $subject}} – {{ctx.Locale.TrSize ($.SizeUsed.CalculateFor $subject)}}" data-tooltip-follow-cursor="horizontal"></div>
+							{{end}}
+						</stats-bar>
+					</summary>
+					<ul>
+						{{range $idx, $subject := .Subjects}}
+							<li>
+								<div class="color-icon" style="background-color: oklch(80% 30% {{call $.Color $subject}}deg)"></div>
+								<div class="tw-flex tw-justify-between tw-gap-1 tw-w-full">
+									<span>{{call $.PrettySubject $subject}}</span>
+									<span>{{ctx.Locale.TrSize ($.SizeUsed.CalculateFor $subject)}}</span>
+								</div>
+							</li>
+						{{end}}
+					</ul>
+				</details>
 			</div>
 		{{end}}
 		</div>
diff --git a/templates/shared/user/actions_menu.tmpl b/templates/shared/user/actions_menu.tmpl
index 4095ada6d9..0cc6b525ad 100644
--- a/templates/shared/user/actions_menu.tmpl
+++ b/templates/shared/user/actions_menu.tmpl
@@ -1,38 +1,40 @@
 <details class="dropdown dir-auto">
-	<summary data-tooltip-content="{{ctx.Locale.Tr "profile.actions.tooltip"}}">{{svg "octicon-kebab-horizontal"}}</summary>
+	<summary class="border" data-tooltip-content="{{ctx.Locale.Tr "profile.actions.tooltip"}}">
+		{{svg "octicon-kebab-horizontal"}}
+	</summary>
 	<ul>
 		{{if eq .SignedUserID .ContextUser.ID}}
 			<li>
-				<a href="{{AppSubUrl}}/user/settings" class="item">{{svg "octicon-pencil"}}{{ctx.Locale.Tr "profile.edit.link"}}</a>
+				<a href="{{AppSubUrl}}/user/settings">{{svg "octicon-pencil"}}{{ctx.Locale.Tr "profile.edit.link"}}</a>
 			</li>
 		{{end}}
 		{{if .IsAdmin}}
 			<li>
-				<a href="{{AppSubUrl}}/admin/users/{{.ContextUser.ID}}" class="item">{{svg "octicon-gear"}}{{ctx.Locale.Tr "admin.users.details"}}</a>
+				<a href="{{AppSubUrl}}/admin/users/{{.ContextUser.ID}}">{{svg "octicon-gear"}}{{ctx.Locale.Tr "admin.users.details"}}</a>
 			</li>
 		{{end}}
 		{{if and .EnableFeed (or .IsAdmin (eq .SignedUserID .ContextUser.ID) (not .ContextUser.KeepActivityPrivate))}}
 			<li>
-				<a href="{{.ContextUser.HomeLink}}.rss" class="item">{{svg "octicon-rss"}}{{ctx.Locale.Tr "rss_feed"}}</a>
+				<a href="{{.ContextUser.HomeLink}}.rss">{{svg "octicon-rss"}}{{ctx.Locale.Tr "rss_feed"}}</a>
 			</li>
 			<li>
-				<a href="{{.ContextUser.HomeLink}}.atom" class="item">{{svg "octicon-rss"}}{{ctx.Locale.Tr "feed.atom.link"}}</a>
+				<a href="{{.ContextUser.HomeLink}}.atom">{{svg "octicon-rss"}}{{ctx.Locale.Tr "feed.atom.link"}}</a>
 			</li>
 		{{end}}
 		<li>
-			<a href="{{.ContextUser.HomeLink}}.keys" class="item">{{svg "octicon-key"}}{{ctx.Locale.Tr "keys.ssh.link"}}</a>
+			<a href="{{.ContextUser.HomeLink}}.keys">{{svg "octicon-key"}}{{ctx.Locale.Tr "keys.ssh.link"}}</a>
 		</li>
 		<li>
-			<a href="{{.ContextUser.HomeLink}}.gpg" class="item">{{svg "octicon-key"}}{{ctx.Locale.Tr "keys.gpg.link"}}</a>
+			<a href="{{.ContextUser.HomeLink}}.gpg">{{svg "octicon-key"}}{{ctx.Locale.Tr "keys.gpg.link"}}</a>
 		</li>
 		{{if and .IsSigned (ne .SignedUserID .ContextUser.ID)}}
 			<li hx-target="#profile-avatar-card" hx-indicator="#profile-avatar-card" id="action-block">
 				{{if .IsBlocked}}
-					<button class="item orange text" hx-post="{{.ContextUser.HomeLink}}?action=unblock">
+					<button class="orange text" hx-post="{{.ContextUser.HomeLink}}?action=unblock">
 						{{svg "octicon-person"}} {{ctx.Locale.Tr "user.unblock"}}
 					</button>
 				{{else}}
-					<button class="item orange text" data-modal-id="block-user" hx-post="{{.ContextUser.HomeLink}}?action=block" hx-confirm="-">
+					<button class="orange text" data-modal-id="block-user" hx-post="{{.ContextUser.HomeLink}}?action=block" hx-confirm="-">
 						{{svg "octicon-blocked"}} {{ctx.Locale.Tr "user.block"}}
 					</button>
 				{{end}}
@@ -40,7 +42,7 @@
 		{{end}}
 		{{if and .IsModerationEnabled .IsSigned (ne .SignedUserID .ContextUser.ID)}}
 			<li>
-				<a href="{{AppSubUrl}}/report_abuse?type=user&id={{.ContextUser.ID}}" class="item orange text">{{svg "octicon-stop"}}{{ctx.Locale.Tr "moderation.report_abuse"}}</a>
+				<a href="{{AppSubUrl}}/report_abuse?type=user&id={{.ContextUser.ID}}" class="orange text">{{svg "octicon-stop"}}{{ctx.Locale.Tr "moderation.report_abuse"}}</a>
 			</li>
 		{{end}}
 	</ul>
diff --git a/templates/shared/user/profile_big_avatar.tmpl b/templates/shared/user/profile_big_avatar.tmpl
index ca3a5a2076..7e3be457a2 100644
--- a/templates/shared/user/profile_big_avatar.tmpl
+++ b/templates/shared/user/profile_big_avatar.tmpl
@@ -30,14 +30,14 @@
 		</div>
 	</div>
 	{{if $showFollow}}
-		<div class="actions">
+		<div class="actions button-row">
 			<div class="primary-action" hx-target="#profile-avatar-card" hx-indicator="#profile-avatar-card">
 				{{if .IsFollowing}}
-					<button hx-post="{{.ContextUser.HomeLink}}?action=unfollow" class="ui basic red button tw-flex tw-gap-1">
+					<button hx-post="{{.ContextUser.HomeLink}}?action=unfollow" class="secondary button tw-w-full">
 						{{svg "octicon-person"}} {{ctx.Locale.Tr "user.unfollow"}}
 					</button>
 				{{else}}
-					<button hx-post="{{.ContextUser.HomeLink}}?action=follow" class="ui basic primary button tw-flex tw-gap-1">
+					<button hx-post="{{.ContextUser.HomeLink}}?action=follow" class="primary button tw-w-full">
 						{{svg "octicon-person"}} {{ctx.Locale.Tr "user.follow"}}
 					</button>
 				{{end}}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 2388840c07..eaa2e7c0d2 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -267,6 +267,108 @@
         }
       }
     },
+    "/admin/actions/runners": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Get all runners",
+        "operationId": "getAdminRunners",
+        "responses": {
+          "200": {
+            "$ref": "#/definitions/ActionRunnersResponse"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
+    "/admin/actions/runners/registration-token": {
+      "post": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Get a global actions runner registration token",
+        "operationId": "adminCreateRunnerRegistrationToken",
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RegistrationToken"
+          }
+        }
+      }
+    },
+    "/admin/actions/runners/{runner_id}": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Get a global runner",
+        "operationId": "getAdminRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "id of the runner",
+            "name": "runner_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/definitions/ActionRunner"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      },
+      "delete": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Delete a global runner",
+        "operationId": "deleteAdminRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "id of the runner",
+            "name": "runner_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "runner has been deleted"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/admin/cron": {
       "get": {
         "produces": [
@@ -1127,7 +1229,7 @@
         "tags": [
           "admin"
         ],
-        "summary": "Get an global actions runner registration token",
+        "summary": "Get a global actions runner registration token",
         "operationId": "adminGetRunnerRegistrationToken",
         "responses": {
           "200": {
@@ -2413,6 +2515,38 @@
         }
       }
     },
+    "/orgs/{org}/actions/runners": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "organization"
+        ],
+        "summary": "Get org-level runners",
+        "operationId": "getOrgRunners",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "name of the organization",
+            "name": "org",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/definitions/ActionRunnersResponse"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/orgs/{org}/actions/runners/jobs": {
       "get": {
         "produces": [
@@ -2472,6 +2606,106 @@
             "$ref": "#/responses/RegistrationToken"
           }
         }
+      },
+      "post": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "organization"
+        ],
+        "summary": "Get an organization's actions runner registration token",
+        "operationId": "orgCreateRunnerRegistrationToken",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "name of the organization",
+            "name": "org",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RegistrationToken"
+          }
+        }
+      }
+    },
+    "/orgs/{org}/actions/runners/{runner_id}": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "organization"
+        ],
+        "summary": "Get an org-level runner",
+        "operationId": "getOrgRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "name of the organization",
+            "name": "org",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "id of the runner",
+            "name": "runner_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/definitions/ActionRunner"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      },
+      "delete": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "organization"
+        ],
+        "summary": "Delete an org-level runner",
+        "operationId": "deleteOrgRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "name of the organization",
+            "name": "org",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "id of the runner",
+            "name": "runner_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "runner has been deleted"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
       }
     },
     "/orgs/{org}/actions/secrets": {
@@ -4979,6 +5213,45 @@
         }
       }
     },
+    "/repos/{owner}/{repo}/actions/runners": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Get repo-level runners",
+        "operationId": "getRepoRunners",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/definitions/ActionRunnersResponse"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/repos/{owner}/{repo}/actions/runners/jobs": {
       "get": {
         "produces": [
@@ -5052,6 +5325,127 @@
             "$ref": "#/responses/RegistrationToken"
           }
         }
+      },
+      "post": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Get a repository's actions runner registration token",
+        "operationId": "repoCreateRunnerRegistrationToken",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RegistrationToken"
+          }
+        }
+      }
+    },
+    "/repos/{owner}/{repo}/actions/runners/{runner_id}": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Get a repo-level runner",
+        "operationId": "getRepoRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "id of the runner",
+            "name": "runner_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/definitions/ActionRunner"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      },
+      "delete": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Delete a repo-level runner",
+        "operationId": "deleteRepoRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "id of the runner",
+            "name": "runner_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "runner has been deleted"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
       }
     },
     "/repos/{owner}/{repo}/actions/runs": {
@@ -18294,6 +18688,32 @@
         }
       }
     },
+    "/user/actions/runners": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "user"
+        ],
+        "summary": "Get user-level runners",
+        "operationId": "getUserRunners",
+        "responses": {
+          "200": {
+            "$ref": "#/responses/ActionRunnersResponse"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "401": {
+            "$ref": "#/responses/unauthorized"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/user/actions/runners/jobs": {
       "get": {
         "produces": [
@@ -18346,6 +18766,92 @@
             "$ref": "#/responses/forbidden"
           }
         }
+      },
+      "post": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "user"
+        ],
+        "summary": "Get an user's actions runner registration token",
+        "operationId": "userCreateRunnerRegistrationToken",
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RegistrationToken"
+          },
+          "401": {
+            "$ref": "#/responses/unauthorized"
+          }
+        }
+      }
+    },
+    "/user/actions/runners/{runner_id}": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "user"
+        ],
+        "summary": "Get an user-level runner",
+        "operationId": "getUserRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "id of the runner",
+            "name": "runner_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/ActionRunner"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "401": {
+            "$ref": "#/responses/unauthorized"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      },
+      "delete": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "user"
+        ],
+        "summary": "Delete an user-level runner",
+        "operationId": "deleteUserRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "id of the runner",
+            "name": "runner_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "runner has been deleted"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "401": {
+            "$ref": "#/responses/unauthorized"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
       }
     },
     "/user/actions/secrets/{secretname}": {
@@ -21585,6 +22091,81 @@
       },
       "x-go-package": "forgejo.org/modules/structs"
     },
+    "ActionRunner": {
+      "description": "ActionRunner represents a Runner",
+      "type": "object",
+      "properties": {
+        "busy": {
+          "type": "boolean",
+          "x-go-name": "Busy"
+        },
+        "ephemeral": {
+          "description": "currently unused as forgejo does not support ephemeral runners, but they are defined in gh api spec",
+          "type": "boolean",
+          "x-go-name": "Ephemeral"
+        },
+        "id": {
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "ID"
+        },
+        "labels": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/ActionRunnerLabel"
+          },
+          "x-go-name": "Labels"
+        },
+        "name": {
+          "type": "string",
+          "x-go-name": "Name"
+        },
+        "status": {
+          "type": "string",
+          "x-go-name": "Status"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
+    "ActionRunnerLabel": {
+      "description": "ActionRunnerLabel represents a Runner Label",
+      "type": "object",
+      "properties": {
+        "id": {
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "ID"
+        },
+        "name": {
+          "type": "string",
+          "x-go-name": "Name"
+        },
+        "type": {
+          "type": "string",
+          "x-go-name": "Type"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
+    "ActionRunnersResponse": {
+      "description": "ActionRunnersResponse returns Runners",
+      "type": "object",
+      "properties": {
+        "runners": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/ActionRunner"
+          },
+          "x-go-name": "Entries"
+        },
+        "total_count": {
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "TotalCount"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
     "ActionTask": {
       "description": "ActionTask represents a ActionTask",
       "type": "object",
@@ -22542,7 +23123,7 @@
       "x-go-package": "forgejo.org/modules/structs"
     },
     "CommitStatusState": {
-      "description": "CommitStatusState holds the state of a CommitStatus\nIt can be \"pending\", \"success\", \"error\" and \"failure\"",
+      "description": "CommitStatusState holds the state of a CommitStatus\nIt can be \"pending\", \"success\", \"error\", \"failure\" and \"warning\"",
       "type": "string",
       "x-go-package": "forgejo.org/modules/structs"
     },
@@ -24818,6 +25399,10 @@
           "type": "string",
           "x-go-name": "FullName"
         },
+        "hide_email": {
+          "type": "boolean",
+          "x-go-name": "HideEmail"
+        },
         "location": {
           "type": "string",
           "x-go-name": "Location"
@@ -29259,6 +29844,18 @@
         "$ref": "#/definitions/ListActionRunResponse"
       }
     },
+    "ActionRunner": {
+      "description": "ActionRunner represents a Runner",
+      "schema": {
+        "$ref": "#/definitions/ActionRunner"
+      }
+    },
+    "ActionRunnersResponse": {
+      "description": "ActionRunnersResponse returns Runners",
+      "schema": {
+        "$ref": "#/definitions/ActionRunnersResponse"
+      }
+    },
     "ActionVariable": {
       "description": "ActionVariable",
       "schema": {
diff --git a/templates/user/dashboard/issues.tmpl b/templates/user/dashboard/issues.tmpl
index c76a61c393..ba4c213947 100644
--- a/templates/user/dashboard/issues.tmpl
+++ b/templates/user/dashboard/issues.tmpl
@@ -15,7 +15,7 @@
 				</a>
 			</div>
 			<form class="list-header-search ui form ignore-dirty">
-				<div class="ui small search fluid action input">
+				<div class="ui search fluid action input">
 					<input type="hidden" name="type" value="{{$.ViewType}}">
 					<input type="hidden" name="sort" value="{{$.SortType}}">
 					<input type="hidden" name="state" value="{{$.State}}">
diff --git a/templates/user/notification/notification_div.tmpl b/templates/user/notification/notification_div.tmpl
index 3340c83e63..a2a7c991a3 100644
--- a/templates/user/notification/notification_div.tmpl
+++ b/templates/user/notification/notification_div.tmpl
@@ -1,7 +1,7 @@
 <div role="main" aria-label="{{.Title}}" class="page-content user notification" id="notification_div" data-sequence-number="{{.SequenceNumber}}">
 	<div class="ui container">
 		{{$notificationUnreadCount := call .NotificationUnreadCount}}
-		<div class="tw-flex tw-items-center tw-justify-between tw-mb-4">
+		<div class="tw-flex tw-items-center tw-justify-between tw-mb-4 tw-gap-2">
 			<div class="switch">
 				<a class="{{if eq .Status 1}}active {{end}}item" href="{{AppSubUrl}}/notifications?q=unread">
 					{{ctx.Locale.Tr "notification.unread"}}
@@ -11,15 +11,15 @@
 					{{ctx.Locale.Tr "notification.read"}}
 				</a>
 			</div>
-			<div class="tw-flex button-row">
-				<a class="ui tiny button" href="{{AppSubUrl}}/notifications/subscriptions">
+			<div class="button-row tw-flex">
+				<a class="secondary button" href="{{AppSubUrl}}/notifications/subscriptions">
 					{{ctx.Locale.Tr "notification.subscriptions"}}
 				</a>
 				{{if and (eq .Status 1)}}
 					<form class="{{if not $notificationUnreadCount}}tw-hidden{{end}}" action="{{AppSubUrl}}/notifications/purge" method="post">
 						{{$.CsrfTokenHtml}}
 						<div>
-							<button class="ui mini button primary tw-mr-0" title="{{ctx.Locale.Tr "notification.mark_all_as_read"}}">
+							<button class="primary button" title="{{ctx.Locale.Tr "notification.mark_all_as_read"}}">
 								{{svg "octicon-checklist"}}
 							</button>
 						</div>
diff --git a/templates/user/notification/notification_subscriptions.tmpl b/templates/user/notification/notification_subscriptions.tmpl
index 300d117e2b..9e4685b849 100644
--- a/templates/user/notification/notification_subscriptions.tmpl
+++ b/templates/user/notification/notification_subscriptions.tmpl
@@ -10,7 +10,7 @@
 					{{ctx.Locale.Tr "notification.watching"}}
 				</a>
 			</div>
-			<a class="ui tiny button" href="{{AppSubUrl}}/notifications">
+			<a class="secondary button" href="{{AppSubUrl}}/notifications">
 				{{ctx.Locale.Tr "notifications"}}
 			</a>
 		</div>
diff --git a/templates/user/settings/applications.tmpl b/templates/user/settings/applications.tmpl
index a5912c9e0f..602c538f97 100644
--- a/templates/user/settings/applications.tmpl
+++ b/templates/user/settings/applications.tmpl
@@ -59,7 +59,7 @@
 			</h5>
 			<form id="scoped-access-form" class="ui form ignore-dirty" action="{{.Link}}" method="post">
 				{{.CsrfTokenHtml}}
-				<div class="field {{if .Err_Name}}error{{end}}">
+				<div class="required field {{if .Err_Name}}error{{end}}">
 					<label for="name">{{ctx.Locale.Tr "settings.token_name"}}</label>
 					<input id="name" name="name" value="{{.name}}" autofocus required maxlength="255">
 				</div>
diff --git a/tests/e2e/actions.test.e2e.ts b/tests/e2e/actions.test.e2e.ts
index e7fef6bc0a..083b25a7b9 100644
--- a/tests/e2e/actions.test.e2e.ts
+++ b/tests/e2e/actions.test.e2e.ts
@@ -10,7 +10,8 @@
 // @watch end
 
 import {expect, type Page, type TestInfo} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 const workflow_trigger_notification_text = 'This workflow has a workflow_dispatch event trigger.';
 
@@ -21,13 +22,13 @@ async function dispatchSuccess(page: Page, testInfo: TestInfo) {
   await page.locator('#workflow_dispatch_dropdown>button').click();
 
   await page.fill('input[name="inputs[string2]"]', 'abc');
-  await save_visual(page);
+  await screenshot(page, page.locator('div.ui.container').filter({hasText: 'All workflows'}));
   await page.locator('#workflow-dispatch-submit').click();
 
   await expect(page.getByText('Workflow run was successfully requested.')).toBeVisible();
 
   await expect(page.locator('.run-list>:first-child .run-list-meta', {hasText: 'now'})).toBeVisible();
-  await save_visual(page);
+  await screenshot(page, page.locator('div.ui.container').filter({hasText: 'All workflows'}));
 }
 
 test.describe('Workflow Authenticated user2', () => {
@@ -45,7 +46,7 @@ test.describe('Workflow Authenticated user2', () => {
     await expect(menu).toBeHidden();
     await run_workflow_btn.click();
     await expect(menu).toBeVisible();
-    await save_visual(page);
+    await screenshot(page, page.locator('div.ui.container').filter({hasText: 'All workflows'}));
   });
 
   test('dispatch error: missing inputs', async ({page}, testInfo) => {
@@ -64,7 +65,7 @@ test.describe('Workflow Authenticated user2', () => {
     await page.locator('#workflow-dispatch-submit').click();
 
     await expect(page.getByText('Require value for input "String w/o. default".')).toBeVisible();
-    await save_visual(page);
+    await screenshot(page, page.locator('div.ui.container').filter({hasText: 'All workflows'}));
   });
 
   // no assertions as the login in this test case is extracted for reuse
@@ -78,7 +79,7 @@ test('workflow dispatch box not available for unauthenticated users', async ({pa
   await page.goto('/user2/test_workflows/actions?workflow=test-dispatch.yml&actor=0&status=0');
 
   await expect(page.locator('body')).not.toContainText(workflow_trigger_notification_text);
-  await save_visual(page);
+  await screenshot(page, page.locator('div.ui.container').filter({hasText: 'All workflows'}));
 });
 
 async function completeDynamicRefresh(page: Page) {
@@ -119,7 +120,7 @@ test.describe('workflow list dynamic refresh', () => {
     });
     await completeDynamicRefresh(page);
     await expect(backgroundPage.locator('.run-list>:first-child .flex-item-body>b', {hasText: latestDispatchedRun})).toBeVisible();
-    await save_visual(backgroundPage);
+    await screenshot(backgroundPage, page.locator('div.ui.container').filter({hasText: 'All workflows'}));
   });
 
   test('refreshes on interval', async ({page}, testInfo) => {
@@ -137,7 +138,7 @@ test.describe('workflow list dynamic refresh', () => {
 
     await simulatePollingInterval(backgroundPage);
     await expect(backgroundPage.locator('.run-list>:first-child .flex-item-body>b', {hasText: latestDispatchedRun})).toBeVisible();
-    await save_visual(backgroundPage);
+    await screenshot(backgroundPage, page.locator('div.ui.container').filter({hasText: 'All workflows'}));
   });
 
   test('post-refresh the dropdowns continue to operate', async ({page}, testInfo) => {
diff --git a/tests/e2e/admin-ui.test.e2e.ts b/tests/e2e/admin-ui.test.e2e.ts
new file mode 100644
index 0000000000..8fcd3456a3
--- /dev/null
+++ b/tests/e2e/admin-ui.test.e2e.ts
@@ -0,0 +1,58 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// web_src/js/features/admin/**
+// templates/admin/**
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
+
+test.use({user: 'user1'});
+
+test('Admin notices modal', async ({page}) => {
+  const response = await page.goto('/admin/notices');
+  expect(response?.status()).toBe(200);
+
+  await page.getByText('description1').click();
+  await expect(page.locator('#detail-modal .content')).toHaveText('description1');
+  await screenshot(page, page.locator('#detail-modal'));
+  await page.getByText('Cancel').click();
+  await expect(page.locator('#change-email-modal')).toBeHidden();
+
+  await page.getByText('description2').click();
+  await expect(page.locator('#detail-modal .content')).toHaveText('description2');
+  await screenshot(page, page.locator('#detail-modal'));
+  await page.getByText('Cancel').click();
+  await expect(page.locator('#change-email-modal')).toBeHidden();
+
+  await page.getByText('description3').click();
+  await expect(page.locator('#detail-modal .content')).toHaveText('description3');
+  await screenshot(page, page.locator('#detail-modal'));
+  await page.getByText('Cancel').click();
+  await expect(page.locator('#change-email-modal')).toBeHidden();
+});
+
+test('Admin email list', async ({page}) => {
+  const response = await page.goto('/admin/emails');
+  expect(response?.status()).toBe(200);
+
+  await page.locator('[data-uid="21"]').click();
+  await expect(page.locator('#change-email-modal .content')).toHaveText('Are you sure you want to update this email address?');
+  await screenshot(page, page.locator('#change-email-modal .content'));
+  await page.locator('#email-action-form').getByText('No').click();
+  await expect(page.locator('#change-email-modal')).toBeHidden();
+
+  const activated = await page.locator('[data-uid="9"] .svg').evaluate((node) => node.classList.contains('octicon-check'));
+  await page.locator('[data-uid="9"]').click();
+  await page.getByRole('button', {name: 'Yes'}).click();
+
+  // Retry-proof
+  if (activated) {
+    await expect(page.locator('[data-uid="9"] .svg')).toHaveClass(/octicon-x/);
+  } else {
+    await expect(page.locator('[data-uid="9"] svg')).toHaveClass(/octicon-check/);
+  }
+});
diff --git a/tests/e2e/buttons.test.e2e.ts b/tests/e2e/buttons.test.e2e.ts
new file mode 100644
index 0000000000..ea46d5dd23
--- /dev/null
+++ b/tests/e2e/buttons.test.e2e.ts
@@ -0,0 +1,34 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// web_src/css/modules/switch.css
+// web_src/css/modules/button.css
+// web_src/css/modules/dropdown.css
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test} from './utils_e2e.ts';
+
+test.use({user: 'user2'});
+
+test('Buttons and other controls have consistent height', async ({page}) => {
+  await page.goto('/user1');
+
+  // The height of dropdown opener and the button should be matching, even in mobile browsers with coarse pointer
+  let buttonHeight = (await page.locator('#profile-avatar-card .actions .primary-action').boundingBox()).height;
+  const openerHeight = (await page.locator('#profile-avatar-card .actions .dropdown').boundingBox()).height;
+  expect(openerHeight).toBe(buttonHeight);
+
+  await page.goto('/notifications');
+
+  // The height should also be consistent with the button on the previous page
+  const switchHeight = (await page.locator('.switch').boundingBox()).height;
+  expect(buttonHeight).toBe(switchHeight);
+
+  buttonHeight = (await page.locator('.button-row .button[href="/notifications/subscriptions"]').boundingBox()).height;
+  expect(buttonHeight).toBe(switchHeight);
+
+  const purgeButtonHeight = (await page.locator('form[action="/notifications/purge"]').boundingBox()).height;
+  expect(buttonHeight).toBe(purgeButtonHeight);
+});
diff --git a/tests/e2e/clipboard-copy.test.e2e.ts b/tests/e2e/clipboard-copy.test.e2e.ts
index 2517d07463..2d159e8e90 100644
--- a/tests/e2e/clipboard-copy.test.e2e.ts
+++ b/tests/e2e/clipboard-copy.test.e2e.ts
@@ -8,7 +8,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test('copy src file path to clipboard', async ({page}, workerInfo) => {
   test.skip(['Mobile Safari', 'webkit'].includes(workerInfo.project.name), 'Apple clipboard API addon - starting at just $499!');
@@ -20,7 +21,7 @@ test('copy src file path to clipboard', async ({page}, workerInfo) => {
   const clipboardText = await page.evaluate(() => navigator.clipboard.readText());
   expect(clipboardText).toContain('README.md');
   await expect(page.getByText('Copied')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page, page.getByText('Copied'), 50);
 });
 
 test('copy diff file path to clipboard', async ({page}, workerInfo) => {
@@ -33,5 +34,5 @@ test('copy diff file path to clipboard', async ({page}, workerInfo) => {
   const clipboardText = await page.evaluate(() => navigator.clipboard.readText());
   expect(clipboardText).toContain('README.md');
   await expect(page.getByText('Copied')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page, page.getByText('Copied'), 50);
 });
diff --git a/tests/e2e/dashboard-ci-status.test.e2e.ts b/tests/e2e/dashboard-ci-status.test.e2e.ts
index d35fe299ff..06c8147770 100644
--- a/tests/e2e/dashboard-ci-status.test.e2e.ts
+++ b/tests/e2e/dashboard-ci-status.test.e2e.ts
@@ -24,5 +24,5 @@ test('Correct link and tooltip', async ({page}, testInfo) => {
   await expect(repoStatus).toHaveAttribute('href', '/user2/test_workflows/actions', {timeout: 10000});
   await expect(repoStatus).toHaveAttribute('data-tooltip-content', /^(Error|Failure)$/);
   // ToDo: Ensure stable screenshot of dashboard. Known to be flaky: https://code.forgejo.org/forgejo/visual-browser-testing/commit/206d4cfb7a4af6d8d7043026cdd4d63708798b2a
-  // await save_visual(page);
+  // await screenshot(page);
 });
diff --git a/tests/e2e/declare_repos_test.go b/tests/e2e/declare_repos_test.go
index 1aca84125a..8afad81df3 100644
--- a/tests/e2e/declare_repos_test.go
+++ b/tests/e2e/declare_repos_test.go
@@ -76,6 +76,10 @@ func DeclareGitRepos(t *testing.T) func() {
 				CommitMsg: "Another commit which mentions @user1 in the title\nand @user2 in the text",
 			},
 		}, nil),
+		newRepo(t, 2, "file-uploads", nil, []FileChanges{{
+			Filename: "UPLOAD_TEST.md",
+			Versions: []string{"# File upload test\nUse this repo to test various file upload features in new branches."},
+		}}, nil),
 		newRepo(t, 2, "unicode-escaping", &tests.DeclarativeRepoOptions{
 			EnabledUnits: optional.Some([]unit_model.Type{unit_model.TypeCode, unit_model.TypeWiki}),
 		}, []FileChanges{{
diff --git a/tests/e2e/dimmer.test.e2e.ts b/tests/e2e/dimmer.test.e2e.ts
index ed8d116e1f..ffdbf7e20b 100644
--- a/tests/e2e/dimmer.test.e2e.ts
+++ b/tests/e2e/dimmer.test.e2e.ts
@@ -5,7 +5,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -23,13 +24,13 @@ test('Dimmed modal', async ({page}) => {
   // Modal and dimmer should be visible.
   await expect(page.locator('#block-user')).toBeVisible();
   await expect(page.locator('.ui.dimmer')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page, page.locator('.ui.g-modal-confirm.delete.modal'), 50);
 
   // After canceling, modal and dimmer should be hidden.
   await page.locator('#block-user .cancel').click();
   await expect(page.locator('.ui.dimmer')).toBeHidden();
   await expect(page.locator('#block-user')).toBeHidden();
-  await save_visual(page);
+  await screenshot(page);
 
   // Open the block modal and make the dimmer visible again.
   await page.locator('.actions .dropdown').click();
@@ -37,7 +38,7 @@ test('Dimmed modal', async ({page}) => {
   await expect(page.locator('#block-user')).toBeVisible();
   await expect(page.locator('.ui.dimmer')).toBeVisible();
   await expect(page.locator('.ui.dimmer')).toHaveCount(1);
-  await save_visual(page);
+  await screenshot(page, page.locator('.ui.g-modal-confirm.delete.modal'), 50);
 });
 
 test('Dimmed overflow', async ({page}, workerInfo) => {
@@ -58,7 +59,7 @@ test('Dimmed overflow', async ({page}, workerInfo) => {
   // Expect a 'are you sure, this file is empty' modal.
   await expect(page.locator('#edit-empty-content-modal')).toBeVisible();
   await expect(page.locator('#edit-empty-content-modal header')).toContainText('Commit an empty file');
-  await save_visual(page);
+  await screenshot(page);
 
   // Trickery to check the page cannot be scrolled.
   const {overflow} = await page.evaluate(() => {
diff --git a/tests/e2e/dropdown.test.e2e.ts b/tests/e2e/dropdown.test.e2e.ts
index 5f226f94bb..d6ab5c2294 100644
--- a/tests/e2e/dropdown.test.e2e.ts
+++ b/tests/e2e/dropdown.test.e2e.ts
@@ -9,7 +9,7 @@
 import {expect} from '@playwright/test';
 import {test} from './utils_e2e.ts';
 
-test('JS enhanced', async ({page}) => {
+test('JS enhanced interaction', async ({page}) => {
   await page.goto('/user1');
 
   await expect(page.locator('body')).not.toContainClass('no-js');
@@ -60,7 +60,7 @@ test('JS enhanced', async ({page}) => {
   await expect(languageMenu).toBeVisible();
 });
 
-test('No JS', async ({browser}) => {
+test('No JS interaction', async ({browser}) => {
   const context = await browser.newContext({javaScriptEnabled: false});
   const nojsPage = await context.newPage();
   await nojsPage.goto('/user1');
@@ -104,3 +104,55 @@ test('No JS', async ({browser}) => {
   await dropdownSummary.press(`Escape`);
   await expect(dropdownContent).toBeVisible();
 });
+
+test('Visual properties', async ({browser, isMobile}) => {
+  const context = await browser.newContext({javaScriptEnabled: false});
+  const page = await context.newPage();
+
+  // User profile has dropdown used as an ellipsis menu
+  await page.goto('/user1');
+
+  // Has `.border` and pretty small default `inline-padding:`
+  const summary = page.locator('details.dropdown summary');
+  expect(await summary.evaluate((el) => getComputedStyle(el).border)).toBe('1px solid rgba(0, 0, 0, 0.114)');
+  expect(await summary.evaluate((el) => getComputedStyle(el).paddingInline)).toBe('7px');
+
+  // Background
+  expect(await summary.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe('rgba(0, 0, 0, 0)');
+  await summary.click();
+  expect(await summary.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe('rgb(226, 226, 229)');
+
+  // Direction and item height
+  const content = page.locator('details.dropdown > ul');
+  const firstItem = page.locator('details.dropdown > ul > li:first-child');
+  if (isMobile) {
+    // `<ul>`'s direction is reversed
+    expect(await content.evaluate((el) => getComputedStyle(el).direction)).toBe('rtl');
+    expect(await firstItem.evaluate((el) => getComputedStyle(el).direction)).toBe('ltr');
+    // `@media (pointer: coarse)` makes items taller
+    expect(await firstItem.evaluate((el) => getComputedStyle(el).height)).toBe('41px');
+  } else {
+    // Both use default
+    expect(await content.evaluate((el) => getComputedStyle(el).direction)).toBe('ltr');
+    expect(await firstItem.evaluate((el) => getComputedStyle(el).direction)).toBe('ltr');
+    // Regular item height
+    expect(await firstItem.evaluate((el) => getComputedStyle(el).height)).toBe('34px');
+  }
+
+  // `/explore/users` has dropdown used as a sort options menu with text in the opener
+  await page.goto('/explore/users');
+
+  // No `.border` and increased `inline-padding:` from `.options`
+  expect(await summary.evaluate((el) => getComputedStyle(el).borderWidth)).toBe('0px');
+  expect(await summary.evaluate((el) => getComputedStyle(el).paddingInline)).toBe('10.5px');
+
+  // `<ul>`'s direction is reversed
+  expect(await content.evaluate((el) => getComputedStyle(el).direction)).toBe('rtl');
+  expect(await firstItem.evaluate((el) => getComputedStyle(el).direction)).toBe('ltr');
+
+  // Background of inactive and `.active` items
+  const activeItem = page.locator('details.dropdown > ul > li:first-child > a');
+  const inactiveItem = page.locator('details.dropdown > ul > li:last-child > a');
+  expect(await activeItem.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe('rgb(226, 226, 229)');
+  expect(await inactiveItem.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe('rgba(0, 0, 0, 0)');
+});
diff --git a/tests/e2e/example.test.e2e.ts b/tests/e2e/example.test.e2e.ts
index 97c5b8684b..8d94fa88d7 100644
--- a/tests/e2e/example.test.e2e.ts
+++ b/tests/e2e/example.test.e2e.ts
@@ -5,7 +5,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test('Load Homepage', async ({page}) => {
   const response = await page.goto('/');
@@ -26,7 +27,7 @@ test('Register Form', async ({page}, workerInfo) => {
   expect(page.url()).toBe(`${workerInfo.project.use.baseURL}/`);
   await expect(page.locator('.secondary-nav span>img.ui.avatar')).toBeVisible();
   await expect(page.locator('.ui.positive.message.flash-success')).toHaveText('Account was successfully created. Welcome!');
-  await save_visual(page);
+  await screenshot(page);
 });
 
 // eslint-disable-next-line playwright/no-skipped-test
diff --git a/tests/e2e/explore.test.e2e.ts b/tests/e2e/explore.test.e2e.ts
index 1bb5af3cc6..f953ba2d71 100644
--- a/tests/e2e/explore.test.e2e.ts
+++ b/tests/e2e/explore.test.e2e.ts
@@ -7,7 +7,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test('Explore view taborder', async ({page}) => {
   await page.goto('/explore/repos');
@@ -42,5 +43,5 @@ test('Explore view taborder', async ({page}) => {
     }
   }
   expect(res).toBe(exp);
-  await save_visual(page);
+  await screenshot(page);
 });
diff --git a/tests/e2e/fixtures/repo_unit.yml b/tests/e2e/fixtures/repo_unit.yml
new file mode 100644
index 0000000000..df727bbc08
--- /dev/null
+++ b/tests/e2e/fixtures/repo_unit.yml
@@ -0,0 +1,6 @@
+-
+  id: 1001
+  repo_id: 1002
+  type: 1
+  config: "{}"
+  created_unix: 946684810
diff --git a/tests/e2e/fixtures/repository.yml b/tests/e2e/fixtures/repository.yml
index 6afbd138e8..153e6e7752 100644
--- a/tests/e2e/fixtures/repository.yml
+++ b/tests/e2e/fixtures/repository.yml
@@ -11,3 +11,18 @@
   status: 0
   lfs_size: 8192
   topics: '[]'
+
+
+-
+  id: 1002
+  owner_id: 2
+  owner_name: user2
+  lower_name: rendering-test
+  name: rendering-test
+  default_branch: master
+  is_empty: false
+  is_archived: false
+  is_private: false
+  status: 0
+  num_issues: 0
+  topics: '[]'
diff --git a/tests/e2e/git-notes.test.e2e.ts b/tests/e2e/git-notes.test.e2e.ts
index 1e2cbe76fc..f1f4d07c1d 100644
--- a/tests/e2e/git-notes.test.e2e.ts
+++ b/tests/e2e/git-notes.test.e2e.ts
@@ -1,6 +1,7 @@
 // @ts-check
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -16,15 +17,15 @@ test('Change git note', async ({page}) => {
   let textarea = page.locator('textarea[name="notes"]');
   await expect(textarea).toBeVisible();
   await textarea.fill('This is a new note');
-  await save_visual(page);
+  await screenshot(page, page.locator('.ui.container.fluid.padded'));
 
   await page.locator('#notes-save-button').click();
-  await save_visual(page);
+  await screenshot(page, page.locator('.ui.container.fluid.padded'));
 
   response = await page.goto('/user2/repo1/commit/65f1bf27bc3bf70f64657658635e66094edbcb4d');
   expect(response?.status()).toBe(200);
 
   textarea = page.locator('textarea[name="notes"]');
   await expect(textarea).toHaveText('This is a new note');
-  await save_visual(page);
+  await screenshot(page, page.locator('.ui.container.fluid.padded'));
 });
diff --git a/tests/e2e/image-diff.test.e2e.ts b/tests/e2e/image-diff.test.e2e.ts
index f7d4f7bd69..273564fcb3 100644
--- a/tests/e2e/image-diff.test.e2e.ts
+++ b/tests/e2e/image-diff.test.e2e.ts
@@ -6,7 +6,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test, dynamic_id} from './utils_e2e.ts';
+import {test, dynamic_id} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -44,7 +45,7 @@ test('Repository image diff', async ({page}) => {
   await expect(page.locator('.tab[data-tab="diff-side-by-side-1"]')).toBeVisible();
   await expect(page.locator('.tab[data-tab="diff-swipe-1"]')).toBeHidden();
   await expect(page.locator('.tab[data-tab="diff-overlay-1"]')).toBeHidden();
-  await save_visual(page);
+  await screenshot(page, page.locator('#diff-container'));
 
   await page.getByText('Swipe').click();
   await expect(page.locator('.item[data-tab="diff-side-by-side-1"]')).not.toContainClass('active');
@@ -53,7 +54,7 @@ test('Repository image diff', async ({page}) => {
   await expect(page.locator('.tab[data-tab="diff-side-by-side-1"]')).toBeHidden();
   await expect(page.locator('.tab[data-tab="diff-swipe-1"]')).toBeVisible();
   await expect(page.locator('.tab[data-tab="diff-overlay-1"]')).toBeHidden();
-  await save_visual(page);
+  await screenshot(page, page.locator('#diff-container'));
 
   await page.getByText('Overlay').click();
   await expect(page.locator('.item[data-tab="diff-side-by-side-1"]')).not.toContainClass('active');
@@ -62,5 +63,5 @@ test('Repository image diff', async ({page}) => {
   await expect(page.locator('.tab[data-tab="diff-side-by-side-1"]')).toBeHidden();
   await expect(page.locator('.tab[data-tab="diff-swipe-1"]')).toBeHidden();
   await expect(page.locator('.tab[data-tab="diff-overlay-1"]')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page, page.locator('#diff-container'));
 });
diff --git a/tests/e2e/issue-comment-dropzone.test.e2e.ts b/tests/e2e/issue-comment-dropzone.test.e2e.ts
index 33ea2c9403..10fd27e714 100644
--- a/tests/e2e/issue-comment-dropzone.test.e2e.ts
+++ b/tests/e2e/issue-comment-dropzone.test.e2e.ts
@@ -9,7 +9,8 @@
 // @watch end
 
 import {expect, type Locator, type Page, type TestInfo} from '@playwright/test';
-import {test, save_visual, dynamic_id} from './utils_e2e.ts';
+import {test, dynamic_id} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -57,7 +58,11 @@ async function assertCopy(page: Page, workerInfo: TestInfo, startWith: string) {
 test('Paste image in new comment', async ({page}, workerInfo) => {
   await page.goto('/user2/repo1/issues/new');
 
+  const waitForAttachmentUpload = page.waitForResponse((response) => {
+    return response.request().method() === 'POST' && response.url().endsWith('/attachments');
+  });
   await pasteImage(page.locator('.markdown-text-editor'));
+  await waitForAttachmentUpload;
 
   const dropzone = page.locator('.dropzone');
   await expect(dropzone.locator('.files')).toHaveCount(1);
@@ -67,7 +72,7 @@ test('Paste image in new comment', async ({page}, workerInfo) => {
   await expect(preview.locator('.octicon-copy')).toBeVisible();
   await assertCopy(page, workerInfo, '![foo](');
 
-  await save_visual(page);
+  await screenshot(page, page.locator('.issue-content-left'));
 });
 
 test('Re-add images to dropzone on edit', async ({page}, workerInfo) => {
@@ -75,12 +80,20 @@ test('Re-add images to dropzone on edit', async ({page}, workerInfo) => {
 
   const issueTitle = dynamic_id();
   await page.locator('#issue_title').fill(issueTitle);
+  const waitForAttachmentUpload = page.waitForResponse((response) => {
+    return response.request().method() === 'POST' && response.url().endsWith('/attachments');
+  });
   await pasteImage(page.locator('.markdown-text-editor'));
+  await waitForAttachmentUpload;
   await page.getByRole('button', {name: 'Create issue'}).click();
 
   await expect(page).toHaveURL(/\/user2\/repo1\/issues\/\d+$/);
   await page.click('.comment-container .context-menu');
+  const waitForAttachmentsLoad = page.waitForResponse((response) => {
+    return response.request().method() === 'GET' && response.url().endsWith('/attachments');
+  });
   await page.click('.comment-container .menu > .edit-content');
+  await waitForAttachmentsLoad;
 
   const dropzone = page.locator('.dropzone');
   await expect(dropzone.locator('.files').first()).toHaveCount(1);
@@ -90,5 +103,5 @@ test('Re-add images to dropzone on edit', async ({page}, workerInfo) => {
   await expect(preview.locator('.octicon-copy')).toBeVisible();
   await assertCopy(page, workerInfo, '![foo](');
 
-  await save_visual(page);
+  await screenshot(page, page.locator('.issue-content-left'));
 });
diff --git a/tests/e2e/issue-comment.test.e2e.ts b/tests/e2e/issue-comment.test.e2e.ts
index bc2bc3d691..ff2a1928b3 100644
--- a/tests/e2e/issue-comment.test.e2e.ts
+++ b/tests/e2e/issue-comment.test.e2e.ts
@@ -2,13 +2,66 @@
 // web_src/js/features/comp/**
 // web_src/js/features/repo-**
 // templates/repo/issue/view_content/*
+// routers/web/repo/issue_content_history.go
 // @watch end
 
 import {expect} from '@playwright/test';
-import {test, save_visual} from './utils_e2e.ts';
+import {test, dynamic_id, login_user} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
+for (const run of [
+  {title: 'JS off', js: true},
+  {title: 'JS on', js: false},
+]) {
+  test.describe(`Create issue & comment`, () => {
+    // playwright/valid-title says: [error] Title must be a string
+    test(`${run.title}`, async ({browser}, workerInfo) => {
+      test.skip(['Mobile Chrome', 'Mobile Safari'].includes(workerInfo.project.name), 'Mobile Chrome has trouble clicking Comment button with JS enabled, Mobile Safari is flaky and only passes on retry');
+
+      const issueTitle = dynamic_id();
+      const issueContent = dynamic_id();
+      const commentContent = dynamic_id();
+
+      const context = await login_user(browser, workerInfo, 'user2', {javaScriptEnabled: run.js});
+      const page = await context.newPage();
+
+      let response = await page.goto('/user2/repo1/issues/new');
+      expect(response?.status()).toBe(200);
+
+      // Create a new issue
+      await page.getByPlaceholder('Title').fill(issueTitle);
+      await page.getByPlaceholder('Leave a comment').fill(issueContent);
+      await page.getByRole('button', {name: 'Create issue'}).click();
+
+      if (run.js) {
+        await expect(page).toHaveURL(/\/user2\/repo1\/issues\/\d+$/);
+      } else {
+        // NoJS clients end up on a .../comments JSON file and browsers surround it with some HTML
+        const redirectUrl = await JSON.parse(await page.locator('body').textContent())['redirect'];
+        response = await page.goto(redirectUrl);
+        expect(response?.status()).toBe(200);
+      }
+
+      // Leave a comment
+      await page.locator('#comment-form').getByPlaceholder('Leave a comment').fill(commentContent);
+      await page.locator('#comment-form button.primary').filter({hasText: 'Comment'}).click();
+
+      if (!run.js) {
+        const redirectUrl = await JSON.parse(await page.locator('body').textContent())['redirect'];
+        response = await page.goto(redirectUrl);
+        expect(response?.status()).toBe(200);
+      }
+
+      // Validate the page contents that actions above made a difference
+      await expect(page.locator('h1')).toContainText(issueTitle);
+      await expect(page.locator('.comment').filter({hasText: issueContent})).toHaveCount(1);
+      await expect(page.locator('.comment').filter({hasText: commentContent})).toHaveCount(1);
+    });
+  });
+}
+
 test('Menu accessibility', async ({page}) => {
   await page.goto('/user2/repo1/issues/1');
   await expect(page.getByLabel('user2 reacted eyes. Remove eyes')).toBeVisible();
@@ -61,7 +114,7 @@ test('Always focus edit tab first on edit', async ({page}) => {
   // Switch to preview tab and save
   await page.click('#issue-1 .comment-container .context-menu');
   await page.click('#issue-1 .comment-container .menu>.edit-content');
-  await page.locator('#issue-1 .comment-container a[data-tab-for=markdown-previewer]').click();
+  await page.locator('#issue-1 .comment-container [data-tab-for=markdown-previewer]').click();
   await page.click('#issue-1 .comment-container .save');
 
   await page.waitForLoadState();
@@ -69,12 +122,12 @@ test('Always focus edit tab first on edit', async ({page}) => {
   // Edit again and assert that edit tab should be active (and not preview tab)
   await page.click('#issue-1 .comment-container .context-menu');
   await page.click('#issue-1 .comment-container .menu>.edit-content');
-  const editTab = page.locator('#issue-1 .comment-container a[data-tab-for=markdown-writer]');
-  const previewTab = page.locator('#issue-1 .comment-container a[data-tab-for=markdown-previewer]');
+  const editTab = page.locator('#issue-1 .comment-container [data-tab-for=markdown-writer]');
+  const previewTab = page.locator('#issue-1 .comment-container [data-tab-for=markdown-previewer]');
 
   await expect(editTab).toHaveClass(/active/);
   await expect(previewTab).not.toHaveClass(/active/);
-  await save_visual(page);
+  await screenshot(page, page.locator('.issue-content-left'));
 });
 
 test('Reset content of comment edit field on cancel', async ({page}) => {
@@ -95,7 +148,7 @@ test('Reset content of comment edit field on cancel', async ({page}) => {
   await page.click('#issue-1 .comment-container .context-menu');
   await page.click('#issue-1 .comment-container .menu>.edit-content');
   await expect(editorTextarea).toHaveValue('content for the first issue');
-  await save_visual(page);
+  await screenshot(page, page.locator('.issue-content-left'));
 });
 
 test('Quote reply', async ({page}, workerInfo) => {
@@ -236,3 +289,34 @@ test('Emoji suggestions', async ({page}) => {
   const item = suggestionList.locator(`li:has-text("forgejo")`);
   await expect(item.locator('img')).toHaveAttribute('src', '/assets/img/emoji/forgejo.png');
 });
+
+test('Comment history', async ({page}) => {
+  const response = await page.goto('/user2/repo1/issues/new');
+  expect(response?.status()).toBe(200);
+
+  // Create a new issue.
+  await page.getByPlaceholder('Title').fill('Just a title');
+  await page.getByPlaceholder('Leave a comment').fill('Hi, have you considered using a rotating fish as logo?');
+  await page.getByRole('button', {name: 'Create issue'}).click();
+  await expect(page).toHaveURL(/\/user2\/repo1\/issues\/\d+$/);
+
+  page.on('dialog', (dialog) => dialog.accept());
+
+  // Make a change.
+  const editorTextarea = page.locator('[id="_combo_markdown_editor_1"]');
+  await page.click('.comment-container .context-menu');
+  await page.click('.comment-container .menu>.edit-content');
+  await editorTextarea.fill(dynamic_id());
+  await page.click('.comment-container .edit .save');
+
+  // Reload the page so the edited bit is rendered.
+  await page.reload();
+
+  await page.getByText('• edited').click();
+  await page.click('.content-history-menu .item:nth-child(1)');
+  await page.getByText('Options').click();
+  await page.getByText('Delete from history').click();
+
+  await page.getByText('• edited').click();
+  await expect(page.locator(".content-history-menu .item s span[data-history-is-deleted='1']")).toBeVisible();
+});
diff --git a/tests/e2e/issue-sidebar.test.e2e.ts b/tests/e2e/issue-sidebar.test.e2e.ts
index f181185d69..f8f0fadbd5 100644
--- a/tests/e2e/issue-sidebar.test.e2e.ts
+++ b/tests/e2e/issue-sidebar.test.e2e.ts
@@ -7,7 +7,8 @@
 /* eslint playwright/expect-expect: ["error", { "assertFunctionNames": ["check_wip"] }] */
 
 import {expect, type Page} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -194,7 +195,7 @@ test('New Issue: Assignees', async ({page}, workerInfo) => {
   await page.locator('.select-assignees .menu .item').filter({hasText: 'user4'}).click();
   await page.locator('.select-assignees.dropdown').click();
   await expect(assigneesList.filter({hasText: 'user4'})).toBeVisible();
-  await save_visual(page);
+  await screenshot(page, page.locator('.issue-content-right'));
 
   // remove user4
   await page.locator('.select-assignees.dropdown').click();
@@ -212,7 +213,7 @@ test('New Issue: Assignees', async ({page}, workerInfo) => {
   await page.fill('.select-assignees .menu .search input', '');
   await page.locator('.select-assignees.dropdown .no-select.item').click();
   await expect(page.locator('.select-assign-me')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page, page.locator('div.filter.menu[data-id="#assignee_ids"]'), 30);
 });
 
 test('Issue: Milestone', async ({page}, workerInfo) => {
@@ -247,19 +248,20 @@ test('New Issue: Milestone', async ({page}, workerInfo) => {
   const selectedMilestone = page.locator('.issue-content-right .select-milestone.list');
   const milestoneDropdown = page.locator('.issue-content-right .select-milestone.dropdown');
   await expect(selectedMilestone).toContainText('No milestone');
-  await save_visual(page);
+  await screenshot(page, page.locator('.issue-content-right'));
 
   // Add milestone.
   await milestoneDropdown.click();
+  await screenshot(page, page.locator('.menu.transition.visible'), 30);
   await page.getByRole('option', {name: 'milestone1'}).click();
   await expect(selectedMilestone).toContainText('milestone1');
-  await save_visual(page);
+  await screenshot(page, page.locator('.issue-content-right'));
 
   // Clear milestone.
   await milestoneDropdown.click();
   await page.getByText('Clear milestone', {exact: true}).click();
   await expect(selectedMilestone).toContainText('No milestone');
-  await save_visual(page);
+  await screenshot(page, page.locator('.issue-content-right'));
 });
 
 test.describe('Dependency dropdown', () => {
diff --git a/tests/e2e/issue-timetracking.test.e2e.ts b/tests/e2e/issue-timetracking.test.e2e.ts
index 901cbe793f..1cb65190bf 100644
--- a/tests/e2e/issue-timetracking.test.e2e.ts
+++ b/tests/e2e/issue-timetracking.test.e2e.ts
@@ -5,7 +5,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {test, save_visual} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -31,7 +32,7 @@ test('Issue timetracking', async ({page}) => {
   // Verify it is shown in the issue sidebar
   await expect(page.locator('.issue-content-right .comments')).toContainText('Total time spent: 5 hours 32 minutes');
 
-  await save_visual(page);
+  await screenshot(page);
 
   // Delete the added time.
   await page.getByRole('button', {name: 'Delete this time log'}).click();
diff --git a/tests/e2e/login.test.e2e.ts b/tests/e2e/login.test.e2e.ts
index 01cf4d7b8d..465b9577d4 100644
--- a/tests/e2e/login.test.e2e.ts
+++ b/tests/e2e/login.test.e2e.ts
@@ -8,7 +8,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {test, save_visual, test_context} from './utils_e2e.ts';
+import {test, test_context} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test('Mismatched ROOT_URL', async ({browser}, workerInfo) => {
   test.skip(['Mobile Safari', 'webkit'].includes(workerInfo.project.name), 'init script gets randomly ignored');
@@ -27,7 +28,7 @@ test('Mismatched ROOT_URL', async ({browser}, workerInfo) => {
   const response = await page.goto('/user/login');
   expect(response?.status()).toBe(200);
 
-  await save_visual(page);
+  await screenshot(page);
   const globalError = page.locator('.js-global-error');
   await expect(globalError).toContainText('This Forgejo instance is configured to be served on ');
   await expect(globalError).toContainText('You are currently viewing Forgejo through a different URL, which may cause parts of the application to break. The canonical URL is controlled by Forgejo admins via the ROOT_URL setting in the app.ini.');
diff --git a/tests/e2e/markdown-editor.test.e2e.ts b/tests/e2e/markdown-editor.test.e2e.ts
index c2d4057bc9..132fa23988 100644
--- a/tests/e2e/markdown-editor.test.e2e.ts
+++ b/tests/e2e/markdown-editor.test.e2e.ts
@@ -8,7 +8,8 @@
 
 import {expect} from '@playwright/test';
 import {accessibilityCheck} from './shared/accessibility.ts';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -38,7 +39,7 @@ test('Markdown image preview behaviour', async ({page}, workerInfo) => {
   // Check for the image preview via the expected attribute
   const preview = page.locator('div[data-tab="preview"] p[dir="auto"] a');
   await expect(preview).toHaveAttribute('href', 'http://localhost:3003/user2/repo1/media/branch/master/assets/logo.svg');
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('Markdown indentation via toolbar', async ({page}) => {
@@ -196,6 +197,13 @@ test('markdown indentation with Tab', async ({page}) => {
   await textarea.pressSequentially('  ');
   await textarea.press('Shift+Tab');
   await expect(textarea).toHaveValue(initText);
+
+  // Check that indentation tokens not at the start of the string do not interrupt indentation
+  await textarea.focus();
+  await textarea.fill(initText);
+  await textarea.pressSequentially(tab);
+  await textarea.press('Tab');
+  await expect(textarea).toHaveValue(`* first\n* second\n* third\n    * last    `);
 });
 
 test('markdown block quote indentation', async ({page}) => {
@@ -352,7 +360,7 @@ test('Markdown insert table', async ({page}) => {
 
   const newTableModal = page.locator('div[data-markdown-table-modal-id="0"]');
   await expect(newTableModal).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 
   await newTableModal.locator('input[name="table-rows"]').fill('3');
   await newTableModal.locator('input[name="table-columns"]').fill('2');
@@ -363,10 +371,12 @@ test('Markdown insert table', async ({page}) => {
 
   const textarea = page.locator('textarea[name=content]');
   await expect(textarea).toHaveValue('| Header  | Header  |\n|---------|---------|\n| Content | Content |\n| Content | Content |\n| Content | Content |\n');
-  await save_visual(page);
+  await screenshot(page);
 });
 
-test('Markdown insert link', async ({page}) => {
+test('Markdown insert link', async ({page}, workerInfo) => {
+  test.skip(['Mobile Safari', 'webkit'].includes(workerInfo.project.name), 'Unreliable in this test');
+
   const response = await page.goto('/user2/repo1/issues/new');
   expect(response?.status()).toBe(200);
 
@@ -376,7 +386,7 @@ test('Markdown insert link', async ({page}) => {
   const newLinkModal = page.locator('div[data-markdown-link-modal-id="0"]');
   await expect(newLinkModal).toBeVisible();
   await accessibilityCheck({page}, ['[data-modal-name="new-markdown-link"]'], [], []);
-  await save_visual(page);
+  await screenshot(page);
 
   const url = 'https://example.com';
   const description = 'Where does this lead?';
@@ -390,7 +400,7 @@ test('Markdown insert link', async ({page}) => {
 
   const textarea = page.locator('textarea[name=content]');
   await expect(textarea).toHaveValue(`[${description}](${url})`);
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('text expander has higher prio then prefix continuation', async ({page}) => {
@@ -438,25 +448,29 @@ test('Combo Markdown: preview mode switch', async ({page}) => {
   await textarea.fill('**Content** :100: _100_');
 
   // Switch to preview mode
-  await page.locator('a[data-tab-for="markdown-previewer"]').click();
+  await page.locator('[data-tab-for="markdown-previewer"]').click();
 
   // Verify that the related UI elements were switched correctly
   await expect(toolbarItem).toBeHidden();
   await expect(editorPanel).toBeHidden();
   await expect(previewPanel).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 
   // Verify that some content rendered
   await expect(page.locator('[data-tab-panel="markdown-previewer"] .emoji[data-alias="100"]')).toBeVisible();
 
   // Switch back to edit mode
-  await page.locator('a[data-tab-for="markdown-writer"]').click();
+  await page.locator('[data-tab-for="markdown-writer"]').click();
 
   // Verify that the related UI elements were switched back correctly
   await expect(toolbarItem).toBeVisible();
   await expect(editorPanel).toBeVisible();
   await expect(previewPanel).toBeHidden();
-  await save_visual(page);
+
+  // Validate switch height: it is customized to be same height as other buttons on the panel
+  expect(await page.locator('markdown-toolbar .switch').evaluate((el) => getComputedStyle(el).height)).toBe(await page.locator('md-header.markdown-toolbar-button').evaluate((el) => getComputedStyle(el).height));
+
+  await screenshot(page);
 });
 
 test('Multiple combo markdown: insert table', async ({page}) => {
@@ -493,7 +507,7 @@ test('Multiple combo markdown: insert table', async ({page}) => {
 
   await expect(comboboxOne).toHaveValue('| Header  | Header  |\n|---------|---------|\n| Content | Content |\n| Content | Content |\n| Content | Content |\n');
   await expect(comboboxTwo).toBeEmpty();
-  await save_visual(page);
+  await screenshot(page);
 
   // focus second one and add table to it
   await textareaTwo.click();
@@ -515,7 +529,7 @@ test('Multiple combo markdown: insert table', async ({page}) => {
 
   await expect(comboboxOne).toHaveValue('| Header  | Header  |\n|---------|---------|\n| Content | Content |\n| Content | Content |\n| Content | Content |\n');
   await expect(comboboxTwo).toHaveValue('| Header  | Header  | Header  |\n|---------|---------|---------|\n| Content | Content | Content |\n| Content | Content | Content |\n');
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('Markdown bold/italic toolbar and shortcut', async ({page}) => {
diff --git a/tests/e2e/markup.test.e2e.ts b/tests/e2e/markup.test.e2e.ts
index b26e83661b..a5e859f677 100644
--- a/tests/e2e/markup.test.e2e.ts
+++ b/tests/e2e/markup.test.e2e.ts
@@ -3,7 +3,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test('markup with #xyz-mode-only', async ({page}, workerInfo) => {
   test.skip(['webkit', 'Mobile Safari'].includes(workerInfo.project.name), 'Newest version contains a regression');
@@ -14,5 +15,5 @@ test('markup with #xyz-mode-only', async ({page}, workerInfo) => {
   await expect(comment).toBeVisible();
   await expect(comment.locator('[src$="#gh-light-mode-only"]')).toBeVisible();
   await expect(comment.locator('[src$="#gh-dark-mode-only"]')).toBeHidden();
-  await save_visual(page);
+  await screenshot(page);
 });
diff --git a/tests/e2e/modal.test.e2e.ts b/tests/e2e/modal.test.e2e.ts
index dbcfcb3ea4..946a7f6d46 100644
--- a/tests/e2e/modal.test.e2e.ts
+++ b/tests/e2e/modal.test.e2e.ts
@@ -7,7 +7,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, dynamic_id, test} from './utils_e2e.ts';
+import {dynamic_id, test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -33,7 +34,7 @@ test('Dialog modal', async ({page}, workerInfo) => {
   await page.keyboard.press('Backspace');
 
   await page.locator('#commit-button').click();
-  await save_visual(page);
+  await screenshot(page);
   await expect(page.locator('#edit-empty-content-modal')).toBeVisible();
 
   await page.locator('#edit-empty-content-modal .cancel').click();
diff --git a/tests/e2e/org-settings.test.e2e.ts b/tests/e2e/org-settings.test.e2e.ts
index df554e0674..b604ef0e8c 100644
--- a/tests/e2e/org-settings.test.e2e.ts
+++ b/tests/e2e/org-settings.test.e2e.ts
@@ -5,23 +5,25 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 import {validate_form} from './shared/forms.ts';
 
 test.use({user: 'user2'});
 
 test('org team settings', async ({page}, workerInfo) => {
-  test.skip(workerInfo.project.name === 'Mobile Safari', 'Cannot get it to work - as usual');
+  test.skip(['Mobile Safari', 'webkit'].includes(workerInfo.project.name), 'Unreliable in this test');
+
   const response = await page.goto('/org/org3/teams/team1/edit');
   expect(response?.status()).toBe(200);
 
   await page.locator('input[name="permission"][value="admin"]').click();
   await expect(page.locator('.hide-unless-checked')).toBeHidden();
-  await save_visual(page);
+  await screenshot(page);
 
   await page.locator('input[name="permission"][value="read"]').click();
   await expect(page.locator('.hide-unless-checked')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 
   // we are validating the form here to include the part that could be hidden
   await validate_form({page});
diff --git a/tests/e2e/pr-review.test.e2e.ts b/tests/e2e/pr-review.test.e2e.ts
index 4e95e0aa69..22f3971202 100644
--- a/tests/e2e/pr-review.test.e2e.ts
+++ b/tests/e2e/pr-review.test.e2e.ts
@@ -7,7 +7,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -16,18 +17,18 @@ test('PR: Create review from files', async ({page}) => {
   expect(response?.status()).toBe(200);
 
   await expect(page.locator('.tippy-box .review-box-panel')).toBeHidden();
-  await save_visual(page);
+  await screenshot(page);
 
   // Review panel should appear after clicking Finish review
   await page.locator('#review-box .js-btn-review').click();
   await expect(page.locator('.tippy-box .review-box-panel')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 
   await page.locator('.review-box-panel textarea#_combo_markdown_editor_0')
     .fill('This is a review');
   await page.locator('.review-box-panel button.btn-submit[value="approve"]').click();
   await page.waitForURL(/.*\/user2\/repo1\/pulls\/5#issuecomment-\d+/);
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('PR: Create review from commit', async ({page}) => {
@@ -39,7 +40,7 @@ test('PR: Create review from commit', async ({page}) => {
   await expect(code_comment).toBeVisible();
 
   await code_comment.fill('This is a code comment');
-  await save_visual(page);
+  await screenshot(page);
 
   const start_button = page.locator('.comment-code-cloud form button.btn-start-review');
   // Workaround for #7152, where there might already be a pending review state from previous
@@ -58,13 +59,13 @@ test('PR: Create review from commit', async ({page}) => {
 
   await page.locator('#review-box .js-btn-review').click();
   await expect(page.locator('.tippy-box .review-box-panel')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 
   await page.locator('.review-box-panel textarea.markdown-text-editor')
     .fill('This is a review');
   await page.locator('.review-box-panel button.btn-submit[value="approve"]').click();
   await page.waitForURL(/.*\/user2\/repo1\/pulls\/3#issuecomment-\d+/);
-  await save_visual(page);
+  await screenshot(page);
 
   // In addition to testing the ability to delete comments, this also
   // performs clean up. If tests are run for multiple platforms, the data isn't reset
@@ -79,7 +80,7 @@ test('PR: Create review from commit', async ({page}) => {
   await page.locator('.comment-header-right.actions div.menu .delete-comment').click();
 
   await expect(page.locator('.comment-list .comment-container')).toBeHidden();
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('PR: Navigate by single commit', async ({page}) => {
@@ -88,7 +89,7 @@ test('PR: Navigate by single commit', async ({page}) => {
 
   await page.locator('tbody.commit-list td.message a').nth(1).click();
   await page.waitForURL(/.*\/user2\/repo1\/pulls\/3\/commits\/4a357436d925b5c974181ff12a994538ddc5a269/);
-  await save_visual(page);
+  await screenshot(page);
 
   let prevButton = page.locator('.commit-header-buttons').getByText(/Prev/);
   let nextButton = page.locator('.commit-header-buttons').getByText(/Next/);
@@ -101,7 +102,7 @@ test('PR: Navigate by single commit', async ({page}) => {
   await nextButton.click();
 
   await page.waitForURL(/.*\/user2\/repo1\/pulls\/3\/commits\/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd/);
-  await save_visual(page);
+  await screenshot(page);
 
   prevButton = page.locator('.commit-header-buttons').getByText(/Prev/);
   nextButton = page.locator('.commit-header-buttons').getByText(/Next/);
@@ -122,7 +123,7 @@ test('PR: Test mentions values', async ({page}) => {
 
   await page.locator('.review-box-panel textarea#_combo_markdown_editor_0')
     .fill('@');
-  await save_visual(page);
+  await screenshot(page);
 
   await expect(page.locator('ul.suggestions li span:first-of-type')).toContainText([
     'user1',
diff --git a/tests/e2e/pr-title.test.e2e.ts b/tests/e2e/pr-title.test.e2e.ts
index 390cc81298..2d2c108cb5 100644
--- a/tests/e2e/pr-title.test.e2e.ts
+++ b/tests/e2e/pr-title.test.e2e.ts
@@ -7,7 +7,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -16,10 +17,10 @@ test('PR: title edit', async ({page}) => {
   expect(response?.status()).toBe(200);
 
   await expect(page.locator('#editable-label')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 
   // Labels AGit and Editable are hidden when title is in edit mode
   await page.locator('#issue-title-edit-show').click();
   await expect(page.locator('#editable-label')).toBeHidden();
-  await save_visual(page);
+  await screenshot(page);
 });
diff --git a/tests/e2e/profile_actions.test.e2e.ts b/tests/e2e/profile_actions.test.e2e.ts
index e27ecf64cf..8f4293d749 100644
--- a/tests/e2e/profile_actions.test.e2e.ts
+++ b/tests/e2e/profile_actions.test.e2e.ts
@@ -6,11 +6,14 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
-test('Follow and block actions', async ({page}) => {
+test('Follow and block actions', async ({page}, workerInfo) => {
+  test.skip(workerInfo.project.name === 'Mobile Safari', 'Mobile Safari is unreliable in this test');
+
   await page.goto('/user1');
 
   // Check if following and then unfollowing works.
@@ -32,7 +35,7 @@ test('Follow and block actions', async ({page}) => {
 
   await blockButton.click();
   await expect(page.locator('#block-user')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
   await page.locator('#block-user .ok').click();
   await expect(blockButton).toContainText('Unblock');
   await expect(page.locator('#block-user')).toBeHidden();
@@ -42,7 +45,7 @@ test('Follow and block actions', async ({page}) => {
   const flashMessage = page.locator('#flash-message');
   await expect(flashMessage).toBeVisible();
   await expect(flashMessage).toContainText('You cannot follow this user because you have blocked this user or this user has blocked you.');
-  await save_visual(page);
+  await screenshot(page);
 
   // Unblock interaction.
   await actionsDropdownBtn.click();
diff --git a/tests/e2e/reaction-selectors.test.e2e.ts b/tests/e2e/reaction-selectors.test.e2e.ts
index 54b7d91869..598369ffa3 100644
--- a/tests/e2e/reaction-selectors.test.e2e.ts
+++ b/tests/e2e/reaction-selectors.test.e2e.ts
@@ -4,7 +4,8 @@
 // @watch end
 
 import {expect, type Locator} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -62,5 +63,5 @@ test('Reaction Selectors', async ({page}) => {
 
   await toggleReaction(topPicker, 'laugh');
   await assertReactionCounts(comment, {'laugh': 2});
-  await save_visual(page);
+  await screenshot(page);
 });
diff --git a/tests/e2e/relative-time.test.e2e.ts b/tests/e2e/relative-time.test.e2e.ts
index ab8bbc19de..19e151fa79 100644
--- a/tests/e2e/relative-time.test.e2e.ts
+++ b/tests/e2e/relative-time.test.e2e.ts
@@ -24,7 +24,7 @@ test('Relative time after htmx swap', async ({page}, workerInfo) => {
   const body = page.locator('body');
   await body.evaluate(
     (element) =>
-      new Promise((resolve) =>
+      new Promise<void>((resolve) =>
         element.addEventListener('htmx:afterSwap', () => {
           resolve();
         }),
diff --git a/tests/e2e/release.test.e2e.ts b/tests/e2e/release.test.e2e.ts
index a4303a7320..3d37b34e77 100644
--- a/tests/e2e/release.test.e2e.ts
+++ b/tests/e2e/release.test.e2e.ts
@@ -9,12 +9,13 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 import {validate_form} from './shared/forms.ts';
 
 test.use({user: 'user2'});
 
-test.describe('repo branch protection settings', () => {
+test.describe('Releases', () => {
   test('External Release Attachments', async ({page, isMobile}, workerInfo) => {
     test.skip(isMobile || workerInfo.project.name === 'webkit');
 
@@ -33,7 +34,7 @@ test.describe('repo branch protection settings', () => {
     await page.fill('input[name=attachment-new-name-2]', 'Test');
     await page.fill('input[name=attachment-new-exturl-2]', 'https://forgejo.org/');
     await page.click('.remove-rel-attach');
-    await save_visual(page);
+    await screenshot(page);
     await page.click('.button.small.primary');
 
     // Validate release page and click edit
@@ -52,7 +53,7 @@ test.describe('repo branch protection settings', () => {
 
     await expect(page.locator('.download[open] li:nth-of-type(3)')).toContainText('Test');
     await expect(page.locator('.download[open] li:nth-of-type(3) a')).toHaveAttribute('href', 'https://forgejo.org/');
-    await save_visual(page);
+    await screenshot(page);
     await page.locator('.octicon-pencil').first().click();
 
     // Validate edit page and edit the release
@@ -67,7 +68,7 @@ test.describe('repo branch protection settings', () => {
     await expect(page.locator('.attachment_edit:visible')).toHaveCount(4);
     await page.locator('.attachment_edit:visible').nth(2).fill('Test3');
     await page.locator('.attachment_edit:visible').nth(3).fill('https://gitea.com/');
-    await save_visual(page);
+    await screenshot(page);
     await page.click('.button.small.primary');
 
     // Validate release page and click edit
@@ -77,7 +78,7 @@ test.describe('repo branch protection settings', () => {
     await expect(page.locator('.download[open] li:nth-of-type(3) a')).toHaveAttribute('href', 'https://gitea.io/');
     await expect(page.locator('.download[open] li:nth-of-type(4)')).toContainText('Test3');
     await expect(page.locator('.download[open] li:nth-of-type(4) a')).toHaveAttribute('href', 'https://gitea.com/');
-    await save_visual(page);
+    await screenshot(page);
     await page.locator('.octicon-pencil').first().click();
   });
 
diff --git a/tests/e2e/rendering-iframe.test.e2e.ts b/tests/e2e/rendering-iframe.test.e2e.ts
new file mode 100644
index 0000000000..507d63705c
--- /dev/null
+++ b/tests/e2e/rendering-iframe.test.e2e.ts
@@ -0,0 +1,61 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// web_src/js/markup/external.js
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test} from './utils_e2e.ts';
+
+test('iframe renderer shrinks to shorter page', async ({page}, _workerInfo) => {
+  const previewPath = '/user2/rendering-test/src/branch/master/short.iframehtml';
+
+  const response = await page.goto(previewPath, {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  const preview = page.locator('iframe.external-render');
+  await expect.poll(async () => {
+    const boundingBox = await preview.boundingBox();
+    return boundingBox.height;
+  }).toBeLessThan(300);
+});
+
+test('iframe renderer expands to taller page', async ({page}, _workerInfo) => {
+  const previewPath = '/user2/rendering-test/src/branch/master/tall.iframehtml';
+
+  const response = await page.goto(previewPath, {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  const preview = page.locator('iframe.external-render');
+  await expect.poll(async () => {
+    const boundingBox = await preview.boundingBox();
+    return boundingBox.height;
+  }).toBeGreaterThan(300);
+});
+
+test('iframe renderer expands to taller page with absolutely-positioned body', async ({page}, _workerInfo) => {
+  const previewPath = '/user2/rendering-test/src/branch/master/absolute.iframehtml';
+
+  const response = await page.goto(previewPath, {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  const preview = page.locator('iframe.external-render');
+  await expect.poll(async () => {
+    const boundingBox = await preview.boundingBox();
+    return boundingBox.height;
+  }).toBeGreaterThan(300);
+});
+
+test('iframe renderer remains at default height if script breaks', async ({page}, _workerInfo) => {
+  const previewPath = '/user2/rendering-test/src/branch/master/fail.iframehtml';
+
+  const response = await page.goto(previewPath, {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  const preview = page.locator('iframe.external-render');
+  await expect.poll(async () => {
+    const boundingBox = await preview.boundingBox();
+    return boundingBox.height;
+  }).toBeCloseTo(300, 0.5);
+});
diff --git a/tests/e2e/repo-code.test.e2e.ts b/tests/e2e/repo-code.test.e2e.ts
index 9f885958cb..48f881af80 100644
--- a/tests/e2e/repo-code.test.e2e.ts
+++ b/tests/e2e/repo-code.test.e2e.ts
@@ -11,7 +11,8 @@
 // @watch end
 
 import {expect, type Page} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 import {accessibilityCheck} from './shared/accessibility.ts';
 
 async function assertSelectedLines(page: Page, nums: string[]) {
@@ -36,7 +37,9 @@ async function assertSelectedLines(page: Page, nums: string[]) {
   return pageAssertions();
 }
 
-test('Line Range Selection', async ({page}) => {
+test('Line Range Selection', async ({page}, workerInfo) => {
+  test.skip(['Mobile Safari', 'webkit'].includes(workerInfo.project.name), 'Unreliable in this test');
+
   const filePath = '/user2/repo1/src/branch/master/README.md?display=source';
 
   const response = await page.goto(filePath);
@@ -55,7 +58,7 @@ test('Line Range Selection', async ({page}) => {
   // out-of-bounds end line
   await page.goto(`${filePath}#L1-L100`);
   await assertSelectedLines(page, ['1', '2', '3']);
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('Readable diff', async ({page}, workerInfo) => {
@@ -82,7 +85,7 @@ test('Readable diff', async ({page}, workerInfo) => {
       await expect(page.getByText(thisDiff.added, {exact: true})).toHaveCSS('background-color', 'rgb(134, 239, 172)');
     }
   }
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test.describe('As authenticated user', () => {
@@ -95,14 +98,14 @@ test.describe('As authenticated user', () => {
     await expect(page.getByRole('link', {name: '@user2'})).toHaveCSS('background-color', /(.*)/);
     await expect(page.getByRole('link', {name: '@user1'})).toHaveCSS('background-color', 'rgba(0, 0, 0, 0)');
     await accessibilityCheck({page}, ['.commit-header'], [], []);
-    await save_visual(page);
+    await screenshot(page);
     // check second commit
     await page.goto('/user2/mentions-highlighted/commits/branch/main');
     await page.locator('tbody').getByRole('link', {name: 'Another commit which mentions'}).click();
     await expect(page.getByRole('link', {name: '@user2'})).toHaveCSS('background-color', /(.*)/);
     await expect(page.getByRole('link', {name: '@user1'})).toHaveCSS('background-color', 'rgba(0, 0, 0, 0)');
     await accessibilityCheck({page}, ['.commit-header'], [], []);
-    await save_visual(page);
+    await screenshot(page);
   });
 });
 
diff --git a/tests/e2e/repo-commitgraph.test.e2e.ts b/tests/e2e/repo-commitgraph.test.e2e.ts
index e8b85c5997..716b77adee 100644
--- a/tests/e2e/repo-commitgraph.test.e2e.ts
+++ b/tests/e2e/repo-commitgraph.test.e2e.ts
@@ -5,7 +5,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test('Commit graph overflow', async ({page}) => {
   const response = await page.goto('/user2/repo1/graph');
@@ -28,7 +29,7 @@ test('Commit graph overflow', async ({page}) => {
   await expect(page.getByRole('button', {name: 'Mono'})).toBeInViewport({ratio: 1});
   await expect(page.getByRole('button', {name: 'Color'})).toBeInViewport({ratio: 1});
   await expect(page.locator('.selection.search.dropdown')).toBeInViewport({ratio: 1});
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('Switch branch', async ({page}) => {
@@ -45,5 +46,5 @@ test('Switch branch', async ({page}) => {
   await expect(page.locator('#loading-indicator')).toBeHidden();
   await expect(page.locator('#rel-container')).toBeVisible();
   await expect(page.locator('#rev-container')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 });
diff --git a/tests/e2e/repo-files.test.e2e.ts b/tests/e2e/repo-files.test.e2e.ts
new file mode 100644
index 0000000000..4ec359b989
--- /dev/null
+++ b/tests/e2e/repo-files.test.e2e.ts
@@ -0,0 +1,100 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+// @watch start
+// templates/repo/editor/**
+// web_src/js/features/common-global.js
+// routers/web/web.go
+// services/repository/files/**
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test, dynamic_id} from './utils_e2e.ts';
+
+test.use({user: 'user2'});
+
+interface TestCase {
+  description: string;
+  files: string[];
+}
+
+async function doUpload({page}, testCase: TestCase) {
+  await page.goto(`/user2/file-uploads/_upload/main/`);
+  const testID = dynamic_id();
+  const dropzone = page.getByRole('button', {name: 'Drop files or click here to upload.'});
+
+  // create the virtual files
+  const dataTransfer = await page.evaluateHandle((testCase: TestCase) => {
+    const dt = new DataTransfer();
+    for (const filename of testCase.files) {
+      dt.items.add(new File([`File content of ${filename}`], filename, {type: 'text/plain'}));
+    }
+    return dt;
+  }, testCase);
+  // and drop them to the upload area
+  await dropzone.dispatchEvent('drop', {dataTransfer});
+
+  await page.getByText('new branch').click();
+
+  await page.getByRole('textbox', {name: 'Name the new branch for this'}).fill(testID);
+  // ToDo: Potential race condition: We do not currently wait for the upload to complete.
+  // See https://codeberg.org/forgejo/forgejo/pulls/6687#issuecomment-5068272 and
+  // https://codeberg.org/forgejo/forgejo/issues/5893#issuecomment-5068266 for details.
+  // Workaround is to wait (the uploads are just a few bytes and usually complete instantly)
+  //
+  // eslint-disable-next-line playwright/no-wait-for-timeout
+  await page.waitForTimeout(100);
+
+  await page.getByRole('button', {name: 'Propose file change'}).click();
+}
+
+test.describe('Drag and Drop upload', () => {
+  const goodTestCases: TestCase[] = [
+    {
+      description: 'normal and special characters',
+      files: [
+        'dir1/file1.txt',
+        'double/nested/file.txt',
+        'special/äüöÄÜÖß.txt',
+        'special/Ʉ₦ł₵ØĐɆ.txt',
+      ],
+    },
+    {
+      description: 'strange paths and spaces',
+      files: [
+        '..dots.txt',
+        '.dots.preserved.txt',
+        'special/S P  A   C   E    !.txt',
+      ],
+    },
+  ];
+
+  // actual good tests based on definition above
+  for (const testCase of goodTestCases) {
+    test(`good: ${testCase.description}`, async ({page}) => {
+      await doUpload({page}, testCase);
+
+      // check that nested file structure is preserved
+      for (const filename of testCase.files) {
+        await expect(page.locator('#diff-file-boxes').getByRole('link', {name: filename})).toBeVisible();
+      }
+    });
+  }
+
+  const badTestCases: TestCase[] = [
+    {
+      description: 'broken path slash in front',
+      files: [
+        '/special/badfirstslash.txt',
+      ],
+    },
+  ];
+
+  // actual bad tests based on definition above
+  for (const testCase of badTestCases) {
+    test(`bad: ${testCase.description}`, async ({page}) => {
+      await doUpload({page}, testCase);
+      await expect(page.getByText('Failed to upload files to')).toBeVisible();
+    });
+  }
+});
diff --git a/tests/e2e/repo-home.test.e2e.ts b/tests/e2e/repo-home.test.e2e.ts
index 6f3d6c373b..53fcdd77f1 100644
--- a/tests/e2e/repo-home.test.e2e.ts
+++ b/tests/e2e/repo-home.test.e2e.ts
@@ -1,25 +1,34 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 // @watch start
 // web_src/js/components/RepoBranchTagSelector.vue
 // web_src/js/features/common-global.js
 // web_src/css/repo.css
+// web_src/css/modules/stats-bar.css
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
+
+test('Language stats bar', async ({browser}) => {
+  // This test doesn't need JS and runs a little faster without it
+  const context = await browser.newContext({javaScriptEnabled: false});
+  const page = await context.newPage();
 
-test('Language stats bar', async ({page}) => {
   const response = await page.goto('/user2/language-stats-test');
   expect(response?.status()).toBe(200);
 
-  await expect(page.locator('#language-stats-legend')).toBeHidden();
+  await expect(page.locator('#language-stats ul')).toBeHidden();
 
-  await page.click('#language-stats-bar');
-  await expect(page.locator('#language-stats-legend')).toBeVisible();
-  await save_visual(page);
+  await page.click('#language-stats summary');
+  await expect(page.locator('#language-stats ul')).toBeVisible();
+  await screenshot(page);
 
-  await page.click('#language-stats-bar');
-  await expect(page.locator('#language-stats-legend')).toBeHidden();
-  await save_visual(page);
+  await page.click('#language-stats summary');
+  await expect(page.locator('#language-stats ul')).toBeHidden();
+  await screenshot(page);
 });
 
 test('Branch selector commit icon', async ({page}) => {
diff --git a/tests/e2e/repo-labels.test.e2e.ts b/tests/e2e/repo-labels.test.e2e.ts
new file mode 100644
index 0000000000..e7d5ce32bf
--- /dev/null
+++ b/tests/e2e/repo-labels.test.e2e.ts
@@ -0,0 +1,43 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// templates/repo/issues/labels/**
+// web_src/js/features/comp/LabelEdit.js
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test, dynamic_id} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
+
+test.use({user: 'user2'});
+
+test('New label', async ({page}) => {
+  const response = await page.goto('/user2/repo1/labels');
+  expect(response?.status()).toBe(200);
+
+  await page.getByRole('button', {name: 'New label'}).click();
+  await expect(page.locator('#new-label-modal')).toBeVisible();
+  await screenshot(page, page.locator('#new-label-modal'));
+
+  const labelName = dynamic_id();
+  await page.keyboard.type(labelName);
+  await page.getByRole('button', {name: 'Create label'}).click();
+
+  await page.locator('.label-title').filter({hasText: labelName}).isVisible();
+});
+
+test('Edit label', async ({page}) => {
+  const response = await page.goto('/user2/repo1/labels');
+  expect(response?.status()).toBe(200);
+
+  await page.getByText('Edit').first().click();
+  await expect(page.locator('#edit-label-modal')).toBeVisible();
+  await screenshot(page, page.locator('#edit-label-modal'));
+
+  const labelName = dynamic_id();
+  await page.keyboard.type(labelName);
+  await page.getByRole('button', {name: 'Save'}).click();
+
+  await page.locator('.label-title').filter({hasText: labelName}).isVisible();
+});
diff --git a/tests/e2e/repo-migrate.test.e2e.ts b/tests/e2e/repo-migrate.test.e2e.ts
index f0be73e777..26619547ae 100644
--- a/tests/e2e/repo-migrate.test.e2e.ts
+++ b/tests/e2e/repo-migrate.test.e2e.ts
@@ -3,7 +3,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {test, save_visual, test_context, dynamic_id} from './utils_e2e.ts';
+import {test, test_context, dynamic_id} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
@@ -22,7 +23,7 @@ test('Migration type seleciton screen', async ({page}) => {
   await expect(page.locator('svg.gitea-gitbucket')).toBeVisible();
   await expect(page.locator('svg.gitea-codebase')).toBeVisible();
 
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('Migration Repo Name detection', async ({page}, workerInfo) => {
@@ -50,7 +51,7 @@ test('Migration Repo Name detection', async ({page}, workerInfo) => {
   await expect(form.getByRole('textbox', {name: 'Repository Name'})).toHaveValue('test');
 
   // Save screenshot only once
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('Migration Progress Page', async ({page, browser}, workerInfo) => {
@@ -64,10 +65,10 @@ test('Migration Progress Page', async ({page, browser}, workerInfo) => {
   const form = page.locator('form');
   await form.getByRole('textbox', {name: 'Repository Name'}).fill(repoName);
   await form.getByRole('textbox', {name: 'Migrate / Clone from URL'}).fill(`https://codeberg.org/forgejo/${repoName}`);
-  await save_visual(page);
+  await screenshot(page);
   await form.locator('button.primary').click({timeout: 5000});
   await expect(page).toHaveURL(`user2/${repoName}`);
-  await save_visual(page);
+  await screenshot(page);
 
   const ctx = await test_context(browser, {storageState: {cookies: [], origins: []}});
   const unauthenticatedPage = await ctx.newPage();
@@ -76,13 +77,13 @@ test('Migration Progress Page', async ({page, browser}, workerInfo) => {
 
   await page.reload();
   await expect(page.locator('#repo_migrating_failed')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
   await page.getByRole('button', {name: 'Delete this repository'}).click();
   const deleteModal = page.locator('#delete-repo-modal');
   await deleteModal.getByRole('textbox', {name: 'Confirmation string'}).fill(`user2/${repoName}`);
-  await save_visual(page);
+  await screenshot(page);
   await deleteModal.getByRole('button', {name: 'Delete repository'}).click();
   await expect(page).toHaveURL('/');
   // checked last to preserve the order of screenshots from first run
-  await save_visual(unauthenticatedPage);
+  await screenshot(unauthenticatedPage);
 });
diff --git a/tests/e2e/repo-new.test.e2e.ts b/tests/e2e/repo-new.test.e2e.ts
index ed5e0beb00..bbe0652fba 100644
--- a/tests/e2e/repo-new.test.e2e.ts
+++ b/tests/e2e/repo-new.test.e2e.ts
@@ -4,7 +4,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {test, dynamic_id, save_visual} from './utils_e2e.ts';
+import {test, dynamic_id} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 import {validate_form} from './shared/forms.ts';
 
 test.use({user: 'user2'});
@@ -17,12 +18,12 @@ test('New repo: invalid', async ({page}) => {
   await expect(page.getByText('.gitignore Select .gitignore')).toBeHidden();
   await expect(page.getByText('Labels Select a label set')).toBeHidden();
   await validate_form({page}, 'fieldset');
-  await save_visual(page);
+  await screenshot(page);
 
   await page.getByLabel('Repository name').fill('*invalid');
   await page.getByRole('button', {name: 'Create repository'}).click();
   await expect(page.getByText('Repository name should contain only alphanumeric')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('New repo: initialize', async ({page}, workerInfo) => {
@@ -46,7 +47,7 @@ test('New repo: initialize', async ({page}, workerInfo) => {
   await page.getByLabel('Make repository a template').check();
 
   await validate_form({page}, 'fieldset');
-  await save_visual(page);
+  await screenshot(page);
   const reponame = dynamic_id();
   await page.getByLabel('Repository name').fill(reponame);
   await page.getByRole('button', {name: 'Create repository'}).click();
@@ -55,7 +56,7 @@ test('New repo: initialize', async ({page}, workerInfo) => {
   if (!workerInfo.project.name.includes('Mobile')) {
     await expect(page.getByText('Template', {exact: true})).toBeVisible();
   }
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('New repo: initialize later', async ({page}) => {
@@ -72,7 +73,7 @@ test('New repo: initialize later', async ({page}) => {
   expect(page.url()).toBe(`http://localhost:3003/user2/${reponame}`);
   await expect(page.getByRole('link', {name: 'New file'})).toBeVisible();
   await expect(page.getByRole('heading', {name: 'Creating a new repository on'})).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 
   // add a README
   await page.getByRole('link', {name: 'New file'}).click();
@@ -89,7 +90,7 @@ test('New repo: initialize later', async ({page}) => {
   expect(page.url()).toBe(`http://localhost:3003/user2/${reponame}/src/branch/devbranch/README.md`);
   await expect(page.getByRole('link', {name: 'My first commit message'})).toBeVisible();
   await expect(page.getByText('Hello Forgejo!')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('New repo: from template', async ({page}, workerInfo) => {
@@ -101,11 +102,11 @@ test('New repo: from template', async ({page}, workerInfo) => {
   await page.getByRole('group', {name: 'Use a template You can select'}).getByRole('combobox').click();
   await page.getByRole('option', {name: 'user27/template1'}).click();
   await page.getByText('Git content (Default branch)').click();
-  await save_visual(page);
+  await screenshot(page);
   await page.getByLabel('Repository name').fill(reponame);
   await page.getByRole('button', {name: 'Create repository'}).click();
   await expect(page.getByRole('link', {name: `${reponame}.log`})).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('New repo: label set', async ({page}) => {
@@ -117,13 +118,13 @@ test('New repo: label set', async ({page}) => {
   await page.getByRole('option', {name: 'Advanced (Kind/Bug, Kind/'}).click();
   // close dropdown via unrelated click
   await page.getByText('You can select an existing').click();
-  await save_visual(page);
+  await screenshot(page);
   await page.getByLabel('Repository name').fill(reponame);
   await page.getByRole('button', {name: 'Create repository'}).click();
   await page.goto(`/user2/${reponame}/issues`);
   await page.getByRole('link', {name: 'Labels'}).click();
   await expect(page.getByText('Kind/Bug Something is not')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('New repo: gitignore', async ({page}) => {
@@ -140,7 +141,7 @@ test('New repo: gitignore', async ({page}) => {
   await page.getByRole('option', {name: 'NotesAndExtendedConfiguration'}).click();
   await page.getByRole('option', {name: 'MetaProgrammingSystem'}).click();
   await page.getByRole('option', {name: 'AppceleratorTitanium'}).click();
-  await save_visual(page);
+  await screenshot(page);
 
   const segmentWidth = (await page.locator('.segment').boundingBox()).width;
   const dropdownWidth = (await gitignoreDropdown.boundingBox()).width;
diff --git a/tests/e2e/repo-settings.test.e2e.ts b/tests/e2e/repo-settings.test.e2e.ts
index 547b015921..aa57c45e8e 100644
--- a/tests/e2e/repo-settings.test.e2e.ts
+++ b/tests/e2e/repo-settings.test.e2e.ts
@@ -7,7 +7,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {test, save_visual} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 import {validate_form} from './shared/forms.ts';
 
 test.use({user: 'user2'});
@@ -21,13 +22,13 @@ test('repo webhook settings', async ({page}) => {
 
   // check accessibility including the custom events (now visible) part
   await validate_form({page}, 'fieldset');
-  await save_visual(page);
+  await screenshot(page);
 
   await page.locator('input[name="events"][value="push_only"]').click();
   await expect(page.locator('.hide-unless-checked')).toBeHidden();
   await page.locator('input[name="events"][value="send_everything"]').click();
   await expect(page.locator('.hide-unless-checked')).toBeHidden();
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test.describe('repo branch protection settings', () => {
@@ -53,11 +54,11 @@ test.describe('repo branch protection settings', () => {
     // verify header is new
     await expect(page.locator('h4')).toContainText('new');
     await page.locator('input[name="rule_name"]').fill('testrule');
-    await save_visual(page);
+    await screenshot(page);
     await page.locator('button:text("Save rule")').click();
     // verify header is in edit mode
     await page.waitForLoadState('domcontentloaded');
-    await save_visual(page);
+    await screenshot(page);
 
     // find the edit button and click it
     const editButton = page.locator('a[href="/user2/repo1/settings/branches/edit?rule_name=testrule"]');
@@ -65,6 +66,6 @@ test.describe('repo branch protection settings', () => {
 
     await page.waitForLoadState();
     await expect(page.locator('.repo-setting-content .header')).toContainText('Protection rules for branch', {ignoreCase: true, useInnerText: true});
-    await save_visual(page);
+    await screenshot(page);
   });
 });
diff --git a/tests/e2e/repo-wiki.test.e2e.ts b/tests/e2e/repo-wiki.test.e2e.ts
index 61bb2ad181..02ada9e6cc 100644
--- a/tests/e2e/repo-wiki.test.e2e.ts
+++ b/tests/e2e/repo-wiki.test.e2e.ts
@@ -4,7 +4,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 for (const searchTerm of ['space', 'consectetur']) {
   for (const width of [null, 2560, 4000]) {
@@ -25,7 +26,7 @@ for (const searchTerm of ['space', 'consectetur']) {
       await expect(page.locator('#wiki-search a[href]')).toBeInViewport({
         ratio: workerInfo.project.name === 'webkit' ? 0.9 : 1,
       });
-      await save_visual(page);
+      await screenshot(page);
     });
   }
 }
@@ -39,12 +40,12 @@ test(`Search results show titles (and not file names)`, async ({page}, workerInf
   // so we manually "type" the last letter
   await page.getByPlaceholder('Search wiki').dispatchEvent('keyup');
   await expect(page.locator('#wiki-search a[href] b')).toHaveText('Page With Spaced Name');
-  await save_visual(page);
+  await screenshot(page);
 });
 
 test('Wiki unicode-escape', async ({page}) => {
   await page.goto('/user2/unicode-escaping/wiki');
-  await save_visual(page);
+  await screenshot(page);
 
   expect(await page.locator('.ui.message.unicode-escape-prompt').count()).toEqual(3);
 
diff --git a/tests/e2e/right-settings-button.test.e2e.ts b/tests/e2e/right-settings-button.test.e2e.ts
index 3bea329ba0..8daeddacf2 100644
--- a/tests/e2e/right-settings-button.test.e2e.ts
+++ b/tests/e2e/right-settings-button.test.e2e.ts
@@ -5,7 +5,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
+import {test} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test.describe('desktop viewport as user 2', () => {
   test.use({user: 'user2', viewport: {width: 1920, height: 300}});
@@ -54,7 +55,7 @@ test.describe('desktop viewport, unauthenticated', () => {
     await expect(page.locator('.overflow-menu-items>#settings-btn')).toHaveCount(0);
 
     await expect(page.locator('.overflow-menu-button')).toHaveCount(0);
-    await save_visual(page);
+    await screenshot(page);
   });
 });
 
@@ -79,7 +80,7 @@ test.describe('small viewport', () => {
 
     const items = shownItems.concat(overflowItems);
     expect(Array.from(new Set(items))).toHaveLength(items.length);
-    await save_visual(page);
+    await screenshot(page);
   });
 
   test('Settings button in overflow menu of org header', async ({page}) => {
@@ -123,6 +124,6 @@ test.describe('small viewport, unauthenticated', () => {
 
     const items = shownItems.concat(overflowItems);
     expect(Array.from(new Set(items))).toHaveLength(items.length);
-    await save_visual(page);
+    await screenshot(page);
   });
 });
diff --git a/tests/e2e/shared/screenshots.ts b/tests/e2e/shared/screenshots.ts
new file mode 100644
index 0000000000..cf9788e366
--- /dev/null
+++ b/tests/e2e/shared/screenshots.ts
@@ -0,0 +1,89 @@
+import {expect, type Page, type Locator} from '@playwright/test';
+
+// returns element that should be covered before taking the screenshot
+async function masks(page: Page) : Promise<Locator[]> {
+  return [
+    page.locator('.ui.avatar'),
+    page.locator('.sha'),
+    page.locator('#repo_migrating'),
+    // update order of recently created repos is not fully deterministic
+    page.locator('.flex-item-main').filter({hasText: 'relative time in repo'}),
+    page.locator('#activity-feed'),
+    page.locator('#user-heatmap'),
+    // dynamic IDs in fixed-size inputs
+    page.locator('input[value*="dyn-id-"]'),
+  ];
+}
+
+// replaces elements on the page that cause flakiness
+async function screenshot_prepare(page: Page) {
+  await page.waitForLoadState('domcontentloaded');
+  // Version string is dynamic
+  await page.locator('footer .left-links').evaluate((node) => node.innerHTML = 'MOCK');
+
+  // replace timestamps in repos to mask them later down
+  await page.locator('.flex-item-body > relative-time').filter({hasText: /now|minute/}).evaluateAll((nodes) => {
+    for (const node of nodes) node.outerHTML = 'relative time in repo';
+  });
+  // other time elements
+  await page.locator('relative-time').evaluateAll((nodes) => {
+    for (const node of nodes) node.outerHTML = 'time element';
+  });
+  await page.locator('absolute-date').evaluateAll((nodes) => {
+    for (const node of nodes) node.outerHTML = 'time element';
+  });
+
+  // dynamically generated UUIDs
+  await page.getByText('dyn-id-').evaluateAll((nodes) => {
+    for (const node of nodes) node.innerHTML = node.innerHTML.replaceAll(/dyn-id-[a-f0-9-]+/g, 'dynamic-id');
+  });
+  // repeat above, work around https://github.com/microsoft/playwright/issues/34152
+  await page.getByText('dyn-id-').evaluateAll((nodes) => {
+    for (const node of nodes) node.innerHTML = node.innerHTML.replaceAll(/dyn-id-[a-f0-9-]+/g, 'dynamic-id');
+  });
+
+  // attachment IDs in text areas, required for issue-comment-dropzone.
+  // playwright does not (yet?) support filtering for content in input elements, see https://github.com/microsoft/playwright/issues/36166
+  await page.locator('textarea.markdown-text-editor').evaluateAll((nodes: HTMLTextAreaElement[]) => {
+    for (const node of nodes) node.value = node.value.replaceAll(/attachments\/[a-f0-9-]+/g, '/attachments/c1ee9740-dad3-4747-b489-f6fb2e3dfcec');
+  });
+
+  // dynamically created test users
+  await page.getByText('e2e-test-').evaluateAll((nodes) => {
+    for (const node of nodes) node.innerHTML = node.innerHTML.replaceAll(/e2e-test-[0-9-]+/g, 'e2e-test-user');
+  });
+}
+
+export async function screenshot(page: Page, locator?: Locator, margin = 0) {
+  // Optionally include visual testing
+  if (process.env.VISUAL_TEST) {
+    await screenshot_prepare(page);
+    if (locator === undefined) {
+      await screenshot_full(page);
+    } else {
+      await screenshot_selective(page, locator, margin);
+    }
+  }
+}
+
+async function screenshot_selective(page: Page, locator: Locator, margin: number) {
+  const clip = await locator.boundingBox();
+  clip.x = Math.max(clip.x - margin, 0);
+  clip.y = Math.max(clip.y - margin, 0);
+  clip.width += margin * 2;
+  clip.height += margin * 2;
+  await expect(page).toHaveScreenshot({
+    fullPage: true,
+    timeout: 20000,
+    clip,
+    mask: await masks(page),
+  });
+}
+
+async function screenshot_full(page: Page) {
+  await expect(page).toHaveScreenshot({
+    fullPage: true,
+    timeout: 20000,
+    mask: await masks(page),
+  });
+}
diff --git a/tests/e2e/switch.test.e2e.ts b/tests/e2e/switch.test.e2e.ts
index 217a6576b9..6c7b33bbf6 100644
--- a/tests/e2e/switch.test.e2e.ts
+++ b/tests/e2e/switch.test.e2e.ts
@@ -3,6 +3,7 @@
 
 // @watch start
 // web_src/css/modules/switch.css
+// web_src/css/modules/button.css
 // web_src/css/themes
 // @watch end
 
@@ -68,7 +69,7 @@ test('Switch CSS properties', async ({browser}) => {
 
   // E2E already runs clients with both fine and coarse pointer simulated
   // This test will verify that coarse-related CSS is working as intended
-  const itemHeight = await page.evaluate(() => window.matchMedia('(pointer: coarse)').matches) ? 41 : 34;
+  const itemHeight = await page.evaluate(() => window.matchMedia('(pointer: coarse)').matches) ? 38 : 34;
   // In Firefox Math.round is needed because .height is 33.99998474121094
   expect(Math.round((await page.locator('#issue-filters .switch > .item:nth-child(1)').boundingBox()).height)).toBe(itemHeight);
 });
diff --git a/tests/e2e/user-settings.test.e2e.ts b/tests/e2e/user-settings.test.e2e.ts
index 88e6708115..22cec4c8cc 100644
--- a/tests/e2e/user-settings.test.e2e.ts
+++ b/tests/e2e/user-settings.test.e2e.ts
@@ -4,7 +4,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {test, save_visual, login_user, login} from './utils_e2e.ts';
+import {test, login_user, login} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 import {validate_form} from './shared/forms.ts';
 
 test.beforeAll(async ({browser}, workerInfo) => {
@@ -22,7 +23,7 @@ test('User: Profile settings', async ({browser}, workerInfo) => {
   await pronounsInput.click();
   const pronounsList = page.locator('datalist#pronouns');
   const pronounsOptions = pronounsList.locator('option');
-  const pronounsValues = await pronounsOptions.evaluateAll((opts) => opts.map((opt) => opt.value));
+  const pronounsValues = await pronounsOptions.evaluateAll((opts) => opts.map((opt: HTMLOptionElement) => opt.value));
   expect(pronounsValues).toEqual(['he/him', 'she/her', 'they/them', 'it/its', 'any pronouns']);
   await pronounsInput.fill('she/her');
 
@@ -32,16 +33,16 @@ test('User: Profile settings', async ({browser}, workerInfo) => {
   await page.getByPlaceholder('Share your approximate').fill('on a computer chip');
   await page.getByLabel('User visibility').click();
   await page.getByLabel('Visible only to signed-in').click();
-  await page.getByLabel('Hide email address Your email').uncheck();
+  await page.getByLabel('Hide email address Email address will').uncheck();
   await page.getByLabel('Hide activity from profile').check();
 
   await validate_form({page}, 'fieldset');
-  await save_visual(page);
+  await screenshot(page);
   await page.getByRole('button', {name: 'Update profile'}).click();
   await expect(page.getByText('Your profile has been updated.')).toBeVisible();
   await page.getByRole('link', {name: 'public activity'}).click();
   await expect(page.getByText('Your activity is only visible')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 
   await page.goto('/user2');
   await expect(page.getByText('SecondUser')).toBeVisible();
@@ -49,17 +50,17 @@ test('User: Profile settings', async ({browser}, workerInfo) => {
   await expect(page.locator('li').filter({hasText: 'user2@example.com'})).toBeVisible();
   await expect(page.locator('li').filter({hasText: 'https://forgejo.org'})).toBeVisible();
   await expect(page.getByText('I am a playwright test')).toBeVisible();
-  await save_visual(page);
+  await screenshot(page);
 
   await page.goto('/user/settings');
   await page.locator('input[list="pronouns"]').fill('rob/ot');
   await page.getByLabel('User visibility').click();
   await page.getByLabel('Visible to everyone').click();
-  await page.getByLabel('Hide email address Your email').check();
+  await page.getByLabel('Hide email address Email address will').check();
   await page.getByLabel('Hide activity from profile').uncheck();
   await expect(page.getByText('Your profile has been updated.')).toBeHidden();
   await validate_form({page}, 'fieldset');
-  await save_visual(page);
+  await screenshot(page);
   await page.getByRole('button', {name: 'Update profile'}).click();
   await expect(page.getByText('Your profile has been updated.')).toBeVisible();
 
@@ -75,8 +76,22 @@ test('User: Storage overview', async ({browser}, workerInfo) => {
   await page.goto('/user/settings/storage_overview');
   await page.waitForLoadState();
   await page.getByLabel('Git LFS – 8 KiB').nth(1).hover({position: {x: 250, y: 2}});
-  await expect(page.getByText('Git LFS')).toBeVisible();
-  await save_visual(page);
+  await expect(page.getByText('Git LFS – 8 KiB')).toBeVisible();
+
+  // Show/hide legend by clicking on the bar
+  await expect(page.locator('.stats ul').nth(1)).toBeHidden();
+  await expect(page.getByText('Git LFS 8 KiB').nth(1)).toBeHidden();
+
+  await page.locator('.stats summary').nth(1).click();
+  await expect(page.locator('.stats ul').nth(1)).toBeVisible();
+  await expect(page.getByText('Git LFS 8 KiB').nth(1)).toBeVisible();
+  await screenshot(page);
+
+  await page.locator('.stats summary').nth(1).click();
+  await expect(page.locator('.stats ul').nth(1)).toBeHidden();
+  await expect(page.getByText('Git LFS 8 KiB').nth(1)).toBeHidden();
+
+  await screenshot(page);
 });
 
 test('User: Canceling adding SSH key clears inputs', async ({browser}, workerInfo) => {
@@ -109,3 +124,24 @@ test('User: Canceling adding GPG key clears input', async ({browser}, workerInfo
 
   await expect(gpgKeyContent).toHaveValue('');
 });
+
+test('User: Add access token', async ({browser}, workerInfo) => {
+  const page = await login({browser}, workerInfo);
+  await page.goto('/user/settings/applications');
+
+  await page.locator('#scoped-access-submit').click();
+  await page.locator('#name:invalid').isVisible();
+
+  await page.locator('details.optional.field').click();
+  await page.selectOption('#access-token-scope-activitypub', 'read:activitypub');
+  await page.locator('#scoped-access-submit').click();
+
+  await page.locator('#name:invalid').isVisible();
+  await expect(page.locator('#access-token-scope-activitypub')).toHaveValue('read:activitypub');
+
+  const tokenName = globalThis.crypto.randomUUID();
+  await page.locator('#name').fill(tokenName);
+  await page.locator('#scoped-access-submit').click();
+
+  await page.getByText(tokenName).isVisible();
+});
diff --git a/tests/e2e/utils_e2e.ts b/tests/e2e/utils_e2e.ts
index ff921a2cf3..a0eea19329 100644
--- a/tests/e2e/utils_e2e.ts
+++ b/tests/e2e/utils_e2e.ts
@@ -1,4 +1,4 @@
-import {expect, test as baseTest, type Browser, type BrowserContextOptions, type APIRequestContext, type TestInfo, type Page} from '@playwright/test';
+import {expect, test as baseTest, type Browser, type BrowserContextOptions, type APIRequestContext, type TestInfo} from '@playwright/test';
 
 import * as path from 'node:path';
 
@@ -43,10 +43,10 @@ const LOGIN_PASSWORD = 'password';
 
 // log in user and store session info. This should generally be
 //  run in test.beforeAll(), then the session can be loaded in tests.
-export async function login_user(browser: Browser, workerInfo: TestInfo, user: string) {
+export async function login_user(browser: Browser, workerInfo: TestInfo, user: string, options?: BrowserContextOptions) {
   test.setTimeout(60000);
   // Set up a new context
-  const context = await test_context(browser);
+  const context = await test_context(browser, options);
   const page = await context.newPage();
 
   // Route to login page
@@ -84,49 +84,6 @@ export async function login({browser}: {browser: Browser}, workerInfo: TestInfo)
   return await context?.newPage();
 }
 
-export async function save_visual(page: Page) {
-  // Optionally include visual testing
-  if (process.env.VISUAL_TEST) {
-    await page.waitForLoadState('domcontentloaded');
-    // Mock/replace dynamic content which can have different size (and thus cannot simply be masked below)
-    await page.locator('footer .left-links').evaluate((node) => node.innerHTML = 'MOCK');
-    // replace timestamps in repos to mask them later down
-    await page.locator('.flex-item-body > relative-time').filter({hasText: /now|minute/}).evaluateAll((nodes) => {
-      for (const node of nodes) node.outerHTML = 'relative time in repo';
-    });
-    // dynamically generated UUIDs
-    await page.getByText('dyn-id-').evaluateAll((nodes) => {
-      for (const node of nodes) node.innerHTML = node.innerHTML.replaceAll(/dyn-id-[a-f0-9-]+/g, 'dynamic-id');
-    });
-    // repeat above, work around https://github.com/microsoft/playwright/issues/34152
-    await page.getByText('dyn-id-').evaluateAll((nodes) => {
-      for (const node of nodes) node.innerHTML = node.innerHTML.replaceAll(/dyn-id-[a-f0-9-]+/g, 'dynamic-id');
-    });
-    await page.locator('relative-time').evaluateAll((nodes) => {
-      for (const node of nodes) node.outerHTML = 'time element';
-    });
-    // used for instance for security keys
-    await page.locator('absolute-date').evaluateAll((nodes) => {
-      for (const node of nodes) node.outerHTML = 'time element';
-    });
-    await expect(page).toHaveScreenshot({
-      fullPage: true,
-      timeout: 20000,
-      mask: [
-        page.locator('.ui.avatar'),
-        page.locator('.sha'),
-        page.locator('#repo_migrating'),
-        // update order of recently created repos is not fully deterministic
-        page.locator('.flex-item-main').filter({hasText: 'relative time in repo'}),
-        page.locator('#activity-feed'),
-        page.locator('#user-heatmap'),
-        // dynamic IDs in fixed-size inputs
-        page.locator('input[value*="dyn-id-"]'),
-      ],
-    });
-  }
-}
-
 // Create a temporary user and login to that user and store session info.
 // This should ideally run on a per test basis.
 export async function create_temp_user(browser: Browser, workerInfo: TestInfo, request: APIRequestContext) {
diff --git a/tests/e2e/webauthn.test.e2e.ts b/tests/e2e/webauthn.test.e2e.ts
index d4b81621d2..85337384f4 100644
--- a/tests/e2e/webauthn.test.e2e.ts
+++ b/tests/e2e/webauthn.test.e2e.ts
@@ -8,7 +8,8 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {test, save_visual, create_temp_user, login_user} from './utils_e2e.ts';
+import {test, create_temp_user, login_user} from './utils_e2e.ts';
+import {screenshot} from './shared/screenshots.ts';
 
 test('WebAuthn register & login flow', async ({browser, request}, workerInfo) => {
   test.skip(workerInfo.project.name !== 'chromium', 'Uses Chrome protocol');
@@ -34,13 +35,15 @@ test('WebAuthn register & login flow', async ({browser, request}, workerInfo) =>
   });
 
   await page.locator('input#nickname').fill('Testing Security Key');
-  await save_visual(page);
+  await screenshot(page, page.locator('.user-setting-content'));
   await page.getByText('Add security key').click();
+  await expect(page.getByRole('button', {name: 'Remove'})).toBeVisible(); // "Remove" button is visible, indicating that the security key was added
 
   // Logout.
+  await page.locator('div[aria-label="Profile and settings…"]').click();
+  await page.getByText('Sign out').click();
   await expect(async () => {
-    await page.locator('div[aria-label="Profile and settings…"]').click();
-    await page.getByText('Sign out').click();
+    await page.waitForURL(`${workerInfo.project.use.baseURL}/`);
   }).toPass();
 
   // Login.
@@ -57,8 +60,9 @@ test('WebAuthn register & login flow', async ({browser, request}, workerInfo) =>
   response = await page.goto('/user/settings/security');
   expect(response?.status()).toBe(200);
   await page.getByRole('button', {name: 'Remove'}).click();
-  await save_visual(page);
+  await screenshot(page, page.locator('.ui.g-modal-confirm.delete.modal'), 50);
   await page.getByRole('button', {name: 'Yes'}).click();
+  await expect(page.getByRole('button', {name: 'Remove'})).toBeHidden();
   await page.waitForLoadState();
 
   // verify the user can login without a key
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/HEAD b/tests/gitea-repositories-meta/user2/rendering-test.git/HEAD
new file mode 100644
index 0000000000..cb089cd89a
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/rendering-test.git/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/master
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/config b/tests/gitea-repositories-meta/user2/rendering-test.git/config
new file mode 100644
index 0000000000..07d359d07c
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/rendering-test.git/config
@@ -0,0 +1,4 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/description b/tests/gitea-repositories-meta/user2/rendering-test.git/description
new file mode 100644
index 0000000000..498b267a8c
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/rendering-test.git/description
@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/info/exclude b/tests/gitea-repositories-meta/user2/rendering-test.git/info/exclude
new file mode 100644
index 0000000000..a5196d1be8
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/rendering-test.git/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/objects/29/262fe430e92c957b5d6945df90570d85725dfd b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/29/262fe430e92c957b5d6945df90570d85725dfd
new file mode 100644
index 0000000000..184f27bb65
Binary files /dev/null and b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/29/262fe430e92c957b5d6945df90570d85725dfd differ
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/objects/32/6ad6b850d0786dcbe128fb1cc2754ea739d501 b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/32/6ad6b850d0786dcbe128fb1cc2754ea739d501
new file mode 100644
index 0000000000..6d9a33fdcf
Binary files /dev/null and b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/32/6ad6b850d0786dcbe128fb1cc2754ea739d501 differ
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/objects/35/5dfe24938c3f06a4c5078fa3bd5f3c65c17c8f b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/35/5dfe24938c3f06a4c5078fa3bd5f3c65c17c8f
new file mode 100644
index 0000000000..d275362b93
Binary files /dev/null and b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/35/5dfe24938c3f06a4c5078fa3bd5f3c65c17c8f differ
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/objects/4d/26f069992909b3ff6e52c027f781d0a9eb655c b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/4d/26f069992909b3ff6e52c027f781d0a9eb655c
new file mode 100644
index 0000000000..9a2230ae80
Binary files /dev/null and b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/4d/26f069992909b3ff6e52c027f781d0a9eb655c differ
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/objects/aa/ee434b5dbfce8a1fa9a0e21e7fa4743d7d5c9a b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/aa/ee434b5dbfce8a1fa9a0e21e7fa4743d7d5c9a
new file mode 100644
index 0000000000..87ff244ebb
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/aa/ee434b5dbfce8a1fa9a0e21e7fa4743d7d5c9a
@@ -0,0 +1 @@
+x
+)JMU047g040031QHL*��)-I��L+J�M�(��a�u��-�R���m�v4��Wqؼ��<-13Y�i�?��=�lK���/�o�z����8#��Y�Qֵ
*rO?��-s��o��UF�ڒ�c�_J~!\�x��{��iϖ:�s�
�K
\ No newline at end of file
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/objects/b7/d263e8137441dc76f7594e358cb47e19ce7fe1 b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/b7/d263e8137441dc76f7594e358cb47e19ce7fe1
new file mode 100644
index 0000000000..02776c78f1
Binary files /dev/null and b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/b7/d263e8137441dc76f7594e358cb47e19ce7fe1 differ
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/objects/da/dc7a0667d2671fd1b6c6b8814eff2440b3bb3b b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/da/dc7a0667d2671fd1b6c6b8814eff2440b3bb3b
new file mode 100644
index 0000000000..0fdf4f9019
Binary files /dev/null and b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/da/dc7a0667d2671fd1b6c6b8814eff2440b3bb3b differ
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/objects/fa/faad77cb54665ac800d1bf77e6a55bd355eabc b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/fa/faad77cb54665ac800d1bf77e6a55bd355eabc
new file mode 100644
index 0000000000..e91b9e0912
Binary files /dev/null and b/tests/gitea-repositories-meta/user2/rendering-test.git/objects/fa/faad77cb54665ac800d1bf77e6a55bd355eabc differ
diff --git a/tests/gitea-repositories-meta/user2/rendering-test.git/refs/heads/master b/tests/gitea-repositories-meta/user2/rendering-test.git/refs/heads/master
new file mode 100644
index 0000000000..69d0f8e29c
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/rendering-test.git/refs/heads/master
@@ -0,0 +1 @@
+fafaad77cb54665ac800d1bf77e6a55bd355eabc
diff --git a/tests/integration/actions_commit_status_test.go b/tests/integration/actions_commit_status_test.go
index 5667bdadd5..05de90e5ab 100644
--- a/tests/integration/actions_commit_status_test.go
+++ b/tests/integration/actions_commit_status_test.go
@@ -25,7 +25,7 @@ import (
 )
 
 func TestActionsAutomerge(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Actions.Enabled, true)()
 
 		ctx := db.DefaultContext
diff --git a/tests/integration/actions_concurrency_group_queue_test.go b/tests/integration/actions_concurrency_group_queue_test.go
new file mode 100644
index 0000000000..72520d43b1
--- /dev/null
+++ b/tests/integration/actions_concurrency_group_queue_test.go
@@ -0,0 +1,281 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/url"
+	"strings"
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/db"
+	unit_model "forgejo.org/models/unit"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/gitrepo"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	actions_service "forgejo.org/services/actions"
+	files_service "forgejo.org/services/repository/files"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionConcurrencyRunnerFiltering(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionConcurrencyRunnerFiltering")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	for _, tc := range []struct {
+		name           string
+		runnerName     string
+		expectedRunIDs []int64
+	}{
+		{
+			// owner id 2
+			runnerName:     "User runner",
+			expectedRunIDs: []int64{500, 502},
+		},
+		{
+			// owner id 3
+			runnerName:     "Organisation runner",
+			expectedRunIDs: []int64{501},
+		},
+		{
+			runnerName:     "Repository runner",
+			expectedRunIDs: []int64{502},
+		},
+		{
+			runnerName:     "Global runner",
+			expectedRunIDs: []int64{500, 501, 502},
+		},
+	} {
+		t.Run(tc.runnerName, func(t *testing.T) {
+			// defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionConcurrencyRunnerFiltering")()
+			// require.NoError(t, unittest.PrepareTestDatabase())
+
+			doTest := func() {
+				e := db.GetEngine(t.Context())
+
+				runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{Name: tc.runnerName})
+				jobs, err := actions_model.GetAvailableJobsForRunner(e, runner)
+				require.NoError(t, err)
+
+				ids := []int64{}
+				for _, job := range jobs {
+					ids = append(ids, job.ID)
+				}
+				assert.ElementsMatch(t, tc.expectedRunIDs, ids)
+			}
+
+			t.Run("ConcurrencyGroupQueueEnabled", func(t *testing.T) {
+				defer test.MockVariableValue(&setting.Actions.ConcurrencyGroupQueueEnabled, true)()
+				doTest()
+			})
+
+			t.Run("ConcurrencyGroupQueueDisabled", func(t *testing.T) {
+				defer test.MockVariableValue(&setting.Actions.ConcurrencyGroupQueueEnabled, false)()
+				doTest()
+			})
+		})
+	}
+}
+
+// These tests are a little more unit-testy than they are integration tests, but they're placed in the integration test
+// suite so that they're run on all database engines.
+func TestActionConcurrencyGroupQueue(t *testing.T) {
+	for _, tc := range []struct {
+		name            string
+		expectedRunIDs  []int64
+		updateRun500    map[string]any
+		updateRunJob500 map[string]any
+		updateRun501    map[string]any
+		updateRunJob501 map[string]any
+		queuingDisabled bool
+	}{
+		{
+			name:            "queuing disabled",
+			expectedRunIDs:  []int64{500, 501, 502},
+			queuingDisabled: true,
+		},
+		{
+			// Job 501 & 502's data is configured to be queued-behind job 500, so with queuing enabled it shouldn't
+			// appear.
+			name:           "concurrency blocked",
+			expectedRunIDs: []int64{500},
+		},
+		{
+			name:           "different repo",
+			updateRun501:   map[string]any{"repo_id": 2},
+			expectedRunIDs: []int64{500, 501},
+		},
+		{
+			name:           "different concurrency group",
+			updateRun501:   map[string]any{"concurrency_group": "321bca"},
+			expectedRunIDs: []int64{500, 501},
+		},
+		{
+			name:           "null concurrency group",
+			updateRun501:   map[string]any{"concurrency_group": nil},
+			expectedRunIDs: []int64{500, 501},
+		},
+		{
+			name:           "empty concurrency group",
+			updateRun501:   map[string]any{"concurrency_group": ""},
+			expectedRunIDs: []int64{500, 501},
+		},
+		{
+			name:           "unlimited concurrency",
+			updateRun501:   map[string]any{"concurrency_type": actions_model.UnlimitedConcurrency},
+			expectedRunIDs: []int64{500, 501},
+		},
+		{
+			name:           "cancel-in-progress type",
+			updateRun501:   map[string]any{"concurrency_type": actions_model.CancelInProgress},
+			expectedRunIDs: []int64{500, 501},
+		},
+		{
+			name:            "blocking job done",
+			updateRun500:    map[string]any{"status": actions_model.StatusCancelled},
+			updateRunJob500: map[string]any{"status": actions_model.StatusCancelled},
+			expectedRunIDs:  []int64{501},
+		},
+		{
+			name:            "mid-index job running",
+			updateRun501:    map[string]any{"status": actions_model.StatusRunning},
+			updateRunJob501: map[string]any{"status": actions_model.StatusRunning},
+			expectedRunIDs:  []int64{},
+		},
+		{
+			// Reflects a case where 500 may be retried -- there's already a later job (index-wise) in the concurrency
+			// group that is done, but if 500 is waiting it can still be run
+			name:            "mid-index job ran",
+			updateRun501:    map[string]any{"status": actions_model.StatusSuccess},
+			updateRunJob501: map[string]any{"status": actions_model.StatusSuccess},
+			expectedRunIDs:  []int64{500},
+		},
+		{
+			// If both job 500 & job 501 are in the same workflow run, and one is running, the other can still start
+			// (this would be conditional on its `needs` as a job, but that isn't evaluated by GetAvailableJobsForRunner
+			// so isn't in the scope of testing here)
+			name:            "multiple jobs from same run",
+			updateRun500:    map[string]any{"status": actions_model.StatusRunning},
+			updateRunJob500: map[string]any{"status": actions_model.StatusRunning},
+			updateRunJob501: map[string]any{"run_id": 500},
+			expectedRunIDs:  []int64{501},
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionConcurrencyGroupQueue")()
+			require.NoError(t, unittest.PrepareTestDatabase())
+			runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1004}, "owner_id = 0 AND repo_id = 0")
+
+			defer test.MockVariableValue(&setting.Actions.ConcurrencyGroupQueueEnabled, !tc.queuingDisabled)()
+
+			e := db.GetEngine(t.Context())
+
+			if tc.updateRun500 != nil {
+				affected, err := e.Table(&actions_model.ActionRun{}).Where("id = ?", 500).Update(tc.updateRun500)
+				require.NoError(t, err)
+				require.EqualValues(t, 1, affected)
+			}
+			if tc.updateRunJob500 != nil {
+				affected, err := e.Table(&actions_model.ActionRunJob{}).Where("id = ?", 500).Update(tc.updateRunJob500)
+				require.NoError(t, err)
+				require.EqualValues(t, 1, affected)
+			}
+			if tc.updateRun501 != nil {
+				affected, err := e.Table(&actions_model.ActionRun{}).Where("id = ?", 501).Update(tc.updateRun501)
+				require.NoError(t, err)
+				require.EqualValues(t, 1, affected)
+			}
+			if tc.updateRunJob501 != nil {
+				affected, err := e.Table(&actions_model.ActionRunJob{}).Where("id = ?", 501).Update(tc.updateRunJob501)
+				require.NoError(t, err)
+				require.EqualValues(t, 1, affected)
+			}
+
+			jobs, err := actions_model.GetAvailableJobsForRunner(e, runner)
+			require.NoError(t, err)
+
+			ids := []int64{}
+			for _, job := range jobs {
+				ids = append(ids, job.ID)
+			}
+			assert.ElementsMatch(t, tc.expectedRunIDs, ids)
+		})
+	}
+}
+
+func TestActionConcurrencyGroupQueueFetchNext(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		// mock repo runner only supported on SQLite testing
+		t.Skip()
+	}
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		// create the repo
+		repo, sha, f := tests.CreateDeclarativeRepo(t, user2, "repo-workflow-dispatch",
+			[]unit_model.Type{unit_model.TypeActions}, nil,
+			[]*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  ".forgejo/workflows/dispatch.yml",
+					ContentReader: strings.NewReader(
+						"name: concurrency group workflow\n" +
+							"on:\n" +
+							"  workflow_dispatch:\n" +
+							"    inputs:\n" +
+							"      ident:\n" +
+							"        type: string\n" +
+							"concurrency:\n" +
+							"  group: abc\n" +
+							"  cancel-in-progress: false\n" +
+							"jobs:\n" +
+							"  test:\n" +
+							"    runs-on: ubuntu-latest\n" +
+							"    steps:\n" +
+							"      - run: echo deployment goes here\n"),
+				},
+			},
+		)
+		defer f()
+
+		gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, repo)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		workflow, err := actions_service.GetWorkflowFromCommit(gitRepo, "main", "dispatch.yml")
+		require.NoError(t, err)
+		assert.Equal(t, "refs/heads/main", workflow.Ref)
+		assert.Equal(t, sha, workflow.Commit.ID.String())
+
+		runner := newMockRunner()
+		runner.registerAsRepoRunner(t, user2.Name, repo.Name, "mock-runner", []string{"ubuntu-latest"})
+
+		// first run within the concurrency group
+		_, _, err = workflow.Dispatch(db.DefaultContext, func(key string) string { return "task1" }, repo, user2)
+		require.NoError(t, err)
+		task1 := runner.fetchTask(t)
+
+		// dispatch a second run within the same concurrency group
+		_, _, err = workflow.Dispatch(db.DefaultContext, func(key string) string { return "task2" }, repo, user2)
+		require.NoError(t, err)
+
+		// assert that we can't fetch and start that second task -- it's blocked behind the first
+		task2 := runner.maybeFetchTask(t)
+		assert.Nil(t, task2)
+
+		// finish the first task
+		runner.succeedAtTask(t, task1)
+
+		// now task2 should be accessible since task1 has completed
+		task2 = runner.fetchTask(t)
+		assert.NotNil(t, task2)
+		runner.succeedAtTask(t, task2)
+	})
+}
diff --git a/tests/integration/actions_job_test.go b/tests/integration/actions_job_test.go
index cd3c95b4a1..7e7cfd0a79 100644
--- a/tests/integration/actions_job_test.go
+++ b/tests/integration/actions_job_test.go
@@ -129,7 +129,7 @@ jobs:
 			},
 		},
 	}
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
@@ -174,6 +174,36 @@ jobs:
 	})
 }
 
+func TestRunnerLifecycleGithubEndpoints(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		// registering a mock runner when using a database other than SQLite leaves leftovers
+		t.Skip()
+	}
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		session := loginUser(t, user2.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+
+		apiRepo := createActionsTestRepo(t, token, "actions-runner-registration-with-get", false)
+		runner := newMockRunner()
+		runner.registerAsRepoRunnerWithPost(t, user2.Name, apiRepo.Name, "mock-runner", []string{"ubuntu-latest"})
+		runnersList := runner.listRunners(t, user2.Name, apiRepo.Name)
+
+		assert.NotNil(t, runnersList)
+		assert.Len(t, runnersList.Entries, 1)
+		assert.Equal(t, "mock-runner", runnersList.Entries[0].Name)
+
+		runnerDetails := runner.getRunner(t, user2.Name, apiRepo.Name, runnersList.Entries[0].ID)
+		assert.Equal(t, "mock-runner", runnerDetails.Name)
+		assert.Equal(t, runnersList.Entries[0].ID, runnerDetails.ID)
+
+		runner.deleteRunner(t, user2.Name, apiRepo.Name, runnersList.Entries[0].ID)
+
+		httpContext := NewAPITestContext(t, user2.Name, apiRepo.Name, auth_model.AccessTokenScopeWriteRepository)
+		doAPIDeleteRepository(httpContext)(t)
+	})
+}
+
 func TestActionsJobNeedsMatrix(t *testing.T) {
 	if !setting.Database.Type.IsSQLite3() {
 		t.Skip()
@@ -318,7 +348,7 @@ jobs:
 			},
 		},
 	}
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
@@ -364,7 +394,7 @@ func TestActionsGiteaContext(t *testing.T) {
 		t.Skip()
 	}
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		user2Session := loginUser(t, user2.Name)
 		user2Token := getTokenForLoggedInUser(t, user2Session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
diff --git a/tests/integration/actions_log_test.go b/tests/integration/actions_log_test.go
index 0443dc9cfb..4da1114958 100644
--- a/tests/integration/actions_log_test.go
+++ b/tests/integration/actions_log_test.go
@@ -101,7 +101,7 @@ jobs:
 			zstdEnabled: false,
 		},
 	}
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
diff --git a/tests/integration/actions_notifications_test.go b/tests/integration/actions_notifications_test.go
index ed59c92500..78ab79e72f 100644
--- a/tests/integration/actions_notifications_test.go
+++ b/tests/integration/actions_notifications_test.go
@@ -59,7 +59,7 @@ jobs:
 			notifyEmail: false,
 		},
 	}
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
diff --git a/tests/integration/actions_route_test.go b/tests/integration/actions_route_test.go
index 930a917524..1218a1abed 100644
--- a/tests/integration/actions_route_test.go
+++ b/tests/integration/actions_route_test.go
@@ -32,7 +32,7 @@ func GetWorkflowRunRedirectURI(t *testing.T, repoURL, workflow string) string {
 }
 
 func TestActionsWebRouteLatestWorkflowRun(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 		// create the repo
@@ -120,7 +120,7 @@ func TestActionsWebRouteLatestWorkflowRun(t *testing.T) {
 }
 
 func TestActionsWebRouteLatestRun(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 		// create the repo
diff --git a/tests/integration/actions_run_now_done_notification_test.go b/tests/integration/actions_run_now_done_notification_test.go
index 480d67a73d..9a2764594b 100644
--- a/tests/integration/actions_run_now_done_notification_test.go
+++ b/tests/integration/actions_run_now_done_notification_test.go
@@ -72,9 +72,10 @@ func TestActionNowDoneNotification(t *testing.T) {
 		t.Skip()
 	}
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		notifier := mockNotifier{t: t, testIdx: 0, lastRunID: -1, runID: -1}
 		notify_service.RegisterNotifier(&notifier)
+		defer notify_service.UnregisterNotifier(&notifier)
 
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
diff --git a/tests/integration/actions_runner_test.go b/tests/integration/actions_runner_test.go
index 859406997e..a9bb122680 100644
--- a/tests/integration/actions_runner_test.go
+++ b/tests/integration/actions_runner_test.go
@@ -12,6 +12,7 @@ import (
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/structs"
 
 	pingv1 "code.gitea.io/actions-proto-go/ping/v1"
 	"code.gitea.io/actions-proto-go/ping/v1/pingv1connect"
@@ -24,7 +25,8 @@ import (
 )
 
 type mockRunner struct {
-	client *mockRunnerClient
+	client           *mockRunnerClient
+	lastTasksVersion int64
 }
 
 type mockRunnerClient struct {
@@ -82,8 +84,7 @@ func (r *mockRunner) doRegister(t *testing.T, name, token string, labels []strin
 
 func (r *mockRunner) registerAsRepoRunner(t *testing.T, ownerName, repoName, runnerName string, labels []string) {
 	if !setting.Database.Type.IsSQLite3() {
-		// registering a mock runner when using a database other than SQLite leaves leftovers
-		t.FailNow()
+		assert.FailNow(t, "registering a mock runner when using a database other than SQLite leaves leftovers")
 	}
 	session := loginUser(t, ownerName)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
@@ -96,6 +97,70 @@ func (r *mockRunner) registerAsRepoRunner(t *testing.T, ownerName, repoName, run
 	r.doRegister(t, runnerName, registrationToken.Token, labels)
 }
 
+func (r *mockRunner) registerAsRepoRunnerWithPost(t *testing.T, ownerName, repoName, runnerName string, labels []string) {
+	if !setting.Database.Type.IsSQLite3() {
+		// registering a mock runner when using a database other than SQLite leaves leftovers
+		t.FailNow()
+	}
+	session := loginUser(t, ownerName)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+	req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners/registration-token", ownerName, repoName)).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var registrationToken struct {
+		Token string `json:"token"`
+	}
+	DecodeJSON(t, resp, &registrationToken)
+	r.doRegister(t, runnerName, registrationToken.Token, labels)
+}
+
+func (r *mockRunner) listRunners(t *testing.T, ownerName, repoName string) structs.ActionRunnersResponse {
+	if !setting.Database.Type.IsSQLite3() {
+		// registering a mock runner when using a database other than SQLite leaves leftovers
+		t.FailNow()
+	}
+	session := loginUser(t, ownerName)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners", ownerName, repoName)).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var runnersList structs.ActionRunnersResponse
+	DecodeJSON(t, resp, &runnersList)
+	return runnersList
+}
+
+func (r *mockRunner) getRunner(t *testing.T, ownerName, repoName string, runnerID int64) structs.ActionRunner {
+	if !setting.Database.Type.IsSQLite3() {
+		// registering a mock runner when using a database other than SQLite leaves leftovers
+		t.FailNow()
+	}
+	session := loginUser(t, ownerName)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners/%d", ownerName, repoName, runnerID)).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var runner structs.ActionRunner
+	DecodeJSON(t, resp, &runner)
+	return runner
+}
+
+func (r *mockRunner) deleteRunner(t *testing.T, ownerName, repoName string, runnerID int64) {
+	if !setting.Database.Type.IsSQLite3() {
+		// registering a mock runner when using a database other than SQLite leaves leftovers
+		t.FailNow()
+	}
+	session := loginUser(t, ownerName)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+	req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners/%d", ownerName, repoName, runnerID)).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusNoContent)
+}
+
+func (r *mockRunner) maybeFetchTask(t *testing.T) *runnerv1.Task {
+	resp, err := r.client.runnerServiceClient.FetchTask(t.Context(), connect.NewRequest(&runnerv1.FetchTaskRequest{
+		TasksVersion: r.lastTasksVersion,
+	}))
+	require.NoError(t, err)
+	r.lastTasksVersion = resp.Msg.TasksVersion
+	return resp.Msg.Task
+}
+
 func (r *mockRunner) fetchTask(t *testing.T, timeout ...time.Duration) *runnerv1.Task {
 	fetchTimeout := 10 * time.Second
 	if len(timeout) > 0 {
@@ -103,13 +168,10 @@ func (r *mockRunner) fetchTask(t *testing.T, timeout ...time.Duration) *runnerv1
 	}
 
 	var task *runnerv1.Task
-	assert.Eventually(t, func() bool {
-		resp, err := r.client.runnerServiceClient.FetchTask(t.Context(), connect.NewRequest(&runnerv1.FetchTaskRequest{
-			TasksVersion: 0,
-		}))
-		require.NoError(t, err)
-		if resp.Msg.Task != nil {
-			task = resp.Msg.Task
+	require.Eventually(t, func() bool {
+		maybeTask := r.maybeFetchTask(t)
+		if maybeTask != nil {
+			task = maybeTask
 			return true
 		}
 		return false
diff --git a/tests/integration/actions_trigger_test.go b/tests/integration/actions_trigger_test.go
index d13c666020..094ec9cfdd 100644
--- a/tests/integration/actions_trigger_test.go
+++ b/tests/integration/actions_trigger_test.go
@@ -40,7 +40,7 @@ import (
 )
 
 func TestActionsPullRequestCommitStatus(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) // owner of the base repo
 		session := loginUser(t, "user2")
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue)
@@ -351,7 +351,7 @@ jobs:
 }
 
 func TestActionsPullRequestWithInvalidWorkflow(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) // owner of the base repo
 		session := loginUser(t, "user2")
 
@@ -432,7 +432,7 @@ runs-on: docker
 }
 
 func TestActionsPullRequestTargetEvent(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) // owner of the base repo
 		org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})  // owner of the forked repo
 
@@ -589,7 +589,7 @@ func TestActionsPullRequestTargetEvent(t *testing.T) {
 }
 
 func TestActionsSkipCI(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user2")
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
@@ -680,7 +680,7 @@ func TestActionsSkipCI(t *testing.T) {
 }
 
 func TestActionsCreateDeleteRefEvent(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 		// create the repo
@@ -796,7 +796,7 @@ func TestActionsCreateDeleteRefEvent(t *testing.T) {
 }
 
 func TestActionsWorkflowDispatchEvent(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 		// create the repo
@@ -848,3 +848,61 @@ func TestActionsWorkflowDispatchEvent(t *testing.T) {
 		assert.Equal(t, "test", j[0])
 	})
 }
+
+func TestActionsWorkflowDispatchConcurrencyGroup(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		// create the repo
+		repo, sha, f := tests.CreateDeclarativeRepo(t, user2, "repo-workflow-dispatch",
+			[]unit_model.Type{unit_model.TypeActions}, nil,
+			[]*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  ".gitea/workflows/dispatch.yml",
+					ContentReader: strings.NewReader(
+						"name: test\n" +
+							"on: [workflow_dispatch]\n" +
+							"jobs:\n" +
+							"  test:\n" +
+							"    runs-on: ubuntu-latest\n" +
+							"    steps:\n" +
+							"      - run: echo helloworld\n" +
+							"concurrency:\n" +
+							"  group: workflow-magic-group\n" +
+							"  cancel-in-progress: true\n",
+					),
+				},
+			},
+		)
+		defer f()
+
+		gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, repo)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		workflow, err := actions_service.GetWorkflowFromCommit(gitRepo, "main", "dispatch.yml")
+		require.NoError(t, err)
+		assert.Equal(t, "refs/heads/main", workflow.Ref)
+		assert.Equal(t, sha, workflow.Commit.ID.String())
+
+		inputGetter := func(key string) string {
+			return ""
+		}
+
+		firstRun, _, err := workflow.Dispatch(db.DefaultContext, inputGetter, repo, user2)
+		require.NoError(t, err)
+		assert.Equal(t, 1, unittest.GetCount(t, &actions_model.ActionRun{RepoID: repo.ID}))
+		assert.Equal(t, "workflow-magic-group", firstRun.ConcurrencyGroup)
+		assert.Equal(t, actions_model.CancelInProgress, firstRun.ConcurrencyType)
+
+		// Dispatch again and verify previous run was cancelled:
+		secondRun, _, err := workflow.Dispatch(db.DefaultContext, inputGetter, repo, user2)
+		require.NoError(t, err)
+		assert.Equal(t, 2, unittest.GetCount(t, &actions_model.ActionRun{RepoID: repo.ID}))
+		assert.Equal(t, "workflow-magic-group", secondRun.ConcurrencyGroup)
+		assert.Equal(t, actions_model.CancelInProgress, secondRun.ConcurrencyType)
+		firstRunReload := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: firstRun.ID})
+		assert.Equal(t, actions_model.StatusCancelled, firstRunReload.Status)
+	})
+}
diff --git a/tests/integration/actions_view_test.go b/tests/integration/actions_view_test.go
index 1a0cdc2ec1..3b124beb65 100644
--- a/tests/integration/actions_view_test.go
+++ b/tests/integration/actions_view_test.go
@@ -24,7 +24,7 @@ import (
 )
 
 func TestActionViewsArtifactDeletion(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 		// create the repo
@@ -152,7 +152,7 @@ func TestActionViewsView(t *testing.T) {
 		re = regexp.MustCompile(pattern)
 		actualClean = re.ReplaceAllString(actualClean, `"time_since_started_html":"_time_"`)
 
-		return assert.JSONEq(t, "{\"state\":{\"run\":{\"link\":\"/user5/repo4/actions/runs/187\",\"title\":\"update actions\",\"titleHTML\":\"update actions\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":true,\"jobs\":[{\"id\":192,\"name\":\"job_2\",\"status\":\"success\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}}},\"currentJob\":{\"title\":\"job_2\",\"detail\":\"Success\",\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":3,\"time_since_started_html\":\"_time_\",\"status\":\"running\"},{\"number\":2,\"time_since_started_html\":\"_time_\",\"status\":\"success\"},{\"number\":1,\"time_since_started_html\":\"_time_\",\"status\":\"success\"}]}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
+		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/187\",\"title\":\"update actions\",\"titleHTML\":\"update actions\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":true,\"jobs\":[{\"id\":192,\"name\":\"job_2\",\"status\":\"success\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}}},\"currentJob\":{\"title\":\"job_2\",\"detail\":\"Success\",\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":3,\"time_since_started_html\":\"_time_\",\"status\":\"running\"},{\"number\":2,\"time_since_started_html\":\"_time_\",\"status\":\"success\"},{\"number\":1,\"time_since_started_html\":\"_time_\",\"status\":\"success\"}]}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
 	})
 	htmlDoc.AssertAttrEqual(t, selector, "data-initial-artifacts-response", "{\"artifacts\":[{\"name\":\"multi-file-download\",\"size\":2048,\"status\":\"completed\"}]}\n")
 }
@@ -184,7 +184,7 @@ func TestActionViewsViewAttemptOutOfRange(t *testing.T) {
 		re = regexp.MustCompile(pattern)
 		actualClean = re.ReplaceAllString(actualClean, `"time_since_started_html":"_time_"`)
 
-		return assert.JSONEq(t, "{\"state\":{\"run\":{\"link\":\"/user5/repo4/actions/runs/190\",\"title\":\"job output\",\"titleHTML\":\"job output\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":396,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"test\",\"link\":\"/user5/repo4/src/branch/test\",\"isDeleted\":true}}},\"currentJob\":{\"title\":\"job_2\",\"detail\":\"Waiting\",\"steps\":[],\"allAttempts\":null}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
+		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/190\",\"title\":\"job output\",\"titleHTML\":\"job output\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":396,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"test\",\"link\":\"/user5/repo4/src/branch/test\",\"isDeleted\":true}}},\"currentJob\":{\"title\":\"job_2\",\"detail\":\"Waiting\",\"steps\":[],\"allAttempts\":null}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
 	})
 	htmlDoc.AssertAttrEqual(t, selector, "data-initial-artifacts-response", "{\"artifacts\":[]}\n")
 }
diff --git a/tests/integration/activitypub_client_test.go b/tests/integration/activitypub_client_test.go
index 67482a7277..9f0d277652 100644
--- a/tests/integration/activitypub_client_test.go
+++ b/tests/integration/activitypub_client_test.go
@@ -24,7 +24,7 @@ func TestActivityPubClientBodySize(t *testing.T) {
 	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
 	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 		url := u.JoinPath("/api/v1/nodeinfo").String()
 
diff --git a/tests/integration/admin_user_test.go b/tests/integration/admin_user_test.go
index f460cf22f5..e2d94b51d2 100644
--- a/tests/integration/admin_user_test.go
+++ b/tests/integration/admin_user_test.go
@@ -39,6 +39,14 @@ func TestAdminViewUsers(t *testing.T) {
 		// 6th column is the 2FA column.
 		// One user that has TOTP and another user that has WebAuthn.
 		assert.Equal(t, 2, htmlDoc.Find(".admin-setting-content table tbody tr td:nth-child(6) .octicon-check").Length())
+
+		// account type 5 is for remote users (eg. users from the federation)
+		req = NewRequest(t, "GET", "/admin/users?status_filter[account_type]=5")
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		htmlDoc = NewHTMLParser(t, resp.Body)
+
+		// Only one user (id 42) is a remote user
+		assert.Equal(t, 1, htmlDoc.Find("table tbody tr").Length())
 	})
 
 	t.Run("Normal user", func(t *testing.T) {
@@ -75,6 +83,55 @@ func TestAdminEditUser(t *testing.T) {
 	testSuccessfullEdit(t, user_model.User{ID: 2, Name: "newusername", LoginName: "otherlogin", Email: "new@e-mail.gitea"})
 }
 
+func TestAdminEditUserHideEmail(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user1")
+	userID := int64(2) // user2 from fixtures
+
+	// Test setting hide_email to false
+	csrf := GetCSRF(t, session, fmt.Sprintf("/admin/users/%d/edit", userID))
+	req := NewRequestWithValues(t, "POST", fmt.Sprintf("/admin/users/%d/edit", userID), map[string]string{
+		"_csrf":      csrf,
+		"user_name":  "user2",
+		"login_name": "user2",
+		"login_type": "0-0",
+		"email":      "user2@example.com",
+		"hide_email": "false",
+	})
+	session.MakeRequest(t, req, http.StatusSeeOther)
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID})
+	assert.False(t, user.KeepEmailPrivate)
+
+	// Verify the form now loads with hide_email not checked
+	req = NewRequest(t, "GET", fmt.Sprintf("/admin/users/%d/edit", userID))
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	htmlDoc.AssertElement(t, `input[name="hide_email"]:not([checked])`, true)
+
+	// Test setting hide_email to true
+	csrf = GetCSRF(t, session, fmt.Sprintf("/admin/users/%d/edit", userID))
+	req = NewRequestWithValues(t, "POST", fmt.Sprintf("/admin/users/%d/edit", userID), map[string]string{
+		"_csrf":      csrf,
+		"user_name":  "user2",
+		"login_name": "user2",
+		"login_type": "0-0",
+		"email":      "user2@example.com",
+		"hide_email": "true",
+	})
+	session.MakeRequest(t, req, http.StatusSeeOther)
+
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID})
+	assert.True(t, user.KeepEmailPrivate)
+
+	// Verify the form loads with hide_email checked
+	req = NewRequest(t, "GET", fmt.Sprintf("/admin/users/%d/edit", userID))
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc = NewHTMLParser(t, resp.Body)
+	htmlDoc.AssertElement(t, `input[name="hide_email"][checked]`, true)
+}
+
 func testSuccessfullEdit(t *testing.T, formData user_model.User) {
 	makeRequest(t, formData, http.StatusSeeOther)
 }
@@ -148,7 +205,7 @@ func TestSourceId(t *testing.T) {
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &users)
 	assert.Len(t, users, 1)
-	assert.Equal(t, "the_34-user.with.all.allowedChars", users[0].UserName)
+	assert.Equal(t, "federated-example.net", users[0].UserName)
 
 	// Now our new user should be in the list, because we filter by source_id 23
 	req = NewRequest(t, "GET", "/api/v1/admin/users?limit=1&source_id=23").AddTokenAuth(token)
@@ -192,9 +249,9 @@ func TestAdminViewUsersSorted(t *testing.T) {
 		sortType      string
 		expectedUsers []string
 	}{
-		{0, "alphabetically", []string{"the_34-user.with.all.allowedChars", "user1", "user10", "user11"}},
+		{0, "alphabetically", []string{"federated-example.net", "the_34-user.with.all.allowedChars", "user1", "user10"}},
 		{0, "reversealphabetically", []string{"user9", "user8", "user5", "user40"}},
-		{0, "newest", []string{"user40", "user39", "user38", "user37"}},
+		{0, "newest", []string{"federated-example.net", "user40", "user39", "user38"}},
 		{0, "oldest", []string{"user1", "user2", "user4", "user5"}},
 		{44, "recentupdate", []string{"sorttest1", "sorttest2", "sorttest3", "sorttest4"}},
 		{44, "leastupdate", []string{"sorttest10", "sorttest9", "sorttest8", "sorttest7"}},
diff --git a/tests/integration/api_activitypub_actor_test.go b/tests/integration/api_activitypub_actor_test.go
index 42232bd640..90a759716a 100644
--- a/tests/integration/api_activitypub_actor_test.go
+++ b/tests/integration/api_activitypub_actor_test.go
@@ -56,7 +56,7 @@ func TestActorNewFromKeyId(t *testing.T) {
 	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
 	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		ctx, _ := contexttest.MockAPIContext(t, "/api/v1/activitypub/actor")
 		sut, err := federation.NewActorIDFromKeyID(ctx.Base, fmt.Sprintf("%sapi/v1/activitypub/actor#main-key", u))
 		require.NoError(t, err)
diff --git a/tests/integration/api_activitypub_person_inbox_follow_test.go b/tests/integration/api_activitypub_person_inbox_follow_test.go
index f171b8951f..9e076ca002 100644
--- a/tests/integration/api_activitypub_person_inbox_follow_test.go
+++ b/tests/integration/api_activitypub_person_inbox_follow_test.go
@@ -35,7 +35,7 @@ func TestActivityPubPersonInboxFollow(t *testing.T) {
 	federatedSrv := mock.DistantServer(t)
 	defer federatedSrv.Close()
 
-	onGiteaRun(t, func(t *testing.T, localUrl *url.URL) {
+	onApplicationRun(t, func(t *testing.T, localUrl *url.URL) {
 		defer test.MockVariableValue(&setting.AppURL, localUrl.String())()
 
 		distantURL := federatedSrv.URL
diff --git a/tests/integration/api_activitypub_person_inbox_useractivity_test.go b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
index 39f08f4d9c..4201fd94bf 100644
--- a/tests/integration/api_activitypub_person_inbox_useractivity_test.go
+++ b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
@@ -37,7 +37,7 @@ func TestActivityPubPersonInboxNoteToDistant(t *testing.T) {
 	federatedSrv := mock.DistantServer(t)
 	defer federatedSrv.Close()
 
-	onGiteaRun(t, func(t *testing.T, localUrl *url.URL) {
+	onApplicationRun(t, func(t *testing.T, localUrl *url.URL) {
 		defer test.MockVariableValue(&setting.AppURL, localUrl.String())()
 
 		distantURL := federatedSrv.URL
diff --git a/tests/integration/api_activitypub_person_test.go b/tests/integration/api_activitypub_person_test.go
index bd21c13612..cbd1f99b23 100644
--- a/tests/integration/api_activitypub_person_test.go
+++ b/tests/integration/api_activitypub_person_test.go
@@ -32,7 +32,7 @@ func TestActivityPubPerson(t *testing.T) {
 	federatedSrv := mock.DistantServer(t)
 	defer federatedSrv.Close()
 
-	onGiteaRun(t, func(t *testing.T, localUrl *url.URL) {
+	onApplicationRun(t, func(t *testing.T, localUrl *url.URL) {
 		defer test.MockVariableValue(&setting.AppURL, localUrl.String())()
 
 		localUserID := 2
@@ -90,7 +90,7 @@ func TestActivityPubPersonInbox(t *testing.T) {
 	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
 	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.AppURL, u.String())()
 		user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 
@@ -117,7 +117,7 @@ func TestActivityPubPersonOutbox(t *testing.T) {
 	federatedSrv := mock.DistantServer(t)
 	defer federatedSrv.Close()
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.AppURL, u.String())()
 		user2outboxurl := u.JoinPath("/api/v1/activitypub/user-id/2/outbox").String()
 
diff --git a/tests/integration/api_activitypub_repository_test.go b/tests/integration/api_activitypub_repository_test.go
index b4be0407b9..29221bb682 100644
--- a/tests/integration/api_activitypub_repository_test.go
+++ b/tests/integration/api_activitypub_repository_test.go
@@ -32,7 +32,7 @@ func TestActivityPubRepository(t *testing.T) {
 	federatedSrv := mock.DistantServer(t)
 	defer federatedSrv.Close()
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		repositoryID := 2
 
 		localRepository := fmt.Sprintf("%sapi/v1/activitypub/repository-id/%d", u, repositoryID)
@@ -76,7 +76,7 @@ func TestActivityPubRepositoryInboxValid(t *testing.T) {
 	federatedSrv := mock.DistantServer(t)
 	defer federatedSrv.Close()
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		repositoryID := 2
 		timeNow := time.Now().UTC()
 		localRepoInbox := u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d/inbox", repositoryID)).String()
@@ -156,7 +156,7 @@ func TestActivityPubRepositoryInboxInvalid(t *testing.T) {
 	defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
 	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		apServerActor := user.NewAPServerActor()
 		repositoryID := 2
 		localRepo2Inbox := u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d/inbox", repositoryID)).String()
diff --git a/tests/integration/api_admin_test.go b/tests/integration/api_admin_test.go
index 9351dd9c20..a196cbb758 100644
--- a/tests/integration/api_admin_test.go
+++ b/tests/integration/api_admin_test.go
@@ -126,7 +126,9 @@ func TestAPIListUsers(t *testing.T) {
 		}
 	}
 	assert.True(t, found)
-	numberOfUsers := unittest.GetCount(t, &user_model.User{}, "type = 0")
+	numberOfUsers := unittest.GetCount(t, &user_model.User{}, "type = 0") +
+		unittest.GetCount(t, &user_model.User{}, "type = 5")
+
 	assert.Len(t, users, numberOfUsers)
 }
 
@@ -222,6 +224,28 @@ func TestAPIEditUser(t *testing.T) {
 	MakeRequest(t, req, http.StatusOK)
 	user2 = unittest.AssertExistsAndLoadBean(t, &user_model.User{LoginName: "user2"})
 	assert.True(t, user2.IsRestricted)
+
+	// Test hide_email functionality
+	user2 = unittest.AssertExistsAndLoadBean(t, &user_model.User{LoginName: "user2"})
+	assert.True(t, user2.KeepEmailPrivate) // user2 starts with keep_email_private: true in fixtures
+
+	// Test setting hide_email to false
+	bFalse := false
+	req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
+		HideEmail: &bFalse,
+	}).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusOK)
+	user2 = unittest.AssertExistsAndLoadBean(t, &user_model.User{LoginName: "user2"})
+	assert.False(t, user2.KeepEmailPrivate)
+
+	// Test setting hide_email back to true
+	bTrue = true
+	req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
+		HideEmail: &bTrue,
+	}).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusOK)
+	user2 = unittest.AssertExistsAndLoadBean(t, &user_model.User{LoginName: "user2"})
+	assert.True(t, user2.KeepEmailPrivate)
 }
 
 func TestAPIEditUserWithLoginName(t *testing.T) {
diff --git a/tests/integration/api_branch_test.go b/tests/integration/api_branch_test.go
index d8800217d3..715c5b38cb 100644
--- a/tests/integration/api_branch_test.go
+++ b/tests/integration/api_branch_test.go
@@ -108,7 +108,7 @@ func TestAPIGetBranch(t *testing.T) {
 }
 
 func TestAPICreateBranch(t *testing.T) {
-	onGiteaRun(t, testAPICreateBranches)
+	onApplicationRun(t, testAPICreateBranches)
 }
 
 func testAPICreateBranches(t *testing.T, giteaURL *url.URL) {
@@ -189,7 +189,7 @@ func testAPICreateBranch(t testing.TB, session *TestSession, user, repo, oldBran
 }
 
 func TestAPIUpdateBranch(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, _ *url.URL) {
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
 		t.Run("UpdateBranchWithEmptyRepo", func(t *testing.T) {
 			testAPIUpdateBranch(t, "user10", "repo6", "master", "test", http.StatusNotFound)
 		})
@@ -265,7 +265,7 @@ func TestAPIBranchProtection(t *testing.T) {
 }
 
 func TestAPICreateBranchWithSyncBranches(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		unittest.AssertCount(t, &git_model.Branch{RepoID: 1}, 4)
 
 		// make a broke repository with no branch on database
diff --git a/tests/integration/api_federation_httpsig_test.go b/tests/integration/api_federation_httpsig_test.go
index f5c4c78648..a194452dd2 100644
--- a/tests/integration/api_federation_httpsig_test.go
+++ b/tests/integration/api_federation_httpsig_test.go
@@ -28,7 +28,7 @@ func TestFederationHttpSigValidation(t *testing.T) {
 	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
 	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		userID := 2
 		userURL := fmt.Sprintf("%sapi/v1/activitypub/user-id/%d", u, userID)
 
diff --git a/tests/integration/api_issue_templates_test.go b/tests/integration/api_issue_templates_test.go
index 3d119c1157..23046543a3 100644
--- a/tests/integration/api_issue_templates_test.go
+++ b/tests/integration/api_issue_templates_test.go
@@ -20,7 +20,7 @@ import (
 )
 
 func TestAPIIssueTemplateList(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
diff --git a/tests/integration/api_packages_cargo_test.go b/tests/integration/api_packages_cargo_test.go
index 9e03d9e8a8..febba37b76 100644
--- a/tests/integration/api_packages_cargo_test.go
+++ b/tests/integration/api_packages_cargo_test.go
@@ -22,7 +22,7 @@ import (
 	cargo_module "forgejo.org/modules/packages/cargo"
 	"forgejo.org/modules/setting"
 	cargo_router "forgejo.org/routers/api/packages/cargo"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	cargo_service "forgejo.org/services/packages/cargo"
 	"forgejo.org/tests"
 
@@ -31,7 +31,7 @@ import (
 )
 
 func TestPackageCargo(t *testing.T) {
-	onGiteaRun(t, testPackageCargo)
+	onApplicationRun(t, testPackageCargo)
 }
 
 func testPackageCargo(t *testing.T, _ *neturl.URL) {
@@ -388,7 +388,7 @@ func testPackageCargo(t *testing.T, _ *neturl.URL) {
 }
 
 func TestRebuildCargo(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *neturl.URL) {
+	onApplicationRun(t, func(t *testing.T, u *neturl.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user.Name)
 		unittest.AssertExistsIf(t, false, &repo_model.Repository{OwnerID: user.ID, Name: cargo_service.IndexRepositoryName})
@@ -401,7 +401,7 @@ func TestRebuildCargo(t *testing.T) {
 			})
 			session.MakeRequest(t, req, http.StatusSeeOther)
 
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Equal(t, "error%3DCannot%2Brebuild%252C%2Bno%2Bindex%2Bis%2Binitialized.", flashCookie.Value)
 			unittest.AssertExistsIf(t, false, &repo_model.Repository{OwnerID: user.ID, Name: cargo_service.IndexRepositoryName})
@@ -439,7 +439,7 @@ func TestRebuildCargo(t *testing.T) {
 			})
 			session.MakeRequest(t, req, http.StatusSeeOther)
 
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Equal(t, "success%3DThe%2BCargo%2Bindex%2Bwas%2Bsuccessfully%2Brebuilt.", flashCookie.Value)
 		})
diff --git a/tests/integration/api_packages_debian_test.go b/tests/integration/api_packages_debian_test.go
index 67498ec043..b965de9e2c 100644
--- a/tests/integration/api_packages_debian_test.go
+++ b/tests/integration/api_packages_debian_test.go
@@ -264,4 +264,35 @@ func TestPackageDebian(t *testing.T) {
 		assert.Contains(t, body, "Components: "+strings.Join(components, " ")+"\n")
 		assert.Contains(t, body, "Architectures: "+architectures[1]+"\n")
 	})
+
+	t.Run("Delete via UI", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// Test precondition -- ensure that the packageVersion & packageVersion2 are listed in the index
+		indexURL := fmt.Sprintf("%s/dists/%s/%s/binary-%s/Packages", rootURL, distributions[1], components[0], architectures[0])
+		req := NewRequest(t, "GET", indexURL)
+		resp := MakeRequest(t, req, http.StatusOK)
+		body := resp.Body.String()
+		require.Contains(t, body, fmt.Sprintf("Version: %s", packageVersion))
+		require.Contains(t, body, fmt.Sprintf("Version: %s", packageVersion2))
+
+		// Perform backend request that simulates the "Delete package" UI option, which is a generic codepath without
+		// debian-specific package management awareness...
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		session := loginUser(t, user.Name)
+		settingsURL := fmt.Sprintf("/user2/-/packages/debian/%s/%s/settings", packageName, packageVersion)
+		uiURL := fmt.Sprintf("/user2/-/packages/debian/%s/%s", packageName, packageVersion)
+		req = NewRequestWithValues(t, "POST", settingsURL, map[string]string{
+			"_csrf":  GetCSRF(t, session, uiURL),
+			"action": "delete",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		// Ensure that the package index has been rebuilt without the deleted package, handled by debianPackageNotifier
+		req = NewRequest(t, "GET", indexURL)
+		resp = MakeRequest(t, req, http.StatusOK)
+		body = resp.Body.String()
+		assert.NotContains(t, body, fmt.Sprintf("Version: %s", packageVersion))
+		require.Contains(t, body, fmt.Sprintf("Version: %s", packageVersion2))
+	})
 }
diff --git a/tests/integration/api_packages_test.go b/tests/integration/api_packages_test.go
index 2007b7d6b3..0c616496ff 100644
--- a/tests/integration/api_packages_test.go
+++ b/tests/integration/api_packages_test.go
@@ -573,6 +573,19 @@ func TestPackageCleanup(t *testing.T) {
 					KeepCount: 2,
 				},
 			},
+			{
+				Name: "KeepCountGreaterThanTotal",
+				Versions: []version{
+					{Version: "keep", ShouldExist: true},
+					{Version: "v1.0", ShouldExist: true},
+					{Version: "test-3", ShouldExist: true},
+					{Version: "test-4", ShouldExist: true},
+				},
+				Rule: &packages_model.PackageCleanupRule{
+					Enabled:   true,
+					KeepCount: 2000,
+				},
+			},
 			{
 				Name: "KeepPattern",
 				Versions: []version{
diff --git a/tests/integration/api_private_serv_test.go b/tests/integration/api_private_serv_test.go
index 6a62169b40..742d2d80d7 100644
--- a/tests/integration/api_private_serv_test.go
+++ b/tests/integration/api_private_serv_test.go
@@ -24,7 +24,7 @@ import (
 )
 
 func TestAPIPrivateNoServ(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		ctx, cancel := context.WithCancel(t.Context())
 		defer cancel()
 		key, user, err := private.ServNoCommand(ctx, 1)
@@ -46,7 +46,7 @@ func TestAPIPrivateNoServ(t *testing.T) {
 }
 
 func TestAPIPrivateServ(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		ctx, cancel := context.WithCancel(t.Context())
 		defer cancel()
 
@@ -161,7 +161,7 @@ func TestAPIPrivateServ(t *testing.T) {
 }
 
 func TestAPIPrivateServAndNoServWithRequiredTwoFactor(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		ctx, cancel := context.WithCancel(t.Context())
 		defer cancel()
 
diff --git a/tests/integration/api_pull_test.go b/tests/integration/api_pull_test.go
index 301d351238..ef066dee43 100644
--- a/tests/integration/api_pull_test.go
+++ b/tests/integration/api_pull_test.go
@@ -1,13 +1,15 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package integration
 
 import (
+	"cmp"
 	"fmt"
-	"io"
 	"net/http"
 	"net/url"
+	"slices"
 	"strings"
 	"testing"
 
@@ -31,40 +33,151 @@ import (
 func TestAPIViewPulls(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
 	ctx := NewAPITestContext(t, "user2", repo.Name, auth_model.AccessTokenScopeReadRepository)
 
-	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all", owner.Name, repo.Name).
-		AddTokenAuth(ctx.Token)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all", repo.OwnerName, repo.Name).AddTokenAuth(ctx.Token)
 	resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
 
 	var pulls []*api.PullRequest
 	DecodeJSON(t, resp, &pulls)
-	expectedLen := unittest.GetCount(t, &issues_model.Issue{RepoID: repo.ID}, unittest.Cond("is_pull = ?", true))
-	assert.Len(t, pulls, expectedLen)
+	if assert.Len(t, pulls, 3) {
+		slices.SortFunc(pulls, func(a, b *api.PullRequest) int {
+			return cmp.Compare(a.ID, b.ID)
+		})
 
-	pull := pulls[0]
-	if assert.EqualValues(t, 5, pull.ID) {
-		resp = ctx.Session.MakeRequest(t, NewRequest(t, "GET", pull.DiffURL), http.StatusOK)
-		_, err := io.ReadAll(resp.Body)
-		require.NoError(t, err)
-		// TODO: use diff to generate stats to test against
+		assert.EqualValues(t, 1, pulls[0].ID)
+		assert.EqualValues(t, 2, pulls[0].Index)
 
-		t.Run(fmt.Sprintf("APIGetPullFiles_%d", pull.ID),
-			doAPIGetPullFiles(ctx, pull, func(t *testing.T, files []*api.ChangedFile) {
-				if assert.Len(t, files, 1) {
-					assert.Equal(t, "File-WoW", files[0].Filename)
-					assert.Empty(t, files[0].PreviousFilename)
-					assert.Equal(t, 1, files[0].Additions)
-					assert.Equal(t, 1, files[0].Changes)
-					assert.Equal(t, 0, files[0].Deletions)
-					assert.Equal(t, "added", files[0].Status)
-				}
-			}))
+		assert.EqualValues(t, 2, pulls[1].ID)
+		assert.EqualValues(t, 3, pulls[1].Index)
+
+		assert.EqualValues(t, 5, pulls[2].ID)
+		assert.EqualValues(t, 5, pulls[2].Index)
 	}
 }
 
+func TestAPIPullsFiles(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	ctx := NewAPITestContext(t, "user2", repo.Name, auth_model.AccessTokenScopeReadRepository)
+
+	t.Run("Pull 1", func(t *testing.T) {
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls/2/files", repo.OwnerName, repo.Name).AddTokenAuth(ctx.Token)
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+		var changedFiles []*api.ChangedFile
+		DecodeJSON(t, resp, &changedFiles)
+
+		assert.Empty(t, changedFiles)
+		assert.Equal(t, "0", resp.Header().Get("X-Total-Count"))
+		assert.Equal(t, "false", resp.Header().Get("X-HasMore"))
+	})
+
+	t.Run("Pull 2", func(t *testing.T) {
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls/3/files", repo.OwnerName, repo.Name).AddTokenAuth(ctx.Token)
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+		var changedFiles []*api.ChangedFile
+		DecodeJSON(t, resp, &changedFiles)
+
+		if assert.Len(t, changedFiles, 2) {
+			assert.Equal(t, "2", resp.Header().Get("X-Total-Count"))
+			assert.Equal(t, "false", resp.Header().Get("X-HasMore"))
+
+			assert.Equal(t, "3", changedFiles[0].Filename)
+			assert.Empty(t, changedFiles[0].PreviousFilename)
+			assert.Equal(t, "added", changedFiles[0].Status)
+			assert.Equal(t, 1, changedFiles[0].Changes)
+			assert.Equal(t, 1, changedFiles[0].Additions)
+			assert.Equal(t, 0, changedFiles[0].Deletions)
+			assert.Equal(t, setting.AppURL+"api/v1/repos/user2/repo1/contents/3?ref=5f22f7d0d95d614d25a5b68592adb345a4b5c7fd", changedFiles[0].ContentsURL)
+			assert.Equal(t, setting.AppURL+"user2/repo1/raw/commit/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd/3", changedFiles[0].RawURL)
+			assert.Equal(t, setting.AppURL+"user2/repo1/src/commit/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd/3", changedFiles[0].HTMLURL)
+
+			assert.Equal(t, "iso-8859-1.txt", changedFiles[1].Filename)
+			assert.Empty(t, changedFiles[1].PreviousFilename)
+			assert.Equal(t, "added", changedFiles[1].Status)
+			assert.Equal(t, 10, changedFiles[1].Changes)
+			assert.Equal(t, 10, changedFiles[1].Additions)
+			assert.Equal(t, 0, changedFiles[1].Deletions)
+			assert.Equal(t, setting.AppURL+"api/v1/repos/user2/repo1/contents/iso-8859-1.txt?ref=5f22f7d0d95d614d25a5b68592adb345a4b5c7fd", changedFiles[1].ContentsURL)
+			assert.Equal(t, setting.AppURL+"user2/repo1/raw/commit/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd/iso-8859-1.txt", changedFiles[1].RawURL)
+			assert.Equal(t, setting.AppURL+"user2/repo1/src/commit/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd/iso-8859-1.txt", changedFiles[1].HTMLURL)
+		}
+	})
+
+	t.Run("Pull 5", func(t *testing.T) {
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls/5/files", repo.OwnerName, repo.Name).AddTokenAuth(ctx.Token)
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+		var changedFiles []*api.ChangedFile
+		DecodeJSON(t, resp, &changedFiles)
+
+		if assert.Len(t, changedFiles, 1) {
+			assert.Equal(t, "1", resp.Header().Get("X-Total-Count"))
+			assert.Equal(t, "false", resp.Header().Get("X-HasMore"))
+
+			assert.Equal(t, "File-WoW", changedFiles[0].Filename)
+			assert.Empty(t, changedFiles[0].PreviousFilename)
+			assert.Equal(t, "added", changedFiles[0].Status)
+			assert.Equal(t, 1, changedFiles[0].Changes)
+			assert.Equal(t, 1, changedFiles[0].Additions)
+			assert.Equal(t, 0, changedFiles[0].Deletions)
+			assert.Equal(t, setting.AppURL+"api/v1/repos/user2/repo1/contents/File-WoW?ref=62fb502a7172d4453f0322a2cc85bddffa57f07a", changedFiles[0].ContentsURL)
+			assert.Equal(t, setting.AppURL+"user2/repo1/raw/commit/62fb502a7172d4453f0322a2cc85bddffa57f07a/File-WoW", changedFiles[0].RawURL)
+			assert.Equal(t, setting.AppURL+"user2/repo1/src/commit/62fb502a7172d4453f0322a2cc85bddffa57f07a/File-WoW", changedFiles[0].HTMLURL)
+		}
+	})
+
+	t.Run("Pull 7", func(t *testing.T) {
+		req := NewRequest(t, "GET", "/api/v1/repos/user2/commitsonpr/pulls/1/files?limit=3").AddTokenAuth(ctx.Token)
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+		var changedFiles []*api.ChangedFile
+		DecodeJSON(t, resp, &changedFiles)
+
+		if assert.Len(t, changedFiles, 3) {
+			assert.Equal(t, "10", resp.Header().Get("X-Total-Count"))
+			assert.Equal(t, "true", resp.Header().Get("X-HasMore"))
+			assert.Equal(t, "1", resp.Header().Get("X-Page"))
+			assert.Equal(t, "3", resp.Header().Get("X-PerPage"))
+			assert.Equal(t, "4", resp.Header().Get("X-PageCount"))
+
+			assert.Equal(t, "test1.txt", changedFiles[0].Filename)
+			assert.Empty(t, changedFiles[0].PreviousFilename)
+			assert.Equal(t, "added", changedFiles[0].Status)
+			assert.Equal(t, 1, changedFiles[0].Changes)
+			assert.Equal(t, 1, changedFiles[0].Additions)
+			assert.Equal(t, 0, changedFiles[0].Deletions)
+			assert.Equal(t, setting.AppURL+"api/v1/repos/user2/commitsonpr/contents/test1.txt?ref=9b93963cf6de4dc33f915bb67f192d099c301f43", changedFiles[0].ContentsURL)
+			assert.Equal(t, setting.AppURL+"user2/commitsonpr/raw/commit/9b93963cf6de4dc33f915bb67f192d099c301f43/test1.txt", changedFiles[0].RawURL)
+			assert.Equal(t, setting.AppURL+"user2/commitsonpr/src/commit/9b93963cf6de4dc33f915bb67f192d099c301f43/test1.txt", changedFiles[0].HTMLURL)
+
+			assert.Equal(t, "test10.txt", changedFiles[1].Filename)
+			assert.Empty(t, changedFiles[1].PreviousFilename)
+			assert.Equal(t, "added", changedFiles[1].Status)
+			assert.Equal(t, 1, changedFiles[1].Changes)
+			assert.Equal(t, 1, changedFiles[1].Additions)
+			assert.Equal(t, 0, changedFiles[1].Deletions)
+			assert.Equal(t, setting.AppURL+"api/v1/repos/user2/commitsonpr/contents/test10.txt?ref=9b93963cf6de4dc33f915bb67f192d099c301f43", changedFiles[1].ContentsURL)
+			assert.Equal(t, setting.AppURL+"user2/commitsonpr/raw/commit/9b93963cf6de4dc33f915bb67f192d099c301f43/test10.txt", changedFiles[1].RawURL)
+			assert.Equal(t, setting.AppURL+"user2/commitsonpr/src/commit/9b93963cf6de4dc33f915bb67f192d099c301f43/test10.txt", changedFiles[1].HTMLURL)
+
+			assert.Equal(t, "test2.txt", changedFiles[2].Filename)
+			assert.Empty(t, changedFiles[2].PreviousFilename)
+			assert.Equal(t, "added", changedFiles[2].Status)
+			assert.Equal(t, 1, changedFiles[2].Changes)
+			assert.Equal(t, 1, changedFiles[2].Additions)
+			assert.Equal(t, 0, changedFiles[2].Deletions)
+			assert.Equal(t, setting.AppURL+"api/v1/repos/user2/commitsonpr/contents/test2.txt?ref=9b93963cf6de4dc33f915bb67f192d099c301f43", changedFiles[2].ContentsURL)
+			assert.Equal(t, setting.AppURL+"user2/commitsonpr/raw/commit/9b93963cf6de4dc33f915bb67f192d099c301f43/test2.txt", changedFiles[2].RawURL)
+			assert.Equal(t, setting.AppURL+"user2/commitsonpr/src/commit/9b93963cf6de4dc33f915bb67f192d099c301f43/test2.txt", changedFiles[2].HTMLURL)
+		}
+	})
+}
+
 func TestAPIViewPullsByBaseHead(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
@@ -126,8 +239,13 @@ func TestAPICreatePullSuccess(t *testing.T) {
 		Base:  "master",
 		Title: "create a failure pr",
 	}).AddTokenAuth(token)
-	MakeRequest(t, req, http.StatusCreated)
+	res := MakeRequest(t, req, http.StatusCreated)
 	MakeRequest(t, req, http.StatusUnprocessableEntity) // second request should fail
+
+	pull := new(api.PullRequest)
+	DecodeJSON(t, res, pull)
+
+	assert.Equal(t, "65f1bf27bc3bf70f64657658635e66094edbcb4d", pull.MergeBase)
 }
 
 func TestAPICreatePullSameRepoSuccess(t *testing.T) {
@@ -143,8 +261,13 @@ func TestAPICreatePullSameRepoSuccess(t *testing.T) {
 		Base:  "master",
 		Title: "successfully create a PR between branches of the same repository",
 	}).AddTokenAuth(token)
-	MakeRequest(t, req, http.StatusCreated)
+	res := MakeRequest(t, req, http.StatusCreated)
 	MakeRequest(t, req, http.StatusUnprocessableEntity) // second request should fail
+
+	pull := new(api.PullRequest)
+	DecodeJSON(t, res, pull)
+
+	assert.Equal(t, "65f1bf27bc3bf70f64657658635e66094edbcb4d", pull.MergeBase)
 }
 
 func TestAPICreatePullWithFieldsSuccess(t *testing.T) {
@@ -295,26 +418,8 @@ func TestAPIForkDifferentName(t *testing.T) {
 	MakeRequest(t, req, http.StatusCreated)
 }
 
-func doAPIGetPullFiles(ctx APITestContext, pr *api.PullRequest, callback func(*testing.T, []*api.ChangedFile)) func(*testing.T) {
-	return func(t *testing.T) {
-		req := NewRequest(t, http.MethodGet, fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d/files", ctx.Username, ctx.Reponame, pr.Index)).
-			AddTokenAuth(ctx.Token)
-		if ctx.ExpectedCode == 0 {
-			ctx.ExpectedCode = http.StatusOK
-		}
-		resp := ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-
-		files := make([]*api.ChangedFile, 0, 1)
-		DecodeJSON(t, resp, &files)
-
-		if callback != nil {
-			callback(t, files)
-		}
-	}
-}
-
 func TestAPIPullDeleteBranchPerms(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		user2Session := loginUser(t, "user2")
 		user4Session := loginUser(t, "user4")
 		testRepoFork(t, user4Session, "user2", "repo1", "user4", "repo1")
diff --git a/tests/integration/api_push_mirror_test.go b/tests/integration/api_push_mirror_test.go
index 48976fd5eb..14af184048 100644
--- a/tests/integration/api_push_mirror_test.go
+++ b/tests/integration/api_push_mirror_test.go
@@ -40,7 +40,7 @@ import (
 )
 
 func TestAPIPushMirror(t *testing.T) {
-	onGiteaRun(t, testAPIPushMirror)
+	onApplicationRun(t, testAPIPushMirror)
 }
 
 func testAPIPushMirror(t *testing.T, u *url.URL) {
@@ -144,7 +144,7 @@ func testAPIPushMirror(t *testing.T, u *url.URL) {
 }
 
 func TestAPIPushMirrorBranchFilter(t *testing.T) {
-	onGiteaRun(t, testAPIPushMirrorBranchFilter)
+	onApplicationRun(t, testAPIPushMirrorBranchFilter)
 }
 
 func testAPIPushMirrorBranchFilter(t *testing.T, u *url.URL) {
@@ -302,7 +302,7 @@ func TestAPIPushMirrorSSH(t *testing.T) {
 		t.Skip("SSH executable not present")
 	}
 
-	onGiteaRun(t, func(t *testing.T, _ *url.URL) {
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
 		defer test.MockVariableValue(&setting.SSH.RootPath, t.TempDir())()
diff --git a/tests/integration/api_quota_use_test.go b/tests/integration/api_quota_use_test.go
index 1e3d41428a..1d1cf6062c 100644
--- a/tests/integration/api_quota_use_test.go
+++ b/tests/integration/api_quota_use_test.go
@@ -288,7 +288,7 @@ func prepareQuotaEnv(t *testing.T, username string) *quotaEnv {
 }
 
 func TestAPIQuotaUserCleanSlate(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Quota.Enabled, true)()
 		defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 
@@ -308,13 +308,13 @@ func TestAPIQuotaUserCleanSlate(t *testing.T) {
 }
 
 func TestAPIQuotaEnforcement(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		testAPIQuotaEnforcement(t)
 	})
 }
 
 func TestAPIQuotaCountsTowardsCorrectUser(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := prepareQuotaEnv(t, "quota-correct-user-test")
 		defer env.Cleanup()
 		env.SetupWithSingleQuotaRule(t)
@@ -350,7 +350,7 @@ func TestAPIQuotaCountsTowardsCorrectUser(t *testing.T) {
 }
 
 func TestAPIQuotaError(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := prepareQuotaEnv(t, "quota-enforcement")
 		defer env.Cleanup()
 		env.SetupWithSingleQuotaRule(t)
@@ -1288,7 +1288,7 @@ func testAPIQuotaEnforcement(t *testing.T) {
 }
 
 func TestAPIQuotaOrgQuotaQuery(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := prepareQuotaEnv(t, "quota-enforcement")
 		defer env.Cleanup()
 
@@ -1315,7 +1315,7 @@ func TestAPIQuotaOrgQuotaQuery(t *testing.T) {
 }
 
 func TestAPIQuotaUserBasics(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := prepareQuotaEnv(t, "quota-enforcement")
 		defer env.Cleanup()
 
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index 348ff45ed9..1875f3269e 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -5,6 +5,7 @@ package integration
 
 import (
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -21,6 +22,7 @@ import (
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestActionsAPISearchActionJobs_RepoRunner(t *testing.T) {
@@ -48,7 +50,7 @@ func TestActionsAPISearchActionJobs_RepoRunner(t *testing.T) {
 }
 
 func TestActionsAPIWorkflowDispatchReturnInfo(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		workflowName := "dispatch.yml"
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		token := getUserToken(t, user2.LowerName, auth_model.AccessTokenScopeWriteRepository)
@@ -99,6 +101,24 @@ jobs:
 		assert.NotZero(t, run.ID)
 		assert.NotZero(t, run.RunNumber)
 		assert.Len(t, run.Jobs, 2)
+
+		req = NewRequestWithJSON(
+			t,
+			http.MethodPost,
+			fmt.Sprintf(
+				"/api/v1/repos/%s/%s/actions/workflows/%s/dispatches",
+				repo.OwnerName, repo.Name, workflowName,
+			),
+			&api.DispatchWorkflowOption{
+				Ref:           repo.DefaultBranch,
+				ReturnRunInfo: false,
+			},
+		)
+		req.AddTokenAuth(token)
+		res = MakeRequest(t, req, http.StatusNoContent)
+		body, err := io.ReadAll(res.Body)
+		require.NoError(t, err)
+		assert.Empty(t, body) // 204 No Content doesn't support a body, so should be empty
 	})
 }
 
diff --git a/tests/integration/api_repo_branch_test.go b/tests/integration/api_repo_branch_test.go
index 6ffe40ff44..a80ced6f12 100644
--- a/tests/integration/api_repo_branch_test.go
+++ b/tests/integration/api_repo_branch_test.go
@@ -25,7 +25,7 @@ import (
 )
 
 func TestAPIRepoBranchesPlain(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
 		user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 		session := loginUser(t, user1.LowerName)
diff --git a/tests/integration/api_repo_collaborator_test.go b/tests/integration/api_repo_collaborator_test.go
index 61f4f578d7..e7a19375a4 100644
--- a/tests/integration/api_repo_collaborator_test.go
+++ b/tests/integration/api_repo_collaborator_test.go
@@ -19,7 +19,7 @@ import (
 )
 
 func TestAPIRepoCollaboratorPermission(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
 		repo2Owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo2.OwnerID})
 
diff --git a/tests/integration/api_repo_compare_test.go b/tests/integration/api_repo_compare_test.go
index 1724924fdc..42f997eb7d 100644
--- a/tests/integration/api_repo_compare_test.go
+++ b/tests/integration/api_repo_compare_test.go
@@ -27,7 +27,7 @@ func TestAPICompareCommits(t *testing.T) {
 }
 
 func testAPICompareCommits(t *testing.T, objectFormat git.ObjectFormat) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		newBranchAndFile := func(ctx APITestContext, user *user_model.User, branch, filename string) func(*testing.T) {
 			return func(t *testing.T) {
 				doAPICreateFile(ctx, filename, &api.CreateFileOptions{
diff --git a/tests/integration/api_repo_file_create_test.go b/tests/integration/api_repo_file_create_test.go
index 4916ef97ef..536246d42e 100644
--- a/tests/integration/api_repo_file_create_test.go
+++ b/tests/integration/api_repo_file_create_test.go
@@ -116,7 +116,7 @@ func getExpectedFileResponseForCreate(repoFullName, commitID, treePath, latestCo
 }
 
 func BenchmarkAPICreateFileSmall(b *testing.B) {
-	onGiteaRun(b, func(b *testing.B, u *url.URL) {
+	onApplicationRun(b, func(b *testing.B, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(b, &user_model.User{ID: 2})       // owner of the repo1 & repo16
 		repo1 := unittest.AssertExistsAndLoadBean(b, &repo_model.Repository{ID: 1}) // public repo
 
@@ -131,7 +131,7 @@ func BenchmarkAPICreateFileSmall(b *testing.B) {
 func BenchmarkAPICreateFileMedium(b *testing.B) {
 	data := make([]byte, 10*1024*1024)
 
-	onGiteaRun(b, func(b *testing.B, u *url.URL) {
+	onApplicationRun(b, func(b *testing.B, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(b, &user_model.User{ID: 2})       // owner of the repo1 & repo16
 		repo1 := unittest.AssertExistsAndLoadBean(b, &repo_model.Repository{ID: 1}) // public repo
 
@@ -145,7 +145,7 @@ func BenchmarkAPICreateFileMedium(b *testing.B) {
 }
 
 func TestAPICreateFile(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})         // owner of the repo1 & repo16
 		org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})          // owner of the repo3, is an org
 		user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})         // owner of neither repos
diff --git a/tests/integration/api_repo_file_delete_test.go b/tests/integration/api_repo_file_delete_test.go
index 428ef37e34..e50f170e74 100644
--- a/tests/integration/api_repo_file_delete_test.go
+++ b/tests/integration/api_repo_file_delete_test.go
@@ -38,7 +38,7 @@ func getDeleteFileOptions() *api.DeleteFileOptions {
 }
 
 func TestAPIDeleteFile(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})         // owner of the repo1 & repo16
 		org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})          // owner of the repo3, is an org
 		user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})         // owner of neither repos
diff --git a/tests/integration/api_repo_file_get_test.go b/tests/integration/api_repo_file_get_test.go
index ab82e5cf15..ba3862569b 100644
--- a/tests/integration/api_repo_file_get_test.go
+++ b/tests/integration/api_repo_file_get_test.go
@@ -17,7 +17,7 @@ import (
 )
 
 func TestAPIGetRawFileOrLFS(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		t.Run("Normal raw file", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
diff --git a/tests/integration/api_repo_file_update_test.go b/tests/integration/api_repo_file_update_test.go
index 878d865aff..1890544035 100644
--- a/tests/integration/api_repo_file_update_test.go
+++ b/tests/integration/api_repo_file_update_test.go
@@ -107,7 +107,7 @@ func getExpectedFileResponseForUpdate(commitID, treePath, lastCommitSHA string)
 }
 
 func TestAPIUpdateFile(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})         // owner of the repo1 & repo16
 		org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})          // owner of the repo3, is an org
 		user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})         // owner of neither repos
diff --git a/tests/integration/api_repo_files_change_test.go b/tests/integration/api_repo_files_change_test.go
index 6b1edd047b..341464f1de 100644
--- a/tests/integration/api_repo_files_change_test.go
+++ b/tests/integration/api_repo_files_change_test.go
@@ -60,7 +60,7 @@ func getChangeFilesOptions() *api.ChangeFilesOptions {
 }
 
 func TestAPIChangeFiles(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})         // owner of the repo1 & repo16
 		org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})          // owner of the repo3, is an org
 		user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})         // owner of neither repos
diff --git a/tests/integration/api_repo_get_contents_list_test.go b/tests/integration/api_repo_get_contents_list_test.go
index 7d010ffdf1..f86885913c 100644
--- a/tests/integration/api_repo_get_contents_list_test.go
+++ b/tests/integration/api_repo_get_contents_list_test.go
@@ -54,7 +54,7 @@ func getExpectedContentsListResponseForContents(ref, refType, lastCommitSHA stri
 }
 
 func TestAPIGetContentsList(t *testing.T) {
-	onGiteaRun(t, testAPIGetContentsList)
+	onApplicationRun(t, testAPIGetContentsList)
 }
 
 func testAPIGetContentsList(t *testing.T, u *url.URL) {
diff --git a/tests/integration/api_repo_get_contents_test.go b/tests/integration/api_repo_get_contents_test.go
index 47ac4cfc03..52c83cdab6 100644
--- a/tests/integration/api_repo_get_contents_test.go
+++ b/tests/integration/api_repo_get_contents_test.go
@@ -56,7 +56,7 @@ func getExpectedContentsResponseForContents(ref, refType, lastCommitSHA string)
 }
 
 func TestAPIGetContents(t *testing.T) {
-	onGiteaRun(t, testAPIGetContents)
+	onApplicationRun(t, testAPIGetContents)
 }
 
 func testAPIGetContents(t *testing.T, u *url.URL) {
@@ -171,7 +171,7 @@ func testAPIGetContents(t *testing.T, u *url.URL) {
 }
 
 func TestAPIGetContentsRefFormats(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		file := "README.md"
 		sha := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
 		content := "# repo1\n\nDescription for repo1"
diff --git a/tests/integration/api_repo_git_notes_test.go b/tests/integration/api_repo_git_notes_test.go
index dfafec7135..2e55ac25b1 100644
--- a/tests/integration/api_repo_git_notes_test.go
+++ b/tests/integration/api_repo_git_notes_test.go
@@ -19,7 +19,7 @@ import (
 )
 
 func TestAPIReposGetGitNotes(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		// Login as User2.
 		session := loginUser(t, user.Name)
@@ -48,7 +48,7 @@ func TestAPIReposGetGitNotes(t *testing.T) {
 }
 
 func TestAPIReposSetGitNotes(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
@@ -76,7 +76,7 @@ func TestAPIReposSetGitNotes(t *testing.T) {
 }
 
 func TestAPIReposDeleteGitNotes(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
diff --git a/tests/integration/api_repo_languages_test.go b/tests/integration/api_repo_languages_test.go
index d9a7f38db1..ef80037573 100644
--- a/tests/integration/api_repo_languages_test.go
+++ b/tests/integration/api_repo_languages_test.go
@@ -12,7 +12,7 @@ import (
 )
 
 func TestRepoLanguages(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user2")
 
 		// Request editor page
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index e81f4307ee..1c17d5e04f 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -402,7 +402,7 @@ func TestAPIRepoMigrate(t *testing.T) {
 }
 
 func TestAPIRepoMigrateConflict(t *testing.T) {
-	onGiteaRun(t, testAPIRepoMigrateConflict)
+	onApplicationRun(t, testAPIRepoMigrateConflict)
 }
 
 func testAPIRepoMigrateConflict(t *testing.T, u *url.URL) {
@@ -485,7 +485,7 @@ func TestAPIOrgRepoCreate(t *testing.T) {
 }
 
 func TestAPIRepoCreateConflict(t *testing.T) {
-	onGiteaRun(t, testAPIRepoCreateConflict)
+	onApplicationRun(t, testAPIRepoCreateConflict)
 }
 
 func testAPIRepoCreateConflict(t *testing.T, u *url.URL) {
diff --git a/tests/integration/api_wiki_test.go b/tests/integration/api_wiki_test.go
index 1720587dd4..d1a4102060 100644
--- a/tests/integration/api_wiki_test.go
+++ b/tests/integration/api_wiki_test.go
@@ -432,7 +432,7 @@ func TestAPIListPageRevisions(t *testing.T) {
 }
 
 func TestAPIWikiNonMasterBranch(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, _ *url.URL) {
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
 			WikiBranch: optional.Some("main"),
diff --git a/tests/integration/archived_labels_display_test.go b/tests/integration/archived_labels_display_test.go
index c9748f81d6..4c9c605a10 100644
--- a/tests/integration/archived_labels_display_test.go
+++ b/tests/integration/archived_labels_display_test.go
@@ -14,7 +14,7 @@ import (
 )
 
 func TestArchivedLabelVisualProperties(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user2")
 
 		// Create labels
diff --git a/tests/integration/benchmarks_test.go b/tests/integration/benchmarks_test.go
index 40875e0c7d..1aa3b821c2 100644
--- a/tests/integration/benchmarks_test.go
+++ b/tests/integration/benchmarks_test.go
@@ -24,7 +24,7 @@ func StringWithCharset(length int, charset string) string {
 }
 
 func BenchmarkRepoBranchCommit(b *testing.B) {
-	onGiteaRun(b, func(b *testing.B, u *url.URL) {
+	onApplicationRun(b, func(b *testing.B, u *url.URL) {
 		samples := []int64{1, 2, 3}
 		b.ResetTimer()
 
diff --git a/tests/integration/branches_test.go b/tests/integration/branches_test.go
index c599106866..3b3f423391 100644
--- a/tests/integration/branches_test.go
+++ b/tests/integration/branches_test.go
@@ -12,13 +12,13 @@ import (
 	git_model "forgejo.org/models/git"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 
 	"github.com/stretchr/testify/assert"
 )
 
 func TestBranchActions(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user2")
 		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 		branch3 := unittest.AssertExistsAndLoadBean(t, &git_model.Branch{ID: 3, RepoID: repo1.ID})
@@ -35,7 +35,7 @@ func TestBranchActions(t *testing.T) {
 				"_csrf": GetCSRF(t, session, branchesLink),
 			})
 			session.MakeRequest(t, req, http.StatusOK)
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Contains(t, flashCookie.Value, "success%3DBranch%2B%2522branch2%2522%2Bhas%2Bbeen%2Bdeleted.")
 
@@ -48,7 +48,7 @@ func TestBranchActions(t *testing.T) {
 				"_csrf": GetCSRF(t, session, branchesLink),
 			})
 			session.MakeRequest(t, req, http.StatusOK)
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Contains(t, flashCookie.Value, "success%3DBranch%2B%2522branch2%2522%2Bhas%2Bbeen%2Brestored")
 
diff --git a/tests/integration/cmd_admin_test.go b/tests/integration/cmd_admin_test.go
index c06f7f7213..ea07b9bf3e 100644
--- a/tests/integration/cmd_admin_test.go
+++ b/tests/integration/cmd_admin_test.go
@@ -20,7 +20,7 @@ import (
 )
 
 func Test_Cmd_AdminUser(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		for i, testCase := range []struct {
 			name               string
 			options            []string
@@ -76,7 +76,7 @@ func Test_Cmd_AdminUser(t *testing.T) {
 }
 
 func Test_Cmd_AdminFirstUser(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		for _, testCase := range []struct {
 			name               string
 			options            []string
@@ -133,7 +133,7 @@ func Test_Cmd_AdminFirstUser(t *testing.T) {
 			},
 		} {
 			t.Run(testCase.name, func(t *testing.T) {
-				db.GetEngine(db.DefaultContext).Exec("DELETE FROM `user`")
+				db.TruncateBeansCascade(db.DefaultContext, user_model.User{})
 				db.GetEngine(db.DefaultContext).Exec("DELETE FROM `email_address`")
 				assert.Equal(t, int64(0), user_model.CountUsers(db.DefaultContext, nil))
 				name := "testuser"
@@ -152,7 +152,7 @@ func Test_Cmd_AdminFirstUser(t *testing.T) {
 }
 
 func Test_Cmd_AdminUserResetMFA(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		name := "testuser"
 
 		options := []string{"user", "create", "--username", name, "--password", "password", "--email", name + "@example.com"}
diff --git a/tests/integration/cmd_forgejo_actions_test.go b/tests/integration/cmd_forgejo_actions_test.go
index 9d7db42c2e..653ff65a9d 100644
--- a/tests/integration/cmd_forgejo_actions_test.go
+++ b/tests/integration/cmd_forgejo_actions_test.go
@@ -21,7 +21,7 @@ import (
 )
 
 func TestActions_CmdForgejo_Actions(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		token, err := runMainApp("forgejo-cli", "actions", "generate-runner-token")
 		require.NoError(t, err)
 		assert.Len(t, token, 40)
diff --git a/tests/integration/cmd_keys_test.go b/tests/integration/cmd_keys_test.go
index 55d97a3a1d..edc44056b3 100644
--- a/tests/integration/cmd_keys_test.go
+++ b/tests/integration/cmd_keys_test.go
@@ -17,7 +17,7 @@ import (
 )
 
 func Test_CmdKeys(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		tests := []struct {
 			name           string
 			args           []string
diff --git a/tests/integration/codeowner_test.go b/tests/integration/codeowner_test.go
index 51468ffe09..632f07b647 100644
--- a/tests/integration/codeowner_test.go
+++ b/tests/integration/codeowner_test.go
@@ -204,7 +204,7 @@ type CodeownerTest struct {
 }
 
 func TestCodeOwner(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		tests := []CodeownerTest{
 			{Name: "root", Path: "CODEOWNERS"},
 			{Name: "docs", Path: "docs/CODEOWNERS"},
diff --git a/tests/integration/comment_roles_test.go b/tests/integration/comment_roles_test.go
index 63b5d5f7cc..d5346e444e 100644
--- a/tests/integration/comment_roles_test.go
+++ b/tests/integration/comment_roles_test.go
@@ -29,7 +29,7 @@ func TestCommentRoles(t *testing.T) {
 	newContributorTooltip := locale.TrString("repo.issues.role.first_time_contributor_helper")
 
 	// Test pulls
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		sessionUser1 := loginUser(t, "user1")
 		sessionUser2 := loginUser(t, "user2")
 		sessionUser11 := loginUser(t, "user11")
@@ -109,7 +109,7 @@ func TestCommentRoles(t *testing.T) {
 	})
 
 	// Test issues
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		sessionUser1 := loginUser(t, "user1")
 		sessionUser2 := loginUser(t, "user2")
 		sessionUser5 := loginUser(t, "user5")
diff --git a/tests/integration/compare_test.go b/tests/integration/compare_test.go
index 581aa67659..396c1c22ad 100644
--- a/tests/integration/compare_test.go
+++ b/tests/integration/compare_test.go
@@ -242,7 +242,7 @@ func TestCompareBranches(t *testing.T) {
 }
 
 func TestCompareWithPRsDisabled(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testCreateBranch(t, session, "user1", "repo1", "branch/master", "recent-push", http.StatusSeeOther)
@@ -303,7 +303,7 @@ func TestCompareWithPRsDisabled(t *testing.T) {
 }
 
 func TestCompareCrossRepo(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1-copy")
 		testCreateBranch(t, session, "user1", "repo1-copy", "branch/master", "recent-push", http.StatusSeeOther)
@@ -332,7 +332,7 @@ func TestCompareCrossRepo(t *testing.T) {
 }
 
 func TestCompareCodeExpand(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 
 		// Create a new repository, with a file that has many lines
@@ -405,7 +405,7 @@ func TestCompareCodeExpand(t *testing.T) {
 }
 
 func TestCompareSignedIn(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		// Setup the test with a connected user
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
diff --git a/tests/integration/dump_restore_test.go b/tests/integration/dump_restore_test.go
index daf95eb631..592af6ad87 100644
--- a/tests/integration/dump_restore_test.go
+++ b/tests/integration/dump_restore_test.go
@@ -28,7 +28,7 @@ import (
 )
 
 func TestDumpRestore(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		AllowLocalNetworks := setting.Migrations.AllowLocalNetworks
 		setting.Migrations.AllowLocalNetworks = true
 		AppVer := setting.AppVer
diff --git a/tests/integration/editor_test.go b/tests/integration/editor_test.go
index b6faf8a118..7909560e86 100644
--- a/tests/integration/editor_test.go
+++ b/tests/integration/editor_test.go
@@ -21,7 +21,7 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/translation"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -29,7 +29,7 @@ import (
 )
 
 func TestCreateFileOnProtectedBranch(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user2")
 
 		csrf := GetCSRF(t, session, "/user2/repo1/settings/branches")
@@ -41,7 +41,7 @@ func TestCreateFileOnProtectedBranch(t *testing.T) {
 		})
 		session.MakeRequest(t, req, http.StatusSeeOther)
 		// Check if master branch has been locked successfully
-		flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Equal(t, "success%3DBranch%2Bprotection%2Bfor%2Brule%2B%2522master%2522%2Bhas%2Bbeen%2Bupdated.", flashCookie.Value)
 
@@ -82,7 +82,7 @@ func TestCreateFileOnProtectedBranch(t *testing.T) {
 		assert.Equal(t, "/user2/repo1/settings/branches", res["redirect"])
 
 		// Check if master branch has been locked successfully
-		flashCookie = session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie = session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Equal(t, "error%3DRemoving%2Bbranch%2Bprotection%2Brule%2B%25221%2522%2Bfailed.", flashCookie.Value)
 	})
@@ -150,14 +150,14 @@ func testEditFileToNewBranch(t *testing.T, session *TestSession, user, repo, bra
 }
 
 func TestEditFile(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user2")
 		testEditFile(t, session, "user2", "repo1", "master", "README.md", "Hello, World (Edited)\n")
 	})
 }
 
 func TestEditFileToNewBranch(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user2")
 		testEditFileToNewBranch(t, session, "user2", "repo1", "master", "feature/test", "README.md", "Hello, World (Edited)\n")
 	})
@@ -177,7 +177,7 @@ func TestEditorAddTranslation(t *testing.T) {
 }
 
 func TestCommitMail(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, _ *url.URL) {
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		// Require that the user has KeepEmailPrivate enabled, because it needs
 		// to be tested that even with this setting enabled, it will use the
@@ -407,22 +407,26 @@ func TestCommitMail(t *testing.T) {
 
 			file1UUID := uploadFile(t, "upload_file_1", "Uploaded a file!")
 			file2UUID := uploadFile(t, "upload_file_2", "Uploaded another file!")
+			file1UUIDFullpathKey := fmt.Sprintf("files_fullpath[%s]", file1UUID)
+			file2UUIDFullpathKey := fmt.Sprintf("files_fullpath[%s]", file2UUID)
 
 			assertCase(t, caseOpts{
 				fileName:       "upload_file_1",
 				link:           "user2/repo1/_upload/master",
 				skipLastCommit: true,
 				base: map[string]string{
-					"commit_choice": "direct",
-					"files":         file1UUID,
+					"commit_choice":      "direct",
+					"files":              file1UUID,
+					file1UUIDFullpathKey: "upload_file_1",
 				},
 			}, caseOpts{
 				fileName:       "upload_file_2",
 				link:           "user2/repo1/_upload/master",
 				skipLastCommit: true,
 				base: map[string]string{
-					"commit_choice": "direct",
-					"files":         file2UUID,
+					"commit_choice":      "direct",
+					"files":              file2UUID,
+					file2UUIDFullpathKey: "upload_file_2",
 				},
 			},
 			)
diff --git a/tests/integration/empty_repo_test.go b/tests/integration/empty_repo_test.go
index 151f9450bd..ba5db5ded4 100644
--- a/tests/integration/empty_repo_test.go
+++ b/tests/integration/empty_repo_test.go
@@ -6,6 +6,7 @@ package integration
 import (
 	"bytes"
 	"encoding/base64"
+	"fmt"
 	"io"
 	"mime/multipart"
 	"net/http"
@@ -88,11 +89,12 @@ func TestEmptyRepoUploadFile(t *testing.T) {
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	respMap := map[string]string{}
 	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &respMap))
-
+	filesFullpathKey := fmt.Sprintf("files_fullpath[%s]", respMap["uuid"])
 	req = NewRequestWithValues(t, "POST", "/user30/empty/_upload/"+setting.Repository.DefaultBranch, map[string]string{
 		"_csrf":          GetCSRF(t, session, "/user/settings"),
 		"commit_choice":  "direct",
 		"files":          respMap["uuid"],
+		filesFullpathKey: "uploaded-file.txt",
 		"tree_path":      "",
 		"commit_mail_id": "-1",
 	})
diff --git a/tests/integration/explore_org_test.go b/tests/integration/explore_org_test.go
index 111fd2dda7..aeefefa07f 100644
--- a/tests/integration/explore_org_test.go
+++ b/tests/integration/explore_org_test.go
@@ -1,4 +1,5 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package integration
@@ -31,7 +32,7 @@ func TestExploreOrg(t *testing.T) {
 		req := NewRequest(t, "GET", "/explore/organizations?sort="+c.sortOrder)
 		resp := MakeRequest(t, req, http.StatusOK)
 		h := NewHTMLParser(t, resp.Body)
-		href, _ := h.Find(`.ui.dropdown .menu a.active.item[href^="?sort="]`).Attr("href")
+		href, _ := h.Find(`.list-header details.dropdown > ul > li > a.active[href^="?sort="]`).Attr("href")
 		assert.Equal(t, c.expected, href)
 	}
 
diff --git a/tests/integration/explore_user_test.go b/tests/integration/explore_user_test.go
index 689e623e69..2d46bf2d6e 100644
--- a/tests/integration/explore_user_test.go
+++ b/tests/integration/explore_user_test.go
@@ -1,4 +1,5 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package integration
@@ -31,7 +32,7 @@ func TestExploreUser(t *testing.T) {
 		req := NewRequest(t, "GET", "/explore/users?sort="+c.sortOrder)
 		resp := MakeRequest(t, req, http.StatusOK)
 		h := NewHTMLParser(t, resp.Body)
-		href, _ := h.Find(`.ui.dropdown .menu a.active.item[href^="?sort="]`).Attr("href")
+		href, _ := h.Find(`.list-header details.dropdown > ul > li > a.active[href^="?sort="]`).Attr("href")
 		assert.Equal(t, c.expected, href)
 	}
 
diff --git a/tests/integration/fixtures/TestActionConcurrencyGroupQueue/action_run.yml b/tests/integration/fixtures/TestActionConcurrencyGroupQueue/action_run.yml
new file mode 100644
index 0000000000..f2cc456b8d
--- /dev/null
+++ b/tests/integration/fixtures/TestActionConcurrencyGroupQueue/action_run.yml
@@ -0,0 +1,21 @@
+-
+  id: 500
+  index: 1
+  status: 5 # StatusWaiting
+  repo_id: 4
+  concurrency_group: abc123
+  concurrency_type: 1 # QueueBehind
+-
+  id: 501
+  index: 2
+  status: 5 # StatusWaiting
+  repo_id: 4
+  concurrency_group: abc123
+  concurrency_type: 1 # QueueBehind
+-
+  id: 502
+  index: 3
+  status: 5 # StatusWaiting
+  repo_id: 4
+  concurrency_group: abc123
+  concurrency_type: 1 # QueueBehind
diff --git a/tests/integration/fixtures/TestActionConcurrencyGroupQueue/action_run_job.yml b/tests/integration/fixtures/TestActionConcurrencyGroupQueue/action_run_job.yml
new file mode 100644
index 0000000000..c8c12085d3
--- /dev/null
+++ b/tests/integration/fixtures/TestActionConcurrencyGroupQueue/action_run_job.yml
@@ -0,0 +1,42 @@
+-
+  id: 500
+  run_id: 500
+  repo_id: 4
+  owner_id: 1
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: job_1
+  task_id: 0
+  status: 5 # StatusWaiting
+  runs_on: '["fedora"]'
+  created: 1758848614
+-
+  id: 501
+  run_id: 501
+  repo_id: 4
+  owner_id: 1
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: job_1
+  task_id: 0
+  status: 5 # StatusWaiting
+  runs_on: '["fedora"]'
+  created: 1758848614
+-
+  id: 502
+  run_id: 502
+  repo_id: 4
+  owner_id: 1
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: job_1
+  task_id: 0
+  status: 5 # StatusWaiting
+  runs_on: '["fedora"]'
+  created: 1758848614
diff --git a/tests/integration/fixtures/TestActionConcurrencyGroupQueue/action_runner.yml b/tests/integration/fixtures/TestActionConcurrencyGroupQueue/action_runner.yml
new file mode 100644
index 0000000000..d783f83110
--- /dev/null
+++ b/tests/integration/fixtures/TestActionConcurrencyGroupQueue/action_runner.yml
@@ -0,0 +1,7 @@
+-
+  id: 1004
+  uuid: "fb857e63-c0ce-4571-a6c9-fde26c128073"
+  name: "Global runner"
+  owner_id: 0
+  repo_id: 0
+  deleted: 0
diff --git a/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/action_run.yml b/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/action_run.yml
new file mode 100644
index 0000000000..07e88f868c
--- /dev/null
+++ b/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/action_run.yml
@@ -0,0 +1,18 @@
+-
+  id: 500
+  index: 1
+  status: 5 # StatusWaiting
+  repo_id: 62
+  owner_id: 2
+-
+  id: 501
+  index: 2
+  status: 5 # StatusWaiting
+  repo_id: 3
+  owner_id: 3
+-
+  id: 502
+  index: 2
+  status: 5 # StatusWaiting
+  repo_id: 1
+  owner_id: 2
diff --git a/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/action_run_job.yml b/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/action_run_job.yml
new file mode 100644
index 0000000000..17d5b6426a
--- /dev/null
+++ b/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/action_run_job.yml
@@ -0,0 +1,42 @@
+-
+  id: 500
+  run_id: 500
+  repo_id: 62
+  owner_id: 2
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: job_1
+  task_id: 0
+  status: 5 # StatusWaiting
+  runs_on: '["fedora"]'
+  created: 1758848614
+-
+  id: 501
+  run_id: 501
+  repo_id: 4
+  owner_id: 3
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: job_1
+  task_id: 0
+  status: 5 # StatusWaiting
+  runs_on: '["fedora"]'
+  created: 1758848614
+-
+  id: 502
+  run_id: 502
+  repo_id: 1
+  owner_id: 2
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: job_1
+  task_id: 0
+  status: 5 # StatusWaiting
+  runs_on: '["fedora"]'
+  created: 1758848614
diff --git a/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/action_runner.yml b/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/action_runner.yml
new file mode 100644
index 0000000000..95599b19bd
--- /dev/null
+++ b/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/action_runner.yml
@@ -0,0 +1,31 @@
+-
+  id: 1001
+  uuid: "43b5d4d3-401b-42f9-94df-a9d45b447b82"
+  name: "User runner"
+  owner_id: 2
+  repo_id: 0
+  deleted: 0
+
+-
+  id: 1002
+  uuid: "bdc77f4f-2b2b-442d-bd44-e808f4306347"
+  name: "Organisation runner"
+  owner_id: 3
+  repo_id: 0
+  deleted: 0
+
+-
+  id: 1003
+  uuid: "9268bc8c-efbf-4dbe-aeb5-945733cdd098"
+  name: "Repository runner"
+  owner_id: 0
+  repo_id: 1
+  deleted: 0
+
+-
+  id: 1004
+  uuid: "fb857e63-c0ce-4571-a6c9-fde26c128073"
+  name: "Global runner"
+  owner_id: 0
+  repo_id: 0
+  deleted: 0
diff --git a/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/repo_unit.yml b/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/repo_unit.yml
new file mode 100644
index 0000000000..84c2b7ad86
--- /dev/null
+++ b/tests/integration/fixtures/TestActionConcurrencyRunnerFiltering/repo_unit.yml
@@ -0,0 +1,6 @@
+-
+  id: 200
+  repo_id: 3
+  type: 10
+  config: "{}"
+  created_unix: 946684810
diff --git a/tests/integration/fixtures/TestPullEditable/issue.yml b/tests/integration/fixtures/TestPullEditable/issue.yml
new file mode 100644
index 0000000000..449a0b8f2b
--- /dev/null
+++ b/tests/integration/fixtures/TestPullEditable/issue.yml
@@ -0,0 +1,16 @@
+-
+  id: 23
+  repo_id: 10
+  index: 2
+  poster_id: 13
+  original_author_id: 0
+  name: pr2
+  content: a pull request
+  milestone_id: 0
+  priority: 0
+  is_closed: false
+  is_pull: true
+  num_comments: 0
+  created_unix: 946684820
+  updated_unix: 978307180
+  is_locked: false
diff --git a/tests/integration/fixtures/TestPullEditable/pull_request.yml b/tests/integration/fixtures/TestPullEditable/pull_request.yml
new file mode 100644
index 0000000000..f1b91a429c
--- /dev/null
+++ b/tests/integration/fixtures/TestPullEditable/pull_request.yml
@@ -0,0 +1,12 @@
+-
+  id: 11
+  type: 0 # gitea pull request
+  status: 2 # mergeable
+  issue_id: 23
+  index: 2
+  head_repo_id: 11
+  base_repo_id: 10
+  head_branch: branch2
+  base_branch: master
+  merge_base: 0abcb056019adb83
+  has_merged: false
diff --git a/tests/integration/forgejo_confirmation_repo_test.go b/tests/integration/forgejo_confirmation_repo_test.go
index 28d6777aea..985e99b2c7 100644
--- a/tests/integration/forgejo_confirmation_repo_test.go
+++ b/tests/integration/forgejo_confirmation_repo_test.go
@@ -9,7 +9,7 @@ import (
 	"testing"
 
 	"forgejo.org/modules/translation"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -53,7 +53,7 @@ func TestDangerZoneConfirmation(t *testing.T) {
 			})
 			session.MakeRequest(t, req, http.StatusSeeOther)
 
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Equal(t, "success%3DThis%2Brepository%2Bhas%2Bbeen%2Bmarked%2Bfor%2Btransfer%2Band%2Bawaits%2Bconfirmation%2Bfrom%2B%2522User%2BOne%2522", flashCookie.Value)
 		})
@@ -83,7 +83,7 @@ func TestDangerZoneConfirmation(t *testing.T) {
 			})
 			session.MakeRequest(t, req, http.StatusSeeOther)
 
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Equal(t, "success%3DThe%2Bfork%2Bhas%2Bbeen%2Bconverted%2Binto%2Ba%2Bregular%2Brepository.", flashCookie.Value)
 		})
@@ -116,7 +116,7 @@ func TestDangerZoneConfirmation(t *testing.T) {
 			})
 			session.MakeRequest(t, req, http.StatusSeeOther)
 
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Equal(t, "success%3DThe%2Brepository%2Bwiki%2527s%2Bbranch%2Bname%2Bhas%2Bbeen%2Bsuccessfully%2Bnormalized.", flashCookie.Value)
 		})
@@ -146,7 +146,7 @@ func TestDangerZoneConfirmation(t *testing.T) {
 			})
 			session.MakeRequest(t, req, http.StatusSeeOther)
 
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Equal(t, "success%3DThe%2Brepository%2Bwiki%2Bdata%2Bhas%2Bbeen%2Bdeleted.", flashCookie.Value)
 		})
@@ -176,7 +176,7 @@ func TestDangerZoneConfirmation(t *testing.T) {
 			})
 			session.MakeRequest(t, req, http.StatusSeeOther)
 
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Equal(t, "success%3DThe%2Brepository%2Bhas%2Bbeen%2Bdeleted.", flashCookie.Value)
 		})
diff --git a/tests/integration/forgejo_git_test.go b/tests/integration/forgejo_git_test.go
index 693d6d9209..28ee572b8d 100644
--- a/tests/integration/forgejo_git_test.go
+++ b/tests/integration/forgejo_git_test.go
@@ -25,7 +25,7 @@ import (
 )
 
 func TestActionsUserGit(t *testing.T) {
-	onGiteaRun(t, testActionsUserGit)
+	onApplicationRun(t, testActionsUserGit)
 }
 
 func NewActionsUserTestContext(t *testing.T, username, reponame string) APITestContext {
diff --git a/tests/integration/git_helper_for_declarative_test.go b/tests/integration/git_helper_for_declarative_test.go
index 5be5c6088c..1d8f44c8dc 100644
--- a/tests/integration/git_helper_for_declarative_test.go
+++ b/tests/integration/git_helper_for_declarative_test.go
@@ -62,7 +62,7 @@ func createSSHUrl(gitPath string, u *url.URL) *url.URL {
 
 var rootPathRe = regexp.MustCompile("\\[repository\\]\nROOT\\s=\\s.*")
 
-func onGiteaRun[T testing.TB](t T, callback func(T, *url.URL)) {
+func onApplicationRun[T testing.TB](t T, callback func(T, *url.URL)) {
 	defer tests.PrepareTestEnv(t, 1)()
 	s := http.Server{
 		Handler: testWebRoutes,
diff --git a/tests/integration/git_push_test.go b/tests/integration/git_push_test.go
index 977385ff6a..61e2a65f97 100644
--- a/tests/integration/git_push_test.go
+++ b/tests/integration/git_push_test.go
@@ -38,7 +38,7 @@ func forEachObjectFormat(t *testing.T, f func(t *testing.T, objectFormat git.Obj
 }
 
 func TestGitPush(t *testing.T) {
-	onGiteaRun(t, testGitPush)
+	onApplicationRun(t, testGitPush)
 }
 
 func testGitPush(t *testing.T, u *url.URL) {
@@ -205,7 +205,7 @@ func runTestGitPush(t *testing.T, u *url.URL, objectFormat git.ObjectFormat, git
 }
 
 func TestOptionsGitPush(t *testing.T) {
-	onGiteaRun(t, testOptionsGitPush)
+	onApplicationRun(t, testOptionsGitPush)
 }
 
 func testOptionsGitPush(t *testing.T, u *url.URL) {
diff --git a/tests/integration/git_smart_http_test.go b/tests/integration/git_smart_http_test.go
index 84de08751d..3608f9fd5b 100644
--- a/tests/integration/git_smart_http_test.go
+++ b/tests/integration/git_smart_http_test.go
@@ -24,7 +24,7 @@ import (
 )
 
 func TestGitSmartHTTP(t *testing.T) {
-	onGiteaRun(t, testGitSmartHTTP)
+	onApplicationRun(t, testGitSmartHTTP)
 }
 
 func testGitSmartHTTP(t *testing.T, u *url.URL) {
diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go
index fcd81cf6b2..f596f7b05f 100644
--- a/tests/integration/git_test.go
+++ b/tests/integration/git_test.go
@@ -34,7 +34,7 @@ import (
 	"forgejo.org/modules/lfs"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
@@ -49,11 +49,11 @@ const (
 )
 
 func TestGit(t *testing.T) {
-	onGiteaRun(t, testGit)
+	onApplicationRun(t, testGit)
 }
 
 func TestActionsTokenAuth(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 47})
 		task.GenerateToken()
 		actions_model.UpdateTask(db.DefaultContext, task)
@@ -495,7 +495,7 @@ func doProtectBranch(ctx APITestContext, branch string, addParameter ...paramete
 		req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/branches/edit", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame)), parameter)
 		ctx.Session.MakeRequest(t, req, http.StatusSeeOther)
 		// Check if master branch has been locked successfully
-		flashCookie := ctx.Session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie := ctx.Session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Equal(t, "success%3DBranch%2Bprotection%2Bfor%2Brule%2B%2522"+url.QueryEscape(branch)+"%2522%2Bhas%2Bbeen%2Bupdated.", flashCookie.Value)
 	}
@@ -1098,7 +1098,7 @@ func doCreateAgitFlowPull(dstPath string, ctx *APITestContext, headBranch string
 }
 
 func TestDataAsync_Issue29101(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index ac3c86e332..3ee6882e3b 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -41,7 +41,7 @@ import (
 	"forgejo.org/modules/web"
 	"forgejo.org/routers"
 	"forgejo.org/services/auth/source/remote"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/services/mailer"
 	user_service "forgejo.org/services/user"
 	"forgejo.org/tests"
@@ -297,7 +297,7 @@ func (s *TestSession) EnrollTOTP(t testing.TB) {
 	})
 	s.MakeRequest(t, req, http.StatusSeeOther)
 
-	flashCookie := s.GetCookie(gitea_context.CookieNameFlash)
+	flashCookie := s.GetCookie(app_context.CookieNameFlash)
 	assert.NotNil(t, flashCookie)
 	assert.Contains(t, flashCookie.Value, "success%3DYour%2Baccount%2Bhas%2Bbeen%2Bsuccessfully%2Benrolled.")
 }
@@ -522,7 +522,7 @@ func createApplicationSettingsToken(t testing.TB, session *TestSession, name str
 	// Log the flash values on failure
 	if !assert.Equal(t, []string{"/user/settings/applications"}, resp.Result().Header["Location"]) {
 		for _, cookie := range resp.Result().Cookies() {
-			if cookie.Name != gitea_context.CookieNameFlash {
+			if cookie.Name != app_context.CookieNameFlash {
 				continue
 			}
 			flash, _ := url.ParseQuery(cookie.Value)
@@ -668,7 +668,7 @@ func logUnexpectedResponse(t testing.TB, recorder *httptest.ResponseRecorder) {
 	if len(respBytes) == 0 {
 		// log the content of the flash cookie
 		for _, cookie := range recorder.Result().Cookies() {
-			if cookie.Name != gitea_context.CookieNameFlash {
+			if cookie.Name != app_context.CookieNameFlash {
 				continue
 			}
 			flash, _ := url.ParseQuery(cookie.Value)
diff --git a/tests/integration/issue_subscribe_test.go b/tests/integration/issue_subscribe_test.go
index 533526c388..bdd8c4eb27 100644
--- a/tests/integration/issue_subscribe_test.go
+++ b/tests/integration/issue_subscribe_test.go
@@ -13,7 +13,7 @@ import (
 )
 
 func TestIssueSubscribe(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := emptyTestSession(t)
 		testIssueSubscribe(t, *session, true)
 	})
diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go
index e203adf245..8f0add1819 100644
--- a/tests/integration/issue_test.go
+++ b/tests/integration/issue_test.go
@@ -86,6 +86,21 @@ func TestViewIssues(t *testing.T) {
 	assert.Equal(t, "Search issues…", placeholder)
 }
 
+func TestViewIssuesType(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	session := loginUser(t, user.Name)
+	req := NewRequest(t, "GET", repo.Link()+"/issues")
+	resp := session.MakeRequest(t, req, http.StatusOK)
+
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	issuesType := htmlDoc.doc.Find(".list-header-type > .menu .item[href*=\"type=all\"]").First()
+	assert.Equal(t, "All issues", issuesType.Text())
+}
+
 func TestViewIssuesSortByType(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
@@ -1305,7 +1320,7 @@ func TestIssueFilterNoFollow(t *testing.T) {
 }
 
 func TestIssueForm(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 		repo, _, f := tests.CreateDeclarativeRepo(t, user2, "",
@@ -1354,7 +1369,7 @@ body:
 }
 
 func TestIssueUnsubscription(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
 			AutoInit: optional.Some(false),
diff --git a/tests/integration/linguist_test.go b/tests/integration/linguist_test.go
index 85080c1d2e..efeaaabb98 100644
--- a/tests/integration/linguist_test.go
+++ b/tests/integration/linguist_test.go
@@ -24,7 +24,7 @@ import (
 )
 
 func TestLinguistSupport(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		/******************
 		 ** Preparations **
 		 ******************/
diff --git a/tests/integration/migrate_test.go b/tests/integration/migrate_test.go
index dc11101d97..75c4a4cfb3 100644
--- a/tests/integration/migrate_test.go
+++ b/tests/integration/migrate_test.go
@@ -59,7 +59,7 @@ func TestMigrateLocalPath(t *testing.T) {
 }
 
 func TestMigrate(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.AppVer, "1.16.0")()
 		require.NoError(t, migrations.Init())
@@ -115,7 +115,7 @@ func TestMigrate(t *testing.T) {
 }
 
 func TestMigrateWithWiki(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.AppVer, "1.16.0")()
 		require.NoError(t, migrations.Init())
@@ -174,7 +174,7 @@ func TestMigrateWithWiki(t *testing.T) {
 }
 
 func TestMigrateWithReleases(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.AppVer, "1.16.0")()
 		require.NoError(t, migrations.Init())
diff --git a/tests/integration/migration-test/migration_test.go b/tests/integration/migration-test/migration_test.go
index d62afbf0f7..04ed353edc 100644
--- a/tests/integration/migration-test/migration_test.go
+++ b/tests/integration/migration-test/migration_test.go
@@ -17,8 +17,8 @@ import (
 	"testing"
 
 	"forgejo.org/models/db"
-	"forgejo.org/models/migrations"
-	migrate_base "forgejo.org/models/migrations/base"
+	"forgejo.org/models/gitea_migrations"
+	migrate_base "forgejo.org/models/gitea_migrations/base"
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/charset"
@@ -262,7 +262,7 @@ func restoreOldDB(t *testing.T, version string) bool {
 
 func wrappedMigrate(x *xorm.Engine) error {
 	currentEngine = x
-	return migrations.Migrate(x)
+	return gitea_migrations.Migrate(x)
 }
 
 func doMigrationTest(t *testing.T, version string) {
diff --git a/tests/integration/mirror_push_test.go b/tests/integration/mirror_push_test.go
index 23bb550d9f..f9d931a76e 100644
--- a/tests/integration/mirror_push_test.go
+++ b/tests/integration/mirror_push_test.go
@@ -31,7 +31,7 @@ import (
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/translation"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	doctor "forgejo.org/services/doctor"
 	"forgejo.org/services/migrations"
 	mirror_service "forgejo.org/services/mirror"
@@ -84,7 +84,7 @@ func TestPushMirrorRedactCredential(t *testing.T) {
 }
 
 func TestMirrorPush(t *testing.T) {
-	onGiteaRun(t, testMirrorPush)
+	onApplicationRun(t, testMirrorPush)
 }
 
 func testMirrorPush(t *testing.T, u *url.URL) {
@@ -173,7 +173,7 @@ func doCreatePushMirror(ctx APITestContext, address, username, password string)
 		})
 		ctx.Session.MakeRequest(t, req, http.StatusSeeOther)
 
-		flashCookie := ctx.Session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie := ctx.Session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Contains(t, flashCookie.Value, "success")
 	}
@@ -194,7 +194,7 @@ func doCreatePushMirrorWithBranchFilter(ctx APITestContext, address, username, p
 		})
 		ctx.Session.MakeRequest(t, req, http.StatusSeeOther)
 
-		flashCookie := ctx.Session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie := ctx.Session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Contains(t, flashCookie.Value, "success")
 	}
@@ -215,7 +215,7 @@ func doRemovePushMirror(ctx APITestContext, address, username, password string,
 		})
 		ctx.Session.MakeRequest(t, req, http.StatusSeeOther)
 
-		flashCookie := ctx.Session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie := ctx.Session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Contains(t, flashCookie.Value, "success")
 	}
@@ -227,7 +227,7 @@ func TestSSHPushMirror(t *testing.T) {
 		t.Skip("SSH executable not present")
 	}
 
-	onGiteaRun(t, func(t *testing.T, _ *url.URL) {
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
 		defer test.MockVariableValue(&setting.SSH.RootPath, t.TempDir())()
@@ -308,7 +308,7 @@ func TestSSHPushMirror(t *testing.T) {
 				})
 				sess.MakeRequest(t, req, http.StatusSeeOther)
 
-				flashCookie := sess.GetCookie(gitea_context.CookieNameFlash)
+				flashCookie := sess.GetCookie(app_context.CookieNameFlash)
 				assert.NotNil(t, flashCookie)
 				assert.Contains(t, flashCookie.Value, "success")
 
@@ -389,7 +389,7 @@ func TestSSHPushMirror(t *testing.T) {
 }
 
 func TestPushMirrorBranchFilterWebUI(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
 		require.NoError(t, migrations.Init())
@@ -490,7 +490,7 @@ func TestPushMirrorBranchFilterWebUI(t *testing.T) {
 }
 
 func TestPushMirrorBranchFilterIntegration(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
 		require.NoError(t, migrations.Init())
@@ -579,7 +579,7 @@ func TestPushMirrorBranchFilterIntegration(t *testing.T) {
 }
 
 func TestPushMirrorSettings(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
 		require.NoError(t, migrations.Init())
@@ -615,7 +615,7 @@ func TestPushMirrorSettings(t *testing.T) {
 			})
 			sess.MakeRequest(t, req, http.StatusSeeOther)
 
-			flashCookie := sess.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Contains(t, flashCookie.Value, "success")
 		})
@@ -650,7 +650,7 @@ func TestPushMirrorSettings(t *testing.T) {
 			})
 			sess.MakeRequest(t, req, http.StatusSeeOther)
 
-			flashCookie := sess.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Contains(t, flashCookie.Value, "success")
 		})
@@ -658,7 +658,7 @@ func TestPushMirrorSettings(t *testing.T) {
 }
 
 func TestPushMirrorBranchFilterSyncOperations(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
 		require.NoError(t, migrations.Init())
@@ -892,7 +892,7 @@ func TestPushMirrorBranchFilterSyncOperations(t *testing.T) {
 }
 
 func TestPushMirrorWebUIToAPIIntegration(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
 		require.NoError(t, migrations.Init())
diff --git a/tests/integration/new_org_test.go b/tests/integration/new_org_test.go
index 5ea386573a..9159d86b69 100644
--- a/tests/integration/new_org_test.go
+++ b/tests/integration/new_org_test.go
@@ -15,7 +15,7 @@ import (
 )
 
 func TestNewOrganizationForm(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		locale := translation.NewLocale("en-US")
 
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index ebfd386ee0..e27201ac28 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -582,7 +582,7 @@ func TestSignInOAuthCallbackWithoutPKCEWhenUnsupported(t *testing.T) {
 }
 
 func TestSignInOAuthCallbackPKCE(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		// Setup authentication source
 		sourceName := "oidc"
 		authSource := addAuthSource(t, authSourcePayloadOpenIDConnect(sourceName, u.String()))
diff --git a/tests/integration/org_count_test.go b/tests/integration/org_count_test.go
index 93035c8e5b..35af738509 100644
--- a/tests/integration/org_count_test.go
+++ b/tests/integration/org_count_test.go
@@ -20,7 +20,7 @@ import (
 )
 
 func TestOrgCounts(t *testing.T) {
-	onGiteaRun(t, testOrgCounts)
+	onApplicationRun(t, testOrgCounts)
 }
 
 func testOrgCounts(t *testing.T, u *url.URL) {
diff --git a/tests/integration/org_profile_test.go b/tests/integration/org_profile_test.go
index 2cd80cc1de..381d11c95f 100644
--- a/tests/integration/org_profile_test.go
+++ b/tests/integration/org_profile_test.go
@@ -20,7 +20,7 @@ import (
 )
 
 func TestOrgProfile(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		checkReadme := func(t *testing.T, title, readmeFilename string, expectedCount int) {
 			t.Run(title, func(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()
diff --git a/tests/integration/patch_status_test.go b/tests/integration/patch_status_test.go
index c54cad91c4..ef34f34903 100644
--- a/tests/integration/patch_status_test.go
+++ b/tests/integration/patch_status_test.go
@@ -32,7 +32,7 @@ import (
 )
 
 func TestPatchStatus(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 
diff --git a/tests/integration/pathutils_test.go b/tests/integration/pathutils_test.go
new file mode 100644
index 0000000000..6d08372d55
--- /dev/null
+++ b/tests/integration/pathutils_test.go
@@ -0,0 +1,210 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+package integration
+
+import (
+	"testing"
+
+	"forgejo.org/services/repository/files"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSanitizePath(t *testing.T) {
+	tests := []struct {
+		name        string
+		input       string
+		expected    string
+		expectError bool
+	}{
+		// Valid paths
+		{
+			name:     "simple valid path",
+			input:    "folder/file.txt",
+			expected: "folder/file.txt",
+		},
+		{
+			name:     "single file",
+			input:    "file.txt",
+			expected: "file.txt",
+		},
+		{
+			name:     "nested path",
+			input:    "a/b/c/file.txt",
+			expected: "a/b/c/file.txt",
+		},
+
+		// Path normalization
+		{
+			name:     "backslash to forward slash",
+			input:    "folder\\file.txt",
+			expected: "folder/file.txt",
+		},
+		{
+			name:     "mixed separators",
+			input:    "folder\\subfolder/file.txt",
+			expected: "folder/subfolder/file.txt",
+		},
+		{
+			name:     "double separators",
+			input:    "folder//file.txt",
+			expected: "folder/file.txt",
+		},
+		{
+			name:     "trailing slash",
+			input:    "folder/file.txt/",
+			expected: "folder/file.txt",
+		},
+		{
+			name:     "dot segments",
+			input:    "folder/./file.txt",
+			expected: "folder/file.txt",
+		},
+		{
+			name:     "parent directory references",
+			input:    "folder/../other/file.txt",
+			expected: "other/file.txt",
+		},
+		{
+			name:     "< and >",
+			input:    "file<name>.txt",
+			expected: "file<name>.txt",
+		},
+		{
+			name:     ": and | and ? and *",
+			input:    "file:name|with?bad*chars.txt",
+			expected: "file:name|with?bad*chars.txt",
+		},
+		{
+			name:     "control characters",
+			input:    "file\x00\x01name.txt",
+			expected: "file\x00\x01name.txt",
+		},
+		{
+			name:     "only special characters",
+			input:    "<>:\"|?*",
+			expected: "<>:\"|?*",
+		},
+
+		// Character sanitization
+		{
+			name:     "quotes in filename",
+			input:    `file"name.txt`,
+			expected: "file\"name.txt",
+		},
+
+		// Whitespace handling
+		{
+			name:     "leading whitespace",
+			input:    " file.txt",
+			expected: "file.txt",
+		},
+		{
+			name:     "trailing whitespace",
+			input:    "file.txt ",
+			expected: "file.txt",
+		},
+		{
+			name:     "whitespace in path components",
+			input:    " folder / file.txt ",
+			expected: "folder/file.txt",
+		},
+
+		// Edge cases that should return errors
+		{
+			name:        "path starts with slash",
+			input:       "/folder/file.txt",
+			expectError: true,
+		},
+		{
+			name:        "empty string",
+			input:       "",
+			expectError: true,
+		},
+		{
+			name:        "only separators",
+			input:       "///",
+			expectError: true,
+		},
+		{
+			name:        "only whitespace",
+			input:       "   ",
+			expectError: true,
+		},
+		{
+			name:        "path that resolves to root",
+			input:       "../..",
+			expectError: true,
+		},
+		{
+			name:        "path that goes above root",
+			input:       "folder/../../..",
+			expectError: true,
+		},
+
+		// Complex combinations
+		{
+			name:     "complex path with multiple issues",
+			input:    "folder\\with:special|chars/normal_file.txt",
+			expected: "folder/with:special|chars/normal_file.txt",
+		},
+		{
+			name:     "unicode characters preserved",
+			input:    "folder/файл.txt",
+			expected: "folder/файл.txt",
+		},
+		{
+			name:     "dots and extensions",
+			input:    "file.name.with.dots.txt",
+			expected: "file.name.with.dots.txt",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result, err := files.SanitizePath(tt.input)
+
+			if tt.expectError {
+				require.Error(t, err, "expected error for input %q", tt.input)
+				return
+			}
+
+			require.NoError(t, err, "unexpected error for input %q", tt.input)
+			assert.Equal(t, tt.expected, result, "SanitizePath(%q) should return expected result", tt.input)
+		})
+	}
+}
+
+// TestSanitizePathErrorMessages tests that error messages are informative
+func TestSanitizePathErrorMessages(t *testing.T) {
+	tests := []struct {
+		name          string
+		input         string
+		expectedError string
+	}{
+		{
+			name:          "path starts with slash",
+			input:         "/test/path",
+			expectedError: "path starts with / : /test/path",
+		},
+		{
+			name:          "path that resolves to root",
+			input:         "../..",
+			expectedError: "path resolves to root or becomes empty after cleaning",
+		},
+		{
+			name:          "empty after sanitization",
+			input:         "",
+			expectedError: "path resolves to root or becomes empty after cleaning",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_, err := files.SanitizePath(tt.input)
+			require.Error(t, err, "expected error for input %q", tt.input)
+			assert.Equal(t, tt.expectedError, err.Error(), "error message for %q should match expected", tt.input)
+		})
+	}
+}
diff --git a/tests/integration/proctected_branch_test.go b/tests/integration/proctected_branch_test.go
index 5024b63c42..e7680e4017 100644
--- a/tests/integration/proctected_branch_test.go
+++ b/tests/integration/proctected_branch_test.go
@@ -19,7 +19,7 @@ import (
 )
 
 func TestProtectedBranch_AdminEnforcement(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "add-readme", "README.md", "WIP")
diff --git a/tests/integration/pull_commit_test.go b/tests/integration/pull_commit_test.go
index 1f9a6ffd22..562cbcb334 100644
--- a/tests/integration/pull_commit_test.go
+++ b/tests/integration/pull_commit_test.go
@@ -77,7 +77,7 @@ func TestPullCommitSignature(t *testing.T) {
 	fromBranch := "master"
 	toBranch := "branch-signed"
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		// Use a new GNUPGPHOME to avoid messing with the existing GPG keyring.
 		tmpDir := t.TempDir()
 		require.NoError(t, os.Chmod(tmpDir, 0o700))
diff --git a/tests/integration/pull_create_test.go b/tests/integration/pull_create_test.go
index 7af70b4e5c..16b05e0808 100644
--- a/tests/integration/pull_create_test.go
+++ b/tests/integration/pull_create_test.go
@@ -11,10 +11,12 @@ import (
 	"net/url"
 	"path"
 	"regexp"
+	"strconv"
 	"strings"
 	"testing"
 
 	"forgejo.org/models/db"
+	issues_model "forgejo.org/models/issues"
 	repo_model "forgejo.org/models/repo"
 	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
@@ -97,7 +99,7 @@ func testPullCreateDirectly(t *testing.T, session *TestSession, baseRepoOwner, b
 }
 
 func TestPullCreate(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")
@@ -121,11 +123,17 @@ func TestPullCreate(t *testing.T) {
 		assert.Regexp(t, "diff", resp.Body)
 		assert.Regexp(t, `Subject: \[PATCH\] Update README.md`, resp.Body)
 		assert.NotRegexp(t, "diff.*diff", resp.Body) // not two diffs, just one
+
+		// Check that mergebase is set.
+		index, err := strconv.ParseInt(url[strings.LastIndexByte(url, '/')+1:], 10, 64)
+		require.NoError(t, err)
+		pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: 1, HeadBranch: "master", BaseBranch: "master", Index: index})
+		assert.NotEmpty(t, pr.MergeBase)
 	})
 }
 
 func TestPullCreateWithPullTemplate(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		baseUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 		forkUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
@@ -226,7 +234,7 @@ func TestPullCreateWithPullTemplate(t *testing.T) {
 }
 
 func TestPullCreate_TitleEscape(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")
@@ -288,7 +296,7 @@ func testDeleteRepository(t *testing.T, session *TestSession, ownerName, repoNam
 }
 
 func TestPullBranchDelete(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testCreateBranch(t, session, "user1", "repo1", "branch/master", "master1", http.StatusSeeOther)
@@ -314,7 +322,7 @@ func TestPullBranchDelete(t *testing.T) {
 }
 
 func TestRecentlyPushed(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 
@@ -576,7 +584,7 @@ Test checks:
 Check if pull request can be created from base to the fork repository.
 */
 func TestPullCreatePrFromBaseToFork(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		sessionFork := loginUser(t, "user1")
 		testRepoFork(t, sessionFork, "user2", "repo1", "user1", "repo1")
 
@@ -591,3 +599,43 @@ func TestPullCreatePrFromBaseToFork(t *testing.T) {
 		assert.Regexp(t, "^/user1/repo1/pulls/[0-9]*$", url)
 	})
 }
+
+func TestPullCreatePrFromForkToFork(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		sessionFork1 := loginUser(t, "user1")
+		testRepoFork(t, sessionFork1, "user2", "repo1", "user1", "repo1")
+		sessionFork3 := loginUser(t, "user30")
+		testRepoFork(t, sessionFork3, "user2", "repo1", "user30", "repo1")
+
+		// Edit fork of user30
+		testEditFileToNewBranch(t, sessionFork3, "user30", "repo1", "master", "my-patch", "README.md", "Hello, World (Edited)\n")
+
+		// As user30, go to the PR page of the first fork, belonging to user1
+		req := NewRequest(t, "GET", path.Join("user1", "repo1", "pulls"))
+		resp := sessionFork3.MakeRequest(t, req, http.StatusOK)
+
+		// Check that the button to create PRs is enabled
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		defaultCompareLink, exists := htmlDoc.doc.Find(".new-pr-button").Attr("href")
+		assert.True(t, exists, "The template has changed")
+		assert.Regexp(t, "^/user1/repo1/compare/.*$", defaultCompareLink)
+
+		// The default compare page for the user1 fork should let us select a branch from our user30 fork
+		req = NewRequest(t, "GET", defaultCompareLink)
+		resp = sessionFork3.MakeRequest(t, req, http.StatusOK)
+		htmlDoc = NewHTMLParser(t, resp.Body)
+		ourCompareLink, exists := htmlDoc.doc.Find(".head-branch-list .item:contains('user30:my-patch')").Attr("data-url")
+		assert.True(t, exists, "The branch from our fork is not proposed in the /compare page of their fork")
+		assert.Equal(t, "/user1/repo1/compare/master...user30/repo1:my-patch", ourCompareLink)
+
+		// Go to the compare page for the branch we created, which should load fine
+		req = NewRequest(t, "GET", ourCompareLink)
+		sessionFork3.MakeRequest(t, req, http.StatusOK)
+
+		// Create a PR
+		resp = testPullCreateDirectly(t, sessionFork3, "user1", "repo1", "master", "user30", "repo1", "my-patch", "This is a pull title")
+		// check the redirected URL
+		url := test.RedirectURL(resp)
+		assert.Regexp(t, "^/user1/repo1/pulls/[0-9]*$", url)
+	})
+}
diff --git a/tests/integration/pull_diff_test.go b/tests/integration/pull_diff_test.go
index 0f28bbbd49..aca826d4ab 100644
--- a/tests/integration/pull_diff_test.go
+++ b/tests/integration/pull_diff_test.go
@@ -69,7 +69,7 @@ func doTestPRDiff(t *testing.T, prDiffURL string, expectedFilenames []string, ed
 }
 
 func TestPullDiff_AGitNotEditable(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 
diff --git a/tests/integration/pull_editable_test.go b/tests/integration/pull_editable_test.go
index f2e6f2f52c..c4fa1620ac 100644
--- a/tests/integration/pull_editable_test.go
+++ b/tests/integration/pull_editable_test.go
@@ -5,40 +5,48 @@ package integration
 
 import (
 	"net/http"
-	"net/url"
+	"strings"
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/unittest"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/modules/translation"
 	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestPullEditable_ShowEditableLabel(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, forgejoURL *url.URL) {
-		t.Run("Show editable label if PR is editable", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			editable := true
+	// This fixture loads a PR which is made from a different repository,
+	// and opened by the user who owns the fork (which is necessary for
+	// them to be allowed to set the PR as editable).
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestPullEditable")()
+	defer tests.PrepareTestEnv(t)()
 
-			setPREditable(t, editable)
-			testEditableLabelShown(t, editable)
-		})
+	t.Run("Show editable label if PR is editable", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		editable := true
 
-		t.Run("Don't show editable label if PR is not editable", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			editable := false
+		setPREditable(t, editable)
+		testEditableLabelShown(t, editable)
+	})
 
-			setPREditable(t, editable)
-			testEditableLabelShown(t, editable)
-		})
+	t.Run("Don't show editable label if PR is not editable", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		editable := false
+
+		setPREditable(t, editable)
+		testEditableLabelShown(t, editable)
 	})
 }
 
 func setPREditable(t *testing.T, editable bool) {
 	t.Helper()
-	session := loginUser(t, "user1")
+	session := loginUser(t, "user13")
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
-	req := NewRequestWithJSON(t, "PATCH", "/api/v1/repos/user2/repo1/pulls/3", &api.EditPullRequestOption{
+	req := NewRequestWithJSON(t, "PATCH", "/api/v1/repos/user12/repo10/pulls/2", &api.EditPullRequestOption{
 		AllowMaintainerEdit: &editable,
 	}).AddTokenAuth(token)
 	session.MakeRequest(t, req, http.StatusCreated)
@@ -46,9 +54,17 @@ func setPREditable(t *testing.T, editable bool) {
 
 func testEditableLabelShown(t *testing.T, expectLabel bool) {
 	t.Helper()
-	session := loginUser(t, "user2")
-	req := NewRequest(t, "GET", "/user2/repo1/pulls/3")
+	session := loginUser(t, "user12")
+	req := NewRequest(t, "GET", "/user12/repo10/pulls/2")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc := NewHTMLParser(t, resp.Body)
 	htmlDoc.AssertElement(t, "#editable-label", expectLabel)
+	locale := translation.NewLocale("en-US")
+	if expectLabel {
+		sidebarText := htmlDoc.Find(".issue-content-right span.maintainers-can-edit-status").First().Text()
+		assert.Equal(t, locale.TrString("repo.pulls.maintainers_can_edit"), strings.TrimSpace(sidebarText))
+	} else {
+		sidebarText := htmlDoc.Find(".issue-content-right span.maintainers-can-edit-status").First().Text()
+		assert.Equal(t, locale.TrString("repo.pulls.maintainers_cannot_edit"), strings.TrimSpace(sidebarText))
+	}
 }
diff --git a/tests/integration/pull_icon_test.go b/tests/integration/pull_icon_test.go
index 9ab8f244cf..fbd87a7234 100644
--- a/tests/integration/pull_icon_test.go
+++ b/tests/integration/pull_icon_test.go
@@ -30,7 +30,7 @@ import (
 )
 
 func TestPullRequestIcons(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 		repo, _, f := tests.CreateDeclarativeRepo(t, user, "pr-icons", []unit_model.Type{unit_model.TypeCode, unit_model.TypePullRequests}, nil, nil)
 		defer f()
diff --git a/tests/integration/pull_merge_test.go b/tests/integration/pull_merge_test.go
index b8923dd6f4..e7ef680f3c 100644
--- a/tests/integration/pull_merge_test.go
+++ b/tests/integration/pull_merge_test.go
@@ -133,7 +133,7 @@ func retrieveHookTasks(t *testing.T, hookID int64, activateWebhook bool) []*webh
 }
 
 func TestPullMerge(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		hookTasks := retrieveHookTasks(t, 1, true)
 		hookTasksLenBefore := len(hookTasks)
 
@@ -153,7 +153,7 @@ func TestPullMerge(t *testing.T) {
 }
 
 func TestPullRebase(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		hookTasks := retrieveHookTasks(t, 1, true)
 		hookTasksLenBefore := len(hookTasks)
 
@@ -173,7 +173,7 @@ func TestPullRebase(t *testing.T) {
 }
 
 func TestPullRebaseMerge(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		hookTasks := retrieveHookTasks(t, 1, true)
 		hookTasksLenBefore := len(hookTasks)
 
@@ -193,7 +193,7 @@ func TestPullRebaseMerge(t *testing.T) {
 }
 
 func TestPullSquash(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		hookTasks := retrieveHookTasks(t, 1, true)
 		hookTasksLenBefore := len(hookTasks)
 
@@ -214,7 +214,7 @@ func TestPullSquash(t *testing.T) {
 }
 
 func TestPullCleanUpAfterMerge(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "feature/test", "README.md", "Hello, World (Edited - TestPullCleanUpAfterMerge)\n")
@@ -249,7 +249,7 @@ func TestPullCleanUpAfterMerge(t *testing.T) {
 }
 
 func TestCantMergeWorkInProgress(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")
@@ -268,7 +268,7 @@ func TestCantMergeWorkInProgress(t *testing.T) {
 }
 
 func TestCantMergeConflict(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "conflict", "README.md", "Hello, World (Edited Once)\n")
@@ -338,7 +338,7 @@ func TestCantMergeConflict(t *testing.T) {
 }
 
 func TestCantMergeUnrelated(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "base", "README.md", "Hello, World (Edited Twice)\n")
@@ -433,7 +433,7 @@ func TestCantMergeUnrelated(t *testing.T) {
 }
 
 func TestFastForwardOnlyMerge(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "update", "README.md", "Hello, World 2\n")
@@ -474,7 +474,7 @@ func TestFastForwardOnlyMerge(t *testing.T) {
 }
 
 func TestCantFastForwardOnlyMergeDiverging(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "diverging", "README.md", "Hello, World diverged\n")
@@ -517,7 +517,7 @@ func TestCantFastForwardOnlyMergeDiverging(t *testing.T) {
 }
 
 func TestPullRetargetChildOnBranchDelete(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testEditFileToNewBranch(t, session, "user2", "repo1", "master", "base-pr", "README.md", "Hello, World\n(Edited - TestPullRetargetOnCleanup - base PR)\n")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
@@ -547,7 +547,7 @@ func TestPullRetargetChildOnBranchDelete(t *testing.T) {
 }
 
 func TestPullDontRetargetChildOnWrongRepo(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "base-pr", "README.md", "Hello, World\n(Edited - TestPullDontRetargetChildOnWrongRepo - base PR)\n")
@@ -577,7 +577,7 @@ func TestPullDontRetargetChildOnWrongRepo(t *testing.T) {
 }
 
 func TestPullMergeIndexerNotifier(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		// create a pull request
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
@@ -650,7 +650,7 @@ func testResetRepo(t *testing.T, repoPath, branch, commitID string) {
 }
 
 func TestPullMergeBranchProtect(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		admin := "user1"
 		owner := "user5"
 		notOwner := "user4"
@@ -925,7 +925,7 @@ func testPullAutoMergeAfterCommitStatusSucceed(t *testing.T, ctx APITestContext,
 }
 
 func TestPullAutoMergeAfterCommitStatusSucceed(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		for _, testCase := range []struct {
 			name         string
 			forkName     string
@@ -981,7 +981,7 @@ func TestPullAutoMergeAfterCommitStatusSucceed(t *testing.T) {
 }
 
 func TestPullAutoMergeAfterCommitStatusSucceedAndApprovalForAgitFlow(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		// create a pull request
 		baseAPITestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
 
@@ -1106,7 +1106,7 @@ func TestPullAutoMergeAfterCommitStatusSucceedAndApprovalForAgitFlow(t *testing.
 }
 
 func TestPullDeleteBranchPerms(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		user2Session := loginUser(t, "user2")
 		user4Session := loginUser(t, "user4")
 		testRepoFork(t, user4Session, "user2", "repo1", "user4", "repo1")
@@ -1138,7 +1138,7 @@ func TestPullDeleteBranchPerms(t *testing.T) {
 
 // Test that rebasing only happens when its necessary.
 func TestRebaseWhenNecessary(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 
diff --git a/tests/integration/pull_reopen_test.go b/tests/integration/pull_reopen_test.go
index cf95f6b730..937bc4c2ac 100644
--- a/tests/integration/pull_reopen_test.go
+++ b/tests/integration/pull_reopen_test.go
@@ -20,7 +20,7 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/translation"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	issue_service "forgejo.org/services/issue"
 	pull_service "forgejo.org/services/pull"
 	repo_service "forgejo.org/services/repository"
@@ -32,7 +32,7 @@ import (
 )
 
 func TestPullrequestReopen(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		org26 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 26})
 
@@ -152,7 +152,7 @@ func TestPullrequestReopen(t *testing.T) {
 			})
 			session.MakeRequest(t, req, http.StatusOK)
 
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Contains(t, flashCookie.Value, "success%3DBranch%2B%2522"+branchName+"%2522%2Bhas%2Bbeen%2Brestored.")
 		}
@@ -166,7 +166,7 @@ func TestPullrequestReopen(t *testing.T) {
 			})
 			session.MakeRequest(t, req, http.StatusOK)
 
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Contains(t, flashCookie.Value, "success%3DBranch%2B%2522"+branchName+"%2522%2Bhas%2Bbeen%2Bdeleted.")
 		}
diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
index 131e8537c7..ea1c9a1be2 100644
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@@ -72,7 +72,7 @@ func loadComment(t *testing.T, commentID string) *issues_model.Comment {
 }
 
 func TestPullView_SelfReviewNotification(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		user1Session := loginUser(t, "user1")
 		user2Session := loginUser(t, "user2")
 
@@ -349,7 +349,7 @@ func TestPullView_ResolveInvalidatedReviewComment(t *testing.T) {
 }
 
 func TestPullView_CodeOwner(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 		repo, _, f := tests.CreateDeclarativeRepo(t, user2, "test_codeowner", nil, nil, []*files_service.ChangeRepoFile{
@@ -448,7 +448,7 @@ func TestPullView_CodeOwner(t *testing.T) {
 }
 
 func TestPullView_GivenApproveOrRejectReviewOnClosedPR(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		user1Session := loginUser(t, "user1")
 		user2Session := loginUser(t, "user2")
 
@@ -582,7 +582,7 @@ func TestPullReview_OldLatestCommitId(t *testing.T) {
 }
 
 func TestPullReviewInArchivedRepo(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user2")
 
 		// Open a PR
@@ -821,7 +821,7 @@ func updateFileInBranch(user *user_model.User, repo *repo_model.Repository, tree
 }
 
 func TestPullRequestStaleReview(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 
diff --git a/tests/integration/pull_status_test.go b/tests/integration/pull_status_test.go
index 9786c559ea..f0b90ff4d6 100644
--- a/tests/integration/pull_status_test.go
+++ b/tests/integration/pull_status_test.go
@@ -21,7 +21,7 @@ import (
 )
 
 func TestPullCreate_CommitStatus(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "status1", "README.md", "status1")
@@ -120,7 +120,7 @@ func TestPullCreate_EmptyChangesWithDifferentCommits(t *testing.T) {
 	// Reason: gitflow and merging master back into develop, where is high possibility, there are no changes
 	// but just commit saying "Merge branch". And this meta commit can be also tagged,
 	// so we need to have this meta commit also in develop branch.
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "status1", "README.md", "status1")
@@ -145,7 +145,7 @@ func TestPullCreate_EmptyChangesWithDifferentCommits(t *testing.T) {
 }
 
 func TestPullCreate_EmptyChangesWithSameCommits(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testCreateBranch(t, session, "user1", "repo1", "branch/master", "status1", http.StatusSeeOther)
diff --git a/tests/integration/pull_summary_test.go b/tests/integration/pull_summary_test.go
index 75c12720bf..d5e751bf80 100644
--- a/tests/integration/pull_summary_test.go
+++ b/tests/integration/pull_summary_test.go
@@ -14,7 +14,7 @@ import (
 )
 
 func TestPullSummaryCommits(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		testUser := "user2"
 		testRepo := "repo1"
 		branchOld := "master"
diff --git a/tests/integration/pull_test.go b/tests/integration/pull_test.go
index 8ff715a1b5..b4a575d808 100644
--- a/tests/integration/pull_test.go
+++ b/tests/integration/pull_test.go
@@ -30,6 +30,21 @@ func TestViewPulls(t *testing.T) {
 	assert.Equal(t, "Search pulls…", placeholder)
 }
 
+func TestViewPullsType(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	session := loginUser(t, user.Name)
+	req := NewRequest(t, "GET", repo.Link()+"/pulls")
+	resp := session.MakeRequest(t, req, http.StatusOK)
+
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	pullsType := htmlDoc.doc.Find(".list-header-type > .menu .item[href*=\"type=all\"]").First()
+	assert.Equal(t, "All pull requests", pullsType.Text())
+}
+
 func TestPullViewConversation(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
diff --git a/tests/integration/pull_update_test.go b/tests/integration/pull_update_test.go
index 692699d24f..ad117355e5 100644
--- a/tests/integration/pull_update_test.go
+++ b/tests/integration/pull_update_test.go
@@ -30,7 +30,7 @@ import (
 )
 
 func TestAPIPullUpdate(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		// Create PR to test
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		org26 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 26})
@@ -59,7 +59,7 @@ func TestAPIPullUpdate(t *testing.T) {
 }
 
 func TestAPIPullUpdateByRebase(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		// Create PR to test
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		org26 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 26})
@@ -88,7 +88,7 @@ func TestAPIPullUpdateByRebase(t *testing.T) {
 }
 
 func TestAPIViewUpdateSettings(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		// Create PR to test
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		org26 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 26})
@@ -122,13 +122,13 @@ func TestAPIViewUpdateSettings(t *testing.T) {
 }
 
 func TestViewPullUpdateByMerge(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		testViewPullUpdate(t, "merge")
 	})
 }
 
 func TestViewPullUpdateByRebase(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		testViewPullUpdate(t, "rebase")
 	})
 }
@@ -273,7 +273,7 @@ func createOutdatedPR(t *testing.T, actor, forkOrg *user_model.User) *issues_mod
 }
 
 func TestStatusDuringUpdate(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user2")
 
 		// Adjust this pull request to be in the conflict checker and having a head
diff --git a/tests/integration/pull_wip_convert_test.go b/tests/integration/pull_wip_convert_test.go
index 935636bd7f..ef63d8751c 100644
--- a/tests/integration/pull_wip_convert_test.go
+++ b/tests/integration/pull_wip_convert_test.go
@@ -14,7 +14,7 @@ import (
 )
 
 func TestPullWIPConvertSidebar(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		testRepo := "repo1"
 		branchOld := "master"
 		branchNew := "wip"
diff --git a/tests/integration/quota_use_test.go b/tests/integration/quota_use_test.go
index 105c2305d0..29a4972651 100644
--- a/tests/integration/quota_use_test.go
+++ b/tests/integration/quota_use_test.go
@@ -35,7 +35,7 @@ import (
 )
 
 func TestWebQuotaEnforcementRepoMigrate(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -48,7 +48,7 @@ func TestWebQuotaEnforcementRepoMigrate(t *testing.T) {
 }
 
 func TestWebQuotaEnforcementRepoCreate(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -57,7 +57,7 @@ func TestWebQuotaEnforcementRepoCreate(t *testing.T) {
 }
 
 func TestWebQuotaEnforcementRepoFork(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -69,7 +69,7 @@ func TestWebQuotaEnforcementRepoFork(t *testing.T) {
 }
 
 func TestWebQuotaEnforcementIssueAttachment(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -94,7 +94,7 @@ func TestWebQuotaEnforcementIssueAttachment(t *testing.T) {
 }
 
 func TestWebQuotaEnforcementMirrorSync(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -115,7 +115,7 @@ func TestWebQuotaEnforcementMirrorSync(t *testing.T) {
 }
 
 func TestWebQuotaEnforcementRepoContentEditing(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -164,7 +164,7 @@ func TestWebQuotaEnforcementRepoContentEditing(t *testing.T) {
 }
 
 func TestWebQuotaEnforcementRepoBranches(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -227,7 +227,7 @@ func TestWebQuotaEnforcementRepoBranches(t *testing.T) {
 }
 
 func TestWebQuotaEnforcementRepoReleases(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -262,7 +262,7 @@ func TestWebQuotaEnforcementRepoReleases(t *testing.T) {
 }
 
 func TestWebQuotaEnforcementRepoPulls(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -300,7 +300,7 @@ func TestWebQuotaEnforcementRepoPulls(t *testing.T) {
 }
 
 func TestWebQuotaEnforcementRepoTransfer(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -366,7 +366,7 @@ func TestWebQuotaEnforcementRepoTransfer(t *testing.T) {
 }
 
 func TestGitQuotaEnforcement(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
@@ -549,7 +549,7 @@ func TestGitQuotaEnforcement(t *testing.T) {
 }
 
 func TestQuotaConfigDefault(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		env := createQuotaWebEnv(t)
 		defer env.Cleanup()
 
diff --git a/tests/integration/release_test.go b/tests/integration/release_test.go
index 8e2ec20c76..ca975fb132 100644
--- a/tests/integration/release_test.go
+++ b/tests/integration/release_test.go
@@ -357,14 +357,46 @@ func TestDownloadReleaseAttachment(t *testing.T) {
 
 	url := repo.Link() + "/releases/download/v1.1/README.md"
 
+	// user2/repo2 is private and can't be accessed anonymously
 	req := NewRequest(t, "GET", url)
 	MakeRequest(t, req, http.StatusNotFound)
 
+	// But the owner can access it
 	req = NewRequest(t, "GET", url)
 	session := loginUser(t, "user2")
 	session.MakeRequest(t, req, http.StatusOK)
 }
 
+func TestReleaseAttachmentDownloadCounter(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	tests.PrepareAttachmentsStorage(t)
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
+	session := loginUser(t, "user2")
+	zipAttachmentLink := fmt.Sprintf("%s/archive/v1.1.zip", repo.Link())
+	gzAttachmentLink := fmt.Sprintf("%s/archive/v1.1.tar.gz", repo.Link())
+	counterSelector := "details.download > ul > li:has(a[href='%s']) span"
+
+	// Assert zero downloads initially
+	doc := NewHTMLParser(t, session.MakeRequest(t, NewRequest(t, "GET", fmt.Sprintf("%s/releases", repo.Link())), http.StatusOK).Body)
+	zipDownloads := doc.Find(fmt.Sprintf(counterSelector, zipAttachmentLink)).Text()
+	gzDownloads := doc.Find(fmt.Sprintf(counterSelector, gzAttachmentLink)).Text()
+	assert.Contains(t, zipDownloads, "0 downloads")
+	assert.Contains(t, gzDownloads, "0 downloads")
+
+	// Generate downloads
+	session.MakeRequest(t, NewRequest(t, "GET", zipAttachmentLink), http.StatusOK)
+	session.MakeRequest(t, NewRequest(t, "GET", gzAttachmentLink), http.StatusOK)
+	session.MakeRequest(t, NewRequest(t, "GET", gzAttachmentLink), http.StatusOK)
+
+	// Check the new numbers
+	doc = NewHTMLParser(t, session.MakeRequest(t, NewRequest(t, "GET", fmt.Sprintf("%s/releases", repo.Link())), http.StatusOK).Body)
+	zipDownloads = doc.Find(fmt.Sprintf(counterSelector, zipAttachmentLink)).Text()
+	gzDownloads = doc.Find(fmt.Sprintf(counterSelector, gzAttachmentLink)).Text()
+	assert.Contains(t, zipDownloads, "1 download")
+	assert.Contains(t, gzDownloads, "2 downloads")
+}
+
 func TestReleaseHideArchiveLinksUI(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
diff --git a/tests/integration/rename_branch_test.go b/tests/integration/rename_branch_test.go
index 2029a3732b..6b186e38f2 100644
--- a/tests/integration/rename_branch_test.go
+++ b/tests/integration/rename_branch_test.go
@@ -11,14 +11,14 @@ import (
 	git_model "forgejo.org/models/git"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
 )
 
 func TestRenameBranch(t *testing.T) {
-	onGiteaRun(t, testRenameBranch)
+	onApplicationRun(t, testRenameBranch)
 }
 
 func testRenameBranch(t *testing.T, u *url.URL) {
@@ -105,7 +105,7 @@ func testRenameBranch(t *testing.T, u *url.URL) {
 			"to":    "branch1",
 		})
 		session.MakeRequest(t, req, http.StatusSeeOther)
-		flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Contains(t, flashCookie.Value, "error")
 
@@ -133,7 +133,7 @@ func testRenameBranch(t *testing.T, u *url.URL) {
 		})
 		session.MakeRequest(t, req, http.StatusSeeOther)
 
-		flashCookie = session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie = session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Contains(t, flashCookie.Value, "success")
 
@@ -163,7 +163,7 @@ func testRenameBranch(t *testing.T, u *url.URL) {
 		})
 		session.MakeRequest(t, req, http.StatusSeeOther)
 
-		flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Equal(t, "error%3DCannot%2Brename%2Bbranch%2Bmain2%2Bbecause%2Bit%2Bis%2Ba%2Bprotected%2Bbranch.", flashCookie.Value)
 
diff --git a/tests/integration/repo_activity_test.go b/tests/integration/repo_activity_test.go
index 967a55cad6..e30f92daa3 100644
--- a/tests/integration/repo_activity_test.go
+++ b/tests/integration/repo_activity_test.go
@@ -1,4 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package integration
@@ -27,7 +28,7 @@ import (
 )
 
 func TestRepoActivity(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 
 		// Create PRs (1 merged & 2 proposed)
@@ -75,6 +76,9 @@ func TestRepoActivity(t *testing.T) {
 		assert.Equal(t, []string{"Pre-release", "Release", "Tag"}, labels)
 		assert.Equal(t, []string{"", "v0.1 Pre-release", "v1 Release"}, titles)
 
+		// Active pull requests
+		assert.Contains(t, htmlDoc.Find(".grid .column:first-child").Text(), "3 active pull requests")
+
 		// Should be 1 merged pull request
 		list = htmlDoc.doc.Find("#merged-pull-requests").Next().Find("p.desc")
 		assert.Len(t, list.Nodes, 1)
@@ -85,6 +89,9 @@ func TestRepoActivity(t *testing.T) {
 		assert.Len(t, list.Nodes, 2)
 		assert.Equal(t, "Proposed", list.Find(".label").First().Text())
 
+		// Active issues
+		assert.Contains(t, htmlDoc.Find(".grid .column:last-child").Text(), "3 active issues")
+
 		// Should be 0 closed issues
 		list = htmlDoc.doc.Find("#closed-issues").Next().Find("p.desc")
 		assert.Empty(t, list.Nodes)
diff --git a/tests/integration/repo_archive_test.go b/tests/integration/repo_archive_test.go
index f0ffedfd9b..e5f5c5be0f 100644
--- a/tests/integration/repo_archive_test.go
+++ b/tests/integration/repo_archive_test.go
@@ -46,7 +46,7 @@ func TestRepoDownloadArchive(t *testing.T) {
 }
 
 func TestRepoDownloadArchiveSubdir(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		defer test.MockVariableValue(&setting.EnableGzip, true)()
 		defer test.MockVariableValue(&web.GzipMinSize, 10)()
 		defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
diff --git a/tests/integration/repo_archive_text_test.go b/tests/integration/repo_archive_text_test.go
index db133ce7d7..e8343f3fef 100644
--- a/tests/integration/repo_archive_text_test.go
+++ b/tests/integration/repo_archive_text_test.go
@@ -20,7 +20,7 @@ import (
 )
 
 func TestArchiveText(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		testUser := "user2"
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: testUser})
 		session := loginUser(t, testUser)
diff --git a/tests/integration/repo_badges_test.go b/tests/integration/repo_badges_test.go
index 928a9975fe..e4a62d8cfc 100644
--- a/tests/integration/repo_badges_test.go
+++ b/tests/integration/repo_badges_test.go
@@ -31,7 +31,7 @@ import (
 )
 
 func TestBadges(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		prep := func(t *testing.T) (*repo_model.Repository, func()) {
 			owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
diff --git a/tests/integration/repo_branch_test.go b/tests/integration/repo_branch_test.go
index 3cb6e42c89..1b12180eca 100644
--- a/tests/integration/repo_branch_test.go
+++ b/tests/integration/repo_branch_test.go
@@ -46,7 +46,7 @@ func testCreateBranch(t testing.TB, session *TestSession, user, repo, oldRefSubU
 }
 
 func TestCreateBranch(t *testing.T) {
-	onGiteaRun(t, testCreateBranches)
+	onApplicationRun(t, testCreateBranches)
 }
 
 func testCreateBranches(t *testing.T, giteaURL *url.URL) {
@@ -161,7 +161,7 @@ func TestCreateBranchInvalidCSRF(t *testing.T) {
 }
 
 func TestDatabaseMissingABranch(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, URL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, URL *url.URL) {
 		session := loginUser(t, "user2")
 
 		// Create two branches
@@ -206,7 +206,7 @@ func TestDatabaseMissingABranch(t *testing.T) {
 }
 
 func TestCreateBranchButtonVisibility(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")
 
 		t.Run("Check create branch button", func(t *testing.T) {
diff --git a/tests/integration/repo_citation_test.go b/tests/integration/repo_citation_test.go
index 5651ac3db3..7a3251d987 100644
--- a/tests/integration/repo_citation_test.go
+++ b/tests/integration/repo_citation_test.go
@@ -20,7 +20,7 @@ import (
 )
 
 func TestCitation(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 
 		session := loginUser(t, user.LoginName)
diff --git a/tests/integration/repo_fork_test.go b/tests/integration/repo_fork_test.go
index c986164b50..cb8f398257 100644
--- a/tests/integration/repo_fork_test.go
+++ b/tests/integration/repo_fork_test.go
@@ -75,7 +75,7 @@ func testRepoForkLegacyRedirect(t *testing.T, session *TestSession, ownerName, r
 }
 
 func TestRepoFork(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user5"})
 		session := loginUser(t, user5.Name)
 
@@ -210,7 +210,7 @@ func TestRepoFork(t *testing.T) {
 }
 
 func TestRepoForkToOrg(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user2")
 		org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"})
 
@@ -243,7 +243,7 @@ func TestRepoForkToOrg(t *testing.T) {
 func TestForkListPrivateRepo(t *testing.T) {
 	forkItemSelector := ".tw-flex.tw-items-center.tw-py-2"
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user5")
 		org23 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 23, Visibility: structs.VisibleTypePrivate})
 
diff --git a/tests/integration/repo_generate_test.go b/tests/integration/repo_generate_test.go
index 44987c14b0..6a61e36668 100644
--- a/tests/integration/repo_generate_test.go
+++ b/tests/integration/repo_generate_test.go
@@ -224,7 +224,7 @@ func TestRepoCreateFormTrimSpace(t *testing.T) {
 }
 
 func TestRepoGenerateTemplating(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		input := `# $REPO_NAME
 	This is a Repo By $REPO_OWNER
 	ThisIsThe${REPO_NAME}InAnInlineWay`
diff --git a/tests/integration/repo_git_note_test.go b/tests/integration/repo_git_note_test.go
index e6b23754db..34c22ae3c0 100644
--- a/tests/integration/repo_git_note_test.go
+++ b/tests/integration/repo_git_note_test.go
@@ -11,7 +11,7 @@ import (
 )
 
 func TestRepoModifyGitNotes(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		session := loginUser(t, "user2")
 
 		req := NewRequest(t, "GET", "/user2/repo1/commit/65f1bf27bc3bf70f64657658635e66094edbcb4d")
@@ -46,7 +46,7 @@ func TestRepoModifyGitNotes(t *testing.T) {
 }
 
 func TestRepoGitNotesButtonsVisible(t *testing.T) {
-	onGiteaRun(t, func(*testing.T, *url.URL) {
+	onApplicationRun(t, func(*testing.T, *url.URL) {
 		t.Run("With Permission", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
diff --git a/tests/integration/repo_issue_title_test.go b/tests/integration/repo_issue_title_test.go
index 587db43223..a722ef5610 100644
--- a/tests/integration/repo_issue_title_test.go
+++ b/tests/integration/repo_issue_title_test.go
@@ -26,7 +26,7 @@ import (
 )
 
 func TestIssueTitles(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 		repo, _, f := tests.CreateDeclarativeRepo(t, user, "issue-titles", nil, nil, nil)
 		defer f()
diff --git a/tests/integration/repo_migrate_credentials_test.go b/tests/integration/repo_migrate_credentials_test.go
index b63ca9b29e..ed0d798ec7 100644
--- a/tests/integration/repo_migrate_credentials_test.go
+++ b/tests/integration/repo_migrate_credentials_test.go
@@ -21,7 +21,7 @@ import (
 )
 
 func TestRepoMigrateWithCredentials(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
 		require.NoError(t, migrations.Init())
 
diff --git a/tests/integration/repo_settings_test.go b/tests/integration/repo_settings_test.go
index 6b467d78b2..e3a1dede4d 100644
--- a/tests/integration/repo_settings_test.go
+++ b/tests/integration/repo_settings_test.go
@@ -16,7 +16,7 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	repo_service "forgejo.org/services/repository"
 	user_service "forgejo.org/services/user"
 	"forgejo.org/tests"
@@ -298,7 +298,7 @@ func TestProtectedBranch(t *testing.T) {
 			"require_signed_": "true",
 		})
 		session.MakeRequest(t, req, http.StatusSeeOther)
-		flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
 		assert.NotNil(t, flashCookie)
 		assert.Equal(t, "error%3DThere%2Bis%2Balready%2Ba%2Brule%2Bfor%2Bthis%2Bset%2Bof%2Bbranches", flashCookie.Value)
 
diff --git a/tests/integration/repo_sync_fork_test.go b/tests/integration/repo_sync_fork_test.go
index fb08a69d8b..46730641ce 100644
--- a/tests/integration/repo_sync_fork_test.go
+++ b/tests/integration/repo_sync_fork_test.go
@@ -77,25 +77,25 @@ func syncForkTest(t *testing.T, forkName, branchName string, webSync bool) {
 }
 
 func TestAPIRepoSyncForkDefault(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		syncForkTest(t, "SyncForkDefault", "master", false)
 	})
 }
 
 func TestAPIRepoSyncForkBranch(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		syncForkTest(t, "SyncForkBranch", "master", false)
 	})
 }
 
 func TestWebRepoSyncForkBranch(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		syncForkTest(t, "SyncForkBranch", "master", true)
 	})
 }
 
 func TestWebRepoSyncForkHomepage(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		baseRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 		baseOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: baseRepo.OwnerID})
 		baseOwnerSession := loginUser(t, baseOwner.Name)
diff --git a/tests/integration/repo_tag_test.go b/tests/integration/repo_tag_test.go
index b119f5d917..972a51089b 100644
--- a/tests/integration/repo_tag_test.go
+++ b/tests/integration/repo_tag_test.go
@@ -86,7 +86,7 @@ func TestTagViewWithoutRelease(t *testing.T) {
 }
 
 func TestCreateNewTagProtected(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
@@ -155,7 +155,7 @@ func TestCreateNewTagProtected(t *testing.T) {
 }
 
 func TestSyncRepoTags(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
@@ -193,7 +193,7 @@ func TestSyncRepoTags(t *testing.T) {
 }
 
 func TestRepushTag(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 		session := loginUser(t, owner.LowerName)
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index f8b926e8be..bd5900070d 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -722,7 +722,7 @@ func TestViewCommitSignature(t *testing.T) {
 	fromBranch := "master"
 	toBranch := "branch-signed"
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		// Use a new GNUPGPHOME to avoid messing with the existing GPG keyring.
 		tmpDir := t.TempDir()
 		require.NoError(t, os.Chmod(tmpDir, 0o700))
@@ -931,7 +931,7 @@ func TestRepoHomeViewRedirect(t *testing.T) {
 }
 
 func TestRepoFilesList(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 		// create the repo
@@ -1492,7 +1492,7 @@ func TestRepoIssueFilterLinks(t *testing.T) {
 }
 
 func TestRepoSubmoduleView(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		repo, _, f := tests.CreateDeclarativeRepo(t, user2, "", []unit_model.Type{unit_model.TypeCode}, nil, nil)
 		defer f()
diff --git a/tests/integration/repo_view_test.go b/tests/integration/repo_view_test.go
index 7ea4aeb4c6..ce24aca16a 100644
--- a/tests/integration/repo_view_test.go
+++ b/tests/integration/repo_view_test.go
@@ -62,7 +62,7 @@ func createRepoAndGetContext(t *testing.T, files []string, deleteMdReadme bool)
 }
 
 func TestRepoView_FindReadme(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		t.Run("PrioOneLocalizedMdReadme", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			ctx, f := createRepoAndGetContext(t, []string{"README.en.md", "README.en.org", "README.org", "README.txt", "README.tex"}, false)
@@ -155,7 +155,7 @@ func TestRepoView_FindReadme(t *testing.T) {
 }
 
 func TestRepoViewFileLines(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, _ *url.URL) {
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		repo, _, f := tests.CreateDeclarativeRepo(t, user, "file-lines", []unit_model.Type{unit_model.TypeCode}, nil, []*files_service.ChangeRepoFile{
 			{
diff --git a/tests/integration/repo_watch_test.go b/tests/integration/repo_watch_test.go
index 0bcb039b01..8d6af5b381 100644
--- a/tests/integration/repo_watch_test.go
+++ b/tests/integration/repo_watch_test.go
@@ -13,7 +13,7 @@ import (
 )
 
 func TestRepoWatch(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		// Test round-trip auto-watch
 		setting.Service.AutoWatchOnChanges = true
 		session := loginUser(t, "user2")
diff --git a/tests/integration/repo_webhook_test.go b/tests/integration/repo_webhook_test.go
index ffddd47faa..aa2d7538a1 100644
--- a/tests/integration/repo_webhook_test.go
+++ b/tests/integration/repo_webhook_test.go
@@ -9,7 +9,7 @@ import (
 	"net/url"
 	"testing"
 
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/services/webhook"
 	"forgejo.org/tests"
 
@@ -447,7 +447,7 @@ func assertHasFlashMessages(t *testing.T, resp *httptest.ResponseRecorder, expec
 	seenKeys := make(map[string][]string, len(expectedKeys))
 
 	for _, cookie := range resp.Result().Cookies() {
-		if cookie.Name != gitea_context.CookieNameFlash {
+		if cookie.Name != app_context.CookieNameFlash {
 			continue
 		}
 		flash, _ := url.ParseQuery(cookie.Value)
diff --git a/tests/integration/repofiles_change_test.go b/tests/integration/repofiles_change_test.go
index 42d47c4591..1c3f86d001 100644
--- a/tests/integration/repofiles_change_test.go
+++ b/tests/integration/repofiles_change_test.go
@@ -250,7 +250,7 @@ func getExpectedFileResponseForRepofilesUpdate(commitID, filename, lastCommitSHA
 }
 
 func TestChangeRepoFiles(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 
@@ -414,7 +414,7 @@ func TestChangeRepoFiles(t *testing.T) {
 
 func TestChangeRepoFilesErrors(t *testing.T) {
 	// setup
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 
diff --git a/tests/integration/signing_git_test.go b/tests/integration/signing_git_test.go
index 7018b10376..7fbda358cf 100644
--- a/tests/integration/signing_git_test.go
+++ b/tests/integration/signing_git_test.go
@@ -35,7 +35,7 @@ func TestInstanceSigning(t *testing.T) {
 		require.NoError(t, git.InitFull(context.Background()))
 	})
 
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		defer test.MockVariableValue(&setting.Repository.Signing.SigningName, "UwU")()
 		defer test.MockVariableValue(&setting.Repository.Signing.SigningEmail, "fox@example.com")()
 		defer test.MockProtect(&setting.Repository.Signing.InitialCommit)()
diff --git a/tests/integration/ssh_key_test.go b/tests/integration/ssh_key_test.go
index a92694d2fa..156bcb137e 100644
--- a/tests/integration/ssh_key_test.go
+++ b/tests/integration/ssh_key_test.go
@@ -44,7 +44,7 @@ func doAddChangesToCheckout(dstPath, filename string) func(*testing.T) {
 }
 
 func TestPushDeployKeyOnEmptyRepo(t *testing.T) {
-	onGiteaRun(t, testPushDeployKeyOnEmptyRepo)
+	onApplicationRun(t, testPushDeployKeyOnEmptyRepo)
 }
 
 func testPushDeployKeyOnEmptyRepo(t *testing.T, u *url.URL) {
@@ -88,7 +88,7 @@ func testPushDeployKeyOnEmptyRepo(t *testing.T, u *url.URL) {
 }
 
 func TestKeyOnlyOneType(t *testing.T) {
-	onGiteaRun(t, testKeyOnlyOneType)
+	onApplicationRun(t, testKeyOnlyOneType)
 }
 
 func testKeyOnlyOneType(t *testing.T, u *url.URL) {
diff --git a/tests/integration/translations_test.go b/tests/integration/translations_test.go
index 7b80025618..d20355aca2 100644
--- a/tests/integration/translations_test.go
+++ b/tests/integration/translations_test.go
@@ -44,7 +44,7 @@ func TestMissingTranslationHandling(t *testing.T) {
 
 // TestDataSizeTranslation is a test for usage of TrSize in file size display
 func TestDataSizeTranslation(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		testUser := "user2"
 		testRepoName := "data_size_test"
 		noDigits := regexp.MustCompile("[0-9]+")
diff --git a/tests/integration/user_dashboard_test.go b/tests/integration/user_dashboard_test.go
index fefe5f1399..146358158d 100644
--- a/tests/integration/user_dashboard_test.go
+++ b/tests/integration/user_dashboard_test.go
@@ -45,7 +45,7 @@ func testUserDashboardFeedType(t *testing.T, page *HTMLDoc, isEmpty bool) {
 }
 
 func TestDashboardTitleRendering(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
 		sess := loginUser(t, user4.Name)
 
@@ -91,7 +91,7 @@ func TestDashboardTitleRendering(t *testing.T) {
 }
 
 func TestDashboardActionEscaping(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
 		sess := loginUser(t, user4.Name)
 
@@ -126,7 +126,7 @@ func TestDashboardActionEscaping(t *testing.T) {
 }
 
 func TestDashboardReviewWorkflows(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
 		sess := loginUser(t, user4.Name)
 
diff --git a/tests/integration/user_profile_test.go b/tests/integration/user_profile_test.go
index 0e3668f1d5..654ff0c094 100644
--- a/tests/integration/user_profile_test.go
+++ b/tests/integration/user_profile_test.go
@@ -11,16 +11,19 @@ import (
 
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
+	repo_service "forgejo.org/services/repository"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestUserProfile(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		checkReadme := func(t *testing.T, title, readmeFilename string, expectedCount int) {
 			t.Run(title, func(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()
@@ -112,5 +115,60 @@ quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequa
 				assert.NotContains(t, resp.Body.String(), "veniam")
 			})
 		})
+
+		t.Run("forked-profile-repo", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			// Create users
+			user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+			user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
+
+			// Create original .profile repository for user2
+			originalRepo, _, f1 := tests.CreateDeclarativeRepo(t, user2, ".profile", nil, nil, []*files_service.ChangeRepoFile{
+				{
+					Operation:     "update",
+					TreePath:      "README.md",
+					ContentReader: strings.NewReader("# Original Profile Content\nThis should show up on user2 profile."),
+				},
+			})
+			defer f1()
+
+			// Fork the .profile repository to user4
+			forkedRepo, err := repo_service.ForkRepositoryAndUpdates(git.DefaultContext, user2, user4, repo_service.ForkRepoOptions{
+				BaseRepo: originalRepo,
+				Name:     ".profile",
+			})
+			require.NoError(t, err)
+
+			// Verify that user2's profile shows the original content
+			req := NewRequest(t, "GET", "/user2")
+			resp := MakeRequest(t, req, http.StatusOK)
+			// Check if the content appears in the response body
+			bodyStr := resp.Body.String()
+			if strings.Contains(bodyStr, "Original Profile Content") {
+				// Original profile is working correctly
+				assert.Contains(t, bodyStr, "This should show up on user2 profile", "Original profile should render content")
+			}
+
+			// Verify that user4's profile does NOT show the forked content
+			// Since it's a fork, it should not render as a profile page (this is the main test)
+			req = NewRequest(t, "GET", "/user4")
+			resp = MakeRequest(t, req, http.StatusOK)
+			bodyStr = resp.Body.String()
+
+			// The main assertion: forked .profile content should NOT appear on user profile
+			assert.NotContains(t, bodyStr, "Original Profile Content", "Forked .profile repo should NOT render profile content")
+			assert.NotContains(t, bodyStr, "This should show up on user2 profile", "Forked .profile repo should NOT render profile content")
+
+			// Ensure the forked repository still exists and is accessible directly
+			req = NewRequest(t, "GET", "/user4/.profile")
+			resp = MakeRequest(t, req, http.StatusOK)
+			// The repository page should show the content (since it's the same as original)
+			assert.Contains(t, resp.Body.String(), "Original Profile Content", "Forked repo should still be accessible")
+
+			// Verify the fork relationship
+			assert.True(t, forkedRepo.IsFork, "Repository should be marked as a fork")
+			assert.Equal(t, originalRepo.ID, forkedRepo.ForkID, "Fork should reference original repository")
+		})
 	})
 }
diff --git a/tests/integration/user_recovery_test.go b/tests/integration/user_recovery_test.go
new file mode 100644
index 0000000000..94114c6b38
--- /dev/null
+++ b/tests/integration/user_recovery_test.go
@@ -0,0 +1,52 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/test"
+	"forgejo.org/modules/translation"
+	"forgejo.org/services/mailer"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestForgotPassword(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	test := func(t *testing.T, user *user_model.User, email *user_model.EmailAddress) {
+		t.Helper()
+
+		called := false
+		defer test.MockVariableValue(&mailer.SendAsync, func(msgs ...*mailer.Message) {
+			assert.Len(t, msgs, 1)
+			assert.Equal(t, user.EmailTo(), msgs[0].To)
+			assert.EqualValues(t, translation.NewLocale("en-US").Tr("mail.reset_password"), msgs[0].Subject)
+			assert.Contains(t, msgs[0].Body, translation.NewLocale("en-US").Tr("mail.reset_password.text", "3 hours"))
+			called = true
+		})()
+
+		req := NewRequestWithValues(t, "POST", "/user/forgot_password", map[string]string{
+			"_csrf": GetCSRF(t, emptyTestSession(t), "/user/forgot_password"),
+			"email": email.Email,
+		})
+		MakeRequest(t, req, http.StatusOK)
+
+		assert.True(t, called)
+	}
+	t.Run("Unactivated email address", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		test(t, unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 11}), unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{UID: 11}, "is_activated = false"))
+	})
+
+	t.Run("Activated email address", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		test(t, unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 12}), unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{UID: 12}, "is_activated = true"))
+	})
+}
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index fd5c85e970..0e993636c7 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -26,7 +26,7 @@ import (
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/translation"
-	gitea_context "forgejo.org/services/context"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/services/mailer"
 	"forgejo.org/tests"
 
@@ -917,7 +917,7 @@ func TestUserTOTPReenroll(t *testing.T) {
 	})
 	session.MakeRequest(t, req, http.StatusSeeOther)
 
-	flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+	flashCookie := session.GetCookie(app_context.CookieNameFlash)
 	assert.NotNil(t, flashCookie)
 	assert.Contains(t, flashCookie.Value, "success%3DYour%2Baccount%2Bhas%2Bbeen%2Bsuccessfully%2Benrolled.")
 }
@@ -945,7 +945,7 @@ func TestUserTOTPDisable(t *testing.T) {
 			session.MakeRequest(t, req, status)
 		}
 		if flashMessage != "" {
-			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			flashCookie := session.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			if disableAllowed {
 				assert.Contains(t, flashCookie.Value, fmt.Sprintf("success%%3D%s", flashMessage))
diff --git a/tests/integration/view_test.go b/tests/integration/view_test.go
index 80371b84ce..0a210a5155 100644
--- a/tests/integration/view_test.go
+++ b/tests/integration/view_test.go
@@ -36,7 +36,7 @@ func TestRenderFileSVGIsInImgTag(t *testing.T) {
 }
 
 func TestAmbiguousCharacterDetection(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 
@@ -132,7 +132,7 @@ func TestAmbiguousCharacterDetection(t *testing.T) {
 }
 
 func TestCommitListActions(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 		repo, commitID, f := tests.CreateDeclarativeRepo(t, user2, "",
diff --git a/tests/integration/webhook_test.go b/tests/integration/webhook_test.go
index 6d92a16dd8..3eef54f50c 100644
--- a/tests/integration/webhook_test.go
+++ b/tests/integration/webhook_test.go
@@ -25,7 +25,7 @@ import (
 )
 
 func TestWebhookPayloadRef(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		w := unittest.AssertExistsAndLoadBean(t, &webhook_model.Webhook{ID: 1})
 		w.HookEvent = &webhook_module.HookEvent{
 			SendEverything: true,
diff --git a/tests/integration/wiki_test.go b/tests/integration/wiki_test.go
index 2949038f1f..47986177d7 100644
--- a/tests/integration/wiki_test.go
+++ b/tests/integration/wiki_test.go
@@ -34,7 +34,7 @@ func assertFileEqual(t *testing.T, p string, content []byte) {
 }
 
 func TestRepoCloneWiki(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		dstPath := t.TempDir()
 
 		r := fmt.Sprintf("%suser2/repo1.wiki.git", u.String())
diff --git a/tests/mysql.ini.tmpl b/tests/mysql.ini.tmpl
index 055cc091c5..e50d5c4792 100644
--- a/tests/mysql.ini.tmpl
+++ b/tests/mysql.ini.tmpl
@@ -125,3 +125,11 @@ ENABLED = false
 
 [cron.check_repo_stats]
 ENABLED = false
+
+# For iframe rendering tests
+[markup.iframehtml]
+ENABLED = true
+FILE_EXTENSIONS = .iframehtml
+RENDER_COMMAND = cat
+RENDER_CONTENT_MODE = iframe
+NEED_POSTPROCESS = false
diff --git a/tests/pgsql.ini.tmpl b/tests/pgsql.ini.tmpl
index 0293817c6e..4c494941c3 100644
--- a/tests/pgsql.ini.tmpl
+++ b/tests/pgsql.ini.tmpl
@@ -139,3 +139,11 @@ ENABLED = false
 
 [cron.check_repo_stats]
 ENABLED = false
+
+# For iframe rendering tests
+[markup.iframehtml]
+ENABLED = true
+FILE_EXTENSIONS = .iframehtml
+RENDER_COMMAND = cat
+RENDER_CONTENT_MODE = iframe
+NEED_POSTPROCESS = false
diff --git a/tests/sqlite.ini.tmpl b/tests/sqlite.ini.tmpl
index 6a08bce8ea..0514c684e6 100644
--- a/tests/sqlite.ini.tmpl
+++ b/tests/sqlite.ini.tmpl
@@ -126,3 +126,11 @@ ENABLED = false
 
 [cron.check_repo_stats]
 ENABLED = false
+
+# For iframe rendering tests
+[markup.iframehtml]
+ENABLED = true
+FILE_EXTENSIONS = .iframehtml
+RENDER_COMMAND = cat
+RENDER_CONTENT_MODE = iframe
+NEED_POSTPROCESS = false
diff --git a/web_src/css/admin.css b/web_src/css/admin.css
index e6866b27a6..873b1bf91e 100644
--- a/web_src/css/admin.css
+++ b/web_src/css/admin.css
@@ -29,8 +29,8 @@
   min-width: 100px;
 }
 
-.admin code,
-.admin pre {
+:is(.admin, #detail-modal) code,
+:is(.admin, #detail-modal) pre {
   white-space: pre-wrap;
   word-wrap: break-word;
 }
diff --git a/web_src/css/base.css b/web_src/css/base.css
index af23ecf2c2..b6c0b9cf49 100644
--- a/web_src/css/base.css
+++ b/web_src/css/base.css
@@ -1,6 +1,6 @@
 :root {
   /* fonts */
-  --fonts-proportional: -apple-system, "Segoe UI", system-ui, Roboto, "Helvetica Neue", Arial;
+  --fonts-proportional: -apple-system, "Segoe UI", system-ui, "Noto Sans", "Noto Sans Hebrew", Roboto, "Helvetica Neue", Arial;
   --fonts-monospace: ui-monospace, SFMono-Regular, "SF Mono", Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace, var(--fonts-emoji);
   --fonts-emoji: "Apple Color Emoji", "Segoe UI Emoji", "Noto Color Emoji", "Twemoji Mozilla";
   /* font weights - use between 400 and 600 for general purposes. Avoid 700 as it is perceived too bold */
@@ -50,7 +50,7 @@
 }
 
 :root * {
-  --fonts-regular: var(--fonts-override, var(--fonts-proportional)), "Noto Sans", "Liberation Sans", sans-serif, var(--fonts-emoji);
+  --fonts-regular: var(--fonts-override, var(--fonts-proportional)), "Liberation Sans", sans-serif, var(--fonts-emoji);
 }
 
 *, ::before, ::after {
@@ -265,28 +265,6 @@ h1.error-code {
   user-select: none;
 }
 
-.button-row {
-  gap: var(--button-spacing);
-}
-
-.button-sequence {
-  display: flex;
-  flex-flow: wrap;
-  gap: var(--button-spacing);
-}
-
-.button-sequence.right {
-  justify-content: end;
-}
-
-.button-sequence .ui.button {
-  margin: 0 !important;
-}
-
-.button-row .ui.button {
-  margin-right: 0;
-}
-
 .ui.partial.secondary.menu {
   margin-bottom: 0;
 }
@@ -671,11 +649,11 @@ img.ui.avatar,
 }
 
 .text.red {
-  color: var(--color-red) !important;
+  color: var(--color-thin-red, var(--color-red)) !important;
 }
 
 .text.orange {
-  color: var(--color-orange) !important;
+  color: var(--color-thin-orange, var(--color-orange)) !important;
 }
 
 .text.yellow {
@@ -683,7 +661,7 @@ img.ui.avatar,
 }
 
 .text.green {
-  color: var(--color-green) !important;
+  color: var(--color-thin-green, var(--color-green)) !important;
 }
 
 .text.teal {
@@ -695,7 +673,7 @@ img.ui.avatar,
 }
 
 .text.purple {
-  color: var(--color-purple) !important;
+  color: var(--color-thin-purple, var(--color-purple)) !important;
 }
 
 .text.brown {
@@ -1023,20 +1001,6 @@ overflow-menu .ui.label {
   color: var(--color-secondary-dark-2) !important;
 }
 
-/* colors of colorful icons */
-svg.text.green,
-.text.green svg {
-  color: var(--color-icon-green) !important;
-}
-svg.text.red,
-.text.red svg {
-  color: var(--color-icon-red) !important;
-}
-svg.text.purple,
-.text.purple svg {
-  color: var(--color-icon-purple) !important;
-}
-
 .oauth2-authorize-application-box {
   margin-top: 3em !important;
 }
diff --git a/web_src/css/editor/combomarkdowneditor.css b/web_src/css/editor/combomarkdowneditor.css
index b151080c64..77af4cb87b 100644
--- a/web_src/css/editor/combomarkdowneditor.css
+++ b/web_src/css/editor/combomarkdowneditor.css
@@ -11,12 +11,8 @@
   flex-wrap: wrap;
 }
 
-.markdown-toolbar-switch {
-  display: flex;
-  height: 30px;
-}
-.markdown-toolbar-switch .switch .item {
-  padding: 0.25em 1em;
+:root markdown-toolbar .switch {
+  --switch-item-min-height: 2rem;
 }
 
 .markdown-toolbar-hidden .markdown-toolbar-button {
@@ -84,7 +80,7 @@
 }
 
 text-expander {
-  display: block;
+  display: flex;
   position: relative;
 }
 
diff --git a/web_src/css/index.css b/web_src/css/index.css
index 8cb25d8185..feb84f1cf7 100644
--- a/web_src/css/index.css
+++ b/web_src/css/index.css
@@ -2,7 +2,7 @@
 @import "./modules/animations.css";
 
 /* fomantic replacements */
-@import "./modules/button.css";
+@import "./modules/button-legacy.css";
 @import "./modules/container.css";
 @import "./modules/divider.css";
 @import "./modules/header.css";
@@ -20,6 +20,7 @@
 @import "./modules/dimmer.css";
 @import "./modules/dialog.css";
 
+@import "./modules/button.css";
 @import "./modules/switch.css";
 @import "./modules/dropdown.css";
 @import "./modules/select.css";
@@ -32,6 +33,7 @@
 @import "./modules/flexcontainer.css";
 @import "./modules/user-cards.css";
 @import "./modules/hashbox.css";
+@import "./modules/stats-bar.css";
 
 @import "./shared/flex-list.css";
 @import "./shared/milestone.css";
diff --git a/web_src/css/modules/button-legacy.css b/web_src/css/modules/button-legacy.css
new file mode 100644
index 0000000000..469a309a11
--- /dev/null
+++ b/web_src/css/modules/button-legacy.css
@@ -0,0 +1,592 @@
+/* this contains override styles for buttons and related elements */
+
+/* these styles changed the Fomantic UI's rules, Fomantic UI expects only "basic" buttons have borders */
+.ui.button {
+  background: var(--color-button);
+  border: 1px solid var(--color-light-border);
+  color: var(--color-text);
+}
+
+.ui.button:hover,
+.ui.button:focus {
+  background: var(--color-hover);
+  color: var(--color-text);
+}
+
+.page-content .ui.button {
+  box-shadow: none !important;
+}
+
+.ui.active.button,
+.ui.button:active,
+.ui.active.button:active,
+.ui.active.button:hover,
+.ui.active.button:focus {
+  background: var(--color-active);
+  color: var(--color-text);
+}
+
+.delete-button,
+.delete-button:hover,
+.delete-button:focus {
+  color: var(--color-red);
+}
+
+/* btn is a plain button without any opinionated styling, it only uses flex for vertical alignment like ".ui.button" in base.css */
+
+.btn {
+  background: transparent;
+  border-radius: var(--border-radius);
+  border: none;
+  color: inherit;
+  margin: 0;
+  padding: 0;
+}
+
+.btn:hover,
+.btn:active,
+.btn:focus {
+  background: none;
+  border: none;
+}
+
+a.btn,
+a.btn:hover {
+  color: inherit;
+}
+
+/* By default, Fomantic UI doesn't support "bordered" buttons group, but Gitea would like to use it.
+And the default buttons always have borders now (not the same as Fomantic UI's default buttons, see above).
+It needs some tricks to tweak the left/right borders with active state */
+
+.ui.buttons .button {
+  border-right: none;
+}
+
+.ui.buttons .button:hover {
+  border-color: var(--color-secondary-dark-2);
+}
+
+.ui.buttons .button:hover + .button {
+  border-left: 1px solid var(--color-secondary-dark-2);
+}
+
+/* TODO: these "tw-hidden" selectors are only used by "blame.tmpl" buttons: Raw/Normal View/History/Unescape, need to be refactored to a clear solution later */
+.ui.buttons .button:first-child,
+.ui.buttons .button.tw-hidden:first-child + .button {
+  border-left: 1px solid var(--color-light-border);
+}
+
+.ui.buttons .button:last-child,
+.ui.buttons .button:nth-last-child(2):has(+ .button.tw-hidden) {
+  border-right: 1px solid var(--color-light-border);
+}
+
+.ui.buttons .button.active {
+  border-left: 1px solid var(--color-light-border);
+  border-right: 1px solid var(--color-light-border);
+}
+
+.ui.buttons .button.active + .button {
+  border-left: none;
+}
+
+.ui.basic.buttons .button,
+.ui.basic.button,
+.ui.basic.buttons .button:hover,
+.ui.basic.button:hover {
+  box-shadow: none;
+}
+
+/* apply the vertical padding of .compact to non-compact buttons when they contain a svg as they
+   would otherwise appear too large. Seen on "RSS Feed" button on repo releases tab. */
+.ui.small.button:not(.compact):has(.svg) {
+  padding-top: 0.58928571em;
+  padding-bottom: 0.58928571em;
+}
+
+.ui.labeled.button.disabled > .button,
+.ui.basic.buttons .button,
+.ui.basic.button {
+  color: var(--color-text-light);
+  background: var(--color-button);
+}
+
+.ui.basic.buttons .button:hover,
+.ui.basic.button:hover,
+.ui.basic.buttons .button:focus,
+.ui.basic.button:focus {
+  color: var(--color-text);
+  background: var(--color-hover);
+  border-color: var(--color-secondary-dark-2);
+}
+
+.ui.basic.buttons .button:active,
+.ui.basic.button:active,
+.ui.basic.buttons .active.button,
+.ui.basic.active.button,
+.ui.basic.buttons .active.button:hover,
+.ui.basic.active.button:hover,
+.ui.basic.buttons .active.button:focus,
+.ui.basic.active.button:focus {
+  color: var(--color-text);
+  background: var(--color-active);
+}
+
+.ui.labeled.button > .label {
+  border-color: var(--color-light-border);
+}
+
+.ui.labeled.icon.buttons > .button > .icon,
+.ui.labeled.icon.button > .icon {
+  background: var(--color-hover);
+}
+
+/* primary */
+
+.ui.primary.labels .label,
+.ui.ui.ui.primary.label,
+.ui.primary.button,
+.ui.primary.buttons .button {
+  background: var(--color-primary);
+  color: var(--color-primary-contrast);
+}
+
+.ui.primary.button:hover,
+.ui.primary.buttons .button:hover,
+.ui.primary.button:focus,
+.ui.primary.buttons .button:focus {
+  background: var(--color-primary-hover);
+  color: var(--color-primary-contrast);
+}
+
+.ui.primary.button:active,
+.ui.primary.buttons .button:active {
+  background: var(--color-primary-active);
+}
+
+.ui.basic.primary.buttons .button,
+.ui.basic.primary.button {
+  color: var(--color-primary);
+  border-color: var(--color-primary);
+}
+
+.ui.basic.primary.buttons .button:hover,
+.ui.basic.primary.button:hover,
+.ui.basic.primary.buttons .button:focus,
+.ui.basic.primary.button:focus {
+  color: var(--color-primary-hover);
+  border-color: var(--color-primary-hover);
+}
+
+.ui.basic.primary.buttons .button:active,
+.ui.basic.primary.button:active {
+  color: var(--color-primary-active);
+  border-color: var(--color-primary-active);
+}
+
+/* secondary */
+
+.ui.secondary.labels .label,
+.ui.ui.ui.secondary.label,
+.ui.secondary.button,
+.ui.secondary.buttons .button,
+.ui.secondary.button:focus,
+.ui.secondary.buttons .button:focus {
+  background: var(--color-secondary-button);
+}
+
+.ui.secondary.button:hover,
+.ui.secondary.buttons .button:hover {
+  background: var(--color-secondary-hover);
+}
+
+.ui.secondary.button:active,
+.ui.secondary.buttons .button:active {
+  background: var(--color-secondary-active);
+}
+
+.ui.basic.secondary.buttons .button,
+.ui.basic.secondary.button {
+  color: var(--color-secondary-button);
+  border-color: var(--color-secondary-button);
+}
+
+.ui.basic.secondary.buttons .button:hover,
+.ui.basic.secondary.button:hover,
+.ui.basic.secondary.button:focus,
+.ui.basic.secondary.buttons .button:focus {
+  color: var(--color-secondary-hover);
+  border-color: var(--color-secondary-hover);
+}
+
+.ui.basic.secondary.buttons .button:active,
+.ui.basic.secondary.button:active {
+  color: var(--color-secondary-active);
+  border-color: var(--color-secondary-active);
+}
+
+/* red */
+
+.ui.red.labels .label,
+.ui.ui.ui.red.label,
+.ui.red.button,
+.ui.red.buttons .button {
+  background: var(--color-red);
+}
+
+.ui.red.button:hover,
+.ui.red.buttons .button:hover,
+.ui.red.button:focus,
+.ui.red.buttons .button:focus {
+  background: var(--color-red-dark-1);
+}
+
+.ui.red.button:active,
+.ui.red.buttons .button:active {
+  background: var(--color-red-dark-2);
+}
+
+.ui.basic.red.buttons .button,
+.ui.basic.red.button {
+  color: var(--color-red);
+  border-color: var(--color-red);
+}
+
+.ui.basic.red.buttons .button:hover,
+.ui.basic.red.button:hover,
+.ui.basic.red.buttons .button:focus,
+.ui.basic.red.button:focus {
+  color: var(--color-red-dark-1);
+  border-color: var(--color-red-dark-1);
+}
+
+.ui.basic.red.buttons .button:active,
+.ui.basic.red.button:active {
+  color: var(--color-red-dark-2);
+  border-color: var(--color-red-dark-2);
+}
+
+/* orange */
+
+.ui.orange.labels .label,
+.ui.ui.ui.orange.label,
+.ui.orange.button,
+.ui.orange.buttons .button,
+.ui.orange.button:focus,
+.ui.orange.buttons .button:focus {
+  background: var(--color-orange);
+}
+
+.ui.orange.button:hover,
+.ui.orange.buttons .button:hover {
+  background: var(--color-orange-dark-1);
+}
+
+.ui.orange.button:active,
+.ui.orange.buttons .button:active {
+  background: var(--color-orange-dark-2);
+}
+
+.ui.basic.orange.buttons .button,
+.ui.basic.orange.button,
+.ui.basic.orange.buttons .button:focus,
+.ui.basic.orange.button:focus {
+  color: var(--color-orange);
+  border-color: var(--color-orange);
+}
+
+.ui.basic.orange.buttons .button:hover,
+.ui.basic.orange.button:hover {
+  color: var(--color-orange-dark-1);
+  border-color: var(--color-orange-dark-1);
+}
+
+.ui.basic.orange.buttons .button:active,
+.ui.basic.orange.button:active {
+  color: var(--color-orange-dark-2);
+  border-color: var(--color-orange-dark-2);
+}
+
+/* yellow */
+
+.ui.yellow.labels .label,
+.ui.ui.ui.yellow.label,
+.ui.yellow.button,
+.ui.yellow.buttons .button,
+.ui.yellow.button:focus,
+.ui.yellow.buttons .button:focus {
+  background: var(--color-yellow);
+}
+
+.ui.yellow.button:hover,
+.ui.yellow.buttons .button:hover {
+  background: var(--color-yellow-dark-1);
+}
+
+.ui.yellow.button:active,
+.ui.yellow.buttons .button:active {
+  background: var(--color-yellow-dark-2);
+}
+
+.ui.basic.yellow.buttons .button,
+.ui.basic.yellow.button,
+.ui.basic.yellow.buttons .button:focus,
+.ui.basic.yellow.button:focus {
+  color: var(--color-yellow);
+  border-color: var(--color-yellow);
+}
+
+.ui.basic.yellow.buttons .button:hover,
+.ui.basic.yellow.button:hover {
+  color: var(--color-yellow-dark-1);
+  border-color: var(--color-yellow-dark-1);
+}
+
+.ui.basic.yellow.buttons .button:active,
+.ui.basic.yellow.button:active {
+  color: var(--color-yellow-dark-2);
+  border-color: var(--color-yellow-dark-2);
+}
+
+/* green */
+
+.ui.green.labels .label,
+.ui.ui.ui.green.label,
+.ui.green.button,
+.ui.green.buttons .button,
+.ui.green.button:focus,
+.ui.green.buttons .button:focus {
+  background: var(--color-green);
+}
+
+.ui.green.button:hover,
+.ui.green.buttons .button:hover {
+  background: var(--color-green-dark-1);
+}
+
+.ui.green.button:active,
+.ui.green.buttons .button:active {
+  background: var(--color-green-dark-2);
+}
+
+.ui.basic.green.buttons .button,
+.ui.basic.green.button,
+.ui.basic.green.buttons .button:focus,
+.ui.basic.green.button:focus {
+  color: var(--color-green);
+  border-color: var(--color-green);
+}
+
+.ui.basic.green.buttons .button:hover,
+.ui.basic.green.button:hover {
+  color: var(--color-green-dark-1);
+  border-color: var(--color-green-dark-1);
+}
+
+.ui.basic.green.buttons .button:active,
+.ui.basic.green.button:active {
+  color: var(--color-green-dark-2);
+  border-color: var(--color-green-dark-2);
+}
+
+/* teal */
+
+.ui.teal.labels .label,
+.ui.ui.ui.teal.label,
+.ui.teal.button,
+.ui.teal.buttons .button,
+.ui.teal.button:focus,
+.ui.teal.buttons .button:focus {
+  background: var(--color-teal);
+}
+
+.ui.teal.button:hover,
+.ui.teal.buttons .button:hover {
+  background: var(--color-teal-dark-1);
+}
+
+.ui.teal.button:active,
+.ui.teal.buttons .button:active {
+  background: var(--color-teal-dark-2);
+}
+
+.ui.basic.teal.buttons .button,
+.ui.basic.teal.button,
+.ui.basic.teal.buttons .button:focus,
+.ui.basic.teal.button:focus {
+  color: var(--color-teal);
+  border-color: var(--color-teal);
+}
+
+.ui.basic.teal.buttons .button:hover,
+.ui.basic.teal.button:hover {
+  color: var(--color-teal-dark-1);
+  border-color: var(--color-teal-dark-1);
+}
+
+.ui.basic.teal.buttons .button:active,
+.ui.basic.teal.button:active {
+  color: var(--color-teal-dark-2);
+  border-color: var(--color-teal-dark-2);
+}
+
+/* purple */
+
+.ui.purple.labels .label,
+.ui.ui.ui.purple.label,
+.ui.purple.button,
+.ui.purple.buttons .button,
+.ui.purple.button:focus,
+.ui.purple.buttons .button:focus {
+  background: var(--color-purple);
+}
+
+.ui.purple.button:hover,
+.ui.purple.buttons .button:hover {
+  background: var(--color-purple-dark-1);
+}
+
+.ui.purple.button:active,
+.ui.purple.buttons .button:active {
+  background: var(--color-purple-dark-2);
+}
+
+.ui.basic.purple.buttons .button,
+.ui.basic.purple.button,
+.ui.basic.purple.buttons .button:focus,
+.ui.basic.purple.button:focus {
+  color: var(--color-purple);
+  border-color: var(--color-purple);
+}
+
+.ui.basic.purple.buttons .button:hover,
+.ui.basic.purple.button:hover {
+  color: var(--color-purple-dark-1);
+  border-color: var(--color-purple-dark-1);
+}
+
+.ui.basic.purple.buttons .button:active,
+.ui.basic.purple.button:active {
+  color: var(--color-purple-dark-2);
+  border-color: var(--color-purple-dark-2);
+}
+
+/* brown */
+
+.ui.brown.labels .label,
+.ui.ui.ui.brown.label,
+.ui.brown.button,
+.ui.brown.buttons .button,
+.ui.brown.button:focus,
+.ui.brown.buttons .button:focus {
+  background: var(--color-brown);
+}
+
+.ui.brown.button:hover,
+.ui.brown.buttons .button:hover {
+  background: var(--color-brown-dark-1);
+}
+
+.ui.brown.button:active,
+.ui.brown.buttons .button:active {
+  background: var(--color-brown-dark-2);
+}
+
+.ui.basic.brown.buttons .button,
+.ui.basic.brown.button,
+.ui.basic.brown.buttons .button:focus,
+.ui.basic.brown.button:focus {
+  color: var(--color-brown);
+  border-color: var(--color-brown);
+}
+
+.ui.basic.brown.buttons .button:hover,
+.ui.basic.brown.button:hover {
+  color: var(--color-brown-dark-1);
+  border-color: var(--color-brown-dark-1);
+}
+
+.ui.basic.brown.buttons .button:active,
+.ui.basic.brown.button:active {
+  color: var(--color-brown-dark-2);
+  border-color: var(--color-brown-dark-2);
+}
+
+/* negative */
+
+.ui.negative.buttons .button,
+.ui.negative.button,
+.ui.negative.buttons .button:focus,
+.ui.negative.button:focus {
+  background: var(--color-red);
+}
+
+.ui.negative.buttons .button:hover,
+.ui.negative.button:hover {
+  background: var(--color-red-dark-1);
+}
+
+.ui.negative.buttons .button:active,
+.ui.negative.button:active {
+  background: var(--color-red-dark-2);
+}
+
+.ui.basic.negative.buttons .button,
+.ui.basic.negative.button,
+.ui.basic.negative.buttons .button:focus,
+.ui.basic.negative.button:focus {
+  color: var(--color-red);
+  border-color: var(--color-red);
+}
+
+.ui.basic.negative.buttons .button:hover,
+.ui.basic.negative.button:hover {
+  color: var(--color-red-dark-1);
+  border-color: var(--color-red-dark-1);
+}
+
+.ui.basic.negative.buttons .button:active,
+.ui.basic.negative.button:active {
+  color: var(--color-red-dark-2);
+  border-color: var(--color-red-dark-2);
+}
+
+/* positive */
+
+.ui.positive.buttons .button,
+.ui.positive.button,
+.ui.positive.buttons .button:focus,
+.ui.positive.button:focus {
+  background: var(--color-green);
+}
+
+.ui.positive.buttons .button:hover,
+.ui.positive.button:hover {
+  background: var(--color-green-dark-1);
+}
+
+.ui.positive.buttons .button:active,
+.ui.positive.button:active {
+  background: var(--color-green-dark-2);
+}
+
+.ui.basic.positive.buttons .button,
+.ui.basic.positive.button,
+.ui.basic.positive.buttons .button:focus,
+.ui.basic.positive.button:focus {
+  color: var(--color-green);
+  border-color: var(--color-green);
+}
+
+.ui.basic.positive.buttons .button:hover,
+.ui.basic.positive.button:hover {
+  color: var(--color-green-dark-1);
+  border-color: var(--color-green-dark-1);
+}
+
+.ui.basic.positive.buttons .button:active,
+.ui.basic.positive.button:active {
+  color: var(--color-green-dark-2);
+  border-color: var(--color-green-dark-2);
+}
diff --git a/web_src/css/modules/button.css b/web_src/css/modules/button.css
index 469a309a11..5ebc699c99 100644
--- a/web_src/css/modules/button.css
+++ b/web_src/css/modules/button.css
@@ -1,592 +1,94 @@
-/* this contains override styles for buttons and related elements */
+/* Copyright 2024-2025 The Forgejo Authors. All rights reserved.
+ * SPDX-License-Identifier: GPL-3.0-or-later */
 
-/* these styles changed the Fomantic UI's rules, Fomantic UI expects only "basic" buttons have borders */
-.ui.button {
-  background: var(--color-button);
-  border: 1px solid var(--color-light-border);
-  color: var(--color-text);
+:root {
+  --button-min-height: 36px;
+  --button-padding-inline: 1.35rem;
 }
 
-.ui.button:hover,
-.ui.button:focus {
-  background: var(--color-hover);
-  color: var(--color-text);
+:root .small.button,
+:root .small.button-row,
+:root .small.button-sequence {
+  --button-min-height: 34px;
+  --button-padding-inline: 1.25rem;
 }
 
-.page-content .ui.button {
-  box-shadow: none !important;
+@media (pointer: coarse) {
+  :root {
+    --button-min-height: 40px;
+  }
+
+  :root .small.button,
+  :root .small.button-row,
+  :root .small.button-sequence {
+    --button-min-height: 38px;
+  }
 }
 
-.ui.active.button,
-.ui.button:active,
-.ui.active.button:active,
-.ui.active.button:hover,
-.ui.active.button:focus {
-  background: var(--color-active);
-  color: var(--color-text);
-}
-
-.delete-button,
-.delete-button:hover,
-.delete-button:focus {
-  color: var(--color-red);
-}
-
-/* btn is a plain button without any opinionated styling, it only uses flex for vertical alignment like ".ui.button" in base.css */
-
-.btn {
-  background: transparent;
+.button {
+  display: inline-flex;
+  align-items: center;
+  min-height: var(--button-min-height);
+  padding-block: 0;
+  padding-inline: var(--button-padding-inline);
+  justify-content: center;
+  gap: 0.5rem;
   border-radius: var(--border-radius);
-  border: none;
-  color: inherit;
-  margin: 0;
-  padding: 0;
 }
 
-.btn:hover,
-.btn:active,
-.btn:focus {
-  background: none;
-  border: none;
+.button:hover,
+.button:focus {
+  text-decoration: none;
 }
 
-a.btn,
-a.btn:hover {
-  color: inherit;
-}
-
-/* By default, Fomantic UI doesn't support "bordered" buttons group, but Gitea would like to use it.
-And the default buttons always have borders now (not the same as Fomantic UI's default buttons, see above).
-It needs some tricks to tweak the left/right borders with active state */
-
-.ui.buttons .button {
-  border-right: none;
-}
-
-.ui.buttons .button:hover {
-  border-color: var(--color-secondary-dark-2);
-}
-
-.ui.buttons .button:hover + .button {
-  border-left: 1px solid var(--color-secondary-dark-2);
-}
-
-/* TODO: these "tw-hidden" selectors are only used by "blame.tmpl" buttons: Raw/Normal View/History/Unescape, need to be refactored to a clear solution later */
-.ui.buttons .button:first-child,
-.ui.buttons .button.tw-hidden:first-child + .button {
-  border-left: 1px solid var(--color-light-border);
-}
-
-.ui.buttons .button:last-child,
-.ui.buttons .button:nth-last-child(2):has(+ .button.tw-hidden) {
-  border-right: 1px solid var(--color-light-border);
-}
-
-.ui.buttons .button.active {
-  border-left: 1px solid var(--color-light-border);
-  border-right: 1px solid var(--color-light-border);
-}
-
-.ui.buttons .button.active + .button {
-  border-left: none;
-}
-
-.ui.basic.buttons .button,
-.ui.basic.button,
-.ui.basic.buttons .button:hover,
-.ui.basic.button:hover {
-  box-shadow: none;
-}
-
-/* apply the vertical padding of .compact to non-compact buttons when they contain a svg as they
-   would otherwise appear too large. Seen on "RSS Feed" button on repo releases tab. */
-.ui.small.button:not(.compact):has(.svg) {
-  padding-top: 0.58928571em;
-  padding-bottom: 0.58928571em;
-}
-
-.ui.labeled.button.disabled > .button,
-.ui.basic.buttons .button,
-.ui.basic.button {
-  color: var(--color-text-light);
-  background: var(--color-button);
-}
-
-.ui.basic.buttons .button:hover,
-.ui.basic.button:hover,
-.ui.basic.buttons .button:focus,
-.ui.basic.button:focus {
-  color: var(--color-text);
-  background: var(--color-hover);
-  border-color: var(--color-secondary-dark-2);
-}
-
-.ui.basic.buttons .button:active,
-.ui.basic.button:active,
-.ui.basic.buttons .active.button,
-.ui.basic.active.button,
-.ui.basic.buttons .active.button:hover,
-.ui.basic.active.button:hover,
-.ui.basic.buttons .active.button:focus,
-.ui.basic.active.button:focus {
-  color: var(--color-text);
-  background: var(--color-active);
-}
-
-.ui.labeled.button > .label {
-  border-color: var(--color-light-border);
-}
-
-.ui.labeled.icon.buttons > .button > .icon,
-.ui.labeled.icon.button > .icon {
-  background: var(--color-hover);
-}
-
-/* primary */
-
-.ui.primary.labels .label,
-.ui.ui.ui.primary.label,
-.ui.primary.button,
-.ui.primary.buttons .button {
+.button.primary {
   background: var(--color-primary);
   color: var(--color-primary-contrast);
 }
 
-.ui.primary.button:hover,
-.ui.primary.buttons .button:hover,
-.ui.primary.button:focus,
-.ui.primary.buttons .button:focus {
+.button.primary:hover,
+.button.primary:focus {
   background: var(--color-primary-hover);
-  color: var(--color-primary-contrast);
 }
 
-.ui.primary.button:active,
-.ui.primary.buttons .button:active {
-  background: var(--color-primary-active);
+.button.secondary {
+  background: var(--color-button);
+  border: 1px solid var(--color-light-border);
+  color: var(--color-text-light);
 }
 
-.ui.basic.primary.buttons .button,
-.ui.basic.primary.button {
-  color: var(--color-primary);
-  border-color: var(--color-primary);
+.button.secondary:hover,
+.button.secondary:focus {
+  color: var(--color-text);
 }
 
-.ui.basic.primary.buttons .button:hover,
-.ui.basic.primary.button:hover,
-.ui.basic.primary.buttons .button:focus,
-.ui.basic.primary.button:focus {
-  color: var(--color-primary-hover);
-  border-color: var(--color-primary-hover);
+/* Dropdown openers should be at least tall as buttons they are in line with, and
+ * as wide as they are tall */
+.button-row details.dropdown summary,
+.button-sequence details.dropdown summary {
+  min-height: var(--button-min-height);
+  min-width: var(--button-min-height);
 }
 
-.ui.basic.primary.buttons .button:active,
-.ui.basic.primary.button:active {
-  color: var(--color-primary-active);
-  border-color: var(--color-primary-active);
+/* button-row is a simple helper made to improve consistency of fomantic buttons
+ * placed in a row. It provides gap and cancels out fomantic's margins */
+.button-row {
+  gap: var(--button-spacing);
 }
 
-/* secondary */
-
-.ui.secondary.labels .label,
-.ui.ui.ui.secondary.label,
-.ui.secondary.button,
-.ui.secondary.buttons .button,
-.ui.secondary.button:focus,
-.ui.secondary.buttons .button:focus {
-  background: var(--color-secondary-button);
-}
-
-.ui.secondary.button:hover,
-.ui.secondary.buttons .button:hover {
-  background: var(--color-secondary-hover);
-}
-
-.ui.secondary.button:active,
-.ui.secondary.buttons .button:active {
-  background: var(--color-secondary-active);
-}
-
-.ui.basic.secondary.buttons .button,
-.ui.basic.secondary.button {
-  color: var(--color-secondary-button);
-  border-color: var(--color-secondary-button);
-}
-
-.ui.basic.secondary.buttons .button:hover,
-.ui.basic.secondary.button:hover,
-.ui.basic.secondary.button:focus,
-.ui.basic.secondary.buttons .button:focus {
-  color: var(--color-secondary-hover);
-  border-color: var(--color-secondary-hover);
-}
-
-.ui.basic.secondary.buttons .button:active,
-.ui.basic.secondary.button:active {
-  color: var(--color-secondary-active);
-  border-color: var(--color-secondary-active);
-}
-
-/* red */
-
-.ui.red.labels .label,
-.ui.ui.ui.red.label,
-.ui.red.button,
-.ui.red.buttons .button {
-  background: var(--color-red);
-}
-
-.ui.red.button:hover,
-.ui.red.buttons .button:hover,
-.ui.red.button:focus,
-.ui.red.buttons .button:focus {
-  background: var(--color-red-dark-1);
+/* button-sequence is a more complex helper that has wrap. Using it is preferred
+ * but also requires deeper consideration */
+.button-sequence {
+  display: flex;
+  flex-flow: wrap;
+  gap: var(--button-spacing);
 }
 
-.ui.red.button:active,
-.ui.red.buttons .button:active {
-  background: var(--color-red-dark-2);
+/* Fomantic buttons have annoying margins to set distance between elements. In
+ * the button-row/sequence helpers this is set by flex+gap */
+.button-row .ui.button {
+  margin-right: 0;
 }
-
-.ui.basic.red.buttons .button,
-.ui.basic.red.button {
-  color: var(--color-red);
-  border-color: var(--color-red);
-}
-
-.ui.basic.red.buttons .button:hover,
-.ui.basic.red.button:hover,
-.ui.basic.red.buttons .button:focus,
-.ui.basic.red.button:focus {
-  color: var(--color-red-dark-1);
-  border-color: var(--color-red-dark-1);
-}
-
-.ui.basic.red.buttons .button:active,
-.ui.basic.red.button:active {
-  color: var(--color-red-dark-2);
-  border-color: var(--color-red-dark-2);
-}
-
-/* orange */
-
-.ui.orange.labels .label,
-.ui.ui.ui.orange.label,
-.ui.orange.button,
-.ui.orange.buttons .button,
-.ui.orange.button:focus,
-.ui.orange.buttons .button:focus {
-  background: var(--color-orange);
-}
-
-.ui.orange.button:hover,
-.ui.orange.buttons .button:hover {
-  background: var(--color-orange-dark-1);
-}
-
-.ui.orange.button:active,
-.ui.orange.buttons .button:active {
-  background: var(--color-orange-dark-2);
-}
-
-.ui.basic.orange.buttons .button,
-.ui.basic.orange.button,
-.ui.basic.orange.buttons .button:focus,
-.ui.basic.orange.button:focus {
-  color: var(--color-orange);
-  border-color: var(--color-orange);
-}
-
-.ui.basic.orange.buttons .button:hover,
-.ui.basic.orange.button:hover {
-  color: var(--color-orange-dark-1);
-  border-color: var(--color-orange-dark-1);
-}
-
-.ui.basic.orange.buttons .button:active,
-.ui.basic.orange.button:active {
-  color: var(--color-orange-dark-2);
-  border-color: var(--color-orange-dark-2);
-}
-
-/* yellow */
-
-.ui.yellow.labels .label,
-.ui.ui.ui.yellow.label,
-.ui.yellow.button,
-.ui.yellow.buttons .button,
-.ui.yellow.button:focus,
-.ui.yellow.buttons .button:focus {
-  background: var(--color-yellow);
-}
-
-.ui.yellow.button:hover,
-.ui.yellow.buttons .button:hover {
-  background: var(--color-yellow-dark-1);
-}
-
-.ui.yellow.button:active,
-.ui.yellow.buttons .button:active {
-  background: var(--color-yellow-dark-2);
-}
-
-.ui.basic.yellow.buttons .button,
-.ui.basic.yellow.button,
-.ui.basic.yellow.buttons .button:focus,
-.ui.basic.yellow.button:focus {
-  color: var(--color-yellow);
-  border-color: var(--color-yellow);
-}
-
-.ui.basic.yellow.buttons .button:hover,
-.ui.basic.yellow.button:hover {
-  color: var(--color-yellow-dark-1);
-  border-color: var(--color-yellow-dark-1);
-}
-
-.ui.basic.yellow.buttons .button:active,
-.ui.basic.yellow.button:active {
-  color: var(--color-yellow-dark-2);
-  border-color: var(--color-yellow-dark-2);
-}
-
-/* green */
-
-.ui.green.labels .label,
-.ui.ui.ui.green.label,
-.ui.green.button,
-.ui.green.buttons .button,
-.ui.green.button:focus,
-.ui.green.buttons .button:focus {
-  background: var(--color-green);
-}
-
-.ui.green.button:hover,
-.ui.green.buttons .button:hover {
-  background: var(--color-green-dark-1);
-}
-
-.ui.green.button:active,
-.ui.green.buttons .button:active {
-  background: var(--color-green-dark-2);
-}
-
-.ui.basic.green.buttons .button,
-.ui.basic.green.button,
-.ui.basic.green.buttons .button:focus,
-.ui.basic.green.button:focus {
-  color: var(--color-green);
-  border-color: var(--color-green);
-}
-
-.ui.basic.green.buttons .button:hover,
-.ui.basic.green.button:hover {
-  color: var(--color-green-dark-1);
-  border-color: var(--color-green-dark-1);
-}
-
-.ui.basic.green.buttons .button:active,
-.ui.basic.green.button:active {
-  color: var(--color-green-dark-2);
-  border-color: var(--color-green-dark-2);
-}
-
-/* teal */
-
-.ui.teal.labels .label,
-.ui.ui.ui.teal.label,
-.ui.teal.button,
-.ui.teal.buttons .button,
-.ui.teal.button:focus,
-.ui.teal.buttons .button:focus {
-  background: var(--color-teal);
-}
-
-.ui.teal.button:hover,
-.ui.teal.buttons .button:hover {
-  background: var(--color-teal-dark-1);
-}
-
-.ui.teal.button:active,
-.ui.teal.buttons .button:active {
-  background: var(--color-teal-dark-2);
-}
-
-.ui.basic.teal.buttons .button,
-.ui.basic.teal.button,
-.ui.basic.teal.buttons .button:focus,
-.ui.basic.teal.button:focus {
-  color: var(--color-teal);
-  border-color: var(--color-teal);
-}
-
-.ui.basic.teal.buttons .button:hover,
-.ui.basic.teal.button:hover {
-  color: var(--color-teal-dark-1);
-  border-color: var(--color-teal-dark-1);
-}
-
-.ui.basic.teal.buttons .button:active,
-.ui.basic.teal.button:active {
-  color: var(--color-teal-dark-2);
-  border-color: var(--color-teal-dark-2);
-}
-
-/* purple */
-
-.ui.purple.labels .label,
-.ui.ui.ui.purple.label,
-.ui.purple.button,
-.ui.purple.buttons .button,
-.ui.purple.button:focus,
-.ui.purple.buttons .button:focus {
-  background: var(--color-purple);
-}
-
-.ui.purple.button:hover,
-.ui.purple.buttons .button:hover {
-  background: var(--color-purple-dark-1);
-}
-
-.ui.purple.button:active,
-.ui.purple.buttons .button:active {
-  background: var(--color-purple-dark-2);
-}
-
-.ui.basic.purple.buttons .button,
-.ui.basic.purple.button,
-.ui.basic.purple.buttons .button:focus,
-.ui.basic.purple.button:focus {
-  color: var(--color-purple);
-  border-color: var(--color-purple);
-}
-
-.ui.basic.purple.buttons .button:hover,
-.ui.basic.purple.button:hover {
-  color: var(--color-purple-dark-1);
-  border-color: var(--color-purple-dark-1);
-}
-
-.ui.basic.purple.buttons .button:active,
-.ui.basic.purple.button:active {
-  color: var(--color-purple-dark-2);
-  border-color: var(--color-purple-dark-2);
-}
-
-/* brown */
-
-.ui.brown.labels .label,
-.ui.ui.ui.brown.label,
-.ui.brown.button,
-.ui.brown.buttons .button,
-.ui.brown.button:focus,
-.ui.brown.buttons .button:focus {
-  background: var(--color-brown);
-}
-
-.ui.brown.button:hover,
-.ui.brown.buttons .button:hover {
-  background: var(--color-brown-dark-1);
-}
-
-.ui.brown.button:active,
-.ui.brown.buttons .button:active {
-  background: var(--color-brown-dark-2);
-}
-
-.ui.basic.brown.buttons .button,
-.ui.basic.brown.button,
-.ui.basic.brown.buttons .button:focus,
-.ui.basic.brown.button:focus {
-  color: var(--color-brown);
-  border-color: var(--color-brown);
-}
-
-.ui.basic.brown.buttons .button:hover,
-.ui.basic.brown.button:hover {
-  color: var(--color-brown-dark-1);
-  border-color: var(--color-brown-dark-1);
-}
-
-.ui.basic.brown.buttons .button:active,
-.ui.basic.brown.button:active {
-  color: var(--color-brown-dark-2);
-  border-color: var(--color-brown-dark-2);
-}
-
-/* negative */
-
-.ui.negative.buttons .button,
-.ui.negative.button,
-.ui.negative.buttons .button:focus,
-.ui.negative.button:focus {
-  background: var(--color-red);
-}
-
-.ui.negative.buttons .button:hover,
-.ui.negative.button:hover {
-  background: var(--color-red-dark-1);
-}
-
-.ui.negative.buttons .button:active,
-.ui.negative.button:active {
-  background: var(--color-red-dark-2);
-}
-
-.ui.basic.negative.buttons .button,
-.ui.basic.negative.button,
-.ui.basic.negative.buttons .button:focus,
-.ui.basic.negative.button:focus {
-  color: var(--color-red);
-  border-color: var(--color-red);
-}
-
-.ui.basic.negative.buttons .button:hover,
-.ui.basic.negative.button:hover {
-  color: var(--color-red-dark-1);
-  border-color: var(--color-red-dark-1);
-}
-
-.ui.basic.negative.buttons .button:active,
-.ui.basic.negative.button:active {
-  color: var(--color-red-dark-2);
-  border-color: var(--color-red-dark-2);
-}
-
-/* positive */
-
-.ui.positive.buttons .button,
-.ui.positive.button,
-.ui.positive.buttons .button:focus,
-.ui.positive.button:focus {
-  background: var(--color-green);
-}
-
-.ui.positive.buttons .button:hover,
-.ui.positive.button:hover {
-  background: var(--color-green-dark-1);
-}
-
-.ui.positive.buttons .button:active,
-.ui.positive.button:active {
-  background: var(--color-green-dark-2);
-}
-
-.ui.basic.positive.buttons .button,
-.ui.basic.positive.button,
-.ui.basic.positive.buttons .button:focus,
-.ui.basic.positive.button:focus {
-  color: var(--color-green);
-  border-color: var(--color-green);
-}
-
-.ui.basic.positive.buttons .button:hover,
-.ui.basic.positive.button:hover {
-  color: var(--color-green-dark-1);
-  border-color: var(--color-green-dark-1);
-}
-
-.ui.basic.positive.buttons .button:active,
-.ui.basic.positive.button:active {
-  color: var(--color-green-dark-2);
-  border-color: var(--color-green-dark-2);
+.button-sequence .ui.button {
+  margin: 0 !important;
 }
diff --git a/web_src/css/modules/dropdown.css b/web_src/css/modules/dropdown.css
index 7695adfbaa..bdc703f3a6 100644
--- a/web_src/css/modules/dropdown.css
+++ b/web_src/css/modules/dropdown.css
@@ -1,3 +1,6 @@
+/* Copyright 2025 The Forgejo Authors. All rights reserved.
+ * SPDX-License-Identifier: GPL-3.0-or-later */
+
 /* This is an implementation of a dropdown menu based on details HTML tag.
  * It is inspired by https://picocss.com/docs/dropdown.
  *
@@ -24,15 +27,22 @@ details.dropdown {
 details.dropdown > summary {
   /* Optional flex+gap in case summary contains multiple elements */
   display: flex;
-  gap: 0.75rem;
+  gap: 0.25rem;
   align-items: center;
-  /* Cancel some of default styling */
-  user-select: none;
-  list-style-type: none;
+  justify-content: center;
   /* Main visual properties */
-  border: 1px solid var(--color-light-border);
   border-radius: var(--border-radius);
   padding: 0.5rem;
+  /* Unset unwanted default properties */
+  user-select: none;
+  list-style-type: none;
+
+  &.border {
+    border: 1px solid var(--color-light-border);
+  }
+  &.options {
+    padding-inline: 0.75rem;
+  }
 }
 
 details.dropdown > summary:hover,
@@ -76,14 +86,33 @@ details.dropdown > summary + ul {
 details.dropdown > summary + ul > li {
   width: 100%;
   background: none;
-}
 
-details.dropdown > summary + ul > li:first-child {
-  border-radius: var(--border-radius) var(--border-radius) 0 0;
-}
+  > :is(a, button) {
+    padding: var(--dropdown-item-padding);
+    width: 100%;
+    display: flex;
+    gap: 0.75rem;
+    align-items: center;
+    color: var(--color-text);
+    /* Suppress underline - hover is indicated by background color */
+    text-decoration: none;
 
-details.dropdown > summary + ul > li:last-child {
-  border-radius: 0 0 var(--border-radius) var(--border-radius);
+    &.active {
+      background: var(--color-active);
+      font-weight: var(--font-weight-medium);
+    }
+  }
+  /* Cancel default styling of button elements */
+  > button {
+    background: none;
+  }
+
+  &:first-child {
+    border-radius: var(--border-radius) var(--border-radius) 0 0;
+  }
+  &:last-child {
+    border-radius: 0 0 var(--border-radius) var(--border-radius);
+  }
 }
 
 /* dir-auto option - switch the direction at a width point where most of layout changes occur. */
@@ -92,9 +121,9 @@ details.dropdown > summary + ul > li:last-child {
   details.dropdown.dir-auto > summary + ul {
     inset-inline: 0 auto;
     direction: rtl;
-  }
-  details.dropdown.dir-auto > summary + ul > li {
-    direction: ltr;
+    > li {
+      direction: ltr;
+    }
   }
 }
 /* Note: https://css-tricks.com/css-anchor-positioning-guide/
@@ -103,23 +132,7 @@ details.dropdown > summary + ul > li:last-child {
 details.dropdown.dir-rtl > summary + ul {
   inset-inline: 0 auto;
   direction: rtl;
-}
-details.dropdown.dir-rtl > summary + ul > li {
-  direction: ltr;
-}
-
-details.dropdown > summary + ul > li > .item {
-  padding: var(--dropdown-item-padding);
-  width: 100%;
-  display: flex;
-  gap: 0.75rem;
-  align-items: center;
-  color: var(--color-text);
-  /* Suppress underline - hover is indicated by background color */
-  text-decoration: none;
-}
-
-/* Cancel default styling of button elements */
-details.dropdown > summary + ul > li button {
-  background: none;
+  > li {
+    direction: ltr;
+  }
 }
diff --git a/web_src/css/modules/stats-bar.css b/web_src/css/modules/stats-bar.css
new file mode 100644
index 0000000000..73a66835d9
--- /dev/null
+++ b/web_src/css/modules/stats-bar.css
@@ -0,0 +1,130 @@
+/* Copyright 2025 The Forgejo Authors. All rights reserved.
+ * SPDX-License-Identifier: GPL-3.0-or-later */
+
+:root stats-bar {
+  --stats-bar-height: 0.75rem;
+}
+
+@media (pointer: coarse) {
+  :root stats-bar {
+    --stats-bar-height: 1rem;
+  }
+}
+
+/* General properties, can be reused by different kinds of stats bars */
+stats-bar {
+  display: flex !important;
+  height: var(--stats-bar-height);
+  width: 100%;
+  border-radius: var(--border-radius);
+
+  .slice {
+    display: inline-block;
+
+    &:first-child {
+      border-radius: var(--border-radius) 0 0 var(--border-radius);
+    }
+    &:last-child {
+      border-radius: 0 var(--border-radius) var(--border-radius) 0;
+    }
+    &:only-child {
+      border-radius: var(--border-radius);
+    }
+  }
+}
+
+/* Properties for stats bars with legend included via <details> */
+details.stats {
+  /* Summary and legend should be stacked vertically */
+  display: flex;
+  flex-direction: column;
+
+  /* Prevent opener marker from showing up */
+  summary {
+    display: flex;
+  }
+
+  /* Cancel unwanted <ul> properties of legend */
+  ul {
+    display: flex;
+    margin: 0;
+  }
+}
+
+/* Properties specific to the UI in storage overview */
+.size-overview .stats {
+  border-radius: var(--border-radius);
+
+  &:hover,
+  &[open] {
+    background-color: var(--color-box-body-highlight);
+    stats-bar {
+      background-color: var(--color-secondary-dark-3);
+    }
+  }
+
+  &[open] {
+    gap: 0.25rem;
+    background-color: var(--color-box-body-highlight);
+  }
+
+  summary {
+    flex-direction: column;
+    padding: 0.75rem;
+    gap: 1rem;
+
+    stats-bar {
+      /* Same as default background of `progress` */
+      background-color: var(--color-secondary-dark-1);
+    }
+  }
+
+  ul {
+    flex-direction: column;
+    gap: 0.5rem;
+    padding: 0.75rem;
+    padding-top: 0;
+
+    li {
+      display: flex;
+      align-items: center;
+      gap: 0.5rem;
+    }
+  }
+}
+
+/* Properties specific to the lang stats in repo overview */
+#language-stats {
+  stats-bar {
+    gap: 2px;
+    border-radius: 0 0 var(--border-radius) var(--border-radius);
+    overflow: hidden;
+    .slice {
+      border-radius: 0;
+    }
+  }
+  &[open] stats-bar {
+    border-radius: 0;
+  }
+
+  ul {
+    min-height: 2rem;
+    padding: 0 0.5rem;
+    flex-wrap: wrap;
+    justify-content: space-around;
+    gap: 0 1rem;
+
+    li {
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 0.25rem 0;
+      gap: 0.25em;
+
+      span {
+        font-weight: var(--font-weight-semibold);
+        text-wrap: nowrap;
+      }
+    }
+  }
+}
diff --git a/web_src/css/modules/switch.css b/web_src/css/modules/switch.css
index 6777c32fc8..e975c8991e 100644
--- a/web_src/css/modules/switch.css
+++ b/web_src/css/modules/switch.css
@@ -1,14 +1,15 @@
 /* Copyright 2025 The Forgejo Authors. All rights reserved.
-SPDX-License-Identifier: GPL-3.0-or-later */
+ * SPDX-License-Identifier: GPL-3.0-or-later */
 
 :root .switch {
-  --switch-padding-y: .5em;
-  --switch-padding-x: 1.125em;
+  /* The resulting switch height is --switch-item-min-height + 2px */
+  --switch-item-min-height: 34px;
+  --switch-padding-inline: 1.125em;
 }
 
 @media (pointer: coarse) {
   :root .switch {
-    --switch-padding-y: .75em;
+    --switch-item-min-height: 38px;
   }
 }
 
@@ -27,7 +28,8 @@ SPDX-License-Identifier: GPL-3.0-or-later */
   display: flex;
   gap: 0.5rem;
   align-items: center;
-  padding: var(--switch-padding-y) var(--switch-padding-x);
+  padding-inline: var(--switch-padding-inline);
+  min-height: var(--switch-item-min-height);
   color: var(--color-text);
   border-radius: var(--border-radius);
   text-wrap: nowrap;
@@ -42,16 +44,16 @@ SPDX-License-Identifier: GPL-3.0-or-later */
 there are no ugly unpainted v/^ shapes between them */
 .switch > .item:has(+ .active.item) { /* Active neighbor is next item */
   margin-right: calc(-1 * var(--border-radius));
-  padding-right: calc(var(--switch-padding-x) + var(--border-radius));
+  padding-right: calc(var(--switch-padding-inline) + var(--border-radius));
 }
 .switch > .active.item + .item { /* Active neighbor is previous item */
   margin-left: calc(-1 * var(--border-radius));
-  padding-left: calc(var(--switch-padding-x) + var(--border-radius));
+  padding-left: calc(var(--switch-padding-inline) + var(--border-radius));
 }
 
 .switch > .active.item {
   z-index: 2;
-  padding-left: var(--switch-padding-x);
+  padding-left: var(--switch-padding-inline);
   background: var(--color-active);
   outline: 1px solid var(--color-input-border);
 }
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index f9e886e770..3d47ffece1 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -140,6 +140,13 @@
   }
 }
 
+@media (max-width: 390px) {
+  .repository .clone-panel #repo-clone-url {
+    width: 0;
+    flex-grow: 1;
+  }
+}
+
 .repository .ui.action.input.clone-panel > button + button,
 .repository .ui.action.input.clone-panel > button + input {
   margin-left: -1px; /* make the borders overlap to avoid double borders */
@@ -1890,25 +1897,6 @@ details.repo-search-result summary::marker {
   font-weight: var(--font-weight-medium);
 }
 
-.repository .repository-summary #language-stats-bar {
-  display: flex;
-  gap: 2px;
-  padding: 0;
-  height: 10px;
-  white-space: nowrap;
-  border-top-left-radius: 0 !important;
-  border-top-right-radius: 0 !important;
-  overflow: hidden;
-}
-
-.size-overview .segment:has(> .bar) {
-  display: flex;
-  height: 10px;
-  padding: 0;
-  border-radius: 3px;
-  overflow: hidden;
-}
-
 #cite-repo-modal #citation-panel {
   display: flex;
   width: 100%;
@@ -2132,6 +2120,10 @@ details.repo-search-result summary::marker {
   gap: 4px;
 }
 
+.comment-header-left > .content-history-menu.active s {
+  text-decoration-thickness: 10%;
+}
+
 .comment-body {
   background: var(--color-box-body);
   border: none !important;
@@ -2141,17 +2133,6 @@ details.repo-search-result summary::marker {
   padding: 1em;
 }
 
-.edit-label.modal .form .column,
-.new-label.modal .form .column {
-  padding-right: 0;
-}
-
-.edit-label.modal .form .buttons,
-.new-label.modal .form .buttons {
-  margin-left: auto;
-  padding-top: 15px;
-}
-
 .stats-table {
   display: table;
   width: 100%;
diff --git a/web_src/css/repo/list-header.css b/web_src/css/repo/list-header.css
index 304cfbc13c..4440bba8df 100644
--- a/web_src/css/repo/list-header.css
+++ b/web_src/css/repo/list-header.css
@@ -25,25 +25,6 @@
   flex: 1;
 }
 
-.small-menu-items {
-  min-height: 35.4px !important; /* match .small.button in height */
-  background: none !important; /* fomantic sets a color here which does not play well with active transparent color on the item, so unset and set the colors on the item */
-}
-
-.small-menu-items .item {
-  background: var(--color-menu) !important;
-  padding-top: 6px !important;
-  padding-bottom: 6px !important;
-}
-
-.small-menu-items .item:hover {
-  background: var(--color-hover) !important;
-}
-
-.small-menu-items .item.active {
-  background: var(--color-active) !important;
-}
-
 @media (max-width: 767.98px) {
   .list-header-search {
     order: 0;
diff --git a/web_src/css/themes/theme-forgejo-dark.css b/web_src/css/themes/theme-forgejo-dark.css
index 94097497bf..66dfc65fa7 100644
--- a/web_src/css/themes/theme-forgejo-dark.css
+++ b/web_src/css/themes/theme-forgejo-dark.css
@@ -196,10 +196,15 @@
   --color-orange-badge: #ea580c;
   --color-orange-badge-bg: #ea580c22;
   --color-orange-badge-hover-bg: #ea580c44;
-  /* Icon colors (PR/Issue/...) */
-  --color-icon-green: #3fb950;
-  --color-icon-red: #f85149;
-  --color-icon-purple: #aa76ff;
+
+  /* Colors for thin elements: octicons, text, borders */
+  --color-chroma: 0.19;
+  --color-thin-lightness: 0.68;
+  --color-thin-green: oklch(var(--color-thin-lightness) var(--color-chroma) 145deg);
+  --color-thin-red: oklch(var(--color-thin-lightness) var(--color-chroma) 27deg);
+  --color-thin-purple: oklch(var(--color-thin-lightness) var(--color-chroma) 298deg);
+  --color-thin-orange: oklch(var(--color-thin-lightness) var(--color-chroma) 41deg);
+
   /* target-based colors */
   --color-body: var(--steel-800);
   --color-box-header: var(--steel-700);
diff --git a/web_src/css/themes/theme-forgejo-light.css b/web_src/css/themes/theme-forgejo-light.css
index 44b997b39c..b4ad8f1649 100644
--- a/web_src/css/themes/theme-forgejo-light.css
+++ b/web_src/css/themes/theme-forgejo-light.css
@@ -212,10 +212,6 @@
   --color-orange-badge: #ea580c;
   --color-orange-badge-bg: #ea580c22;
   --color-orange-badge-hover-bg: #ea580c44;
-  /* Icon colors (PR/Issue/...) */
-  --color-icon-green: var(--color-green-light);
-  --color-icon-red: var(--color-red-light);
-  --color-icon-purple: var(--color-purple-light);
   /* target-based colors */
   --color-body: #fff;
   --color-box-header: var(--zinc-100);
diff --git a/web_src/css/themes/theme-gitea-dark.css b/web_src/css/themes/theme-gitea-dark.css
index 84183a9e63..58e3a21f9a 100644
--- a/web_src/css/themes/theme-gitea-dark.css
+++ b/web_src/css/themes/theme-gitea-dark.css
@@ -179,10 +179,6 @@
   --color-orange-badge: #f2711c;
   --color-orange-badge-bg: #f2711c1a;
   --color-orange-badge-hover-bg: #f2711c4d;
-  /* Icon colors (PR/Issue/...) */
-  --color-icon-green: var(--color-green);
-  --color-icon-red: var(--color-red);
-  --color-icon-purple: var(--color-purple);
   /* target-based colors */
   --color-body: #1c1f25;
   --color-box-header: #1a1d1f;
diff --git a/web_src/css/themes/theme-gitea-light.css b/web_src/css/themes/theme-gitea-light.css
index aee47dc814..f889cac568 100644
--- a/web_src/css/themes/theme-gitea-light.css
+++ b/web_src/css/themes/theme-gitea-light.css
@@ -179,10 +179,6 @@
   --color-orange-badge: #f2711c;
   --color-orange-badge-bg: #f2711c1a;
   --color-orange-badge-hover-bg: #f2711c4d;
-  /* Icon colors (PR/Issue/...) */
-  --color-icon-green: var(--color-green);
-  --color-icon-red: var(--color-red);
-  --color-icon-purple: var(--color-purple);
   /* target-based colors */
   --color-body: #ffffff;
   --color-box-header: #f1f3f5;
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index 38dd617a53..f428511af7 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -132,16 +132,16 @@
       }
     },
     "node_modules/@octokit/core": {
-      "version": "7.0.4",
-      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.4.tgz",
-      "integrity": "sha512-jOT8V1Ba5BdC79sKrRWDdMT5l1R+XNHTPR6CPWzUP2EcfAcvIHZWF0eAbmRcpOOP5gVIwnqNg0C4nvh6Abc3OA==",
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.5.tgz",
+      "integrity": "sha512-t54CUOsFMappY1Jbzb7fetWeO0n6K0k/4+/ZpkS+3Joz8I4VcvY9OiEBFRYISqaI2fq5sCiPtAjRDOzVYG8m+Q==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
         "@octokit/auth-token": "^6.0.0",
-        "@octokit/graphql": "^9.0.1",
-        "@octokit/request": "^10.0.2",
-        "@octokit/request-error": "^7.0.0",
+        "@octokit/graphql": "^9.0.2",
+        "@octokit/request": "^10.0.4",
+        "@octokit/request-error": "^7.0.1",
         "@octokit/types": "^15.0.0",
         "before-after-hook": "^4.0.0",
         "universal-user-agent": "^7.0.0"
@@ -161,36 +161,19 @@
       }
     },
     "node_modules/@octokit/core/node_modules/@octokit/endpoint": {
-      "version": "11.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.0.tgz",
-      "integrity": "sha512-hoYicJZaqISMAI3JfaDr1qMNi48OctWuOih1m80bkYow/ayPw6Jj52tqWJ6GEoFTk1gBqfanSoI1iY99Z5+ekQ==",
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.1.tgz",
+      "integrity": "sha512-7P1dRAZxuWAOPI7kXfio88trNi/MegQ0IJD3vfgC3b+LZo1Qe6gRJc2v0mz2USWWJOKrB2h5spXCzGbw+fAdqA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/types": "^14.0.0",
+        "@octokit/types": "^15.0.0",
         "universal-user-agent": "^7.0.2"
       },
       "engines": {
         "node": ">= 20"
       }
     },
-    "node_modules/@octokit/core/node_modules/@octokit/endpoint/node_modules/@octokit/openapi-types": {
-      "version": "25.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.1.0.tgz",
-      "integrity": "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA==",
-      "license": "MIT",
-      "peer": true
-    },
-    "node_modules/@octokit/core/node_modules/@octokit/endpoint/node_modules/@octokit/types": {
-      "version": "14.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.1.0.tgz",
-      "integrity": "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g==",
-      "license": "MIT",
-      "peer": true,
-      "dependencies": {
-        "@octokit/openapi-types": "^25.1.0"
-      }
-    },
     "node_modules/@octokit/core/node_modules/@octokit/openapi-types": {
       "version": "26.0.0",
       "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
@@ -199,15 +182,15 @@
       "peer": true
     },
     "node_modules/@octokit/core/node_modules/@octokit/request": {
-      "version": "10.0.3",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.3.tgz",
-      "integrity": "sha512-V6jhKokg35vk098iBqp2FBKunk3kMTXlmq+PtbV9Gl3TfskWlebSofU9uunVKhUN7xl+0+i5vt0TGTG8/p/7HA==",
+      "version": "10.0.5",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.5.tgz",
+      "integrity": "sha512-TXnouHIYLtgDhKo+N6mXATnDBkV05VwbR0TtMWpgTHIoQdRQfCSzmy/LGqR1AbRMbijq/EckC/E3/ZNcU92NaQ==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/endpoint": "^11.0.0",
-        "@octokit/request-error": "^7.0.0",
-        "@octokit/types": "^14.0.0",
+        "@octokit/endpoint": "^11.0.1",
+        "@octokit/request-error": "^7.0.1",
+        "@octokit/types": "^15.0.0",
         "fast-content-type-parse": "^3.0.0",
         "universal-user-agent": "^7.0.2"
       },
@@ -216,52 +199,18 @@
       }
     },
     "node_modules/@octokit/core/node_modules/@octokit/request-error": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.0.tgz",
-      "integrity": "sha512-KRA7VTGdVyJlh0cP5Tf94hTiYVVqmt2f3I6mnimmaVz4UG3gQV/k4mDJlJv3X67iX6rmN7gSHCF8ssqeMnmhZg==",
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.1.tgz",
+      "integrity": "sha512-CZpFwV4+1uBrxu7Cw8E5NCXDWFNf18MSY23TdxCBgjw1tXXHvTrZVsXlW8hgFTOLw8RQR1BBrMvYRtuyaijHMA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/types": "^14.0.0"
+        "@octokit/types": "^15.0.0"
       },
       "engines": {
         "node": ">= 20"
       }
     },
-    "node_modules/@octokit/core/node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": {
-      "version": "25.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.1.0.tgz",
-      "integrity": "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA==",
-      "license": "MIT",
-      "peer": true
-    },
-    "node_modules/@octokit/core/node_modules/@octokit/request-error/node_modules/@octokit/types": {
-      "version": "14.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.1.0.tgz",
-      "integrity": "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g==",
-      "license": "MIT",
-      "peer": true,
-      "dependencies": {
-        "@octokit/openapi-types": "^25.1.0"
-      }
-    },
-    "node_modules/@octokit/core/node_modules/@octokit/request/node_modules/@octokit/openapi-types": {
-      "version": "25.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.1.0.tgz",
-      "integrity": "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA==",
-      "license": "MIT",
-      "peer": true
-    },
-    "node_modules/@octokit/core/node_modules/@octokit/request/node_modules/@octokit/types": {
-      "version": "14.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.1.0.tgz",
-      "integrity": "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g==",
-      "license": "MIT",
-      "peer": true,
-      "dependencies": {
-        "@octokit/openapi-types": "^25.1.0"
-      }
-    },
     "node_modules/@octokit/core/node_modules/@octokit/types": {
       "version": "15.0.0",
       "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
@@ -304,14 +253,14 @@
       "license": "ISC"
     },
     "node_modules/@octokit/graphql": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.1.tgz",
-      "integrity": "sha512-j1nQNU1ZxNFx2ZtKmL4sMrs4egy5h65OMDmSbVyuCzjOcwsHq6EaYjOTGXPQxgfiN8dJ4CriYHk6zF050WEULg==",
+      "version": "9.0.2",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.2.tgz",
+      "integrity": "sha512-iz6KzZ7u95Fzy9Nt2L8cG88lGRMr/qy1Q36ih/XVzMIlPDMYwaNLE/ENhqmIzgPrlNWiYJkwmveEetvxAgFBJw==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/request": "^10.0.2",
-        "@octokit/types": "^14.0.0",
+        "@octokit/request": "^10.0.4",
+        "@octokit/types": "^15.0.0",
         "universal-user-agent": "^7.0.0"
       },
       "engines": {
@@ -319,13 +268,13 @@
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/endpoint": {
-      "version": "11.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.0.tgz",
-      "integrity": "sha512-hoYicJZaqISMAI3JfaDr1qMNi48OctWuOih1m80bkYow/ayPw6Jj52tqWJ6GEoFTk1gBqfanSoI1iY99Z5+ekQ==",
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.1.tgz",
+      "integrity": "sha512-7P1dRAZxuWAOPI7kXfio88trNi/MegQ0IJD3vfgC3b+LZo1Qe6gRJc2v0mz2USWWJOKrB2h5spXCzGbw+fAdqA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/types": "^14.0.0",
+        "@octokit/types": "^15.0.0",
         "universal-user-agent": "^7.0.2"
       },
       "engines": {
@@ -333,22 +282,22 @@
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/openapi-types": {
-      "version": "25.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.1.0.tgz",
-      "integrity": "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA==",
+      "version": "26.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+      "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==",
       "license": "MIT",
       "peer": true
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/request": {
-      "version": "10.0.3",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.3.tgz",
-      "integrity": "sha512-V6jhKokg35vk098iBqp2FBKunk3kMTXlmq+PtbV9Gl3TfskWlebSofU9uunVKhUN7xl+0+i5vt0TGTG8/p/7HA==",
+      "version": "10.0.5",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.5.tgz",
+      "integrity": "sha512-TXnouHIYLtgDhKo+N6mXATnDBkV05VwbR0TtMWpgTHIoQdRQfCSzmy/LGqR1AbRMbijq/EckC/E3/ZNcU92NaQ==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/endpoint": "^11.0.0",
-        "@octokit/request-error": "^7.0.0",
-        "@octokit/types": "^14.0.0",
+        "@octokit/endpoint": "^11.0.1",
+        "@octokit/request-error": "^7.0.1",
+        "@octokit/types": "^15.0.0",
         "fast-content-type-parse": "^3.0.0",
         "universal-user-agent": "^7.0.2"
       },
@@ -357,26 +306,26 @@
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/request-error": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.0.tgz",
-      "integrity": "sha512-KRA7VTGdVyJlh0cP5Tf94hTiYVVqmt2f3I6mnimmaVz4UG3gQV/k4mDJlJv3X67iX6rmN7gSHCF8ssqeMnmhZg==",
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.1.tgz",
+      "integrity": "sha512-CZpFwV4+1uBrxu7Cw8E5NCXDWFNf18MSY23TdxCBgjw1tXXHvTrZVsXlW8hgFTOLw8RQR1BBrMvYRtuyaijHMA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/types": "^14.0.0"
+        "@octokit/types": "^15.0.0"
       },
       "engines": {
         "node": ">= 20"
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/types": {
-      "version": "14.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.1.0.tgz",
-      "integrity": "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g==",
+      "version": "15.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+      "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/openapi-types": "^25.1.0"
+        "@octokit/openapi-types": "^26.0.0"
       }
     },
     "node_modules/@octokit/graphql/node_modules/universal-user-agent": {
@@ -545,12 +494,12 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "24.5.2",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.2.tgz",
-      "integrity": "sha512-FYxk1I7wPv3K2XBaoyH2cTnocQEu8AOZ60hPbsyukMPLv5/5qr7V1i8PLHdl6Zf87I+xZXFvPCXYjiTFq+YSDQ==",
+      "version": "24.7.2",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.7.2.tgz",
+      "integrity": "sha512-/NbVmcGTP+lj5oa4yiYxxeBjRivKQ5Ns1eSZeB99ExsEQ6rX5XYU1Zy/gGxY/ilqtD4Etx9mKyrPxZRetiahhA==",
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~7.12.0"
+        "undici-types": "~7.14.0"
       }
     },
     "node_modules/@types/vinyl": {
@@ -1081,9 +1030,9 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.8.6",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.6.tgz",
-      "integrity": "sha512-wrH5NNqren/QMtKUEEJf7z86YjfqW/2uw3IL3/xpqZUC95SSVIFXYQeeGjL6FT/X68IROu6RMehZQS5foy2BXw==",
+      "version": "2.8.16",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.16.tgz",
+      "integrity": "sha512-OMu3BGQ4E7P1ErFsIPpbJh0qvDudM/UuJeHgkAvfWe+0HFJCXh+t/l8L6fVLR55RI/UbKrVLnAXZSVwd9ysWYw==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.js"
@@ -1177,9 +1126,9 @@
       }
     },
     "node_modules/browserslist": {
-      "version": "4.26.2",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.26.2.tgz",
-      "integrity": "sha512-ECFzp6uFOSB+dcZ5BK/IBaGWssbSYBHvuMeMt3MMFyhI0Z8SqGgEkBLARgpRH3hutIgPVsALcMwbDrJqPxQ65A==",
+      "version": "4.26.3",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.26.3.tgz",
+      "integrity": "sha512-lAUU+02RFBuCKQPj/P6NgjlbCnLBMp4UtgTx7vNHd3XSIJF87s9a5rA3aH2yw3GS9DqZAUbOtZdCCiZeVRqt0w==",
       "funding": [
         {
           "type": "opencollective",
@@ -1196,9 +1145,9 @@
       ],
       "license": "MIT",
       "dependencies": {
-        "baseline-browser-mapping": "^2.8.3",
-        "caniuse-lite": "^1.0.30001741",
-        "electron-to-chromium": "^1.5.218",
+        "baseline-browser-mapping": "^2.8.9",
+        "caniuse-lite": "^1.0.30001746",
+        "electron-to-chromium": "^1.5.227",
         "node-releases": "^2.0.21",
         "update-browserslist-db": "^1.1.3"
       },
@@ -1310,9 +1259,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001743",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001743.tgz",
-      "integrity": "sha512-e6Ojr7RV14Un7dz6ASD0aZDmQPT/A+eZU+nuTNfjqmRrmkmQlnTNWH0SKmqagx9PeW87UVqapSurtAXifmtdmw==",
+      "version": "1.0.30001750",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001750.tgz",
+      "integrity": "sha512-cuom0g5sdX6rw00qOoLNSFCJ9/mYIsuSOA+yzpDw8eopiFqcVwQvZHqov0vmEighRxX++cfC0Vg1G+1Iy/mSpQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -2054,9 +2003,9 @@
       }
     },
     "node_modules/editorconfig/node_modules/semver": {
-      "version": "7.7.2",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
-      "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
+      "version": "7.7.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
+      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==",
       "license": "ISC",
       "bin": {
         "semver": "bin/semver.js"
@@ -2066,9 +2015,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.222",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.222.tgz",
-      "integrity": "sha512-gA7psSwSwQRE60CEoLz6JBCQPIxNeuzB2nL8vE03GK/OHxlvykbLyeiumQy1iH5C2f3YbRAZpGCMT12a/9ih9w==",
+      "version": "1.5.234",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.234.tgz",
+      "integrity": "sha512-RXfEp2x+VRYn8jbKfQlRImzoJU01kyDvVPBmG39eU2iuRVhuS6vQNocB8J0/8GrIMLnPzgz4eW6WiRnJkTuNWg==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -6038,9 +5987,9 @@
       }
     },
     "node_modules/node-releases": {
-      "version": "2.0.21",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.21.tgz",
-      "integrity": "sha512-5b0pgg78U3hwXkCM8Z9b2FJdPZlr9Psr9V2gQPESdGHqbntyFJKFW4r5TeWGFzafGY3hzs1JC62VEQMbl1JFkw==",
+      "version": "2.0.23",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.23.tgz",
+      "integrity": "sha512-cCmFDMSm26S6tQSDpBCg/NR8NENrVPhAJSf+XbxBG4rPFaaonlEoE9wHQmun+cls499TQGSb7ZyPBRlzgKfpeg==",
       "license": "MIT"
     },
     "node_modules/node.extend": {
@@ -8287,9 +8236,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "7.12.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.12.0.tgz",
-      "integrity": "sha512-goOacqME2GYyOZZfb5Lgtu+1IDmAlAEu5xnD3+xTzS10hT0vzpf0SPjkXwAw9Jm+4n/mQGDP3LO8CPbYROeBfQ==",
+      "version": "7.14.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.14.0.tgz",
+      "integrity": "sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA==",
       "license": "MIT"
     },
     "node_modules/union-value": {
diff --git a/web_src/js/components/DashboardRepoList.vue b/web_src/js/components/DashboardRepoList.vue
index e8c1b76a7f..7debf6240e 100644
--- a/web_src/js/components/DashboardRepoList.vue
+++ b/web_src/js/components/DashboardRepoList.vue
@@ -1,5 +1,4 @@
 <script>
-import {createApp} from 'vue';
 import $ from 'jquery';
 import {SvgIcon} from '../svg.js';
 import {GET} from '../modules/fetch.js';
@@ -15,7 +14,7 @@ const commitStatus = {
   warning: {name: 'gitea-exclamation', color: 'yellow'},
 };
 
-const sfc = {
+export default {
   components: {SvgIcon},
   data() {
     const params = new URLSearchParams(window.location.search);
@@ -323,15 +322,6 @@ const sfc = {
     },
   },
 };
-
-export function initDashboardRepoList() {
-  const el = document.getElementById('dashboard-repo-list');
-  if (el) {
-    createApp(sfc).mount(el);
-  }
-}
-
-export default sfc; // activate the IDE's Vue plugin
 </script>
 <template>
   <div>
diff --git a/web_src/js/components/DiffCommitSelector.vue b/web_src/js/components/DiffCommitSelector.vue
index 668c4cfe17..bf388de5c4 100644
--- a/web_src/js/components/DiffCommitSelector.vue
+++ b/web_src/js/components/DiffCommitSelector.vue
@@ -247,7 +247,6 @@ export default {
             <div class="gt-ellipsis text light-2">
               {{ commit.committer_or_author_name }}
               <span class="text right">
-                <!-- TODO: make this respect the PreferredTimestampTense setting -->
                 <relative-time prefix="" :datetime="commit.time" data-tooltip-content data-tooltip-interactive="true">{{ commit.time }}</relative-time>
               </span>
             </div>
diff --git a/web_src/js/components/RepoActionView.test.js b/web_src/js/components/RepoActionView.test.js
index c304e1915d..313732cc61 100644
--- a/web_src/js/components/RepoActionView.test.js
+++ b/web_src/js/components/RepoActionView.test.js
@@ -17,6 +17,7 @@ const testLocale = {
   runAttemptLabel: 'Run attempt %[1]s %[2]s',
   viewingOutOfDateRun: 'oh no, out of date since %[1]s give or take or so',
   viewMostRecentRun: '',
+  preExecutionError: 'pre-execution error',
   status: {
     unknown: '',
     waiting: '',
@@ -53,6 +54,18 @@ const minimalInitialJobData = {
 const minimalInitialArtifactData = {
   artifacts: [],
 };
+const defaultTestProps = {
+  actionsURL: 'https://example.com/example-org/example-repo/actions',
+  jobIndex: '1',
+  attemptNumber: '1',
+  runIndex: '10',
+  runID: '1001',
+  initialJobData: minimalInitialJobData,
+  initialArtifactData: minimalInitialArtifactData,
+  locale: testLocale,
+  workflowName: 'workflow name',
+  workflowURL: 'https://example.com/example-org/example-repo/actions?workflow=test.yml',
+};
 
 test('processes ##[group] and ##[endgroup]', async () => {
   Object.defineProperty(document.documentElement, 'lang', {value: 'en'});
@@ -105,13 +118,7 @@ test('processes ##[group] and ##[endgroup]', async () => {
   });
 
   const wrapper = mount(RepoActionView, {
-    props: {
-      jobIndex: '1',
-      attemptNumber: '1',
-      initialJobData: minimalInitialJobData,
-      initialArtifactData: minimalInitialArtifactData,
-      locale: testLocale,
-    },
+    props: defaultTestProps,
   });
   await flushPromises();
   await wrapper.get('.job-step-summary').trigger('click');
@@ -208,15 +215,7 @@ test('load multiple steps on a finished action', async () => {
   });
 
   const wrapper = mount(RepoActionView, {
-    props: {
-      actionsURL: 'https://example.com/example-org/example-repo/actions',
-      initialJobData: minimalInitialJobData,
-      initialArtifactData: minimalInitialArtifactData,
-      runIndex: '1',
-      jobIndex: '2',
-      attemptNumber: '1',
-      locale: testLocale,
-    },
+    props: defaultTestProps,
   });
   wrapper.vm.loadJob(); // simulate intermittent reload immediately so UI switches from minimalInitialJobData to the mock data from the test's fetch spy.
   await flushPromises();
@@ -288,13 +287,11 @@ function configureForMultipleAttemptTests({viewHistorical}) {
 
   const wrapper = mount(RepoActionView, {
     props: {
+      ...defaultTestProps,
       runIndex: '123',
-      jobIndex: '1',
       attemptNumber: viewHistorical ? '1' : '2',
       actionsURL: toAbsoluteUrl('/user1/repo2/actions'),
       initialJobData: {...minimalInitialJobData, state: myJobState},
-      initialArtifactData: minimalInitialArtifactData,
-      locale: testLocale,
     },
   });
   return wrapper;
@@ -465,16 +462,7 @@ test('artifacts download links', async () => {
   });
 
   const wrapper = mount(RepoActionView, {
-    props: {
-      actionsURL: 'https://example.com/example-org/example-repo/actions',
-      initialJobData: minimalInitialJobData,
-      initialArtifactData: minimalInitialArtifactData,
-      runIndex: '10',
-      runID: '1001',
-      jobIndex: '2',
-      attemptNumber: '1',
-      locale: testLocale,
-    },
+    props: defaultTestProps,
   });
   wrapper.vm.loadJob(); // simulate intermittent reload immediately so UI switches from minimalInitialJobData to the mock data from the test's fetch spy.
   await flushPromises();
@@ -501,11 +489,8 @@ test('initial load schedules refresh when job is not done', async () => {
     doneInitialJobData.state.run.done = true;
     const wrapper = mount(RepoActionView, {
       props: {
-        jobIndex: '1',
-        attemptNumber: '1',
+        ...defaultTestProps,
         initialJobData: doneInitialJobData,
-        initialArtifactData: minimalInitialArtifactData,
-        locale: testLocale,
       },
     });
     await flushPromises();
@@ -520,13 +505,7 @@ test('initial load schedules refresh when job is not done', async () => {
     const runningInitialJobData = structuredClone(minimalInitialJobData);
     runningInitialJobData.state.run.done = false;
     const wrapper = mount(RepoActionView, {
-      props: {
-        jobIndex: '1',
-        attemptNumber: '1',
-        initialJobData: runningInitialJobData,
-        initialArtifactData: minimalInitialArtifactData,
-        locale: testLocale,
-      },
+      props: defaultTestProps,
     });
     await flushPromises();
     const container = wrapper.find('.action-view-container');
@@ -548,13 +527,7 @@ test('initial load data is used without calling fetch()', async () => {
   });
 
   mount(RepoActionView, {
-    props: {
-      jobIndex: '1',
-      attemptNumber: '1',
-      initialJobData: minimalInitialJobData,
-      initialArtifactData: minimalInitialArtifactData,
-      locale: testLocale,
-    },
+    props: defaultTestProps,
   });
   await flushPromises();
   expect(fetchSpy).not.toHaveBeenCalled();
@@ -564,11 +537,7 @@ test('view non-picked action run job', async () => {
   Object.defineProperty(document.documentElement, 'lang', {value: 'en'});
   const wrapper = mount(RepoActionView, {
     props: {
-      actionsURL: 'https://example.com/example-org/example-repo/actions',
-      runIndex: '10',
-      runID: '1001',
-      jobIndex: '2',
-      attemptNumber: '1',
+      ...defaultTestProps,
       initialJobData: {
         ...minimalInitialJobData,
         // Definitions here should match the same type of content as the related backend test,
@@ -613,8 +582,6 @@ test('view non-picked action run job', async () => {
           },
         },
       },
-      initialArtifactData: minimalInitialArtifactData,
-      locale: testLocale,
     },
   });
   await flushPromises();
@@ -624,3 +591,35 @@ test('view non-picked action run job', async () => {
   expect(wrapper.get('.job-brief-list .job-brief-item:nth-of-type(2) .job-brief-name').text()).toEqual('check-2');
   expect(wrapper.get('.job-brief-list .job-brief-item:nth-of-type(3) .job-brief-name').text()).toEqual('check-3');
 });
+
+test('view without pre-execution error', async () => {
+  Object.defineProperty(document.documentElement, 'lang', {value: 'en'});
+  const wrapper = mount(RepoActionView, {
+    props: defaultTestProps,
+  });
+  await flushPromises();
+  expect(wrapper.find('.pre-execution-error').exists()).toBe(false);
+});
+
+test('view with pre-execution error', async () => {
+  Object.defineProperty(document.documentElement, 'lang', {value: 'en'});
+  const wrapper = mount(RepoActionView, {
+    props: {
+      ...defaultTestProps,
+      initialJobData: {
+        ...minimalInitialJobData,
+        state: {
+          ...minimalInitialJobData.state,
+          run: {
+            ...minimalInitialJobData.state.run,
+            preExecutionError: 'Oops, I dropped it.',
+          },
+        },
+      },
+    },
+  });
+  await flushPromises();
+  const block = wrapper.find('.pre-execution-error');
+  expect(block.exists()).toBe(true);
+  expect(block.text()).toBe('pre-execution error Oops, I dropped it.');
+});
diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index 24bc32e348..626eeaab04 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -1,29 +1,58 @@
 <script>
 import {SvgIcon} from '../svg.js';
 import ActionRunStatus from './ActionRunStatus.vue';
-import {createApp} from 'vue';
 import {toggleElem} from '../utils/dom.js';
 import {formatDatetime} from '../utils/time.js';
 import {renderAnsi} from '../render/ansi.js';
 import {GET, POST, DELETE} from '../modules/fetch.js';
 
-const sfc = {
+export default {
   name: 'RepoActionView',
   components: {
     SvgIcon,
     ActionRunStatus,
   },
   props: {
-    initialJobData: Object,
-    initialArtifactData: Object,
-    runIndex: String,
-    runID: String,
-    jobIndex: String,
-    attemptNumber: String,
-    actionsURL: String,
-    workflowName: String,
-    workflowURL: String,
-    locale: Object,
+    initialJobData: {
+      type: Object,
+      required: true,
+    },
+    initialArtifactData: {
+      type: Object,
+      required: true,
+    },
+    runIndex: {
+      type: String,
+      required: true,
+    },
+    runID: {
+      type: String,
+      required: true,
+    },
+    jobIndex: {
+      type: String,
+      required: true,
+    },
+    attemptNumber: {
+      type: String,
+      required: true,
+    },
+    actionsURL: {
+      type: String,
+      required: true,
+    },
+    workflowName: {
+      type: String,
+      required: true,
+    },
+    workflowURL: {
+      type: String,
+      required: true,
+    },
+    locale: {
+      type: Object,
+      required: true,
+    },
   },
 
   data() {
@@ -52,6 +81,7 @@ const sfc = {
         canApprove: false,
         canRerun: false,
         done: false,
+        preExecutionError: '',
         jobs: [
           // {
           //   id: 0,
@@ -97,30 +127,6 @@ const sfc = {
     };
   },
 
-  async mounted() {
-    // Need to await first loadJob so this.currentJobStepsStates is initialized and can be used in hashChangeListener,
-    // but with the initializing data being passed in this should end up as a synchronous invocation.  loadJob is
-    // responsible for setting up its refresh interval during this first invocation.
-    await this.loadJob({initialJobData: this.initialJobData, initialArtifactData: this.initialArtifactData});
-    document.body.addEventListener('click', this.closeDropdown);
-    this.hashChangeListener();
-    window.addEventListener('hashchange', this.hashChangeListener);
-  },
-
-  beforeUnmount() {
-    document.body.removeEventListener('click', this.closeDropdown);
-    window.removeEventListener('hashchange', this.hashChangeListener);
-  },
-
-  unmounted() {
-    // clear the interval timer when the component is unmounted
-    // even our page is rendered once, not spa style
-    if (this.intervalID) {
-      clearInterval(this.intervalID);
-      this.intervalID = null;
-    }
-  },
-
   computed: {
     shouldShowAttemptDropdown() {
       return this.initialLoadComplete && this.currentJob.allAttempts && this.currentJob.allAttempts.length > 1;
@@ -176,6 +182,30 @@ const sfc = {
     },
   },
 
+  async mounted() {
+    // Need to await first loadJob so this.currentJobStepsStates is initialized and can be used in hashChangeListener,
+    // but with the initializing data being passed in this should end up as a synchronous invocation.  loadJob is
+    // responsible for setting up its refresh interval during this first invocation.
+    await this.loadJob({initialJobData: this.initialJobData, initialArtifactData: this.initialArtifactData});
+    document.body.addEventListener('click', this.closeDropdown);
+    this.hashChangeListener();
+    window.addEventListener('hashchange', this.hashChangeListener);
+  },
+
+  beforeUnmount() {
+    document.body.removeEventListener('click', this.closeDropdown);
+    window.removeEventListener('hashchange', this.hashChangeListener);
+  },
+
+  unmounted() {
+    // clear the interval timer when the component is unmounted
+    // even our page is rendered once, not spa style
+    if (this.intervalID) {
+      clearInterval(this.intervalID);
+      this.intervalID = null;
+    }
+  },
+
   methods: {
     // show/hide the step logs for a step
     toggleStepLogs(idx) {
@@ -485,60 +515,6 @@ const sfc = {
     },
   },
 };
-
-export default sfc;
-
-export function initRepositoryActionView() {
-  const el = document.getElementById('repo-action-view');
-  if (!el) return;
-
-  // TODO: the parent element's full height doesn't work well now,
-  // but we can not pollute the global style at the moment, only fix the height problem for pages with this component
-  const parentFullHeight = document.querySelector('body > div.full.height');
-  if (parentFullHeight) parentFullHeight.style.paddingBottom = '0';
-
-  const initialJobData = JSON.parse(el.getAttribute('data-initial-post-response'));
-  const initialArtifactData = JSON.parse(el.getAttribute('data-initial-artifacts-response'));
-
-  const view = createApp(sfc, {
-    initialJobData,
-    initialArtifactData,
-    runIndex: el.getAttribute('data-run-index'),
-    runID: el.getAttribute('data-run-id'),
-    jobIndex: el.getAttribute('data-job-index'),
-    attemptNumber: el.getAttribute('data-attempt-number'),
-    actionsURL: el.getAttribute('data-actions-url'),
-    workflowName: el.getAttribute('data-workflow-name'),
-    workflowURL: el.getAttribute('data-workflow-url'),
-    locale: {
-      approve: el.getAttribute('data-locale-approve'),
-      cancel: el.getAttribute('data-locale-cancel'),
-      rerun: el.getAttribute('data-locale-rerun'),
-      artifactsTitle: el.getAttribute('data-locale-artifacts-title'),
-      areYouSure: el.getAttribute('data-locale-are-you-sure'),
-      confirmDeleteArtifact: el.getAttribute('data-locale-confirm-delete-artifact'),
-      rerun_all: el.getAttribute('data-locale-rerun-all'),
-      showTimeStamps: el.getAttribute('data-locale-show-timestamps'),
-      showLogSeconds: el.getAttribute('data-locale-show-log-seconds'),
-      showFullScreen: el.getAttribute('data-locale-show-full-screen'),
-      downloadLogs: el.getAttribute('data-locale-download-logs'),
-      runAttemptLabel: el.getAttribute('data-locale-run-attempt-label'),
-      viewingOutOfDateRun: el.getAttribute('data-locale-viewing-out-of-date-run'),
-      viewMostRecentRun: el.getAttribute('data-locale-view-most-recent-run'),
-      status: {
-        unknown: el.getAttribute('data-locale-status-unknown'),
-        waiting: el.getAttribute('data-locale-status-waiting'),
-        running: el.getAttribute('data-locale-status-running'),
-        success: el.getAttribute('data-locale-status-success'),
-        failure: el.getAttribute('data-locale-status-failure'),
-        cancelled: el.getAttribute('data-locale-status-cancelled'),
-        skipped: el.getAttribute('data-locale-status-skipped'),
-        blocked: el.getAttribute('data-locale-status-blocked'),
-      },
-    },
-  });
-  view.mount(el);
-}
 </script>
 <template>
   <div class="ui container fluid padded action-view-container" :class="{ 'interval-pending': intervalID }">
@@ -582,6 +558,12 @@ export function initRepositoryActionView() {
         {{ run.commit.localeWorkflow }}
         <a class="muted" :href="workflowURL">{{ workflowName }}</a>
       </div>
+      <div class="ui error message pre-execution-error" v-if="run.preExecutionError">
+        <div class="header">
+          {{ locale.preExecutionError }}
+        </div>
+        {{ run.preExecutionError }}
+      </div>
     </div>
     <div class="action-view-body">
       <div class="action-view-left" v-if="displayOtherJobs">
@@ -1061,6 +1043,7 @@ export function initRepositoryActionView() {
   white-space: break-spaces;
   margin-left: 10px;
   overflow-wrap: anywhere;
+  color: var(--color-console-fg);
 }
 
 /* selectors here are intentionally exact to only match fullscreen */
diff --git a/web_src/js/components/RepoActivityTopAuthors.vue b/web_src/js/components/RepoActivityTopAuthors.vue
index 3752bc582b..22c0b9bdb3 100644
--- a/web_src/js/components/RepoActivityTopAuthors.vue
+++ b/web_src/js/components/RepoActivityTopAuthors.vue
@@ -8,7 +8,6 @@ import {
   LinearScale,
 } from 'chart.js';
 import {chartJsColors} from '../utils/color.js';
-import {createApp} from 'vue';
 
 Chart.defaults.color = chartJsColors.text;
 Chart.defaults.borderColor = chartJsColors.border;
@@ -20,7 +19,7 @@ Chart.register(
   Tooltip,
 );
 
-const sfc = {
+export default {
   components: {Bar},
   props: {
     locale: {
@@ -42,53 +41,6 @@ const sfc = {
     activityTopAuthors: window.config.pageData.repoActivityTopAuthors || [],
     i18nCommitActivity: this,
   }),
-  methods: {
-    graphPoints() {
-      return {
-        datasets: [{
-          label: this.locale.commitActivity,
-          data: this.activityTopAuthors.map((item) => item.commits),
-          backgroundColor: this.colors.barColor,
-          barThickness: 40,
-          borderWidth: 0,
-          tension: 0.3,
-        }],
-        labels: this.activityTopAuthors.map((item) => item.name),
-      };
-    },
-    getOptions() {
-      return {
-        responsive: true,
-        maintainAspectRatio: false,
-        animation: true,
-        scales: {
-          x: {
-            type: 'category',
-            grid: {
-              display: false,
-            },
-            ticks: {
-              // Disable the drawing of the labels on the x-asis and force them all
-              // of them to be 'shown', this avoids them being internally skipped
-              // for some data points. We rely on the internally generated ticks
-              // to know where to draw our own ticks. Set rotation to 90 degree
-              // and disable autoSkip. autoSkip is disabled to ensure no ticks are
-              // skipped and rotation is set to avoid messing with the width of the chart.
-              color: 'transparent',
-              minRotation: 90,
-              maxRotation: 90,
-              autoSkip: false,
-            },
-          },
-          y: {
-            ticks: {
-              stepSize: 1,
-            },
-          },
-        },
-      };
-    },
-  },
   mounted() {
     const refStyle = window.getComputedStyle(this.$refs.style);
     this.colors.barColor = refStyle.backgroundColor;
@@ -141,20 +93,54 @@ const sfc = {
       },
     });
   },
+  methods: {
+    graphPoints() {
+      return {
+        datasets: [{
+          label: this.locale.commitActivity,
+          data: this.activityTopAuthors.map((item) => item.commits),
+          backgroundColor: this.colors.barColor,
+          barThickness: 40,
+          borderWidth: 0,
+          tension: 0.3,
+        }],
+        labels: this.activityTopAuthors.map((item) => item.name),
+      };
+    },
+    getOptions() {
+      return {
+        responsive: true,
+        maintainAspectRatio: false,
+        animation: true,
+        scales: {
+          x: {
+            type: 'category',
+            grid: {
+              display: false,
+            },
+            ticks: {
+              // Disable the drawing of the labels on the x-asis and force them all
+              // of them to be 'shown', this avoids them being internally skipped
+              // for some data points. We rely on the internally generated ticks
+              // to know where to draw our own ticks. Set rotation to 90 degree
+              // and disable autoSkip. autoSkip is disabled to ensure no ticks are
+              // skipped and rotation is set to avoid messing with the width of the chart.
+              color: 'transparent',
+              minRotation: 90,
+              maxRotation: 90,
+              autoSkip: false,
+            },
+          },
+          y: {
+            ticks: {
+              stepSize: 1,
+            },
+          },
+        },
+      };
+    },
+  },
 };
-
-export function initRepoActivityTopAuthorsChart() {
-  const el = document.getElementById('repo-activity-top-authors-chart');
-  if (el) {
-    createApp(sfc, {
-      locale: {
-        commitActivity: el.getAttribute('data-locale-commit-activity'),
-      },
-    }).mount(el);
-  }
-}
-
-export default sfc; // activate the IDE's Vue plugin
 </script>
 <template>
   <div>
diff --git a/web_src/js/components/RepoBranchTagSelector.vue b/web_src/js/components/RepoBranchTagSelector.vue
index 81b1244328..b921dfcac4 100644
--- a/web_src/js/components/RepoBranchTagSelector.vue
+++ b/web_src/js/components/RepoBranchTagSelector.vue
@@ -1,26 +1,25 @@
 <script>
-import {createApp, nextTick} from 'vue';
+import {nextTick} from 'vue';
 import $ from 'jquery';
 import {SvgIcon} from '../svg.js';
 import {pathEscapeSegments} from '../utils/url.js';
 import {showErrorToast} from '../modules/toast.js';
 import {GET} from '../modules/fetch.js';
 
-const sfc = {
+export default {
   components: {SvgIcon},
 
   // no `data()`, at the moment, the `data()` is provided by the init code, which is not ideal and should be fixed in the future
 
   computed: {
+    active() {
+      return !this.filteredItems.length && this.showCreateNewBranch ? 0 : -1;
+    },
     filteredItems() {
-      const items = this.items.filter((item) => {
+      return this.items.filter((item) => {
         return ((this.mode === 'branches' && item.branch) || (this.mode === 'tags' && item.tag)) &&
           (!this.searchTerm || item.name.toLowerCase().includes(this.searchTerm.toLowerCase()));
       });
-
-      // TODO: fix this anti-pattern: side-effects-in-computed-properties
-      this.active = !items.length && this.showCreateNewBranch ? 0 : -1;
-      return items;
     },
     showNoResults() {
       return !this.filteredItems.length && !this.showCreateNewBranch;
@@ -213,37 +212,6 @@ const sfc = {
     },
   },
 };
-
-export function initRepoBranchTagSelector(selector) {
-  for (const [elIndex, elRoot] of document.querySelectorAll(selector).entries()) {
-    const data = {
-      csrfToken: window.config.csrfToken,
-      items: [],
-      searchTerm: '',
-      refNameText: '',
-      menuVisible: false,
-      release: null,
-
-      isViewTag: false,
-      isViewBranch: false,
-      isViewTree: false,
-
-      active: 0,
-      isLoading: false,
-      // This means whether branch list/tag list has initialized
-      hasListInitialized: {
-        'branches': false,
-        'tags': false,
-      },
-      ...window.config.pageData.branchDropdownDataList[elIndex],
-    };
-
-    const comp = {...sfc, data() { return data }};
-    createApp(comp).mount(elRoot);
-  }
-}
-
-export default sfc; // activate IDE's Vue plugin
 </script>
 <template>
   <div class="ui dropdown custom">
diff --git a/web_src/js/components/ScopedAccessTokenSelector.vue b/web_src/js/components/ScopedAccessTokenSelector.vue
index 925e531c6b..fe79032aa9 100644
--- a/web_src/js/components/ScopedAccessTokenSelector.vue
+++ b/web_src/js/components/ScopedAccessTokenSelector.vue
@@ -1,8 +1,7 @@
 <script>
-import {createApp} from 'vue';
 import {hideElem, showElem} from '../utils/dom.js';
 
-const sfc = {
+export default {
   props: {
     isAdmin: {
       type: Boolean,
@@ -52,6 +51,13 @@ const sfc = {
 
   methods: {
     onClickSubmit(e) {
+      const form = document.getElementById('scoped-access-form');
+      if (!form.checkValidity()) {
+        // some required inputs are not filled
+        return;
+      }
+
+      // prevent after validity-check to get native-required-popup
       e.preventDefault();
 
       const warningEl = document.getElementById('scoped-access-warning');
@@ -61,7 +67,7 @@ const sfc = {
           // Hide the error if it was visible from previous attempt.
           hideElem(warningEl);
           // Submit the form.
-          document.getElementById('scoped-access-form').submit();
+          form.submit();
           // Don't show the warning.
           return;
         }
@@ -71,23 +77,6 @@ const sfc = {
     },
   },
 };
-
-export default sfc;
-
-/**
- * Initialize category toggle sections
- */
-export function initScopedAccessTokenCategories() {
-  for (const el of document.getElementsByClassName('scoped-access-token')) {
-    createApp(sfc, {
-      isAdmin: el.getAttribute('data-is-admin') === 'true',
-      noAccessLabel: el.getAttribute('data-no-access-label'),
-      readLabel: el.getAttribute('data-read-label'),
-      writeLabel: el.getAttribute('data-write-label'),
-    }).mount(el);
-  }
-}
-
 </script>
 <template>
   <div v-for="category in categories" :key="category" class="field tw-pl-1 tw-pb-1 access-token-category">
diff --git a/web_src/js/features/admin/common.js b/web_src/js/features/admin/common.js
index 76cf4e57f7..b3b11bb061 100644
--- a/web_src/js/features/admin/common.js
+++ b/web_src/js/features/admin/common.js
@@ -2,6 +2,7 @@ import $ from 'jquery';
 import {checkAppUrl} from '../common-global.js';
 import {hideElem, showElem, toggleElem} from '../../utils/dom.js';
 import {POST} from '../../modules/fetch.js';
+import {showModal} from '../../modules/modal.ts';
 
 const {appSubUrl} = window.config;
 
@@ -216,7 +217,7 @@ export function initAdminCommon() {
     $('.view-detail').on('click', function () {
       const description = this.closest('tr').querySelector('.notice-description').textContent;
       detailModal.querySelector('.content pre').textContent = description;
-      $(detailModal).modal('show');
+      showModal('detail-modal', undefined);
       return false;
     });
 
diff --git a/web_src/js/features/admin/emails.js b/web_src/js/features/admin/emails.js
index 46fafa7eff..536974c1ed 100644
--- a/web_src/js/features/admin/emails.js
+++ b/web_src/js/features/admin/emails.js
@@ -1,4 +1,5 @@
 import $ from 'jquery';
+import {showModal} from '../../modules/modal.ts';
 
 export function initAdminEmails() {
   function linkEmailAction(e) {
@@ -7,7 +8,7 @@ export function initAdminEmails() {
     $('#form-email').val($this.data('email'));
     $('#form-primary').val($this.data('primary'));
     $('#form-activate').val($this.data('activate'));
-    $('#change-email-modal').modal('show');
+    showModal('change-email-modal', undefined);
     e.preventDefault();
   }
   $('.link-email-action').on('click', linkEmailAction);
diff --git a/web_src/js/features/common-global.js b/web_src/js/features/common-global.js
index 56e92379c4..c24d6d7923 100644
--- a/web_src/js/features/common-global.js
+++ b/web_src/js/features/common-global.js
@@ -205,6 +205,15 @@ export function initGlobalCommon() {
   document.addEventListener('click', linkAction);
 }
 
+// Sometimes unrelated inputs are stored in forms for convenience, for example,
+// modal inputs. To prevent them from breaking the forms they are in they are
+// disabled by default
+export function initDisabledInputs() {
+  for (const el of document.querySelectorAll('input.js-enable[disabled]')) {
+    el.removeAttribute('disabled');
+  }
+}
+
 export function initGlobalDropzone() {
   for (const el of document.querySelectorAll('.dropzone')) {
     initDropzone(el);
@@ -225,7 +234,11 @@ export async function initDropzone(dropzoneEl, zone = undefined) {
     input.name = 'files';
     input.type = 'hidden';
     input.value = data.uuid;
-    dropzoneEl.querySelector('.files').append(input);
+    const inputPath = document.createElement('input');
+    inputPath.name = `files_fullpath[${data.uuid}]`;
+    inputPath.type = 'hidden';
+    inputPath.value = htmlEscape(file.fullPath || file.name);
+    dropzoneEl.querySelector('.files').append(input, inputPath);
 
     // Create a "Copy Link" element, to conveniently copy the image
     // or file link as Markdown to the clipboard
@@ -270,6 +283,7 @@ export async function initDropzone(dropzoneEl, zone = undefined) {
       this.on('success', initFilePreview);
       this.on('removedfile', async (file) => {
         document.getElementById(file.uuid)?.remove();
+        document.querySelector(`input[name="files_fullpath[${file.uuid}]"]`)?.remove();
         if (disableRemovedfileEvent) return;
         if (dropzoneEl.getAttribute('data-remove-url') && !fileUuidDict[file.uuid].submitted) {
           try {
diff --git a/web_src/js/features/comp/ComboMarkdownEditor.js b/web_src/js/features/comp/ComboMarkdownEditor.js
index 37544bf10f..8c010ae386 100644
--- a/web_src/js/features/comp/ComboMarkdownEditor.js
+++ b/web_src/js/features/comp/ComboMarkdownEditor.js
@@ -476,7 +476,23 @@ class ComboMarkdownEditor {
     // Indent with 4 spaces, unindent 4 spaces or fewer or a lost tab.
     const indentPrefix = '    ';
     const unindentRegex = /^( {1,4}|\t|> {0,4})/;
-    const indentLevel = / {4}|\t|> /g;
+    const indentTokens = ['    ', '\t', '> '];
+
+    const indentLevel = (line) => {
+      let indent = 0;
+      let matchingToken;
+
+      do {
+        matchingToken = indentTokens.find((token) => line.startsWith(token));
+
+        if (matchingToken) {
+          indent++;
+          line = line.substr(matchingToken.length);
+        }
+      } while (matchingToken);
+
+      return indent;
+    };
 
     const value = this.textarea.value;
     const lines = value.split('\n');
@@ -525,8 +541,8 @@ class ComboMarkdownEditor {
       const match = line.match(listPrefixRegex);
       if (!match || !match[0].length) return false;
       // Check that the line isn't already indented in relation to parent.
-      const levels = line.match(indentLevel)?.length ?? 0;
-      const parentLevels = !firstLineIdx ? 0 : lines[firstLineIdx - 1].match(indentLevel)?.length ?? 0;
+      const levels = indentLevel(line);
+      const parentLevels = firstLineIdx > 0 ? indentLevel(lines.at(firstLineIdx - 1)) : 0;
       // Quotes can *begin* multiple levels in, so just allow whatever for now.
       if (levels - parentLevels > 0 && !isQuote) return false;
     }
diff --git a/web_src/js/features/comp/LabelEdit.js b/web_src/js/features/comp/LabelEdit.js
index 2b13c64344..ee890ce0bc 100644
--- a/web_src/js/features/comp/LabelEdit.js
+++ b/web_src/js/features/comp/LabelEdit.js
@@ -1,4 +1,5 @@
 import $ from 'jquery';
+import {showModal} from '../../modules/modal.ts';
 
 function isExclusiveScopeName(name) {
   return /.*[^/]\/[^/].*/.test(name);
@@ -27,16 +28,14 @@ export function initCompLabelEdit(selector) {
   // Create label
   $('.new-label.button').on('click', () => {
     updateExclusiveLabelEdit('.new-label');
-    $('.new-label.modal').modal({
-      onApprove() {
-        const form = document.querySelector('.new-label.form');
-        if (!form.checkValidity()) {
-          form.reportValidity();
-          return false;
-        }
-        document.querySelector('.new-label.form').requestSubmit();
-      },
-    }).modal('show');
+    showModal('new-label-modal', () => {
+      const form = document.querySelector('.new-label.form');
+      if (!form.checkValidity()) {
+        form.reportValidity();
+        return false;
+      }
+      document.querySelector('.new-label.form').requestSubmit();
+    });
     return false;
   });
 
@@ -64,16 +63,14 @@ export function initCompLabelEdit(selector) {
     colorInput.value = this.getAttribute('data-color');
     colorInput.dispatchEvent(new Event('input', {bubbles: true}));
 
-    $('.edit-label.modal').modal({
-      onApprove() {
-        const form = document.querySelector('.edit-label.form');
-        if (!form.checkValidity()) {
-          form.reportValidity();
-          return false;
-        }
-        document.querySelector('.edit-label.form').requestSubmit();
-      },
-    }).modal('show');
+    showModal('edit-label-modal', () => {
+      const form = document.querySelector('.edit-label.form');
+      if (!form.checkValidity()) {
+        form.reportValidity();
+        return false;
+      }
+      document.querySelector('.edit-label.form').requestSubmit();
+    });
     return false;
   });
 
diff --git a/web_src/js/features/contextpopup.js b/web_src/js/features/contextpopup.js
index ce90f3e505..b719ec09cd 100644
--- a/web_src/js/features/contextpopup.js
+++ b/web_src/js/features/contextpopup.js
@@ -1,5 +1,4 @@
 import {createApp} from 'vue';
-import ContextPopup from '../components/ContextPopup.vue';
 import {parseIssueHref} from '../utils.js';
 import {createTippy} from '../modules/tippy.js';
 
@@ -8,7 +7,7 @@ export function initContextPopups() {
   attachRefIssueContextPopup(refIssues);
 }
 
-export function attachRefIssueContextPopup(refIssues) {
+export async function attachRefIssueContextPopup(refIssues) {
   for (const refIssue of refIssues) {
     if (refIssue.classList.contains('ref-external-issue')) {
       return;
@@ -20,6 +19,7 @@ export function attachRefIssueContextPopup(refIssues) {
     const el = document.createElement('div');
     refIssue.parentNode.insertBefore(el, refIssue.nextSibling);
 
+    const {default: ContextPopup} = await import(/* webpackChunkName: "context-popup" */'../components/ContextPopup.vue');
     const view = createApp(ContextPopup);
 
     try {
diff --git a/web_src/js/features/dashboard-repo-list.ts b/web_src/js/features/dashboard-repo-list.ts
new file mode 100644
index 0000000000..f55aa5343b
--- /dev/null
+++ b/web_src/js/features/dashboard-repo-list.ts
@@ -0,0 +1,12 @@
+import {createApp} from 'vue';
+
+export async function initDashboardRepoList() {
+  const el = document.getElementById('dashboard-repo-list');
+  if (!el) {
+    return;
+  }
+
+  const {default: DashboardRepoList} = await import(/* webpackChunkName: "dashboard-repo-list" */'../components/DashboardRepoList.vue');
+  const dashboardList = createApp(DashboardRepoList);
+  dashboardList.mount(el);
+}
diff --git a/web_src/js/features/heatmap.js b/web_src/js/features/heatmap.js
index 688f06c2b2..3c73e56c4e 100644
--- a/web_src/js/features/heatmap.js
+++ b/web_src/js/features/heatmap.js
@@ -1,11 +1,11 @@
 import {createApp} from 'vue';
-import ActivityHeatmap from '../components/ActivityHeatmap.vue';
 import {translateMonth, translateDay} from '../utils.js';
 
-export function initHeatmap() {
+export async function initHeatmap() {
   const el = document.getElementById('user-heatmap');
   if (!el) return;
 
+  const {default: ActivityHeatmap} = await import(/* webpackChunkName: "activity-heatmap" */'../components/ActivityHeatmap.vue');
   try {
     const heatmap = {};
     for (const {contributions, timestamp} of JSON.parse(el.getAttribute('data-heatmap-data'))) {
diff --git a/web_src/js/features/repo-action-view.ts b/web_src/js/features/repo-action-view.ts
new file mode 100644
index 0000000000..a85ec4e01a
--- /dev/null
+++ b/web_src/js/features/repo-action-view.ts
@@ -0,0 +1,56 @@
+import {createApp} from 'vue';
+
+export async function initRepositoryActionView() {
+  const el = document.getElementById('repo-action-view');
+  if (!el) return;
+
+  const {default: RepoActionView} = await import(/* webpackChunkName: "repo-action-view" */'../components/RepoActionView.vue');
+
+  // TODO: the parent element's full height doesn't work well now,
+  // but we can not pollute the global style at the moment, only fix the height problem for pages with this component
+  const parentFullHeight = document.querySelector('body > div.full.height') as HTMLDivElement;
+  if (parentFullHeight) parentFullHeight.style.paddingBottom = '0';
+
+  const initialJobData = JSON.parse(el.getAttribute('data-initial-post-response'));
+  const initialArtifactData = JSON.parse(el.getAttribute('data-initial-artifacts-response'));
+
+  const view = createApp(RepoActionView, {
+    initialJobData,
+    initialArtifactData,
+    runIndex: el.getAttribute('data-run-index'),
+    runID: el.getAttribute('data-run-id'),
+    jobIndex: el.getAttribute('data-job-index'),
+    attemptNumber: el.getAttribute('data-attempt-number'),
+    actionsURL: el.getAttribute('data-actions-url'),
+    workflowName: el.getAttribute('data-workflow-name'),
+    workflowURL: el.getAttribute('data-workflow-url'),
+    locale: {
+      approve: el.getAttribute('data-locale-approve'),
+      cancel: el.getAttribute('data-locale-cancel'),
+      rerun: el.getAttribute('data-locale-rerun'),
+      artifactsTitle: el.getAttribute('data-locale-artifacts-title'),
+      areYouSure: el.getAttribute('data-locale-are-you-sure'),
+      confirmDeleteArtifact: el.getAttribute('data-locale-confirm-delete-artifact'),
+      rerun_all: el.getAttribute('data-locale-rerun-all'),
+      showTimeStamps: el.getAttribute('data-locale-show-timestamps'),
+      showLogSeconds: el.getAttribute('data-locale-show-log-seconds'),
+      showFullScreen: el.getAttribute('data-locale-show-full-screen'),
+      downloadLogs: el.getAttribute('data-locale-download-logs'),
+      runAttemptLabel: el.getAttribute('data-locale-run-attempt-label'),
+      viewingOutOfDateRun: el.getAttribute('data-locale-viewing-out-of-date-run'),
+      viewMostRecentRun: el.getAttribute('data-locale-view-most-recent-run'),
+      preExecutionError: el.getAttribute('data-locale-pre-execution-error'),
+      status: {
+        unknown: el.getAttribute('data-locale-status-unknown'),
+        waiting: el.getAttribute('data-locale-status-waiting'),
+        running: el.getAttribute('data-locale-status-running'),
+        success: el.getAttribute('data-locale-status-success'),
+        failure: el.getAttribute('data-locale-status-failure'),
+        cancelled: el.getAttribute('data-locale-status-cancelled'),
+        skipped: el.getAttribute('data-locale-status-skipped'),
+        blocked: el.getAttribute('data-locale-status-blocked'),
+      },
+    },
+  });
+  view.mount(el);
+}
diff --git a/web_src/js/features/repo-activity-top-authors.ts b/web_src/js/features/repo-activity-top-authors.ts
new file mode 100644
index 0000000000..0134e978c6
--- /dev/null
+++ b/web_src/js/features/repo-activity-top-authors.ts
@@ -0,0 +1,16 @@
+import {createApp} from 'vue';
+
+export async function initRepoActivityTopAuthorsChart() {
+  const el = document.getElementById('repo-activity-top-authors-chart');
+  if (!el) {
+    return;
+  }
+
+  const {default: RepoActivityTopAuthors} = await import(/* webpackChunkName: "repo-activity-top-authors" */'../components/RepoActivityTopAuthors.vue');
+  const repoActivityTopAuthors = createApp(RepoActivityTopAuthors, {
+    locale: {
+      commitActivity: el.getAttribute('data-locale-commit-activity'),
+    },
+  });
+  repoActivityTopAuthors.mount(el);
+}
diff --git a/web_src/js/features/repo-branch-tag-selector.js b/web_src/js/features/repo-branch-tag-selector.js
new file mode 100644
index 0000000000..ab78b3d98d
--- /dev/null
+++ b/web_src/js/features/repo-branch-tag-selector.js
@@ -0,0 +1,36 @@
+import {createApp} from 'vue';
+
+export async function initRepoBranchTagSelector() {
+  for (const [elIndex, elRoot] of document
+    .querySelectorAll('.js-branch-tag-selector')
+    .entries()) {
+    const {default: RepoBranchTagSelector} = await import(/* webpackChunkName: "repo-branch-tag-selector" */'../components/RepoBranchTagSelector.vue');
+
+    createApp({
+      ...RepoBranchTagSelector,
+      data() {
+        return {
+          csrfToken: window.config.csrfToken,
+          items: [],
+          searchTerm: '',
+          refNameText: '',
+          menuVisible: false,
+          release: null,
+
+          isViewTag: false,
+          isViewBranch: false,
+          isViewTree: false,
+
+          active: 0,
+          isLoading: false,
+          // This means whether branch list/tag list has initialized
+          hasListInitialized: {
+            branches: false,
+            tags: false,
+          },
+          ...window.config.pageData.branchDropdownDataList[elIndex],
+        };
+      },
+    }).mount(elRoot);
+  }
+}
diff --git a/web_src/js/features/repo-diff-commitselect.js b/web_src/js/features/repo-diff-commitselect.js
index ebac64e855..7d9abe77aa 100644
--- a/web_src/js/features/repo-diff-commitselect.js
+++ b/web_src/js/features/repo-diff-commitselect.js
@@ -1,10 +1,10 @@
 import {createApp} from 'vue';
-import DiffCommitSelector from '../components/DiffCommitSelector.vue';
 
-export function initDiffCommitSelect() {
+export async function initDiffCommitSelect() {
   const el = document.getElementById('diff-commit-select');
   if (!el) return;
 
+  const {default: DiffCommitSelector} = await import(/* webpackChunkName: "diff-commit-selector" */'../components/DiffCommitSelector.vue');
   const commitSelect = createApp(DiffCommitSelector);
   commitSelect.mount(el);
 }
diff --git a/web_src/js/features/repo-diff-filetree.js b/web_src/js/features/repo-diff-filetree.js
index 5a52b9942d..85dec4088e 100644
--- a/web_src/js/features/repo-diff-filetree.js
+++ b/web_src/js/features/repo-diff-filetree.js
@@ -1,10 +1,10 @@
 import {createApp} from 'vue';
-import DiffFileTree from '../components/DiffFileTree.vue';
 
-export function initDiffFileTree() {
+export async function initDiffFileTree() {
   const el = document.getElementById('diff-file-tree');
   if (!el) return;
 
+  const {default: DiffFileTree} = await import(/* webpackChunkName: "diff-file-tree" */'../components/DiffFileTree.vue');
   const fileTreeView = createApp(DiffFileTree);
   fileTreeView.mount(el);
 }
diff --git a/web_src/js/features/repo-issue-pr-form.js b/web_src/js/features/repo-issue-pr-form.js
index 7b26e643c0..242beb60db 100644
--- a/web_src/js/features/repo-issue-pr-form.js
+++ b/web_src/js/features/repo-issue-pr-form.js
@@ -1,10 +1,10 @@
 import {createApp} from 'vue';
-import PullRequestMergeForm from '../components/PullRequestMergeForm.vue';
 
-export function initRepoPullRequestMergeForm() {
+export async function initRepoPullRequestMergeForm() {
   const el = document.getElementById('pull-request-merge-form');
   if (!el) return;
 
+  const {default: PullRequestMergeForm} = await import(/* webpackChunkName: "pull-request-merge-form" */'../components/PullRequestMergeForm.vue');
   const view = createApp(PullRequestMergeForm);
   view.mount(el);
 }
diff --git a/web_src/js/features/repo-legacy.js b/web_src/js/features/repo-legacy.js
index 66ee945d02..74efdaa530 100644
--- a/web_src/js/features/repo-legacy.js
+++ b/web_src/js/features/repo-legacy.js
@@ -9,7 +9,7 @@ import {
 import {initUnicodeEscapeButton} from './repo-unicode-escape.js';
 import {svg} from '../svg.js';
 import {htmlEscape} from 'escape-goat';
-import {initRepoBranchTagSelector} from '../components/RepoBranchTagSelector.vue';
+import {initRepoBranchTagSelector} from './repo-branch-tag-selector.js';
 import {
   initRepoCloneLink, initRepoCommonBranchOrTagDropdown, initRepoCommonFilterSearchDropdown,
 } from './repo-common.js';
@@ -379,7 +379,7 @@ async function onEditContent(event) {
     editContentZone.querySelector('button[data-button-name="cancel-edit"]').addEventListener('click', cancelAndReset);
     editContentZone.querySelector('button[data-button-name="save-edit"]').addEventListener('click', saveAndRefresh);
   } else {
-    const tabEditor = editContentZone.querySelector('.combo-markdown-editor').querySelector('.switch > a[data-tab-for=markdown-writer]');
+    const tabEditor = editContentZone.querySelector('.combo-markdown-editor').querySelector('.switch > [data-tab-for=markdown-writer]');
     tabEditor?.click();
   }
 
diff --git a/web_src/js/features/scoped-access-token-selector.ts b/web_src/js/features/scoped-access-token-selector.ts
new file mode 100644
index 0000000000..481ee0b57d
--- /dev/null
+++ b/web_src/js/features/scoped-access-token-selector.ts
@@ -0,0 +1,14 @@
+import {createApp} from 'vue';
+
+export async function initScopedAccessTokenCategories() {
+  for (const el of document.getElementsByClassName('scoped-access-token')) {
+    const {default: ScopedAccessTokenSelector} = await import(/* webpackChunkName: "scoped-access-token-selector" */'../components/ScopedAccessTokenSelector.vue');
+    const scopedAccessTokenSelector = createApp(ScopedAccessTokenSelector, {
+      isAdmin: el.getAttribute('data-is-admin') === 'true',
+      noAccessLabel: el.getAttribute('data-no-access-label'),
+      readLabel: el.getAttribute('data-read-label'),
+      writeLabel: el.getAttribute('data-write-label'),
+    });
+    scopedAccessTokenSelector.mount(el);
+  }
+}
diff --git a/web_src/js/index.js b/web_src/js/index.js
index 430579348e..93510c1e23 100644
--- a/web_src/js/index.js
+++ b/web_src/js/index.js
@@ -1,9 +1,9 @@
 // bootstrap module must be the first one to be imported, it handles webpack lazy-loading and global errors
 import './bootstrap.js';
 
-import {initRepoActivityTopAuthorsChart} from './components/RepoActivityTopAuthors.vue';
-import {initScopedAccessTokenCategories} from './components/ScopedAccessTokenSelector.vue';
-import {initDashboardRepoList} from './components/DashboardRepoList.vue';
+import {initRepoActivityTopAuthorsChart} from './features/repo-activity-top-authors.ts';
+import {initScopedAccessTokenCategories} from './features/scoped-access-token-selector.ts';
+import {initDashboardRepoList} from './features/dashboard-repo-list.ts';
 
 import {initGlobalCopyToClipboardListener} from './features/clipboard.js';
 import {initContextPopups} from './features/contextpopup.js';
@@ -38,6 +38,7 @@ import {
   initGlobalButtonClickOnEnter,
   initGlobalButtons,
   initGlobalCommon,
+  initDisabledInputs,
   initGlobalDropzone,
   initGlobalEnterQuickSubmit,
   initGlobalFormDirtyLeaveConfirm,
@@ -71,7 +72,7 @@ import {initRepoWikiForm} from './features/repo-wiki.js';
 import {initRepoCommentForm, initRepository} from './features/repo-legacy.js';
 import {initCopyContent} from './features/copycontent.js';
 import {initCaptcha} from './features/captcha.js';
-import {initRepositoryActionView} from './components/RepoActionView.vue';
+import {initRepositoryActionView} from './features/repo-action-view.ts';
 import {initGlobalTooltips} from './modules/tippy.js';
 import {initDropdowns} from './modules/dropdown.ts';
 import {initGiteaFomantic} from './modules/fomantic.js';
@@ -95,6 +96,7 @@ initDirAuto();
 onDomReady(() => {
   initGlobalCommon();
 
+  initDisabledInputs();
   initGlobalTooltips();
   initGlobalButtonClickOnEnter();
   initGlobalButtons();
diff --git a/web_src/js/modules/tippy.js b/web_src/js/modules/tippy.js
index 887e7194d9..0aab06e92e 100644
--- a/web_src/js/modules/tippy.js
+++ b/web_src/js/modules/tippy.js
@@ -81,6 +81,7 @@ function attachTooltip(target, content = null) {
     hideOnClick,
     placement: target.getAttribute('data-tooltip-placement') || 'top-start',
     followCursor: target.getAttribute('data-tooltip-follow-cursor') || false,
+    ...(target.getAttribute('data-tooltip-appendto') === 'parent' ? {appendTo: 'parent'} : {}),
     ...(target.getAttribute('data-tooltip-interactive') === 'true' ? {interactive: true, aria: {content: 'describedby', expanded: false}} : {}),
   };
 
diff --git a/web_src/js/types.d.ts b/web_src/js/types.d.ts
new file mode 100644
index 0000000000..ed5a18b974
--- /dev/null
+++ b/web_src/js/types.d.ts
@@ -0,0 +1,10 @@
+interface Window {
+  config?: {
+    appUrl: string;
+  }
+}
+
+declare module '*.vue' {
+  import Vue from 'vue';
+  export default Vue;
+}
diff --git a/web_src/js/utils/dom.js b/web_src/js/utils/dom.js
index 3d48ff3e15..a849f41a3a 100644
--- a/web_src/js/utils/dom.js
+++ b/web_src/js/utils/dom.js
@@ -117,9 +117,16 @@ export function isDocumentFragmentOrElementNode(el) {
 // included in all copies or substantial portions of the Software.
 // ---------------------------------------------------------------------
 export function autosize(textarea, {viewportMarginBottom = 0} = {}) {
+  const textareaParent = textarea.parentElement;
+  function createJumpPreventer() {
+    const el = document.createElement('div');
+    textareaParent.prepend(el, textareaParent.firstChild);
+    return el;
+  }
+  const jumpPreventer = textareaParent.querySelector('div') || createJumpPreventer();
   let isUserResized = false;
   // lastStyleHeight and initialStyleHeight are CSS values like '100px'
-  let lastMouseX, lastMouseY, lastStyleHeight, initialStyleHeight;
+  let lastMouseX, lastMouseY, lastStyleHeight, initialStyleHeight, lastLines;
 
   function onUserResize(event) {
     if (isUserResized) return;
@@ -157,6 +164,12 @@ export function autosize(textarea, {viewportMarginBottom = 0} = {}) {
       const {top, bottom} = overflowOffset();
       const isOutOfViewport = top < 0 || bottom < 0;
 
+      const currLines = textarea.value.split('\n').length;
+      const shouldResize = !isOutOfViewport || currLines < lastLines;
+      if (currLines < lastLines) jumpPreventer.style.height = '0';
+      lastLines = currLines;
+      if (!shouldResize) return;
+
       const computedStyle = getComputedStyle(textarea);
       const topBorderWidth = parseFloat(computedStyle.borderTopWidth);
       const bottomBorderWidth = parseFloat(computedStyle.borderBottomWidth);
@@ -168,23 +181,10 @@ export function autosize(textarea, {viewportMarginBottom = 0} = {}) {
       const maxHeight = curHeight + bottom - adjustedViewportMarginBottom;
 
       textarea.style.height = 'auto';
-      let newHeight = textarea.scrollHeight + borderAddOn;
-
-      if (isOutOfViewport) {
-        // it is already out of the viewport:
-        // * if the textarea is expanding: do not resize it
-        if (newHeight > curHeight) {
-          newHeight = curHeight;
-        }
-        // * if the textarea is shrinking, shrink line by line (just use the
-        //   scrollHeight). do not apply max-height limit, otherwise the page
-        //   flickers and the textarea jumps
-      } else {
-        // * if it is in the viewport, apply the max-height limit
-        newHeight = Math.min(maxHeight, newHeight);
-      }
+      const newHeight = Math.min(maxHeight, textarea.scrollHeight + borderAddOn);
 
       textarea.style.height = `${newHeight}px`;
+      jumpPreventer.style.height = textarea.style.height;
       lastStyleHeight = textarea.style.height;
     } finally {
       // ensure that the textarea is fully scrolled to the end, when the cursor
@@ -209,6 +209,7 @@ export function autosize(textarea, {viewportMarginBottom = 0} = {}) {
   textarea.addEventListener('input', resizeToFit);
   textarea.form?.addEventListener('reset', onFormReset);
   initialStyleHeight = textarea.style.height ?? undefined;
+  lastLines = textarea.value.split('\n').length;
   if (textarea.value) resizeToFit();
 
   return {