From 7092402a2db255ecde2c20574b973fb632c16d2e Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Fri, 16 Aug 2024 01:34:24 +0900
Subject: [PATCH 001/129] Add missing repository type filter parameters to
 pager  (#31832)

Fix #31807

ps: the newly added params's value will be changed.
When the first time you selected the filter, the values of params will
be `0` or `1`
But in pager it will be `true` or `false`.
So do we have `boolToInt` function?
---
 routers/web/explore/repo.go      | 15 +++++++++++++++
 routers/web/org/home.go          | 16 ++++++++++++++++
 routers/web/user/notification.go | 15 +++++++++++++++
 routers/web/user/profile.go      | 15 +++++++++++++++
 4 files changed, 61 insertions(+)

diff --git a/routers/web/explore/repo.go b/routers/web/explore/repo.go
index 67f138aca9f..ab487dff5fc 100644
--- a/routers/web/explore/repo.go
+++ b/routers/web/explore/repo.go
@@ -144,6 +144,21 @@ func RenderRepoSearch(ctx *context.Context, opts *RepoSearchOptions) {
 	pager.AddParamString("topic", fmt.Sprint(topicOnly))
 	pager.AddParamString("language", language)
 	pager.AddParamString(relevantReposOnlyParam, fmt.Sprint(opts.OnlyShowRelevant))
+	if archived.Has() {
+		pager.AddParamString("archived", fmt.Sprint(archived.Value()))
+	}
+	if fork.Has() {
+		pager.AddParamString("fork", fmt.Sprint(fork.Value()))
+	}
+	if mirror.Has() {
+		pager.AddParamString("mirror", fmt.Sprint(mirror.Value()))
+	}
+	if template.Has() {
+		pager.AddParamString("template", fmt.Sprint(template.Value()))
+	}
+	if private.Has() {
+		pager.AddParamString("private", fmt.Sprint(private.Value()))
+	}
 	ctx.Data["Page"] = pager
 
 	ctx.HTML(http.StatusOK, opts.TplName)
diff --git a/routers/web/org/home.go b/routers/web/org/home.go
index c3fc4e099a4..77d49f5b78f 100644
--- a/routers/web/org/home.go
+++ b/routers/web/org/home.go
@@ -4,6 +4,7 @@
 package org
 
 import (
+	"fmt"
 	"net/http"
 	"path"
 	"strings"
@@ -155,6 +156,21 @@ func Home(ctx *context.Context) {
 	pager := context.NewPagination(int(count), setting.UI.User.RepoPagingNum, page, 5)
 	pager.SetDefaultParams(ctx)
 	pager.AddParamString("language", language)
+	if archived.Has() {
+		pager.AddParamString("archived", fmt.Sprint(archived.Value()))
+	}
+	if fork.Has() {
+		pager.AddParamString("fork", fmt.Sprint(fork.Value()))
+	}
+	if mirror.Has() {
+		pager.AddParamString("mirror", fmt.Sprint(mirror.Value()))
+	}
+	if template.Has() {
+		pager.AddParamString("template", fmt.Sprint(template.Value()))
+	}
+	if private.Has() {
+		pager.AddParamString("private", fmt.Sprint(private.Value()))
+	}
 	ctx.Data["Page"] = pager
 
 	ctx.Data["ShowMemberAndTeamTab"] = ctx.Org.IsMember || len(members) > 0
diff --git a/routers/web/user/notification.go b/routers/web/user/notification.go
index 833a9c049c8..414cb0be490 100644
--- a/routers/web/user/notification.go
+++ b/routers/web/user/notification.go
@@ -446,6 +446,21 @@ func NotificationWatching(ctx *context.Context) {
 	// redirect to last page if request page is more than total pages
 	pager := context.NewPagination(total, setting.UI.User.RepoPagingNum, page, 5)
 	pager.SetDefaultParams(ctx)
+	if archived.Has() {
+		pager.AddParamString("archived", fmt.Sprint(archived.Value()))
+	}
+	if fork.Has() {
+		pager.AddParamString("fork", fmt.Sprint(fork.Value()))
+	}
+	if mirror.Has() {
+		pager.AddParamString("mirror", fmt.Sprint(mirror.Value()))
+	}
+	if template.Has() {
+		pager.AddParamString("template", fmt.Sprint(template.Value()))
+	}
+	if private.Has() {
+		pager.AddParamString("private", fmt.Sprint(private.Value()))
+	}
 	ctx.Data["Page"] = pager
 
 	ctx.Data["Status"] = 2
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index f0749e10216..3f91233ee6e 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -333,6 +333,21 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDb
 			pager.AddParamString("date", fmt.Sprint(ctx.Data["Date"]))
 		}
 	}
+	if archived.Has() {
+		pager.AddParamString("archived", fmt.Sprint(archived.Value()))
+	}
+	if fork.Has() {
+		pager.AddParamString("fork", fmt.Sprint(fork.Value()))
+	}
+	if mirror.Has() {
+		pager.AddParamString("mirror", fmt.Sprint(mirror.Value()))
+	}
+	if template.Has() {
+		pager.AddParamString("template", fmt.Sprint(template.Value()))
+	}
+	if private.Has() {
+		pager.AddParamString("private", fmt.Sprint(private.Value()))
+	}
 	ctx.Data["Page"] = pager
 }
 

From e4f850bf635365083344af0c0109c29e7021ba03 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Fri, 16 Aug 2024 00:27:28 +0000
Subject: [PATCH 002/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_ja-JP.ini | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index b36b3204396..4fc06bc71a0 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -1475,6 +1475,7 @@ issues.remove_labels=がラベル %s を除去 %s
 issues.add_remove_labels=がラベル %s を追加、 %s を除去 %s
 issues.add_milestone_at=`がマイルストーン <b>%[1]s</b> に追加 %[2]s`
 issues.add_project_at=`がプロジェクト <b>%s</b> に追加 %s`
+issues.move_to_column_of_project=`がこれを %[2]s の %[1]s に移動 %[3]s`
 issues.change_milestone_at=`がマイルストーンを <b>%[1]s</b> から <b>%[2]s</b> へ変更 %[3]s`
 issues.change_project_at=`がプロジェクトを <b>%s</b> から <b>%s</b> へ変更 %s`
 issues.remove_milestone_at=`がマイルストーン <b>%[1]s</b> から除去 %[2]s`
@@ -1764,6 +1765,7 @@ compare.compare_head=比較
 pulls.desc=プルリクエストとコードレビューの有効化。
 pulls.new=新しいプルリクエスト
 pulls.new.blocked_user=リポジトリのオーナーがあなたをブロックしているため、プルリクエストを作成できません。
+pulls.new.must_collaborator=プルリクエストを作成するには、共同作業者である必要があります。
 pulls.edit.already_changed=プルリクエストの変更を保存できません。 他のユーザーによって内容がすでに変更されているようです。 変更を上書きしないようにするため、ページを更新してからもう一度編集してください
 pulls.view=プルリクエストを表示
 pulls.compare_changes=新規プルリクエスト
@@ -1888,6 +1890,7 @@ pulls.cmd_instruction_checkout_title=チェックアウト
 pulls.cmd_instruction_checkout_desc=プロジェクトリポジトリから新しいブランチをチェックアウトし、変更内容をテストします。
 pulls.cmd_instruction_merge_title=マージ
 pulls.cmd_instruction_merge_desc=変更内容をマージして、Giteaに反映します。
+pulls.cmd_instruction_merge_warning=警告: 「手動マージの自動検出」が有効ではないため、この操作ではプルリクエストをマージできません
 pulls.clear_merge_message=マージメッセージをクリア
 pulls.clear_merge_message_hint=マージメッセージのクリアは、コミットメッセージの除去だけを行います。 生成されたGitトレーラー("Co-Authored-By …" 等)はそのまま残ります。
 

From 2010fbe06054b9d9cada430f1a60f45ac7689b93 Mon Sep 17 00:00:00 2001
From: Zettat123 <zettat123@gmail.com>
Date: Fri, 16 Aug 2024 20:40:51 +0800
Subject: [PATCH 003/129] Fix raw wiki links (#31825)

Fix #31395

This regression is introduced by #30273. To find out how GitHub handles
this case, I did [some
tests](https://github.com/go-gitea/gitea/issues/31395#issuecomment-2278929115).

I use redirect in this PR instead of checking if the corresponding `.md`
file exists when rendering the link because GitHub also uses redirect.
With this PR, there is no need to resolve the raw wiki link when
rendering a wiki page. If a wiki link points to a raw file, access will
be redirected to the raw link.
---
 modules/markup/html_link.go              | 12 ++---
 modules/markup/html_test.go              |  2 +-
 modules/markup/markdown/markdown_test.go | 24 ++++-----
 routers/web/repo/wiki.go                 | 64 ++++++++++++++++++++----
 routers/web/repo/wiki_test.go            | 14 ++++++
 5 files changed, 84 insertions(+), 32 deletions(-)

diff --git a/modules/markup/html_link.go b/modules/markup/html_link.go
index a41b87e9fa8..b0861353485 100644
--- a/modules/markup/html_link.go
+++ b/modules/markup/html_link.go
@@ -4,8 +4,6 @@
 package markup
 
 import (
-	"path"
-
 	"code.gitea.io/gitea/modules/util"
 )
 
@@ -14,13 +12,9 @@ func ResolveLink(ctx *RenderContext, link, userContentAnchorPrefix string) (resu
 	if !isAnchorFragment && !IsFullURLString(link) {
 		linkBase := ctx.Links.Base
 		if ctx.IsWiki {
-			if ext := path.Ext(link); ext == "" || ext == ".-" {
-				linkBase = ctx.Links.WikiLink() // the link is for a wiki page
-			} else if DetectMarkupTypeByFileName(link) != "" {
-				linkBase = ctx.Links.WikiLink() // the link is renderable as a wiki page
-			} else {
-				linkBase = ctx.Links.WikiRawLink() // otherwise, use a raw link instead to view&download medias
-			}
+			// no need to check if the link should be resolved as a wiki link or a wiki raw link
+			// just use wiki link here and it will be redirected to a wiki raw link if necessary
+			linkBase = ctx.Links.WikiLink()
 		} else if ctx.Links.BranchPath != "" || ctx.Links.TreePath != "" {
 			// if there is no BranchPath, then the link will be something like "/owner/repo/src/{the-file-path}"
 			// and then this link will be handled by the "legacy-ref" code and be redirected to the default branch like "/owner/repo/src/branch/main/{the-file-path}"
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index c69f3ddd648..32858dbd6b3 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -437,7 +437,7 @@ func TestRender_ShortLinks(t *testing.T) {
 	renderableFileURL := util.URLJoin(tree, "markdown_file.md")
 	renderableFileURLWiki := util.URLJoin(markup.TestRepoURL, "wiki", "markdown_file.md")
 	unrenderableFileURL := util.URLJoin(tree, "file.zip")
-	unrenderableFileURLWiki := util.URLJoin(markup.TestRepoURL, "wiki", "raw", "file.zip")
+	unrenderableFileURLWiki := util.URLJoin(markup.TestRepoURL, "wiki", "file.zip")
 	favicon := "http://google.com/favicon.ico"
 
 	test(
diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index 671276e45c5..cfb821ab19f 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -672,9 +672,9 @@ space</p>
 			Expected: `<p>space @mention-user<br/>
 /just/a/path.bin<br/>
 <a href="https://example.com/file.bin" rel="nofollow">https://example.com/file.bin</a><br/>
-<a href="/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
-<a href="/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
 <a href="/wiki/raw/image.jpg" target="_blank" rel="nofollow noopener"><img src="/wiki/raw/image.jpg" alt="local image"/></a><br/>
 <a href="/wiki/raw/path/file" target="_blank" rel="nofollow noopener"><img src="/wiki/raw/path/file" alt="local image"/></a><br/>
@@ -730,9 +730,9 @@ space</p>
 			Expected: `<p>space @mention-user<br/>
 /just/a/path.bin<br/>
 <a href="https://example.com/file.bin" rel="nofollow">https://example.com/file.bin</a><br/>
-<a href="https://gitea.io/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="https://gitea.io/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
-<a href="https://gitea.io/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="https://gitea.io/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
 <a href="https://gitea.io/wiki/raw/image.jpg" target="_blank" rel="nofollow noopener"><img src="https://gitea.io/wiki/raw/image.jpg" alt="local image"/></a><br/>
 <a href="https://gitea.io/wiki/raw/path/file" target="_blank" rel="nofollow noopener"><img src="https://gitea.io/wiki/raw/path/file" alt="local image"/></a><br/>
@@ -788,9 +788,9 @@ space</p>
 			Expected: `<p>space @mention-user<br/>
 /just/a/path.bin<br/>
 <a href="https://example.com/file.bin" rel="nofollow">https://example.com/file.bin</a><br/>
-<a href="/relative/path/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/relative/path/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
-<a href="/relative/path/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/relative/path/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
 <a href="/relative/path/wiki/raw/image.jpg" target="_blank" rel="nofollow noopener"><img src="/relative/path/wiki/raw/image.jpg" alt="local image"/></a><br/>
 <a href="/relative/path/wiki/raw/path/file" target="_blank" rel="nofollow noopener"><img src="/relative/path/wiki/raw/path/file" alt="local image"/></a><br/>
@@ -848,9 +848,9 @@ space</p>
 			Expected: `<p>space @mention-user<br/>
 /just/a/path.bin<br/>
 <a href="https://example.com/file.bin" rel="nofollow">https://example.com/file.bin</a><br/>
-<a href="/relative/path/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/relative/path/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
-<a href="/relative/path/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/relative/path/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
 <a href="/relative/path/wiki/raw/image.jpg" target="_blank" rel="nofollow noopener"><img src="/relative/path/wiki/raw/image.jpg" alt="local image"/></a><br/>
 <a href="/relative/path/wiki/raw/path/file" target="_blank" rel="nofollow noopener"><img src="/relative/path/wiki/raw/path/file" alt="local image"/></a><br/>
@@ -908,9 +908,9 @@ space</p>
 			Expected: `<p>space @mention-user<br/>
 /just/a/path.bin<br/>
 <a href="https://example.com/file.bin" rel="nofollow">https://example.com/file.bin</a><br/>
-<a href="/relative/path/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/relative/path/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
-<a href="/relative/path/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/relative/path/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
 <a href="/relative/path/wiki/raw/image.jpg" target="_blank" rel="nofollow noopener"><img src="/relative/path/wiki/raw/image.jpg" alt="local image"/></a><br/>
 <a href="/relative/path/wiki/raw/path/file" target="_blank" rel="nofollow noopener"><img src="/relative/path/wiki/raw/path/file" alt="local image"/></a><br/>
@@ -970,9 +970,9 @@ space</p>
 			Expected: `<p>space @mention-user<br/>
 /just/a/path.bin<br/>
 <a href="https://example.com/file.bin" rel="nofollow">https://example.com/file.bin</a><br/>
-<a href="/relative/path/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/relative/path/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
-<a href="/relative/path/wiki/raw/file.bin" rel="nofollow">local link</a><br/>
+<a href="/relative/path/wiki/file.bin" rel="nofollow">local link</a><br/>
 <a href="https://example.com" rel="nofollow">remote link</a><br/>
 <a href="/relative/path/wiki/raw/image.jpg" target="_blank" rel="nofollow noopener"><img src="/relative/path/wiki/raw/image.jpg" alt="local image"/></a><br/>
 <a href="/relative/path/wiki/raw/path/file" target="_blank" rel="nofollow noopener"><img src="/relative/path/wiki/raw/path/file" alt="local image"/></a><br/>
diff --git a/routers/web/repo/wiki.go b/routers/web/repo/wiki.go
index 13b6a7b8e3b..d2056353d88 100644
--- a/routers/web/repo/wiki.go
+++ b/routers/web/repo/wiki.go
@@ -138,18 +138,41 @@ func wikiContentsByEntry(ctx *context.Context, entry *git.TreeEntry) []byte {
 	return content
 }
 
-// wikiContentsByName returns the contents of a wiki page, along with a boolean
-// indicating whether the page exists. Writes to ctx if an error occurs.
-func wikiContentsByName(ctx *context.Context, commit *git.Commit, wikiName wiki_service.WebPath) ([]byte, *git.TreeEntry, string, bool) {
+// wikiEntryByName returns the entry of a wiki page, along with a boolean
+// indicating whether the entry exists. Writes to ctx if an error occurs.
+// The last return value indicates whether the file should be returned as a raw file
+func wikiEntryByName(ctx *context.Context, commit *git.Commit, wikiName wiki_service.WebPath) (*git.TreeEntry, string, bool, bool) {
+	isRaw := false
 	gitFilename := wiki_service.WebPathToGitPath(wikiName)
 	entry, err := findEntryForFile(commit, gitFilename)
 	if err != nil && !git.IsErrNotExist(err) {
 		ctx.ServerError("findEntryForFile", err)
-		return nil, nil, "", false
-	} else if entry == nil {
+		return nil, "", false, false
+	}
+	if entry == nil {
+		// check if the file without ".md" suffix exists
+		gitFilename := strings.TrimSuffix(gitFilename, ".md")
+		entry, err = findEntryForFile(commit, gitFilename)
+		if err != nil && !git.IsErrNotExist(err) {
+			ctx.ServerError("findEntryForFile", err)
+			return nil, "", false, false
+		}
+		isRaw = true
+	}
+	if entry == nil {
+		return nil, "", true, false
+	}
+	return entry, gitFilename, false, isRaw
+}
+
+// wikiContentsByName returns the contents of a wiki page, along with a boolean
+// indicating whether the page exists. Writes to ctx if an error occurs.
+func wikiContentsByName(ctx *context.Context, commit *git.Commit, wikiName wiki_service.WebPath) ([]byte, *git.TreeEntry, string, bool) {
+	entry, gitFilename, noEntry, _ := wikiEntryByName(ctx, commit, wikiName)
+	if entry == nil {
 		return nil, nil, "", true
 	}
-	return wikiContentsByEntry(ctx, entry), entry, gitFilename, false
+	return wikiContentsByEntry(ctx, entry), entry, gitFilename, noEntry
 }
 
 func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
@@ -215,11 +238,14 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
 	isSideBar := pageName == "_Sidebar"
 	isFooter := pageName == "_Footer"
 
-	// lookup filename in wiki - get filecontent, gitTree entry , real filename
-	data, entry, pageFilename, noEntry := wikiContentsByName(ctx, commit, pageName)
+	// lookup filename in wiki - get gitTree entry , real filename
+	entry, pageFilename, noEntry, isRaw := wikiEntryByName(ctx, commit, pageName)
 	if noEntry {
 		ctx.Redirect(ctx.Repo.RepoLink + "/wiki/?action=_pages")
 	}
+	if isRaw {
+		ctx.Redirect(util.URLJoin(ctx.Repo.RepoLink, "wiki/raw", string(pageName)))
+	}
 	if entry == nil || ctx.Written() {
 		if wikiRepo != nil {
 			wikiRepo.Close()
@@ -227,6 +253,15 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
 		return nil, nil
 	}
 
+	// get filecontent
+	data := wikiContentsByEntry(ctx, entry)
+	if ctx.Written() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		return nil, nil
+	}
+
 	var sidebarContent []byte
 	if !isSideBar {
 		sidebarContent, _, _, _ = wikiContentsByName(ctx, commit, "_Sidebar")
@@ -442,15 +477,24 @@ func renderEditPage(ctx *context.Context) {
 	ctx.Data["Title"] = displayName
 	ctx.Data["title"] = displayName
 
-	// lookup filename in wiki - get filecontent, gitTree entry , real filename
-	data, entry, _, noEntry := wikiContentsByName(ctx, commit, pageName)
+	// lookup filename in wiki -  gitTree entry , real filename
+	entry, _, noEntry, isRaw := wikiEntryByName(ctx, commit, pageName)
 	if noEntry {
 		ctx.Redirect(ctx.Repo.RepoLink + "/wiki/?action=_pages")
 	}
+	if isRaw {
+		ctx.Error(http.StatusForbidden, "Editing of raw wiki files is not allowed")
+	}
 	if entry == nil || ctx.Written() {
 		return
 	}
 
+	// get filecontent
+	data := wikiContentsByEntry(ctx, entry)
+	if ctx.Written() {
+		return
+	}
+
 	ctx.Data["content"] = string(data)
 	ctx.Data["sidebarPresent"] = false
 	ctx.Data["sidebarContent"] = ""
diff --git a/routers/web/repo/wiki_test.go b/routers/web/repo/wiki_test.go
index 7de5899e21c..b81f2ea02e3 100644
--- a/routers/web/repo/wiki_test.go
+++ b/routers/web/repo/wiki_test.go
@@ -87,6 +87,13 @@ func TestWiki(t *testing.T) {
 	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
 	assert.EqualValues(t, "Home", ctx.Data["Title"])
 	assertPagesMetas(t, []string{"Home", "Page With Image", "Page With Spaced Name", "Unescaped File"}, ctx.Data["Pages"])
+
+	ctx, _ = contexttest.MockContext(t, "user2/repo1/jpeg.jpg")
+	ctx.SetPathParam("*", "jpeg.jpg")
+	contexttest.LoadRepo(t, ctx, 1)
+	Wiki(ctx)
+	assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status())
+	assert.Equal(t, "/user2/repo1/wiki/raw/jpeg.jpg", ctx.Resp.Header().Get("Location"))
 }
 
 func TestWikiPages(t *testing.T) {
@@ -160,6 +167,13 @@ func TestEditWiki(t *testing.T) {
 	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
 	assert.EqualValues(t, "Home", ctx.Data["Title"])
 	assert.Equal(t, wikiContent(t, ctx.Repo.Repository, "Home"), ctx.Data["content"])
+
+	ctx, _ = contexttest.MockContext(t, "user2/repo1/wiki/jpeg.jpg?action=_edit")
+	ctx.SetPathParam("*", "jpeg.jpg")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	EditWiki(ctx)
+	assert.EqualValues(t, http.StatusForbidden, ctx.Resp.Status())
 }
 
 func TestEditWikiPost(t *testing.T) {

From acd7053e9d4968e8b9812ab379be9027ac8e7771 Mon Sep 17 00:00:00 2001
From: Jason Song <i@wolfogre.com>
Date: Sat, 17 Aug 2024 01:04:54 +0800
Subject: [PATCH 004/129] Avoid returning without written ctx when posting PR
 (#31843)

Fix #31625.

If `pull_service.NewPullRequest` return an error which misses each `if`
check, `CompareAndPullRequestPost` will return immediately, since it
doesn't write the HTTP response, a 200 response with empty body will be
sent to clients.

```go
	if err := pull_service.NewPullRequest(ctx, repo, pullIssue, labelIDs, attachments, pullRequest, assigneeIDs); err != nil {
		if repo_model.IsErrUserDoesNotHaveAccessToRepo(err) {
			ctx.Error(http.StatusBadRequest, "UserDoesNotHaveAccessToRepo", err.Error())
		} else if git.IsErrPushRejected(err) {
			// ...
			ctx.JSONError(flashError)
		} else if errors.Is(err, user_model.ErrBlockedUser) {
			// ...
			ctx.JSONError(flashError)
		} else if errors.Is(err, issues_model.ErrMustCollaborator) {
			// ...
			ctx.JSONError(flashError)
		}
		return
	}
```

Not sure what kind of error can cause it to happen, so this PR just
expose it. And we can fix it when users report that creating PRs failed
with error responses.

It's all my guess since I cannot reproduce the problem, but even if it's
not related, the code here needs to be improved.
---
 routers/web/repo/pull.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 9531482bee7..e001e872aa8 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -1308,9 +1308,10 @@ func CompareAndPullRequestPost(ctx *context.Context) {
 	// instead of 500.
 
 	if err := pull_service.NewPullRequest(ctx, repo, pullIssue, labelIDs, attachments, pullRequest, assigneeIDs); err != nil {
-		if repo_model.IsErrUserDoesNotHaveAccessToRepo(err) {
+		switch {
+		case repo_model.IsErrUserDoesNotHaveAccessToRepo(err):
 			ctx.Error(http.StatusBadRequest, "UserDoesNotHaveAccessToRepo", err.Error())
-		} else if git.IsErrPushRejected(err) {
+		case git.IsErrPushRejected(err):
 			pushrejErr := err.(*git.ErrPushRejected)
 			message := pushrejErr.Message
 			if len(message) == 0 {
@@ -1327,7 +1328,7 @@ func CompareAndPullRequestPost(ctx *context.Context) {
 				return
 			}
 			ctx.JSONError(flashError)
-		} else if errors.Is(err, user_model.ErrBlockedUser) {
+		case errors.Is(err, user_model.ErrBlockedUser):
 			flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
 				"Message": ctx.Tr("repo.pulls.push_rejected"),
 				"Summary": ctx.Tr("repo.pulls.new.blocked_user"),
@@ -1337,7 +1338,7 @@ func CompareAndPullRequestPost(ctx *context.Context) {
 				return
 			}
 			ctx.JSONError(flashError)
-		} else if errors.Is(err, issues_model.ErrMustCollaborator) {
+		case errors.Is(err, issues_model.ErrMustCollaborator):
 			flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
 				"Message": ctx.Tr("repo.pulls.push_rejected"),
 				"Summary": ctx.Tr("repo.pulls.new.must_collaborator"),
@@ -1347,6 +1348,11 @@ func CompareAndPullRequestPost(ctx *context.Context) {
 				return
 			}
 			ctx.JSONError(flashError)
+		default:
+			// It's an unexpected error.
+			// If it happens, we should add another case to handle it.
+			log.Error("Unexpected error of NewPullRequest: %T %s", err, err)
+			ctx.ServerError("CompareAndPullRequest", err)
 		}
 		return
 	}

From 2e7d202a7f8051d140220d1c195ff73b80e0d1ff Mon Sep 17 00:00:00 2001
From: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
Date: Sat, 17 Aug 2024 01:37:36 +0800
Subject: [PATCH 005/129] fix the component of access token list not mounted
 (#31824)

try to fix #31771
---
 templates/user/settings/applications.tmpl     | 14 ++++++-------
 .../components/ScopedAccessTokenSelector.vue  | 13 ------------
 web_src/js/features/scoped-access-token.ts    | 20 +++++++++++++++++++
 web_src/js/index.ts                           |  2 +-
 4 files changed, 28 insertions(+), 21 deletions(-)
 create mode 100644 web_src/js/features/scoped-access-token.ts

diff --git a/templates/user/settings/applications.tmpl b/templates/user/settings/applications.tmpl
index 3c1934dd8b4..65525aac2b2 100644
--- a/templates/user/settings/applications.tmpl
+++ b/templates/user/settings/applications.tmpl
@@ -77,13 +77,13 @@
 					<p class="activity meta">
 						<i>{{ctx.Locale.Tr "settings.access_token_desc" (HTMLFormat `href="%s/api/swagger" target="_blank"` AppSubUrl) (`href="https://docs.gitea.com/development/oauth2-provider#scopes" target="_blank"`|SafeHTML)}}</i>
 					</p>
-					<div class="scoped-access-token-mount">
-						<scoped-access-token-selector
-							:is-admin="{{if .IsAdmin}}true{{else}}false{{end}}"
-							no-access-label="{{ctx.Locale.Tr "settings.permission_no_access"}}"
-							read-label="{{ctx.Locale.Tr "settings.permission_read"}}"
-							write-label="{{ctx.Locale.Tr "settings.permission_write"}}"
-						></scoped-access-token-selector>
+					<div id="scoped-access-token-selector"
+						data-is-admin="{{if .IsAdmin}}true{{else}}false{{end}}"
+						data-no-access-label="{{ctx.Locale.Tr "settings.permission_no_access"}}"
+						data-read-label="{{ctx.Locale.Tr "settings.permission_read"}}"
+						data-write-label="{{ctx.Locale.Tr "settings.permission_write"}}"
+						data-locale-component-failed-to-load="{{ctx.Locale.Tr "graphs.component_failed_to_load"}}"
+					>
 					</div>
 				</details>
 				<button id="scoped-access-submit" class="ui primary button">
diff --git a/web_src/js/components/ScopedAccessTokenSelector.vue b/web_src/js/components/ScopedAccessTokenSelector.vue
index b2fda052604..896c1dbff4b 100644
--- a/web_src/js/components/ScopedAccessTokenSelector.vue
+++ b/web_src/js/components/ScopedAccessTokenSelector.vue
@@ -1,5 +1,4 @@
 <script lang="ts">
-import {createApp} from 'vue';
 import {hideElem, showElem} from '../utils/dom.ts';
 
 const sfc = {
@@ -73,18 +72,6 @@ const sfc = {
 };
 
 export default sfc;
-
-/**
- * Initialize category toggle sections
- */
-export function initScopedAccessTokenCategories() {
-  for (const el of document.querySelectorAll('.scoped-access-token-mount')) {
-    createApp({})
-      .component('scoped-access-token-selector', sfc)
-      .mount(el);
-  }
-}
-
 </script>
 <template>
   <div v-for="category in categories" :key="category" class="field tw-pl-1 tw-pb-1 access-token-category">
diff --git a/web_src/js/features/scoped-access-token.ts b/web_src/js/features/scoped-access-token.ts
new file mode 100644
index 00000000000..c498d4c0111
--- /dev/null
+++ b/web_src/js/features/scoped-access-token.ts
@@ -0,0 +1,20 @@
+import {createApp} from 'vue';
+
+export async function initScopedAccessTokenCategories() {
+  const el = document.querySelector('#scoped-access-token-selector');
+  if (!el) return;
+
+  const {default: ScopedAccessTokenSelector} = await import(/* webpackChunkName: "scoped-access-token-selector" */'../components/ScopedAccessTokenSelector.vue');
+  try {
+    const View = createApp(ScopedAccessTokenSelector, {
+      isAdmin: JSON.parse(el.getAttribute('data-is-admin')),
+      noAccessLabel: el.getAttribute('data-no-access-label'),
+      readLabel: el.getAttribute('data-read-label'),
+      writeLabel: el.getAttribute('data-write-label'),
+    });
+    View.mount(el);
+  } catch (err) {
+    console.error('ScopedAccessTokenSelector failed to load', err);
+    el.textContent = el.getAttribute('data-locale-component-failed-to-load');
+  }
+}
diff --git a/web_src/js/index.ts b/web_src/js/index.ts
index 7ae8969fc8f..81b8828dba9 100644
--- a/web_src/js/index.ts
+++ b/web_src/js/index.ts
@@ -3,7 +3,6 @@ import './bootstrap.ts';
 import './htmx.ts';
 
 import {initRepoActivityTopAuthorsChart} from './components/RepoActivityTopAuthors.vue';
-import {initScopedAccessTokenCategories} from './components/ScopedAccessTokenSelector.vue';
 import {initDashboardRepoList} from './components/DashboardRepoList.vue';
 
 import {initGlobalCopyToClipboardListener} from './features/clipboard.ts';
@@ -80,6 +79,7 @@ import {initColorPickers} from './features/colorpicker.ts';
 import {initAdminSelfCheck} from './features/admin/selfcheck.ts';
 import {initOAuth2SettingsDisableCheckbox} from './features/oauth2-settings.ts';
 import {initGlobalFetchAction} from './features/common-fetch-action.ts';
+import {initScopedAccessTokenCategories} from './features/scoped-access-token.ts';
 import {
   initFootLanguageMenu,
   initGlobalDropdown,

From 951f02ff1ccdc5b7a8fc7389997798a9c2c8f332 Mon Sep 17 00:00:00 2001
From: Yarden Shoham <git@yardenshoham.com>
Date: Fri, 16 Aug 2024 20:48:54 +0300
Subject: [PATCH 006/129] Upgrade `htmx` to `2.0.2` (#31847)

Tested `Follow`, `Star`, `Watch`, and the admin dashboard page. All
functionality remains unchanged.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
---
 package-lock.json | 9 ++++-----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5c56531ec05..e3c3681781b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -29,7 +29,7 @@
         "esbuild-loader": "4.2.2",
         "escape-goat": "4.0.0",
         "fast-glob": "3.3.2",
-        "htmx.org": "2.0.0",
+        "htmx.org": "2.0.2",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
         "katex": "0.16.11",
@@ -7595,10 +7595,9 @@
       }
     },
     "node_modules/htmx.org": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-2.0.0.tgz",
-      "integrity": "sha512-N0r1VjrqeCpig0mTi2/sooDZBeQlp1RBohnWQ/ufqc7ICaI0yjs04fNGhawm6+/HWhJFlcXn8MqOjWI9QGG2lQ==",
-      "license": "0BSD"
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-2.0.2.tgz",
+      "integrity": "sha512-eUPIpQaWKKstX393XNCRCMJTrqPzikh36Y9RceqsUZLTtlFjFaVDgwZLUsrFk8J2uzZxkkfiy0TE359j2eN6hA=="
     },
     "node_modules/human-signals": {
       "version": "5.0.0",
diff --git a/package.json b/package.json
index d1a624f1169..1785a66edf7 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
     "esbuild-loader": "4.2.2",
     "escape-goat": "4.0.0",
     "fast-glob": "3.3.2",
-    "htmx.org": "2.0.0",
+    "htmx.org": "2.0.2",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
     "katex": "0.16.11",

From 61aaf3440142d225802e3e9ce3db28bcf71f5a7e Mon Sep 17 00:00:00 2001
From: Adrian Hirt <13788379+Adrian-Hirt@users.noreply.github.com>
Date: Sat, 17 Aug 2024 05:34:27 +0200
Subject: [PATCH 007/129] Fix overflowing content in action run log (#31842)

When a long line with characters such as dots is returned by a step in
an action (e.g. by the output of the Ruby on Rails test runner), it
overflows the log container, causing the page to scroll sideways.

This PR adds the CSS `overflow-wrap: anywhere;` to the
`.job-step-section .job-step-logs .job-log-line .log-msg` selector,
which causes such lines to wrap as well
---
 web_src/js/components/RepoActionView.vue | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index 7b5d00aa0f5..7adc29ad414 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -863,6 +863,7 @@ export function initRepositoryActionView() {
   word-break: break-all;
   white-space: break-spaces;
   margin-left: 10px;
+  overflow-wrap: anywhere;
 }
 
 /* selectors here are intentionally exact to only match fullscreen */

From 30ac1fb7bc4f3a9235b4725080f8a69eecc89267 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Sun, 18 Aug 2024 00:30:09 +0000
Subject: [PATCH 008/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_de-DE.ini | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 79ddd472017..2c23f320744 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -224,7 +224,7 @@ app_desc=Ein einfacher, selbst gehosteter Git-Service
 install=Einfach zu installieren
 install_desc=Starte einfach <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">die Anwendung</a> für deine Plattform oder nutze <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>. Es existieren auch <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">paketierte Versionen</a>.
 platform=Plattformübergreifend
-platform_desc=Gitea läuft überall, wo <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> kompiliert: Windows, macOS, Linux, ARM, etc. Wähle das System, das dir am meisten gefällt!
+platform_desc=Gitea läuft überall, wo <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> kompiliert: Windows, macOS, Linux, ARM, etc. Wähle das System, das dir am meisten gefällt!
 lightweight=Leichtgewicht
 lightweight_desc=Gitea hat minimale Systemanforderungen und kann selbst auf einem günstigen und stromsparenden Raspberry Pi betrieben werden!
 license=Quelloffen
@@ -680,11 +680,11 @@ applications=Anwendungen
 orgs=Organisationen verwalten
 repos=Repositories
 delete=Konto löschen
-twofa=Zwei-Faktor-Authentifizierung
+twofa=Zwei-Faktor-Authentifizierung (TOTP)
 account_link=Verknüpfte Benutzerkonten
 organization=Organisationen
 uid=UID
-webauthn=Hardware-Sicherheitsschlüssel
+webauthn=Zwei-Faktor-Authentifizierung (Hardware-Sicherheitsschlüssel)
 
 public_profile=Öffentliches Profil
 biography_placeholder=Erzähle uns ein wenig über Dich selbst! (Du kannst Markdown verwenden)

From 561b5c504f0651a4efa78a25a7a9119a77851939 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Mon, 19 Aug 2024 00:28:51 +0000
Subject: [PATCH 009/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_cs-CZ.ini | 29 +++-------------------------
 options/locale/locale_de-DE.ini | 33 +-------------------------------
 options/locale/locale_el-GR.ini | 27 +-------------------------
 options/locale/locale_es-ES.ini | 32 +------------------------------
 options/locale/locale_fa-IR.ini | 21 +-------------------
 options/locale/locale_fi-FI.ini |  8 +-------
 options/locale/locale_fr-FR.ini | 34 +--------------------------------
 options/locale/locale_hu-HU.ini | 10 +---------
 options/locale/locale_id-ID.ini | 16 +---------------
 options/locale/locale_is-IS.ini |  6 +-----
 10 files changed, 12 insertions(+), 204 deletions(-)

diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index a4cecc542ce..fbcbdde8d53 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -229,7 +229,7 @@ app_desc=Snadno přístupný vlastní Git
 install=Jednoduchá na instalaci
 install_desc=Jednoduše <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">spusťte jako binární program</a> pro vaši platformu, nasaďte jej pomocí <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, nebo jej stáhněte jako <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">balíček</a>.
 platform=Multiplatformní
-platform_desc=Gitea běží všude, kde <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> může kompilovat: Windows, macOS, Linux, ARM, atd. Vyberte si ten, který milujete!
+platform_desc=Gitea běží všude, kde <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> může kompilovat: Windows, macOS, Linux, ARM, atd. Vyberte si ten, který milujete!
 lightweight=Lehká
 lightweight_desc=Gitea má minimální požadavky a může běžet na Raspberry Pi. Šetřete energii vašeho stroje!
 license=Open Source
@@ -686,11 +686,11 @@ applications=Aplikace
 orgs=Spravovat organizace
 repos=Repozitáře
 delete=Smazat účet
-twofa=Dvoufaktorové ověřování
+twofa=Dvoufaktorové ověřování (TOTP)
 account_link=Propojené účty
 organization=Organizace
 uid=UID
-webauthn=Bezpečnostní klíče
+webauthn=Dvoufaktorové ověření (Bezpečnostní klíče)
 
 public_profile=Veřejný profil
 biography_placeholder=Řekněte nám něco o sobě! (Můžete použít Markdown)
@@ -926,23 +926,19 @@ revoke_oauth2_grant=Zrušit přístup
 revoke_oauth2_grant_description=Zrušením přístupu této aplikaci třetí strany ji zabráníte v přístupu k vašim datům. Jste si jisti?
 revoke_oauth2_grant_success=Přístup byl úspěšně zrušen.
 
-twofa_desc=Dvoufaktorový způsob ověřování zvýší zabezpečení vašeho účtu.
 twofa_recovery_tip=Pokud ztratíte své zařízení, budete moci použít jednorázový obnovovací klíč k získání přístupu k vašemu účtu.
 twofa_is_enrolled=Váš účet aktuálně <strong>používá</strong> dvoufaktorové ověřování.
 twofa_not_enrolled=Váš účet aktuálně nepoužívá dvoufaktorové ověřování.
 twofa_disable=Zakázat dvoufaktorové ověřování
-twofa_scratch_token_regenerate=Obnovit pomocný token
 twofa_scratch_token_regenerated=Váš jednorázový obnovovací klíč je nyní %s. Uložte jej na bezpečném místě, protože se znovu nezobrazí.
 twofa_enroll=Povolit dvoufaktorové ověřování
 twofa_disable_note=Dvoufaktorové ověřování můžete zakázat, když bude potřeba.
 twofa_disable_desc=Zakážete-li dvoufaktorové ověřování, bude váš účet méně zabezpečený. Pokračovat?
-regenerate_scratch_token_desc=Jestli jste někam založili váš pomocný token nebo jste jej již použili k přihlášení, můžete jej resetovat zde.
 twofa_disabled=Dvoufaktorové ověřování bylo zakázáno.
 scan_this_image=Naskenujte tento obrázek s vaší ověřovací aplikací:
 or_enter_secret=Nebo zadejte tajný kód: %s
 then_enter_passcode=A zadejte přístupový kód zobrazený ve vaší aplikaci:
 passcode_invalid=Přístupový kód není platný. Zkuste to znovu.
-twofa_enrolled=Ve vašem účtu bylo povoleno dvoufaktorové ověřování. Uložte si pomocný token (%s) na bezpečném místě, protože bude zobrazen pouze jednou!
 twofa_failed_get_secret=Nepodařilo se získat tajemství.
 
 webauthn_desc=Bezpečnostní klíče jsou hardwarová zařízení obsahující kryptografické klíče. Mohou být použity pro dvoufaktorové ověřování. Bezpečnostní klíče musí podporovat <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standard.
@@ -1090,9 +1086,7 @@ tree_path_not_found_branch=Cesta %[1]s ve větvi %[2]s neexistuje
 tree_path_not_found_tag=Cesta %[1]s ve značce %[2]s neexistuje
 
 transfer.accept=Přijmout převod
-transfer.accept_desc=Převést do „%s“
 transfer.reject=Odmítnout převod
-transfer.reject_desc=Zrušit převod do „%s“
 transfer.no_permission_to_accept=Nemáte oprávnění k přijetí tohoto převodu.
 transfer.no_permission_to_reject=Nemáte oprávnění k odmítnutí tohoto převodu.
 
@@ -1227,7 +1221,6 @@ releases=Vydání
 tag=Značka
 released_this=vydal/a toto
 tagged_this=označil/a
-file.title=%s v %s
 file_raw=Surový
 file_history=Historie
 file_view_source=Zobrazit zdroj
@@ -1244,7 +1237,6 @@ ambiguous_runes_header=`Tento soubor obsahuje nejednoznačné znaky Unicode`
 ambiguous_runes_description=`Tento soubor obsahuje znaky Unicode, které mohou být zaměněny s jinými znaky. Pokud si myslíte, že je to záměrné, můžete toto varování bezpečně ignorovat. Použijte tlačítko Escape sekvence k jejich zobrazení.`
 invisible_runes_line=`Tento řádek má neviditelné znaky Unicode`
 ambiguous_runes_line=`Tento řádek má nejednoznačné znaky Unicode`
-ambiguous_character=`%[1]c [U+%04[1]X] je zaměnitelný s %[2]c [U+%04[2]X]`
 
 escape_control_characters=Escape sekvence
 unescape_control_characters=Bez escape sekvencí
@@ -1854,9 +1846,7 @@ pulls.unrelated_histories=Sloučení selhalo: Hlavní a základní revize nesdí
 pulls.merge_out_of_date=Sloučení selhalo: Základ byl aktualizován při generování sloučení. Tip: Zkuste to znovu.
 pulls.head_out_of_date=Sloučení selhalo: Hlavní revize byla aktualizován při generování sloučení. Tip: Zkuste to znovu.
 pulls.has_merged=Chyba: Pull request byl sloučen, nelze znovu sloučit nebo změnit cílovou větev.
-pulls.push_rejected=Sloučení selhalo: Nahrání bylo zamítnuto. Zkontrolujte háčky Gitu pro tento repozitář.
 pulls.push_rejected_summary=Úplná zpráva o odmítnutí
-pulls.push_rejected_no_message=Sloučení se nezdařilo: Nahrání bylo odmítnuto, ale nebyla nalezena žádná vzdálená zpráva.<br>Zkontrolujte háčky gitu pro tento repozitář
 pulls.open_unmerged_pull_exists=`Nemůžete provést operaci znovuotevření protože je tu čekající pull request (#%d) s identickými vlastnostmi.`
 pulls.status_checking=Některé kontroly jsou nedořešeny
 pulls.status_checks_success=Všechny kontroly byly úspěšné
@@ -1911,7 +1901,6 @@ milestones.no_due_date=Bez lhůty dokončení
 milestones.open=Otevřít
 milestones.close=Zavřít
 milestones.new_subheader=Milníky vám pomohou organizovat úkoly a sledovat jejich pokrok.
-milestones.completeness=%d%% Dokončeno
 milestones.create=Vytvořit milník
 milestones.title=Název
 milestones.desc=Popis
@@ -2134,7 +2123,6 @@ settings.pulls.default_delete_branch_after_merge=Ve výchozím nastavení mazat
 settings.pulls.default_allow_edits_from_maintainers=Ve výchozím nastavení povolit úpravy od správců
 settings.releases_desc=Povolit vydání v repozitáři
 settings.packages_desc=Povolit registr balíčků repozitáře
-settings.projects_desc=Povolit projekty v repozitáři
 settings.projects_mode_desc=Režim projektů (druhy projektů k zobrazení)
 settings.projects_mode_repo=Pouze projekty repozitáře
 settings.projects_mode_owner=Pouze projekty uživatele nebo organizace
@@ -2360,8 +2348,6 @@ settings.protected_branch.save_rule=Uložit pravidlo
 settings.protected_branch.delete_rule=Odstranit pravidlo
 settings.protected_branch_can_push=Povolit nahrání?
 settings.protected_branch_can_push_yes=Můžete nahrávat
-settings.protected_branch_can_push_no=Nemůžete nahrávat
-settings.branch_protection=Ochrana větví pro větev „<b>%s</b>“
 settings.protect_this_branch=Povolit ochranu větví
 settings.protect_this_branch_desc=Zabraňuje smazání a omezuje gitu nahrávání a slučování do větve.
 settings.protect_disable_push=Zakázat nahrávání
@@ -2373,7 +2359,6 @@ settings.protect_enable_merge_desc=Každému, kdo má přístup k zápisu, bude
 settings.protect_check_status_contexts=Povolit kontrolu stavu
 settings.protect_status_check_patterns=Vzorce kontroly stavu:
 settings.protect_status_check_patterns_desc=Zadejte vzory pro určení, které kontroly stavu musí projít před sloučením větví do větve, která odpovídá tomuto pravidlu. Každý řádek určuje vzor. Vzory nemohou být prázdné.
-settings.protect_check_status_contexts_desc=Požadovat kontrolu stavu před sloučením. Vyberte, jaké kontroly stavu musí projít před tím, než je možné větev sloučit do větve, která vyhovuje tomuto pravidlu. Pokud je povoleno, revize musí být nejprve nahrány do jiné větve, projít kontrolou stavu, a následné sloučeny nebo přímo nahrány do větve, která vyhovuje tomuto pravidlu. Pokud nejsou vybrány žádné kontexty, musí být poslední potvrzení úspěšné bez ohledu na kontext.
 settings.protect_check_status_contexts_list=Kontroly stavu pro tento repozitář zjištěné během posledního týdne
 settings.protect_status_check_matched=Odpovídá
 settings.protect_invalid_status_check_pattern=Neplatný vzor kontroly stavu: „%s“.
@@ -2398,7 +2383,6 @@ settings.delete_protected_branch=Vypnout ochranu
 settings.update_protect_branch_success=Ochrana větví pro větev „%s“ byla aktualizována.
 settings.remove_protected_branch_success=Ochrana větví pro větev „%s“ byla zakázána.
 settings.remove_protected_branch_failed=Odstranění ochranného pravidla větve „%s“ se nezdařilo.
-settings.protected_branch_deletion=Zakázat ochranu větví
 settings.protected_branch_deletion_desc=Zakázání ochrany větví umožní uživatelům s právem zápisu nahrávat do této větve. Pokračovat?
 settings.block_rejected_reviews=Blokovat sloučení při zamítavých posouzeních
 settings.block_rejected_reviews_desc=Slučování nebude možné, pokud o změny požádají oficiální posuzovatelé, i když je k dispozici dostatek schválení.
@@ -2408,7 +2392,6 @@ settings.block_outdated_branch=Blokovat sloučení, pokud je pull request zastar
 settings.block_outdated_branch_desc=Slučování nebude možné, pokud je hlavní větev za základní větví.
 settings.default_branch_desc=Vybrat výchozí větev repozitáře pro pull requesty a revize kódu:
 settings.merge_style_desc=Sloučit styly
-settings.default_merge_style_desc=Výchozí styl sloučení pro požadavky na natažení:
 settings.choose_branch=Vyberte větev…
 settings.no_protected_branch=Nejsou tu žádné chráněné větve.
 settings.edit_protected_branch=Upravit
@@ -2627,7 +2610,6 @@ tag.create_success=Značka „%s“ byla vytvořena.
 
 topic.manage_topics=Spravovat témata
 topic.done=Hotovo
-topic.count_prompt=Nelze vybrat více než 25 témat
 topic.format_prompt=Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a tečky („.“) a může být dlouhé až 35 znaků. Písmena musí být malá.
 
 find_file.go_to_file=Přejít na soubor
@@ -2725,7 +2707,6 @@ teams.leave.detail=Opustit %s?
 teams.can_create_org_repo=Vytvořit repozitáře
 teams.can_create_org_repo_helper=Členové mohou vytvářet nové repozitáře v organizaci. Tvůrce získá přístup správce do nového repozitáře.
 teams.none_access=Bez přístupu
-teams.none_access_helper=Členové nemohou prohlížet ani dělat žádnou jinou akci pro tuto jednotku.
 teams.general_access=Obecný přístup
 teams.general_access_helper=O oprávnění členů bude rozhodnuto níže uvedenou tabulkou oprávnění.
 teams.read_access=Čtení
@@ -3251,7 +3232,6 @@ monitor.next=Příští čas spuštění
 monitor.previous=Předešlý čas spuštění
 monitor.execute_times=Vykonání
 monitor.process=Spuštěné procesy
-monitor.stacktrace=Výpisy zásobníku
 monitor.processes_count=%d procesů
 monitor.download_diagnosis_report=Stáhnout diagnosttickou zprávu
 monitor.desc=Popis
@@ -3259,8 +3239,6 @@ monitor.start=Čas zahájení
 monitor.execute_time=Doba provádění
 monitor.last_execution_result=Výsledek
 monitor.process.cancel=Zrušit proces
-monitor.process.cancel_desc=Zrušení procesu může způsobit ztrátu dat
-monitor.process.cancel_notices=Zrušit: <strong>%s</strong>?
 monitor.process.children=Potomek
 
 monitor.queues=Fronty
@@ -3362,7 +3340,6 @@ raw_minutes=minut
 
 [dropzone]
 default_message=Přetáhněte soubory nebo klikněte sem pro nahrání.
-invalid_input_type=Nemůžete nahrávat soubory tohoto typu.
 file_too_big=Velikost souboru ({{filesize}} MB) je vyšší než maximální velikost ({{maxFilesize}} MB).
 remove_file=Smazat soubor
 
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 2c23f320744..ab6a3cfcd69 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -779,7 +779,7 @@ add_email_success=Die neue E-Mail-Addresse wurde hinzugefügt.
 email_preference_set_success=E-Mail-Einstellungen wurden erfolgreich aktualisiert.
 add_openid_success=Die neue OpenID-Adresse wurde hinzugefügt.
 keep_email_private=E-Mail-Adresse verbergen
-keep_email_private_popup=Dies wird Deine E-Mail-Adresse nicht nur in Deinem Profil ausblenden, sondern auch, wenn Du einen Pull Request erstellst oder eine Datei über das Web-Interface bearbeitest. Gepushte Commits werden nicht geändert.
+keep_email_private_popup=Dies wird Deine E-Mail-Adresse nicht nur in Deinem Profil ausblenden, sondern auch, wenn Du einen Pull Request erstellst oder eine Datei über das Web-Interface bearbeitest. Gepushte Commits werden nicht geändert. Benutze %s in Commits, um sie Deinem Profil zuzuordnen.
 openid_desc=Mit OpenID kannst du dich über einen Drittanbieter authentifizieren.
 
 manage_ssh_keys=SSH-Schlüssel verwalten
@@ -907,7 +907,6 @@ oauth2_client_secret_hint=Das Secret wird nach dem Verlassen oder Aktualisieren
 oauth2_application_edit=Bearbeiten
 oauth2_application_create_description=OAuth2 Anwendungen geben deiner Drittanwendung Zugriff auf Benutzeraccounts dieser Gitea-Instanz.
 oauth2_application_remove_description=Das Entfernen einer OAuth2-Anwendung hat zur Folge, dass diese nicht mehr auf autorisierte Benutzeraccounts auf dieser Instanz zugreifen kann. Möchtest Du fortfahren?
-oauth2_application_locked=Wenn es in der Konfiguration aktiviert ist, registriert Gitea einige OAuth2-Anwendungen beim Starten vor. Um unerwartetes Verhalten zu verhindern, können diese weder bearbeitet noch entfernt werden. Weitere Informationen findest Du in der OAuth2-Dokumentation.
 
 authorized_oauth2_applications=Autorisierte OAuth2-Anwendungen
 authorized_oauth2_applications_description=Den folgenden Drittanbieter-Apps hast Du Zugriff auf Deinen persönlichen Gitea-Account gewährt. Bitte widerrufe die Autorisierung für Apps, die Du nicht mehr nutzt.
@@ -916,23 +915,18 @@ revoke_oauth2_grant=Autorisierung widerrufen
 revoke_oauth2_grant_description=Wenn du die Autorisierung widerrufst, kann die Anwendung nicht mehr auf deine Daten zugreifen. Bist du dir sicher?
 revoke_oauth2_grant_success=Zugriff erfolgreich widerrufen.
 
-twofa_desc=Zwei-Faktor-Authentifizierung trägt zu einer höheren Accountsicherheit bei.
 twofa_recovery_tip=Wenn du dein Gerät verlierst, kannst du einen einmalig verwendbaren Wiederherstellungsschlüssel nutzen, um den Zugriff auf dein Konto wiederherzustellen.
 twofa_is_enrolled=Für dein Konto ist die Zwei-Faktor-Authentifizierung <strong>eingeschaltet</strong>.
 twofa_not_enrolled=Für dein Konto ist die Zwei-Faktor-Authentifizierung momentan nicht eingeschaltet.
 twofa_disable=Zwei-Faktor-Authentifizierung deaktivieren
-twofa_scratch_token_regenerate=Neues Einmalpasswort erstellen
-twofa_scratch_token_regenerated=Dein temporärer Token ist jetzt %s. Speichere ihn an einem sicheren Ort, er wird nie wieder angezeigt.
 twofa_enroll=Zwei-Faktor-Authentifizierung aktivieren
 twofa_disable_note=Du kannst die Zwei-Faktor-Authentifizierung auch wieder deaktivieren.
 twofa_disable_desc=Wenn du die Zwei-Faktor-Authentifizierung deaktivierst, wird die Sicherheit deines Kontos verringert. Fortfahren?
-regenerate_scratch_token_desc=Wenn du dein Einmalpasswort verlegt oder es bereits benutzt hast, kannst du es hier zurücksetzen.
 twofa_disabled=Zwei-Faktor-Authentifizierung wurde deaktiviert.
 scan_this_image=Scanne diese Grafik mit deiner Authentifizierungs-App:
 or_enter_secret=Oder gib das Secret ein: %s
 then_enter_passcode=Und gebe dann die angezeigte PIN der Anwendung ein:
 passcode_invalid=Die PIN ist falsch. Probiere es erneut.
-twofa_enrolled=Die Zwei-Faktor-Authentifizierung wurde für dein Konto aktiviert. Bewahre dein Einmalpasswort (%s) an einem sicheren Ort auf, da es nicht wieder angezeigt werden wird.
 twofa_failed_get_secret=Fehler beim Abrufen des Secrets.
 
 webauthn_desc=Sicherheitsschlüssel sind Geräte, die kryptografische Schlüssel beeinhalten. Diese können für die Zwei-Faktor-Authentifizierung verwendet werden. Der Sicherheitsschlüssel muss den Standard „<a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn</a>“ unterstützen.
@@ -1080,9 +1074,7 @@ tree_path_not_found_branch=Pfad %[1]s existiert nicht in Branch %[2]s
 tree_path_not_found_tag=Pfad %[1]s existiert nicht in Tag %[2]s
 
 transfer.accept=Übertragung Akzeptieren
-transfer.accept_desc=`Übertragung nach "%s"`
 transfer.reject=Übertragung Ablehnen
-transfer.reject_desc=Übertragung nach "%s " abbrechen
 transfer.no_permission_to_accept=Du hast keine Berechtigung, diesen Transfer anzunehmen.
 transfer.no_permission_to_reject=Du hast keine Berechtigung, diesen Transfer abzulehnen.
 
@@ -1217,7 +1209,6 @@ releases=Releases
 tag=Tag
 released_this=hat released
 tagged_this=hat getaggt
-file.title=%s an %s
 file_raw=Originalformat
 file_history=Verlauf
 file_view_source=Quelltext anzeigen
@@ -1231,7 +1222,6 @@ ambiguous_runes_header=`Diese Datei enthält mehrdeutige Unicode-Zeichen`
 ambiguous_runes_description=`Diese Datei enthält Unicode-Zeichen, die mit anderen Zeichen verwechselt werden können. Wenn du glaubst, dass das absichtlich so ist, kannst du diese Warnung ignorieren. Benutze den „Escape“-Button, um versteckte Zeichen anzuzeigen.`
 invisible_runes_line=`Diese Zeile enthält unsichtbare Unicode-Zeichen`
 ambiguous_runes_line=`Diese Zeile enthält mehrdeutige Unicode-Zeichen`
-ambiguous_character=`%[1]c [U+%04[1]X] kann mit %[2]c [U+%04[2]X] verwechselt werden`
 
 escape_control_characters=Escapen
 unescape_control_characters=Unescapen
@@ -1835,9 +1825,7 @@ pulls.unrelated_histories=Merge fehlgeschlagen: Der Head des Merges und die Basi
 pulls.merge_out_of_date=Merge fehlgeschlagen: Während des Mergens wurde die Basis aktualisiert. Hinweis: Versuche es erneut.
 pulls.head_out_of_date=Mergen fehlgeschlagen: Der Head wurde aktualisiert während der Merge erstellt wurde. Tipp: Versuche es erneut.
 pulls.has_merged=Fehler: Der Pull-Request wurde gemerged, du kannst den Zielbranch nicht wieder mergen oder ändern.
-pulls.push_rejected=Mergen fehlgeschlagen: Der Push wurde abgelehnt. Überprüfe die Git Hooks für dieses Repository.
 pulls.push_rejected_summary=Vollständige Ablehnungsmeldung
-pulls.push_rejected_no_message=Mergen fehlgeschlagen: Der Push wurde abgelehnt, aber es gab keine Fehlermeldung.<br>Überprüfe die Git Hooks für dieses Repository
 pulls.open_unmerged_pull_exists=`Du kannst diesen Pull-Request nicht erneut öffnen, da noch ein anderer (#%d) mit identischen Eigenschaften offen ist.`
 pulls.status_checking=Einige Prüfungen sind noch ausstehend
 pulls.status_checks_success=Alle Prüfungen waren erfolgreich
@@ -1891,7 +1879,6 @@ milestones.no_due_date=Kein Fälligkeitsdatum
 milestones.open=Öffnen
 milestones.close=Schließen
 milestones.new_subheader=Benutze Meilensteine, um Issues zu organisieren und den Fortschritt darzustellen.
-milestones.completeness=%d%% abgeschlossen
 milestones.create=Meilenstein erstellen
 milestones.title=Titel
 milestones.desc=Beschreibung
@@ -2076,7 +2063,6 @@ settings.push_mirror_sync_in_progress=Aktuell werden Änderungen auf %s gepusht.
 settings.site=Webseite
 settings.update_settings=Einstellungen speichern
 settings.update_mirror_settings=Mirror-Einstellungen aktualisieren
-settings.branches.switch_default_branch=Standardbranch wechseln
 settings.branches.update_default_branch=Standardbranch aktualisieren
 settings.branches.add_new_rule=Neue Regel hinzufügen
 settings.advanced_settings=Erweiterte Einstellungen
@@ -2113,7 +2099,6 @@ settings.pulls.default_delete_branch_after_merge=Standardmäßig bei Pull-Reques
 settings.pulls.default_allow_edits_from_maintainers=Änderungen von Maintainern standardmäßig erlauben
 settings.releases_desc=Repository-Releases aktivieren
 settings.packages_desc=Repository Packages Registry aktivieren
-settings.projects_desc=Repository-Projekte aktivieren
 settings.projects_mode_desc=Projekte-Modus (welche Art Projekte angezeigt werden sollen)
 settings.projects_mode_repo=Nur Repo-Projekte
 settings.projects_mode_owner=Nur Benutzer- oder Organisations-Projekte
@@ -2337,10 +2322,6 @@ settings.branches=Branches
 settings.protected_branch=Branch-Schutz
 settings.protected_branch.save_rule=Regel speichern
 settings.protected_branch.delete_rule=Regel löschen
-settings.protected_branch_can_push=Push erlauben?
-settings.protected_branch_can_push_yes=Du kannst pushen
-settings.protected_branch_can_push_no=Du kannst nicht pushen
-settings.branch_protection=Branch-Schutz für Branch „<b>%s</b>“
 settings.protect_this_branch=Branch-Schutz aktivieren
 settings.protect_this_branch_desc=Verhindert das Löschen und schränkt Git auf Push- und Merge-Änderungen auf dem Branch ein.
 settings.protect_disable_push=Push deaktivieren
@@ -2352,7 +2333,6 @@ settings.protect_enable_merge_desc=Jeder mit Schreibzugriff darf die Pull-Reques
 settings.protect_check_status_contexts=Statusprüfungen aktivieren
 settings.protect_status_check_patterns=Statuscheck-Muster:
 settings.protect_status_check_patterns_desc=Gib Muster ein, um festzulegen, welche Statusüberprüfungen durchgeführt werden müssen, bevor Branches in einen Branch, der dieser Regel entspricht, gemerged werden können. Jede Zeile gibt ein Muster an. Muster dürfen nicht leer sein.
-settings.protect_check_status_contexts_desc=Vor dem Mergen müssen Statusprüfungen bestanden werden. Wähle aus, welche Statusprüfungen erfolgreich durchgeführt werden müssen, bevor Branches in einen anderen gemergt werden können, der dieser Regel entspricht. Wenn aktiviert, müssen Commits zuerst auf einen anderen Branch gepusht werden, dann nach bestandener Statusprüfung gemergt oder direkt auf einen Branch gepusht werden, der dieser Regel entspricht. Wenn kein Kontext ausgewählt ist, muss der letzte Commit unabhängig vom Kontext erfolgreich sein.
 settings.protect_check_status_contexts_list=Statusprüfungen, die in der letzten Woche für dieses Repository gefunden wurden
 settings.protect_status_check_matched=Übereinstimmung
 settings.protect_invalid_status_check_pattern=Ungültiges Muster: "%s".
@@ -2372,12 +2352,9 @@ settings.protect_protected_file_patterns=Geschützte Dateimuster (durch Semikolo
 settings.protect_protected_file_patterns_desc=Geschützte Dateien dürfen nicht direkt geändert werden, auch wenn der Benutzer Rechte hat, Dateien in diesem Branch hinzuzufügen, zu bearbeiten oder zu löschen. Mehrere Muster können mit Semikolon (';') getrennt werden. Siehe <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> Dokumentation zur Mustersyntax. Beispiele: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Ungeschützte Dateimuster (durch Semikolon ';' getrennt):
 settings.protect_unprotected_file_patterns_desc=Ungeschützte Dateien, die direkt geändert werden dürfen, wenn der Benutzer Schreibzugriff hat, können die Push-Beschränkung umgehen. Mehrere Muster können mit Semikolon (';') getrennt werden. Siehe <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> Dokumentation zur Mustersyntax. Beispiele: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
-settings.add_protected_branch=Schutz aktivieren
-settings.delete_protected_branch=Schutz deaktivieren
 settings.update_protect_branch_success=Branchschutzregel "%s" wurde geändert.
 settings.remove_protected_branch_success=Branchschutzregel "%s" wurde deaktiviert.
 settings.remove_protected_branch_failed=Entfernen der Branchschutzregel "%s" fehlgeschlagen.
-settings.protected_branch_deletion=Branch-Schutz deaktivieren
 settings.protected_branch_deletion_desc=Wenn du den Branch-Schutz deaktivierst, können alle Nutzer mit Schreibrechten auf den Branch pushen. Fortfahren?
 settings.block_rejected_reviews=Merge bei abgelehnten Reviews blockieren
 settings.block_rejected_reviews_desc=Mergen ist nicht möglich, wenn Änderungen durch offizielle Reviewer angefragt werden, auch wenn es genügend Zustimmungen gibt.
@@ -2387,7 +2364,6 @@ settings.block_outdated_branch=Merge blockieren, wenn der Pull-Request veraltet
 settings.block_outdated_branch_desc=Mergen ist nicht möglich, wenn der Head-Branch hinter dem Basis-Branch ist.
 settings.default_branch_desc=Wähle einen Standardbranch für Pull-Requests und Code-Commits:
 settings.merge_style_desc=Merge-Styles
-settings.default_merge_style_desc=Standard Mergeverhalten für Pull Requests:
 settings.choose_branch=Branch wählen…
 settings.no_protected_branch=Es gibt keine geschützten Branches.
 settings.edit_protected_branch=Bearbeiten
@@ -2606,7 +2582,6 @@ tag.create_success=Tag "%s" wurde erstellt.
 
 topic.manage_topics=Themen verwalten
 topic.done=Fertig
-topic.count_prompt=Du kannst nicht mehr als 25 Themen auswählen
 topic.format_prompt=Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) und Punkte ('.') enthalten und bis zu 35 Zeichen lang sein. Nur Kleinbuchstaben sind zulässig.
 
 find_file.go_to_file=Datei suchen
@@ -2704,7 +2679,6 @@ teams.leave.detail=%s verlassen?
 teams.can_create_org_repo=Repositories erstellen
 teams.can_create_org_repo_helper=Mitglieder können neue Repositories in der Organisation erstellen. Der Ersteller erhält Administrator-Zugriff auf das neue Repository.
 teams.none_access=Kein Zugriff
-teams.none_access_helper=Teammitglieder haben keinen Zugriff auf diese Einheit.
 teams.general_access=Allgemeiner Zugriff
 teams.general_access_helper=Mitgliederberechtigungen werden durch folgende Berechtigungstabelle festgelegt.
 teams.read_access=Lesen
@@ -3223,7 +3197,6 @@ monitor.next=Nächste Ausführung
 monitor.previous=Letzte Ausführung
 monitor.execute_times=Ausführungen
 monitor.process=Laufende Prozesse
-monitor.stacktrace=Stacktraces
 monitor.processes_count=%d Prozesse
 monitor.download_diagnosis_report=Diagnosebericht herunterladen
 monitor.desc=Beschreibung
@@ -3231,8 +3204,6 @@ monitor.start=Startzeit
 monitor.execute_time=Ausführungszeit
 monitor.last_execution_result=Ergebnis
 monitor.process.cancel=Prozess abbrechen
-monitor.process.cancel_desc=Abbrechen eines Prozesses kann Datenverlust verursachen
-monitor.process.cancel_notices=Abbrechen: <strong>%s</strong>?
 monitor.process.children=Subprozesse
 
 monitor.queues=Warteschlangen
@@ -3331,8 +3302,6 @@ raw_minutes=Minuten
 
 [dropzone]
 default_message=Zum Hochladen hier klicken oder Datei ablegen.
-invalid_input_type=Dateien dieses Dateityps können nicht hochgeladen werden.
-file_too_big=Dateigröße ({{filesize}} MB) überschreitet die Maximalgröße ({{maxFilesize}} MB).
 remove_file=Datei entfernen
 
 [notification]
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 79bdd66058c..7ed45df23c3 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -195,7 +195,7 @@ app_desc=Μια ανώδυνη, αυτο-φιλοξενούμενη υπηρεσ
 install=Εύκολο στην εγκατάσταση
 install_desc=Απλά <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">εκτελέστε το αρχείο προγράμματος</a> για την πλατφόρμα σας, χρήσιμοποιήστε το με το <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, ή εγκαταστήστε το <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">πακέτο</a>.
 platform=Πολυπλατφορμικό
-platform_desc=Ο Gitea τρέχει οπουδήποτε <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> μπορεί να γίνει compile για: Windows, macOS, Linux, ARM, κλπ. Επιλέξτε αυτό που αγαπάτε!
+platform_desc=Ο Gitea τρέχει οπουδήποτε <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> μπορεί να γίνει compile για: Windows, macOS, Linux, ARM, κλπ. Επιλέξτε αυτό που αγαπάτε!
 lightweight=Ελαφρύ
 lightweight_desc=Gitea έχει χαμηλές ελάχιστες απαιτήσεις και μπορεί να τρέξει σε ένα οικονομικό Raspberry Pi. Εξοικονομήστε ενέργεια!
 license=Ανοικτού κώδικα
@@ -619,11 +619,9 @@ applications=Εφαρμογές
 orgs=Διαχείριση Οργανισμών
 repos=Αποθετήρια
 delete=Διαγραφή Λογαριασμού
-twofa=Έλεγχος Ταυτότητας Δύο Παραγόντων
 account_link=Συνδεδεμένοι Λογαριασμοί
 organization=Οργανισμοί
 uid=UID
-webauthn=Κλειδιά Ασφαλείας
 
 public_profile=Δημόσιο Προφίλ
 biography_placeholder=Πείτε μας λίγο για τον εαυτό σας! (Μπορείτε να γράψετε με Markdown)
@@ -855,23 +853,19 @@ revoke_oauth2_grant=Ανάκληση Πρόσβασης
 revoke_oauth2_grant_description=Η ανάκληση πρόσβασης για αυτή την εξωτερική εφαρμογή θα αποτρέψει αυτή την εφαρμογή από την πρόσβαση στα δεδομένα σας. Σίγουρα;
 revoke_oauth2_grant_success=Η πρόσβαση ανακλήθηκε επιτυχώς.
 
-twofa_desc=Ο έλεγχος ταυτότητας δύο παραγόντων ενισχύει την ασφάλεια του λογαριασμού σας.
 twofa_recovery_tip=Αν χάσετε τη συσκευή σας, θα είστε σε θέση να χρησιμοποιήσετε ένα κλειδί ανάκτησης μιας χρήσης για να ανακτήσετε την πρόσβαση στο λογαριασμό σας.
 twofa_is_enrolled=Ο λογαριασμός σας είναι <strong>εγγεγραμμένος</strong> σε έλεγχο ταυτότητας δύο παραγόντων.
 twofa_not_enrolled=Ο λογαριασμός σας δεν είναι εγγεγραμμένος σε έλεγχο ταυτότητας δύο παραγόντων.
 twofa_disable=Απενεργοποίηση Ταυτοποίησης Δύο Παραμέτρων
-twofa_scratch_token_regenerate=Αναδημιουργία Διακριτικού Μίας Χρήσης
 twofa_scratch_token_regenerated=Το κλειδί ανάκτησης μιας χρήσης είναι τώρα %s. Αποθηκεύστε το σε ασφαλές μέρος, καθώς δε θα εμφανιστεί ξανά.
 twofa_enroll=Εγγραφή στην ταυτοποίηση δύο παραγόντων
 twofa_disable_note=Μπορείτε να απενεργοποιήσετε την ταυτοποίηση δύο παραγόντων αν χρειαστεί.
 twofa_disable_desc=Η απενεργοποίηση της ταυτοποίησης δύο παραγόντων θα καταστήσει τον λογαριασμό σας λιγότερο ασφαλή. Συνέχεια;
-regenerate_scratch_token_desc=Αν χάσατε το διακριτικό μίας χρήσης σας ή το έχετε ήδη χρησιμοποιήσει για να συνδεθείτε μπορείτε να το επαναφέρετε εδώ.
 twofa_disabled=Η ταυτοποίηση δύο παραγόντων έχει απενεργοποιηθεί.
 scan_this_image=Σαρώστε αυτή την εικόνα με την εφαρμογή ταυτοποίησης:
 or_enter_secret=Ή εισάγετε το μυστικό: %s
 then_enter_passcode=Και εισάγετε τον κωδικό που εμφανίζεται στην εφαρμογή:
 passcode_invalid=Ο κωδικός είναι λάθος. Δοκιμάστε ξανά.
-twofa_enrolled=Ο λογαριασμός σας έχει εγγραφεί σε ταυτοποίηση δύο παραγόντων. Αποθηκεύστε το διακριτικό μιας χρήσης (%s) σε ασφαλές μέρος καθώς εμφανίζεται μόνο μία φορά!
 twofa_failed_get_secret=Αποτυχία λήψης μυστικού.
 
 webauthn_desc=Τα κλειδιά ασφαλείας είναι συσκευές που περιέχουν κρυπτογραφικά κλειδιά. Μπορούν να χρησιμοποιηθούν για έλεγχο ταυτότητας δύο παραγόντων. Τα κλειδιά ασφαλείας πρέπει να υποστηρίζουν το <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">πρότυπο WebAuthn Authn Authenticator</a>.
@@ -1013,9 +1007,7 @@ tree_path_not_found_branch=Η διαδρομή %[1]s δεν υπάρχει στ
 tree_path_not_found_tag=Η διαδρομή %[1]s δεν υπάρχει στην ετικέτα %[2]s
 
 transfer.accept=Αποδοχή Μεταφοράς
-transfer.accept_desc=`Μεταφορά στο "%s"`
 transfer.reject=Απόρριψη Μεταφοράς
-transfer.reject_desc=`Ακύρωση μεταφοράς σε "%s"`
 transfer.no_permission_to_accept=Δεν έχετε άδεια να αποδεχτείτε αυτή τη μεταφορά.
 transfer.no_permission_to_reject=Δεν έχετε άδεια να απορρίψετε αυτή τη μεταφορά.
 
@@ -1148,7 +1140,6 @@ releases=Κυκλοφορίες
 tag=Ετικέτα
 released_this=κυκλοφόρησε αυτό
 tagged_this=πρόσθεσε ετικέτα για το
-file.title=%s στο %s
 file_raw=Ακατέργαστο
 file_history=Ιστορικό
 file_view_source=Προβολή Πηγαίου
@@ -1162,7 +1153,6 @@ ambiguous_runes_header=`Αυτό το αρχείο περιέχει ασαφεί
 ambiguous_runes_description=`Αυτό το αρχείο περιέχει χαρακτήρες Unicode που μπορεί να συγχέονται με άλλους χαρακτήρες. Αν νομίζετε ότι αυτό είναι σκόπιμο, μπορείτε να αγνοήσετε με ασφάλεια αυτή την προειδοποίηση. Χρησιμοποιήστε το κουμπί Escape για να τους αποκαλύψετε.`
 invisible_runes_line=`Αυτή η γραμμή έχει αόρατους χαρακτήρες unicode `
 ambiguous_runes_line=`Αυτή η γραμμή έχει ασαφείς χαρακτήρες unicode `
-ambiguous_character=`ο %[1]c [U+%04[1]X] μπορεί να μπερδευτεί με τον %[2]c [U+%04[2]X]`
 
 escape_control_characters=Escape
 unescape_control_characters=Unescape
@@ -1754,9 +1744,7 @@ pulls.unrelated_histories=H Συγχώνευση Απέτυχε: Η κεφαλή
 pulls.merge_out_of_date=Η συγχώνευση απέτυχε: Κατά τη δημιουργία της συγχώνευσης, η βάση ενημερώθηκε. Συμβουλή: Δοκιμάστε ξανά.
 pulls.head_out_of_date=Η συγχώνευση απέτυχε: Κατά τη δημιουργία της συγχώνευσης, το HEAD ενημερώθηκε. Συμβουλή: Δοκιμάστε ξανά.
 pulls.has_merged=Αποτυχία: Το pull request έχει συγχωνευθεί, δεν είναι δυνατή η συγχώνευση ξανά ή να αλλάξει ο κλάδος προορισμού.
-pulls.push_rejected=Η συγχώνευση απέτυχε: Η ώθηση απορρίφθηκε. Ελέγξτε τα Άγκιστρα Git για αυτό το αποθετήριο.
 pulls.push_rejected_summary=Μήνυμα Πλήρους Απόρριψης
-pulls.push_rejected_no_message=H Συγχώνευση Aπέτυχε: Η ώθηση απορρίφθηκε, αλλά δεν υπήρχε απομακρυσμένο μήνυμα.<br>Ελέγξτε τα Άγκιστρα Git για αυτό το αποθετήριο
 pulls.open_unmerged_pull_exists=`Δεν μπορείτε να ανοίξετε εκ νέου, επειδή υπάρχει ένα εκκρεμές pull request (#%d) με πανομοιότυπες ιδιότητες.`
 pulls.status_checking=Μερικοί έλεγχοι εκκρεμούν
 pulls.status_checks_success=Όλοι οι έλεγχοι ήταν επιτυχείς
@@ -1810,7 +1798,6 @@ milestones.no_due_date=Δεν υπάρχει ημερομηνία παράδοσ
 milestones.open=Άνοιγμα
 milestones.close=Κλείσιμο
 milestones.new_subheader=Τα ορόσημα μπορούν να σας βοηθήσουν να οργανώσετε τα ζητήματα και να παρακολουθείτε την πρόοδό τους.
-milestones.completeness=%d%% Ολοκληρώθηκε
 milestones.create=Δημιουργία Ορόσημου
 milestones.title=Τίτλος
 milestones.desc=Περιγραφή
@@ -2022,7 +2009,6 @@ settings.pulls.default_delete_branch_after_merge=Διαγραφή του κλά
 settings.pulls.default_allow_edits_from_maintainers=Να επιτρέπονται από προεπιλογή οι αλλαγές από τους συντηρητές
 settings.releases_desc=Ενεργοποίηση Κυκλοφοριών Αποθετηρίου
 settings.packages_desc=Ενεργοποίηση Μητρώου Πακέτων Αποθετηρίου
-settings.projects_desc=Ενεργοποίηση Έργων Αποθετηρίου
 settings.projects_mode_all=Όλα τα έργα
 settings.actions_desc=Ενεργοποίηση Δράσεων Αποθετηρίου
 settings.admin_settings=Ρυθμίσεις Διαχειριστή
@@ -2243,8 +2229,6 @@ settings.protected_branch.save_rule=Αποθήκευση Κανόνα
 settings.protected_branch.delete_rule=Διαγραφή Κανόνα
 settings.protected_branch_can_push=Επιτρέψτε ώθηση;
 settings.protected_branch_can_push_yes=Μπορείτε να ωθήσετε
-settings.protected_branch_can_push_no=Δεν μπορείτε να ωθήσετε
-settings.branch_protection=Προστασία Κλάδου για το Κλάδο '<b>%s</b>'
 settings.protect_this_branch=Ενεργοποίηση Προστασίας Κλάδου
 settings.protect_this_branch_desc=Αποτρέπει τη διαγραφή και περιορίζει το Git push και συγχώνευση στον κλάδο.
 settings.protect_disable_push=Απενεργοποίηση Ώθησης
@@ -2256,7 +2240,6 @@ settings.protect_enable_merge_desc=Οποιοσδήποτε έχει πρόσβ
 settings.protect_check_status_contexts=Ενεργοποίηση Ελέγχου Κατάστασης
 settings.protect_status_check_patterns=Μοτίβα ελέγχου κατάστασης:
 settings.protect_status_check_patterns_desc=Ορίστε μοτίβα για να καθορίσετε ποιοι έλεγχοι κατάστασης πρέπει να περάσουν πριν οι κλάδοι να μπορούν να συγχωνευτούν σε έναν κλάδο που ταιριάζει με αυτόν τον κανόνα. Κάθε γραμμή καθορίζει ένα μοτίβο. Τα μοτίβα δεν μπορούν να είναι κενά.
-settings.protect_check_status_contexts_desc=Απαιτείται έλεγχος κατάστασης για να περάσει το pull request πριν από τη συγχώνευση. Επιλέξτε ποιοι έλεγχοι κατάστασης πρέπει να περάσουν πριν κλάδοι μπορούν να συγχωνευτούν σε έναν κλάδο που ταιριάζει με αυτόν τον κανόνα. Όταν είναι ενεργοποιημένο, οι υποβολές πρέπει πρώτα να γίνονται push σε άλλο κλάδο, στη συνέχεια, να συγχωνεύονται ή γίνονται push απευθείας σε ένα κλάδο που ταιριάζει με αυτόν τον κανόνα, αφού έχουν ολοκληρωθεί οι έλεγχοι κατάστασης. Αν δεν επιλεχθεί κανένα πλαίσιο, η τελευταία υποβολή πρέπει να είναι επιτυχής ανεξάρτητα από το πλαίσιο.
 settings.protect_check_status_contexts_list=Έλεγχοι κατάστασης που βρέθηκαν την τελευταία εβδομάδα για αυτό το αποθετήριο
 settings.protect_status_check_matched=Ταιριάζει
 settings.protect_invalid_status_check_pattern=Μη έγκυρο μοτίβο ελέγχου κατάστασης: "%s".
@@ -2279,7 +2262,6 @@ settings.delete_protected_branch=Απενεργοποίηση προστασία
 settings.update_protect_branch_success=Η προστασία κλάδου για τον κανόνα "%s" ενημερώθηκε.
 settings.remove_protected_branch_success=Η προστασία κλάδου για τον κανόνα "%s" αφαιρέθηκε.
 settings.remove_protected_branch_failed=Η αφαίρεση του κανόνα προστασίας κλάδου "%s" απέτυχε.
-settings.protected_branch_deletion=Απενεργοποίηση Προστασίας Κλάδου
 settings.protected_branch_deletion_desc=Η απενεργοποίηση της προστασίας του κλάδου επιτρέπει στους χρήστες με άδεια εγγραφής να κάνουν push στον κλάδο. Συνέχεια;
 settings.block_rejected_reviews=Φραγή συγχώνευσης αν υπάρχουν απορριπτικές αξιολογήσεις
 settings.block_rejected_reviews_desc=Η συγχώνευση δεν θα είναι δυνατή όταν οι αλλαγές ζητούνται από τους επίσημους εξεταστές, ακόμη και αν υπάρχουν αρκετές εγκρίσεις.
@@ -2289,7 +2271,6 @@ settings.block_outdated_branch=Φραγή συγχώνευσης αν το pull
 settings.block_outdated_branch_desc=Η συγχώνευση δεν θα είναι δυνατή όταν ο κλάδος κεφαλής είναι πίσω από τον βασικό κλάδο.
 settings.default_branch_desc=Επιλέξτε έναν προεπιλεγμένο κλάδο αποθετηρίου για pull requests και υποβολές κώδικα:
 settings.merge_style_desc=Συγχώνευση Στυλ
-settings.default_merge_style_desc=Προεπιλεγμένο στυλ συγχώνευσης για pull requests:
 settings.choose_branch=Επιλέξτε έναν κλάδο…
 settings.no_protected_branch=Δεν υπάρχουν προστατευμένοι κλάδοι.
 settings.edit_protected_branch=Επεξεργασία
@@ -2507,7 +2488,6 @@ tag.create_success=Η ετικέτα "%s" δημιουργήθηκε.
 
 topic.manage_topics=Διαχείριση Θεμάτων
 topic.done=Ολοκληρώθηκε
-topic.count_prompt=Δεν μπορείτε να επιλέξετε περισσότερα από 25 θέματα
 topic.format_prompt=Τα θέματα πρέπει να ξεκινούν με γράμμα ή αριθμό, μπορούν να περιλαμβάνουν παύλες ('-') και τελείες ('.'), μπορεί να είναι μέχρι 35 χαρακτήρες. Τα γράμματα πρέπει να είναι πεζά.
 
 find_file.go_to_file=Αναζήτηση αρχείου
@@ -2597,7 +2577,6 @@ teams.leave.detail=Αποχώρηση από %s;
 teams.can_create_org_repo=Δημιουργία αποθετηρίων
 teams.can_create_org_repo_helper=Τα μέλη μπορούν να δημιουργήσουν νέα αποθετήρια στον οργανισμό. Ο δημιουργός θα αποκτήσει πρόσβαση διαχειριστή στο νέο αποθετήριο.
 teams.none_access=Καμία Πρόσβαση
-teams.none_access_helper=Τα μέλη δεν μπορούν να δουν ή να κάνουν οποιαδήποτε άλλη ενέργεια σε αυτή τη μονάδα.
 teams.general_access=Γενική Πρόσβαση
 teams.general_access_helper=Τα δικαιώματα των μελών αποφασίζονται από το παρακάτω πίνακα αδειών.
 teams.read_access=Ανάγνωση
@@ -3110,7 +3089,6 @@ monitor.next=Επόμενη Ώρα
 monitor.previous=Προηγούμενη Ώρα
 monitor.execute_times=Εκτελέσεις
 monitor.process=Εκτελούμενες Διεργασίες
-monitor.stacktrace=Ιχνηλατήσεις Στοίβας
 monitor.processes_count=%d Διεργασίες
 monitor.download_diagnosis_report=Λήψη αναφοράς διάγνωσης
 monitor.desc=Περιγραφή
@@ -3118,8 +3096,6 @@ monitor.start=Ώρα Έναρξης
 monitor.execute_time=Χρόνος Εκτέλεσης
 monitor.last_execution_result=Αποτέλεσμα
 monitor.process.cancel=Ακύρωση διαδικασίας
-monitor.process.cancel_desc=Η ακύρωση μιας διαδικασίας μπορεί να προκαλέσει απώλεια δεδομένων
-monitor.process.cancel_notices=Ακύρωση: <strong>%s</strong>;
 monitor.process.children=Θυγατρικές
 
 monitor.queues=Ουρές
@@ -3212,7 +3188,6 @@ raw_minutes=λεπτά
 
 [dropzone]
 default_message=Σύρετε αρχεία ή κάντε κλικ εδώ για να τα ανεβάσετε.
-invalid_input_type=Δεν μπορείτε να ανεβάσετε αρχεία αυτού του τύπου.
 file_too_big=Το μέγεθος αρχείου ({{filesize}} MB) υπερβαίνει το μέγιστο μέγεθος ({{maxFilesize}} MB).
 remove_file=Αφαίρεση αρχείου
 
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 4b31116b3e0..5f142e99b37 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -193,7 +193,7 @@ app_desc=Un servicio de Git autoalojado y sin complicaciones
 install=Fácil de instalar
 install_desc=Simplemente <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">ejecuta el binario</a> para tu plataforma, lánzalo con <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>o consíguelo <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">empaquetado</a>.
 platform=Multiplataforma
-platform_desc=Gitea funciona en cualquier platforma <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> puede compilarlo en: Windows, macOS, Linux, ARM, etc. ¡Elige tu favorita!
+platform_desc=Gitea funciona en cualquier platforma <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> puede compilarlo en: Windows, macOS, Linux, ARM, etc. ¡Elige tu favorita!
 lightweight=Ligero
 lightweight_desc=Gitea tiene pocos requisitos y puede funcionar en una Raspberry Pi barata. ¡Ahorra energía!
 license=Código abierto
@@ -616,11 +616,9 @@ applications=Aplicaciones
 orgs=Administrar organizaciones
 repos=Repositorios
 delete=Eliminar cuenta
-twofa=Autenticación de doble factor
 account_link=Cuentas vinculadas
 organization=Organizaciones
 uid=UID
-webauthn=Llaves de Seguridad
 
 public_profile=Perfil público
 biography_placeholder=¡Cuéntanos un poco sobre ti mismo! (Puedes usar Markdown)
@@ -715,7 +713,6 @@ add_email_success=La nueva dirección de correo electrónico ha sido añadida.
 email_preference_set_success=La preferencia de correo electrónico se ha establecido correctamente.
 add_openid_success=La nueva dirección OpenID ha sido añadida.
 keep_email_private=Ocultar dirección de correo electrónico
-keep_email_private_popup=Esto ocultará su dirección de correo electrónico de su perfil, así como cuando haga un pull request o edite un archivo usando la interfaz web. Los commits enviados no serán modificados.
 openid_desc=OpenID le permite delegar la autenticación a un proveedor externo.
 
 manage_ssh_keys=Gestionar Claves SSH
@@ -843,7 +840,6 @@ oauth2_client_secret_hint=El secreto no se mostrará de nuevo después de salir
 oauth2_application_edit=Editar
 oauth2_application_create_description=Las aplicaciones OAuth2 le dan acceso a su aplicación de terceros a cuentas de usuario en esta instancia.
 oauth2_application_remove_description=Eliminar una aplicación de OAuth2 evitará que acceda a cuentas de usuario autorizadas en esta instancia. ¿Continuar?
-oauth2_application_locked=Gitea pre-registra algunas aplicaciones de OAuth2 en el arranque si están habilitadas en la configuración. Para prevenir un comportamiento inesperado, estos no pueden ser editados ni removidos. Por favor, consulte la documentación de OAuth2 para más información.
 
 authorized_oauth2_applications=Aplicaciones OAuth2 autorizadas
 authorized_oauth2_applications_description=Has concedido acceso a tu cuenta personal de Gitea a estas aplicaciones de terceros. Por favor, revoca el acceso para las aplicaciones que ya no necesitas.
@@ -852,22 +848,17 @@ revoke_oauth2_grant=Revocar acceso
 revoke_oauth2_grant_description=Revocar el acceso a esta aplicación impedirá que esta aplicación acceda a sus datos. ¿Está seguro?
 revoke_oauth2_grant_success=Acceso revocado correctamente.
 
-twofa_desc=La autenticación de doble factor mejora la seguridad de su cuenta.
 twofa_is_enrolled=Su cuenta actualmente está <strong>registrada</strong> en la autenticación de doble factor.
 twofa_not_enrolled=Tu cuenta no está actualmente inscrita en la autenticación de doble factor.
 twofa_disable=Deshabilitar autenticación de doble factor
-twofa_scratch_token_regenerate=Regenerar código de respaldo
-twofa_scratch_token_regenerated=Tu token de scratch es ahora %s. Guárdelo en un lugar seguro, nunca se volverá a mostrar.
 twofa_enroll=Inscribirse en la autenticación de doble factor
 twofa_disable_note=Puede deshabilitar la autenticación de doble factor si lo necesita.
 twofa_disable_desc=Deshabilitar la autenticación de doble factor hará su cuenta menos segura. ¿Continuar?
-regenerate_scratch_token_desc=Si extravió su código de respaldo, o ya lo usó para iniciar sesión, puede restablecerlo aquí.
 twofa_disabled=La autenticación de doble factor ha sido deshabilitada.
 scan_this_image=Escanee esta imagen con su aplicación de autenticación:
 or_enter_secret=O introduzca el secreto: %s
 then_enter_passcode=E introduzca el código de acceso mostrado en la aplicación:
 passcode_invalid=El código de acceso es incorrecto. Vuelva a intentarlo.
-twofa_enrolled=Su cuenta ha sido inscrita en la autenticación de doble factor. ¡Guarde su código de respaldo (%s) en un lugar seguro, ya que sólo se muestra una vez!
 twofa_failed_get_secret=No se pudo obtener el secreto.
 
 webauthn_desc=Las claves de seguridad son dispositivos hardware que contienen claves criptográficas. Pueden ser usados para la autenticación de doble factor. Las claves de seguridad deben soportar el estándar <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a>.
@@ -1006,9 +997,7 @@ tree_path_not_found_branch=La ruta %[1]s no existe en la rama %[2]s
 tree_path_not_found_tag=La ruta %[1]s no existe en la etiqueta %[2]s
 
 transfer.accept=Aceptar transferencia
-transfer.accept_desc=`Transferir a "%s"`
 transfer.reject=Rechazar transferencia
-transfer.reject_desc=`Cancelar transferencia a "%s"`
 transfer.no_permission_to_accept=No tienes permiso para aceptar esta transferencia.
 transfer.no_permission_to_reject=No tienes permiso para rechazar esta transferencia.
 
@@ -1141,7 +1130,6 @@ releases=Lanzamientos
 tag=Etiqueta
 released_this=publicó esto
 tagged_this=etiquetó esto
-file.title=%s de %s
 file_raw=Original
 file_history=Histórico
 file_view_source=Ver código fuente
@@ -1155,7 +1143,6 @@ ambiguous_runes_header=`Este archivo contiene caracteres Unicode ambiguos`
 ambiguous_runes_description=`Este archivo contiene caracteres Unicode que pueden confundirse con otros caracteres. Si crees que esto es intencional, puedes ignorar esta advertencia. Usa el botón de Escape para revelarlos.`
 invisible_runes_line=`Esta línea tiene caracteres unicode invisibles`
 ambiguous_runes_line=`Esta línea tiene caracteres unicode ambiguos`
-ambiguous_character=`%[1]c [U+%04[1]X] es confusable con %[2]c [U+%04[2]X]`
 
 escape_control_characters=Escapar
 unescape_control_characters=No Escapar
@@ -1747,9 +1734,7 @@ pulls.unrelated_histories=Fusionar Fallidos: El jefe de fusión y la base no com
 pulls.merge_out_of_date=Fusión fallida: Mientras se generaba la fusión, la base fue actualizada. Pista: Inténtelo de nuevo.
 pulls.head_out_of_date=Fusión fallida: Mientras se generaba la fusión, la cabeza fue actualizada. Pista: Inténtelo de nuevo.
 pulls.has_merged=Error: La pull request ha sido fusionada, no puedes fusionarla de nuevo ni cambiar la rama objetivo.
-pulls.push_rejected=Fusión fallida: El push fue rechazado. Revise los Git Hooks para este repositorio.
 pulls.push_rejected_summary=Mensaje completo de rechazo
-pulls.push_rejected_no_message=Fusión fallida: El push fue rechazado pero no hubo mensaje remoto.<br>Revise los Git Hooks para este repositorio
 pulls.open_unmerged_pull_exists=`No puede realizar la reapertura porque hay un pull request pendiente (#%d) con propiedades idénticas.`
 pulls.status_checking=Algunas comprobaciones están pendientes
 pulls.status_checks_success=Todas las comprobaciones han sido exitosas
@@ -1796,7 +1781,6 @@ milestones.no_due_date=Sin fecha límite
 milestones.open=Abrir
 milestones.close=Cerrar
 milestones.new_subheader=Los hitos pueden ayudarle a organizar los problemas y monitorizar su progreso.
-milestones.completeness=%d%% Completado
 milestones.create=Crear hito
 milestones.title=Título
 milestones.desc=Descripción
@@ -2008,7 +1992,6 @@ settings.pulls.default_delete_branch_after_merge=Eliminar por defecto la rama de
 settings.pulls.default_allow_edits_from_maintainers=Permitir ediciones de mantenedores por defecto
 settings.releases_desc=Activar lanzamientos del repositorio
 settings.packages_desc=Habilitar registro de paquetes de repositorio
-settings.projects_desc=Activar Proyectos de Repositorio
 settings.projects_mode_all=Todos los proyectos
 settings.actions_desc=Activar Acciones del repositorio
 settings.admin_settings=Ajustes de administrador
@@ -2229,8 +2212,6 @@ settings.protected_branch.save_rule=Guardar regla
 settings.protected_branch.delete_rule=Eliminar regla
 settings.protected_branch_can_push=¿Permitir hacer push?
 settings.protected_branch_can_push_yes=Puede hacer push
-settings.protected_branch_can_push_no=No puede hacer push
-settings.branch_protection=Proteccion de la rama '<b>%s</b>'
 settings.protect_this_branch=Activar protección de rama
 settings.protect_this_branch_desc=Evita la eliminación y restringe hacer push y fusionar contra la rama.
 settings.protect_disable_push=Deshabilitar Push
@@ -2242,7 +2223,6 @@ settings.protect_enable_merge_desc=Cualquiera con acceso de escritura podrá fus
 settings.protect_check_status_contexts=Habilitar comprobación de estado
 settings.protect_status_check_patterns=Patrones de verificación de estado:
 settings.protect_status_check_patterns_desc=Introduzca los patrones para especificar qué comprobaciones de estado deben pasar antes de que las ramas puedan ser fusionadas en una rama que coincida con esta regla. Cada línea especifica un patrón. Los patrones no pueden estar vacíos.
-settings.protect_check_status_contexts_desc=Requiere verificaciones de estado para pasar antes de fusionar. Elija qué verificaciones de estado deben pasar antes de que las ramas puedan fusionarse en una rama que coincida con esta regla. Cuando se active, los commits primero deben ser empujados a otra rama, y luego fusionados o empujados directamente a una rama que coincida con esta regla luego de que las verificaciones de estado hayan pasado. Si no se selecciona ningún contexto, el último commit debe ser exitoso sin importar el contexto.
 settings.protect_check_status_contexts_list=Comprobaciones de estado para este repositorio encontradas durante la semana pasada
 settings.protect_status_check_matched=Coincide
 settings.protect_invalid_status_check_pattern=Patrón de verificación de estado no válido: "%s".
@@ -2259,12 +2239,9 @@ settings.protect_protected_file_patterns=Patrones de archivos protegidos (separa
 settings.protect_protected_file_patterns_desc=No está permitido cambiar archivos directamente incluso si el usuario tiene permiso para agregar, editar o borrar archivos en esta rama. Múltiples patrones pueden separarse usando punto y coma (';'). Refvisa la documentación de <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> para la sintaxis de patrones. Ejemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Patrones de archivos sin protección (separados con punto y coma ';'):
 settings.protect_unprotected_file_patterns_desc=Los archivos sin protección se pueden cambiar directamente si el usuario tiene acceso de escritura, evitando la restricción push. Múltiples patrones pueden separarse usando punto y coma (';'). Vea la documentación de <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> para la sintaxis de patrones. Ejemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
-settings.add_protected_branch=Activar protección
-settings.delete_protected_branch=Desactivar protección
 settings.update_protect_branch_success=Se ha actualizado la protección de la rama para la regla "%s".
 settings.remove_protected_branch_success=Se ha eliminado la protección de la rama para la regla "%s".
 settings.remove_protected_branch_failed=Error al eliminar la regla de protección de rama "%s".
-settings.protected_branch_deletion=Desactivar protección de rama
 settings.protected_branch_deletion_desc=Desactivar la protección de la rama permite a los usuarios con permiso de escritura hacer push a la rama. ¿Continuar?
 settings.block_rejected_reviews=Bloquear fusión en las revisión rechazadas
 settings.block_rejected_reviews_desc=Fusionar no será posible cuando los revisores oficiales soliciten cambios, incluso si hay suficientes aprobaciones.
@@ -2274,7 +2251,6 @@ settings.block_outdated_branch=Bloquear fusión si la pull request está desactu
 settings.block_outdated_branch_desc=La fusión no será posible cuando la rama principal esté detrás de la rama base.
 settings.default_branch_desc=Seleccione una rama de repositorio por defecto para los pull request y los commits:
 settings.merge_style_desc=Estilos de fusión
-settings.default_merge_style_desc=Estilo de fusión por defecto para pull requests:
 settings.choose_branch=Elija una rama…
 settings.no_protected_branch=No hay ramas protegidas.
 settings.edit_protected_branch=Editar
@@ -2492,7 +2468,6 @@ tag.create_success=La etiqueta "%s" ha sido creada.
 
 topic.manage_topics=Administrar temas
 topic.done=Hecho
-topic.count_prompt=No puede seleccionar más de 25 temas
 topic.format_prompt=Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y puntos ('. ), puede tener hasta 35 caracteres de largo. Las letras deben estar en minúsculas.
 
 find_file.go_to_file=Ir al archivo
@@ -2582,7 +2557,6 @@ teams.leave.detail=¿Irse de %s?
 teams.can_create_org_repo=Crear repositorios
 teams.can_create_org_repo_helper=Los miembros pueden crear nuevos repositorios en la organización. El creador obtendrá acceso al administrador del nuevo repositorio.
 teams.none_access=Sin acceso
-teams.none_access_helper=Los miembros no pueden ver o hacer ninguna otra acción en esta unidad.
 teams.general_access=Acceso general
 teams.general_access_helper=Los permisos de los miembros se decidirán por debajo de la tabla de permisos.
 teams.read_access=Leer
@@ -3093,7 +3067,6 @@ monitor.next=Siguiente
 monitor.previous=Anterior
 monitor.execute_times=Ejecuciones
 monitor.process=Procesos en ejecución
-monitor.stacktrace=Rastros de pila
 monitor.processes_count=%d procesos
 monitor.download_diagnosis_report=Descargar informe de diagnóstico
 monitor.desc=Descripción
@@ -3101,8 +3074,6 @@ monitor.start=Hora de Inicio
 monitor.execute_time=Tiempo de ejecución
 monitor.last_execution_result=Resultado
 monitor.process.cancel=Cancelar el proceso
-monitor.process.cancel_desc=Cancelar un proceso puede ocasionar una pérdida de datos
-monitor.process.cancel_notices=Cancelar: <strong>%s</strong>?
 monitor.process.children=Hijos
 
 monitor.queues=Colas
@@ -3195,7 +3166,6 @@ raw_minutes=minutos
 
 [dropzone]
 default_message=Suelte archivos o haga clic aquí para subir.
-invalid_input_type=No puede subir archivos de este tipo.
 file_too_big=El tamaño del archivo ({{filesize}} MB) excede el tamaño máximo de ({{maxFilesize}} MB).
 remove_file=Eliminar archivo
 
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index 5b64b77ba62..2d159333a40 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -124,7 +124,7 @@ missing_csrf=درخواست بد: بلیط CSRF ندارد
 app_desc=یک سرویس گیت بی‌درد سر و راحت
 install=راه‌اندازی ساده
 platform=مستقل از سکو
-platform_desc=گیت همه جا اجرا می‌شود <a target="_blank" rel="noopener noreferrer" href="http://golang.org/"> بریم!</a> می‌توانید Windows, macOS, Linux, ARM و ... هر کدام را دوست داشتید انتخاب کنید!
+platform_desc=گیت همه جا اجرا می‌شود <a target="_blank" rel="noopener noreferrer" href="https://go.dev/"> بریم!</a> می‌توانید Windows, macOS, Linux, ARM و ... هر کدام را دوست داشتید انتخاب کنید!
 lightweight=ابزارک سبک
 lightweight_desc=گیتی با حداقل منابع میتوانید برای روی دستگاه Raspberry Pi اجرا شود و مصرف انرژی شما را کاهش دهد!
 license=متن باز
@@ -490,7 +490,6 @@ applications=برنامه‌ها
 orgs=مدیریت سازمان‌ها
 repos=مخازن
 delete=حذف حساب کاربری
-twofa=احراز هویت دوگانه
 account_link=حساب‌های مرتبط
 organization=سازمان ها
 
@@ -661,21 +660,17 @@ revoke_key=ابطال
 revoke_oauth2_grant=ابطال دسترسی
 revoke_oauth2_grant_description=لغو دسترسی برای این برنامه شخص ثالث از دسترسی این برنامه به داده های شما جلوگیری می کند. شما مطمئن هستید؟
 
-twofa_desc=احراز هویت دو مرحله ای امنیت حساب شما را افزایش میدهد.
 twofa_is_enrolled=احراز هویت دو مرحله ای برای حساب شما <strong>اجرا</strong>میشود.
 twofa_not_enrolled=حساب کاربری شما اکنون احراز هویت دو مرحله ای ندارد.
 twofa_disable=غیرفعال‌کردن احراز هویت دو مرحله ای
-twofa_scratch_token_regenerate=ساخت مجدد Scratch Token
 twofa_enroll=فعال‌کردن احراز هویت دوگانه
 twofa_disable_note=در صورت لزوم، شما می توانید احراز هویت دو مرحله ای را غیر فعال کنید.
 twofa_disable_desc=غیر فعال کردن احراز هویت دو مرحله ای امنیت حساب کاربری شما را کمتر می‌کند. آیا ادامه می‌دهید؟
-regenerate_scratch_token_desc=اگر شما token چک‌نویس خود را گم کرده اید می‌توانید پس از ورود آن‌را reset کنید.
 twofa_disabled=احراز هویت دو مرحله ای غیر فعال گشت.
 scan_this_image=این تصویر را با برنامه احراز هویت خود اسکن نمایید:
 or_enter_secret=و یا رمز را وارد کنید: %s
 then_enter_passcode=و کد ورود نمایش داده شده در درخواست را وارد کنید:
 passcode_invalid=کد ورود نامعتبر است. مجددا تلاش نمایید.
-twofa_enrolled=ورود به حسابت کاربری دو مرحله ای فعال شد. لطفا token خود را (%s) نگهداری کنید. لذا فقط یک بار نمایش داده می‌شود!
 twofa_failed_get_secret=خطا در دریافت رمز.
 
 
@@ -785,9 +780,7 @@ blame_prior=قبل از این تغییر، سرزنش را مشاهده کنی
 
 
 transfer.accept=تایید انتقال
-transfer.accept_desc=انتقال به %s
 transfer.reject=رد انتقال
-transfer.reject_desc=رد انتقال به %s
 
 desc.private=خصوصی
 desc.public=عمومی
@@ -899,7 +892,6 @@ release=نسخه منتشر شده
 releases=انتشارها
 tag=برچسب
 released_this=منتشر کرده است
-file.title=%s در %s
 file_raw=خام
 file_history=تاریخچه
 file_view_source=نمایش منبع
@@ -1375,7 +1367,6 @@ milestones.closed=%s بسته شد
 milestones.no_due_date=بدون موعد مقرر
 milestones.open=باز
 milestones.close=بستن
-milestones.completeness=%d%% کامل شده است
 milestones.create=ایجاد نقطه عطف
 milestones.title=عنوان
 milestones.desc=شرح
@@ -1539,7 +1530,6 @@ settings.pulls_desc=فعال کردن تقاضای واکشی مخزن
 settings.pulls.ignore_whitespace=نادیده گرفتن لیست سفید برای تداخل ها
 settings.pulls.enable_autodetect_manual_merge=ادغام دستی تشخیص خودکار را فعال کنید (توجه: در برخی موارد خاص، قضاوت نادرست ممکن است رخ دهد)
 settings.pulls.default_delete_branch_after_merge=پس از ادغام به طور پیش فرض شاخه درخواست pull را حذف کنید
-settings.projects_desc=فعال کردن پروژه های انبار
 settings.admin_settings=تنظیمات مدیران
 settings.admin_enable_health_check=فعال کردن بررسی سلامت مخزن (git fsck)
 settings.admin_enable_close_issues_via_commit_in_any_branch=اسنداد یک مسئله با کامیت آن شاخه را با غیر پیش فرض تبدیل می‌کند
@@ -1714,8 +1704,6 @@ settings.branches=شاخه‎ها
 settings.protected_branch=حفاظت از شاخه
 settings.protected_branch_can_push=اجازه درج؟
 settings.protected_branch_can_push_yes=شما می‎توانید درج کنید
-settings.protected_branch_can_push_no=شما نمی‎توانید درج کنید
-settings.branch_protection=محافظ شاخه برای شاخه‌ی '<b>%s</b>'
 settings.protect_this_branch=فعال کردن حفاظت از شاخه
 settings.protect_this_branch_desc=جلوگیری از حذف و محدود کردن درج و ادغام Git به شاخه.
 settings.protect_disable_push=غیرفعال کردن درج
@@ -1723,7 +1711,6 @@ settings.protect_disable_push_desc=هیچ موردی اجازه درج در ای
 settings.protect_enable_push=فعال کردن درج
 settings.protect_enable_push_desc=هرکسی که دسترسی به نوشتن داشته باشد مجاز خواهد بود به این شاخه درج کند (اما نه درج اجباری).
 settings.protect_check_status_contexts=فعال کردن حالات بررسی
-settings.protect_check_status_contexts_desc=قبل از ادغام باید بررسی وضعیت انجام شود. انتخاب کنید که بررسی وضعیت باید قبل از ادغام شاخه‌ها در شاخه‌ای که با این قانون مطابقت دارد، انجام شود. هنگامی که فعال است، commit ها باید ابتدا به شاخه دیگری منتقل شوند، سپس پس از بررسی وضعیت، ادغام یا مستقیماً به شاخه ای که با این قانون مطابقت دارد، هدایت شوند. اگر هیچ زمینه ای انتخاب نشده باشد، آخرین commit بدون توجه به زمینه باید موفقیت آمیز باشد.
 settings.protect_check_status_contexts_list=آخرین بررسی حالات این مخزن در هفته گذشته اتفاق افتاده است
 settings.protect_required_approvals=نیازمند تاییدیه:
 settings.protect_required_approvals_desc=فقط مجاز به ادغام تقاضای واکشی با بررسی های مثبت کافی می شوند.
@@ -1733,7 +1720,6 @@ settings.require_signed_commits=نیاز به commit های امضا شده
 settings.require_signed_commits_desc=در صورتی که push ها به این شاخه بدون امضا یا غیرقابل تأیید باشند، رد شوند.
 settings.add_protected_branch=فعال‌سازی محافظ
 settings.delete_protected_branch=غیر فعال‌سازی محافظ
-settings.protected_branch_deletion=غیرفعال‌کردن حفاظت از شاخه
 settings.protected_branch_deletion_desc=غیر‌فعال کردن محافظت از شاخه به کاربرانی که دسترسی نوشتن دارند اجازه درج در شاخه را می‌دهد. آیا ادامه می‌دهید؟
 settings.block_rejected_reviews=ادغام نظرات رد شده را مسدود شود
 settings.block_rejected_reviews_desc=ادغام در صورت درخواست تغییرات توسط بازبینان رسمی امکان پذیر نخواهد بود، حتی اگر تأییدیه های کافی وجود داشته باشد.
@@ -1742,7 +1728,6 @@ settings.block_on_official_review_requests_desc=زمانی که درخواست
 settings.block_outdated_branch=اگر درخواست pull قدیمی است، ادغام را مسدود شود
 settings.block_outdated_branch_desc=وقتی سرشاخه پشت شاخه پایه باشد، ادغام امکان پذیر نخواهد بود.
 settings.default_branch_desc=شاخه اصلی مخزن را برای تقاضا واکشی و کامیت کد ها انتخاب نمایید:
-settings.default_merge_style_desc=سبک ادغام پیش فرض برای درخواست های pull:
 settings.choose_branch=شاخه اصلی مخزن را برای  تقاضا واکشی و کامیت کد ها انتخاب نمایید:
 settings.no_protected_branch=اینجا هیچ شاخه محافظت شده ای وجود ندارد.
 settings.edit_protected_branch=ویرایش
@@ -1910,7 +1895,6 @@ tag.create_tag=تگ <strong>%s</strong> ایجاد کنید
 
 topic.manage_topics=مدیریت موضوعات
 topic.done=انجام شد
-topic.count_prompt=شما نمی توانید بیش از 25 موضوع انتخاب کنید
 
 
 error.csv.too_large=نمی توان این فایل را رندر کرد زیرا بسیار بزرگ است.
@@ -2429,8 +2413,6 @@ monitor.desc=شرح
 monitor.start=زمان شروع
 monitor.execute_time=زمان مورد نیاز برای اجرا
 monitor.process.cancel=لغو فرآیند
-monitor.process.cancel_desc=لغو کردن یک فرآیند ممکن است باعث از دست رفتن داده ها شود
-monitor.process.cancel_notices=لغو: <strong>%s</strong>؟
 monitor.process.children=فرزندان
 
 monitor.queues=صف ها
@@ -2515,7 +2497,6 @@ raw_minutes=دقیقه
 
 [dropzone]
 default_message=فایل را در این محل رها کنید یا دکمه ی آپلود یا بارگزاری را فشار دهید.
-invalid_input_type=شما قادر به ارسال فایل های از این نوع نیستید.
 file_too_big=حجم فایل ({{filesize}} MB) بیش از حداکثر مجاز است ({{maxFilesize}} مگابایت).
 remove_file=حذف پرونده
 
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 4563612040d..4b6b708d6e4 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -142,7 +142,7 @@ network_error=Verkkovirhe
 app_desc=Kivuton, itsehostattu Git-palvelu
 install=Helppo asentaa
 platform=Alustariippumaton
-platform_desc=Gitea käy missä tahansa alustassa, johon <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> kykenee kääntämään. Windows, macOS, Linux, ARM, jne. Valitse omasi!
+platform_desc=Gitea käy missä tahansa alustassa, johon <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> kykenee kääntämään. Windows, macOS, Linux, ARM, jne. Valitse omasi!
 lightweight=Kevyt
 lightweight_desc=Gitealla on vähäiset vähimmäisvaatimukset, joten se toimii jopa halvassa Raspberry Pi:ssä. Säästä koneesi energiaa!
 license=Avoin lähdekoodi
@@ -451,10 +451,8 @@ applications=Sovellukset
 orgs=Hallitse organisaatioita
 repos=Repot
 delete=Poista tili
-twofa=Kaksivaiheinen todennus
 account_link=Linkitetyt tilit
 organization=Organisaatiot
-webauthn=Turva-avaimet
 
 public_profile=Julkinen profiili
 password_username_disabled=Ei-paikalliset käyttäjät eivät voi muuttaa käyttäjätunnustaan. Ole hyvä ja ota yhteyttä sivuston ylläpitäjään saadaksesi lisätietoa.
@@ -606,14 +604,12 @@ oauth2_regenerate_secret_hint=Kadotitko secretin?
 oauth2_application_edit=Muokkaa
 
 
-twofa_desc=Kaksivaiheinen todennus parantaa tilisi turvallisuutta.
 twofa_is_enrolled=Tilisi <strong>käyttää</strong> kaksivaiheista vahvistusta.
 twofa_not_enrolled=Tilisi ei tällä hetkellä käytä kaksivaiheista vahvistusta.
 twofa_enroll=Ota kaksivaiheinen vahvistus käyttöön
 twofa_disabled=Kaksivaiheinen todennus on otettu pois käytöstä.
 scan_this_image=Skannaa tämä kuva tunnistautumissovelluksellasi:
 or_enter_secret=Tai kirjoita salainen avain: %s
-twofa_enrolled=Tiliisi on otettu käyttöön kaksivaiheinen vahvistus. Ota palautustunnus (%s) talteen turvalliseen paikkaan, sillä se näytetään vain kerran!
 
 webauthn_nickname=Nimimerkki
 
@@ -1184,7 +1180,6 @@ settings.deploy_key_deletion_desc=Julkaisuavaimen poistaminen kumoaa sen pääsy
 settings.deploy_key_deletion_success=Julkaisuavain on poistettu.
 settings.branches=Haarat
 settings.protected_branch=Haaran suojaus
-settings.branch_protection=Haaran '<b>%s</b>' suojaus
 settings.protect_this_branch=Ota haaran suojaus käyttöön
 settings.protect_required_approvals=Vaadittavat hyväksynnät:
 settings.choose_branch=Valitse haara…
@@ -1672,7 +1667,6 @@ raw_minutes=minuuttia
 
 [dropzone]
 default_message=Pudota tiedostot tähän tai klikkaa aluetta ladataksesi tiedoston.
-invalid_input_type=Tämäntyyppisiä tiedostoja ei voi ladata.
 remove_file=Poista tiedosto
 
 [notification]
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 2125552c266..6628b7d4556 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -31,7 +31,6 @@ username=Nom d'utilisateur
 email=Courriel
 password=Mot de passe
 access_token=Jeton d’accès
-re_type=Confirmez le mot de passe
 captcha=CAPTCHA
 twofa=Authentification à deux facteurs
 twofa_scratch=Code de secours pour l'authentification à deux facteurs
@@ -229,7 +228,7 @@ app_desc=Un service Git auto-hébergé sans prise de tête
 install=Facile à installer
 install_desc=Il suffit de <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">lancer l’exécutable</a> adapté à votre plateforme, le déployer avec <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a> ou de l’installer depuis un <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">gestionnaire de paquet</a>.
 platform=Multi-plateforme
-platform_desc=Gitea tourne partout où <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> peut être compilé : Windows, macOS, Linux, ARM, etc. Choisissez votre préféré !
+platform_desc=Gitea tourne partout où <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> peut être compilé : Windows, macOS, Linux, ARM, etc. Choisissez votre préféré !
 lightweight=Léger
 lightweight_desc=Gitea utilise peu de ressources. Il peut même tourner sur un Raspberry Pi très bon marché. Économisez l'énergie de vos serveurs !
 license=Open Source
@@ -317,7 +316,6 @@ admin_setting_desc=La création d'un compte administrateur est facultative. Le p
 admin_title=Paramètres de compte administrateur
 admin_name=Nom d’utilisateur administrateur
 admin_password=Mot de passe
-confirm_password=Confirmez le mot de passe
 admin_email=Courriel
 install_btn_confirm=Installer Gitea
 test_git_failed=Le test de la commande "git" a échoué : %v
@@ -540,7 +538,6 @@ UserName=Nom d'utilisateur
 RepoName=Nom du dépôt
 Email=Courriel
 Password=Mot de passe
-Retype=Confirmez le mot de passe
 SSHTitle=Nom de la clé SSH
 HttpsUrl=URL HTTPS
 PayloadUrl=URL des données utiles
@@ -693,11 +690,9 @@ applications=Applications
 orgs=Gérer les organisations
 repos=Dépôts
 delete=Supprimer le compte
-twofa=Authentification à deux facteurs
 account_link=Comptes liés
 organization=Organisations
 uid=UID
-webauthn=Clés de sécurité
 
 public_profile=Profil public
 biography_placeholder=Parlez-nous un peu de vous ! (Vous pouvez utiliser Markdown)
@@ -795,7 +790,6 @@ add_email_success=La nouvelle adresse e-mail a été ajoutée.
 email_preference_set_success=L'e-mail de préférence a été défini avec succès.
 add_openid_success=La nouvelle adresse OpenID a été ajoutée.
 keep_email_private=Cacher l'adresse e-mail
-keep_email_private_popup=Ceci masquera votre adresse e-mail de votre profil, de vos demandes d'ajout et des fichiers modifiés depuis l'interface Web. Les révisions déjà soumises ne seront pas modifiés.
 openid_desc=OpenID vous permet de confier l'authentification à une tierce partie.
 
 manage_ssh_keys=Gérer les clés SSH
@@ -934,23 +928,18 @@ revoke_oauth2_grant=Révoquer l'accès
 revoke_oauth2_grant_description=La révocation de l'accès à cette application tierce l'empêchera d'accéder à vos données. Vous êtes sûr ?
 revoke_oauth2_grant_success=Accès révoqué avec succès.
 
-twofa_desc=L'authentification à deux facteurs améliore la sécurité de votre compte.
 twofa_recovery_tip=Si vous perdez votre appareil, vous pourrez utiliser une clé de récupération à usage unique pour obtenir l’accès à votre compte.
 twofa_is_enrolled=Votre compte est <strong>inscrit</strong> à l'authentification à deux facteurs.
 twofa_not_enrolled=Votre compte n'est pas inscrit à l'authentification à deux facteurs.
 twofa_disable=Désactiver l'authentification à deux facteurs
-twofa_scratch_token_regenerate=Régénérer un jeton de secours
-twofa_scratch_token_regenerated=Votre jeton de secours est désormais « %s ». Stockez-le dans un endroit sûr, il ne sera plus jamais affiché.
 twofa_enroll=Activer l'authentification à deux facteurs
 twofa_disable_note=Vous pouvez désactiver l'authentification à deux facteurs si nécessaire.
 twofa_disable_desc=Désactiver l'authentification à deux facteurs rendra votre compte plus vulnérable. Confirmer ?
-regenerate_scratch_token_desc=Si vous avez perdu votre jeton de secours, ou avez dû l'utiliser pour vous authentifier, vous pouvez le réinitialiser.
 twofa_disabled=L'authentification à deux facteurs a été désactivée.
 scan_this_image=Scannez cette image avec votre application d'authentification :
 or_enter_secret=Ou saisissez le code %s
 then_enter_passcode=Et entrez le code de passe s'affichant dans l'application :
 passcode_invalid=Le mot de passe est invalide. Réessayez.
-twofa_enrolled=L'authentification à deux facteurs a été activée pour votre compte. Gardez votre jeton de secours (%s) en lieu sûr, car il ne vous sera montré qu'une seule fois !
 twofa_failed_get_secret=Impossible d'obtenir le secret.
 
 webauthn_desc=Les clefs de sécurité sont des dispositifs matériels contenant des clefs cryptographiques. Elles peuvent être utilisées pour l'authentification à deux facteurs. La clef de sécurité doit supporter le standard <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a>.
@@ -1098,9 +1087,7 @@ tree_path_not_found_branch=Le chemin %[1]s n’existe pas dans la branche %[2]s.
 tree_path_not_found_tag=Le chemin %[1]s n’existe pas dans l’étiquette %[2]s.
 
 transfer.accept=Accepter le transfert
-transfer.accept_desc=`Transférer à "%s"`
 transfer.reject=Refuser le transfert
-transfer.reject_desc=`Annuler le transfert à "%s"`
 transfer.no_permission_to_accept=Vous n’êtes pas autorisé à accepter ce transfert.
 transfer.no_permission_to_reject=Vous n’êtes pas autorisé à rejeter ce transfert.
 
@@ -1235,7 +1222,6 @@ releases=Publications
 tag=Étiquette
 released_this=a publié ceci
 tagged_this=a étiqueté
-file.title=%s sur %s
 file_raw=Brut
 file_history=Historique
 file_view_source=Voir le code source
@@ -1863,9 +1849,7 @@ pulls.unrelated_histories=Échec de la fusion: La tête de fusion et la base ne
 pulls.merge_out_of_date=Échec de la fusion: La base a été mise à jour en cours de fusion. Indice : Réessayez.
 pulls.head_out_of_date=Échec de la fusion : L’en-tête a été mis à jour pendant la fusion. Conseil : réessayez.
 pulls.has_merged=Échec : La demande d’ajout est déjà fusionnée, vous ne pouvez plus la fusionner, ni modifier sa branche cible.
-pulls.push_rejected=Échec de la fusion : la soumission a été rejetée. Revoyez les déclencheurs Git pour ce dépôt.
 pulls.push_rejected_summary=Message de rejet complet
-pulls.push_rejected_no_message=Échec de la fusion : la soumission a été rejetée sans raison. Revoyez les déclencheurs Git pour ce dépôt.
 pulls.open_unmerged_pull_exists=`Vous ne pouvez pas rouvrir ceci car la demande d’ajout #%d, en attente, a des propriétés identiques.`
 pulls.status_checking=Certains contrôles sont en attente
 pulls.status_checks_success=Tous les contrôles ont réussi
@@ -1920,7 +1904,6 @@ milestones.no_due_date=Aucune date d'échéance
 milestones.open=Ouvrir
 milestones.close=Fermer
 milestones.new_subheader=Les jalons peuvent vous aider à organiser vos tickets et à suivre leurs progrès.
-milestones.completeness=%d%% complété
 milestones.create=Créer un Jalon
 milestones.title=Titre
 milestones.desc=Description
@@ -2105,7 +2088,6 @@ settings.push_mirror_sync_in_progress=Versement des changements vers le miroir d
 settings.site=Site Web
 settings.update_settings=Appliquer
 settings.update_mirror_settings=Mettre à jour les paramètres du miroir
-settings.branches.switch_default_branch=Changer de branche
 settings.branches.update_default_branch=Changer la Branche par Défaut
 settings.branches.add_new_rule=Ajouter une nouvelle règle
 settings.advanced_settings=Paramètres avancés
@@ -2143,7 +2125,6 @@ settings.pulls.default_delete_branch_after_merge=Supprimer la branche après la
 settings.pulls.default_allow_edits_from_maintainers=Autoriser les modifications par les mainteneurs par défaut
 settings.releases_desc=Activer les publications du dépôt
 settings.packages_desc=Activer le registre des paquets du dépôt
-settings.projects_desc=Activer les projets de dépôt
 settings.projects_mode_desc=Mode Projets (type de projets à afficher)
 settings.projects_mode_repo=Projets de dépôt uniquement
 settings.projects_mode_owner=Projets d’utilisateur ou d’organisation uniquement
@@ -2365,13 +2346,9 @@ settings.deploy_key_deletion=Supprimer une clef de déploiement
 settings.deploy_key_deletion_desc=La suppression d'une clef de déploiement révoque son accès à ce dépôt. Continuer ?
 settings.deploy_key_deletion_success=La clé de déploiement a été supprimée.
 settings.branches=Branches
-settings.protected_branch=Protection de branche
 settings.protected_branch.save_rule=Enregistrer la règle
 settings.protected_branch.delete_rule=Supprimer la règle
 settings.protected_branch_can_push=Autoriser la soumission ?
-settings.protected_branch_can_push_yes=Vous pouvez pousser
-settings.protected_branch_can_push_no=Vous ne pouvez pas pousser
-settings.branch_protection=Paramètres de protection pour les branches du motif <b>%s</b>
 settings.protect_this_branch=Activer la protection de branche
 settings.protect_this_branch_desc=Empêche les suppressions et limite les poussées et fusions sur cette branche.
 settings.protect_disable_push=Désactiver la soumission
@@ -2401,7 +2378,6 @@ settings.protect_merge_whitelist_teams=Équipes autorisées à fusionner :
 settings.protect_check_status_contexts=Activer le Contrôle Qualité
 settings.protect_status_check_patterns=Motifs de vérification des statuts :
 settings.protect_status_check_patterns_desc=Entrez des motifs pour spécifier quelles vérifications doivent réussir avant que des branches puissent être fusionnées. Un motif par ligne. Un motif ne peut être vide.
-settings.protect_check_status_contexts_desc=Exiger le status « succès » avant de fusionner. Quand activée, une branche protégée ne peux accepter que des soumissions ou des fusions ayant le status « succès ». Lorsqu'il n'y a pas de contexte, la dernière révision fait foi.
 settings.protect_check_status_contexts_list=Contrôles qualité trouvés au cours de la semaine dernière pour ce dépôt
 settings.protect_status_check_matched=Correspondant
 settings.protect_invalid_status_check_pattern=Motif de vérification des statuts incorrect : « %s ».
@@ -2425,12 +2401,9 @@ settings.protect_protected_file_patterns=Liste des fichiers et motifs protégés
 settings.protect_protected_file_patterns_desc=Liste de fichiers et de motifs, séparés par un point-virgule « ; », qui ne pourront pas être modifiés même si les utilisateurs disposent des droits sur la branche. Voir la <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>syntaxe glob</a>. Exemples : <code>.drone.yml ; /docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Liste des fichiers et motifs exclus
 settings.protect_unprotected_file_patterns_desc=Liste de fichiers et de motifs globs, séparés par un point-virgule « ; », qui pourront être modifiés malgré la protection de branche, par les utilisateurs autorisés. Voir la <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>syntaxe Glob</a>. Exemples : <code>.drone.yml ; /docs/**/*.txt</code>.
-settings.add_protected_branch=Activer la protection
-settings.delete_protected_branch=Désactiver la protection
 settings.update_protect_branch_success=La règle de protection de branche "%s" a été mise à jour.
 settings.remove_protected_branch_success=La règle de protection de branche "%s" a été retirée.
 settings.remove_protected_branch_failed=Impossible de retirer la règle de protection de branche "%s".
-settings.protected_branch_deletion=Désactiver la protection de branche
 settings.protected_branch_deletion_desc=Désactiver la protection de branche permet aux utilisateurs ayant accès en écriture de pousser des modifications sur la branche. Continuer ?
 settings.block_rejected_reviews=Bloquer la fusion en cas d’évaluations négatives
 settings.block_rejected_reviews_desc=La fusion ne sera pas possible lorsque des modifications sont demandées par les évaluateurs officiels, même s'il y a suffisamment d’approbations.
@@ -2440,7 +2413,6 @@ settings.block_outdated_branch=Bloquer la fusion si la demande d'ajout est obsol
 settings.block_outdated_branch_desc=La fusion ne sera pas possible lorsque la branche principale est derrière la branche de base.
 settings.default_branch_desc=Sélectionnez une branche par défaut pour les demandes de fusion et les révisions :
 settings.merge_style_desc=Styles de fusion
-settings.default_merge_style_desc=Style de fusion par défaut
 settings.choose_branch=Choisissez une branche…
 settings.no_protected_branch=Il n'y a pas de branche protégée.
 settings.edit_protected_branch=Éditer
@@ -2659,7 +2631,6 @@ tag.create_success=L'étiquette "%s" a été créée.
 
 topic.manage_topics=Gérer les sujets
 topic.done=Terminé
-topic.count_prompt=Vous ne pouvez pas sélectionner plus de 25 sujets
 topic.format_prompt=Les sujets doivent commencer par un caractère alphanumérique, peuvent inclure des traits d’union « - » et des points « . », et mesurer jusqu'à 35 caractères. Les lettres doivent être en minuscules.
 
 find_file.go_to_file=Aller au fichier
@@ -3296,8 +3267,6 @@ monitor.start=Heure de démarrage
 monitor.execute_time=Heure d'Éxécution
 monitor.last_execution_result=Résultat
 monitor.process.cancel=Annuler le processus
-monitor.process.cancel_desc=L'annulation d'un processus peut entraîner une perte de données
-monitor.process.cancel_notices=Annuler : <strong>%s</strong>?
 monitor.process.children=Enfant
 
 monitor.queues=Files d'attente
@@ -3399,7 +3368,6 @@ raw_minutes=minutes
 
 [dropzone]
 default_message=Déposez les fichiers ou cliquez ici pour téléverser.
-invalid_input_type=Vous ne pouvez pas téléverser des fichiers de ce type.
 file_too_big=La taille du fichier ({{filesize}} Mo) dépasse la taille maximale ({{maxFilesize}} Mo).
 remove_file=Supprimer le fichier
 
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index dbb5c7dae3a..7d9dfd46d26 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -112,7 +112,6 @@ filter.private=Privát
 app_desc=Fájdalommentes, saját gépre telepíthető Git szolgáltatás
 install=Könnyen telepíthető
 platform=Keresztplatformos
-platform_desc=A Gitea minden platformon fut, ahol a <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> fordíthat: Windows, macOS, Linux, ARM, stb. Válassza azt, amelyet szereti!
 lightweight=Könnyűsúlyú
 license=Nyílt forráskódú
 
@@ -394,7 +393,6 @@ applications=Alkalmazások
 orgs=Szervezetek kezelése
 repos=Tárolók
 delete=Fiók törlése
-twofa=Kétlépcsős hitelesítés
 account_link=Kapcsolt fiókok
 organization=Szervezetek
 
@@ -527,11 +525,9 @@ authorized_oauth2_applications=Engedélyezett OAuth2 alkalmazások
 revoke_key=Visszavonás
 revoke_oauth2_grant=Hozzáférés megvonása
 
-twofa_desc=A kétlépcsős hitelesítés növeli a fiók biztonságát.
 twofa_is_enrolled=A fiókja jelenleg <strong>használ</strong> kétlépcsős hitelesítést.
 twofa_not_enrolled=A fiókja jelenleg nem használ kétlépcsős hitelesítést.
 twofa_disable=Kétlépcsős hitelesítés letiltása
-twofa_scratch_token_regenerate=Kaparós kód újragenerálása
 twofa_enroll=Kétlépcsős hitelesítés használata
 twofa_disable_note=A kétlépcsős azonosítás szükség esetén letiltható.
 twofa_disable_desc=A kétlépcsős hitelesítés letiltása a fiókot kevésbé biztonságossá teszi. Folytatható?
@@ -948,7 +944,6 @@ milestones.closed=Lezárva: %s
 milestones.no_due_date=Nincs határidő
 milestones.open=Megnyitás
 milestones.close=Lezárás
-milestones.completeness=%d%% Kész
 milestones.create=Mérföldkő létrehozása
 milestones.title=Cím
 milestones.desc=Leírás
@@ -1399,8 +1394,7 @@ auths.tip.facebook=Vegyen fel új alkalmazást itt: https://developers.facebook.
 auths.tip.github=Vegyen fel új OAuth alkalmazást itt: https://github.com/settings/applications/new
 auths.tip.google_plus=Szerezzen OAuth2 kliens hitelesítési adatokat a Google API konzolban (https://console.developers.google.com/)
 auths.tip.twitter=Menyjen ide: https://dev.twitter.com/apps, hozzon létre egy alkalmazást és győződjön meg róla, hogy az “Allow this application to be used to Sign in with Twitter” opció be van kapcsolva
-auths.tip.discord=Vegyen fel új alkalmazást itt: 
-https://discordapp.com/developers/applications/me
+auths.tip.discord=Vegyen fel új alkalmazást itt: https://discordapp.com/developers/applications/me
 auths.edit=Hitelesítési forrás szerkesztése
 auths.activated=A hitelesítési forrás aktiválva lett
 auths.update_success=A hitelesítési forrás frissítve lett.
@@ -1536,8 +1530,6 @@ monitor.desc=Leírás
 monitor.start=Kezdés Időpontja
 monitor.execute_time=Végrehajtási Idő
 monitor.process.cancel=Folyamat megszakítása
-monitor.process.cancel_desc=Egy folyamat megszakítása adatvesztést okozhat
-monitor.process.cancel_notices=Megszakítás: <strong>%s</strong>?
 
 monitor.queue.name=Név
 monitor.queue.type=Típus
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index a3a6f8598e5..2bb6d25d438 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -103,7 +103,7 @@ filter.private=Pribadi
 app_desc=Sebuah layanan hosting Git sendiri yang tanpa kesulitan
 install=Mudah dipasang
 platform=Lintas platform
-platform_desc=Gitea bisa digunakan di mana <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> bisa dijalankan: Windows, macOS, Linux, ARM, dll. Silahkan pilih yang Anda suka!
+platform_desc=Gitea bisa digunakan di mana <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> bisa dijalankan: Windows, macOS, Linux, ARM, dll. Silahkan pilih yang Anda suka!
 lightweight=Ringan
 lightweight_desc=Gitea hanya membutuhkan persyaratan minimal dan bisa berjalan pada Raspberry Pi yang murah. Bisa menghemat listrik!
 license=Sumber Terbuka
@@ -315,7 +315,6 @@ applications=Aplikasi
 orgs=Kelola organisasi
 repos=Repositori
 delete=Hapus Akun
-twofa=Otentikasi Dua-Faktor
 account_link=Akun Tertaut
 organization=Organisasi
 
@@ -451,15 +450,12 @@ revoke_key=Cabut
 revoke_oauth2_grant=Cabut Akses
 revoke_oauth2_grant_description=Mencabut akses untuk aplikasi pihak ketiga ini akan mencegahnya mengakses data Anda. Lanjutkan?
 
-twofa_desc=Autentikasi dua faktor menambah keamanan akun Anda.
 twofa_is_enrolled=Akun anda saat ini <strong>terdaftar</strong> dalam otentikasi dua-faktor.
 twofa_not_enrolled=Akun anda saat ini tidak terdaftar dalam otentikasi dua-faktor.
 twofa_disable=Matikan Autentikasi Dua Faktor
-twofa_scratch_token_regenerate=Buat Ulang Token Gosok
 twofa_enroll=Daftarkan ke Autentikasi Dua-Faktor
 twofa_disable_note=Anda bisa mematikan autentikasi dua-faktor bila diperlukan.
 twofa_disable_desc=Mematikan autentikasi dua-faktor akan membuat akun Anda kurang aman. Lanjutkan?
-regenerate_scratch_token_desc=Jika Anda salah tempatkan token gosok Anda atau sudah menggunakannya, Anda bisa setel ulang di sini.
 twofa_disabled=Otentikasi dua-faktor telah dinonaktifkan.
 scan_this_image=Pindai gambar ini dengan aplikasi otentikasi:
 or_enter_secret=Atau masukkan rahasia: %s
@@ -895,13 +891,6 @@ settings.deploy_keys=Kunci Deploy
 settings.add_deploy_key=Tambahkan Kunci Deploy
 settings.title=Judul
 settings.deploy_key_content=Konten
-settings.branches=Cabang
-settings.protected_branch=Perlindungan cabang
-settings.protected_branch_can_push=Mengizinkan mendorong?
-settings.protected_branch_can_push_yes=Anda dapat mendorong
-settings.protected_branch_can_push_no=Anda tidak dapat mendorong
-settings.add_protected_branch=Aktifkan perlindungan
-settings.delete_protected_branch=Nonaktifkan perlindungan
 settings.choose_branch=Pilih branch…
 settings.edit_protected_branch=Edit
 
@@ -1221,7 +1210,6 @@ monitor.desc=Deskripsi
 monitor.start=Waktu mulai
 monitor.execute_time=Waktu pelaksanaan
 monitor.process.cancel=Batalkan proses
-monitor.process.cancel_desc=Membatalkan sebuah proses bisa mengakibatkan hilangnya data
 
 monitor.queues=Antrian
 monitor.queue=Antrian: %s
@@ -1280,7 +1268,6 @@ raw_minutes=menit
 
 [dropzone]
 default_message=Jatuhkan berkas disini atau klik untuk mengunggah.
-invalid_input_type=Anda tidak bisa mengunggah berkas jenis ini.
 file_too_big=Ukuran berkas ({{filesize}} MB) melebihi ukuran maksimum ({{maxFilesize}} MB).
 remove_file=Hilangkan berkas
 
@@ -1305,7 +1292,6 @@ error.unit_not_allowed=Anda tidak diizinkan untuk mengunjungi unit repositori in
 
 [packages]
 filter.type=Jenis
-alpine.repository.branches=Cabang
 alpine.repository.repositories=Repositori
 conan.details.repository=Repositori
 owner.settings.cleanuprules.enabled=Aktif
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index af71558e504..69a0cb40d2e 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -138,7 +138,7 @@ network_error=Netkerfisvilla
 app_desc=Þrautalaus og sjálfhýst Git þjónusta
 install=Einföld uppsetning
 platform=Fjölvettvangur
-platform_desc=Gitea virkar hvar sem að <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> gerir: Linux, macOS, Windows, ARM o. s. frv. Veldu það sem þú vilt!
+platform_desc=Gitea virkar hvar sem að <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> gerir: Linux, macOS, Windows, ARM o. s. frv. Veldu það sem þú vilt!
 lightweight=Létt
 lightweight_desc=Gitea hefur lágar lágmarkskröfur og getur keyrt á ódýrum Raspberry Pi. Sparaðu orku!
 license=Frjáls Hugbúnaður
@@ -428,10 +428,8 @@ applications=Forrit
 orgs=Stjórna Stofnunum
 repos=Hugbúnaðarsöfn
 delete=Eyða Reikningi
-twofa=Tvíþætt Auðkenning
 account_link=Tengdir Reikningar
 organization=Stofnanir
-webauthn=Öryggislyklar
 
 public_profile=Opinber Notandasíða
 password_username_disabled=Notendum utan staðarins er ekki heimilt að breyta notendanafni sínu. Vinsamlegast hafðu samband við síðustjórann þinn til að fá frekari upplýsingar.
@@ -544,7 +542,6 @@ revoke_key=Afturkalla
 revoke_oauth2_grant=Afturkalla Aðgang
 
 twofa_disable=Óvirkja Tveggja-Þátta Auðkenningu
-twofa_scratch_token_regenerate=Endurgera Skrapkóða
 or_enter_secret=Eða sláðu inn leyndarmálið: %s
 
 webauthn_nickname=Gælunafn
@@ -666,7 +663,6 @@ commit=Framlag
 release=Útgáfa
 releases=Útgáfur
 tag=Merki
-file.title=%s í %s
 file_raw=Hrátt
 file_history=Saga
 file_view_source=Skoða Frumkóða

From 36232b69db312e16a43d1134ff98ab5d65bf80da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=83=96=E6=A2=81?= <418094911@qq.com>
Date: Mon, 19 Aug 2024 10:38:40 +0800
Subject: [PATCH 010/129] Actions support workflow dispatch event (#28163)

fix #23668

My plan:
* In the `actions.list` method, if workflow is selected and IsAdmin,
check whether the on event contains `workflow_dispatch`. If so, display
a `Run workflow` button to allow the user to manually trigger the run.
* Providing a form that allows users to select target brach or tag, and
these parameters can be configured in yaml
* Simple form validation, `required` input cannot be empty
* Add a route `/actions/run`, and an `actions.Run` method to handle
* Add `WorkflowDispatchPayload` struct to pass the Webhook event payload
to the runner when triggered, this payload carries the `inputs` values
and other fields, doc: [workflow_dispatch
payload](https://docs.github.com/en/webhooks/webhook-events-and-payloads#workflow_dispatch)

Other PRs
* the `Workflow.WorkflowDispatchConfig()` method still return non-nil
when workflow_dispatch is not defined. I submitted a PR
https://gitea.com/gitea/act/pulls/85 to fix it. Still waiting for them
to process.

Behavior should be same with github, but may cause confusion. Here's a
quick reminder.
*
[Doc](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch)
Said: This event will `only` trigger a workflow run if the workflow file
is `on the default branch`.
* If the workflow yaml file only exists in a non-default branch, it
cannot be triggered. (It will not even show up in the workflow list)
* If the same workflow yaml file exists in each branch at the same time,
the version of the default branch is used. Even if `Use workflow from`
selects another branch


![image](https://github.com/go-gitea/gitea/assets/3114995/4bf596f3-426b-48e8-9b8f-0f6d18defd79)
```yaml
name: Docker Image CI

on:
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log level'
        required: true
        default: 'warning'
        type: choice
        options:
        - info
        - warning
        - debug
      tags:
        description: 'Test scenario tags'
        required: false
        type: boolean
      boolean_default_true:
        description: 'Test scenario tags'
        required: true
        type: boolean
        default: true
      boolean_default_false:
        description: 'Test scenario tags'
        required: false
        type: boolean
        default: false
      environment:
        description: 'Environment to run tests against'
        type: environment
        required: true
        default: 'environment values'
      number_required_1:
        description: 'number '
        type: number
        required: true
        default: '100'
      number_required_2:
        description: 'number'
        type: number
        required: true
        default: '100'
      number_required_3:
        description: 'number'
        type: number
        required: true
        default: '100'
      number_1:
        description: 'number'
        type: number
        required: false
      number_2:
        description: 'number'
        type: number
        required: false
      number_3:
        description: 'number'
        type: number
        required: false

env:
  inputs_logLevel:              ${{ inputs.logLevel }}
  inputs_tags:                  ${{ inputs.tags }}
  inputs_boolean_default_true:  ${{ inputs.boolean_default_true }}
  inputs_boolean_default_false: ${{ inputs.boolean_default_false }}
  inputs_environment:           ${{ inputs.environment }}
  inputs_number_1:              ${{ inputs.number_1  }}
  inputs_number_2:              ${{ inputs.number_2  }}
  inputs_number_3:              ${{ inputs.number_3  }}
  inputs_number_required_1:     ${{ inputs.number_required_1  }}
  inputs_number_required_2:     ${{ inputs.number_required_2  }}
  inputs_number_required_3:     ${{ inputs.number_required_3  }}

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - run: ls -la
      - run: env | grep inputs
      - run: echo ${{ inputs.logLevel }}
      - run: echo ${{ inputs.boolean_default_false }}
```

![image](https://github.com/go-gitea/gitea/assets/3114995/a58a842d-a0ff-4618-bc6d-83a9596d07c8)

![image](https://github.com/go-gitea/gitea/assets/3114995/44a7cca5-7bd4-42a9-8723-91751a501c88)

---------

Co-authored-by: TKaxv_7S <954067342@qq.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
---
 modules/structs/hook.go                       |  14 ++
 options/locale/locale_en-US.ini               |   6 +
 routers/web/repo/actions/actions.go           | 145 ++++++++++++++-
 routers/web/repo/actions/actions_test.go      | 156 ++++++++++++++++
 routers/web/repo/actions/view.go              | 169 ++++++++++++++++++
 routers/web/web.go                            |   1 +
 templates/repo/actions/list.tmpl              |   5 +
 templates/repo/actions/workflow_dispatch.tmpl |  78 ++++++++
 web_src/js/features/repo-legacy.ts            |  20 ++-
 web_src/js/index.ts                           |   3 +-
 10 files changed, 580 insertions(+), 17 deletions(-)
 create mode 100644 routers/web/repo/actions/actions_test.go
 create mode 100644 templates/repo/actions/workflow_dispatch.tmpl

diff --git a/modules/structs/hook.go b/modules/structs/hook.go
index 0babe844101..c55e63db6bc 100644
--- a/modules/structs/hook.go
+++ b/modules/structs/hook.go
@@ -494,3 +494,17 @@ type PackagePayload struct {
 func (p *PackagePayload) JSONPayload() ([]byte, error) {
 	return json.MarshalIndent(p, "", "  ")
 }
+
+// WorkflowDispatchPayload represents a workflow dispatch payload
+type WorkflowDispatchPayload struct {
+	Workflow   string         `json:"workflow"`
+	Ref        string         `json:"ref"`
+	Inputs     map[string]any `json:"inputs"`
+	Repository *Repository    `json:"repository"`
+	Sender     *User          `json:"sender"`
+}
+
+// JSONPayload implements Payload
+func (p *WorkflowDispatchPayload) JSONPayload() ([]byte, error) {
+	return json.MarshalIndent(p, "", "  ")
+}
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index f3a7a389514..ef7628967c5 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -628,6 +628,7 @@ org_still_own_repo = "This organization still owns one or more repositories, del
 org_still_own_packages = "This organization still owns one or more packages, delete them first."
 
 target_branch_not_exist = Target branch does not exist.
+target_ref_not_exist = Target ref does not exist %s
 
 admin_cannot_delete_self = You cannot delete yourself when you are an admin. Please remove your admin privileges first.
 
@@ -3701,6 +3702,11 @@ workflow.disable_success = Workflow '%s' disabled successfully.
 workflow.enable = Enable Workflow
 workflow.enable_success = Workflow '%s' enabled successfully.
 workflow.disabled = Workflow is disabled.
+workflow.run = Run Workflow
+workflow.not_found = Workflow '%s' not found.
+workflow.run_success = Workflow '%s' run successfully.
+workflow.from_ref = Use workflow from
+workflow.has_workflow_dispatch = This workflow has a workflow_dispatch event trigger.
 
 need_approval_desc = Need approval to run workflows for fork pull request.
 
diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go
index a0f03ec7e90..63cf3e948a8 100644
--- a/routers/web/repo/actions/actions.go
+++ b/routers/web/repo/actions/actions.go
@@ -7,22 +7,28 @@ import (
 	"bytes"
 	"fmt"
 	"net/http"
+	"slices"
 	"strings"
 
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
+	git_model "code.gitea.io/gitea/models/git"
+	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/modules/actions"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers/web/repo"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/convert"
 
 	"github.com/nektos/act/pkg/model"
+	"gopkg.in/yaml.v3"
 )
 
 const (
@@ -58,8 +64,13 @@ func MustEnableActions(ctx *context.Context) {
 func List(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("actions.actions")
 	ctx.Data["PageIsActions"] = true
+	workflowID := ctx.FormString("workflow")
+	actorID := ctx.FormInt64("actor")
+	status := ctx.FormInt("status")
+	ctx.Data["CurWorkflow"] = workflowID
 
 	var workflows []Workflow
+	var curWorkflow *model.Workflow
 	if empty, err := ctx.Repo.GitRepo.IsEmpty(); err != nil {
 		ctx.ServerError("IsEmpty", err)
 		return
@@ -140,6 +151,10 @@ func List(ctx *context.Context) {
 				workflow.ErrMsg = ctx.Locale.TrString("actions.runs.no_job")
 			}
 			workflows = append(workflows, workflow)
+
+			if workflow.Entry.Name() == workflowID {
+				curWorkflow = wf
+			}
 		}
 	}
 	ctx.Data["workflows"] = workflows
@@ -150,17 +165,46 @@ func List(ctx *context.Context) {
 		page = 1
 	}
 
-	workflow := ctx.FormString("workflow")
-	actorID := ctx.FormInt64("actor")
-	status := ctx.FormInt("status")
-	ctx.Data["CurWorkflow"] = workflow
-
 	actionsConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
 	ctx.Data["ActionsConfig"] = actionsConfig
 
-	if len(workflow) > 0 && ctx.Repo.IsAdmin() {
+	if len(workflowID) > 0 && ctx.Repo.IsAdmin() {
 		ctx.Data["AllowDisableOrEnableWorkflow"] = true
-		ctx.Data["CurWorkflowDisabled"] = actionsConfig.IsWorkflowDisabled(workflow)
+		isWorkflowDisabled := actionsConfig.IsWorkflowDisabled(workflowID)
+		ctx.Data["CurWorkflowDisabled"] = isWorkflowDisabled
+
+		if !isWorkflowDisabled && curWorkflow != nil {
+			workflowDispatchConfig := workflowDispatchConfig(curWorkflow)
+			if workflowDispatchConfig != nil {
+				ctx.Data["WorkflowDispatchConfig"] = workflowDispatchConfig
+
+				branchOpts := git_model.FindBranchOptions{
+					RepoID:          ctx.Repo.Repository.ID,
+					IsDeletedBranch: optional.Some(false),
+					ListOptions: db.ListOptions{
+						ListAll: true,
+					},
+				}
+				branches, err := git_model.FindBranchNames(ctx, branchOpts)
+				if err != nil {
+					ctx.ServerError("FindBranchNames", err)
+					return
+				}
+				// always put default branch on the top if it exists
+				if slices.Contains(branches, ctx.Repo.Repository.DefaultBranch) {
+					branches = util.SliceRemoveAll(branches, ctx.Repo.Repository.DefaultBranch)
+					branches = append([]string{ctx.Repo.Repository.DefaultBranch}, branches...)
+				}
+				ctx.Data["Branches"] = branches
+
+				tags, err := repo_model.GetTagNamesByRepoID(ctx, ctx.Repo.Repository.ID)
+				if err != nil {
+					ctx.ServerError("GetTagNamesByRepoID", err)
+					return
+				}
+				ctx.Data["Tags"] = tags
+			}
+		}
 	}
 
 	// if status or actor query param is not given to frontend href, (href="/<repoLink>/actions")
@@ -177,7 +221,7 @@ func List(ctx *context.Context) {
 			PageSize: convert.ToCorrectPageSize(ctx.FormInt("limit")),
 		},
 		RepoID:        ctx.Repo.Repository.ID,
-		WorkflowID:    workflow,
+		WorkflowID:    workflowID,
 		TriggerUserID: actorID,
 	}
 
@@ -214,7 +258,7 @@ func List(ctx *context.Context) {
 
 	pager := context.NewPagination(int(total), opts.PageSize, opts.Page, 5)
 	pager.SetDefaultParams(ctx)
-	pager.AddParamString("workflow", workflow)
+	pager.AddParamString("workflow", workflowID)
 	pager.AddParamString("actor", fmt.Sprint(actorID))
 	pager.AddParamString("status", fmt.Sprint(status))
 	ctx.Data["Page"] = pager
@@ -222,3 +266,86 @@ func List(ctx *context.Context) {
 
 	ctx.HTML(http.StatusOK, tplListActions)
 }
+
+type WorkflowDispatchInput struct {
+	Name        string   `yaml:"name"`
+	Description string   `yaml:"description"`
+	Required    bool     `yaml:"required"`
+	Default     string   `yaml:"default"`
+	Type        string   `yaml:"type"`
+	Options     []string `yaml:"options"`
+}
+
+type WorkflowDispatch struct {
+	Inputs []WorkflowDispatchInput
+}
+
+func workflowDispatchConfig(w *model.Workflow) *WorkflowDispatch {
+	switch w.RawOn.Kind {
+	case yaml.ScalarNode:
+		var val string
+		if !decodeNode(w.RawOn, &val) {
+			return nil
+		}
+		if val == "workflow_dispatch" {
+			return &WorkflowDispatch{}
+		}
+	case yaml.SequenceNode:
+		var val []string
+		if !decodeNode(w.RawOn, &val) {
+			return nil
+		}
+		for _, v := range val {
+			if v == "workflow_dispatch" {
+				return &WorkflowDispatch{}
+			}
+		}
+	case yaml.MappingNode:
+		var val map[string]yaml.Node
+		if !decodeNode(w.RawOn, &val) {
+			return nil
+		}
+
+		workflowDispatchNode, found := val["workflow_dispatch"]
+		if !found {
+			return nil
+		}
+
+		var workflowDispatch WorkflowDispatch
+		var workflowDispatchVal map[string]yaml.Node
+		if !decodeNode(workflowDispatchNode, &workflowDispatchVal) {
+			return &workflowDispatch
+		}
+
+		inputsNode, found := workflowDispatchVal["inputs"]
+		if !found || inputsNode.Kind != yaml.MappingNode {
+			return &workflowDispatch
+		}
+
+		i := 0
+		for {
+			if i+1 >= len(inputsNode.Content) {
+				break
+			}
+			var input WorkflowDispatchInput
+			if decodeNode(*inputsNode.Content[i+1], &input) {
+				input.Name = inputsNode.Content[i].Value
+				workflowDispatch.Inputs = append(workflowDispatch.Inputs, input)
+			}
+			i += 2
+		}
+		return &workflowDispatch
+
+	default:
+		return nil
+	}
+	return nil
+}
+
+func decodeNode(node yaml.Node, out any) bool {
+	if err := node.Decode(out); err != nil {
+		log.Warn("Failed to decode node %v into %T: %v", node, out, err)
+		return false
+	}
+	return true
+}
diff --git a/routers/web/repo/actions/actions_test.go b/routers/web/repo/actions/actions_test.go
new file mode 100644
index 00000000000..194704d14eb
--- /dev/null
+++ b/routers/web/repo/actions/actions_test.go
@@ -0,0 +1,156 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"strings"
+	"testing"
+
+	act_model "github.com/nektos/act/pkg/model"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestReadWorkflow_WorkflowDispatchConfig(t *testing.T) {
+	yaml := `
+    name: local-action-docker-url
+    `
+	workflow, err := act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch := workflowDispatchConfig(workflow)
+	assert.Nil(t, workflowDispatch)
+
+	yaml = `
+    name: local-action-docker-url
+    on: push
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.Nil(t, workflowDispatch)
+
+	yaml = `
+    name: local-action-docker-url
+    on: workflow_dispatch
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Nil(t, workflowDispatch.Inputs)
+
+	yaml = `
+    name: local-action-docker-url
+    on: [push, pull_request]
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.Nil(t, workflowDispatch)
+
+	yaml = `
+    name: local-action-docker-url
+    on:
+        push:
+        pull_request:
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.Nil(t, workflowDispatch)
+
+	yaml = `
+    name: local-action-docker-url
+    on: [push, workflow_dispatch]
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Nil(t, workflowDispatch.Inputs)
+
+	yaml = `
+    name: local-action-docker-url
+    on:
+        - push
+        - workflow_dispatch
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Nil(t, workflowDispatch.Inputs)
+
+	yaml = `
+    name: local-action-docker-url
+    on:
+        push:
+        pull_request:
+        workflow_dispatch:
+            inputs:
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Nil(t, workflowDispatch.Inputs)
+
+	yaml = `
+    name: local-action-docker-url
+    on:
+        push:
+        pull_request:
+        workflow_dispatch:
+            inputs:
+                logLevel:
+                    description: 'Log level'
+                    required: true
+                    default: 'warning'
+                    type: choice
+                    options:
+                    - info
+                    - warning
+                    - debug
+                boolean_default_true:
+                    description: 'Test scenario tags'
+                    required: true
+                    type: boolean
+                    default: true
+                boolean_default_false:
+                    description: 'Test scenario tags'
+                    required: true
+                    type: boolean
+                    default: false
+    `
+
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Equal(t, WorkflowDispatchInput{
+		Name:        "logLevel",
+		Default:     "warning",
+		Description: "Log level",
+		Options: []string{
+			"info",
+			"warning",
+			"debug",
+		},
+		Required: true,
+		Type:     "choice",
+	}, workflowDispatch.Inputs[0])
+	assert.Equal(t, WorkflowDispatchInput{
+		Name:        "boolean_default_true",
+		Default:     "true",
+		Description: "Test scenario tags",
+		Required:    true,
+		Type:        "boolean",
+	}, workflowDispatch.Inputs[1])
+	assert.Equal(t, WorkflowDispatchInput{
+		Name:        "boolean_default_false",
+		Default:     "false",
+		Description: "Test scenario tags",
+		Required:    true,
+		Type:        "boolean",
+	}, workflowDispatch.Inputs[2])
+}
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 6b422891648..11199d69eb3 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -18,18 +18,26 @@ import (
 
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/perm"
+	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/modules/actions"
 	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
+	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
 	actions_service "code.gitea.io/gitea/services/actions"
 	context_module "code.gitea.io/gitea/services/context"
+	"code.gitea.io/gitea/services/convert"
 
+	"github.com/nektos/act/pkg/jobparser"
+	"github.com/nektos/act/pkg/model"
 	"xorm.io/builder"
 )
 
@@ -745,3 +753,164 @@ func disableOrEnableWorkflowFile(ctx *context_module.Context, isEnable bool) {
 		url.QueryEscape(ctx.FormString("actor")), url.QueryEscape(ctx.FormString("status")))
 	ctx.JSONRedirect(redirectURL)
 }
+
+func Run(ctx *context_module.Context) {
+	redirectURL := fmt.Sprintf("%s/actions?workflow=%s&actor=%s&status=%s", ctx.Repo.RepoLink, url.QueryEscape(ctx.FormString("workflow")),
+		url.QueryEscape(ctx.FormString("actor")), url.QueryEscape(ctx.FormString("status")))
+
+	workflowID := ctx.FormString("workflow")
+	if len(workflowID) == 0 {
+		ctx.ServerError("workflow", nil)
+		return
+	}
+
+	ref := ctx.FormString("ref")
+	if len(ref) == 0 {
+		ctx.ServerError("ref", nil)
+		return
+	}
+
+	// can not rerun job when workflow is disabled
+	cfgUnit := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions)
+	cfg := cfgUnit.ActionsConfig()
+	if cfg.IsWorkflowDisabled(workflowID) {
+		ctx.Flash.Error(ctx.Tr("actions.workflow.disabled"))
+		ctx.Redirect(redirectURL)
+		return
+	}
+
+	// get target commit of run from specified ref
+	refName := git.RefName(ref)
+	var runTargetCommit *git.Commit
+	var err error
+	if refName.IsTag() {
+		runTargetCommit, err = ctx.Repo.GitRepo.GetTagCommit(refName.TagName())
+	} else if refName.IsBranch() {
+		runTargetCommit, err = ctx.Repo.GitRepo.GetBranchCommit(refName.BranchName())
+	} else {
+		ctx.Flash.Error(ctx.Tr("form.git_ref_name_error", ref))
+		ctx.Redirect(redirectURL)
+		return
+	}
+	if err != nil {
+		ctx.Flash.Error(ctx.Tr("form.target_ref_not_exist", ref))
+		ctx.Redirect(redirectURL)
+		return
+	}
+
+	// get workflow entry from default branch commit
+	defaultBranchCommit, err := ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, err.Error())
+		return
+	}
+	entries, err := actions.ListWorkflows(defaultBranchCommit)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	// find workflow from commit
+	var workflows []*jobparser.SingleWorkflow
+	for _, entry := range entries {
+		if entry.Name() == workflowID {
+			content, err := actions.GetContentFromEntry(entry)
+			if err != nil {
+				ctx.Error(http.StatusInternalServerError, err.Error())
+				return
+			}
+			workflows, err = jobparser.Parse(content)
+			if err != nil {
+				ctx.ServerError("workflow", err)
+				return
+			}
+			break
+		}
+	}
+
+	if len(workflows) == 0 {
+		ctx.Flash.Error(ctx.Tr("actions.workflow.not_found", workflowID))
+		ctx.Redirect(redirectURL)
+		return
+	}
+
+	// get inputs from post
+	workflow := &model.Workflow{
+		RawOn: workflows[0].RawOn,
+	}
+	inputs := make(map[string]any)
+	if workflowDispatch := workflow.WorkflowDispatchConfig(); workflowDispatch != nil {
+		for name, config := range workflowDispatch.Inputs {
+			value := ctx.Req.PostForm.Get(name)
+			if config.Type == "boolean" {
+				// https://www.w3.org/TR/html401/interact/forms.html
+				// https://stackoverflow.com/questions/11424037/do-checkbox-inputs-only-post-data-if-theyre-checked
+				// Checkboxes (and radio buttons) are on/off switches that may be toggled by the user.
+				// A switch is "on" when the control element's checked attribute is set.
+				// When a form is submitted, only "on" checkbox controls can become successful.
+				inputs[name] = strconv.FormatBool(value == "on")
+			} else if value != "" {
+				inputs[name] = value
+			} else {
+				inputs[name] = config.Default
+			}
+		}
+	}
+
+	// ctx.Req.PostForm -> WorkflowDispatchPayload.Inputs -> ActionRun.EventPayload -> runner: ghc.Event
+	// https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
+	// https://docs.github.com/en/webhooks/webhook-events-and-payloads#workflow_dispatch
+	workflowDispatchPayload := &api.WorkflowDispatchPayload{
+		Workflow:   workflowID,
+		Ref:        ref,
+		Repository: convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeNone}),
+		Inputs:     inputs,
+		Sender:     convert.ToUserWithAccessMode(ctx, ctx.Doer, perm.AccessModeNone),
+	}
+	var eventPayload []byte
+	if eventPayload, err = workflowDispatchPayload.JSONPayload(); err != nil {
+		ctx.ServerError("JSONPayload", err)
+		return
+	}
+
+	run := &actions_model.ActionRun{
+		Title:             strings.SplitN(runTargetCommit.CommitMessage, "\n", 2)[0],
+		RepoID:            ctx.Repo.Repository.ID,
+		OwnerID:           ctx.Repo.Repository.OwnerID,
+		WorkflowID:        workflowID,
+		TriggerUserID:     ctx.Doer.ID,
+		Ref:               ref,
+		CommitSHA:         runTargetCommit.ID.String(),
+		IsForkPullRequest: false,
+		Event:             "workflow_dispatch",
+		TriggerEvent:      "workflow_dispatch",
+		EventPayload:      string(eventPayload),
+		Status:            actions_model.StatusWaiting,
+	}
+
+	// cancel running jobs of the same workflow
+	if err := actions_model.CancelPreviousJobs(
+		ctx,
+		run.RepoID,
+		run.Ref,
+		run.WorkflowID,
+		run.Event,
+	); err != nil {
+		log.Error("CancelRunningJobs: %v", err)
+	}
+
+	// Insert the action run and its associated jobs into the database
+	if err := actions_model.InsertRun(ctx, run, workflows); err != nil {
+		ctx.ServerError("workflow", err)
+		return
+	}
+
+	alljobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{RunID: run.ID})
+	if err != nil {
+		log.Error("FindRunJobs: %v", err)
+	}
+	actions_service.CreateCommitStatus(ctx, alljobs...)
+
+	ctx.Flash.Success(ctx.Tr("actions.workflow.run_success", workflowID))
+	ctx.Redirect(redirectURL)
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index 0e16c1ca6c9..4e917b5ede6 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1384,6 +1384,7 @@ func registerRoutes(m *web.Router) {
 		m.Get("", actions.List)
 		m.Post("/disable", reqRepoAdmin, actions.DisableWorkflowFile)
 		m.Post("/enable", reqRepoAdmin, actions.EnableWorkflowFile)
+		m.Post("/run", reqRepoAdmin, actions.Run)
 
 		m.Group("/runs/{run}", func() {
 			m.Combo("").
diff --git a/templates/repo/actions/list.tmpl b/templates/repo/actions/list.tmpl
index b66d0e360ab..7d782c0adeb 100644
--- a/templates/repo/actions/list.tmpl
+++ b/templates/repo/actions/list.tmpl
@@ -76,6 +76,11 @@
 						</button>
 					{{end}}
 				</div>
+
+				{{if .WorkflowDispatchConfig}}
+					{{template "repo/actions/workflow_dispatch" .}}
+				{{end}}
+
 				{{template "repo/actions/runs_list" .}}
 			</div>
 		</div>
diff --git a/templates/repo/actions/workflow_dispatch.tmpl b/templates/repo/actions/workflow_dispatch.tmpl
new file mode 100644
index 00000000000..21f3ef20772
--- /dev/null
+++ b/templates/repo/actions/workflow_dispatch.tmpl
@@ -0,0 +1,78 @@
+<div class="ui blue info message tw-flex tw-justify-between tw-items-center">
+	<span class="ui text middle">{{ctx.Locale.Tr "actions.workflow.has_workflow_dispatch"}}</span>
+	<button class="ui mini button show-modal" data-modal="#runWorkflowDispatchModal">{{ctx.Locale.Tr "actions.workflow.run"}}{{svg "octicon-triangle-down" 14 "dropdown icon"}}</button>
+</div>
+<div id="runWorkflowDispatchModal" class="ui tiny modal">
+	<div class="content">
+		<form id="runWorkflowDispatchForm" class="ui form" action="{{$.Link}}/run?workflow={{$.CurWorkflow}}&actor={{$.CurActor}}&status={{.Status}}" method="post">
+			{{.CsrfTokenHtml}}
+			<div class="ui inline field required tw-flex tw-items-center">
+				<span class="ui inline required field">
+					<label>{{ctx.Locale.Tr "actions.workflow.from_ref"}}:</label>
+				</span>
+				<div class="ui inline field dropdown button select-branch branch-selector-dropdown ellipsis-items-nowrap">
+					<input type="hidden" name="ref" value="refs/heads/{{index .Branches 0}}">
+					{{svg "octicon-git-branch" 14}}
+					<div class="default text">{{index .Branches 0}}</div>
+					{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+					<div class="menu transition">
+						<div class="ui icon search input">
+							<i class="icon">{{svg "octicon-filter" 16}}</i>
+							<input name="search" type="text" placeholder="{{ctx.Locale.Tr "repo.filter_branch_and_tag"}}...">
+						</div>
+						<div class="branch-tag-tab">
+							<a class="branch-tag-item reference column muted active" href="#" data-target="#branch-list">
+								{{svg "octicon-git-branch" 16 "tw-mr-1"}} {{ctx.Locale.Tr "repo.branches"}}
+							</a>
+							<a class="branch-tag-item reference column muted" href="#" data-target="#tag-list">
+								{{svg "octicon-tag" 16 "tw-mr-1"}} {{ctx.Locale.Tr "repo.tags"}}
+							</a>
+						</div>
+						<div class="branch-tag-divider"></div>
+						<div id="branch-list" class="scrolling menu reference-list-menu">
+							{{range .Branches}}
+								<div class="item" data-value="refs/heads/{{.}}" title="{{.}}">{{.}}</div>
+							{{else}}
+								<div class="item">{{ctx.Locale.Tr "no_results_found"}}</div>
+							{{end}}
+						</div>
+						<div id="tag-list" class="scrolling menu reference-list-menu tw-hidden">
+							{{range .Tags}}
+								<div class="item" data-value="refs/tags/{{.}}" title="{{.}}">{{.}}</div>
+							{{else}}
+								<div class="item">{{ctx.Locale.Tr "no_results_found"}}</div>
+							{{end}}
+						</div>
+					</div>
+				</div>
+			</div>
+
+			<div class="divider"></div>
+
+			{{range $item := .WorkflowDispatchConfig.Inputs}}
+			<div class="ui field {{if .Required}}required{{end}}">
+				{{if eq .Type "choice"}}
+					<label>{{.Description}}:</label>
+					<select class="ui selection type dropdown" name="{{.Name}}">
+						{{range .Options}}
+						<option value="{{.}}" {{if eq $item.Default .}}selected{{end}} >{{.}}</option>
+						{{end}}
+					</select>
+				{{else if eq .Type "boolean"}}
+					<div class="ui inline checkbox">
+						<label>{{.Description}}</label>
+						<input type="checkbox" name="{{.Name}}" {{if eq .Default "true"}}checked{{end}}>
+					</div>
+				{{else if eq .Type "number"}}
+					<label>{{.Description}}:</label>
+					<input name="{{.Name}}" value="{{.Default}}" {{if .Required}}required{{end}}>
+				{{else}}
+					<label>{{.Description}}:</label>
+					<input name="{{.Name}}" value="{{.Default}}" {{if .Required}}required{{end}}>
+				{{end}}
+			</div>
+			{{end}}
+			<button class="ui tiny primary button" type="submit">Submit</button>
+		</form>
+	</div>
+</div>
diff --git a/web_src/js/features/repo-legacy.ts b/web_src/js/features/repo-legacy.ts
index 75b485cc983..5844037770c 100644
--- a/web_src/js/features/repo-legacy.ts
+++ b/web_src/js/features/repo-legacy.ts
@@ -43,6 +43,19 @@ function reloadConfirmDraftComment() {
   window.location.reload();
 }
 
+export function initBranchSelectorTabs() {
+  const elSelectBranch = document.querySelector('.ui.dropdown.select-branch');
+  if (!elSelectBranch) return;
+
+  $(elSelectBranch).find('.reference.column').on('click', function () {
+    hideElem($(elSelectBranch).find('.scrolling.reference-list-menu'));
+    showElem(this.getAttribute('data-target'));
+    queryElemChildren(this.parentNode, '.branch-tag-item', (el) => el.classList.remove('active'));
+    this.classList.add('active');
+    return false;
+  });
+}
+
 export function initRepoCommentForm() {
   const $commentForm = $('.comment.form');
   if (!$commentForm.length) return;
@@ -81,13 +94,6 @@ export function initRepoCommentForm() {
         elSelectBranch.querySelector('.text-branch-name').textContent = selectedText;
       }
     });
-    $selectBranch.find('.reference.column').on('click', function () {
-      hideElem($selectBranch.find('.scrolling.reference-list-menu'));
-      showElem(this.getAttribute('data-target'));
-      queryElemChildren(this.parentNode, '.branch-tag-item', (el) => el.classList.remove('active'));
-      this.classList.add('active');
-      return false;
-    });
   }
 
   initBranchSelector();
diff --git a/web_src/js/index.ts b/web_src/js/index.ts
index 81b8828dba9..2bdc8655fe3 100644
--- a/web_src/js/index.ts
+++ b/web_src/js/index.ts
@@ -60,7 +60,7 @@ import {initCompWebHookEditor} from './features/comp/WebHookEditor.ts';
 import {initRepoBranchButton} from './features/repo-branch.ts';
 import {initCommonOrganization} from './features/common-organization.ts';
 import {initRepoWikiForm} from './features/repo-wiki.ts';
-import {initRepoCommentForm, initRepository} from './features/repo-legacy.ts';
+import {initRepoCommentForm, initRepository, initBranchSelectorTabs} from './features/repo-legacy.ts';
 import {initCopyContent} from './features/copycontent.ts';
 import {initCaptcha} from './features/captcha.ts';
 import {initRepositoryActionView} from './components/RepoActionView.vue';
@@ -182,6 +182,7 @@ onDomReady(() => {
     initRepoBranchButton,
     initRepoCodeView,
     initRepoCommentForm,
+    initBranchSelectorTabs,
     initRepoEllipsisButton,
     initRepoDiffCommitBranchesAndTags,
     initRepoEditor,

From 4f5c96627b4622d64593db2d436b1f3befa5f3c3 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 20 Aug 2024 00:25:41 +0800
Subject: [PATCH 011/129] Fix actions notify bug (#31866)

Try to fix
https://github.com/go-gitea/gitea/issues/31757#issuecomment-2295131062
---
 services/actions/notifier.go              |  2 +-
 services/actions/notifier_helper.go       | 25 ++++++++++++++---------
 tests/integration/actions_trigger_test.go |  4 ++--
 3 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/services/actions/notifier.go b/services/actions/notifier.go
index 6551da39e72..a4ebdf9e888 100644
--- a/services/actions/notifier.go
+++ b/services/actions/notifier.go
@@ -386,7 +386,7 @@ func (n *actionsNotifier) ForkRepository(ctx context.Context, doer *user_model.U
 	// Add to hook queue for created repo after session commit.
 	if u.IsOrganization() {
 		newNotifyInput(repo, doer, webhook_module.HookEventRepository).
-			WithRef(oldRepo.DefaultBranch).
+			WithRef(git.RefNameFromBranch(oldRepo.DefaultBranch).String()).
 			WithPayload(&api.RepositoryPayload{
 				Action:       api.HookRepoCreated,
 				Repository:   convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 1d09a222c02..0030ef9a916 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -65,7 +65,7 @@ type notifyInput struct {
 	Event webhook_module.HookEventType
 
 	// optional
-	Ref         string
+	Ref         git.RefName
 	Payload     api.Payloader
 	PullRequest *issues_model.PullRequest
 }
@@ -89,7 +89,7 @@ func (input *notifyInput) WithDoer(doer *user_model.User) *notifyInput {
 }
 
 func (input *notifyInput) WithRef(ref string) *notifyInput {
-	input.Ref = ref
+	input.Ref = git.RefName(ref)
 	return input
 }
 
@@ -101,7 +101,7 @@ func (input *notifyInput) WithPayload(payload api.Payloader) *notifyInput {
 func (input *notifyInput) WithPullRequest(pr *issues_model.PullRequest) *notifyInput {
 	input.PullRequest = pr
 	if input.Ref == "" {
-		input.Ref = pr.GetGitRefName()
+		input.Ref = git.RefName(pr.GetGitRefName())
 	}
 	return input
 }
@@ -144,20 +144,25 @@ func notify(ctx context.Context, input *notifyInput) error {
 	defer gitRepo.Close()
 
 	ref := input.Ref
-	if ref != input.Repo.DefaultBranch && actions_module.IsDefaultBranchWorkflow(input.Event) {
+	if ref.BranchName() != input.Repo.DefaultBranch && actions_module.IsDefaultBranchWorkflow(input.Event) {
 		if ref != "" {
 			log.Warn("Event %q should only trigger workflows on the default branch, but its ref is %q. Will fall back to the default branch",
 				input.Event, ref)
 		}
-		ref = input.Repo.DefaultBranch
+		ref = git.RefNameFromBranch(input.Repo.DefaultBranch)
 	}
 	if ref == "" {
 		log.Warn("Ref of event %q is empty, will fall back to the default branch", input.Event)
-		ref = input.Repo.DefaultBranch
+		ref = git.RefNameFromBranch(input.Repo.DefaultBranch)
+	}
+
+	commitID, err := gitRepo.GetRefCommitID(ref.String())
+	if err != nil {
+		return fmt.Errorf("gitRepo.GetRefCommitID: %w", err)
 	}
 
 	// Get the commit object for the ref
-	commit, err := gitRepo.GetCommit(ref)
+	commit, err := gitRepo.GetCommit(commitID)
 	if err != nil {
 		return fmt.Errorf("gitRepo.GetCommit: %w", err)
 	}
@@ -168,7 +173,7 @@ func notify(ctx context.Context, input *notifyInput) error {
 
 	var detectedWorkflows []*actions_module.DetectedWorkflow
 	actionsConfig := input.Repo.MustGetUnit(ctx, unit_model.TypeActions).ActionsConfig()
-	shouldDetectSchedules := input.Event == webhook_module.HookEventPush && git.RefName(input.Ref).BranchName() == input.Repo.DefaultBranch
+	shouldDetectSchedules := input.Event == webhook_module.HookEventPush && input.Ref.BranchName() == input.Repo.DefaultBranch
 	workflows, schedules, err := actions_module.DetectWorkflows(gitRepo, commit,
 		input.Event,
 		input.Payload,
@@ -220,12 +225,12 @@ func notify(ctx context.Context, input *notifyInput) error {
 	}
 
 	if shouldDetectSchedules {
-		if err := handleSchedules(ctx, schedules, commit, input, ref); err != nil {
+		if err := handleSchedules(ctx, schedules, commit, input, ref.String()); err != nil {
 			return err
 		}
 	}
 
-	return handleWorkflows(ctx, detectedWorkflows, commit, input, ref)
+	return handleWorkflows(ctx, detectedWorkflows, commit, input, ref.String())
 }
 
 func skipWorkflows(input *notifyInput, commit *git.Commit) bool {
diff --git a/tests/integration/actions_trigger_test.go b/tests/integration/actions_trigger_test.go
index ed0c6073743..c254c909583 100644
--- a/tests/integration/actions_trigger_test.go
+++ b/tests/integration/actions_trigger_test.go
@@ -427,7 +427,7 @@ func TestCreateDeleteRefEvent(t *testing.T) {
 			Title:      "add workflow",
 			RepoID:     repo.ID,
 			Event:      "delete",
-			Ref:        "main",
+			Ref:        "refs/heads/main",
 			WorkflowID: "createdelete.yml",
 			CommitSHA:  branch.CommitID,
 		})
@@ -442,7 +442,7 @@ func TestCreateDeleteRefEvent(t *testing.T) {
 			Title:      "add workflow",
 			RepoID:     repo.ID,
 			Event:      "delete",
-			Ref:        "main",
+			Ref:        "refs/heads/main",
 			WorkflowID: "createdelete.yml",
 			CommitSHA:  branch.CommitID,
 		})

From ccf7366db0b47e0720a61666acdaa6e6ab1e2273 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 20 Aug 2024 01:04:06 +0800
Subject: [PATCH 012/129] Add tag name in the commits list (#31082)

Fix #10036

This PR adds some labels for tags of this commit after the commit
message on the commits table. The tag template is share as commit
graph's.

Desktop:
<img width="1302" alt="image"
src="https://github.com/go-gitea/gitea/assets/81045/ba94e1e6-2a3d-44f3-85a3-575fb5667c97">

Mobile:
<img width="370" alt="image"
src="https://github.com/go-gitea/gitea/assets/81045/e3eb1f44-3686-4012-aa9d-52cd88b22c0e">
---
 models/migrations/migrations.go   |  2 ++
 models/migrations/v1_23/v304.go   | 13 +++++++++++++
 models/repo/release.go            | 16 +++++++++++++++-
 models/repo/release_test.go       | 13 +++++++++++++
 options/locale/locale_en-US.ini   |  1 +
 routers/web/repo/commit.go        | 12 +++++++++++-
 templates/repo/commits_list.tmpl  |  5 +++++
 templates/repo/graph/commits.tmpl |  4 +---
 templates/repo/tag/name.tmpl      |  3 +++
 9 files changed, 64 insertions(+), 5 deletions(-)
 create mode 100644 models/migrations/v1_23/v304.go
 create mode 100644 templates/repo/tag/name.tmpl

diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index a3264160e54..13551423ce4 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -599,6 +599,8 @@ var migrations = []Migration{
 	NewMigration("Add index to action_task stopped log_expired", v1_23.AddIndexToActionTaskStoppedLogExpired),
 	// v303 -> v304
 	NewMigration("Add metadata column for comment table", v1_23.AddCommentMetaDataColumn),
+	// v304 -> v305
+	NewMigration("Add index for release sha1", v1_23.AddIndexForReleaseSha1),
 }
 
 // GetCurrentDBVersion returns the current db version
diff --git a/models/migrations/v1_23/v304.go b/models/migrations/v1_23/v304.go
new file mode 100644
index 00000000000..65cffedbd99
--- /dev/null
+++ b/models/migrations/v1_23/v304.go
@@ -0,0 +1,13 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_23 //nolint
+
+import "xorm.io/xorm"
+
+func AddIndexForReleaseSha1(x *xorm.Engine) error {
+	type Release struct {
+		Sha1 string `xorm:"INDEX VARCHAR(64)"`
+	}
+	return x.Sync(new(Release))
+}
diff --git a/models/repo/release.go b/models/repo/release.go
index 3123edd9780..16432583011 100644
--- a/models/repo/release.go
+++ b/models/repo/release.go
@@ -77,7 +77,7 @@ type Release struct {
 	Target           string
 	TargetBehind     string `xorm:"-"` // to handle non-existing or empty target
 	Title            string
-	Sha1             string `xorm:"VARCHAR(64)"`
+	Sha1             string `xorm:"INDEX VARCHAR(64)"`
 	NumCommits       int64
 	NumCommitsBehind int64              `xorm:"-"`
 	Note             string             `xorm:"TEXT"`
@@ -537,3 +537,17 @@ func InsertReleases(ctx context.Context, rels ...*Release) error {
 
 	return committer.Commit()
 }
+
+func FindTagsByCommitIDs(ctx context.Context, repoID int64, commitIDs ...string) (map[string][]*Release, error) {
+	releases := make([]*Release, 0, len(commitIDs))
+	if err := db.GetEngine(ctx).Where("repo_id=?", repoID).
+		In("sha1", commitIDs).
+		Find(&releases); err != nil {
+		return nil, err
+	}
+	res := make(map[string][]*Release, len(releases))
+	for _, r := range releases {
+		res[r.Sha1] = append(res[r.Sha1], r)
+	}
+	return res, nil
+}
diff --git a/models/repo/release_test.go b/models/repo/release_test.go
index 3643bff7f16..41ea083229d 100644
--- a/models/repo/release_test.go
+++ b/models/repo/release_test.go
@@ -25,3 +25,16 @@ func TestMigrate_InsertReleases(t *testing.T) {
 	err := InsertReleases(db.DefaultContext, r)
 	assert.NoError(t, err)
 }
+
+func Test_FindTagsByCommitIDs(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	sha1Rels, err := FindTagsByCommitIDs(db.DefaultContext, 1, "65f1bf27bc3bf70f64657658635e66094edbcb4d")
+	assert.NoError(t, err)
+	assert.Len(t, sha1Rels, 1)
+	rels := sha1Rels["65f1bf27bc3bf70f64657658635e66094edbcb4d"]
+	assert.Len(t, rels, 3)
+	assert.Equal(t, "v1.1", rels[0].TagName)
+	assert.Equal(t, "delete-tag", rels[1].TagName)
+	assert.Equal(t, "v1.0", rels[2].TagName)
+}
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index ef7628967c5..042fd549a0b 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1274,6 +1274,7 @@ commit_graph.color = Color
 commit.contained_in = This commit is contained in:
 commit.contained_in_default_branch = This commit is part of the default branch
 commit.load_referencing_branches_and_tags = Load branches and tags referencing this commit
+commit.load_tags_failed = Load tags failed because of internal error
 blame = Blame
 download_file = Download file
 normal_view = Normal View
diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index e5d84db6179..c91d5fad056 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -83,7 +83,17 @@ func Commits(ctx *context.Context) {
 		return
 	}
 	ctx.Data["Commits"] = processGitCommits(ctx, commits)
-
+	commitIDs := make([]string, 0, len(commits))
+	for _, c := range commits {
+		commitIDs = append(commitIDs, c.ID.String())
+	}
+	commitsTagsMap, err := repo_model.FindTagsByCommitIDs(ctx, ctx.Repo.Repository.ID, commitIDs...)
+	if err != nil {
+		log.Error("FindTagsByCommitIDs: %v", err)
+		ctx.Flash.Error(ctx.Tr("repo.commit.load_tags_failed"))
+	} else {
+		ctx.Data["CommitsTagsMap"] = commitsTagsMap
+	}
 	ctx.Data["Username"] = ctx.Repo.Owner.Name
 	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
 	ctx.Data["CommitCount"] = commitsCount
diff --git a/templates/repo/commits_list.tmpl b/templates/repo/commits_list.tmpl
index bb5d2a03947..917a445fde9 100644
--- a/templates/repo/commits_list.tmpl
+++ b/templates/repo/commits_list.tmpl
@@ -72,6 +72,11 @@
 						{{if IsMultilineCommitMessage .Message}}
 						<pre class="commit-body tw-hidden">{{RenderCommitBody $.Context .Message ($.Repository.ComposeMetas ctx)}}</pre>
 						{{end}}
+						{{if $.CommitsTagsMap}}
+							{{range (index $.CommitsTagsMap .ID.String)}}
+								{{- template "repo/tag/name" dict "RepoLink" $.Repository.Link "TagName" .TagName "IsRelease" (not .IsTag) -}}
+							{{end}}
+						{{end}}
 					</td>
 					{{if .Committer}}
 						<td class="text right aligned">{{TimeSince .Committer.When ctx.Locale}}</td>
diff --git a/templates/repo/graph/commits.tmpl b/templates/repo/graph/commits.tmpl
index 39b86d9a164..9b179552df8 100644
--- a/templates/repo/graph/commits.tmpl
+++ b/templates/repo/graph/commits.tmpl
@@ -42,9 +42,7 @@
 									</a>
 								{{end}}
 							{{else if eq $refGroup "tags"}}
-								<a class="ui labelled basic tiny button" href="{{$.RepoLink}}/src/tag/{{.ShortName|PathEscape}}">
-									{{svg "octicon-tag"}} {{.ShortName}}
-								</a>
+								{{- template "repo/tag/name" dict "RepoLink" $.Repository.Link "TagName" .ShortName -}}
 							{{else if eq $refGroup "remotes"}}
 								<a class="ui labelled basic tiny button" href="{{$.RepoLink}}/src/commit/{{$commit.Rev|PathEscape}}">
 									{{svg "octicon-cross-reference"}} {{.ShortName}}
diff --git a/templates/repo/tag/name.tmpl b/templates/repo/tag/name.tmpl
new file mode 100644
index 00000000000..c3042014d3f
--- /dev/null
+++ b/templates/repo/tag/name.tmpl
@@ -0,0 +1,3 @@
+<a class="ui label basic tiny button{{if .IsRelease}} primary{{end}}" href="{{.RepoLink}}/src/tag/{{.TagName|PathEscape}}">
+{{svg "octicon-tag"}} {{.TagName}}
+</a>

From 0d24c9f383255605d68a92cc5f087c3f16a1d735 Mon Sep 17 00:00:00 2001
From: Rowan Bohde <rowan.bohde@gmail.com>
Date: Mon, 19 Aug 2024 12:58:53 -0500
Subject: [PATCH 013/129] add CfTurnstileSitekey context data to all captcha
 templates (#31874)

In the OpenID flows, the "CfTurnstileSitekey" wasn't populated, which
caused those flows to fail if using Turnstile as the Captcha
implementation.

This adds the missing context variables, allowing Turnstile to be used
in the OpenID flows.
---
 routers/web/auth/linkaccount.go | 3 +++
 routers/web/auth/openid.go      | 1 +
 2 files changed, 4 insertions(+)

diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go
index 24130df6343..519431d92b7 100644
--- a/routers/web/auth/linkaccount.go
+++ b/routers/web/auth/linkaccount.go
@@ -40,6 +40,7 @@ func LinkAccount(ctx *context.Context) {
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
 	ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
 	ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+	ctx.Data["CfTurnstileSitekey"] = setting.Service.CfTurnstileSitekey
 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
 	ctx.Data["AllowOnlyInternalRegistration"] = setting.Service.AllowOnlyInternalRegistration
 	ctx.Data["ShowRegistrationButton"] = false
@@ -132,6 +133,7 @@ func LinkAccountPostSignIn(ctx *context.Context) {
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
 	ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
 	ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+	ctx.Data["CfTurnstileSitekey"] = setting.Service.CfTurnstileSitekey
 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
 	ctx.Data["ShowRegistrationButton"] = false
 
@@ -219,6 +221,7 @@ func LinkAccountPostRegister(ctx *context.Context) {
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
 	ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
 	ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+	ctx.Data["CfTurnstileSitekey"] = setting.Service.CfTurnstileSitekey
 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
 	ctx.Data["ShowRegistrationButton"] = false
 
diff --git a/routers/web/auth/openid.go b/routers/web/auth/openid.go
index 2143b8096a0..83268faacb6 100644
--- a/routers/web/auth/openid.go
+++ b/routers/web/auth/openid.go
@@ -307,6 +307,7 @@ func RegisterOpenID(ctx *context.Context) {
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
 	ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
 	ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+	ctx.Data["CfTurnstileSitekey"] = setting.Service.CfTurnstileSitekey
 	ctx.Data["OpenID"] = oid
 	userName, _ := ctx.Session.Get("openid_determined_username").(string)
 	if userName != "" {

From 8b92eba21f5c5cca277b8101ada0ea7a1fb32ae0 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 20 Aug 2024 14:17:21 +0800
Subject: [PATCH 014/129] Fix agit automerge (#31207)

---
 models/fixtures/repository.yml                |   2 +-
 services/automerge/automerge.go               |  18 ++-
 .../user2/repo1.git/hooks/proc-receive        |   7 +
 .../repo1.git/hooks/proc-receive.d/gitea      |   2 +
 tests/integration/pull_merge_test.go          | 130 ++++++++++++++++++
 5 files changed, 155 insertions(+), 4 deletions(-)
 create mode 100755 tests/gitea-repositories-meta/user2/repo1.git/hooks/proc-receive
 create mode 100755 tests/gitea-repositories-meta/user2/repo1.git/hooks/proc-receive.d/gitea

diff --git a/models/fixtures/repository.yml b/models/fixtures/repository.yml
index e1f1dd73679..9adc6c855b1 100644
--- a/models/fixtures/repository.yml
+++ b/models/fixtures/repository.yml
@@ -26,7 +26,7 @@
   fork_id: 0
   is_template: false
   template_id: 0
-  size: 7320
+  size: 7597
   is_fsck_enabled: true
   close_issues_via_commit_in_any_branch: false
 
diff --git a/services/automerge/automerge.go b/services/automerge/automerge.go
index 10f3c28d56b..ed7a0141b9f 100644
--- a/services/automerge/automerge.go
+++ b/services/automerge/automerge.go
@@ -245,9 +245,21 @@ func handlePullRequestAutoMerge(pullID int64, sha string) {
 		defer headGitRepo.Close()
 	}
 
-	headBranchExist := headGitRepo.IsBranchExist(pr.HeadBranch)
-	if pr.HeadRepo == nil || !headBranchExist {
-		log.Warn("Head branch of auto merge %-v does not exist [HeadRepoID: %d, Branch: %s]", pr, pr.HeadRepoID, pr.HeadBranch)
+	switch pr.Flow {
+	case issues_model.PullRequestFlowGithub:
+		headBranchExist := headGitRepo.IsBranchExist(pr.HeadBranch)
+		if pr.HeadRepo == nil || !headBranchExist {
+			log.Warn("Head branch of auto merge %-v does not exist [HeadRepoID: %d, Branch: %s]", pr, pr.HeadRepoID, pr.HeadBranch)
+			return
+		}
+	case issues_model.PullRequestFlowAGit:
+		headBranchExist := git.IsReferenceExist(ctx, baseGitRepo.Path, pr.GetGitRefName())
+		if !headBranchExist {
+			log.Warn("Head branch of auto merge %-v does not exist [HeadRepoID: %d, Branch(Agit): %s]", pr, pr.HeadRepoID, pr.HeadBranch)
+			return
+		}
+	default:
+		log.Error("wrong flow type %d", pr.Flow)
 		return
 	}
 
diff --git a/tests/gitea-repositories-meta/user2/repo1.git/hooks/proc-receive b/tests/gitea-repositories-meta/user2/repo1.git/hooks/proc-receive
new file mode 100755
index 00000000000..af2808b0370
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo1.git/hooks/proc-receive
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/proc-receive.d"`; do
+    sh "$SHELL_FOLDER/proc-receive.d/$i"
+done
diff --git a/tests/gitea-repositories-meta/user2/repo1.git/hooks/proc-receive.d/gitea b/tests/gitea-repositories-meta/user2/repo1.git/hooks/proc-receive.d/gitea
new file mode 100755
index 00000000000..97521c62115
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo1.git/hooks/proc-receive.d/gitea
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" proc-receive
diff --git a/tests/integration/pull_merge_test.go b/tests/integration/pull_merge_test.go
index 3e7054c7e83..9a412329a1c 100644
--- a/tests/integration/pull_merge_test.go
+++ b/tests/integration/pull_merge_test.go
@@ -31,6 +31,7 @@ import (
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
 	"code.gitea.io/gitea/modules/queue"
+	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/modules/translation"
@@ -846,3 +847,132 @@ func TestPullAutoMergeAfterCommitStatusSucceedAndApproval(t *testing.T) {
 		unittest.AssertNotExistsBean(t, &pull_model.AutoMerge{PullID: pr.ID})
 	})
 }
+
+func TestPullAutoMergeAfterCommitStatusSucceedAndApprovalForAgitFlow(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		// create a pull request
+		baseAPITestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+
+		dstPath := t.TempDir()
+
+		u.Path = baseAPITestContext.GitPath()
+		u.User = url.UserPassword("user2", userPassword)
+
+		t.Run("Clone", doGitClone(dstPath, u))
+
+		err := os.WriteFile(path.Join(dstPath, "test_file"), []byte("## test content"), 0o666)
+		assert.NoError(t, err)
+
+		err = git.AddChanges(dstPath, true)
+		assert.NoError(t, err)
+
+		err = git.CommitChanges(dstPath, git.CommitChangesOptions{
+			Committer: &git.Signature{
+				Email: "user2@example.com",
+				Name:  "user2",
+				When:  time.Now(),
+			},
+			Author: &git.Signature{
+				Email: "user2@example.com",
+				Name:  "user2",
+				When:  time.Now(),
+			},
+			Message: "Testing commit 1",
+		})
+		assert.NoError(t, err)
+
+		stderrBuf := &bytes.Buffer{}
+
+		err = git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master", "-o").
+			AddDynamicArguments(`topic=test/head2`).
+			AddArguments("-o").
+			AddDynamicArguments(`title="create a test pull request with agit"`).
+			AddArguments("-o").
+			AddDynamicArguments(`description="This PR is a test pull request which created with agit"`).
+			Run(&git.RunOpts{Dir: dstPath, Stderr: stderrBuf})
+		assert.NoError(t, err)
+
+		assert.Contains(t, stderrBuf.String(), setting.AppURL+"user2/repo1/pulls/6")
+
+		baseRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerName: "user2", Name: "repo1"})
+		pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{
+			Flow:       issues_model.PullRequestFlowAGit,
+			BaseRepoID: baseRepo.ID,
+			BaseBranch: "master",
+			HeadRepoID: baseRepo.ID,
+			HeadBranch: "user2/test/head2",
+		})
+
+		session := loginUser(t, "user1")
+		// add protected branch for commit status
+		csrf := GetCSRF(t, session, "/user2/repo1/settings/branches")
+		// Change master branch to protected
+		req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{
+			"_csrf":                 csrf,
+			"rule_name":             "master",
+			"enable_push":           "true",
+			"enable_status_check":   "true",
+			"status_check_contexts": "gitea/actions",
+			"required_approvals":    "1",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+		// first time insert automerge record, return true
+		scheduled, err := automerge.ScheduleAutoMerge(db.DefaultContext, user1, pr, repo_model.MergeStyleMerge, "auto merge test")
+		assert.NoError(t, err)
+		assert.True(t, scheduled)
+
+		// second time insert automerge record, return false because it does exist
+		scheduled, err = automerge.ScheduleAutoMerge(db.DefaultContext, user1, pr, repo_model.MergeStyleMerge, "auto merge test")
+		assert.Error(t, err)
+		assert.False(t, scheduled)
+
+		// reload pr again
+		pr = unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: pr.ID})
+		assert.False(t, pr.HasMerged)
+		assert.Empty(t, pr.MergedCommitID)
+
+		// update commit status to success, then it should be merged automatically
+		baseGitRepo, err := gitrepo.OpenRepository(db.DefaultContext, baseRepo)
+		assert.NoError(t, err)
+		sha, err := baseGitRepo.GetRefCommitID(pr.GetGitRefName())
+		assert.NoError(t, err)
+		masterCommitID, err := baseGitRepo.GetBranchCommitID("master")
+		assert.NoError(t, err)
+		baseGitRepo.Close()
+		defer func() {
+			testResetRepo(t, baseRepo.RepoPath(), "master", masterCommitID)
+		}()
+
+		err = commitstatus_service.CreateCommitStatus(db.DefaultContext, baseRepo, user1, sha, &git_model.CommitStatus{
+			State:     api.CommitStatusSuccess,
+			TargetURL: "https://gitea.com",
+			Context:   "gitea/actions",
+		})
+		assert.NoError(t, err)
+
+		time.Sleep(2 * time.Second)
+
+		// reload pr again
+		pr = unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: pr.ID})
+		assert.False(t, pr.HasMerged)
+		assert.Empty(t, pr.MergedCommitID)
+
+		// approve the PR from non-author
+		approveSession := loginUser(t, "user1")
+		req = NewRequest(t, "GET", fmt.Sprintf("/user2/repo1/pulls/%d", pr.Index))
+		resp := approveSession.MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		testSubmitReview(t, approveSession, htmlDoc.GetCSRF(), "user2", "repo1", strconv.Itoa(int(pr.Index)), sha, "approve", http.StatusOK)
+
+		time.Sleep(2 * time.Second)
+
+		// realod pr again
+		pr = unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: pr.ID})
+		assert.True(t, pr.HasMerged)
+		assert.NotEmpty(t, pr.MergedCommitID)
+
+		unittest.AssertNotExistsBean(t, &pull_model.AutoMerge{PullID: pr.ID})
+	})
+}

From c03baab678ba5b2e9d974aea147e660417f5d3f7 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 21 Aug 2024 01:04:57 +0800
Subject: [PATCH 015/129] Refactor the usage of batch catfile (#31754)

When opening a repository, it will call `ensureValidRepository` and also
`CatFileBatch`. But sometimes these will not be used until repository
closed. So it's a waste of CPU to invoke 3 times git command for every
open repository.

This PR removed all of these from `OpenRepository` but only kept
checking whether the folder exists. When a batch is necessary, the
necessary functions will be invoked.
---
 modules/git/batch.go                          | 46 +++++++++
 modules/git/batch_reader.go                   | 12 +--
 modules/git/blob_nogogit.go                   | 15 ++-
 modules/git/commit_info_nogogit.go            |  5 +-
 modules/git/pipeline/lfs_nogogit.go           |  5 +-
 modules/git/repo_base_nogogit.go              | 96 ++++++++++---------
 modules/git/repo_branch_nogogit.go            | 16 +++-
 modules/git/repo_commit_nogogit.go            | 21 +++-
 modules/git/repo_language_stats_nogogit.go    |  5 +-
 modules/git/repo_tag_nogogit.go               | 12 ++-
 modules/git/repo_tree_nogogit.go              |  5 +-
 modules/git/tree_entry_nogogit.go             |  8 +-
 modules/git/tree_nogogit.go                   |  5 +-
 modules/indexer/code/bleve/bleve.go           | 20 ++--
 .../code/elasticsearch/elasticsearch.go       | 20 ++--
 15 files changed, 201 insertions(+), 90 deletions(-)
 create mode 100644 modules/git/batch.go

diff --git a/modules/git/batch.go b/modules/git/batch.go
new file mode 100644
index 00000000000..3ec4f1ddccf
--- /dev/null
+++ b/modules/git/batch.go
@@ -0,0 +1,46 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package git
+
+import (
+	"bufio"
+	"context"
+)
+
+type Batch struct {
+	cancel context.CancelFunc
+	Reader *bufio.Reader
+	Writer WriteCloserError
+}
+
+func (repo *Repository) NewBatch(ctx context.Context) (*Batch, error) {
+	// Now because of some insanity with git cat-file not immediately failing if not run in a valid git directory we need to run git rev-parse first!
+	if err := ensureValidGitRepository(ctx, repo.Path); err != nil {
+		return nil, err
+	}
+
+	var batch Batch
+	batch.Writer, batch.Reader, batch.cancel = catFileBatch(ctx, repo.Path)
+	return &batch, nil
+}
+
+func (repo *Repository) NewBatchCheck(ctx context.Context) (*Batch, error) {
+	// Now because of some insanity with git cat-file not immediately failing if not run in a valid git directory we need to run git rev-parse first!
+	if err := ensureValidGitRepository(ctx, repo.Path); err != nil {
+		return nil, err
+	}
+
+	var check Batch
+	check.Writer, check.Reader, check.cancel = catFileBatchCheck(ctx, repo.Path)
+	return &check, nil
+}
+
+func (b *Batch) Close() {
+	if b.cancel != nil {
+		b.cancel()
+		b.Reader = nil
+		b.Writer = nil
+		b.cancel = nil
+	}
+}
diff --git a/modules/git/batch_reader.go b/modules/git/batch_reader.go
index c988d6ab86e..3b1a466b2ea 100644
--- a/modules/git/batch_reader.go
+++ b/modules/git/batch_reader.go
@@ -26,10 +26,10 @@ type WriteCloserError interface {
 	CloseWithError(err error) error
 }
 
-// EnsureValidGitRepository runs git rev-parse in the repository path - thus ensuring that the repository is a valid repository.
+// ensureValidGitRepository runs git rev-parse in the repository path - thus ensuring that the repository is a valid repository.
 // Run before opening git cat-file.
 // This is needed otherwise the git cat-file will hang for invalid repositories.
-func EnsureValidGitRepository(ctx context.Context, repoPath string) error {
+func ensureValidGitRepository(ctx context.Context, repoPath string) error {
 	stderr := strings.Builder{}
 	err := NewCommand(ctx, "rev-parse").
 		SetDescription(fmt.Sprintf("%s rev-parse [repo_path: %s]", GitExecutable, repoPath)).
@@ -43,8 +43,8 @@ func EnsureValidGitRepository(ctx context.Context, repoPath string) error {
 	return nil
 }
 
-// CatFileBatchCheck opens git cat-file --batch-check in the provided repo and returns a stdin pipe, a stdout reader and cancel function
-func CatFileBatchCheck(ctx context.Context, repoPath string) (WriteCloserError, *bufio.Reader, func()) {
+// catFileBatchCheck opens git cat-file --batch-check in the provided repo and returns a stdin pipe, a stdout reader and cancel function
+func catFileBatchCheck(ctx context.Context, repoPath string) (WriteCloserError, *bufio.Reader, func()) {
 	batchStdinReader, batchStdinWriter := io.Pipe()
 	batchStdoutReader, batchStdoutWriter := io.Pipe()
 	ctx, ctxCancel := context.WithCancel(ctx)
@@ -93,8 +93,8 @@ func CatFileBatchCheck(ctx context.Context, repoPath string) (WriteCloserError,
 	return batchStdinWriter, batchReader, cancel
 }
 
-// CatFileBatch opens git cat-file --batch in the provided repo and returns a stdin pipe, a stdout reader and cancel function
-func CatFileBatch(ctx context.Context, repoPath string) (WriteCloserError, *bufio.Reader, func()) {
+// catFileBatch opens git cat-file --batch in the provided repo and returns a stdin pipe, a stdout reader and cancel function
+func catFileBatch(ctx context.Context, repoPath string) (WriteCloserError, *bufio.Reader, func()) {
 	// We often want to feed the commits in order into cat-file --batch, followed by their trees and sub trees as necessary.
 	// so let's create a batch stdin and stdout
 	batchStdinReader, batchStdinWriter := io.Pipe()
diff --git a/modules/git/blob_nogogit.go b/modules/git/blob_nogogit.go
index 945a6bc432c..af3ce376d6a 100644
--- a/modules/git/blob_nogogit.go
+++ b/modules/git/blob_nogogit.go
@@ -26,9 +26,12 @@ type Blob struct {
 // DataAsync gets a ReadCloser for the contents of a blob without reading it all.
 // Calling the Close function on the result will discard all unread output.
 func (b *Blob) DataAsync() (io.ReadCloser, error) {
-	wr, rd, cancel := b.repo.CatFileBatch(b.repo.Ctx)
+	wr, rd, cancel, err := b.repo.CatFileBatch(b.repo.Ctx)
+	if err != nil {
+		return nil, err
+	}
 
-	_, err := wr.Write([]byte(b.ID.String() + "\n"))
+	_, err = wr.Write([]byte(b.ID.String() + "\n"))
 	if err != nil {
 		cancel()
 		return nil, err
@@ -64,9 +67,13 @@ func (b *Blob) Size() int64 {
 		return b.size
 	}
 
-	wr, rd, cancel := b.repo.CatFileBatchCheck(b.repo.Ctx)
+	wr, rd, cancel, err := b.repo.CatFileBatchCheck(b.repo.Ctx)
+	if err != nil {
+		log.Debug("error whilst reading size for %s in %s. Error: %v", b.ID.String(), b.repo.Path, err)
+		return 0
+	}
 	defer cancel()
-	_, err := wr.Write([]byte(b.ID.String() + "\n"))
+	_, err = wr.Write([]byte(b.ID.String() + "\n"))
 	if err != nil {
 		log.Debug("error whilst reading size for %s in %s. Error: %v", b.ID.String(), b.repo.Path, err)
 		return 0
diff --git a/modules/git/commit_info_nogogit.go b/modules/git/commit_info_nogogit.go
index 7c369b07f9e..cfde64a0339 100644
--- a/modules/git/commit_info_nogogit.go
+++ b/modules/git/commit_info_nogogit.go
@@ -124,7 +124,10 @@ func GetLastCommitForPaths(ctx context.Context, commit *Commit, treePath string,
 		return nil, err
 	}
 
-	batchStdinWriter, batchReader, cancel := commit.repo.CatFileBatch(ctx)
+	batchStdinWriter, batchReader, cancel, err := commit.repo.CatFileBatch(ctx)
+	if err != nil {
+		return nil, err
+	}
 	defer cancel()
 
 	commitsMap := map[string]*Commit{}
diff --git a/modules/git/pipeline/lfs_nogogit.go b/modules/git/pipeline/lfs_nogogit.go
index 349cfbd9ce5..b22805c1327 100644
--- a/modules/git/pipeline/lfs_nogogit.go
+++ b/modules/git/pipeline/lfs_nogogit.go
@@ -46,7 +46,10 @@ func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, err
 
 	// Next feed the commits in order into cat-file --batch, followed by their trees and sub trees as necessary.
 	// so let's create a batch stdin and stdout
-	batchStdinWriter, batchReader, cancel := repo.CatFileBatch(repo.Ctx)
+	batchStdinWriter, batchReader, cancel, err := repo.CatFileBatch(repo.Ctx)
+	if err != nil {
+		return nil, err
+	}
 	defer cancel()
 
 	// We'll use a scanner for the revList because it's simpler than a bufio.Reader
diff --git a/modules/git/repo_base_nogogit.go b/modules/git/repo_base_nogogit.go
index bc241cdd795..3eb2e2ee6b2 100644
--- a/modules/git/repo_base_nogogit.go
+++ b/modules/git/repo_base_nogogit.go
@@ -25,15 +25,11 @@ type Repository struct {
 
 	gpgSettings *GPGSettings
 
-	batchInUse  bool
-	batchCancel context.CancelFunc
-	batchReader *bufio.Reader
-	batchWriter WriteCloserError
+	batchInUse bool
+	batch      *Batch
 
-	checkInUse  bool
-	checkCancel context.CancelFunc
-	checkReader *bufio.Reader
-	checkWriter WriteCloserError
+	checkInUse bool
+	check      *Batch
 
 	Ctx             context.Context
 	LastCommitCache *LastCommitCache
@@ -55,63 +51,75 @@ func OpenRepository(ctx context.Context, repoPath string) (*Repository, error) {
 		return nil, util.NewNotExistErrorf("no such file or directory")
 	}
 
-	// Now because of some insanity with git cat-file not immediately failing if not run in a valid git directory we need to run git rev-parse first!
-	if err := EnsureValidGitRepository(ctx, repoPath); err != nil {
-		return nil, err
-	}
-
-	repo := &Repository{
+	return &Repository{
 		Path:     repoPath,
 		tagCache: newObjectCache(),
 		Ctx:      ctx,
-	}
-
-	repo.batchWriter, repo.batchReader, repo.batchCancel = CatFileBatch(ctx, repoPath)
-	repo.checkWriter, repo.checkReader, repo.checkCancel = CatFileBatchCheck(ctx, repoPath)
-
-	return repo, nil
+	}, nil
 }
 
 // CatFileBatch obtains a CatFileBatch for this repository
-func (repo *Repository) CatFileBatch(ctx context.Context) (WriteCloserError, *bufio.Reader, func()) {
-	if repo.batchCancel == nil || repo.batchInUse {
-		log.Debug("Opening temporary cat file batch for: %s", repo.Path)
-		return CatFileBatch(ctx, repo.Path)
+func (repo *Repository) CatFileBatch(ctx context.Context) (WriteCloserError, *bufio.Reader, func(), error) {
+	if repo.batch == nil {
+		var err error
+		repo.batch, err = repo.NewBatch(ctx)
+		if err != nil {
+			return nil, nil, nil, err
+		}
 	}
-	repo.batchInUse = true
-	return repo.batchWriter, repo.batchReader, func() {
-		repo.batchInUse = false
+
+	if !repo.batchInUse {
+		repo.batchInUse = true
+		return repo.batch.Writer, repo.batch.Reader, func() {
+			repo.batchInUse = false
+		}, nil
 	}
+
+	log.Debug("Opening temporary cat file batch for: %s", repo.Path)
+	tempBatch, err := repo.NewBatch(ctx)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	return tempBatch.Writer, tempBatch.Reader, tempBatch.Close, nil
 }
 
 // CatFileBatchCheck obtains a CatFileBatchCheck for this repository
-func (repo *Repository) CatFileBatchCheck(ctx context.Context) (WriteCloserError, *bufio.Reader, func()) {
-	if repo.checkCancel == nil || repo.checkInUse {
-		log.Debug("Opening temporary cat file batch-check for: %s", repo.Path)
-		return CatFileBatchCheck(ctx, repo.Path)
+func (repo *Repository) CatFileBatchCheck(ctx context.Context) (WriteCloserError, *bufio.Reader, func(), error) {
+	if repo.check == nil {
+		var err error
+		repo.check, err = repo.NewBatchCheck(ctx)
+		if err != nil {
+			return nil, nil, nil, err
+		}
 	}
-	repo.checkInUse = true
-	return repo.checkWriter, repo.checkReader, func() {
-		repo.checkInUse = false
+
+	if !repo.checkInUse {
+		repo.checkInUse = true
+		return repo.check.Writer, repo.check.Reader, func() {
+			repo.checkInUse = false
+		}, nil
 	}
+
+	log.Debug("Opening temporary cat file batch-check for: %s", repo.Path)
+	tempBatchCheck, err := repo.NewBatchCheck(ctx)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	return tempBatchCheck.Writer, tempBatchCheck.Reader, tempBatchCheck.Close, nil
 }
 
 func (repo *Repository) Close() error {
 	if repo == nil {
 		return nil
 	}
-	if repo.batchCancel != nil {
-		repo.batchCancel()
-		repo.batchReader = nil
-		repo.batchWriter = nil
-		repo.batchCancel = nil
+	if repo.batch != nil {
+		repo.batch.Close()
+		repo.batch = nil
 		repo.batchInUse = false
 	}
-	if repo.checkCancel != nil {
-		repo.checkCancel()
-		repo.checkCancel = nil
-		repo.checkReader = nil
-		repo.checkWriter = nil
+	if repo.check != nil {
+		repo.check.Close()
+		repo.check = nil
 		repo.checkInUse = false
 	}
 	repo.LastCommitCache = nil
diff --git a/modules/git/repo_branch_nogogit.go b/modules/git/repo_branch_nogogit.go
index 63d0f7268a6..0d2efd4a6b4 100644
--- a/modules/git/repo_branch_nogogit.go
+++ b/modules/git/repo_branch_nogogit.go
@@ -22,9 +22,13 @@ func (repo *Repository) IsObjectExist(name string) bool {
 		return false
 	}
 
-	wr, rd, cancel := repo.CatFileBatchCheck(repo.Ctx)
+	wr, rd, cancel, err := repo.CatFileBatchCheck(repo.Ctx)
+	if err != nil {
+		log.Debug("Error writing to CatFileBatchCheck %v", err)
+		return false
+	}
 	defer cancel()
-	_, err := wr.Write([]byte(name + "\n"))
+	_, err = wr.Write([]byte(name + "\n"))
 	if err != nil {
 		log.Debug("Error writing to CatFileBatchCheck %v", err)
 		return false
@@ -39,9 +43,13 @@ func (repo *Repository) IsReferenceExist(name string) bool {
 		return false
 	}
 
-	wr, rd, cancel := repo.CatFileBatchCheck(repo.Ctx)
+	wr, rd, cancel, err := repo.CatFileBatchCheck(repo.Ctx)
+	if err != nil {
+		log.Debug("Error writing to CatFileBatchCheck %v", err)
+		return false
+	}
 	defer cancel()
-	_, err := wr.Write([]byte(name + "\n"))
+	_, err = wr.Write([]byte(name + "\n"))
 	if err != nil {
 		log.Debug("Error writing to CatFileBatchCheck %v", err)
 		return false
diff --git a/modules/git/repo_commit_nogogit.go b/modules/git/repo_commit_nogogit.go
index ae4c21aaa3d..f5ed282a45b 100644
--- a/modules/git/repo_commit_nogogit.go
+++ b/modules/git/repo_commit_nogogit.go
@@ -33,9 +33,12 @@ func (repo *Repository) ResolveReference(name string) (string, error) {
 
 // GetRefCommitID returns the last commit ID string of given reference (branch or tag).
 func (repo *Repository) GetRefCommitID(name string) (string, error) {
-	wr, rd, cancel := repo.CatFileBatchCheck(repo.Ctx)
+	wr, rd, cancel, err := repo.CatFileBatchCheck(repo.Ctx)
+	if err != nil {
+		return "", err
+	}
 	defer cancel()
-	_, err := wr.Write([]byte(name + "\n"))
+	_, err = wr.Write([]byte(name + "\n"))
 	if err != nil {
 		return "", err
 	}
@@ -61,12 +64,19 @@ func (repo *Repository) RemoveReference(name string) error {
 
 // IsCommitExist returns true if given commit exists in current repository.
 func (repo *Repository) IsCommitExist(name string) bool {
+	if err := ensureValidGitRepository(repo.Ctx, repo.Path); err != nil {
+		log.Error("IsCommitExist: %v", err)
+		return false
+	}
 	_, _, err := NewCommand(repo.Ctx, "cat-file", "-e").AddDynamicArguments(name).RunStdString(&RunOpts{Dir: repo.Path})
 	return err == nil
 }
 
 func (repo *Repository) getCommit(id ObjectID) (*Commit, error) {
-	wr, rd, cancel := repo.CatFileBatch(repo.Ctx)
+	wr, rd, cancel, err := repo.CatFileBatch(repo.Ctx)
+	if err != nil {
+		return nil, err
+	}
 	defer cancel()
 
 	_, _ = wr.Write([]byte(id.String() + "\n"))
@@ -143,7 +153,10 @@ func (repo *Repository) ConvertToGitID(commitID string) (ObjectID, error) {
 		}
 	}
 
-	wr, rd, cancel := repo.CatFileBatchCheck(repo.Ctx)
+	wr, rd, cancel, err := repo.CatFileBatchCheck(repo.Ctx)
+	if err != nil {
+		return nil, err
+	}
 	defer cancel()
 	_, err = wr.Write([]byte(commitID + "\n"))
 	if err != nil {
diff --git a/modules/git/repo_language_stats_nogogit.go b/modules/git/repo_language_stats_nogogit.go
index 318fc091ce3..de7707bd6cd 100644
--- a/modules/git/repo_language_stats_nogogit.go
+++ b/modules/git/repo_language_stats_nogogit.go
@@ -20,7 +20,10 @@ import (
 func (repo *Repository) GetLanguageStats(commitID string) (map[string]int64, error) {
 	// We will feed the commit IDs in order into cat-file --batch, followed by blobs as necessary.
 	// so let's create a batch stdin and stdout
-	batchStdinWriter, batchReader, cancel := repo.CatFileBatch(repo.Ctx)
+	batchStdinWriter, batchReader, cancel, err := repo.CatFileBatch(repo.Ctx)
+	if err != nil {
+		return nil, err
+	}
 	defer cancel()
 
 	writeID := func(id string) error {
diff --git a/modules/git/repo_tag_nogogit.go b/modules/git/repo_tag_nogogit.go
index cbab39f8c57..8b06a6a1c3c 100644
--- a/modules/git/repo_tag_nogogit.go
+++ b/modules/git/repo_tag_nogogit.go
@@ -31,9 +31,12 @@ func (repo *Repository) GetTags(skip, limit int) (tags []string, err error) {
 
 // GetTagType gets the type of the tag, either commit (simple) or tag (annotated)
 func (repo *Repository) GetTagType(id ObjectID) (string, error) {
-	wr, rd, cancel := repo.CatFileBatchCheck(repo.Ctx)
+	wr, rd, cancel, err := repo.CatFileBatchCheck(repo.Ctx)
+	if err != nil {
+		return "", err
+	}
 	defer cancel()
-	_, err := wr.Write([]byte(id.String() + "\n"))
+	_, err = wr.Write([]byte(id.String() + "\n"))
 	if err != nil {
 		return "", err
 	}
@@ -89,7 +92,10 @@ func (repo *Repository) getTag(tagID ObjectID, name string) (*Tag, error) {
 	}
 
 	// The tag is an annotated tag with a message.
-	wr, rd, cancel := repo.CatFileBatch(repo.Ctx)
+	wr, rd, cancel, err := repo.CatFileBatch(repo.Ctx)
+	if err != nil {
+		return nil, err
+	}
 	defer cancel()
 
 	if _, err := wr.Write([]byte(tagID.String() + "\n")); err != nil {
diff --git a/modules/git/repo_tree_nogogit.go b/modules/git/repo_tree_nogogit.go
index e82012de6f6..d74769ccb21 100644
--- a/modules/git/repo_tree_nogogit.go
+++ b/modules/git/repo_tree_nogogit.go
@@ -10,7 +10,10 @@ import (
 )
 
 func (repo *Repository) getTree(id ObjectID) (*Tree, error) {
-	wr, rd, cancel := repo.CatFileBatch(repo.Ctx)
+	wr, rd, cancel, err := repo.CatFileBatch(repo.Ctx)
+	if err != nil {
+		return nil, err
+	}
 	defer cancel()
 
 	_, _ = wr.Write([]byte(id.String() + "\n"))
diff --git a/modules/git/tree_entry_nogogit.go b/modules/git/tree_entry_nogogit.go
index 89244e27ee8..1c3bcd197a0 100644
--- a/modules/git/tree_entry_nogogit.go
+++ b/modules/git/tree_entry_nogogit.go
@@ -42,9 +42,13 @@ func (te *TreeEntry) Size() int64 {
 		return te.size
 	}
 
-	wr, rd, cancel := te.ptree.repo.CatFileBatchCheck(te.ptree.repo.Ctx)
+	wr, rd, cancel, err := te.ptree.repo.CatFileBatchCheck(te.ptree.repo.Ctx)
+	if err != nil {
+		log.Debug("error whilst reading size for %s in %s. Error: %v", te.ID.String(), te.ptree.repo.Path, err)
+		return 0
+	}
 	defer cancel()
-	_, err := wr.Write([]byte(te.ID.String() + "\n"))
+	_, err = wr.Write([]byte(te.ID.String() + "\n"))
 	if err != nil {
 		log.Debug("error whilst reading size for %s in %s. Error: %v", te.ID.String(), te.ptree.repo.Path, err)
 		return 0
diff --git a/modules/git/tree_nogogit.go b/modules/git/tree_nogogit.go
index e0a72de5b84..993b98edc29 100644
--- a/modules/git/tree_nogogit.go
+++ b/modules/git/tree_nogogit.go
@@ -33,7 +33,10 @@ func (t *Tree) ListEntries() (Entries, error) {
 	}
 
 	if t.repo != nil {
-		wr, rd, cancel := t.repo.CatFileBatch(t.repo.Ctx)
+		wr, rd, cancel, err := t.repo.CatFileBatch(t.repo.Ctx)
+		if err != nil {
+			return nil, err
+		}
 		defer cancel()
 
 		_, _ = wr.Write([]byte(t.ID.String() + "\n"))
diff --git a/modules/indexer/code/bleve/bleve.go b/modules/indexer/code/bleve/bleve.go
index 8056b58ec23..542bdfb5014 100644
--- a/modules/indexer/code/bleve/bleve.go
+++ b/modules/indexer/code/bleve/bleve.go
@@ -16,10 +16,10 @@ import (
 	"code.gitea.io/gitea/modules/analyze"
 	"code.gitea.io/gitea/modules/charset"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/gitrepo"
 	"code.gitea.io/gitea/modules/indexer/code/internal"
 	indexer_internal "code.gitea.io/gitea/modules/indexer/internal"
 	inner_bleve "code.gitea.io/gitea/modules/indexer/internal/bleve"
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/typesniffer"
@@ -189,21 +189,23 @@ func (b *Indexer) addDelete(filename string, repo *repo_model.Repository, batch
 func (b *Indexer) Index(ctx context.Context, repo *repo_model.Repository, sha string, changes *internal.RepoChanges) error {
 	batch := inner_bleve.NewFlushingBatch(b.inner.Indexer, maxBatchSize)
 	if len(changes.Updates) > 0 {
-		// Now because of some insanity with git cat-file not immediately failing if not run in a valid git directory we need to run git rev-parse first!
-		if err := git.EnsureValidGitRepository(ctx, repo.RepoPath()); err != nil {
-			log.Error("Unable to open git repo: %s for %-v: %v", repo.RepoPath(), repo, err)
+		r, err := gitrepo.OpenRepository(ctx, repo)
+		if err != nil {
 			return err
 		}
-
-		batchWriter, batchReader, cancel := git.CatFileBatch(ctx, repo.RepoPath())
-		defer cancel()
+		defer r.Close()
+		gitBatch, err := r.NewBatch(ctx)
+		if err != nil {
+			return err
+		}
+		defer gitBatch.Close()
 
 		for _, update := range changes.Updates {
-			if err := b.addUpdate(ctx, batchWriter, batchReader, sha, update, repo, batch); err != nil {
+			if err := b.addUpdate(ctx, gitBatch.Writer, gitBatch.Reader, sha, update, repo, batch); err != nil {
 				return err
 			}
 		}
-		cancel()
+		gitBatch.Close()
 	}
 	for _, filename := range changes.RemovedFilenames {
 		if err := b.addDelete(filename, repo, batch); err != nil {
diff --git a/modules/indexer/code/elasticsearch/elasticsearch.go b/modules/indexer/code/elasticsearch/elasticsearch.go
index e4622fd66ef..0bda180fac9 100644
--- a/modules/indexer/code/elasticsearch/elasticsearch.go
+++ b/modules/indexer/code/elasticsearch/elasticsearch.go
@@ -15,11 +15,11 @@ import (
 	"code.gitea.io/gitea/modules/analyze"
 	"code.gitea.io/gitea/modules/charset"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/gitrepo"
 	"code.gitea.io/gitea/modules/indexer/code/internal"
 	indexer_internal "code.gitea.io/gitea/modules/indexer/internal"
 	inner_elasticsearch "code.gitea.io/gitea/modules/indexer/internal/elasticsearch"
 	"code.gitea.io/gitea/modules/json"
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/typesniffer"
@@ -154,17 +154,19 @@ func (b *Indexer) addDelete(filename string, repo *repo_model.Repository) elasti
 func (b *Indexer) Index(ctx context.Context, repo *repo_model.Repository, sha string, changes *internal.RepoChanges) error {
 	reqs := make([]elastic.BulkableRequest, 0)
 	if len(changes.Updates) > 0 {
-		// Now because of some insanity with git cat-file not immediately failing if not run in a valid git directory we need to run git rev-parse first!
-		if err := git.EnsureValidGitRepository(ctx, repo.RepoPath()); err != nil {
-			log.Error("Unable to open git repo: %s for %-v: %v", repo.RepoPath(), repo, err)
+		r, err := gitrepo.OpenRepository(ctx, repo)
+		if err != nil {
 			return err
 		}
-
-		batchWriter, batchReader, cancel := git.CatFileBatch(ctx, repo.RepoPath())
-		defer cancel()
+		defer r.Close()
+		batch, err := r.NewBatch(ctx)
+		if err != nil {
+			return err
+		}
+		defer batch.Close()
 
 		for _, update := range changes.Updates {
-			updateReqs, err := b.addUpdate(ctx, batchWriter, batchReader, sha, update, repo)
+			updateReqs, err := b.addUpdate(ctx, batch.Writer, batch.Reader, sha, update, repo)
 			if err != nil {
 				return err
 			}
@@ -172,7 +174,7 @@ func (b *Indexer) Index(ctx context.Context, repo *repo_model.Repository, sha st
 				reqs = append(reqs, updateReqs...)
 			}
 		}
-		cancel()
+		batch.Close()
 	}
 
 	for _, filename := range changes.RemovedFilenames {

From d1426de1a4a1a52125a35c8e5d1d545c6b9f6f2b Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Wed, 21 Aug 2024 00:27:45 +0000
Subject: [PATCH 016/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_ru-RU.ini | 2 +-
 options/locale/locale_tr-TR.ini | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index b9c35331d05..27761374267 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -1117,7 +1117,7 @@ projects=Проекты
 packages=Пакеты
 actions=Действия
 labels=Метки
-org_labels_desc=Метки уровня организации, которые можно использовать с <strong>всеми репозиториями< / strong> в этой организации
+org_labels_desc=Метки уровня организации, которые можно использовать с <strong>всеми репозиториями</strong> в этой организации
 org_labels_desc_manage=управлять
 
 milestones=Этапы
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 868832948b0..0d15ac7f437 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -1217,7 +1217,7 @@ clear_ref='Geçerli referansı temizle'
 filter_branch_and_tag=Dal veya biçim imini filtrele
 find_tag=Etiketi bul
 branches=Dal
-tags=Etiket
+tags=Etiketler
 issues=Konular
 pulls=Değişiklik İstekleri
 projects=Projeler

From d158472a5a9ead8052095b153821a9f26c294452 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 21 Aug 2024 09:54:55 +0800
Subject: [PATCH 017/129] Don't return 500 if mirror url contains special chars
 (#31859)

Fix #31640
---
 routers/web/repo/setting/setting.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/routers/web/repo/setting/setting.go b/routers/web/repo/setting/setting.go
index 3f9140857ad..485bd927fa9 100644
--- a/routers/web/repo/setting/setting.go
+++ b/routers/web/repo/setting/setting.go
@@ -240,7 +240,8 @@ func SettingsPost(ctx *context.Context) {
 
 		remoteAddress, err := util.SanitizeURL(form.MirrorAddress)
 		if err != nil {
-			ctx.ServerError("SanitizeURL", err)
+			ctx.Data["Err_MirrorAddress"] = true
+			handleSettingRemoteAddrError(ctx, err, form)
 			return
 		}
 		pullMirror.RemoteAddress = remoteAddress
@@ -401,7 +402,8 @@ func SettingsPost(ctx *context.Context) {
 
 		remoteAddress, err := util.SanitizeURL(form.PushMirrorAddress)
 		if err != nil {
-			ctx.ServerError("SanitizeURL", err)
+			ctx.Data["Err_PushMirrorAddress"] = true
+			handleSettingRemoteAddrError(ctx, err, form)
 			return
 		}
 

From 40036b610224338ff730acb6e182aa8a6ebdb009 Mon Sep 17 00:00:00 2001
From: william-allspice <william@allspice.io>
Date: Wed, 21 Aug 2024 00:40:18 -0500
Subject: [PATCH 018/129] Move lock icon position and add additional tooltips
 to branch list page (#31839)

This Pull Request adds missing tool tips for the protected, copy, and rss icons on the branch list page. It also moved protected icon position after the branch name.
---
 templates/repo/branch/list.tmpl | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/templates/repo/branch/list.tmpl b/templates/repo/branch/list.tmpl
index dcfe0822764..3c8e5846d70 100644
--- a/templates/repo/branch/list.tmpl
+++ b/templates/repo/branch/list.tmpl
@@ -20,9 +20,11 @@
 						<tr>
 							<td>
 								<div class="flex-text-block">
-									{{if .DefaultBranchBranch.IsProtected}}{{svg "octicon-shield-lock"}}{{end}}
 									<a class="gt-ellipsis" href="{{.RepoLink}}/src/branch/{{PathEscapeSegments .DefaultBranchBranch.DBBranch.Name}}">{{.DefaultBranchBranch.DBBranch.Name}}</a>
-									<button class="btn interact-fg tw-px-1" data-clipboard-text="{{.DefaultBranchBranch.DBBranch.Name}}">{{svg "octicon-copy" 14}}</button>
+									{{if .DefaultBranchBranch.IsProtected}}
+										<span data-tooltip-content="{{ctx.Locale.Tr "repo.settings.protected_branch"}}">{{svg "octicon-shield-lock"}}</span>
+									{{end}}
+									<button class="btn interact-fg tw-px-1" data-clipboard-text="{{.DefaultBranchBranch.DBBranch.Name}}" data-tooltip-content="{{ctx.Locale.Tr "copy_branch"}}">{{svg "octicon-copy" 14}}</button>
 									{{template "repo/commit_statuses" dict "Status" (index $.CommitStatus .DefaultBranchBranch.DBBranch.CommitID) "Statuses" (index $.CommitStatuses .DefaultBranchBranch.DBBranch.CommitID)}}
 								</div>
 								<p class="info tw-flex tw-items-center tw-my-1">{{svg "octicon-git-commit" 16 "tw-mr-1"}}<a href="{{.RepoLink}}/commit/{{PathEscape .DefaultBranchBranch.DBBranch.CommitID}}">{{ShortSha .DefaultBranchBranch.DBBranch.CommitID}}</a> · <span class="commit-message">{{RenderCommitMessage $.Context .DefaultBranchBranch.DBBranch.CommitMessage (.Repository.ComposeMetas ctx)}}</span> · {{ctx.Locale.Tr "org.repo_updated"}} {{TimeSince .DefaultBranchBranch.DBBranch.CommitTime.AsTime ctx.Locale}}{{if .DefaultBranchBranch.DBBranch.Pusher}} &nbsp;{{template "shared/user/avatarlink" dict "user" .DefaultBranchBranch.DBBranch.Pusher}}{{template "shared/user/namelink" .DefaultBranchBranch.DBBranch.Pusher}}{{end}}</p>
@@ -39,7 +41,7 @@
 									</button>
 								{{end}}
 								{{if .EnableFeed}}
-									<a role="button" class="btn interact-bg tw-p-2" href="{{$.FeedURL}}/rss/branch/{{PathEscapeSegments .DefaultBranchBranch.DBBranch.Name}}">{{svg "octicon-rss"}}</a>
+									<a role="button" class="btn interact-bg tw-p-2" href="{{$.FeedURL}}/rss/branch/{{PathEscapeSegments .DefaultBranchBranch.DBBranch.Name}}" data-tooltip-content="{{ctx.Locale.Tr "rss_feed"}}">{{svg "octicon-rss"}}</a>
 								{{end}}
 								{{if not $.DisableDownloadSourceArchives}}
 									<div class="ui dropdown btn interact-bg tw-p-2" data-tooltip-content="{{ctx.Locale.Tr "repo.branch.download" ($.DefaultBranchBranch.DBBranch.Name)}}">
@@ -88,14 +90,16 @@
 							{{if .DBBranch.IsDeleted}}
 								<div class="flex-text-block">
 									<span class="gt-ellipsis">{{.DBBranch.Name}}</span>
-									<button class="btn interact-fg tw-px-1" data-clipboard-text="{{.DBBranch.Name}}">{{svg "octicon-copy" 14}}</button>
+									<button class="btn interact-fg tw-px-1" data-clipboard-text="{{.DBBranch.Name}}" data-tooltip-content="{{ctx.Locale.Tr "copy_branch"}}">{{svg "octicon-copy" 14}}</button>
 								</div>
 								<p class="info">{{ctx.Locale.Tr "repo.branch.deleted_by" .DBBranch.DeletedBy.Name}} {{TimeSinceUnix .DBBranch.DeletedUnix ctx.Locale}}</p>
 							{{else}}
 								<div class="flex-text-block">
-									{{if .IsProtected}}{{svg "octicon-shield-lock"}}{{end}}
 									<a class="gt-ellipsis" href="{{$.RepoLink}}/src/branch/{{PathEscapeSegments .DBBranch.Name}}">{{.DBBranch.Name}}</a>
-									<button class="btn interact-fg tw-px-1" data-clipboard-text="{{.DBBranch.Name}}">{{svg "octicon-copy" 14}}</button>
+									{{if .IsProtected}}
+										<span data-tooltip-content="{{ctx.Locale.Tr "repo.settings.protected_branch"}}">{{svg "octicon-shield-lock"}}</span>
+									{{end}}
+									<button class="btn interact-fg tw-px-1" data-clipboard-text="{{.DBBranch.Name}}" data-tooltip-content="{{ctx.Locale.Tr "copy_branch"}}">{{svg "octicon-copy" 14}}</button>
 									{{template "repo/commit_statuses" dict "Status" (index $.CommitStatus .DBBranch.CommitID) "Statuses" (index $.CommitStatuses .DBBranch.CommitID)}}
 								</div>
 								<p class="info tw-flex tw-items-center tw-my-1">{{svg "octicon-git-commit" 16 "tw-mr-1"}}<a href="{{$.RepoLink}}/commit/{{PathEscape .DBBranch.CommitID}}">{{ShortSha .DBBranch.CommitID}}</a> · <span class="commit-message">{{RenderCommitMessage $.Context .DBBranch.CommitMessage ($.Repository.ComposeMetas ctx)}}</span> · {{ctx.Locale.Tr "org.repo_updated"}} {{TimeSince .DBBranch.CommitTime.AsTime ctx.Locale}}{{if .DBBranch.Pusher}} &nbsp;{{template "shared/user/avatarlink" dict "user" .DBBranch.Pusher}} &nbsp;{{template "shared/user/namelink" .DBBranch.Pusher}}{{end}}</p>
@@ -156,7 +160,7 @@
 									</button>
 								{{end}}
 								{{if $.EnableFeed}}
-									<a role="button" class="btn interact-bg tw-p-2" href="{{$.FeedURL}}/rss/branch/{{PathEscapeSegments .DBBranch.Name}}">{{svg "octicon-rss"}}</a>
+									<a role="button" class="btn interact-bg tw-p-2" href="{{$.FeedURL}}/rss/branch/{{PathEscapeSegments .DBBranch.Name}}" data-tooltip-content="{{ctx.Locale.Tr "rss_feed"}}">{{svg "octicon-rss"}}</a>
 								{{end}}
 								{{if and (not .DBBranch.IsDeleted) (not $.DisableDownloadSourceArchives)}}
 									<div class="ui dropdown btn interact-bg tw-p-2" data-tooltip-content="{{ctx.Locale.Tr "repo.branch.download" (.DBBranch.Name)}}">

From 0299bb97f038685aee794a992fa4a9f5cf83652e Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 22 Aug 2024 05:05:48 +0800
Subject: [PATCH 019/129] Use correct function name (#31887)

---
 modules/migration/pullrequest.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/migration/pullrequest.go b/modules/migration/pullrequest.go
index 4e7500f0d67..1435991bd2a 100644
--- a/modules/migration/pullrequest.go
+++ b/modules/migration/pullrequest.go
@@ -45,7 +45,7 @@ func (p *PullRequest) GetContext() DownloaderContext { return p.Context }
 
 // IsForkPullRequest returns true if the pull request from a forked repository but not the same repository
 func (p *PullRequest) IsForkPullRequest() bool {
-	return p.Head.RepoPath() != p.Base.RepoPath()
+	return p.Head.RepoFullName() != p.Base.RepoFullName()
 }
 
 // GetGitRefName returns pull request relative path to head
@@ -62,8 +62,8 @@ type PullRequestBranch struct {
 	OwnerName string `yaml:"owner_name"`
 }
 
-// RepoPath returns pull request repo path
-func (p PullRequestBranch) RepoPath() string {
+// RepoFullName returns pull request repo full name
+func (p PullRequestBranch) RepoFullName() string {
 	return fmt.Sprintf("%s/%s", p.OwnerName, p.RepoName)
 }
 

From e0c27e59968f0ecc5e433617f303520fb765b06a Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Thu, 22 Aug 2024 00:27:44 +0000
Subject: [PATCH 020/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_pt-PT.ini | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 17a1e82ecc9..33b87267f90 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -628,6 +628,7 @@ org_still_own_repo=Esta organização ainda possui um ou mais repositórios, eli
 org_still_own_packages=Esta organização ainda possui um ou mais pacotes, elimine-os primeiro.
 
 target_branch_not_exist=O ramo de destino não existe.
+target_ref_not_exist=A referência de destino não existe %s
 
 admin_cannot_delete_self=Não se pode auto-remover quando tem privilégios de administração. Remova esses privilégios primeiro.
 
@@ -1273,6 +1274,7 @@ commit_graph.color=Colorido
 commit.contained_in=Este cometimento está contido em:
 commit.contained_in_default_branch=Este cometimento é parte do ramo principal
 commit.load_referencing_branches_and_tags=Carregar ramos e etiquetas que referenciem este cometimento
+commit.load_tags_failed=O carregamento das etiquetas falhou por causa de um erro interno
 blame=Responsabilidade
 download_file=Descarregar ficheiro
 normal_view=Vista normal
@@ -3700,6 +3702,11 @@ workflow.disable_success=A sequência de trabalho '%s' foi desabilitada com suce
 workflow.enable=Habilitar sequência de trabalho
 workflow.enable_success=A sequência de trabalho '%s' foi habilitada com sucesso.
 workflow.disabled=A sequência de trabalho está desabilitada.
+workflow.run=Executar sequência de trabalho
+workflow.not_found=A sequência de trabalho '%s' não foi encontrada.
+workflow.run_success=A sequência de trabalho '%s' foi executada com sucesso.
+workflow.from_ref=Usar sequência de trabalho de
+workflow.has_workflow_dispatch=Esta sequência de trabalho tem um despoletador de eventos workflow_dispatch.
 
 need_approval_desc=É necessária aprovação para executar sequências de trabalho para a derivação do pedido de integração.
 

From 5fd3b098a3e017245ecda96941ea0b58f48275a9 Mon Sep 17 00:00:00 2001
From: Yarden Shoham <git@yardenshoham.com>
Date: Fri, 23 Aug 2024 20:22:36 +0300
Subject: [PATCH 021/129] Bump relative-time-element to v4.4.3 (#31910)

All date-times work as before

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
---
 package-lock.json | 9 ++++-----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e3c3681781b..eb3ba5fb482 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
         "@citation-js/plugin-csl": "0.7.14",
         "@citation-js/plugin-software-formats": "0.6.1",
         "@github/markdown-toolbar-element": "2.2.3",
-        "@github/relative-time-element": "4.4.2",
+        "@github/relative-time-element": "4.4.3",
         "@github/text-expander-element": "2.7.1",
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.11.0",
@@ -1157,10 +1157,9 @@
       "license": "MIT"
     },
     "node_modules/@github/relative-time-element": {
-      "version": "4.4.2",
-      "resolved": "https://registry.npmjs.org/@github/relative-time-element/-/relative-time-element-4.4.2.tgz",
-      "integrity": "sha512-wTXunu3hmuGljA5CHaaoUIKV0oI35wno0FKJl2yqKplTRnsCA5bPNj4bDeVIubkuskql6jwionWLlGM1Y6QLaw==",
-      "license": "MIT"
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/@github/relative-time-element/-/relative-time-element-4.4.3.tgz",
+      "integrity": "sha512-EVKokqx9/DdUAZ2l9WVyY51EtRCO2gQWWMvsRIn7r4glJ91q9CXcnILVHZVCpfD52ucXUhUvtYsAjNJ4qP4uIg=="
     },
     "node_modules/@github/text-expander-element": {
       "version": "2.7.1",
diff --git a/package.json b/package.json
index 1785a66edf7..7d9e857e905 100644
--- a/package.json
+++ b/package.json
@@ -9,7 +9,7 @@
     "@citation-js/plugin-csl": "0.7.14",
     "@citation-js/plugin-software-formats": "0.6.1",
     "@github/markdown-toolbar-element": "2.2.3",
-    "@github/relative-time-element": "4.4.2",
+    "@github/relative-time-element": "4.4.3",
     "@github/text-expander-element": "2.7.1",
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.11.0",

From 10fd60412d7e39b5c5c7455ac609c19f5dce22b6 Mon Sep 17 00:00:00 2001
From: Saulius Gurklys <s4uliu5@gmail.com>
Date: Sat, 24 Aug 2024 13:07:16 +0300
Subject: [PATCH 022/129] Remove "dsa-1024" testcases from
 Test_SSHParsePublicKey and Test_calcFingerprint (#31905)

DSA is considered inherently insecure and is already disabled/removed in
OpenSSH 9.8.

Therefore "dsa-1024" tescases are failing.

```
--- FAIL: Test_calcFingerprint (0.02s)
    --- FAIL: Test_calcFingerprint/dsa-1024 (0.00s)
        --- FAIL: Test_calcFingerprint/dsa-1024/SSHKeygen (0.00s)
            ssh_key_test.go:196:
                        Error Trace:    /src/gitea/models/asymkey/ssh_key_test.go:196
                        Error:          Received unexpected error:
                                        Unable to verify key content [result: /tmp/gitea_keytest1239408114 is not a public key file.
                                        ]
                        Test:           Test_calcFingerprint/dsa-1024/SSHKeygen
            ssh_key_test.go:197:
                        Error Trace:    /src/gitea/models/asymkey/ssh_key_test.go:197
                        Error:          Not equal:
                                        expected: "SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc"
                                        actual  : ""

                                        Diff:
                                        --- Expected
                                        +++ Actual
                                        @@ -1 +1 @@
                                        -SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc
                                        +
                        Test:           Test_calcFingerprint/dsa-1024/SSHKeygen
FAIL
```

Fix #31624
---
 models/asymkey/ssh_key_test.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/models/asymkey/ssh_key_test.go b/models/asymkey/ssh_key_test.go
index 18c23dc78cb..3650f1892fc 100644
--- a/models/asymkey/ssh_key_test.go
+++ b/models/asymkey/ssh_key_test.go
@@ -28,7 +28,6 @@ func Test_SSHParsePublicKey(t *testing.T) {
 		length        int
 		content       string
 	}{
-		{"dsa-1024", false, "dsa", 1024, "ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment"},
 		{"rsa-1024", false, "rsa", 1024, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n"},
 		{"rsa-2048", false, "rsa", 2048, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMZXh+1OBUwSH9D45wTaxErQIN9IoC9xl7MKJkqvTvv6O5RR9YW/IK9FbfjXgXsppYGhsCZo1hFOOsXHMnfOORqu/xMDx4yPuyvKpw4LePEcg4TDipaDFuxbWOqc/BUZRZcXu41QAWfDLrInwsltWZHSeG7hjhpacl4FrVv9V1pS6Oc5Q1NxxEzTzuNLS/8diZrTm/YAQQ/+B+mzWI3zEtF4miZjjAljWd1LTBPvU23d29DcBmmFahcZ441XZsTeAwGxG/Q6j8NgNXj9WxMeWwxXV2jeAX/EBSpZrCVlCQ1yJswT6xCp8TuBnTiGWYMBNTbOZvPC4e0WI2/yZW/s5F nocomment"},
 		{"ecdsa-256", false, "ecdsa", 256, "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFQacN3PrOll7PXmN5B/ZNVahiUIqI05nbBlZk1KXsO3d06ktAWqbNflv2vEmA38bTFTfJ2sbn2B5ksT52cDDbA= nocomment"},
@@ -172,7 +171,6 @@ func Test_calcFingerprint(t *testing.T) {
 		fp            string
 		content       string
 	}{
-		{"dsa-1024", false, "SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc", "ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment"},
 		{"rsa-1024", false, "SHA256:vSnDkvRh/xM6kMxPidLgrUhq3mCN7CDaronCEm2joyQ", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n"},
 		{"rsa-2048", false, "SHA256:ZHD//a1b9VuTq9XSunAeYjKeU1xDa2tBFZYrFr2Okkg", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMZXh+1OBUwSH9D45wTaxErQIN9IoC9xl7MKJkqvTvv6O5RR9YW/IK9FbfjXgXsppYGhsCZo1hFOOsXHMnfOORqu/xMDx4yPuyvKpw4LePEcg4TDipaDFuxbWOqc/BUZRZcXu41QAWfDLrInwsltWZHSeG7hjhpacl4FrVv9V1pS6Oc5Q1NxxEzTzuNLS/8diZrTm/YAQQ/+B+mzWI3zEtF4miZjjAljWd1LTBPvU23d29DcBmmFahcZ441XZsTeAwGxG/Q6j8NgNXj9WxMeWwxXV2jeAX/EBSpZrCVlCQ1yJswT6xCp8TuBnTiGWYMBNTbOZvPC4e0WI2/yZW/s5F nocomment"},
 		{"ecdsa-256", false, "SHA256:Bqx/xgWqRKLtkZ0Lr4iZpgb+5lYsFpSwXwVZbPwuTRw", "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFQacN3PrOll7PXmN5B/ZNVahiUIqI05nbBlZk1KXsO3d06ktAWqbNflv2vEmA38bTFTfJ2sbn2B5ksT52cDDbA= nocomment"},

From 41d9eaa9c0bb23e30cfc20185aa2a94e8e294052 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Sun, 25 Aug 2024 00:30:57 +0000
Subject: [PATCH 023/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_ja-JP.ini | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 4fc06bc71a0..e7166e04dc9 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -2465,6 +2465,18 @@ settings.thread_id=スレッドID
 settings.matrix.homeserver_url=ホームサーバー URL
 settings.matrix.room_id=ルーム ID
 settings.matrix.message_type=メッセージ種別
+settings.visibility.private.button=プライベートにする
+settings.visibility.private.text=プライベートに変更した場合、リポジトリを許可されたメンバーのみが閲覧できるようにするだけでなく、フォーク、ウォッチャー、スターとの関係を解除する可能性もあります。
+settings.visibility.private.bullet_title=<strong>プライベートに変更すると:</strong>
+settings.visibility.private.bullet_one=リポジトリを許可されたメンバーのみが閲覧できるようにします。
+settings.visibility.private.bullet_two=<strong>フォーク</strong>、<strong>ウォッチャー</strong>、<strong>スター</strong>との関係を解除する可能性があります。
+settings.visibility.public.button=公開する
+settings.visibility.public.text=公開に変更すると、リポジトリを誰でも閲覧できるようにします。
+settings.visibility.public.bullet_title=<strong>公開に変更すると:</strong>
+settings.visibility.public.bullet_one=リポジトリを誰でも閲覧できるようにします。
+settings.visibility.success=リポジトリの公開設定を変更しました。
+settings.visibility.error=リポジトリの公開設定の変更中にエラーが発生しました。
+settings.visibility.fork_error=フォークされたリポジトリの公開設定は変更できません。
 settings.archive.button=アーカイブ
 settings.archive.header=このリポジトリをアーカイブ
 settings.archive.text=リポジトリをアーカイブするとリポジトリ全体が読み出し専用となります。 ダッシュボードにも表示されなくなります。 新たなコミット、あるいは、イシューやプルリクエストの作成は、誰もできなくなります (あなたでさえも!)。

From 725a3ed9ad110f8354303140f527326c64f42dc8 Mon Sep 17 00:00:00 2001
From: Zettat123 <zettat123@gmail.com>
Date: Mon, 26 Aug 2024 01:18:19 +0800
Subject: [PATCH 024/129] Handle "close" actionable references for manual
 merges (#31879)

Fix #31743
---
 services/pull/merge.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/services/pull/merge.go b/services/pull/merge.go
index e19292c31ca..eb67e069461 100644
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@@ -219,6 +219,10 @@ func Merge(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.U
 	// Reset cached commit count
 	cache.Remove(pr.Issue.Repo.GetCommitsCountCacheKey(pr.BaseBranch, true))
 
+	return handleCloseCrossReferences(ctx, pr, doer)
+}
+
+func handleCloseCrossReferences(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.User) error {
 	// Resolve cross references
 	refs, err := pr.ResolveCrossReferences(ctx)
 	if err != nil {
@@ -542,5 +546,6 @@ func MergedManually(ctx context.Context, pr *issues_model.PullRequest, doer *use
 
 	notify_service.MergePullRequest(baseGitRepo.Ctx, doer, pr)
 	log.Info("manuallyMerged[%d]: Marked as manually merged into %s/%s by commit id: %s", pr.ID, pr.BaseRepo.Name, pr.BaseBranch, commitID)
-	return nil
+
+	return handleCloseCrossReferences(ctx, pr, doer)
 }

From 40395ce582c681a9f55263dcaa5e8dc80e1c2c1b Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Sun, 25 Aug 2024 19:23:13 +0200
Subject: [PATCH 025/129] Update mermaid to v11 (#31913)

Update mermaid to
[v11](https://github.com/mermaid-js/mermaid/releases/tag/v11.0.0) and
enable the new [`suppressErrorRendering`
option](https://github.com/mermaid-js/mermaid/pull/4359) to ensure
mermaid never renders error elements into the DOM (we have per-chart
error rendering, so don't need it). Tested various chart types.

BTW, I was unable to reproduce that error rendering from mermaid with
`suppressErrorRendering: false` and I thought we had some CSS to hide
the error element, but I could not find it, not even in git history.
---
 package-lock.json            | 868 +++++++++--------------------------
 package.json                 |   2 +-
 web_src/js/markup/mermaid.ts |   1 +
 3 files changed, 211 insertions(+), 660 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index eb3ba5fb482..d469cc924c7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -34,7 +34,7 @@
         "jquery": "3.7.1",
         "katex": "0.16.11",
         "license-checker-webpack-plugin": "0.2.1",
-        "mermaid": "10.9.1",
+        "mermaid": "11.0.2",
         "mini-css-extract-plugin": "2.9.0",
         "minimatch": "10.0.1",
         "monaco-editor": "0.50.0",
@@ -318,11 +318,50 @@
       }
     },
     "node_modules/@braintree/sanitize-url": {
-      "version": "6.0.4",
-      "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-6.0.4.tgz",
-      "integrity": "sha512-s3jaWicZd0pkP0jf5ysyHUI/RE7MHos6qlToFcGWXVp+ykHOy77OUMrfbgJ9it2C5bow7OIQwYYaHjk9XlBQ2A==",
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-7.1.0.tgz",
+      "integrity": "sha512-o+UlMLt49RvtCASlOMW0AkHnabN9wR9rwCCherxO0yG4Npy34GkvrAqdXQvrhNs+jh+gkK8gB8Lf05qL/O7KWg==",
       "license": "MIT"
     },
+    "node_modules/@chevrotain/cst-dts-gen": {
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-11.0.3.tgz",
+      "integrity": "sha512-BvIKpRLeS/8UbfxXxgC33xOumsacaeCKAjAeLyOn7Pcp95HiRbrpl14S+9vaZLolnbssPIUuiUd8IvgkRyt6NQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@chevrotain/gast": "11.0.3",
+        "@chevrotain/types": "11.0.3",
+        "lodash-es": "4.17.21"
+      }
+    },
+    "node_modules/@chevrotain/gast": {
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-11.0.3.tgz",
+      "integrity": "sha512-+qNfcoNk70PyS/uxmj3li5NiECO+2YKZZQMbmjTqRI3Qchu8Hig/Q9vgkHpI3alNjr7M+a2St5pw5w5F6NL5/Q==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@chevrotain/types": "11.0.3",
+        "lodash-es": "4.17.21"
+      }
+    },
+    "node_modules/@chevrotain/regexp-to-ast": {
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-11.0.3.tgz",
+      "integrity": "sha512-1fMHaBZxLFvWI067AVbGJav1eRY7N8DDvYCTwGBiE/ytKBgP8azTdgyrKyWZ9Mfh09eHWb5PgTSO8wi7U824RA==",
+      "license": "Apache-2.0"
+    },
+    "node_modules/@chevrotain/types": {
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-11.0.3.tgz",
+      "integrity": "sha512-gsiM3G8b58kZC2HaWR50gu6Y1440cHiJ+i3JUvcp/35JchYejb2+5MVeJK0iKThYpAa/P2PYFV4hoi44HD+aHQ==",
+      "license": "Apache-2.0"
+    },
+    "node_modules/@chevrotain/utils": {
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-11.0.3.tgz",
+      "integrity": "sha512-YslZMgtJUyuMbZ+aKvfF3x1f5liK4mWNxghFRv7jqRR9C3R3fAOGTTKvxXDa2Y1s9zSbcpuO0cAxDYsc9SrXoQ==",
+      "license": "Apache-2.0"
+    },
     "node_modules/@citation-js/core": {
       "version": "0.7.14",
       "resolved": "https://registry.npmjs.org/@citation-js/core/-/core-0.7.14.tgz",
@@ -1464,6 +1503,15 @@
         "@mcaptcha/core-glue": "^0.1.0-alpha-5"
       }
     },
+    "node_modules/@mermaid-js/parser": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-0.2.0.tgz",
+      "integrity": "sha512-33dyFdhwsX9n4+E8SRj1ulxwAgwCj9RyCMtoqXD5cDfS9F6y9xmvmjFjHoPaViH4H7I7BXD8yP/XEWig5XrHSQ==",
+      "license": "MIT",
+      "dependencies": {
+        "langium": "3.0.0"
+      }
+    },
     "node_modules/@nodelib/fs.scandir": {
       "version": "2.1.5",
       "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
@@ -2445,36 +2493,6 @@
         "@types/tern": "*"
       }
     },
-    "node_modules/@types/d3-scale": {
-      "version": "4.0.8",
-      "resolved": "https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.8.tgz",
-      "integrity": "sha512-gkK1VVTr5iNiYJ7vWDI+yUFFlszhNMtVeneJ6lUTKPjprsvLLI9/tgEGiXJOnlINJA8FyA88gfnQsHbybVZrYQ==",
-      "license": "MIT",
-      "dependencies": {
-        "@types/d3-time": "*"
-      }
-    },
-    "node_modules/@types/d3-scale-chromatic": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@types/d3-scale-chromatic/-/d3-scale-chromatic-3.0.3.tgz",
-      "integrity": "sha512-laXM4+1o5ImZv3RpFAsTRn3TEkzqkytiOY0Dz0sq5cnd1dtNlk6sHLon4OvqaiJb28T0S/TdsBI3Sjsy+keJrw==",
-      "license": "MIT"
-    },
-    "node_modules/@types/d3-time": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.3.tgz",
-      "integrity": "sha512-2p6olUZ4w3s+07q3Tm2dbiMZy5pCDfYwtLXXHUnVzXgQlZ/OyPtUz6OL382BkOuGlLXqfT+wqv8Fw2v8/0geBw==",
-      "license": "MIT"
-    },
-    "node_modules/@types/debug": {
-      "version": "4.1.12",
-      "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz",
-      "integrity": "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==",
-      "license": "MIT",
-      "dependencies": {
-        "@types/ms": "*"
-      }
-    },
     "node_modules/@types/dropzone": {
       "version": "5.7.8",
       "resolved": "https://registry.npmjs.org/@types/dropzone/-/dropzone-5.7.8.tgz",
@@ -2567,21 +2585,6 @@
       "integrity": "sha512-a79Yc3TOk6dGdituy8hmTTJXjOkZ7zsFYV10L337ttq/rec8lRMDBpV7fL3uLx6TgbFCa5DU/h8FmIBQPSbU0w==",
       "license": "MIT"
     },
-    "node_modules/@types/mdast": {
-      "version": "3.0.15",
-      "resolved": "https://registry.npmjs.org/@types/mdast/-/mdast-3.0.15.tgz",
-      "integrity": "sha512-LnwD+mUEfxWMa1QpDraczIn6k0Ee3SMicuYSSzS6ZYl2gKS09EClnJYGd8Du6rfc5r/GZEk5o1mRb8TaTj03sQ==",
-      "license": "MIT",
-      "dependencies": {
-        "@types/unist": "^2"
-      }
-    },
-    "node_modules/@types/ms": {
-      "version": "0.7.34",
-      "resolved": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz",
-      "integrity": "sha512-nG96G3Wp6acyAgJqGasjODb+acrI7KltPiRxzHPXnP3NgI28bpQDRv53olbqGXbfcgF5aiiHmO3xpwEpS5Ld9g==",
-      "license": "MIT"
-    },
     "node_modules/@types/node": {
       "version": "22.1.0",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-22.1.0.tgz",
@@ -2687,12 +2690,6 @@
         "source-map": "^0.6.1"
       }
     },
-    "node_modules/@types/unist": {
-      "version": "2.0.10",
-      "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.10.tgz",
-      "integrity": "sha512-IfYcSBWE3hLpBg8+X2SEa8LVkJdJEkT2Ese2aaLs3ptGdVtABxndrMaxuFlQ1qdFf9Q5rDvDpxI3WwgvKFAsQA==",
-      "license": "MIT"
-    },
     "node_modules/@types/urijs": {
       "version": "1.19.25",
       "resolved": "https://registry.npmjs.org/@types/urijs/-/urijs-1.19.25.tgz",
@@ -4028,16 +4025,6 @@
         "url": "https://github.com/chalk/chalk?sponsor=1"
       }
     },
-    "node_modules/character-entities": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-2.0.2.tgz",
-      "integrity": "sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==",
-      "license": "MIT",
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/wooorm"
-      }
-    },
     "node_modules/chart.js": {
       "version": "4.4.3",
       "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.4.3.tgz",
@@ -4085,6 +4072,32 @@
         "node": ">= 16"
       }
     },
+    "node_modules/chevrotain": {
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.0.3.tgz",
+      "integrity": "sha512-ci2iJH6LeIkvP9eJW6gpueU8cnZhv85ELY8w8WiFtNjMHA5ad6pQLaJo9mEly/9qUyCpvqX8/POVUTf18/HFdw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@chevrotain/cst-dts-gen": "11.0.3",
+        "@chevrotain/gast": "11.0.3",
+        "@chevrotain/regexp-to-ast": "11.0.3",
+        "@chevrotain/types": "11.0.3",
+        "@chevrotain/utils": "11.0.3",
+        "lodash-es": "4.17.21"
+      }
+    },
+    "node_modules/chevrotain-allstar": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/chevrotain-allstar/-/chevrotain-allstar-0.3.1.tgz",
+      "integrity": "sha512-b7g+y9A0v4mxCW1qUhf3BSVPg+/NvGErk/dOkrDaHA0nQIQGAtrOjlX//9OQtRlSCy+x9rfB5N8yC71lH1nvMw==",
+      "license": "MIT",
+      "dependencies": {
+        "lodash-es": "^4.17.21"
+      },
+      "peerDependencies": {
+        "chevrotain": "^11.0.0"
+      }
+    },
     "node_modules/chokidar": {
       "version": "3.6.0",
       "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
@@ -5038,6 +5051,7 @@
       "version": "4.3.6",
       "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz",
       "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==",
+      "dev": true,
       "license": "MIT",
       "dependencies": {
         "ms": "2.1.2"
@@ -5051,19 +5065,6 @@
         }
       }
     },
-    "node_modules/decode-named-character-reference": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.0.2.tgz",
-      "integrity": "sha512-O8x12RzrUF8xyVcY0KJowWsmaJxQbmy0/EtnNtHRpsOcT7dFk5W598coHqBVpmWo1oQQfsCqfCmkZN5DJrZVdg==",
-      "license": "MIT",
-      "dependencies": {
-        "character-entities": "^2.0.0"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/wooorm"
-      }
-    },
     "node_modules/decode-uri-component": {
       "version": "0.2.2",
       "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.2.tgz",
@@ -5138,6 +5139,7 @@
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz",
       "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==",
+      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">=6"
@@ -5149,15 +5151,6 @@
       "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==",
       "license": "Apache-2.0"
     },
-    "node_modules/diff": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz",
-      "integrity": "sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A==",
-      "license": "BSD-3-Clause",
-      "engines": {
-        "node": ">=0.3.1"
-      }
-    },
     "node_modules/dir-glob": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
@@ -5299,12 +5292,6 @@
       "integrity": "sha512-orzA81VqLyIGUEA77YkVA1D+N+nNfl2isJVjjmOyrlxuooZ19ynb+dOlaDTqd/idKRS9lDCSBmtzM+kyCsMnkA==",
       "license": "ISC"
     },
-    "node_modules/elkjs": {
-      "version": "0.9.3",
-      "resolved": "https://registry.npmjs.org/elkjs/-/elkjs-0.9.3.tgz",
-      "integrity": "sha512-f/ZeWvW/BCXbhGEf1Ujp29EASo/lk1FDnETgNKwJrsVvGZhUWCZyg3xLJjAsxfOmt8KjswHmI5EwCQcPMpOYhQ==",
-      "license": "EPL-2.0"
-    },
     "node_modules/emoji-regex": {
       "version": "9.2.2",
       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
@@ -7493,6 +7480,12 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/hachure-fill": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/hachure-fill/-/hachure-fill-0.5.2.tgz",
+      "integrity": "sha512-3GKBOn+m2LX9iq+JC1064cSFprJY4jL1jCXTcpnfER5HYE2l/4EfWSGzkPa/ZDBmYI0ZOEj5VHV/eKnPGkHuOg==",
+      "license": "MIT"
+    },
     "node_modules/hammerjs": {
       "version": "2.0.8",
       "resolved": "https://registry.npmjs.org/hammerjs/-/hammerjs-2.0.8.tgz",
@@ -8248,15 +8241,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/kleur": {
-      "version": "4.1.5",
-      "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",
-      "integrity": "sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=6"
-      }
-    },
     "node_modules/known-css-properties": {
       "version": "0.34.0",
       "resolved": "https://registry.npmjs.org/known-css-properties/-/known-css-properties-0.34.0.tgz",
@@ -8264,6 +8248,22 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/langium": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/langium/-/langium-3.0.0.tgz",
+      "integrity": "sha512-+Ez9EoiByeoTu/2BXmEaZ06iPNXM6thWJp02KfBO/raSMyCJ4jw7AkWWa+zBCTm0+Tw1Fj9FOxdqSskyN5nAwg==",
+      "license": "MIT",
+      "dependencies": {
+        "chevrotain": "~11.0.3",
+        "chevrotain-allstar": "~0.3.0",
+        "vscode-languageserver": "~9.0.1",
+        "vscode-languageserver-textdocument": "~1.0.11",
+        "vscode-uri": "~3.0.8"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/language-subtag-registry": {
       "version": "0.3.23",
       "resolved": "https://registry.npmjs.org/language-subtag-registry/-/language-subtag-registry-0.3.23.tgz",
@@ -8724,43 +8724,6 @@
         "url": "https://github.com/sponsors/wooorm"
       }
     },
-    "node_modules/mdast-util-from-markdown": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/mdast-util-from-markdown/-/mdast-util-from-markdown-1.3.1.tgz",
-      "integrity": "sha512-4xTO/M8c82qBcnQc1tgpNtubGUW/Y1tBQ1B0i5CtSoelOLKFYlElIr3bvgREYYO5iRqbMY1YuqZng0GVOI8Qww==",
-      "license": "MIT",
-      "dependencies": {
-        "@types/mdast": "^3.0.0",
-        "@types/unist": "^2.0.0",
-        "decode-named-character-reference": "^1.0.0",
-        "mdast-util-to-string": "^3.1.0",
-        "micromark": "^3.0.0",
-        "micromark-util-decode-numeric-character-reference": "^1.0.0",
-        "micromark-util-decode-string": "^1.0.0",
-        "micromark-util-normalize-identifier": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.0",
-        "unist-util-stringify-position": "^3.0.0",
-        "uvu": "^0.5.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/unified"
-      }
-    },
-    "node_modules/mdast-util-to-string": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/mdast-util-to-string/-/mdast-util-to-string-3.2.0.tgz",
-      "integrity": "sha512-V4Zn/ncyN1QNSqSBxTrMOLpjr+IKdHl2v3KVLoWmDPscP4r9GcCi71gjgvUV1SFSKh92AjAG4peFuBl2/YgCJg==",
-      "license": "MIT",
-      "dependencies": {
-        "@types/mdast": "^3.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/unified"
-      }
-    },
     "node_modules/mdn-data": {
       "version": "2.0.30",
       "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.30.tgz",
@@ -8804,475 +8767,42 @@
       }
     },
     "node_modules/mermaid": {
-      "version": "10.9.1",
-      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.9.1.tgz",
-      "integrity": "sha512-Mx45Obds5W1UkW1nv/7dHRsbfMM1aOKA2+Pxs/IGHNonygDHwmng8xTHyS9z4KWVi0rbko8gjiBmuwwXQ7tiNA==",
+      "version": "11.0.2",
+      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.0.2.tgz",
+      "integrity": "sha512-KFM1o560odBHvXTTSx47ne/SE4aJKb2GbysHAVdQafIJtB6O3c0K4F+v3nC+zqS6CJhk7sXaagectNrTG+ARDw==",
       "license": "MIT",
       "dependencies": {
-        "@braintree/sanitize-url": "^6.0.1",
-        "@types/d3-scale": "^4.0.3",
-        "@types/d3-scale-chromatic": "^3.0.0",
-        "cytoscape": "^3.28.1",
+        "@braintree/sanitize-url": "^7.0.1",
+        "@mermaid-js/parser": "^0.2.0",
+        "cytoscape": "^3.29.2",
         "cytoscape-cose-bilkent": "^4.1.0",
-        "d3": "^7.4.0",
+        "d3": "^7.9.0",
         "d3-sankey": "^0.12.3",
         "dagre-d3-es": "7.0.10",
-        "dayjs": "^1.11.7",
-        "dompurify": "^3.0.5",
-        "elkjs": "^0.9.0",
+        "dayjs": "^1.11.10",
+        "dompurify": "^3.0.11",
         "katex": "^0.16.9",
-        "khroma": "^2.0.0",
+        "khroma": "^2.1.0",
         "lodash-es": "^4.17.21",
-        "mdast-util-from-markdown": "^1.3.0",
-        "non-layered-tidy-tree-layout": "^2.0.2",
-        "stylis": "^4.1.3",
+        "marked": "^13.0.2",
+        "roughjs": "^4.6.6",
+        "stylis": "^4.3.1",
         "ts-dedent": "^2.2.0",
-        "uuid": "^9.0.0",
-        "web-worker": "^1.2.0"
+        "uuid": "^9.0.1"
       }
     },
-    "node_modules/micromark": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/micromark/-/micromark-3.2.0.tgz",
-      "integrity": "sha512-uD66tJj54JLYq0De10AhWycZWGQNUvDI55xPgk2sQM5kn1JYlhbCMTtEeT27+vAhW2FBQxLlOmS3pmA7/2z4aA==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
+    "node_modules/mermaid/node_modules/marked": {
+      "version": "13.0.3",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-13.0.3.tgz",
+      "integrity": "sha512-rqRix3/TWzE9rIoFGIn8JmsVfhiuC8VIQ8IdX5TfzmeBucdY05/0UlzKaw0eVtpcN/OdVFpBk7CjKGo9iHJ/zA==",
       "license": "MIT",
-      "dependencies": {
-        "@types/debug": "^4.0.0",
-        "debug": "^4.0.0",
-        "decode-named-character-reference": "^1.0.0",
-        "micromark-core-commonmark": "^1.0.1",
-        "micromark-factory-space": "^1.0.0",
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-chunked": "^1.0.0",
-        "micromark-util-combine-extensions": "^1.0.0",
-        "micromark-util-decode-numeric-character-reference": "^1.0.0",
-        "micromark-util-encode": "^1.0.0",
-        "micromark-util-normalize-identifier": "^1.0.0",
-        "micromark-util-resolve-all": "^1.0.0",
-        "micromark-util-sanitize-uri": "^1.0.0",
-        "micromark-util-subtokenize": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.1",
-        "uvu": "^0.5.0"
+      "bin": {
+        "marked": "bin/marked.js"
+      },
+      "engines": {
+        "node": ">= 18"
       }
     },
-    "node_modules/micromark-core-commonmark": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-1.1.0.tgz",
-      "integrity": "sha512-BgHO1aRbolh2hcrzL2d1La37V0Aoz73ymF8rAcKnohLy93titmv62E0gP8Hrx9PKcKrqCZ1BbLGbP3bEhoXYlw==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "decode-named-character-reference": "^1.0.0",
-        "micromark-factory-destination": "^1.0.0",
-        "micromark-factory-label": "^1.0.0",
-        "micromark-factory-space": "^1.0.0",
-        "micromark-factory-title": "^1.0.0",
-        "micromark-factory-whitespace": "^1.0.0",
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-chunked": "^1.0.0",
-        "micromark-util-classify-character": "^1.0.0",
-        "micromark-util-html-tag-name": "^1.0.0",
-        "micromark-util-normalize-identifier": "^1.0.0",
-        "micromark-util-resolve-all": "^1.0.0",
-        "micromark-util-subtokenize": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.1",
-        "uvu": "^0.5.0"
-      }
-    },
-    "node_modules/micromark-factory-destination": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-1.1.0.tgz",
-      "integrity": "sha512-XaNDROBgx9SgSChd69pjiGKbV+nfHGDPVYFs5dOoDd7ZnMAE+Cuu91BCpsY8RT2NP9vo/B8pds2VQNCLiu0zhg==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-factory-label": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-factory-label/-/micromark-factory-label-1.1.0.tgz",
-      "integrity": "sha512-OLtyez4vZo/1NjxGhcpDSbHQ+m0IIGnT8BoPamh+7jVlzLJBH98zzuCoUeMxvM6WsNeh8wx8cKvqLiPHEACn0w==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.0",
-        "uvu": "^0.5.0"
-      }
-    },
-    "node_modules/micromark-factory-space": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-1.1.0.tgz",
-      "integrity": "sha512-cRzEj7c0OL4Mw2v6nwzttyOZe8XY/Z8G0rzmWQZTBi/jjwyw/U4uqKtUORXQrR5bAZZnbTI/feRV/R7hc4jQYQ==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-types": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-factory-title": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-factory-title/-/micromark-factory-title-1.1.0.tgz",
-      "integrity": "sha512-J7n9R3vMmgjDOCY8NPw55jiyaQnH5kBdV2/UXCtZIpnHH3P6nHUKaH7XXEYuWwx/xUJcawa8plLBEjMPU24HzQ==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-factory-space": "^1.0.0",
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-factory-whitespace": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-factory-whitespace/-/micromark-factory-whitespace-1.1.0.tgz",
-      "integrity": "sha512-v2WlmiymVSp5oMg+1Q0N1Lxmt6pMhIHD457whWM7/GUlEks1hI9xj5w3zbc4uuMKXGisksZk8DzP2UyGbGqNsQ==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-factory-space": "^1.0.0",
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-character": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-1.2.0.tgz",
-      "integrity": "sha512-lXraTwcX3yH/vMDaFWCQJP1uIszLVebzUa3ZHdrgxr7KEU/9mL4mVgCpGbyhvNLNlauROiNUq7WN5u7ndbY6xg==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-chunked": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-chunked/-/micromark-util-chunked-1.1.0.tgz",
-      "integrity": "sha512-Ye01HXpkZPNcV6FiyoW2fGZDUw4Yc7vT0E9Sad83+bEDiCJ1uXu0S3mr8WLpsz3HaG3x2q0HM6CTuPdcZcluFQ==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-symbol": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-classify-character": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-classify-character/-/micromark-util-classify-character-1.1.0.tgz",
-      "integrity": "sha512-SL0wLxtKSnklKSUplok1WQFoGhUdWYKggKUiqhX+Swala+BtptGCu5iPRc+xvzJ4PXE/hwM3FNXsfEVgoZsWbw==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-combine-extensions": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-combine-extensions/-/micromark-util-combine-extensions-1.1.0.tgz",
-      "integrity": "sha512-Q20sp4mfNf9yEqDL50WwuWZHUrCO4fEyeDCnMGmG5Pr0Cz15Uo7KBs6jq+dq0EgX4DPwwrh9m0X+zPV1ypFvUA==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-chunked": "^1.0.0",
-        "micromark-util-types": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-decode-numeric-character-reference": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-decode-numeric-character-reference/-/micromark-util-decode-numeric-character-reference-1.1.0.tgz",
-      "integrity": "sha512-m9V0ExGv0jB1OT21mrWcuf4QhP46pH1KkfWy9ZEezqHKAxkj4mPCy3nIH1rkbdMlChLHX531eOrymlwyZIf2iw==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-symbol": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-decode-string": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-decode-string/-/micromark-util-decode-string-1.1.0.tgz",
-      "integrity": "sha512-YphLGCK8gM1tG1bd54azwyrQRjCFcmgj2S2GoJDNnh4vYtnL38JS8M4gpxzOPNyHdNEpheyWXCTnnTDY3N+NVQ==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "decode-named-character-reference": "^1.0.0",
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-decode-numeric-character-reference": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-encode": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-encode/-/micromark-util-encode-1.1.0.tgz",
-      "integrity": "sha512-EuEzTWSTAj9PA5GOAs992GzNh2dGQO52UvAbtSOMvXTxv3Criqb6IOzJUBCmEqrrXSblJIJBbFFv6zPxpreiJw==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT"
-    },
-    "node_modules/micromark-util-html-tag-name": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-html-tag-name/-/micromark-util-html-tag-name-1.2.0.tgz",
-      "integrity": "sha512-VTQzcuQgFUD7yYztuQFKXT49KghjtETQ+Wv/zUjGSGBioZnkA4P1XXZPT1FHeJA6RwRXSF47yvJ1tsJdoxwO+Q==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT"
-    },
-    "node_modules/micromark-util-normalize-identifier": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-normalize-identifier/-/micromark-util-normalize-identifier-1.1.0.tgz",
-      "integrity": "sha512-N+w5vhqrBihhjdpM8+5Xsxy71QWqGn7HYNUvch71iV2PM7+E3uWGox1Qp90loa1ephtCxG2ftRV/Conitc6P2Q==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-symbol": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-resolve-all": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-resolve-all/-/micromark-util-resolve-all-1.1.0.tgz",
-      "integrity": "sha512-b/G6BTMSg+bX+xVCshPTPyAu2tmA0E4X98NSR7eIbeC6ycCqCeE7wjfDIgzEbkzdEVJXRtOG4FbEm/uGbCRouA==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-types": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-sanitize-uri": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-sanitize-uri/-/micromark-util-sanitize-uri-1.2.0.tgz",
-      "integrity": "sha512-QO4GXv0XZfWey4pYFndLUKEAktKkG5kZTdUNaTAkzbuJxn2tNBOr+QtxR2XpWaMhbImT2dPzyLrPXLlPhph34A==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-character": "^1.0.0",
-        "micromark-util-encode": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0"
-      }
-    },
-    "node_modules/micromark-util-subtokenize": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-subtokenize/-/micromark-util-subtokenize-1.1.0.tgz",
-      "integrity": "sha512-kUQHyzRoxvZO2PuLzMt2P/dwVsTiivCK8icYTeR+3WgbuPqfHgPPy7nFKbeqRivBvn/3N3GBiNC+JRTMSxEC7A==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "micromark-util-chunked": "^1.0.0",
-        "micromark-util-symbol": "^1.0.0",
-        "micromark-util-types": "^1.0.0",
-        "uvu": "^0.5.0"
-      }
-    },
-    "node_modules/micromark-util-symbol": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-1.1.0.tgz",
-      "integrity": "sha512-uEjpEYY6KMs1g7QfJ2eX1SQEV+ZT4rUD3UcF6l57acZvLNK7PBZL+ty82Z1qhK1/yXIY4bdx04FKMgR0g4IAag==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT"
-    },
-    "node_modules/micromark-util-types": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-1.1.0.tgz",
-      "integrity": "sha512-ukRBgie8TIAcacscVHSiddHjO4k/q3pnedmzMQ4iwDcK0FtFCohKOlFbaOL/mPgfnPsL3C1ZyxJa4sbWrBl3jg==",
-      "funding": [
-        {
-          "type": "GitHub Sponsors",
-          "url": "https://github.com/sponsors/unifiedjs"
-        },
-        {
-          "type": "OpenCollective",
-          "url": "https://opencollective.com/unified"
-        }
-      ],
-      "license": "MIT"
-    },
     "node_modules/micromatch": {
       "version": "4.0.7",
       "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz",
@@ -9409,19 +8939,11 @@
       "integrity": "sha512-iSAJLHYKnX41mKcJKjqvnAN9sf0LMDTXDEvFv+ffuRR9a1MIuXLjMNL6EsnDHSkKLTWNqQQ5uo61P4EbU4NU+Q==",
       "license": "BSD-3-Clause"
     },
-    "node_modules/mri": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/mri/-/mri-1.2.0.tgz",
-      "integrity": "sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/ms": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
       "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
+      "dev": true,
       "license": "MIT"
     },
     "node_modules/mz": {
@@ -9550,12 +9072,6 @@
         "node": ">=12.4.0"
       }
     },
-    "node_modules/non-layered-tidy-tree-layout": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/non-layered-tidy-tree-layout/-/non-layered-tidy-tree-layout-2.0.2.tgz",
-      "integrity": "sha512-gkXMxRzUH+PB0ax9dUN0yYF0S25BqeAYqhgMaLUFmpXLEk7Fcu8f4emJuOAY0V8kjDICxROIKsTAKsV/v355xw==",
-      "license": "MIT"
-    },
     "node_modules/normalize-package-data": {
       "version": "2.5.0",
       "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz",
@@ -9841,6 +9357,12 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/path-data-parser": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/path-data-parser/-/path-data-parser-0.1.0.tgz",
+      "integrity": "sha512-NOnmBpt5Y2RWbuv0LMzsayp3lVylAHLPUTut412ZA3l+C4uw4ZVkQbjShYCQ8TCpUMdPapr4YjUqLYD6v68j+w==",
+      "license": "MIT"
+    },
     "node_modules/path-exists": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
@@ -10065,6 +9587,22 @@
         "node": ">=4"
       }
     },
+    "node_modules/points-on-curve": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/points-on-curve/-/points-on-curve-0.2.0.tgz",
+      "integrity": "sha512-0mYKnYYe9ZcqMCWhUjItv/oHjvgEsfKvnUTg8sAtnHr3GVy7rGkXCb6d5cSyqrWqL4k81b9CPg3urd+T7aop3A==",
+      "license": "MIT"
+    },
+    "node_modules/points-on-path": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/points-on-path/-/points-on-path-0.2.1.tgz",
+      "integrity": "sha512-25ClnWWuw7JbWZcgqY/gJ4FQWadKxGWk+3kR/7kD0tCaDtPPMj7oHu2ToLaVhfpnHrZzYby2w6tUA0eOIuUg8g==",
+      "license": "MIT",
+      "dependencies": {
+        "path-data-parser": "0.1.0",
+        "points-on-curve": "0.2.0"
+      }
+    },
     "node_modules/pony-cause": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/pony-cause/-/pony-cause-1.1.1.tgz",
@@ -10879,6 +10417,18 @@
         "fsevents": "~2.3.2"
       }
     },
+    "node_modules/roughjs": {
+      "version": "4.6.6",
+      "resolved": "https://registry.npmjs.org/roughjs/-/roughjs-4.6.6.tgz",
+      "integrity": "sha512-ZUz/69+SYpFN/g/lUlo2FXcIjRkSu3nDarreVdGGndHEBJ6cXPdKguS8JGxwj5HA5xIbVKSmLgr5b3AWxtRfvQ==",
+      "license": "MIT",
+      "dependencies": {
+        "hachure-fill": "^0.5.2",
+        "path-data-parser": "^0.1.0",
+        "points-on-curve": "^0.2.0",
+        "points-on-path": "^0.2.1"
+      }
+    },
     "node_modules/run-con": {
       "version": "1.3.2",
       "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.3.2.tgz",
@@ -10924,18 +10474,6 @@
       "integrity": "sha512-PdhdWy89SiZogBLaw42zdeqtRJ//zFd2PgQavcICDUgJT5oW10QCRKbJ6bg4r0/UY2M6BWd5tkxuGFRvCkgfHQ==",
       "license": "BSD-3-Clause"
     },
-    "node_modules/sade": {
-      "version": "1.8.1",
-      "resolved": "https://registry.npmjs.org/sade/-/sade-1.8.1.tgz",
-      "integrity": "sha512-xal3CZX1Xlo/k4ApwCFrHVACi9fBqJ7V+mwhBsuf/1IOKbBy098Fex+Wa/5QMubw09pSZ/u8EY8PWgevJsXp1A==",
-      "license": "MIT",
-      "dependencies": {
-        "mri": "^1.1.0"
-      },
-      "engines": {
-        "node": ">=6"
-      }
-    },
     "node_modules/safe-buffer": {
       "version": "5.2.1",
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@@ -12349,19 +11887,6 @@
       "integrity": "sha512-xtFJHudx8S2DSoujjMd1WeWvn7KKWFRESZTMeL1RptAYERu29D6jphMjjY+vn96jvN3kVPDNxU/E13VTaXj6jg==",
       "license": "MIT"
     },
-    "node_modules/unist-util-stringify-position": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-3.0.3.tgz",
-      "integrity": "sha512-k5GzIBZ/QatR8N5X2y+drfpWG8IDBzdnVj6OInRNWm1oXrzydiaAT2OQiA8DPRRZyAKb9b6I2a6PxYklZD0gKg==",
-      "license": "MIT",
-      "dependencies": {
-        "@types/unist": "^2.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/unified"
-      }
-    },
     "node_modules/universalify": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
@@ -12460,24 +11985,6 @@
         "uuid": "dist/bin/uuid"
       }
     },
-    "node_modules/uvu": {
-      "version": "0.5.6",
-      "resolved": "https://registry.npmjs.org/uvu/-/uvu-0.5.6.tgz",
-      "integrity": "sha512-+g8ENReyr8YsOc6fv/NVJs2vFdHBnBNdfE49rshrTzDWOlUx4Gq7KOS2GD8eqhy2j+Ejq29+SbKH8yjkAqXqoA==",
-      "license": "MIT",
-      "dependencies": {
-        "dequal": "^2.0.0",
-        "diff": "^5.0.0",
-        "kleur": "^4.0.3",
-        "sade": "^1.7.3"
-      },
-      "bin": {
-        "uvu": "bin.js"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/validate-npm-package-license": {
       "version": "3.0.4",
       "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz",
@@ -12724,6 +12231,55 @@
         "@jridgewell/sourcemap-codec": "^1.5.0"
       }
     },
+    "node_modules/vscode-jsonrpc": {
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz",
+      "integrity": "sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/vscode-languageserver": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/vscode-languageserver/-/vscode-languageserver-9.0.1.tgz",
+      "integrity": "sha512-woByF3PDpkHFUreUa7Hos7+pUWdeWMXRd26+ZX2A8cFx6v/JPTtd4/uN0/jB6XQHYaOlHbio03NTHCqrgG5n7g==",
+      "license": "MIT",
+      "dependencies": {
+        "vscode-languageserver-protocol": "3.17.5"
+      },
+      "bin": {
+        "installServerIntoExtension": "bin/installServerIntoExtension"
+      }
+    },
+    "node_modules/vscode-languageserver-protocol": {
+      "version": "3.17.5",
+      "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.5.tgz",
+      "integrity": "sha512-mb1bvRJN8SVznADSGWM9u/b07H7Ecg0I3OgXDuLdn307rl/J3A9YD6/eYOssqhecL27hK1IPZAsaqh00i/Jljg==",
+      "license": "MIT",
+      "dependencies": {
+        "vscode-jsonrpc": "8.2.0",
+        "vscode-languageserver-types": "3.17.5"
+      }
+    },
+    "node_modules/vscode-languageserver-textdocument": {
+      "version": "1.0.12",
+      "resolved": "https://registry.npmjs.org/vscode-languageserver-textdocument/-/vscode-languageserver-textdocument-1.0.12.tgz",
+      "integrity": "sha512-cxWNPesCnQCcMPeenjKKsOCKQZ/L6Tv19DTRIGuLWe32lyzWhihGVJ/rcckZXJxfdKCFvRLS3fpBIsV/ZGX4zA==",
+      "license": "MIT"
+    },
+    "node_modules/vscode-languageserver-types": {
+      "version": "3.17.5",
+      "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz",
+      "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg==",
+      "license": "MIT"
+    },
+    "node_modules/vscode-uri": {
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/vscode-uri/-/vscode-uri-3.0.8.tgz",
+      "integrity": "sha512-AyFQ0EVmsOZOlAnxoFOGOq1SQDWAB7C6aqMGS23svWAllfOaxbuFvcT8D1i8z3Gyn8fraVeZNNmN6e9bxxXkKw==",
+      "license": "MIT"
+    },
     "node_modules/vue": {
       "version": "3.4.35",
       "resolved": "https://registry.npmjs.org/vue/-/vue-3.4.35.tgz",
@@ -12855,12 +12411,6 @@
         "node": ">=10.13.0"
       }
     },
-    "node_modules/web-worker": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/web-worker/-/web-worker-1.3.0.tgz",
-      "integrity": "sha512-BSR9wyRsy/KOValMgd5kMyr3JzpdeoR9KVId8u5GVlTTAtNChlsE4yTxeY7zMdNSyOmoKBv8NH2qeRY9Tg+IaA==",
-      "license": "Apache-2.0"
-    },
     "node_modules/webidl-conversions": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-7.0.0.tgz",
diff --git a/package.json b/package.json
index 7d9e857e905..9d3556475ee 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
     "jquery": "3.7.1",
     "katex": "0.16.11",
     "license-checker-webpack-plugin": "0.2.1",
-    "mermaid": "10.9.1",
+    "mermaid": "11.0.2",
     "mini-css-extract-plugin": "2.9.0",
     "minimatch": "10.0.1",
     "monaco-editor": "0.50.0",
diff --git a/web_src/js/markup/mermaid.ts b/web_src/js/markup/mermaid.ts
index da07161ed12..f2754e659ba 100644
--- a/web_src/js/markup/mermaid.ts
+++ b/web_src/js/markup/mermaid.ts
@@ -20,6 +20,7 @@ export async function renderMermaid() {
     startOnLoad: false,
     theme: isDarkTheme() ? 'dark' : 'neutral',
     securityLevel: 'strict',
+    suppressErrorRendering: true,
   });
 
   for (const el of els) {

From d477dd5e8897eea642100f247ddab5654012b62b Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Mon, 26 Aug 2024 00:28:33 +0000
Subject: [PATCH 026/129] [skip ci] Updated licenses and gitignores

---
 options/license/DocBook-Schema  | 22 ++++++++
 options/license/DocBook-XML     | 48 +++++++++++++++++
 options/license/Ubuntu-font-1.0 | 96 +++++++++++++++++++++++++++++++++
 3 files changed, 166 insertions(+)
 create mode 100644 options/license/DocBook-Schema
 create mode 100644 options/license/DocBook-XML
 create mode 100644 options/license/Ubuntu-font-1.0

diff --git a/options/license/DocBook-Schema b/options/license/DocBook-Schema
new file mode 100644
index 00000000000..56203a0878d
--- /dev/null
+++ b/options/license/DocBook-Schema
@@ -0,0 +1,22 @@
+Copyright 1992-2011 HaL Computer Systems, Inc.,
+O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+Corporation, Norman Walsh, Sun Microsystems, Inc., and the
+Organization for the Advancement of Structured Information
+Standards (OASIS).
+ 
+Permission to use, copy, modify and distribute the DocBook schema
+and its accompanying documentation for any purpose and without fee
+is hereby granted in perpetuity, provided that the above copyright
+notice and this paragraph appear in all copies. The copyright
+holders make no representation about the suitability of the schema
+for any purpose. It is provided "as is" without expressed or implied
+warranty.
+ 
+If you modify the DocBook schema in any way, label your schema as a
+variant of DocBook. See the reference documentation
+(http://docbook.org/tdg5/en/html/ch05.html#s-notdocbook)
+for more information.
+ 
+Please direct all questions, bug reports, or suggestions for changes
+to the docbook@lists.oasis-open.org mailing list. For more
+information, see http://www.oasis-open.org/docbook/.
diff --git a/options/license/DocBook-XML b/options/license/DocBook-XML
new file mode 100644
index 00000000000..9553feee6b0
--- /dev/null
+++ b/options/license/DocBook-XML
@@ -0,0 +1,48 @@
+Copyright
+---------
+Copyright (C) 1999-2007 Norman Walsh
+Copyright (C) 2003 Jiří Kosek
+Copyright (C) 2004-2007 Steve Ball
+Copyright (C) 2005-2014 The DocBook Project
+Copyright (C) 2011-2012 O'Reilly Media
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the ``Software''), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+Except as contained in this notice, the names of individuals
+credited with contribution to this software shall not be used in
+advertising or otherwise to promote the sale, use or other
+dealings in this Software without prior written authorization
+from the individuals in question.
+
+Any stylesheet derived from this Software that is publically
+distributed will be identified with a different name and the
+version strings in any derived Software will be changed so that
+no possibility of confusion between the derived package and this
+Software will exist.
+
+Warranty
+--------
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT.  IN NO EVENT SHALL NORMAN WALSH OR ANY OTHER
+CONTRIBUTOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Contacting the Author
+---------------------
+The DocBook XSL stylesheets are maintained by Norman Walsh,
+<ndw@nwalsh.com>, and members of the DocBook Project,
+<docbook-developers@sf.net>
diff --git a/options/license/Ubuntu-font-1.0 b/options/license/Ubuntu-font-1.0
new file mode 100644
index 00000000000..ae78a8f94ea
--- /dev/null
+++ b/options/license/Ubuntu-font-1.0
@@ -0,0 +1,96 @@
+-------------------------------
+UBUNTU FONT LICENCE Version 1.0
+-------------------------------
+
+PREAMBLE
+This licence allows the licensed fonts to be used, studied, modified and
+redistributed freely. The fonts, including any derivative works, can be
+bundled, embedded, and redistributed provided the terms of this licence
+are met. The fonts and derivatives, however, cannot be released under
+any other licence. The requirement for fonts to remain under this
+licence does not require any document created using the fonts or their
+derivatives to be published under this licence, as long as the primary
+purpose of the document is not to be a vehicle for the distribution of
+the fonts.
+
+DEFINITIONS
+"Font Software" refers to the set of files released by the Copyright
+Holder(s) under this licence and clearly marked as such. This may
+include source files, build scripts and documentation.
+
+"Original Version" refers to the collection of Font Software components
+as received under this licence.
+
+"Modified Version" refers to any derivative made by adding to, deleting,
+or substituting -- in part or in whole -- any of the components of the
+Original Version, by changing formats or by porting the Font Software to
+a new environment.
+
+"Copyright Holder(s)" refers to all individuals and companies who have a
+copyright ownership of the Font Software.
+
+"Substantially Changed" refers to Modified Versions which can be easily
+identified as dissimilar to the Font Software by users of the Font
+Software comparing the Original Version with the Modified Version.
+
+To "Propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification and with or without charging
+a redistribution fee), making available to the public, and in some
+countries other activities as well.
+
+PERMISSION & CONDITIONS
+This licence does not grant any rights under trademark law and all such
+rights are reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of the Font Software, to propagate the Font Software, subject to
+the below conditions:
+
+1) Each copy of the Font Software must contain the above copyright
+notice and this licence. These can be included either as stand-alone
+text files, human-readable headers or in the appropriate machine-
+readable metadata fields within text or binary files as long as those
+fields can be easily viewed by the user.
+
+2) The font name complies with the following:
+(a) The Original Version must retain its name, unmodified.
+(b) Modified Versions which are Substantially Changed must be renamed to
+avoid use of the name of the Original Version or similar names entirely.
+(c) Modified Versions which are not Substantially Changed must be
+renamed to both (i) retain the name of the Original Version and (ii) add
+additional naming elements to distinguish the Modified Version from the
+Original Version. The name of such Modified Versions must be the name of
+the Original Version, with "derivative X" where X represents the name of
+the new work, appended to that name.
+
+3) The name(s) of the Copyright Holder(s) and any contributor to the
+Font Software shall not be used to promote, endorse or advertise any
+Modified Version, except (i) as required by this licence, (ii) to
+acknowledge the contribution(s) of the Copyright Holder(s) or (iii) with
+their explicit written permission.
+
+4) The Font Software, modified or unmodified, in part or in whole, must
+be distributed entirely under this licence, and must not be distributed
+under any other licence. The requirement for fonts to remain under this
+licence does not affect any document created using the Font Software,
+except any version of the Font Software extracted from a document
+created using the Font Software may only be distributed under this
+licence.
+
+TERMINATION
+This licence becomes null and void if any of the above conditions are
+not met.
+
+DISCLAIMER
+THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF
+COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM OTHER
+DEALINGS IN THE FONT SOFTWARE.

From 1e4be0945b466a17cd98b5aed19faf6caad12fb4 Mon Sep 17 00:00:00 2001
From: Jason Song <i@wolfogre.com>
Date: Mon, 26 Aug 2024 22:27:57 +0800
Subject: [PATCH 027/129] Introduce globallock as distributed locks (#31908)

To help #31813, but do not replace it, since this PR just introduces the
new module but misses some work:

- New option in settings. `#31813` has done it.
- Use the locks in business logic. `#31813` has done it.

So I think the most efficient way is to merge this PR first (if it's
acceptable) and then finish #31813.

## Design principles

### Use spinlock even in memory implementation

In actual use cases, users may cancel requests. `sync.Mutex` will block
the goroutine until the lock is acquired even if the request is
canceled. And the spinlock is more suitable for this scenario since it's
possible to give up the lock acquisition.

Although the spinlock consumes more CPU resources, I think it's
acceptable in most cases.

### Do not expose the mutex to callers

If we expose the mutex to callers, it's possible for callers to reuse
the mutex, which causes more complexity.

For example:
```go
lock := GetLocker(key)
lock.Lock()
// ...
// even if the lock is unlocked, we cannot GC the lock,
// since the caller may still use it again.
lock.Unlock()
lock.Lock()
// ...
lock.Unlock()

// callers have to GC the lock manually.
RemoveLocker(key)
```

That's why
https://github.com/go-gitea/gitea/pull/31813#discussion_r1721200549

In this PR, we only expose `ReleaseFunc` to callers. So callers just
need to call `ReleaseFunc` to release the lock, and do not need to care
about the lock's lifecycle.
```go
_, release, err := locker.Lock(ctx, key)
if err != nil {
    return err
}
// ...
release()

// if callers want to lock again, they have to re-acquire the lock.
_, release, err := locker.Lock(ctx, key)
// ...
```

In this way, it's also much easier for redis implementation to extend
the mutex automatically, so that callers do not need to care about the
lock's lifecycle. See also
https://github.com/go-gitea/gitea/pull/31813#discussion_r1722659743

### Use "release" instead of "unlock"

For "unlock", it has the meaning of "unlock an acquired lock". So it's
not acceptable to call "unlock" when failed to acquire the lock, or call
"unlock" multiple times. It causes more complexity for callers to decide
whether to call "unlock" or not.

So we use "release" instead of "unlock" to make it clear. Whether the
lock is acquired or not, callers can always call "release", and it's
also safe to call "release" multiple times.

But the code DO NOT expect callers to not call "release" after acquiring
the lock. If callers forget to call "release", it will cause resource
leak. That's why it's always safe to call "release" without extra
checks: to avoid callers to forget to call it.

### Acquired locks could be lost

Unlike `sync.Mutex` which will be locked forever once acquired until
calling `Unlock`, in the new module, the acquired lock could be lost.

For example, the caller has acquired the lock, and it holds the lock for
a long time since auto-extending is working for redis. However, it lost
the connection to the redis server, and it's impossible to extend the
lock anymore.

If the caller don't stop what it's doing, another instance which can
connect to the redis server could acquire the lock, and do the same
thing, which could cause data inconsistency.

So the caller should know what happened, the solution is to return a new
context which will be canceled if the lock is lost or released:

```go
ctx, release, err := locker.Lock(ctx, key)
if err != nil {
    return err
}
defer release()
// ...
DoSomething(ctx)

// the lock is lost now, then ctx has been canceled.

// Failed, since ctx has been canceled.
DoSomethingElse(ctx)
```

### Multiple ways to use the lock

1. Regular way

```go
ctx, release, err := Lock(ctx, key)
if err != nil {
    return err
}
defer release()
// ...
```

2. Early release

```go
ctx, release, err := Lock(ctx, key)
if err != nil {
    return err
}
defer release()
// ...
// release the lock earlier and reset the context back
ctx = release()
// continue to do something else
// ...
```

3. Functional way

```go
if err := LockAndDo(ctx, key, func(ctx context.Context) error {
    // ...
    return nil
}); err != nil {
    return err
}
```
---
 go.mod                                |   3 +
 go.sum                                |  19 +++
 modules/globallock/globallock.go      |  66 ++++++++
 modules/globallock/globallock_test.go |  96 ++++++++++++
 modules/globallock/locker.go          |  60 ++++++++
 modules/globallock/locker_test.go     | 211 ++++++++++++++++++++++++++
 modules/globallock/memory_locker.go   |  80 ++++++++++
 modules/globallock/redis_locker.go    | 154 +++++++++++++++++++
 8 files changed, 689 insertions(+)
 create mode 100644 modules/globallock/globallock.go
 create mode 100644 modules/globallock/globallock_test.go
 create mode 100644 modules/globallock/locker.go
 create mode 100644 modules/globallock/locker_test.go
 create mode 100644 modules/globallock/memory_locker.go
 create mode 100644 modules/globallock/redis_locker.go

diff --git a/go.mod b/go.mod
index f5c189893f4..69695fa1787 100644
--- a/go.mod
+++ b/go.mod
@@ -49,6 +49,7 @@ require (
 	github.com/go-git/go-billy/v5 v5.5.0
 	github.com/go-git/go-git/v5 v5.12.0
 	github.com/go-ldap/ldap/v3 v3.4.6
+	github.com/go-redsync/redsync/v4 v4.13.0
 	github.com/go-sql-driver/mysql v1.8.1
 	github.com/go-swagger/go-swagger v0.31.0
 	github.com/go-testfixtures/testfixtures/v3 v3.11.0
@@ -218,7 +219,9 @@ require (
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
diff --git a/go.sum b/go.sum
index f1780fada79..510ef8479de 100644
--- a/go.sum
+++ b/go.sum
@@ -342,6 +342,14 @@ github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ
 github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
 github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
 github.com/go-redis/redis v6.15.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg=
+github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-redis/redis/v7 v7.4.1 h1:PASvf36gyUpr2zdOUS/9Zqc80GbM+9BDyiJSJDDOrTI=
+github.com/go-redis/redis/v7 v7.4.1/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRfnwdHj/Dcg=
+github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
+github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
+github.com/go-redsync/redsync/v4 v4.13.0 h1:49X6GJfnbLGaIpBBREM/zA4uIMDXKAh1NDkvQ1EkZKA=
+github.com/go-redsync/redsync/v4 v4.13.0/go.mod h1:HMW4Q224GZQz6x1Xc7040Yfgacukdzu7ifTDAKiyErQ=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
@@ -397,6 +405,8 @@ github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW
 github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws=
+github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -449,10 +459,15 @@ github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE=
 github.com/h2non/gock v1.2.0/go.mod h1:tNhoxHYW2W42cYkYb1WqzdbYIieALC99kpYr7rH/BQk=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
 github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
@@ -674,6 +689,8 @@ github.com/quasoft/websspi v1.1.2/go.mod h1:HmVdl939dQ0WIXZhyik+ARdI03M6bQzaSEKc
 github.com/rcrowley/go-metrics v0.0.0-20190826022208-cac0b30c2563/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/redis/go-redis/v9 v9.6.0 h1:NLck+Rab3AOTHw21CGRpvQpgTrAU4sgdCswqGtlhGRA=
 github.com/redis/go-redis/v9 v9.6.0/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
+github.com/redis/rueidis v1.0.19 h1:s65oWtotzlIFN8eMPhyYwxlwLR1lUdhza2KtWprKYSo=
+github.com/redis/rueidis v1.0.19/go.mod h1:8B+r5wdnjwK3lTFml5VtxjzGOQAC+5UmujoD12pDrEo=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rhysd/actionlint v1.7.1 h1:WJaDzyT1StBWVKGSsZPYnbV0HF9Y9/vD6KFdZQL42qE=
@@ -765,6 +782,8 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stvp/tempredis v0.0.0-20181119212430-b82af8480203 h1:QVqDTf3h2WHt08YuiTGPZLls0Wq99X9bWd0Q5ZSBesM=
+github.com/stvp/tempredis v0.0.0-20181119212430-b82af8480203/go.mod h1:oqN97ltKNihBbwlX8dLpwxCl3+HnXKV/R0e+sRLd9C8=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
diff --git a/modules/globallock/globallock.go b/modules/globallock/globallock.go
new file mode 100644
index 00000000000..707d169f05c
--- /dev/null
+++ b/modules/globallock/globallock.go
@@ -0,0 +1,66 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package globallock
+
+import (
+	"context"
+	"sync"
+)
+
+var (
+	defaultLocker Locker
+	initOnce      sync.Once
+	initFunc      = func() {
+		// TODO: read the setting and initialize the default locker.
+		//       Before implementing this, don't use it.
+	} // define initFunc as a variable to make it possible to change it in tests
+)
+
+// DefaultLocker returns the default locker.
+func DefaultLocker() Locker {
+	initOnce.Do(func() {
+		initFunc()
+	})
+	return defaultLocker
+}
+
+// Lock tries to acquire a lock for the given key, it uses the default locker.
+// Read the documentation of Locker.Lock for more information about the behavior.
+func Lock(ctx context.Context, key string) (context.Context, ReleaseFunc, error) {
+	return DefaultLocker().Lock(ctx, key)
+}
+
+// TryLock tries to acquire a lock for the given key, it uses the default locker.
+// Read the documentation of Locker.TryLock for more information about the behavior.
+func TryLock(ctx context.Context, key string) (bool, context.Context, ReleaseFunc, error) {
+	return DefaultLocker().TryLock(ctx, key)
+}
+
+// LockAndDo tries to acquire a lock for the given key and then calls the given function.
+// It uses the default locker, and it will return an error if failed to acquire the lock.
+func LockAndDo(ctx context.Context, key string, f func(context.Context) error) error {
+	ctx, release, err := Lock(ctx, key)
+	if err != nil {
+		return err
+	}
+	defer release()
+
+	return f(ctx)
+}
+
+// TryLockAndDo tries to acquire a lock for the given key and then calls the given function.
+// It uses the default locker, and it will return false if failed to acquire the lock.
+func TryLockAndDo(ctx context.Context, key string, f func(context.Context) error) (bool, error) {
+	ok, ctx, release, err := TryLock(ctx, key)
+	if err != nil {
+		return false, err
+	}
+	defer release()
+
+	if !ok {
+		return false, nil
+	}
+
+	return true, f(ctx)
+}
diff --git a/modules/globallock/globallock_test.go b/modules/globallock/globallock_test.go
new file mode 100644
index 00000000000..88a555c86f3
--- /dev/null
+++ b/modules/globallock/globallock_test.go
@@ -0,0 +1,96 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package globallock
+
+import (
+	"context"
+	"os"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestLockAndDo(t *testing.T) {
+	t.Run("redis", func(t *testing.T) {
+		url := "redis://127.0.0.1:6379/0"
+		if os.Getenv("CI") == "" {
+			// Make it possible to run tests against a local redis instance
+			url = os.Getenv("TEST_REDIS_URL")
+			if url == "" {
+				t.Skip("TEST_REDIS_URL not set and not running in CI")
+				return
+			}
+		}
+
+		oldDefaultLocker := defaultLocker
+		oldInitFunc := initFunc
+		defer func() {
+			defaultLocker = oldDefaultLocker
+			initFunc = oldInitFunc
+			if defaultLocker == nil {
+				initOnce = sync.Once{}
+			}
+		}()
+
+		initOnce = sync.Once{}
+		initFunc = func() {
+			defaultLocker = NewRedisLocker(url)
+		}
+
+		testLockAndDo(t)
+		require.NoError(t, defaultLocker.(*redisLocker).Close())
+	})
+	t.Run("memory", func(t *testing.T) {
+		oldDefaultLocker := defaultLocker
+		oldInitFunc := initFunc
+		defer func() {
+			defaultLocker = oldDefaultLocker
+			initFunc = oldInitFunc
+			if defaultLocker == nil {
+				initOnce = sync.Once{}
+			}
+		}()
+
+		initOnce = sync.Once{}
+		initFunc = func() {
+			defaultLocker = NewMemoryLocker()
+		}
+
+		testLockAndDo(t)
+	})
+}
+
+func testLockAndDo(t *testing.T) {
+	const concurrency = 1000
+
+	ctx := context.Background()
+	count := 0
+	wg := sync.WaitGroup{}
+	wg.Add(concurrency)
+	for i := 0; i < concurrency; i++ {
+		go func() {
+			defer wg.Done()
+			err := LockAndDo(ctx, "test", func(ctx context.Context) error {
+				count++
+
+				// It's impossible to acquire the lock inner the function
+				ok, err := TryLockAndDo(ctx, "test", func(ctx context.Context) error {
+					assert.Fail(t, "should not acquire the lock")
+					return nil
+				})
+				assert.False(t, ok)
+				assert.NoError(t, err)
+
+				return nil
+			})
+			require.NoError(t, err)
+		}()
+	}
+
+	wg.Wait()
+
+	assert.Equal(t, concurrency, count)
+}
diff --git a/modules/globallock/locker.go b/modules/globallock/locker.go
new file mode 100644
index 00000000000..b0764cd71cd
--- /dev/null
+++ b/modules/globallock/locker.go
@@ -0,0 +1,60 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package globallock
+
+import (
+	"context"
+	"fmt"
+)
+
+type Locker interface {
+	// Lock tries to acquire a lock for the given key, it blocks until the lock is acquired or the context is canceled.
+	//
+	// Lock returns a new context which should be used in the following code.
+	// The new context will be canceled when the lock is released or lost - yes, it's possible to lose a lock.
+	// For example, it lost the connection to the redis server while holding the lock.
+	// If it fails to acquire the lock, the returned context will be the same as the input context.
+	//
+	// Lock returns a ReleaseFunc to release the lock, it cannot be nil.
+	// It's always safe to call this function even if it fails to acquire the lock, and it will do nothing in that case.
+	// And it's also safe to call it multiple times, but it will only release the lock once.
+	// That's why it's called ReleaseFunc, not UnlockFunc.
+	// But be aware that it's not safe to not call it at all; it could lead to a memory leak.
+	// So a recommended pattern is to use defer to call it:
+	//   ctx, release, err := locker.Lock(ctx, "key")
+	//   if err != nil {
+	//     return err
+	//   }
+	//   defer release()
+	// The ReleaseFunc will return the original context which was used to acquire the lock.
+	// It's useful when you want to continue to do something after releasing the lock.
+	// At that time, the ctx will be canceled, and you can use the returned context by the ReleaseFunc to continue:
+	//   ctx, release, err := locker.Lock(ctx, "key")
+	//   if err != nil {
+	//     return err
+	//   }
+	//   defer release()
+	//   doSomething(ctx)
+	//   ctx = release()
+	//   doSomethingElse(ctx)
+	// Please ignore it and use `defer release()` instead if you don't need this, to avoid forgetting to release the lock.
+	//
+	// Lock returns an error if failed to acquire the lock.
+	// Be aware that even the context is not canceled, it's still possible to fail to acquire the lock.
+	// For example, redis is down, or it reached the maximum number of tries.
+	Lock(ctx context.Context, key string) (context.Context, ReleaseFunc, error)
+
+	// TryLock tries to acquire a lock for the given key, it returns immediately.
+	// It follows the same pattern as Lock, but it doesn't block.
+	// And if it fails to acquire the lock because it's already locked, not other reasons like redis is down,
+	// it will return false without any error.
+	TryLock(ctx context.Context, key string) (bool, context.Context, ReleaseFunc, error)
+}
+
+// ReleaseFunc is a function that releases a lock.
+// It returns the original context which was used to acquire the lock.
+type ReleaseFunc func() context.Context
+
+// ErrLockReleased is used as context cause when a lock is released
+var ErrLockReleased = fmt.Errorf("lock released")
diff --git a/modules/globallock/locker_test.go b/modules/globallock/locker_test.go
new file mode 100644
index 00000000000..15a3c65bb07
--- /dev/null
+++ b/modules/globallock/locker_test.go
@@ -0,0 +1,211 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package globallock
+
+import (
+	"context"
+	"os"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/go-redsync/redsync/v4"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestLocker(t *testing.T) {
+	t.Run("redis", func(t *testing.T) {
+		url := "redis://127.0.0.1:6379/0"
+		if os.Getenv("CI") == "" {
+			// Make it possible to run tests against a local redis instance
+			url = os.Getenv("TEST_REDIS_URL")
+			if url == "" {
+				t.Skip("TEST_REDIS_URL not set and not running in CI")
+				return
+			}
+		}
+		oldExpiry := redisLockExpiry
+		redisLockExpiry = 5 * time.Second // make it shorter for testing
+		defer func() {
+			redisLockExpiry = oldExpiry
+		}()
+
+		locker := NewRedisLocker(url)
+		testLocker(t, locker)
+		testRedisLocker(t, locker.(*redisLocker))
+		require.NoError(t, locker.(*redisLocker).Close())
+	})
+	t.Run("memory", func(t *testing.T) {
+		locker := NewMemoryLocker()
+		testLocker(t, locker)
+		testMemoryLocker(t, locker.(*memoryLocker))
+	})
+}
+
+func testLocker(t *testing.T, locker Locker) {
+	t.Run("lock", func(t *testing.T) {
+		parentCtx := context.Background()
+		ctx, release, err := locker.Lock(parentCtx, "test")
+		defer release()
+
+		assert.NotEqual(t, parentCtx, ctx) // new context should be returned
+		assert.NoError(t, err)
+
+		func() {
+			parentCtx, cancel := context.WithTimeout(context.Background(), time.Second)
+			defer cancel()
+			ctx, release, err := locker.Lock(parentCtx, "test")
+			defer release()
+
+			assert.Error(t, err)
+			assert.Equal(t, parentCtx, ctx) // should return the same context
+		}()
+
+		release()
+		assert.Error(t, ctx.Err())
+
+		func() {
+			_, release, err := locker.Lock(context.Background(), "test")
+			defer release()
+
+			assert.NoError(t, err)
+		}()
+	})
+
+	t.Run("try lock", func(t *testing.T) {
+		parentCtx := context.Background()
+		ok, ctx, release, err := locker.TryLock(parentCtx, "test")
+		defer release()
+
+		assert.True(t, ok)
+		assert.NotEqual(t, parentCtx, ctx) // new context should be returned
+		assert.NoError(t, err)
+
+		func() {
+			parentCtx, cancel := context.WithTimeout(context.Background(), time.Second)
+			defer cancel()
+			ok, ctx, release, err := locker.TryLock(parentCtx, "test")
+			defer release()
+
+			assert.False(t, ok)
+			assert.NoError(t, err)
+			assert.Equal(t, parentCtx, ctx) // should return the same context
+		}()
+
+		release()
+		assert.Error(t, ctx.Err())
+
+		func() {
+			ok, _, release, _ := locker.TryLock(context.Background(), "test")
+			defer release()
+
+			assert.True(t, ok)
+		}()
+	})
+
+	t.Run("wait and acquired", func(t *testing.T) {
+		ctx := context.Background()
+		_, release, err := locker.Lock(ctx, "test")
+		require.NoError(t, err)
+
+		wg := &sync.WaitGroup{}
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			started := time.Now()
+			_, release, err := locker.Lock(context.Background(), "test") // should be blocked for seconds
+			defer release()
+			assert.Greater(t, time.Since(started), time.Second)
+			assert.NoError(t, err)
+		}()
+
+		time.Sleep(2 * time.Second)
+		release()
+
+		wg.Wait()
+	})
+
+	t.Run("continue after release", func(t *testing.T) {
+		ctx := context.Background()
+
+		ctxBeforeLock := ctx
+		ctx, release, err := locker.Lock(ctx, "test")
+
+		require.NoError(t, err)
+		assert.NoError(t, ctx.Err())
+		assert.NotEqual(t, ctxBeforeLock, ctx)
+
+		ctxBeforeRelease := ctx
+		ctx = release()
+
+		assert.NoError(t, ctx.Err())
+		assert.Error(t, ctxBeforeRelease.Err())
+
+		// so it can continue with ctx to do more work
+	})
+
+	t.Run("multiple release", func(t *testing.T) {
+		ctx := context.Background()
+
+		_, release1, err := locker.Lock(ctx, "test")
+		require.NoError(t, err)
+
+		release1()
+
+		_, release2, err := locker.Lock(ctx, "test")
+		defer release2()
+		require.NoError(t, err)
+
+		// Call release1 again,
+		// it should not panic or block,
+		// and it shouldn't affect the other lock
+		release1()
+
+		ok, _, release3, err := locker.TryLock(ctx, "test")
+		defer release3()
+		require.NoError(t, err)
+		// It should be able to acquire the lock;
+		// otherwise, it means the lock has been released by release1
+		assert.False(t, ok)
+	})
+}
+
+// testMemoryLocker does specific tests for memoryLocker
+func testMemoryLocker(t *testing.T, locker *memoryLocker) {
+	// nothing to do
+}
+
+// testRedisLocker does specific tests for redisLocker
+func testRedisLocker(t *testing.T, locker *redisLocker) {
+	defer func() {
+		// This case should be tested at the end.
+		// Otherwise, it will affect other tests.
+		t.Run("close", func(t *testing.T) {
+			assert.NoError(t, locker.Close())
+			_, _, err := locker.Lock(context.Background(), "test")
+			assert.Error(t, err)
+		})
+	}()
+
+	t.Run("failed extend", func(t *testing.T) {
+		ctx, release, err := locker.Lock(context.Background(), "test")
+		defer release()
+		require.NoError(t, err)
+
+		// It simulates that there are some problems with extending like network issues or redis server down.
+		v, ok := locker.mutexM.Load("test")
+		require.True(t, ok)
+		m := v.(*redisMutex)
+		_, _ = m.mutex.Unlock() // release it to make it impossible to extend
+
+		select {
+		case <-time.After(redisLockExpiry + time.Second):
+			t.Errorf("lock should be expired")
+		case <-ctx.Done():
+			var errTaken *redsync.ErrTaken
+			assert.ErrorAs(t, context.Cause(ctx), &errTaken)
+		}
+	})
+}
diff --git a/modules/globallock/memory_locker.go b/modules/globallock/memory_locker.go
new file mode 100644
index 00000000000..fb1fc79bd0b
--- /dev/null
+++ b/modules/globallock/memory_locker.go
@@ -0,0 +1,80 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package globallock
+
+import (
+	"context"
+	"sync"
+	"time"
+)
+
+type memoryLocker struct {
+	locks sync.Map
+}
+
+var _ Locker = &memoryLocker{}
+
+func NewMemoryLocker() Locker {
+	return &memoryLocker{}
+}
+
+func (l *memoryLocker) Lock(ctx context.Context, key string) (context.Context, ReleaseFunc, error) {
+	originalCtx := ctx
+
+	if l.tryLock(key) {
+		ctx, cancel := context.WithCancelCause(ctx)
+		releaseOnce := sync.Once{}
+		return ctx, func() context.Context {
+			releaseOnce.Do(func() {
+				l.locks.Delete(key)
+				cancel(ErrLockReleased)
+			})
+			return originalCtx
+		}, nil
+	}
+
+	ticker := time.NewTicker(time.Millisecond * 100)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ctx.Done():
+			return ctx, func() context.Context { return originalCtx }, ctx.Err()
+		case <-ticker.C:
+			if l.tryLock(key) {
+				ctx, cancel := context.WithCancelCause(ctx)
+				releaseOnce := sync.Once{}
+				return ctx, func() context.Context {
+					releaseOnce.Do(func() {
+						l.locks.Delete(key)
+						cancel(ErrLockReleased)
+					})
+					return originalCtx
+				}, nil
+			}
+		}
+	}
+}
+
+func (l *memoryLocker) TryLock(ctx context.Context, key string) (bool, context.Context, ReleaseFunc, error) {
+	originalCtx := ctx
+
+	if l.tryLock(key) {
+		ctx, cancel := context.WithCancelCause(ctx)
+		releaseOnce := sync.Once{}
+		return true, ctx, func() context.Context {
+			releaseOnce.Do(func() {
+				cancel(ErrLockReleased)
+				l.locks.Delete(key)
+			})
+			return originalCtx
+		}, nil
+	}
+
+	return false, ctx, func() context.Context { return originalCtx }, nil
+}
+
+func (l *memoryLocker) tryLock(key string) bool {
+	_, loaded := l.locks.LoadOrStore(key, struct{}{})
+	return !loaded
+}
diff --git a/modules/globallock/redis_locker.go b/modules/globallock/redis_locker.go
new file mode 100644
index 00000000000..34b2fabfb39
--- /dev/null
+++ b/modules/globallock/redis_locker.go
@@ -0,0 +1,154 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package globallock
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"code.gitea.io/gitea/modules/nosql"
+
+	"github.com/go-redsync/redsync/v4"
+	"github.com/go-redsync/redsync/v4/redis/goredis/v9"
+)
+
+const redisLockKeyPrefix = "gitea:globallock:"
+
+// redisLockExpiry is the default expiry time for a lock.
+// Define it as a variable to make it possible to change it in tests.
+var redisLockExpiry = 30 * time.Second
+
+type redisLocker struct {
+	rs *redsync.Redsync
+
+	mutexM   sync.Map
+	closed   atomic.Bool
+	extendWg sync.WaitGroup
+}
+
+var _ Locker = &redisLocker{}
+
+func NewRedisLocker(connection string) Locker {
+	l := &redisLocker{
+		rs: redsync.New(
+			goredis.NewPool(
+				nosql.GetManager().GetRedisClient(connection),
+			),
+		),
+	}
+
+	l.extendWg.Add(1)
+	l.startExtend()
+
+	return l
+}
+
+func (l *redisLocker) Lock(ctx context.Context, key string) (context.Context, ReleaseFunc, error) {
+	return l.lock(ctx, key, 0)
+}
+
+func (l *redisLocker) TryLock(ctx context.Context, key string) (bool, context.Context, ReleaseFunc, error) {
+	ctx, f, err := l.lock(ctx, key, 1)
+
+	var (
+		errTaken     *redsync.ErrTaken
+		errNodeTaken *redsync.ErrNodeTaken
+	)
+	if errors.As(err, &errTaken) || errors.As(err, &errNodeTaken) {
+		return false, ctx, f, nil
+	}
+	return err == nil, ctx, f, err
+}
+
+// Close closes the locker.
+// It will stop extending the locks and refuse to acquire new locks.
+// In actual use, it is not necessary to call this function.
+// But it's useful in tests to release resources.
+// It could take some time since it waits for the extending goroutine to finish.
+func (l *redisLocker) Close() error {
+	l.closed.Store(true)
+	l.extendWg.Wait()
+	return nil
+}
+
+type redisMutex struct {
+	mutex  *redsync.Mutex
+	cancel context.CancelCauseFunc
+}
+
+func (l *redisLocker) lock(ctx context.Context, key string, tries int) (context.Context, ReleaseFunc, error) {
+	if l.closed.Load() {
+		return ctx, func() context.Context { return ctx }, fmt.Errorf("locker is closed")
+	}
+
+	originalCtx := ctx
+
+	options := []redsync.Option{
+		redsync.WithExpiry(redisLockExpiry),
+	}
+	if tries > 0 {
+		options = append(options, redsync.WithTries(tries))
+	}
+	mutex := l.rs.NewMutex(redisLockKeyPrefix+key, options...)
+	if err := mutex.LockContext(ctx); err != nil {
+		return ctx, func() context.Context { return originalCtx }, err
+	}
+
+	ctx, cancel := context.WithCancelCause(ctx)
+
+	l.mutexM.Store(key, &redisMutex{
+		mutex:  mutex,
+		cancel: cancel,
+	})
+
+	releaseOnce := sync.Once{}
+	return ctx, func() context.Context {
+		releaseOnce.Do(func() {
+			l.mutexM.Delete(key)
+
+			// It's safe to ignore the error here,
+			// if it failed to unlock, it will be released automatically after the lock expires.
+			// Do not call mutex.UnlockContext(ctx) here, or it will fail to release when ctx has timed out.
+			_, _ = mutex.Unlock()
+
+			cancel(ErrLockReleased)
+		})
+		return originalCtx
+	}, nil
+}
+
+func (l *redisLocker) startExtend() {
+	if l.closed.Load() {
+		l.extendWg.Done()
+		return
+	}
+
+	toExtend := make([]*redisMutex, 0)
+	l.mutexM.Range(func(_, value any) bool {
+		m := value.(*redisMutex)
+
+		// Extend the lock if it is not expired.
+		// Although the mutex will be removed from the map before it is released,
+		// it still can be expired because of a failed extension.
+		// If it happens, the cancel function should have been called,
+		// so it does not need to be extended anymore.
+		if time.Now().After(m.mutex.Until()) {
+			return true
+		}
+
+		toExtend = append(toExtend, m)
+		return true
+	})
+	for _, v := range toExtend {
+		if ok, err := v.mutex.Extend(); !ok {
+			v.cancel(err)
+		}
+	}
+
+	time.AfterFunc(redisLockExpiry/2, l.startExtend)
+}

From 521d91944ed10add89f435efd2e3df17d8af2d51 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Tue, 27 Aug 2024 00:28:30 +0000
Subject: [PATCH 028/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_zh-CN.ini | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 3a6dadf9f86..d8897735c2a 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -206,7 +206,7 @@ buttons.list.unordered.tooltip=添加待办清单
 buttons.list.ordered.tooltip=添加编号列表
 buttons.list.task.tooltip=添加任务列表
 buttons.mention.tooltip=提及用户或团队
-buttons.ref.tooltip=引用一个问题或拉取请求
+buttons.ref.tooltip=引用一个问题或合并请求
 buttons.switch_to_legacy.tooltip=使用旧版编辑器
 buttons.enable_monospace_font=启用等宽字体
 buttons.disable_monospace_font=禁用等宽字体
@@ -1752,8 +1752,9 @@ compare.compare_head=比较
 pulls.desc=启用合并请求和代码评审。
 pulls.new=创建合并请求
 pulls.new.blocked_user=无法创建合并请求，因为您已被仓库所有者屏蔽。
+pulls.new.must_collaborator=您必须是仓库的协作者才能创建合并请求。
 pulls.edit.already_changed=无法保存对合并请求的更改。其内容似乎已被其他用户更改。 请刷新页面并重新编辑以避免覆盖他们的更改
-pulls.view=查看拉取请求
+pulls.view=查看合并请求
 pulls.compare_changes=创建合并请求
 pulls.allow_edits_from_maintainers=允许维护者编辑
 pulls.allow_edits_from_maintainers_desc=对基础分支有写入权限的用户也可以推送到此分支
@@ -1830,8 +1831,8 @@ pulls.wrong_commit_id=提交 id 必须在目标分支 上
 pulls.no_merge_desc=由于未启用合并选项，此合并请求无法被合并。
 pulls.no_merge_helper=在仓库设置中启用合并选项或者手工合并请求。
 pulls.no_merge_wip=这个合并请求无法合并，因为被标记为尚未完成的工作。
-pulls.no_merge_not_ready=此拉取请求尚未准备好合并，请检查审核状态和状态检查。
-pulls.no_merge_access=您无权合并此拉取请求。
+pulls.no_merge_not_ready=此合并请求尚未准备好合并，请检查审核状态和状态检查。
+pulls.no_merge_access=您无权合并此合并请求。
 pulls.merge_pull_request=创建合并提交
 pulls.rebase_merge_pull_request=变基后快进
 pulls.rebase_merge_commit_pull_request=变基后创建合并提交
@@ -1876,6 +1877,7 @@ pulls.cmd_instruction_checkout_title=检出
 pulls.cmd_instruction_checkout_desc=从你的仓库中检出一个新的分支并测试变更。
 pulls.cmd_instruction_merge_title=合并
 pulls.cmd_instruction_merge_desc=合并变更并更新到 Gitea 上
+pulls.cmd_instruction_merge_warning=警告：此操作不能合并该合并请求，因为“自动检测手动合并”未启用
 pulls.clear_merge_message=清除合并信息
 pulls.clear_merge_message_hint=清除合并消息只会删除提交消息内容，并保留生成的 git 附加内容，如“Co-Authored-By …”。
 
@@ -1888,11 +1890,11 @@ pulls.auto_merge_cancel_schedule=取消自动合并
 pulls.auto_merge_not_scheduled=此合并请求没有计划自动合并。
 pulls.auto_merge_canceled_schedule=此合并请求的自动合并已取消。
 
-pulls.auto_merge_newly_scheduled_comment=`已于 %[1]s 设置此拉取请求在所有检查成功后自动合并`
+pulls.auto_merge_newly_scheduled_comment=`已于 %[1]s 设置此合并请求在所有检查成功后自动合并`
 pulls.auto_merge_canceled_schedule_comment=`已于 %[1]s 取消了自动合并设置 `
 
-pulls.delete.title=删除此拉取请求？
-pulls.delete.text=你真的要删除这个拉取请求吗？ (这将永久删除所有内容。如果你打算将内容存档，请考虑关闭它)
+pulls.delete.title=删除此合并请求？
+pulls.delete.text=你真的要删除这个合并请求吗？ (这将永久删除所有内容。如果你打算将内容存档，请考虑关闭它)
 
 pulls.recently_pushed_new_branches=您已经于%[2]s推送了分支 <strong>%[1]s</strong>
 
@@ -2125,7 +2127,7 @@ settings.allow_only_contributors_to_track_time=仅允许成员跟踪时间
 settings.pulls_desc=启用合并请求
 settings.pulls.ignore_whitespace=忽略空白冲突
 settings.pulls.enable_autodetect_manual_merge=启用自动检测手动合并 (注意：在某些特殊情况下可能发生错误判断)
-settings.pulls.allow_rebase_update=允许通过变基更新拉取请求分支
+settings.pulls.allow_rebase_update=允许通过变基更新合并请求分支
 settings.pulls.default_delete_branch_after_merge=默认合并后删除合并请求分支
 settings.pulls.default_allow_edits_from_maintainers=默认开启允许维护者编辑
 settings.releases_desc=启用发布
@@ -2375,7 +2377,7 @@ settings.protect_status_check_matched=匹配
 settings.protect_invalid_status_check_pattern=无效的状态检查规则：“%s”。
 settings.protect_no_valid_status_check_patterns=没有有效的状态检查规则。
 settings.protect_required_approvals=所需的批准：
-settings.protect_required_approvals_desc=只允许合并有足够审核人数的拉取请求。
+settings.protect_required_approvals_desc=只允许合并有足够审核人数的合并请求。
 settings.dismiss_stale_approvals=取消过时的批准
 settings.dismiss_stale_approvals_desc=当新的提交更改合并请求内容被推送到分支时，旧的批准将被撤销。
 settings.ignore_stale_approvals=忽略过期批准
@@ -2400,7 +2402,7 @@ settings.block_rejected_reviews=拒绝审核阻止了此合并
 settings.block_rejected_reviews_desc=如果官方审查人员要求作出改动，即使有足够的批准，合并也不允许。
 settings.block_on_official_review_requests=有官方审核阻止了代码合并
 settings.block_on_official_review_requests_desc=处于评审状态时，即使有足够的批准，也不能合并。
-settings.block_outdated_branch=如果拉取请求已经过时，阻止合并
+settings.block_outdated_branch=如果合并请求已经过时，阻止合并
 settings.block_outdated_branch_desc=当头部分支落后基础分支时，不能合并。
 settings.default_branch_desc=请选择一个默认的分支用于合并请求和提交：
 settings.merge_style_desc=合并方式

From 39d2fdefaf0dd42aa5e3ee8d3ea0a84b40c005f5 Mon Sep 17 00:00:00 2001
From: a1012112796 <1012112796@qq.com>
Date: Tue, 27 Aug 2024 10:54:12 +0800
Subject: [PATCH 029/129] Split org Propfile README to a new tab `overview`
 (#31373)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

like user profile, add a new overviw tab to show profile READEME when it
is exist.

replace #31349 (another solution option)

example view:
![屏幕截图 2024-06-14
094116](https://github.com/go-gitea/gitea/assets/25342410/3303a1f2-ae02-48e0-9519-7fa11e65657f)
![屏幕截图 2024-06-14
094101](https://github.com/go-gitea/gitea/assets/25342410/7a4a5a48-dc2b-4ad4-b2a2-9ea4ab5d5808)

---------

Signed-off-by: a1012112796 <1012112796@qq.com>
---
 routers/web/org/home.go           | 75 ++++++++++++++++++-------------
 routers/web/org/members.go        |  4 +-
 routers/web/org/teams.go          |  4 +-
 routers/web/shared/user/header.go | 12 +++++
 routers/web/web.go                |  2 +
 templates/org/menu.tmpl           |  7 ++-
 6 files changed, 67 insertions(+), 37 deletions(-)

diff --git a/routers/web/org/home.go b/routers/web/org/home.go
index 77d49f5b78f..366a7b20de4 100644
--- a/routers/web/org/home.go
+++ b/routers/web/org/home.go
@@ -13,7 +13,6 @@ import (
 	"code.gitea.io/gitea/models/organization"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/base"
-	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/markdown"
@@ -42,6 +41,14 @@ func Home(ctx *context.Context) {
 		return
 	}
 
+	home(ctx, false)
+}
+
+func Repositories(ctx *context.Context) {
+	home(ctx, true)
+}
+
+func home(ctx *context.Context, viewRepositories bool) {
 	org := ctx.Org.Organization
 
 	ctx.Data["PageIsUserProfile"] = true
@@ -101,10 +108,34 @@ func Home(ctx *context.Context) {
 	private := ctx.FormOptionalBool("private")
 	ctx.Data["IsPrivate"] = private
 
+	err := shared_user.LoadHeaderCount(ctx)
+	if err != nil {
+		ctx.ServerError("LoadHeaderCount", err)
+		return
+	}
+
+	opts := &organization.FindOrgMembersOpts{
+		OrgID:       org.ID,
+		PublicOnly:  ctx.Org.PublicMemberOnly,
+		ListOptions: db.ListOptions{Page: 1, PageSize: 25},
+	}
+	members, _, err := organization.FindOrgMembers(ctx, opts)
+	if err != nil {
+		ctx.ServerError("FindOrgMembers", err)
+		return
+	}
+	ctx.Data["Members"] = members
+	ctx.Data["Teams"] = ctx.Org.Teams
+	ctx.Data["DisableNewPullMirrors"] = setting.Mirror.DisableNewPull
+	ctx.Data["ShowMemberAndTeamTab"] = ctx.Org.IsMember || len(members) > 0
+
+	if !prepareOrgProfileReadme(ctx, viewRepositories) {
+		ctx.Data["PageIsViewRepositories"] = true
+	}
+
 	var (
 		repos []*repo_model.Repository
 		count int64
-		err   error
 	)
 	repos, count, err = repo_model.SearchRepository(ctx, &repo_model.SearchRepoOptions{
 		ListOptions: db.ListOptions{
@@ -129,29 +160,8 @@ func Home(ctx *context.Context) {
 		return
 	}
 
-	opts := &organization.FindOrgMembersOpts{
-		OrgID:       org.ID,
-		PublicOnly:  ctx.Org.PublicMemberOnly,
-		ListOptions: db.ListOptions{Page: 1, PageSize: 25},
-	}
-	members, _, err := organization.FindOrgMembers(ctx, opts)
-	if err != nil {
-		ctx.ServerError("FindOrgMembers", err)
-		return
-	}
-
 	ctx.Data["Repos"] = repos
 	ctx.Data["Total"] = count
-	ctx.Data["Members"] = members
-	ctx.Data["Teams"] = ctx.Org.Teams
-	ctx.Data["DisableNewPullMirrors"] = setting.Mirror.DisableNewPull
-	ctx.Data["PageIsViewRepositories"] = true
-
-	err = shared_user.LoadHeaderCount(ctx)
-	if err != nil {
-		ctx.ServerError("LoadHeaderCount", err)
-		return
-	}
 
 	pager := context.NewPagination(int(count), setting.UI.User.RepoPagingNum, page, 5)
 	pager.SetDefaultParams(ctx)
@@ -173,18 +183,16 @@ func Home(ctx *context.Context) {
 	}
 	ctx.Data["Page"] = pager
 
-	ctx.Data["ShowMemberAndTeamTab"] = ctx.Org.IsMember || len(members) > 0
-
-	profileDbRepo, profileGitRepo, profileReadmeBlob, profileClose := shared_user.FindUserProfileReadme(ctx, ctx.Doer)
-	defer profileClose()
-	prepareOrgProfileReadme(ctx, profileGitRepo, profileDbRepo, profileReadmeBlob)
-
 	ctx.HTML(http.StatusOK, tplOrgHome)
 }
 
-func prepareOrgProfileReadme(ctx *context.Context, profileGitRepo *git.Repository, profileDbRepo *repo_model.Repository, profileReadme *git.Blob) {
-	if profileGitRepo == nil || profileReadme == nil {
-		return
+func prepareOrgProfileReadme(ctx *context.Context, viewRepositories bool) bool {
+	profileDbRepo, profileGitRepo, profileReadme, profileClose := shared_user.FindUserProfileReadme(ctx, ctx.Doer)
+	defer profileClose()
+	ctx.Data["HasProfileReadme"] = profileReadme != nil
+
+	if profileGitRepo == nil || profileReadme == nil || viewRepositories {
+		return false
 	}
 
 	if bytes, err := profileReadme.GetBlobContent(setting.UI.MaxDisplayFileSize); err != nil {
@@ -206,4 +214,7 @@ func prepareOrgProfileReadme(ctx *context.Context, profileGitRepo *git.Repositor
 			ctx.Data["ProfileReadme"] = profileContent
 		}
 	}
+
+	ctx.Data["PageIsViewOverview"] = true
+	return true
 }
diff --git a/routers/web/org/members.go b/routers/web/org/members.go
index 58d0b9b8c40..8ff75b06511 100644
--- a/routers/web/org/members.go
+++ b/routers/web/org/members.go
@@ -54,9 +54,9 @@ func Members(ctx *context.Context) {
 		return
 	}
 
-	err = shared_user.LoadHeaderCount(ctx)
+	err = shared_user.RenderOrgHeader(ctx)
 	if err != nil {
-		ctx.ServerError("LoadHeaderCount", err)
+		ctx.ServerError("RenderOrgHeader", err)
 		return
 	}
 
diff --git a/routers/web/org/teams.go b/routers/web/org/teams.go
index aaac1177ae1..31b9601ce79 100644
--- a/routers/web/org/teams.go
+++ b/routers/web/org/teams.go
@@ -59,9 +59,9 @@ func Teams(ctx *context.Context) {
 	}
 	ctx.Data["Teams"] = ctx.Org.Teams
 
-	err := shared_user.LoadHeaderCount(ctx)
+	err := shared_user.RenderOrgHeader(ctx)
 	if err != nil {
-		ctx.ServerError("LoadHeaderCount", err)
+		ctx.ServerError("RenderOrgHeader", err)
 		return
 	}
 
diff --git a/routers/web/shared/user/header.go b/routers/web/shared/user/header.go
index 7531e1ba268..ef111cff806 100644
--- a/routers/web/shared/user/header.go
+++ b/routers/web/shared/user/header.go
@@ -162,3 +162,15 @@ func LoadHeaderCount(ctx *context.Context) error {
 
 	return nil
 }
+
+func RenderOrgHeader(ctx *context.Context) error {
+	if err := LoadHeaderCount(ctx); err != nil {
+		return err
+	}
+
+	_, _, profileReadmeBlob, profileClose := FindUserProfileReadme(ctx, ctx.Doer)
+	defer profileClose()
+	ctx.Data["HasProfileReadme"] = profileReadmeBlob != nil
+
+	return nil
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index 4e917b5ede6..98b4252cb9b 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -995,6 +995,8 @@ func registerRoutes(m *web.Router) {
 			}, context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))
 		}
 
+		m.Get("/repositories", org.Repositories)
+
 		m.Group("/projects", func() {
 			m.Group("", func() {
 				m.Get("", org.Projects)
diff --git a/templates/org/menu.tmpl b/templates/org/menu.tmpl
index 698a9559c52..29238f8d6bb 100644
--- a/templates/org/menu.tmpl
+++ b/templates/org/menu.tmpl
@@ -1,7 +1,12 @@
 <div class="ui container">
 	<overflow-menu class="ui secondary pointing tabular borderless menu tw-mb-4">
 		<div class="overflow-menu-items">
-			<a class="{{if .PageIsViewRepositories}}active {{end}}item" href="{{$.Org.HomeLink}}">
+			{{if .HasProfileReadme}}
+				<a class="{{if .PageIsViewOverview}}active {{end}}item" href="{{$.Org.HomeLink}}">
+					{{svg "octicon-info"}} {{ctx.Locale.Tr "user.overview"}}
+				</a>
+			{{end}}
+			<a class="{{if .PageIsViewRepositories}}active {{end}}item" href="{{$.Org.HomeLink}}{{if .HasProfileReadme}}/-/repositories{{end}}">
 				{{svg "octicon-repo"}} {{ctx.Locale.Tr "user.repositories"}}
 				{{if .RepoCount}}
 					<div class="ui small label">{{.RepoCount}}</div>

From 7207d93f01f0cd796e1b9e0156798990846d894b Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Wed, 28 Aug 2024 18:32:38 +0200
Subject: [PATCH 030/129] Fix a number of Typescript issues (#31877)

Typescript error count is reduced from 633 to 540 with this. No runtime
changes except in test code.
---
 types.d.ts                       | 52 +++++++++++++++++++++++++-------
 web_src/js/htmx.ts               |  9 +++---
 web_src/js/index.ts              |  4 +--
 web_src/js/render/ansi.ts        |  4 +--
 web_src/js/standalone/swagger.ts |  2 +-
 web_src/js/svg.test.ts           |  2 +-
 web_src/js/types.ts              |  7 +++++
 web_src/js/utils.test.ts         | 15 ++++-----
 web_src/js/utils.ts              | 47 +++++++++++++++--------------
 web_src/js/utils/color.ts        |  8 ++---
 web_src/js/utils/dom.ts          |  4 +--
 web_src/js/utils/image.ts        | 16 ++++++++--
 web_src/js/utils/match.ts        |  8 ++---
 web_src/js/utils/time.ts         | 24 ++++++++++-----
 web_src/js/utils/url.ts          |  6 ++--
 web_src/js/vitest.setup.ts       | 12 ++++++--
 16 files changed, 141 insertions(+), 79 deletions(-)

diff --git a/types.d.ts b/types.d.ts
index a8dc09e0643..68081af606a 100644
--- a/types.d.ts
+++ b/types.d.ts
@@ -10,22 +10,52 @@ declare module '*.css' {
 
 declare let __webpack_public_path__: string;
 
-interface Window {
-  config: import('./web_src/js/types.ts').Config;
-  $: typeof import('@types/jquery'),
-  jQuery: typeof import('@types/jquery'),
-  htmx: typeof import('htmx.org'),
-  _globalHandlerErrors: Array<ErrorEvent & PromiseRejectionEvent> & {
-    _inited: boolean,
-    push: (e: ErrorEvent & PromiseRejectionEvent) => void | number,
-  },
-}
-
 declare module 'htmx.org/dist/htmx.esm.js' {
   const value = await import('htmx.org');
   export default value;
 }
 
+declare module 'uint8-to-base64' {
+  export function encode(arrayBuffer: ArrayBuffer): string;
+  export function decode(base64str: string): ArrayBuffer;
+}
+
+declare module 'swagger-ui-dist/swagger-ui-es-bundle.js' {
+  const value = await import('swagger-ui-dist');
+  export default value.SwaggerUIBundle;
+}
+
+interface JQuery {
+  api: any, // fomantic
+  areYouSure: any, // jquery.are-you-sure
+  dimmer: any, // fomantic
+  dropdown: any; // fomantic
+  modal: any; // fomantic
+  tab: any; // fomantic
+  transition: any, // fomantic
+}
+
+interface JQueryStatic {
+  api: any, // fomantic
+}
+
 interface Element {
   _tippy: import('tippy.js').Instance;
 }
+
+type Writable<T> = { -readonly [K in keyof T]: T[K] };
+
+interface Window {
+  config: import('./web_src/js/types.ts').Config;
+  $: typeof import('@types/jquery'),
+  jQuery: typeof import('@types/jquery'),
+  htmx: Omit<typeof import('htmx.org/dist/htmx.esm.js').default, 'config'> & {
+    config?: Writable<typeof import('htmx.org').default.config>,
+  },
+  ui?: any,
+  _globalHandlerErrors: Array<ErrorEvent & PromiseRejectionEvent> & {
+    _inited: boolean,
+    push: (e: ErrorEvent & PromiseRejectionEvent) => void | number,
+  },
+  __webpack_public_path__: string;
+}
diff --git a/web_src/js/htmx.ts b/web_src/js/htmx.ts
index bfc21477360..d4f317ee5a5 100644
--- a/web_src/js/htmx.ts
+++ b/web_src/js/htmx.ts
@@ -1,20 +1,21 @@
 import {showErrorToast} from './modules/toast.ts';
+import 'idiomorph/dist/idiomorph-ext.js'; // https://github.com/bigskysoftware/idiomorph#htmx
+import type {HtmxResponseInfo} from 'htmx.org';
 
-// https://github.com/bigskysoftware/idiomorph#htmx
-import 'idiomorph/dist/idiomorph-ext.js';
+type HtmxEvent = Event & {detail: HtmxResponseInfo};
 
 // https://htmx.org/reference/#config
 window.htmx.config.requestClass = 'is-loading';
 window.htmx.config.scrollIntoViewOnBoost = false;
 
 // https://htmx.org/events/#htmx:sendError
-document.body.addEventListener('htmx:sendError', (event) => {
+document.body.addEventListener('htmx:sendError', (event: HtmxEvent) => {
   // TODO: add translations
   showErrorToast(`Network error when calling ${event.detail.requestConfig.path}`);
 });
 
 // https://htmx.org/events/#htmx:responseError
-document.body.addEventListener('htmx:responseError', (event) => {
+document.body.addEventListener('htmx:responseError', (event: HtmxEvent) => {
   // TODO: add translations
   showErrorToast(`Error ${event.detail.xhr.status} when calling ${event.detail.requestConfig.path}`);
 });
diff --git a/web_src/js/index.ts b/web_src/js/index.ts
index 2bdc8655fe3..db678a25ba3 100644
--- a/web_src/js/index.ts
+++ b/web_src/js/index.ts
@@ -98,12 +98,12 @@ initGiteaFomantic();
 initDirAuto();
 initSubmitEventPolyfill();
 
-function callInitFunctions(functions) {
+function callInitFunctions(functions: (() => any)[]) {
   // Start performance trace by accessing a URL by "https://localhost/?_ui_performance_trace=1" or "https://localhost/?key=value&_ui_performance_trace=1"
   // It is a quick check, no side effect so no need to do slow URL parsing.
   const initStart = performance.now();
   if (window.location.search.includes('_ui_performance_trace=1')) {
-    let results = [];
+    let results: {name: string, dur: number}[] = [];
     for (const func of functions) {
       const start = performance.now();
       func();
diff --git a/web_src/js/render/ansi.ts b/web_src/js/render/ansi.ts
index bb622dd1eba..685e916c9a7 100644
--- a/web_src/js/render/ansi.ts
+++ b/web_src/js/render/ansi.ts
@@ -1,12 +1,12 @@
 import {AnsiUp} from 'ansi_up';
 
-const replacements = [
+const replacements: Array<[RegExp, string]> = [
   [/\x1b\[\d+[A-H]/g, ''], // Move cursor, treat them as no-op
   [/\x1b\[\d?[JK]/g, '\r'], // Erase display/line, treat them as a Carriage Return
 ];
 
 // render ANSI to HTML
-export function renderAnsi(line) {
+export function renderAnsi(line: string): string {
   // create a fresh ansi_up instance because otherwise previous renders can influence
   // the output of future renders, because ansi_up is stateful and remembers things like
   // unclosed opening tags for colors.
diff --git a/web_src/js/standalone/swagger.ts b/web_src/js/standalone/swagger.ts
index 29288131676..63b676b2ea0 100644
--- a/web_src/js/standalone/swagger.ts
+++ b/web_src/js/standalone/swagger.ts
@@ -8,7 +8,7 @@ window.addEventListener('load', async () => {
 
   // Make the page's protocol be at the top of the schemes list
   const proto = window.location.protocol.slice(0, -1);
-  spec.schemes.sort((a, b) => {
+  spec.schemes.sort((a: string, b: string) => {
     if (a === proto) return -1;
     if (b === proto) return 1;
     return 0;
diff --git a/web_src/js/svg.test.ts b/web_src/js/svg.test.ts
index 015758a2715..7f3e0496ec9 100644
--- a/web_src/js/svg.test.ts
+++ b/web_src/js/svg.test.ts
@@ -17,7 +17,7 @@ test('svgParseOuterInner', () => {
 test('SvgIcon', () => {
   const root = document.createElement('div');
   createApp({render: () => h(SvgIcon, {name: 'octicon-link', size: 24, class: 'base', className: 'extra'})}).mount(root);
-  const node = root.firstChild;
+  const node = root.firstChild as Element;
   expect(node.nodeName).toEqual('svg');
   expect(node.getAttribute('width')).toEqual('24');
   expect(node.getAttribute('height')).toEqual('24');
diff --git a/web_src/js/types.ts b/web_src/js/types.ts
index 3bd1c072a8a..f3ac305162b 100644
--- a/web_src/js/types.ts
+++ b/web_src/js/types.ts
@@ -29,3 +29,10 @@ export type RequestData = string | FormData | URLSearchParams;
 export type RequestOpts = {
   data?: RequestData,
 } & RequestInit;
+
+export type IssueData = {
+  owner: string,
+  repo: string,
+  type: string,
+  index: string,
+}
diff --git a/web_src/js/utils.test.ts b/web_src/js/utils.test.ts
index 4c09f49ba8f..55896706fff 100644
--- a/web_src/js/utils.test.ts
+++ b/web_src/js/utils.test.ts
@@ -95,23 +95,20 @@ test('toAbsoluteUrl', () => {
 });
 
 test('encodeURLEncodedBase64, decodeURLEncodedBase64', () => {
-  // TextEncoder is Node.js API while Uint8Array is jsdom API and their outputs are not
-  // structurally comparable, so we convert to array to compare. The conversion can be
-  // removed once https://github.com/jsdom/jsdom/issues/2524 is resolved.
   const encoder = new TextEncoder();
   const uint8array = encoder.encode.bind(encoder);
 
   expect(encodeURLEncodedBase64(uint8array('AA?'))).toEqual('QUE_'); // standard base64: "QUE/"
   expect(encodeURLEncodedBase64(uint8array('AA~'))).toEqual('QUF-'); // standard base64: "QUF+"
 
-  expect(Array.from(decodeURLEncodedBase64('QUE/'))).toEqual(Array.from(uint8array('AA?')));
-  expect(Array.from(decodeURLEncodedBase64('QUF+'))).toEqual(Array.from(uint8array('AA~')));
-  expect(Array.from(decodeURLEncodedBase64('QUE_'))).toEqual(Array.from(uint8array('AA?')));
-  expect(Array.from(decodeURLEncodedBase64('QUF-'))).toEqual(Array.from(uint8array('AA~')));
+  expect(new Uint8Array(decodeURLEncodedBase64('QUE/'))).toEqual(uint8array('AA?'));
+  expect(new Uint8Array(decodeURLEncodedBase64('QUF+'))).toEqual(uint8array('AA~'));
+  expect(new Uint8Array(decodeURLEncodedBase64('QUE_'))).toEqual(uint8array('AA?'));
+  expect(new Uint8Array(decodeURLEncodedBase64('QUF-'))).toEqual(uint8array('AA~'));
 
   expect(encodeURLEncodedBase64(uint8array('a'))).toEqual('YQ'); // standard base64: "YQ=="
-  expect(Array.from(decodeURLEncodedBase64('YQ'))).toEqual(Array.from(uint8array('a')));
-  expect(Array.from(decodeURLEncodedBase64('YQ=='))).toEqual(Array.from(uint8array('a')));
+  expect(new Uint8Array(decodeURLEncodedBase64('YQ'))).toEqual(uint8array('a'));
+  expect(new Uint8Array(decodeURLEncodedBase64('YQ=='))).toEqual(uint8array('a'));
 });
 
 test('file detection', () => {
diff --git a/web_src/js/utils.ts b/web_src/js/utils.ts
index 2d40fa20a8c..c52bf500d43 100644
--- a/web_src/js/utils.ts
+++ b/web_src/js/utils.ts
@@ -1,13 +1,14 @@
 import {encode, decode} from 'uint8-to-base64';
+import type {IssueData} from './types.ts';
 
 // transform /path/to/file.ext to file.ext
-export function basename(path) {
+export function basename(path: string): string {
   const lastSlashIndex = path.lastIndexOf('/');
   return lastSlashIndex < 0 ? path : path.substring(lastSlashIndex + 1);
 }
 
 // transform /path/to/file.ext to .ext
-export function extname(path) {
+export function extname(path: string): string {
   const lastSlashIndex = path.lastIndexOf('/');
   const lastPointIndex = path.lastIndexOf('.');
   if (lastSlashIndex > lastPointIndex) return '';
@@ -15,54 +16,54 @@ export function extname(path) {
 }
 
 // test whether a variable is an object
-export function isObject(obj) {
+export function isObject(obj: any): boolean {
   return Object.prototype.toString.call(obj) === '[object Object]';
 }
 
 // returns whether a dark theme is enabled
-export function isDarkTheme() {
+export function isDarkTheme(): boolean {
   const style = window.getComputedStyle(document.documentElement);
   return style.getPropertyValue('--is-dark-theme').trim().toLowerCase() === 'true';
 }
 
 // strip <tags> from a string
-export function stripTags(text) {
+export function stripTags(text: string): string {
   return text.replace(/<[^>]*>?/g, '');
 }
 
-export function parseIssueHref(href) {
+export function parseIssueHref(href: string): IssueData {
   const path = (href || '').replace(/[#?].*$/, '');
   const [_, owner, repo, type, index] = /([^/]+)\/([^/]+)\/(issues|pulls)\/([0-9]+)/.exec(path) || [];
   return {owner, repo, type, index};
 }
 
 // parse a URL, either relative '/path' or absolute 'https://localhost/path'
-export function parseUrl(str) {
+export function parseUrl(str: string): URL {
   return new URL(str, str.startsWith('http') ? undefined : window.location.origin);
 }
 
 // return current locale chosen by user
-export function getCurrentLocale() {
+export function getCurrentLocale(): string {
   return document.documentElement.lang;
 }
 
 // given a month (0-11), returns it in the documents language
-export function translateMonth(month) {
+export function translateMonth(month: number) {
   return new Date(Date.UTC(2022, month, 12)).toLocaleString(getCurrentLocale(), {month: 'short', timeZone: 'UTC'});
 }
 
 // given a weekday (0-6, Sunday to Saturday), returns it in the documents language
-export function translateDay(day) {
+export function translateDay(day: number) {
   return new Date(Date.UTC(2022, 7, day)).toLocaleString(getCurrentLocale(), {weekday: 'short', timeZone: 'UTC'});
 }
 
 // convert a Blob to a DataURI
-export function blobToDataURI(blob) {
+export function blobToDataURI(blob: Blob): Promise<string> {
   return new Promise((resolve, reject) => {
     try {
       const reader = new FileReader();
       reader.addEventListener('load', (e) => {
-        resolve(e.target.result);
+        resolve(e.target.result as string);
       });
       reader.addEventListener('error', () => {
         reject(new Error('FileReader failed'));
@@ -75,7 +76,7 @@ export function blobToDataURI(blob) {
 }
 
 // convert image Blob to another mime-type format.
-export function convertImage(blob, mime) {
+export function convertImage(blob: Blob, mime: string): Promise<Blob> {
   return new Promise(async (resolve, reject) => {
     try {
       const img = new Image();
@@ -104,7 +105,7 @@ export function convertImage(blob, mime) {
   });
 }
 
-export function toAbsoluteUrl(url) {
+export function toAbsoluteUrl(url: string): string {
   if (url.startsWith('http://') || url.startsWith('https://')) {
     return url;
   }
@@ -118,15 +119,15 @@ export function toAbsoluteUrl(url) {
 }
 
 // Encode an ArrayBuffer into a URLEncoded base64 string.
-export function encodeURLEncodedBase64(arrayBuffer) {
+export function encodeURLEncodedBase64(arrayBuffer: ArrayBuffer): string {
   return encode(arrayBuffer)
     .replace(/\+/g, '-')
     .replace(/\//g, '_')
     .replace(/=/g, '');
 }
 
-// Decode a URLEncoded base64 to an ArrayBuffer string.
-export function decodeURLEncodedBase64(base64url) {
+// Decode a URLEncoded base64 to an ArrayBuffer.
+export function decodeURLEncodedBase64(base64url: string): ArrayBuffer {
   return decode(base64url
     .replace(/_/g, '/')
     .replace(/-/g, '+'));
@@ -135,20 +136,22 @@ export function decodeURLEncodedBase64(base64url) {
 const domParser = new DOMParser();
 const xmlSerializer = new XMLSerializer();
 
-export function parseDom(text, contentType) {
+export function parseDom(text: string, contentType: DOMParserSupportedType): Document {
   return domParser.parseFromString(text, contentType);
 }
 
-export function serializeXml(node) {
+export function serializeXml(node: Element | Node): string {
   return xmlSerializer.serializeToString(node);
 }
 
-export const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+export function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
 
-export function isImageFile({name, type}) {
+export function isImageFile({name, type}: {name: string, type?: string}): boolean {
   return /\.(jpe?g|png|gif|webp|svg|heic)$/i.test(name || '') || type?.startsWith('image/');
 }
 
-export function isVideoFile({name, type}) {
+export function isVideoFile({name, type}: {name: string, type?: string}): boolean {
   return /\.(mpe?g|mp4|mkv|webm)$/i.test(name || '') || type?.startsWith('video/');
 }
diff --git a/web_src/js/utils/color.ts b/web_src/js/utils/color.ts
index 3ee32395fb3..a0409353d23 100644
--- a/web_src/js/utils/color.ts
+++ b/web_src/js/utils/color.ts
@@ -3,23 +3,23 @@ import type {ColorInput} from 'tinycolor2';
 
 // Returns relative luminance for a SRGB color - https://en.wikipedia.org/wiki/Relative_luminance
 // Keep this in sync with modules/util/color.go
-function getRelativeLuminance(color: ColorInput) {
+function getRelativeLuminance(color: ColorInput): number {
   const {r, g, b} = tinycolor(color).toRgb();
   return (0.2126729 * r + 0.7151522 * g + 0.072175 * b) / 255;
 }
 
-function useLightText(backgroundColor: ColorInput) {
+function useLightText(backgroundColor: ColorInput): boolean {
   return getRelativeLuminance(backgroundColor) < 0.453;
 }
 
 // Given a background color, returns a black or white foreground color that the highest
 // contrast ratio. In the future, the APCA contrast function, or CSS `contrast-color` will be better.
 // https://github.com/color-js/color.js/blob/eb7b53f7a13bb716ec8b28c7a56f052cd599acd9/src/contrast/APCA.js#L42
-export function contrastColor(backgroundColor: ColorInput) {
+export function contrastColor(backgroundColor: ColorInput): string {
   return useLightText(backgroundColor) ? '#fff' : '#000';
 }
 
-function resolveColors(obj: Record<string, string>) {
+function resolveColors(obj: Record<string, string>): Record<string, string> {
   const styles = window.getComputedStyle(document.documentElement);
   const getColor = (name: string) => styles.getPropertyValue(name).trim();
   return Object.fromEntries(Object.entries(obj).map(([key, value]) => [key, getColor(value)]));
diff --git a/web_src/js/utils/dom.ts b/web_src/js/utils/dom.ts
index 5fc21831949..7dd63ecbbf0 100644
--- a/web_src/js/utils/dom.ts
+++ b/web_src/js/utils/dom.ts
@@ -266,10 +266,8 @@ export function initSubmitEventPolyfill() {
 /**
  * Check if an element is visible, equivalent to jQuery's `:visible` pseudo.
  * Note: This function doesn't account for all possible visibility scenarios.
- * @param {HTMLElement} element The element to check.
- * @returns {boolean} True if the element is visible.
  */
-export function isElemVisible(element: HTMLElement) {
+export function isElemVisible(element: HTMLElement): boolean {
   if (!element) return false;
 
   return Boolean(element.offsetWidth || element.offsetHeight || element.getClientRects().length);
diff --git a/web_src/js/utils/image.ts b/web_src/js/utils/image.ts
index c71d7159412..558a63f22e7 100644
--- a/web_src/js/utils/image.ts
+++ b/web_src/js/utils/image.ts
@@ -1,6 +1,11 @@
-export async function pngChunks(blob) {
+type PngChunk = {
+  name: string,
+  data: Uint8Array,
+}
+
+export async function pngChunks(blob: Blob): Promise<PngChunk[]> {
   const uint8arr = new Uint8Array(await blob.arrayBuffer());
-  const chunks = [];
+  const chunks: PngChunk[] = [];
   if (uint8arr.length < 12) return chunks;
   const view = new DataView(uint8arr.buffer);
   if (view.getBigUint64(0) !== 9894494448401390090n) return chunks;
@@ -19,9 +24,14 @@ export async function pngChunks(blob) {
   return chunks;
 }
 
+type ImageInfo = {
+  width?: number,
+  dppx?: number,
+}
+
 // decode a image and try to obtain width and dppx. It will never throw but instead
 // return default values.
-export async function imageInfo(blob) {
+export async function imageInfo(blob: Blob): Promise<ImageInfo> {
   let width = 0, dppx = 1; // dppx: 1 dot per pixel for non-HiDPI screens
 
   if (blob.type === 'image/png') { // only png is supported currently
diff --git a/web_src/js/utils/match.ts b/web_src/js/utils/match.ts
index 17fdfed113e..0ce7e2b1a2a 100644
--- a/web_src/js/utils/match.ts
+++ b/web_src/js/utils/match.ts
@@ -2,17 +2,17 @@ import emojis from '../../../assets/emoji.json';
 
 const maxMatches = 6;
 
-function sortAndReduce(map) {
+function sortAndReduce(map: Map<string, number>) {
   const sortedMap = new Map(Array.from(map.entries()).sort((a, b) => a[1] - b[1]));
   return Array.from(sortedMap.keys()).slice(0, maxMatches);
 }
 
-export function matchEmoji(queryText) {
+export function matchEmoji(queryText: string): string[] {
   const query = queryText.toLowerCase().replaceAll('_', ' ');
   if (!query) return emojis.slice(0, maxMatches).map((e) => e.aliases[0]);
 
   // results is a map of weights, lower is better
-  const results = new Map();
+  const results = new Map<string, number>();
   for (const {aliases} of emojis) {
     const mainAlias = aliases[0];
     for (const [aliasIndex, alias] of aliases.entries()) {
@@ -27,7 +27,7 @@ export function matchEmoji(queryText) {
   return sortAndReduce(results);
 }
 
-export function matchMention(queryText) {
+export function matchMention(queryText: string): string[] {
   const query = queryText.toLowerCase();
 
   // results is a map of weights, lower is better
diff --git a/web_src/js/utils/time.ts b/web_src/js/utils/time.ts
index d3a986e736d..5251386230f 100644
--- a/web_src/js/utils/time.ts
+++ b/web_src/js/utils/time.ts
@@ -1,16 +1,17 @@
 import dayjs from 'dayjs';
 import utc from 'dayjs/plugin/utc.js';
 import {getCurrentLocale} from '../utils.ts';
+import type {ConfigType} from 'dayjs';
 
 dayjs.extend(utc);
 
 /**
  * Returns an array of millisecond-timestamps of start-of-week days (Sundays)
  *
- * @param startConfig The start date. Can take any type that `Date` accepts.
- * @param endConfig The end date. Can take any type that `Date` accepts.
+ * @param startDate The start date. Can take any type that dayjs accepts.
+ * @param endDate The end date. Can take any type that dayjs accepts.
  */
-export function startDaysBetween(startDate, endDate) {
+export function startDaysBetween(startDate: ConfigType, endDate: ConfigType): number[] {
   const start = dayjs.utc(startDate);
   const end = dayjs.utc(endDate);
 
@@ -21,7 +22,7 @@ export function startDaysBetween(startDate, endDate) {
     current = current.add(1, 'day');
   }
 
-  const startDays = [];
+  const startDays: number[] = [];
   while (current.isBefore(end)) {
     startDays.push(current.valueOf());
     current = current.add(1, 'week');
@@ -30,7 +31,7 @@ export function startDaysBetween(startDate, endDate) {
   return startDays;
 }
 
-export function firstStartDateAfterDate(inputDate) {
+export function firstStartDateAfterDate(inputDate: Date): number {
   if (!(inputDate instanceof Date)) {
     throw new Error('Invalid date');
   }
@@ -41,7 +42,14 @@ export function firstStartDateAfterDate(inputDate) {
   return resultDate.valueOf();
 }
 
-export function fillEmptyStartDaysWithZeroes(startDays, data) {
+type DayData = {
+  week: number,
+  additions: number,
+  deletions: number,
+  commits: number,
+}
+
+export function fillEmptyStartDaysWithZeroes(startDays: number[], data: DayData): DayData[] {
   const result = {};
 
   for (const startDay of startDays) {
@@ -51,11 +59,11 @@ export function fillEmptyStartDaysWithZeroes(startDays, data) {
   return Object.values(result);
 }
 
-let dateFormat;
+let dateFormat: Intl.DateTimeFormat;
 
 // format a Date object to document's locale, but with 24h format from user's current locale because this
 // option is a personal preference of the user, not something that the document's locale should dictate.
-export function formatDatetime(date) {
+export function formatDatetime(date: Date | number): string {
   if (!dateFormat) {
     // TODO: replace `hour12` with `Intl.Locale.prototype.getHourCycles` once there is broad browser support
     dateFormat = new Intl.DateTimeFormat(getCurrentLocale(), {
diff --git a/web_src/js/utils/url.ts b/web_src/js/utils/url.ts
index 470ece31b0e..c5a28774a9d 100644
--- a/web_src/js/utils/url.ts
+++ b/web_src/js/utils/url.ts
@@ -1,12 +1,12 @@
-export function pathEscapeSegments(s) {
+export function pathEscapeSegments(s: string): string {
   return s.split('/').map(encodeURIComponent).join('/');
 }
 
-function stripSlash(url) {
+function stripSlash(url: string): string {
   return url.endsWith('/') ? url.slice(0, -1) : url;
 }
 
-export function isUrl(url) {
+export function isUrl(url: string): boolean {
   try {
     return stripSlash((new URL(url).href)).trim() === stripSlash(url).trim();
   } catch {
diff --git a/web_src/js/vitest.setup.ts b/web_src/js/vitest.setup.ts
index 6fb0f5dc8f8..68e300f551b 100644
--- a/web_src/js/vitest.setup.ts
+++ b/web_src/js/vitest.setup.ts
@@ -1,10 +1,16 @@
 window.__webpack_public_path__ = '';
 
 window.config = {
+  appUrl: 'http://localhost:3000/',
+  appSubUrl: '',
+  assetVersionEncoded: '',
+  assetUrlPrefix: '',
+  runModeIsProd: true,
+  customEmojis: {},
   csrfToken: 'test-csrf-token-123456',
   pageData: {},
-  i18n: {},
-  appSubUrl: '',
+  notificationSettings: {},
+  enableTimeTracking: true,
   mentionValues: [
     {key: 'user1 User 1', value: 'user1', name: 'user1', fullname: 'User 1', avatar: 'https://avatar1.com'},
     {key: 'user2 User 2', value: 'user2', name: 'user2', fullname: 'User 2', avatar: 'https://avatar2.com'},
@@ -14,4 +20,6 @@ window.config = {
     {key: 'org6 User 6', value: 'org6', name: 'org6', fullname: 'User 6', avatar: 'https://avatar6.com'},
     {key: 'org7 User 7', value: 'org7', name: 'org7', fullname: 'User 7', avatar: 'https://avatar7.com'},
   ],
+  mermaidMaxSourceCharacters: 5000,
+  i18n: {},
 };

From bc0977f1c99fb2a61b885d6692179395d6cc12c2 Mon Sep 17 00:00:00 2001
From: Jason Song <i@wolfogre.com>
Date: Thu, 29 Aug 2024 11:48:21 +0800
Subject: [PATCH 031/129] Refactor globallock (#31933)

Follow #31908. The main refactor is that it has removed the returned
context of `Lock`.

The returned context of `Lock` in old code is to provide a way to let
callers know that they have lost the lock. But in most cases, callers
shouldn't cancel what they are doing even it has lost the lock. And the
design would confuse developers and make them use it incorrectly.

See the discussion history:
https://github.com/go-gitea/gitea/pull/31813#discussion_r1732041513 and
https://github.com/go-gitea/gitea/pull/31813#discussion_r1734078998

It's a breaking change, but since the new module hasn't been used yet, I
think it's OK to not add the `pr/breaking` label.

## Design principles

It's almost copied from #31908, but with some changes.

### Use spinlock even in memory implementation (unchanged)

In actual use cases, users may cancel requests. `sync.Mutex` will block
the goroutine until the lock is acquired even if the request is
canceled. And the spinlock is more suitable for this scenario since it's
possible to give up the lock acquisition.

Although the spinlock consumes more CPU resources, I think it's
acceptable in most cases.

### Do not expose the mutex to callers (unchanged)

If we expose the mutex to callers, it's possible for callers to reuse
the mutex, which causes more complexity.

For example:
```go
lock := GetLocker(key)
lock.Lock()
// ...
// even if the lock is unlocked, we cannot GC the lock,
// since the caller may still use it again.
lock.Unlock()
lock.Lock()
// ...
lock.Unlock()

// callers have to GC the lock manually.
RemoveLocker(key)
```

That's why
https://github.com/go-gitea/gitea/pull/31813#discussion_r1721200549

In this PR, we only expose `ReleaseFunc` to callers. So callers just
need to call `ReleaseFunc` to release the lock, and do not need to care
about the lock's lifecycle.
```go
release, err := locker.Lock(ctx, key)
if err != nil {
    return err
}
// ...
release()

// if callers want to lock again, they have to re-acquire the lock.
release, err := locker.Lock(ctx, key)
// ...
```

In this way, it's also much easier for redis implementation to extend
the mutex automatically, so that callers do not need to care about the
lock's lifecycle. See also
https://github.com/go-gitea/gitea/pull/31813#discussion_r1722659743

### Use "release" instead of "unlock" (unchanged)

For "unlock", it has the meaning of "unlock an acquired lock". So it's
not acceptable to call "unlock" when failed to acquire the lock, or call
"unlock" multiple times. It causes more complexity for callers to decide
whether to call "unlock" or not.

So we use "release" instead of "unlock" to make it clear. Whether the
lock is acquired or not, callers can always call "release", and it's
also safe to call "release" multiple times.

But the code DO NOT expect callers to not call "release" after acquiring
the lock. If callers forget to call "release", it will cause resource
leak. That's why it's always safe to call "release" without extra
checks: to avoid callers to forget to call it.

### Acquired locks could be lost, but the callers shouldn't stop

Unlike `sync.Mutex` which will be locked forever once acquired until
calling `Unlock`, for distributed lock, the acquired lock could be lost.

For example, the caller has acquired the lock, and it holds the lock for
a long time since auto-extending is working for redis. However, it lost
the connection to the redis server, and it's impossible to extend the
lock anymore.

In #31908, it will cancel the context to make the operation stop, but
it's not safe. Many operations are not revert-able. If they have been
interrupted, then the instance goes corrupted. So `Lock` won't return
`ctx` anymore in this PR.

### Multiple ways to use the lock

1. Regular way

```go
release, err := Lock(ctx, key)
if err != nil {
    return err
}
defer release()
// ...
```

2. Early release

```go
release, err := Lock(ctx, key)
if err != nil {
    return err
}
defer release()
// ...
// release the lock earlier
release()
// continue to do something else
// ...
```

3. Functional way

```go
if err := LockAndDo(ctx, key, func(ctx context.Context) error {
    // ...
    return nil
}); err != nil {
    return err
}
```
---
 modules/globallock/globallock.go    |  8 ++--
 modules/globallock/locker.go        | 30 ++-----------
 modules/globallock/locker_test.go   | 68 ++++++++---------------------
 modules/globallock/memory_locker.go | 27 +++---------
 modules/globallock/redis_locker.go  | 49 +++++++--------------
 5 files changed, 50 insertions(+), 132 deletions(-)

diff --git a/modules/globallock/globallock.go b/modules/globallock/globallock.go
index 707d169f05c..aa535577292 100644
--- a/modules/globallock/globallock.go
+++ b/modules/globallock/globallock.go
@@ -27,20 +27,20 @@ func DefaultLocker() Locker {
 
 // Lock tries to acquire a lock for the given key, it uses the default locker.
 // Read the documentation of Locker.Lock for more information about the behavior.
-func Lock(ctx context.Context, key string) (context.Context, ReleaseFunc, error) {
+func Lock(ctx context.Context, key string) (ReleaseFunc, error) {
 	return DefaultLocker().Lock(ctx, key)
 }
 
 // TryLock tries to acquire a lock for the given key, it uses the default locker.
 // Read the documentation of Locker.TryLock for more information about the behavior.
-func TryLock(ctx context.Context, key string) (bool, context.Context, ReleaseFunc, error) {
+func TryLock(ctx context.Context, key string) (bool, ReleaseFunc, error) {
 	return DefaultLocker().TryLock(ctx, key)
 }
 
 // LockAndDo tries to acquire a lock for the given key and then calls the given function.
 // It uses the default locker, and it will return an error if failed to acquire the lock.
 func LockAndDo(ctx context.Context, key string, f func(context.Context) error) error {
-	ctx, release, err := Lock(ctx, key)
+	release, err := Lock(ctx, key)
 	if err != nil {
 		return err
 	}
@@ -52,7 +52,7 @@ func LockAndDo(ctx context.Context, key string, f func(context.Context) error) e
 // TryLockAndDo tries to acquire a lock for the given key and then calls the given function.
 // It uses the default locker, and it will return false if failed to acquire the lock.
 func TryLockAndDo(ctx context.Context, key string, f func(context.Context) error) (bool, error) {
-	ok, ctx, release, err := TryLock(ctx, key)
+	ok, release, err := TryLock(ctx, key)
 	if err != nil {
 		return false, err
 	}
diff --git a/modules/globallock/locker.go b/modules/globallock/locker.go
index b0764cd71cd..682e24d052a 100644
--- a/modules/globallock/locker.go
+++ b/modules/globallock/locker.go
@@ -5,56 +5,34 @@ package globallock
 
 import (
 	"context"
-	"fmt"
 )
 
 type Locker interface {
 	// Lock tries to acquire a lock for the given key, it blocks until the lock is acquired or the context is canceled.
 	//
-	// Lock returns a new context which should be used in the following code.
-	// The new context will be canceled when the lock is released or lost - yes, it's possible to lose a lock.
-	// For example, it lost the connection to the redis server while holding the lock.
-	// If it fails to acquire the lock, the returned context will be the same as the input context.
-	//
 	// Lock returns a ReleaseFunc to release the lock, it cannot be nil.
 	// It's always safe to call this function even if it fails to acquire the lock, and it will do nothing in that case.
 	// And it's also safe to call it multiple times, but it will only release the lock once.
 	// That's why it's called ReleaseFunc, not UnlockFunc.
 	// But be aware that it's not safe to not call it at all; it could lead to a memory leak.
 	// So a recommended pattern is to use defer to call it:
-	//   ctx, release, err := locker.Lock(ctx, "key")
+	//   release, err := locker.Lock(ctx, "key")
 	//   if err != nil {
 	//     return err
 	//   }
 	//   defer release()
-	// The ReleaseFunc will return the original context which was used to acquire the lock.
-	// It's useful when you want to continue to do something after releasing the lock.
-	// At that time, the ctx will be canceled, and you can use the returned context by the ReleaseFunc to continue:
-	//   ctx, release, err := locker.Lock(ctx, "key")
-	//   if err != nil {
-	//     return err
-	//   }
-	//   defer release()
-	//   doSomething(ctx)
-	//   ctx = release()
-	//   doSomethingElse(ctx)
-	// Please ignore it and use `defer release()` instead if you don't need this, to avoid forgetting to release the lock.
 	//
 	// Lock returns an error if failed to acquire the lock.
 	// Be aware that even the context is not canceled, it's still possible to fail to acquire the lock.
 	// For example, redis is down, or it reached the maximum number of tries.
-	Lock(ctx context.Context, key string) (context.Context, ReleaseFunc, error)
+	Lock(ctx context.Context, key string) (ReleaseFunc, error)
 
 	// TryLock tries to acquire a lock for the given key, it returns immediately.
 	// It follows the same pattern as Lock, but it doesn't block.
 	// And if it fails to acquire the lock because it's already locked, not other reasons like redis is down,
 	// it will return false without any error.
-	TryLock(ctx context.Context, key string) (bool, context.Context, ReleaseFunc, error)
+	TryLock(ctx context.Context, key string) (bool, ReleaseFunc, error)
 }
 
 // ReleaseFunc is a function that releases a lock.
-// It returns the original context which was used to acquire the lock.
-type ReleaseFunc func() context.Context
-
-// ErrLockReleased is used as context cause when a lock is released
-var ErrLockReleased = fmt.Errorf("lock released")
+type ReleaseFunc func()
diff --git a/modules/globallock/locker_test.go b/modules/globallock/locker_test.go
index 15a3c65bb07..bee4d34b34f 100644
--- a/modules/globallock/locker_test.go
+++ b/modules/globallock/locker_test.go
@@ -47,27 +47,24 @@ func TestLocker(t *testing.T) {
 func testLocker(t *testing.T, locker Locker) {
 	t.Run("lock", func(t *testing.T) {
 		parentCtx := context.Background()
-		ctx, release, err := locker.Lock(parentCtx, "test")
+		release, err := locker.Lock(parentCtx, "test")
 		defer release()
 
-		assert.NotEqual(t, parentCtx, ctx) // new context should be returned
 		assert.NoError(t, err)
 
 		func() {
-			parentCtx, cancel := context.WithTimeout(context.Background(), time.Second)
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 			defer cancel()
-			ctx, release, err := locker.Lock(parentCtx, "test")
+			release, err := locker.Lock(ctx, "test")
 			defer release()
 
 			assert.Error(t, err)
-			assert.Equal(t, parentCtx, ctx) // should return the same context
 		}()
 
 		release()
-		assert.Error(t, ctx.Err())
 
 		func() {
-			_, release, err := locker.Lock(context.Background(), "test")
+			release, err := locker.Lock(context.Background(), "test")
 			defer release()
 
 			assert.NoError(t, err)
@@ -76,29 +73,26 @@ func testLocker(t *testing.T, locker Locker) {
 
 	t.Run("try lock", func(t *testing.T) {
 		parentCtx := context.Background()
-		ok, ctx, release, err := locker.TryLock(parentCtx, "test")
+		ok, release, err := locker.TryLock(parentCtx, "test")
 		defer release()
 
 		assert.True(t, ok)
-		assert.NotEqual(t, parentCtx, ctx) // new context should be returned
 		assert.NoError(t, err)
 
 		func() {
-			parentCtx, cancel := context.WithTimeout(context.Background(), time.Second)
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 			defer cancel()
-			ok, ctx, release, err := locker.TryLock(parentCtx, "test")
+			ok, release, err := locker.TryLock(ctx, "test")
 			defer release()
 
 			assert.False(t, ok)
 			assert.NoError(t, err)
-			assert.Equal(t, parentCtx, ctx) // should return the same context
 		}()
 
 		release()
-		assert.Error(t, ctx.Err())
 
 		func() {
-			ok, _, release, _ := locker.TryLock(context.Background(), "test")
+			ok, release, _ := locker.TryLock(context.Background(), "test")
 			defer release()
 
 			assert.True(t, ok)
@@ -107,7 +101,7 @@ func testLocker(t *testing.T, locker Locker) {
 
 	t.Run("wait and acquired", func(t *testing.T) {
 		ctx := context.Background()
-		_, release, err := locker.Lock(ctx, "test")
+		release, err := locker.Lock(ctx, "test")
 		require.NoError(t, err)
 
 		wg := &sync.WaitGroup{}
@@ -115,7 +109,7 @@ func testLocker(t *testing.T, locker Locker) {
 		go func() {
 			defer wg.Done()
 			started := time.Now()
-			_, release, err := locker.Lock(context.Background(), "test") // should be blocked for seconds
+			release, err := locker.Lock(context.Background(), "test") // should be blocked for seconds
 			defer release()
 			assert.Greater(t, time.Since(started), time.Second)
 			assert.NoError(t, err)
@@ -127,34 +121,15 @@ func testLocker(t *testing.T, locker Locker) {
 		wg.Wait()
 	})
 
-	t.Run("continue after release", func(t *testing.T) {
-		ctx := context.Background()
-
-		ctxBeforeLock := ctx
-		ctx, release, err := locker.Lock(ctx, "test")
-
-		require.NoError(t, err)
-		assert.NoError(t, ctx.Err())
-		assert.NotEqual(t, ctxBeforeLock, ctx)
-
-		ctxBeforeRelease := ctx
-		ctx = release()
-
-		assert.NoError(t, ctx.Err())
-		assert.Error(t, ctxBeforeRelease.Err())
-
-		// so it can continue with ctx to do more work
-	})
-
 	t.Run("multiple release", func(t *testing.T) {
 		ctx := context.Background()
 
-		_, release1, err := locker.Lock(ctx, "test")
+		release1, err := locker.Lock(ctx, "test")
 		require.NoError(t, err)
 
 		release1()
 
-		_, release2, err := locker.Lock(ctx, "test")
+		release2, err := locker.Lock(ctx, "test")
 		defer release2()
 		require.NoError(t, err)
 
@@ -163,7 +138,7 @@ func testLocker(t *testing.T, locker Locker) {
 		// and it shouldn't affect the other lock
 		release1()
 
-		ok, _, release3, err := locker.TryLock(ctx, "test")
+		ok, release3, err := locker.TryLock(ctx, "test")
 		defer release3()
 		require.NoError(t, err)
 		// It should be able to acquire the lock;
@@ -184,28 +159,23 @@ func testRedisLocker(t *testing.T, locker *redisLocker) {
 		// Otherwise, it will affect other tests.
 		t.Run("close", func(t *testing.T) {
 			assert.NoError(t, locker.Close())
-			_, _, err := locker.Lock(context.Background(), "test")
+			_, err := locker.Lock(context.Background(), "test")
 			assert.Error(t, err)
 		})
 	}()
 
 	t.Run("failed extend", func(t *testing.T) {
-		ctx, release, err := locker.Lock(context.Background(), "test")
+		release, err := locker.Lock(context.Background(), "test")
 		defer release()
 		require.NoError(t, err)
 
 		// It simulates that there are some problems with extending like network issues or redis server down.
 		v, ok := locker.mutexM.Load("test")
 		require.True(t, ok)
-		m := v.(*redisMutex)
-		_, _ = m.mutex.Unlock() // release it to make it impossible to extend
+		m := v.(*redsync.Mutex)
+		_, _ = m.Unlock() // release it to make it impossible to extend
 
-		select {
-		case <-time.After(redisLockExpiry + time.Second):
-			t.Errorf("lock should be expired")
-		case <-ctx.Done():
-			var errTaken *redsync.ErrTaken
-			assert.ErrorAs(t, context.Cause(ctx), &errTaken)
-		}
+		// In current design, callers can't know the lock can't be extended.
+		// Just keep this case to improve the test coverage.
 	})
 }
diff --git a/modules/globallock/memory_locker.go b/modules/globallock/memory_locker.go
index fb1fc79bd0b..3f818d8d439 100644
--- a/modules/globallock/memory_locker.go
+++ b/modules/globallock/memory_locker.go
@@ -19,18 +19,13 @@ func NewMemoryLocker() Locker {
 	return &memoryLocker{}
 }
 
-func (l *memoryLocker) Lock(ctx context.Context, key string) (context.Context, ReleaseFunc, error) {
-	originalCtx := ctx
-
+func (l *memoryLocker) Lock(ctx context.Context, key string) (ReleaseFunc, error) {
 	if l.tryLock(key) {
-		ctx, cancel := context.WithCancelCause(ctx)
 		releaseOnce := sync.Once{}
-		return ctx, func() context.Context {
+		return func() {
 			releaseOnce.Do(func() {
 				l.locks.Delete(key)
-				cancel(ErrLockReleased)
 			})
-			return originalCtx
 		}, nil
 	}
 
@@ -39,39 +34,31 @@ func (l *memoryLocker) Lock(ctx context.Context, key string) (context.Context, R
 	for {
 		select {
 		case <-ctx.Done():
-			return ctx, func() context.Context { return originalCtx }, ctx.Err()
+			return func() {}, ctx.Err()
 		case <-ticker.C:
 			if l.tryLock(key) {
-				ctx, cancel := context.WithCancelCause(ctx)
 				releaseOnce := sync.Once{}
-				return ctx, func() context.Context {
+				return func() {
 					releaseOnce.Do(func() {
 						l.locks.Delete(key)
-						cancel(ErrLockReleased)
 					})
-					return originalCtx
 				}, nil
 			}
 		}
 	}
 }
 
-func (l *memoryLocker) TryLock(ctx context.Context, key string) (bool, context.Context, ReleaseFunc, error) {
-	originalCtx := ctx
-
+func (l *memoryLocker) TryLock(_ context.Context, key string) (bool, ReleaseFunc, error) {
 	if l.tryLock(key) {
-		ctx, cancel := context.WithCancelCause(ctx)
 		releaseOnce := sync.Once{}
-		return true, ctx, func() context.Context {
+		return true, func() {
 			releaseOnce.Do(func() {
-				cancel(ErrLockReleased)
 				l.locks.Delete(key)
 			})
-			return originalCtx
 		}, nil
 	}
 
-	return false, ctx, func() context.Context { return originalCtx }, nil
+	return false, func() {}, nil
 }
 
 func (l *memoryLocker) tryLock(key string) bool {
diff --git a/modules/globallock/redis_locker.go b/modules/globallock/redis_locker.go
index 34b2fabfb39..34ed9e389b6 100644
--- a/modules/globallock/redis_locker.go
+++ b/modules/globallock/redis_locker.go
@@ -48,21 +48,21 @@ func NewRedisLocker(connection string) Locker {
 	return l
 }
 
-func (l *redisLocker) Lock(ctx context.Context, key string) (context.Context, ReleaseFunc, error) {
+func (l *redisLocker) Lock(ctx context.Context, key string) (ReleaseFunc, error) {
 	return l.lock(ctx, key, 0)
 }
 
-func (l *redisLocker) TryLock(ctx context.Context, key string) (bool, context.Context, ReleaseFunc, error) {
-	ctx, f, err := l.lock(ctx, key, 1)
+func (l *redisLocker) TryLock(ctx context.Context, key string) (bool, ReleaseFunc, error) {
+	f, err := l.lock(ctx, key, 1)
 
 	var (
 		errTaken     *redsync.ErrTaken
 		errNodeTaken *redsync.ErrNodeTaken
 	)
 	if errors.As(err, &errTaken) || errors.As(err, &errNodeTaken) {
-		return false, ctx, f, nil
+		return false, f, nil
 	}
-	return err == nil, ctx, f, err
+	return err == nil, f, err
 }
 
 // Close closes the locker.
@@ -76,18 +76,11 @@ func (l *redisLocker) Close() error {
 	return nil
 }
 
-type redisMutex struct {
-	mutex  *redsync.Mutex
-	cancel context.CancelCauseFunc
-}
-
-func (l *redisLocker) lock(ctx context.Context, key string, tries int) (context.Context, ReleaseFunc, error) {
+func (l *redisLocker) lock(ctx context.Context, key string, tries int) (ReleaseFunc, error) {
 	if l.closed.Load() {
-		return ctx, func() context.Context { return ctx }, fmt.Errorf("locker is closed")
+		return func() {}, fmt.Errorf("locker is closed")
 	}
 
-	originalCtx := ctx
-
 	options := []redsync.Option{
 		redsync.WithExpiry(redisLockExpiry),
 	}
@@ -96,18 +89,13 @@ func (l *redisLocker) lock(ctx context.Context, key string, tries int) (context.
 	}
 	mutex := l.rs.NewMutex(redisLockKeyPrefix+key, options...)
 	if err := mutex.LockContext(ctx); err != nil {
-		return ctx, func() context.Context { return originalCtx }, err
+		return func() {}, err
 	}
 
-	ctx, cancel := context.WithCancelCause(ctx)
-
-	l.mutexM.Store(key, &redisMutex{
-		mutex:  mutex,
-		cancel: cancel,
-	})
+	l.mutexM.Store(key, mutex)
 
 	releaseOnce := sync.Once{}
-	return ctx, func() context.Context {
+	return func() {
 		releaseOnce.Do(func() {
 			l.mutexM.Delete(key)
 
@@ -115,10 +103,7 @@ func (l *redisLocker) lock(ctx context.Context, key string, tries int) (context.
 			// if it failed to unlock, it will be released automatically after the lock expires.
 			// Do not call mutex.UnlockContext(ctx) here, or it will fail to release when ctx has timed out.
 			_, _ = mutex.Unlock()
-
-			cancel(ErrLockReleased)
 		})
-		return originalCtx
 	}, nil
 }
 
@@ -128,16 +113,15 @@ func (l *redisLocker) startExtend() {
 		return
 	}
 
-	toExtend := make([]*redisMutex, 0)
+	toExtend := make([]*redsync.Mutex, 0)
 	l.mutexM.Range(func(_, value any) bool {
-		m := value.(*redisMutex)
+		m := value.(*redsync.Mutex)
 
 		// Extend the lock if it is not expired.
 		// Although the mutex will be removed from the map before it is released,
 		// it still can be expired because of a failed extension.
-		// If it happens, the cancel function should have been called,
-		// so it does not need to be extended anymore.
-		if time.Now().After(m.mutex.Until()) {
+		// If it happens, it does not need to be extended anymore.
+		if time.Now().After(m.Until()) {
 			return true
 		}
 
@@ -145,9 +129,8 @@ func (l *redisLocker) startExtend() {
 		return true
 	})
 	for _, v := range toExtend {
-		if ok, err := v.mutex.Extend(); !ok {
-			v.cancel(err)
-		}
+		// If it failed to extend, it will be released automatically after the lock expires.
+		_, _ = v.Extend()
 	}
 
 	time.AfterFunc(redisLockExpiry/2, l.startExtend)

From fcac28c878b0e9539e4d68f3a496e9d5b26bd285 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 29 Aug 2024 12:54:38 +0800
Subject: [PATCH 032/129] Upgrade micromatch to 4.0.8 (#31939)

---
 package-lock.json | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d469cc924c7..737dbd12b02 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8804,10 +8804,9 @@
       }
     },
     "node_modules/micromatch": {
-      "version": "4.0.7",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz",
-      "integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==",
-      "license": "MIT",
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
       "dependencies": {
         "braces": "^3.0.3",
         "picomatch": "^2.3.1"

From 06c67c6d5a91176fe4b87fc884c96afc7c3597fa Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 29 Aug 2024 21:26:25 +0800
Subject: [PATCH 033/129] Fix search team (#31923)

Fix #20658
---
 routers/web/web.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/routers/web/web.go b/routers/web/web.go
index 98b4252cb9b..41b019e4b59 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -883,10 +883,15 @@ func registerRoutes(m *web.Router) {
 			m.Post("/teams/{team}/action/repo/{action}", org.TeamsRepoAction)
 		}, context.OrgAssignment(true, false, true))
 
+		// require admin permission
+		m.Group("/{org}", func() {
+			m.Get("/teams/-/search", org.SearchTeam)
+		}, context.OrgAssignment(true, false, false, true))
+
+		// require owner permission
 		m.Group("/{org}", func() {
 			m.Get("/teams/new", org.NewTeam)
 			m.Post("/teams/new", web.Bind(forms.CreateTeamForm{}), org.NewTeamPost)
-			m.Get("/teams/-/search", org.SearchTeam)
 			m.Get("/teams/{team}/edit", org.EditTeam)
 			m.Post("/teams/{team}/edit", web.Bind(forms.CreateTeamForm{}), org.EditTeamPost)
 			m.Post("/teams/{team}/delete", org.DeleteTeam)

From f46e7eae939e63b570ab39eaa3f570810d8193f0 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Thu, 29 Aug 2024 16:51:51 +0200
Subject: [PATCH 034/129] Update JS and PY dependencies (#31940)

- `stylelint` is excluded because of deprecation warnings added in
16.8.2, depending on
https://github.com/AndyOGo/stylelint-declaration-strict-value/issues/379
- `eslint-plugin-sonarjs@2` adds a lot of new rules, but I have not
gotten around to reviewing them yet, so rule config is unchanged.
- Fixes https://github.com/go-gitea/gitea/security/dependabot/70
- Tested code editor and contributor graph
---
 package-lock.json | 4125 ++++++++++++++++++++++++++++++++++++++++-----
 package.json      |   48 +-
 poetry.lock       |   10 +-
 pyproject.toml    |    2 +-
 4 files changed, 3738 insertions(+), 447 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 737dbd12b02..e0e83b60ec2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -18,12 +18,12 @@
         "add-asset-webpack-plugin": "3.0.0",
         "ansi_up": "6.0.2",
         "asciinema-player": "3.8.0",
-        "chart.js": "4.4.3",
+        "chart.js": "4.4.4",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.0.1",
         "clippie": "4.1.3",
         "css-loader": "7.1.2",
-        "dayjs": "1.11.12",
+        "dayjs": "1.11.13",
         "dropzone": "6.0.0-beta.2",
         "easymde": "2.18.0",
         "esbuild-loader": "4.2.2",
@@ -35,17 +35,17 @@
         "katex": "0.16.11",
         "license-checker-webpack-plugin": "0.2.1",
         "mermaid": "11.0.2",
-        "mini-css-extract-plugin": "2.9.0",
+        "mini-css-extract-plugin": "2.9.1",
         "minimatch": "10.0.1",
-        "monaco-editor": "0.50.0",
+        "monaco-editor": "0.51.0",
         "monaco-editor-webpack-plugin": "7.1.0",
         "pdfobject": "2.3.0",
-        "postcss": "8.4.40",
+        "postcss": "8.4.41",
         "postcss-loader": "8.1.1",
-        "postcss-nesting": "12.1.5",
+        "postcss-nesting": "13.0.0",
         "sortablejs": "1.15.2",
         "swagger-ui-dist": "5.17.14",
-        "tailwindcss": "3.4.7",
+        "tailwindcss": "3.4.10",
         "temporal-polyfill": "0.2.5",
         "throttle-debounce": "5.0.2",
         "tinycolor2": "1.6.0",
@@ -55,20 +55,20 @@
         "typescript": "5.5.4",
         "uint8-to-base64": "0.2.0",
         "vanilla-colorful": "0.7.2",
-        "vue": "3.4.35",
+        "vue": "3.4.38",
         "vue-bar-graph": "2.1.0",
         "vue-chartjs": "5.3.1",
         "vue-loader": "17.4.2",
-        "webpack": "5.93.0",
+        "webpack": "5.94.0",
         "webpack-cli": "5.1.4",
         "wrap-ansi": "9.0.0"
       },
       "devDependencies": {
-        "@eslint-community/eslint-plugin-eslint-comments": "4.3.0",
-        "@playwright/test": "1.45.3",
+        "@eslint-community/eslint-plugin-eslint-comments": "4.4.0",
+        "@playwright/test": "1.46.1",
         "@stoplight/spectral-cli": "6.11.1",
-        "@stylistic/eslint-plugin-js": "2.6.1",
-        "@stylistic/stylelint-plugin": "3.0.0",
+        "@stylistic/eslint-plugin-js": "2.6.5",
+        "@stylistic/stylelint-plugin": "3.0.1",
         "@types/dropzone": "5.7.8",
         "@types/jquery": "3.5.30",
         "@types/katex": "0.16.7",
@@ -79,11 +79,11 @@
         "@types/throttle-debounce": "5.0.2",
         "@types/tinycolor2": "1.4.6",
         "@types/toastify-js": "1.12.3",
-        "@typescript-eslint/eslint-plugin": "8.0.0",
-        "@typescript-eslint/parser": "8.0.0",
+        "@typescript-eslint/eslint-plugin": "8.3.0",
+        "@typescript-eslint/parser": "8.3.0",
         "@vitejs/plugin-vue": "5.1.2",
         "eslint": "8.57.0",
-        "eslint-import-resolver-typescript": "3.6.1",
+        "eslint-import-resolver-typescript": "3.6.3",
         "eslint-plugin-array-func": "4.0.0",
         "eslint-plugin-deprecation": "3.0.0",
         "eslint-plugin-github": "5.0.1",
@@ -92,14 +92,14 @@
         "eslint-plugin-no-use-extend-native": "0.5.0",
         "eslint-plugin-playwright": "1.6.2",
         "eslint-plugin-regexp": "2.6.0",
-        "eslint-plugin-sonarjs": "1.0.4",
+        "eslint-plugin-sonarjs": "2.0.1",
         "eslint-plugin-unicorn": "55.0.0",
         "eslint-plugin-vitest": "0.4.1",
         "eslint-plugin-vitest-globals": "1.5.0",
         "eslint-plugin-vue": "9.27.0",
         "eslint-plugin-vue-scoped-css": "2.8.1",
-        "eslint-plugin-wc": "2.1.0",
-        "happy-dom": "14.12.3",
+        "eslint-plugin-wc": "2.1.1",
+        "happy-dom": "15.3.1",
         "markdownlint-cli": "0.41.0",
         "nolyfill": "1.0.39",
         "postcss-html": "1.7.0",
@@ -108,8 +108,8 @@
         "stylelint-declaration-strict-value": "1.10.6",
         "stylelint-value-no-unknown-custom-properties": "6.0.1",
         "svgo": "3.3.2",
-        "type-fest": "4.23.0",
-        "updates": "16.3.7",
+        "type-fest": "4.26.0",
+        "updates": "16.4.0",
         "vite-string-plugin": "1.3.4",
         "vitest": "2.0.5"
       },
@@ -166,6 +166,377 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@babel/compat-data": {
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.25.4.tgz",
+      "integrity": "sha512-+LGRog6RAsCJrrrg/IO6LGmpphNe5DiK30dGjCoxxeGv49B10/3XYGxPsAwrDlMFcFEvdAUavDT8r9k/hSyQqQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/core": {
+      "version": "7.24.3",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.24.3.tgz",
+      "integrity": "sha512-5FcvN1JHw2sHJChotgx8Ek0lyuh4kCKelgMTTqhYJJtloNvUfpAFMeNQUtdlIaktwrSV9LtCdqwk48wL2wBacQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@ampproject/remapping": "^2.2.0",
+        "@babel/code-frame": "^7.24.2",
+        "@babel/generator": "^7.24.1",
+        "@babel/helper-compilation-targets": "^7.23.6",
+        "@babel/helper-module-transforms": "^7.23.3",
+        "@babel/helpers": "^7.24.1",
+        "@babel/parser": "^7.24.1",
+        "@babel/template": "^7.24.0",
+        "@babel/traverse": "^7.24.1",
+        "@babel/types": "^7.24.0",
+        "convert-source-map": "^2.0.0",
+        "debug": "^4.1.0",
+        "gensync": "^1.0.0-beta.2",
+        "json5": "^2.2.3",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/babel"
+      }
+    },
+    "node_modules/@babel/core/node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/eslint-parser": {
+      "version": "7.24.1",
+      "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz",
+      "integrity": "sha512-d5guuzMlPeDfZIbpQ8+g1NaCNuAGBBGNECh0HVqz1sjOeVLh2CEaifuOysCH18URW6R7pqXINvf5PaR/dC6jLQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nicolo-ribaudo/eslint-scope-5-internals": "5.1.1-v1",
+        "eslint-visitor-keys": "^2.1.0",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || >=14.0.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.11.0",
+        "eslint": "^7.5.0 || ^8.0.0"
+      }
+    },
+    "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz",
+      "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@babel/eslint-parser/node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/generator": {
+      "version": "7.25.5",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.25.5.tgz",
+      "integrity": "sha512-abd43wyLfbWoxC6ahM8xTkqLpGB2iWBVyuKC9/srhFunCd1SDNrV1s72bBpK4hLj8KLzHBBcOblvLQZBNw9r3w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.25.4",
+        "@jridgewell/gen-mapping": "^0.3.5",
+        "@jridgewell/trace-mapping": "^0.3.25",
+        "jsesc": "^2.5.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-annotate-as-pure": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.24.7.tgz",
+      "integrity": "sha512-BaDeOonYvhdKw+JoMVkAixAAJzG2jVPIwWoKBPdYuY9b452e2rPuI9QPYh3KpofZ3pW2akOmwZLOiOsHMiqRAg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-builder-binary-assignment-operator-visitor": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.24.7.tgz",
+      "integrity": "sha512-xZeCVVdwb4MsDBkkyZ64tReWYrLRHlMN72vP7Bdm3OUOuyFZExhsHUUnuWnm2/XOlAJzR0LfPpB56WXZn0X/lA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/traverse": "^7.24.7",
+        "@babel/types": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-compilation-targets": {
+      "version": "7.25.2",
+      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.25.2.tgz",
+      "integrity": "sha512-U2U5LsSaZ7TAt3cfaymQ8WHh0pxvdHoEk6HVpaexxixjyEquMh0L0YNJNM6CTGKMXV1iksi0iZkGw4AcFkPaaw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/compat-data": "^7.25.2",
+        "@babel/helper-validator-option": "^7.24.8",
+        "browserslist": "^4.23.1",
+        "lru-cache": "^5.1.1",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-compilation-targets/node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/helper-create-class-features-plugin": {
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.25.4.tgz",
+      "integrity": "sha512-ro/bFs3/84MDgDmMwbcHgDa8/E6J3QKNTk4xJJnVeFtGE+tL0K26E3pNxhYz2b67fJpt7Aphw5XcploKXuCvCQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.24.7",
+        "@babel/helper-member-expression-to-functions": "^7.24.8",
+        "@babel/helper-optimise-call-expression": "^7.24.7",
+        "@babel/helper-replace-supers": "^7.25.0",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7",
+        "@babel/traverse": "^7.25.4",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-create-class-features-plugin/node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/helper-create-regexp-features-plugin": {
+      "version": "7.25.2",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.25.2.tgz",
+      "integrity": "sha512-+wqVGP+DFmqwFD3EH6TMTfUNeqDehV3E/dl+Sd54eaXqm17tEUNbEIn4sVivVowbvUpOtIGxdo3GoXyDH9N/9g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.24.7",
+        "regexpu-core": "^5.3.1",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-create-regexp-features-plugin/node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/helper-define-polyfill-provider": {
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.6.2.tgz",
+      "integrity": "sha512-LV76g+C502biUK6AyZ3LK10vDpDyCzZnhZFXkH1L75zHPj68+qc8Zfpx2th+gzwA2MzyK+1g/3EPl62yFnVttQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-compilation-targets": "^7.22.6",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "debug": "^4.1.1",
+        "lodash.debounce": "^4.0.8",
+        "resolve": "^1.14.2"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0"
+      }
+    },
+    "node_modules/@babel/helper-member-expression-to-functions": {
+      "version": "7.24.8",
+      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.24.8.tgz",
+      "integrity": "sha512-LABppdt+Lp/RlBxqrh4qgf1oEH/WxdzQNDJIu5gC/W1GyvPVrOBiItmmM8wan2fm4oYqFuFfkXmlGpLQhPY8CA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/traverse": "^7.24.8",
+        "@babel/types": "^7.24.8"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-module-imports": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.7.tgz",
+      "integrity": "sha512-8AyH3C+74cgCVVXow/myrynrAGv+nTVg5vKu2nZph9x7RcRwzmh0VFallJuFTZ9mx6u4eSdXZfcOzSqTUm0HCA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/traverse": "^7.24.7",
+        "@babel/types": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-module-transforms": {
+      "version": "7.25.2",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.25.2.tgz",
+      "integrity": "sha512-BjyRAbix6j/wv83ftcVJmBt72QtHI56C7JXZoG2xATiLpmoC7dpd8WnkikExHDVPpi/3qCmO6WY1EaXOluiecQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-module-imports": "^7.24.7",
+        "@babel/helper-simple-access": "^7.24.7",
+        "@babel/helper-validator-identifier": "^7.24.7",
+        "@babel/traverse": "^7.25.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-optimise-call-expression": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.24.7.tgz",
+      "integrity": "sha512-jKiTsW2xmWwxT1ixIdfXUZp+P5yURx2suzLZr5Hi64rURpDYdMW0pv+Uf17EYk2Rd428Lx4tLsnjGJzYKDM/6A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-plugin-utils": {
+      "version": "7.24.8",
+      "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.8.tgz",
+      "integrity": "sha512-FFWx5142D8h2Mgr/iPVGH5G7w6jDn4jUSpZTyDnQO0Yn7Ks2Kuz6Pci8H6MPCoUJegd/UZQ3tAvfLCxQSnWWwg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-remap-async-to-generator": {
+      "version": "7.25.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.25.0.tgz",
+      "integrity": "sha512-NhavI2eWEIz/H9dbrG0TuOicDhNexze43i5z7lEqwYm0WEZVTwnPpA0EafUTP7+6/W79HWIP2cTe3Z5NiSTVpw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.24.7",
+        "@babel/helper-wrap-function": "^7.25.0",
+        "@babel/traverse": "^7.25.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-replace-supers": {
+      "version": "7.25.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.25.0.tgz",
+      "integrity": "sha512-q688zIvQVYtZu+i2PsdIu/uWGRpfxzr5WESsfpShfZECkO+d2o+WROWezCi/Q6kJ0tfPa5+pUGUlfx2HhrA3Bg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-member-expression-to-functions": "^7.24.8",
+        "@babel/helper-optimise-call-expression": "^7.24.7",
+        "@babel/traverse": "^7.25.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-simple-access": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.24.7.tgz",
+      "integrity": "sha512-zBAIvbCMh5Ts+b86r/CjU+4XGYIs+R1j951gxI3KmmxBMhCg4oQMsv6ZXQ64XOm/cvzfU1FmoCyt6+owc5QMYg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/traverse": "^7.24.7",
+        "@babel/types": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-skip-transparent-expression-wrappers": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.24.7.tgz",
+      "integrity": "sha512-IO+DLT3LQUElMbpzlatRASEyQtfhSE0+m465v++3jyyXeBTBUjtVZg28/gHeV5mrTJqvEKhKroBGAvhW+qPHiQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/traverse": "^7.24.7",
+        "@babel/types": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
     "node_modules/@babel/helper-string-parser": {
       "version": "7.24.8",
       "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.8.tgz",
@@ -184,6 +555,45 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@babel/helper-validator-option": {
+      "version": "7.24.8",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.24.8.tgz",
+      "integrity": "sha512-xb8t9tD1MHLungh/AIoWYN+gVHaB9kwlu8gffXGSt3FFEIT7RjS+xWbc2vUD1UTZdIpKj/ab3rdqJ7ufngyi2Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-wrap-function": {
+      "version": "7.25.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.25.0.tgz",
+      "integrity": "sha512-s6Q1ebqutSiZnEjaofc/UKDyC4SbzV5n5SrA2Gq8UawLycr3i04f1dX4OzoQVnexm6aOCh37SQNYlJ/8Ku+PMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/template": "^7.25.0",
+        "@babel/traverse": "^7.25.0",
+        "@babel/types": "^7.25.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helpers": {
+      "version": "7.25.0",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.25.0.tgz",
+      "integrity": "sha512-MjgLZ42aCm0oGjJj8CtSM3DB8NOOf8h2l7DCTePJs29u+v7yO/RBX9nShlKMgFnRks/Q4tBAe7Hxnov9VkGwLw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/template": "^7.25.0",
+        "@babel/types": "^7.25.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
     "node_modules/@babel/highlight": {
       "version": "7.24.7",
       "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.7.tgz",
@@ -258,12 +668,6 @@
         "node": ">=4"
       }
     },
-    "node_modules/@babel/highlight/node_modules/js-tokens": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
-      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
-      "license": "MIT"
-    },
     "node_modules/@babel/highlight/node_modules/supports-color": {
       "version": "5.5.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
@@ -277,12 +681,12 @@
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.25.3",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.25.3.tgz",
-      "integrity": "sha512-iLTJKDbJ4hMvFPgQwwsVoxtHyWpKKPBrxkANrSYewDPaPpT5py5yeVkgPIJ7XYXhndxJpaA3PyALSXQ7u8e/Dw==",
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.25.4.tgz",
+      "integrity": "sha512-nq+eWrOgdtu3jG5Os4TQP3x3cLA8hR8TvJNjD8vnPa20WGycimcparWnLK4jJhElTK6SDyuJo1weMKO/5LpmLA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.25.2"
+        "@babel/types": "^7.25.4"
       },
       "bin": {
         "parser": "bin/babel-parser.js"
@@ -291,10 +695,1472 @@
         "node": ">=6.0.0"
       }
     },
-    "node_modules/@babel/runtime": {
+    "node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": {
       "version": "7.25.0",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.0.tgz",
-      "integrity": "sha512-7dRy4DwXwtzBrPbZflqxnvfxLF8kdZXPkhymtDeFoFqE6ldzjQFgYTtYIFARcLEYDrqfBfYcZt1WqFxRoyC9Rw==",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.25.0.tgz",
+      "integrity": "sha512-lXwdNZtTmeVOOFtwM/WDe7yg1PL8sYhRk/XH0FzbR2HDQ0xC+EnQ/JHeoMYSavtU115tnUk0q9CDyq8si+LMAA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.8"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.24.7.tgz",
+      "integrity": "sha512-+izXIbke1T33mY4MSNnrqhPXDz01WYhEf3yF5NbnUtkiNnm+XBZJl3kNfoK6NKmYlz/D07+l2GWVK/QfDkNCuQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7",
+        "@babel/plugin-transform-optional-chaining": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.13.0"
+      }
+    },
+    "node_modules/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": {
+      "version": "7.25.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.25.0.tgz",
+      "integrity": "sha512-tggFrk1AIShG/RUQbEwt2Tr/E+ObkfwrPjR6BjbRvsx24+PSjK8zrq0GWPNCjo8qpRx4DuJzlcvWJqlm+0h3kw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.8",
+        "@babel/traverse": "^7.25.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-decorators": {
+      "version": "7.24.1",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.24.1.tgz",
+      "integrity": "sha512-zPEvzFijn+hRvJuX2Vu3KbEBN39LN3f7tW3MQO2LsIs57B26KU+kUc82BdAktS1VCM6libzh45eKGI65lg0cpA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-class-features-plugin": "^7.24.1",
+        "@babel/helper-plugin-utils": "^7.24.0",
+        "@babel/plugin-syntax-decorators": "^7.24.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-private-property-in-object": {
+      "version": "7.21.0-placeholder-for-preset-env.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz",
+      "integrity": "sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-async-generators": {
+      "version": "7.8.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz",
+      "integrity": "sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-class-properties": {
+      "version": "7.12.13",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz",
+      "integrity": "sha512-fm4idjKla0YahUNgFNLCB0qySdsoPiZP3iQE3rky0mBUtMZ23yDJ9SJdg6dXTSDnulOVqiF3Hgr9nbXvXTQZYA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.12.13"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-class-static-block": {
+      "version": "7.14.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-static-block/-/plugin-syntax-class-static-block-7.14.5.tgz",
+      "integrity": "sha512-b+YyPmr6ldyNnM6sqYeMWE+bgJcJpO6yS4QD7ymxgH34GBPNDM/THBh8iunyvKIZztiwLH4CJZ0RxTk9emgpjw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-decorators": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-decorators/-/plugin-syntax-decorators-7.24.7.tgz",
+      "integrity": "sha512-Ui4uLJJrRV1lb38zg1yYTmRKmiZLiftDEvZN2iq3kd9kUFU+PttmzTbAFC2ucRk/XJmtek6G23gPsuZbhrT8fQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-dynamic-import": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.8.3.tgz",
+      "integrity": "sha512-5gdGbFon+PszYzqs83S3E5mpi7/y/8M9eC90MRTZfduQOYW76ig6SOSPNe41IG5LoP3FGBn2N0RjVDSQiS94kQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-export-namespace-from": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-export-namespace-from/-/plugin-syntax-export-namespace-from-7.8.3.tgz",
+      "integrity": "sha512-MXf5laXo6c1IbEbegDmzGPwGNTsHZmEy6QGznu5Sh2UCWvueywb2ee+CCE4zQiZstxU9BMoQO9i6zUFSY0Kj0Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.3"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-flow": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-flow/-/plugin-syntax-flow-7.24.7.tgz",
+      "integrity": "sha512-9G8GYT/dxn/D1IIKOUBmGX0mnmj46mGH9NnZyJLwtCpgh5f7D2VbuKodb+2s9m1Yavh1s7ASQN8lf0eqrb1LTw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-import-assertions": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.24.7.tgz",
+      "integrity": "sha512-Ec3NRUMoi8gskrkBe3fNmEQfxDvY8bgfQpz6jlk/41kX9eUjvpyqWU7PBP/pLAvMaSQjbMNKJmvX57jP+M6bPg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-import-attributes": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.24.7.tgz",
+      "integrity": "sha512-hbX+lKKeUMGihnK8nvKqmXBInriT3GVjzXKFriV3YC6APGxMbP8RZNFwy91+hocLXq90Mta+HshoB31802bb8A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-import-meta": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz",
+      "integrity": "sha512-Yqfm+XDx0+Prh3VSeEQCPU81yC+JWZ2pDPFSS4ZdpfZhp4MkFMaDC1UqseovEKwSUpnIL7+vK+Clp7bfh0iD7g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.10.4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-json-strings": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz",
+      "integrity": "sha512-lY6kdGpWHvjoe2vk4WrAapEuBR69EMxZl+RoGRhrFGNYVK8mOPAW8VfbT/ZgrFbXlDNiiaxQnAtgVCZ6jv30EA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-jsx": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.7.tgz",
+      "integrity": "sha512-6ddciUPe/mpMnOKv/U+RSd2vvVy+Yw/JfBB0ZHYjEZt9NLHmCUylNYlsbqCCS1Bffjlb0fCwC9Vqz+sBz6PsiQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-logical-assignment-operators": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz",
+      "integrity": "sha512-d8waShlpFDinQ5MtvGU9xDAOzKH47+FFoney2baFIoMr952hKOLp1HR7VszoZvOsV/4+RRszNY7D17ba0te0ig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.10.4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-nullish-coalescing-operator": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz",
+      "integrity": "sha512-aSff4zPII1u2QD7y+F8oDsz19ew4IGEJg9SVW+bqwpwtfFleiQDMdzA/R+UlWDzfnHFCxxleFT0PMIrR36XLNQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-numeric-separator": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz",
+      "integrity": "sha512-9H6YdfkcK/uOnY/K7/aA2xpzaAgkQn37yzWUMRK7OaPOqOpGS1+n0H5hxT9AUw9EsSjPW8SVyMJwYRtWs3X3ug==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.10.4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-object-rest-spread": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz",
+      "integrity": "sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-optional-catch-binding": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz",
+      "integrity": "sha512-6VPD0Pc1lpTqw0aKoeRTMiB+kWhAoT24PA+ksWSBrFtl5SIRVpZlwN3NNPQjehA2E/91FV3RjLWoVTglWcSV3Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-optional-chaining": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz",
+      "integrity": "sha512-KoK9ErH1MBlCPxV0VANkXW2/dw4vlbGDrFgz8bmUsBGYkFRcbRwMh6cIJubdPrkxRwuGdtCk0v/wPTKbQgBjkg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-private-property-in-object": {
+      "version": "7.14.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-private-property-in-object/-/plugin-syntax-private-property-in-object-7.14.5.tgz",
+      "integrity": "sha512-0wVnp9dxJ72ZUJDV27ZfbSj6iHLoytYZmh3rFcxNnvsJF3ktkzLDZPy/mA17HGsaQT3/DQsWYX1f1QGWkCoVUg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-top-level-await": {
+      "version": "7.14.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz",
+      "integrity": "sha512-hx++upLv5U1rgYfwe1xBQUhRmU41NEvpUvrp8jkrSCdvGSnM5/qdRMtylJ6PG5OFkBaHkbTAKTnd3/YyESRHFw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-unicode-sets-regex": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz",
+      "integrity": "sha512-727YkEAPwSIQTv5im8QHz3upqp92JTWhidIC81Tdx4VJYIte/VndKf1qKrfnnhPLiPghStWfvC/iFaMCQu7Nqg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-arrow-functions": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.24.7.tgz",
+      "integrity": "sha512-Dt9LQs6iEY++gXUwY03DNFat5C2NbO48jj+j/bSAz6b3HgPs39qcPiYt77fDObIcFwj3/C2ICX9YMwGflUoSHQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-async-generator-functions": {
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.25.4.tgz",
+      "integrity": "sha512-jz8cV2XDDTqjKPwVPJBIjORVEmSGYhdRa8e5k5+vN+uwcjSrSxUaebBRa4ko1jqNF2uxyg8G6XYk30Jv285xzg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.8",
+        "@babel/helper-remap-async-to-generator": "^7.25.0",
+        "@babel/plugin-syntax-async-generators": "^7.8.4",
+        "@babel/traverse": "^7.25.4"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-async-to-generator": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.24.7.tgz",
+      "integrity": "sha512-SQY01PcJfmQ+4Ash7NE+rpbLFbmqA2GPIgqzxfFTL4t1FKRq4zTms/7htKpoCUI9OcFYgzqfmCdH53s6/jn5fA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-module-imports": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/helper-remap-async-to-generator": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-block-scoped-functions": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.24.7.tgz",
+      "integrity": "sha512-yO7RAz6EsVQDaBH18IDJcMB1HnrUn2FJ/Jslc/WtPPWcjhpUJXU/rjbwmluzp7v/ZzWcEhTMXELnnsz8djWDwQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-block-scoping": {
+      "version": "7.25.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.25.0.tgz",
+      "integrity": "sha512-yBQjYoOjXlFv9nlXb3f1casSHOZkWr29NX+zChVanLg5Nc157CrbEX9D7hxxtTpuFy7Q0YzmmWfJxzvps4kXrQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.8"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-class-properties": {
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.25.4.tgz",
+      "integrity": "sha512-nZeZHyCWPfjkdU5pA/uHiTaDAFUEqkpzf1YoQT2NeSynCGYq9rxfyI3XpQbfx/a0hSnFH6TGlEXvae5Vi7GD8g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-class-features-plugin": "^7.25.4",
+        "@babel/helper-plugin-utils": "^7.24.8"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-class-static-block": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.24.7.tgz",
+      "integrity": "sha512-HMXK3WbBPpZQufbMG4B46A90PkuuhN9vBCb5T8+VAHqvAqvcLi+2cKoukcpmUYkszLhScU3l1iudhrks3DggRQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-class-features-plugin": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-class-static-block": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.12.0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-classes": {
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.25.4.tgz",
+      "integrity": "sha512-oexUfaQle2pF/b6E0dwsxQtAol9TLSO88kQvym6HHBWFliV2lGdrPieX+WgMRLSJDVzdYywk7jXbLPuO2KLTLg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.24.7",
+        "@babel/helper-compilation-targets": "^7.25.2",
+        "@babel/helper-plugin-utils": "^7.24.8",
+        "@babel/helper-replace-supers": "^7.25.0",
+        "@babel/traverse": "^7.25.4",
+        "globals": "^11.1.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-classes/node_modules/globals": {
+      "version": "11.12.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
+      "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/@babel/plugin-transform-computed-properties": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.24.7.tgz",
+      "integrity": "sha512-25cS7v+707Gu6Ds2oY6tCkUwsJ9YIDbggd9+cu9jzzDgiNq7hR/8dkzxWfKWnTic26vsI3EsCXNd4iEB6e8esQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/template": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-destructuring": {
+      "version": "7.24.8",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.24.8.tgz",
+      "integrity": "sha512-36e87mfY8TnRxc7yc6M9g9gOB7rKgSahqkIKwLpz4Ppk2+zC2Cy1is0uwtuSG6AE4zlTOUa+7JGz9jCJGLqQFQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.8"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-dotall-regex": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.24.7.tgz",
+      "integrity": "sha512-ZOA3W+1RRTSWvyqcMJDLqbchh7U4NRGqwRfFSVbOLS/ePIP4vHB5e8T8eXcuqyN1QkgKyj5wuW0lcS85v4CrSw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-duplicate-keys": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.24.7.tgz",
+      "integrity": "sha512-JdYfXyCRihAe46jUIliuL2/s0x0wObgwwiGxw/UbgJBr20gQBThrokO4nYKgWkD7uBaqM7+9x5TU7NkExZJyzw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-dynamic-import": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.24.7.tgz",
+      "integrity": "sha512-sc3X26PhZQDb3JhORmakcbvkeInvxz+A8oda99lj7J60QRuPZvNAk9wQlTBS1ZynelDrDmTU4pw1tyc5d5ZMUg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-dynamic-import": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-exponentiation-operator": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.24.7.tgz",
+      "integrity": "sha512-Rqe/vSc9OYgDajNIK35u7ot+KeCoetqQYFXM4Epf7M7ez3lWlOjrDjrwMei6caCVhfdw+mIKD4cgdGNy5JQotQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-builder-binary-assignment-operator-visitor": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-export-namespace-from": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.24.7.tgz",
+      "integrity": "sha512-v0K9uNYsPL3oXZ/7F9NNIbAj2jv1whUEtyA6aujhekLs56R++JDQuzRcP2/z4WX5Vg/c5lE9uWZA0/iUoFhLTA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-export-namespace-from": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-flow-strip-types": {
+      "version": "7.25.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-flow-strip-types/-/plugin-transform-flow-strip-types-7.25.2.tgz",
+      "integrity": "sha512-InBZ0O8tew5V0K6cHcQ+wgxlrjOw1W4wDXLkOTjLRD8GYhTSkxTVBtdy3MMtvYBrbAWa1Qm3hNoTc1620Yj+Mg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.8",
+        "@babel/plugin-syntax-flow": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-for-of": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.24.7.tgz",
+      "integrity": "sha512-wo9ogrDG1ITTTBsy46oGiN1dS9A7MROBTcYsfS8DtsImMkHk9JXJ3EWQM6X2SUw4x80uGPlwj0o00Uoc6nEE3g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-function-name": {
+      "version": "7.25.1",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.25.1.tgz",
+      "integrity": "sha512-TVVJVdW9RKMNgJJlLtHsKDTydjZAbwIsn6ySBPQaEAUU5+gVvlJt/9nRmqVbsV/IBanRjzWoaAQKLoamWVOUuA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-compilation-targets": "^7.24.8",
+        "@babel/helper-plugin-utils": "^7.24.8",
+        "@babel/traverse": "^7.25.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-json-strings": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.24.7.tgz",
+      "integrity": "sha512-2yFnBGDvRuxAaE/f0vfBKvtnvvqU8tGpMHqMNpTN2oWMKIR3NqFkjaAgGwawhqK/pIN2T3XdjGPdaG0vDhOBGw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-json-strings": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-literals": {
+      "version": "7.25.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.25.2.tgz",
+      "integrity": "sha512-HQI+HcTbm9ur3Z2DkO+jgESMAMcYLuN/A7NRw9juzxAezN9AvqvUTnpKP/9kkYANz6u7dFlAyOu44ejuGySlfw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.8"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-logical-assignment-operators": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.24.7.tgz",
+      "integrity": "sha512-4D2tpwlQ1odXmTEIFWy9ELJcZHqrStlzK/dAOWYyxX3zT0iXQB6banjgeOJQXzEc4S0E0a5A+hahxPaEFYftsw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-member-expression-literals": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.24.7.tgz",
+      "integrity": "sha512-T/hRC1uqrzXMKLQ6UCwMT85S3EvqaBXDGf0FaMf4446Qx9vKwlghvee0+uuZcDUCZU5RuNi4781UQ7R308zzBw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-modules-amd": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.24.7.tgz",
+      "integrity": "sha512-9+pB1qxV3vs/8Hdmz/CulFB8w2tuu6EB94JZFsjdqxQokwGa9Unap7Bo2gGBGIvPmDIVvQrom7r5m/TCDMURhg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-module-transforms": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-modules-commonjs": {
+      "version": "7.24.8",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.24.8.tgz",
+      "integrity": "sha512-WHsk9H8XxRs3JXKWFiqtQebdh9b/pTk4EgueygFzYlTKAg0Ud985mSevdNjdXdFBATSKVJGQXP1tv6aGbssLKA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-module-transforms": "^7.24.8",
+        "@babel/helper-plugin-utils": "^7.24.8",
+        "@babel/helper-simple-access": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-modules-systemjs": {
+      "version": "7.25.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.25.0.tgz",
+      "integrity": "sha512-YPJfjQPDXxyQWg/0+jHKj1llnY5f/R6a0p/vP4lPymxLu7Lvl4k2WMitqi08yxwQcCVUUdG9LCUj4TNEgAp3Jw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-module-transforms": "^7.25.0",
+        "@babel/helper-plugin-utils": "^7.24.8",
+        "@babel/helper-validator-identifier": "^7.24.7",
+        "@babel/traverse": "^7.25.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-modules-umd": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.24.7.tgz",
+      "integrity": "sha512-3aytQvqJ/h9z4g8AsKPLvD4Zqi2qT+L3j7XoFFu1XBlZWEl2/1kWnhmAbxpLgPrHSY0M6UA02jyTiwUVtiKR6A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-module-transforms": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-named-capturing-groups-regex": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.24.7.tgz",
+      "integrity": "sha512-/jr7h/EWeJtk1U/uz2jlsCioHkZk1JJZVcc8oQsJ1dUlaJD83f4/6Zeh2aHt9BIFokHIsSeDfhUmju0+1GPd6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-new-target": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.24.7.tgz",
+      "integrity": "sha512-RNKwfRIXg4Ls/8mMTza5oPF5RkOW8Wy/WgMAp1/F1yZ8mMbtwXW+HDoJiOsagWrAhI5f57Vncrmr9XeT4CVapA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-nullish-coalescing-operator": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.24.7.tgz",
+      "integrity": "sha512-Ts7xQVk1OEocqzm8rHMXHlxvsfZ0cEF2yomUqpKENHWMF4zKk175Y4q8H5knJes6PgYad50uuRmt3UJuhBw8pQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-numeric-separator": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.24.7.tgz",
+      "integrity": "sha512-e6q1TiVUzvH9KRvicuxdBTUj4AdKSRwzIyFFnfnezpCfP2/7Qmbb8qbU2j7GODbl4JMkblitCQjKYUaX/qkkwA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-numeric-separator": "^7.10.4"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-object-rest-spread": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.24.7.tgz",
+      "integrity": "sha512-4QrHAr0aXQCEFni2q4DqKLD31n2DL+RxcwnNjDFkSG0eNQ/xCavnRkfCUjsyqGC2OviNJvZOF/mQqZBw7i2C5Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-compilation-targets": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-object-rest-spread": "^7.8.3",
+        "@babel/plugin-transform-parameters": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-object-super": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.24.7.tgz",
+      "integrity": "sha512-A/vVLwN6lBrMFmMDmPPz0jnE6ZGx7Jq7d6sT/Ev4H65RER6pZ+kczlf1DthF5N0qaPHBsI7UXiE8Zy66nmAovg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/helper-replace-supers": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-optional-catch-binding": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.24.7.tgz",
+      "integrity": "sha512-uLEndKqP5BfBbC/5jTwPxLh9kqPWWgzN/f8w6UwAIirAEqiIVJWWY312X72Eub09g5KF9+Zn7+hT7sDxmhRuKA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-optional-catch-binding": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-optional-chaining": {
+      "version": "7.24.8",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.24.8.tgz",
+      "integrity": "sha512-5cTOLSMs9eypEy8JUVvIKOu6NgvbJMnpG62VpIHrTmROdQ+L5mDAaI40g25k5vXti55JWNX5jCkq3HZxXBQANw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.8",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7",
+        "@babel/plugin-syntax-optional-chaining": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-parameters": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.24.7.tgz",
+      "integrity": "sha512-yGWW5Rr+sQOhK0Ot8hjDJuxU3XLRQGflvT4lhlSY0DFvdb3TwKaY26CJzHtYllU0vT9j58hc37ndFPsqT1SrzA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-private-methods": {
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.25.4.tgz",
+      "integrity": "sha512-ao8BG7E2b/URaUQGqN3Tlsg+M3KlHY6rJ1O1gXAEUnZoyNQnvKyH87Kfg+FoxSeyWUB8ISZZsC91C44ZuBFytw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-class-features-plugin": "^7.25.4",
+        "@babel/helper-plugin-utils": "^7.24.8"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-private-property-in-object": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.24.7.tgz",
+      "integrity": "sha512-9z76mxwnwFxMyxZWEgdgECQglF2Q7cFLm0kMf8pGwt+GSJsY0cONKj/UuO4bOH0w/uAel3ekS4ra5CEAyJRmDA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.24.7",
+        "@babel/helper-create-class-features-plugin": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/plugin-syntax-private-property-in-object": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-property-literals": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.24.7.tgz",
+      "integrity": "sha512-EMi4MLQSHfd2nrCqQEWxFdha2gBCqU4ZcCng4WBGZ5CJL4bBRW0ptdqqDdeirGZcpALazVVNJqRmsO8/+oNCBA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-display-name": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.24.7.tgz",
+      "integrity": "sha512-H/Snz9PFxKsS1JLI4dJLtnJgCJRoo0AUm3chP6NYr+9En1JMKloheEiLIhlp5MDVznWo+H3AAC1Mc8lmUEpsgg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-jsx": {
+      "version": "7.25.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.25.2.tgz",
+      "integrity": "sha512-KQsqEAVBpU82NM/B/N9j9WOdphom1SZH3R+2V7INrQUH+V9EBFwZsEJl8eBIVeQE62FxJCc70jzEZwqU7RcVqA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.24.7",
+        "@babel/helper-module-imports": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.8",
+        "@babel/plugin-syntax-jsx": "^7.24.7",
+        "@babel/types": "^7.25.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-jsx-development": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.24.7.tgz",
+      "integrity": "sha512-QG9EnzoGn+Qar7rxuW+ZOsbWOt56FvvI93xInqsZDC5fsekx1AlIO4KIJ5M+D0p0SqSH156EpmZyXq630B8OlQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/plugin-transform-react-jsx": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-pure-annotations": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.24.7.tgz",
+      "integrity": "sha512-PLgBVk3fzbmEjBJ/u8kFzOqS9tUeDjiaWud/rRym/yjCo/M9cASPlnrd2ZmmZpQT40fOOrvR8jh+n8jikrOhNA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-regenerator": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.24.7.tgz",
+      "integrity": "sha512-lq3fvXPdimDrlg6LWBoqj+r/DEWgONuwjuOuQCSYgRroXDH/IdM1C0IZf59fL5cHLpjEH/O6opIRBbqv7ELnuA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "regenerator-transform": "^0.15.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-reserved-words": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.24.7.tgz",
+      "integrity": "sha512-0DUq0pHcPKbjFZCfTss/pGkYMfy3vFWydkUBd9r0GHpIyfs2eCDENvqadMycRS9wZCXR41wucAfJHJmwA0UmoQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-shorthand-properties": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.24.7.tgz",
+      "integrity": "sha512-KsDsevZMDsigzbA09+vacnLpmPH4aWjcZjXdyFKGzpplxhbeB4wYtury3vglQkg6KM/xEPKt73eCjPPf1PgXBA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-spread": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.24.7.tgz",
+      "integrity": "sha512-x96oO0I09dgMDxJaANcRyD4ellXFLLiWhuwDxKZX5g2rWP1bTPkBSwCYv96VDXVT1bD9aPj8tppr5ITIh8hBng==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-sticky-regex": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.24.7.tgz",
+      "integrity": "sha512-kHPSIJc9v24zEml5geKg9Mjx5ULpfncj0wRpYtxbvKyTtHCYDkVE3aHQ03FrpEo4gEe2vrJJS1Y9CJTaThA52g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-template-literals": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.24.7.tgz",
+      "integrity": "sha512-AfDTQmClklHCOLxtGoP7HkeMw56k1/bTQjwsfhL6pppo/M4TOBSq+jjBUBLmV/4oeFg4GWMavIl44ZeCtmmZTw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-typeof-symbol": {
+      "version": "7.24.8",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.24.8.tgz",
+      "integrity": "sha512-adNTUpDCVnmAE58VEqKlAA6ZBlNkMnWD0ZcW76lyNFN3MJniyGFZfNwERVk8Ap56MCnXztmDr19T4mPTztcuaw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.8"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-unicode-escapes": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.24.7.tgz",
+      "integrity": "sha512-U3ap1gm5+4edc2Q/P+9VrBNhGkfnf+8ZqppY71Bo/pzZmXhhLdqgaUl6cuB07O1+AQJtCLfaOmswiNbSQ9ivhw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-unicode-property-regex": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.24.7.tgz",
+      "integrity": "sha512-uH2O4OV5M9FZYQrwc7NdVmMxQJOCCzFeYudlZSzUAHRFeOujQefa92E74TQDVskNHCzOXoigEuoyzHDhaEaK5w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-unicode-regex": {
+      "version": "7.24.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.24.7.tgz",
+      "integrity": "sha512-hlQ96MBZSAXUq7ltkjtu3FJCCSMx/j629ns3hA3pXnBXjanNP0LHi+JpPeA81zaWgVK1VGH95Xuy7u0RyQ8kMg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.24.7",
+        "@babel/helper-plugin-utils": "^7.24.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-unicode-sets-regex": {
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.25.4.tgz",
+      "integrity": "sha512-qesBxiWkgN1Q+31xUE9RcMk79eOXXDCv6tfyGMRSs4RGlioSg2WVyQAm07k726cSE56pa+Kb0y9epX2qaXzTvA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.25.2",
+        "@babel/helper-plugin-utils": "^7.24.8"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/preset-env": {
+      "version": "7.24.3",
+      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.24.3.tgz",
+      "integrity": "sha512-fSk430k5c2ff8536JcPvPWK4tZDwehWLGlBp0wrsBUjZVdeQV6lePbwKWZaZfK2vnh/1kQX1PzAJWsnBmVgGJA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/compat-data": "^7.24.1",
+        "@babel/helper-compilation-targets": "^7.23.6",
+        "@babel/helper-plugin-utils": "^7.24.0",
+        "@babel/helper-validator-option": "^7.23.5",
+        "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.24.1",
+        "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.24.1",
+        "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.24.1",
+        "@babel/plugin-proposal-private-property-in-object": "7.21.0-placeholder-for-preset-env.2",
+        "@babel/plugin-syntax-async-generators": "^7.8.4",
+        "@babel/plugin-syntax-class-properties": "^7.12.13",
+        "@babel/plugin-syntax-class-static-block": "^7.14.5",
+        "@babel/plugin-syntax-dynamic-import": "^7.8.3",
+        "@babel/plugin-syntax-export-namespace-from": "^7.8.3",
+        "@babel/plugin-syntax-import-assertions": "^7.24.1",
+        "@babel/plugin-syntax-import-attributes": "^7.24.1",
+        "@babel/plugin-syntax-import-meta": "^7.10.4",
+        "@babel/plugin-syntax-json-strings": "^7.8.3",
+        "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4",
+        "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3",
+        "@babel/plugin-syntax-numeric-separator": "^7.10.4",
+        "@babel/plugin-syntax-object-rest-spread": "^7.8.3",
+        "@babel/plugin-syntax-optional-catch-binding": "^7.8.3",
+        "@babel/plugin-syntax-optional-chaining": "^7.8.3",
+        "@babel/plugin-syntax-private-property-in-object": "^7.14.5",
+        "@babel/plugin-syntax-top-level-await": "^7.14.5",
+        "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6",
+        "@babel/plugin-transform-arrow-functions": "^7.24.1",
+        "@babel/plugin-transform-async-generator-functions": "^7.24.3",
+        "@babel/plugin-transform-async-to-generator": "^7.24.1",
+        "@babel/plugin-transform-block-scoped-functions": "^7.24.1",
+        "@babel/plugin-transform-block-scoping": "^7.24.1",
+        "@babel/plugin-transform-class-properties": "^7.24.1",
+        "@babel/plugin-transform-class-static-block": "^7.24.1",
+        "@babel/plugin-transform-classes": "^7.24.1",
+        "@babel/plugin-transform-computed-properties": "^7.24.1",
+        "@babel/plugin-transform-destructuring": "^7.24.1",
+        "@babel/plugin-transform-dotall-regex": "^7.24.1",
+        "@babel/plugin-transform-duplicate-keys": "^7.24.1",
+        "@babel/plugin-transform-dynamic-import": "^7.24.1",
+        "@babel/plugin-transform-exponentiation-operator": "^7.24.1",
+        "@babel/plugin-transform-export-namespace-from": "^7.24.1",
+        "@babel/plugin-transform-for-of": "^7.24.1",
+        "@babel/plugin-transform-function-name": "^7.24.1",
+        "@babel/plugin-transform-json-strings": "^7.24.1",
+        "@babel/plugin-transform-literals": "^7.24.1",
+        "@babel/plugin-transform-logical-assignment-operators": "^7.24.1",
+        "@babel/plugin-transform-member-expression-literals": "^7.24.1",
+        "@babel/plugin-transform-modules-amd": "^7.24.1",
+        "@babel/plugin-transform-modules-commonjs": "^7.24.1",
+        "@babel/plugin-transform-modules-systemjs": "^7.24.1",
+        "@babel/plugin-transform-modules-umd": "^7.24.1",
+        "@babel/plugin-transform-named-capturing-groups-regex": "^7.22.5",
+        "@babel/plugin-transform-new-target": "^7.24.1",
+        "@babel/plugin-transform-nullish-coalescing-operator": "^7.24.1",
+        "@babel/plugin-transform-numeric-separator": "^7.24.1",
+        "@babel/plugin-transform-object-rest-spread": "^7.24.1",
+        "@babel/plugin-transform-object-super": "^7.24.1",
+        "@babel/plugin-transform-optional-catch-binding": "^7.24.1",
+        "@babel/plugin-transform-optional-chaining": "^7.24.1",
+        "@babel/plugin-transform-parameters": "^7.24.1",
+        "@babel/plugin-transform-private-methods": "^7.24.1",
+        "@babel/plugin-transform-private-property-in-object": "^7.24.1",
+        "@babel/plugin-transform-property-literals": "^7.24.1",
+        "@babel/plugin-transform-regenerator": "^7.24.1",
+        "@babel/plugin-transform-reserved-words": "^7.24.1",
+        "@babel/plugin-transform-shorthand-properties": "^7.24.1",
+        "@babel/plugin-transform-spread": "^7.24.1",
+        "@babel/plugin-transform-sticky-regex": "^7.24.1",
+        "@babel/plugin-transform-template-literals": "^7.24.1",
+        "@babel/plugin-transform-typeof-symbol": "^7.24.1",
+        "@babel/plugin-transform-unicode-escapes": "^7.24.1",
+        "@babel/plugin-transform-unicode-property-regex": "^7.24.1",
+        "@babel/plugin-transform-unicode-regex": "^7.24.1",
+        "@babel/plugin-transform-unicode-sets-regex": "^7.24.1",
+        "@babel/preset-modules": "0.1.6-no-external-plugins",
+        "babel-plugin-polyfill-corejs2": "^0.4.10",
+        "babel-plugin-polyfill-corejs3": "^0.10.4",
+        "babel-plugin-polyfill-regenerator": "^0.6.1",
+        "core-js-compat": "^3.31.0",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/preset-env/node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/preset-flow": {
+      "version": "7.24.1",
+      "resolved": "https://registry.npmjs.org/@babel/preset-flow/-/preset-flow-7.24.1.tgz",
+      "integrity": "sha512-sWCV2G9pcqZf+JHyv/RyqEIpFypxdCSxWIxQjpdaQxenNog7cN1pr76hg8u0Fz8Qgg0H4ETkGcJnXL8d4j0PPA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.0",
+        "@babel/helper-validator-option": "^7.23.5",
+        "@babel/plugin-transform-flow-strip-types": "^7.24.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/preset-modules": {
+      "version": "0.1.6-no-external-plugins",
+      "resolved": "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz",
+      "integrity": "sha512-HrcgcIESLm9aIR842yhJ5RWan/gebQUJ6E/E5+rf0y9o6oj7w0Br+sWuL6kEQ/o/AdfvR1Je9jG18/gnpwjEyA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.0.0",
+        "@babel/types": "^7.4.4",
+        "esutils": "^2.0.2"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0 || ^8.0.0-0 <8.0.0"
+      }
+    },
+    "node_modules/@babel/preset-react": {
+      "version": "7.24.1",
+      "resolved": "https://registry.npmjs.org/@babel/preset-react/-/preset-react-7.24.1.tgz",
+      "integrity": "sha512-eFa8up2/8cZXLIpkafhaADTXSnl7IsUFCYenRWrARBz0/qZwcT0RBXpys0LJU4+WfPoF2ZG6ew6s2V6izMCwRA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.24.0",
+        "@babel/helper-validator-option": "^7.23.5",
+        "@babel/plugin-transform-react-display-name": "^7.24.1",
+        "@babel/plugin-transform-react-jsx": "^7.23.4",
+        "@babel/plugin-transform-react-jsx-development": "^7.22.5",
+        "@babel/plugin-transform-react-pure-annotations": "^7.24.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/regjsgen": {
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@babel/regjsgen/-/regjsgen-0.8.0.tgz",
+      "integrity": "sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@babel/runtime": {
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.4.tgz",
+      "integrity": "sha512-DSgLeL/FNcpXuzav5wfYvHCGvynXkJbn3Zvc3823AEe9nPwW9IK4UoCSS5yGymmQzN0pCPvivtgS6/8U2kkm1w==",
       "license": "MIT",
       "dependencies": {
         "regenerator-runtime": "^0.14.0"
@@ -303,10 +2169,54 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@babel/template": {
+      "version": "7.25.0",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.0.tgz",
+      "integrity": "sha512-aOOgh1/5XzKvg1jvVz7AVrx2piJ2XBi227DHmbY6y+bM9H2FlN+IfecYu4Xl0cNiiVejlsCri89LUsbj8vJD9Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.24.7",
+        "@babel/parser": "^7.25.0",
+        "@babel/types": "^7.25.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/traverse": {
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.25.4.tgz",
+      "integrity": "sha512-VJ4XsrD+nOvlXyLzmLzUs/0qjFS4sK30te5yEFlvbbUNEgKaVb2BHZUpAL+ttLPQAHNrsI3zZisbfha5Cvr8vg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.24.7",
+        "@babel/generator": "^7.25.4",
+        "@babel/parser": "^7.25.4",
+        "@babel/template": "^7.25.0",
+        "@babel/types": "^7.25.4",
+        "debug": "^4.3.1",
+        "globals": "^11.1.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/traverse/node_modules/globals": {
+      "version": "11.12.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
+      "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/@babel/types": {
-      "version": "7.25.2",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.25.2.tgz",
-      "integrity": "sha512-YTnYtra7W9e6/oAZEHj0bJehPRUlLH9/fbpT5LfB0NhQXyALCRkRs3zH9v07IYhkgpqX6Z78FnuccZr/l4Fs4Q==",
+      "version": "7.25.4",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.25.4.tgz",
+      "integrity": "sha512-zQ1ijeeCXVEh+aNL0RlmkPkG8HUiDcU2pzQQFjtbntgAczRASFzj4H+6+bV+dy1ntKR14I/DypeuRG1uma98iQ==",
       "license": "MIT",
       "dependencies": {
         "@babel/helper-string-parser": "^7.24.8",
@@ -509,9 +2419,9 @@
       }
     },
     "node_modules/@csstools/css-parser-algorithms": {
-      "version": "2.7.1",
-      "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-2.7.1.tgz",
-      "integrity": "sha512-2SJS42gxmACHgikc1WGesXLIT8d/q2l0UFM7TaEeIzdFCE/FPMtTiizcPGGJtlPo2xuQzY09OhrLTzRxqJqwGw==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-3.0.1.tgz",
+      "integrity": "sha512-lSquqZCHxDfuTg/Sk2hiS0mcSFCEBuj49JfzPHJogDBT0mGCyY5A1AQzBWngitrp7i1/HAZpIgzF/VjhOEIJIg==",
       "dev": true,
       "funding": [
         {
@@ -525,16 +2435,16 @@
       ],
       "license": "MIT",
       "engines": {
-        "node": "^14 || ^16 || >=18"
+        "node": ">=18"
       },
       "peerDependencies": {
-        "@csstools/css-tokenizer": "^2.4.1"
+        "@csstools/css-tokenizer": "^3.0.1"
       }
     },
     "node_modules/@csstools/css-tokenizer": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-2.4.1.tgz",
-      "integrity": "sha512-eQ9DIktFJBhGjioABJRtUucoWR2mwllurfnM8LuNGAqX3ViZXaUchqk+1s7jjtkFiT9ySdACsFEA3etErkALUg==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-3.0.1.tgz",
+      "integrity": "sha512-UBqaiu7kU0lfvaP982/o3khfXccVlHPWp0/vwwiIgDF0GmqqqxoiXC/6FCjlS9u92f7CoEz6nXKQnrn1kIAkOw==",
       "dev": true,
       "funding": [
         {
@@ -548,13 +2458,13 @@
       ],
       "license": "MIT",
       "engines": {
-        "node": "^14 || ^16 || >=18"
+        "node": ">=18"
       }
     },
     "node_modules/@csstools/media-query-list-parser": {
-      "version": "2.1.13",
-      "resolved": "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-2.1.13.tgz",
-      "integrity": "sha512-XaHr+16KRU9Gf8XLi3q8kDlI18d5vzKSKCY510Vrtc9iNR0NJzbY9hhTmwhzYZj/ZwGL4VmB3TA9hJW0Um2qFA==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-3.0.1.tgz",
+      "integrity": "sha512-HNo8gGD02kHmcbX6PvCoUuOQvn4szyB9ca63vZHKX5A81QytgDG4oxG4IaEfHTlEZSZ6MjPEMWIVU+zF2PZcgw==",
       "dev": true,
       "funding": [
         {
@@ -568,17 +2478,17 @@
       ],
       "license": "MIT",
       "engines": {
-        "node": "^14 || ^16 || >=18"
+        "node": ">=18"
       },
       "peerDependencies": {
-        "@csstools/css-parser-algorithms": "^2.7.1",
-        "@csstools/css-tokenizer": "^2.4.1"
+        "@csstools/css-parser-algorithms": "^3.0.1",
+        "@csstools/css-tokenizer": "^3.0.1"
       }
     },
     "node_modules/@csstools/selector-resolve-nested": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@csstools/selector-resolve-nested/-/selector-resolve-nested-1.1.0.tgz",
-      "integrity": "sha512-uWvSaeRcHyeNenKg8tp17EVDRkpflmdyvbE0DHo6D/GdBb6PDnCYYU6gRpXhtICMGMcahQmj2zGxwFM/WC8hCg==",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/selector-resolve-nested/-/selector-resolve-nested-2.0.0.tgz",
+      "integrity": "sha512-oklSrRvOxNeeOW1yARd4WNCs/D09cQjunGZUgSq6vM8GpzFswN+8rBZyJA29YFZhOTQ6GFzxgLDNtVbt9wPZMA==",
       "funding": [
         {
           "type": "github",
@@ -591,16 +2501,16 @@
       ],
       "license": "MIT-0",
       "engines": {
-        "node": "^14 || ^16 || >=18"
+        "node": ">=18"
       },
       "peerDependencies": {
-        "postcss-selector-parser": "^6.0.13"
+        "postcss-selector-parser": "^6.1.0"
       }
     },
     "node_modules/@csstools/selector-specificity": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-3.1.1.tgz",
-      "integrity": "sha512-a7cxGcJ2wIlMFLlh8z2ONm+715QkPHiyJcxwQlKOz/03GPw1COpfhcmC9wm4xlZfp//jWHNNMwzjtqHXVWU9KA==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-4.0.0.tgz",
+      "integrity": "sha512-189nelqtPd8++phaHNwYovKZI0FOzH1vQEE3QhHHkNIGrg5fSs9CbYP3RvfEH5geztnIA9Jwq91wyOIwAW5JIQ==",
       "funding": [
         {
           "type": "github",
@@ -613,10 +2523,10 @@
       ],
       "license": "MIT-0",
       "engines": {
-        "node": "^14 || ^16 || >=18"
+        "node": ">=18"
       },
       "peerDependencies": {
-        "postcss-selector-parser": "^6.0.13"
+        "postcss-selector-parser": "^6.1.0"
       }
     },
     "node_modules/@discoveryjs/json-ext": {
@@ -1008,9 +2918,9 @@
       }
     },
     "node_modules/@eslint-community/eslint-plugin-eslint-comments": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-plugin-eslint-comments/-/eslint-plugin-eslint-comments-4.3.0.tgz",
-      "integrity": "sha512-6e93KtgsndNkvwCCa07LOQJSwzzLLxwrFll3+huyFoiiQXWG0KBcmo0Q1bVgYQQDLfWOOZl2VPBsXqZL6vHIBQ==",
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-plugin-eslint-comments/-/eslint-plugin-eslint-comments-4.4.0.tgz",
+      "integrity": "sha512-yljsWl5Qv3IkIRmJ38h3NrHXFCm4EUl55M8doGTF6hvzvFF8kRpextgSrg2dwHev9lzBZyafCr9RelGIyQm6fw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1020,6 +2930,9 @@
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      },
       "peerDependencies": {
         "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0 || ^9.0.0"
       }
@@ -1198,7 +3111,8 @@
     "node_modules/@github/relative-time-element": {
       "version": "4.4.3",
       "resolved": "https://registry.npmjs.org/@github/relative-time-element/-/relative-time-element-4.4.3.tgz",
-      "integrity": "sha512-EVKokqx9/DdUAZ2l9WVyY51EtRCO2gQWWMvsRIn7r4glJ91q9CXcnILVHZVCpfD52ucXUhUvtYsAjNJ4qP4uIg=="
+      "integrity": "sha512-EVKokqx9/DdUAZ2l9WVyY51EtRCO2gQWWMvsRIn7r4glJ91q9CXcnILVHZVCpfD52ucXUhUvtYsAjNJ4qP4uIg==",
+      "license": "MIT"
     },
     "node_modules/@github/text-expander-element": {
       "version": "2.7.1",
@@ -1512,6 +3426,40 @@
         "langium": "3.0.0"
       }
     },
+    "node_modules/@nicolo-ribaudo/eslint-scope-5-internals": {
+      "version": "5.1.1-v1",
+      "resolved": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz",
+      "integrity": "sha512-54/JRvkLIzzDWshCWfuhadfrfZVPiElY8Fcgmg1HroEly/EDSszzhBAsarCux+D/kOslTRquNzuyGSmUSTTHGg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "eslint-scope": "5.1.1"
+      }
+    },
+    "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
+      "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "esrecurse": "^4.3.0",
+        "estraverse": "^4.1.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
     "node_modules/@nodelib/fs.scandir": {
       "version": "2.1.5",
       "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
@@ -1547,6 +3495,16 @@
         "node": ">= 8"
       }
     },
+    "node_modules/@nolyfill/is-core-module": {
+      "version": "1.0.39",
+      "resolved": "https://registry.npmjs.org/@nolyfill/is-core-module/-/is-core-module-1.0.39.tgz",
+      "integrity": "sha512-nn5ozdjYQpUCZlWGuxcJY/KpxkWQs4DcbMCmKojjyrYDEAGy4Ce19NN4v5MduafTwJlbKc99UA8YhSVqq9yPZA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.4.0"
+      }
+    },
     "node_modules/@nolyfill/shared": {
       "version": "1.0.28",
       "resolved": "https://registry.npmjs.org/@nolyfill/shared/-/shared-1.0.28.tgz",
@@ -1578,13 +3536,13 @@
       }
     },
     "node_modules/@playwright/test": {
-      "version": "1.45.3",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.45.3.tgz",
-      "integrity": "sha512-UKF4XsBfy+u3MFWEH44hva1Q8Da28G6RFtR2+5saw+jgAFQV5yYnB1fu68Mz7fO+5GJF3wgwAIs0UelU8TxFrA==",
+      "version": "1.46.1",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.46.1.tgz",
+      "integrity": "sha512-Fq6SwLujA/DOIvNC2EL/SojJnkKf/rAwJ//APpJJHRyMi1PdKrY3Az+4XNQ51N4RTbItbIByQ0jgd1tayq1aeA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright": "1.45.3"
+        "playwright": "1.46.1"
       },
       "bin": {
         "playwright": "cli.js"
@@ -1660,9 +3618,9 @@
       "license": "MIT"
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.19.2.tgz",
-      "integrity": "sha512-OHflWINKtoCFSpm/WmuQaWW4jeX+3Qt3XQDepkkiFTsoxFc5BpF3Z5aDxFZgBqRjO6ATP5+b1iilp4kGIZVWlA==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.21.1.tgz",
+      "integrity": "sha512-2thheikVEuU7ZxFXubPDOtspKn1x0yqaYQwvALVtEcvFhMifPADBrgRPyHV0TF3b+9BgvgjgagVyvA/UqPZHmg==",
       "cpu": [
         "arm"
       ],
@@ -1674,9 +3632,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.19.2.tgz",
-      "integrity": "sha512-k0OC/b14rNzMLDOE6QMBCjDRm3fQOHAL8Ldc9bxEWvMo4Ty9RY6rWmGetNTWhPo+/+FNd1lsQYRd0/1OSix36A==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.21.1.tgz",
+      "integrity": "sha512-t1lLYn4V9WgnIFHXy1d2Di/7gyzBWS8G5pQSXdZqfrdCGTwi1VasRMSS81DTYb+avDs/Zz4A6dzERki5oRYz1g==",
       "cpu": [
         "arm64"
       ],
@@ -1688,9 +3646,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.19.2.tgz",
-      "integrity": "sha512-IIARRgWCNWMTeQH+kr/gFTHJccKzwEaI0YSvtqkEBPj7AshElFq89TyreKNFAGh5frLfDCbodnq+Ye3dqGKPBw==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.21.1.tgz",
+      "integrity": "sha512-AH/wNWSEEHvs6t4iJ3RANxW5ZCK3fUnmf0gyMxWCesY1AlUj8jY7GC+rQE4wd3gwmZ9XDOpL0kcFnCjtN7FXlA==",
       "cpu": [
         "arm64"
       ],
@@ -1702,9 +3660,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.19.2.tgz",
-      "integrity": "sha512-52udDMFDv54BTAdnw+KXNF45QCvcJOcYGl3vQkp4vARyrcdI/cXH8VXTEv/8QWfd6Fru8QQuw1b2uNersXOL0g==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.21.1.tgz",
+      "integrity": "sha512-dO0BIz/+5ZdkLZrVgQrDdW7m2RkrLwYTh2YMFG9IpBtlC1x1NPNSXkfczhZieOlOLEqgXOFH3wYHB7PmBtf+Bg==",
       "cpu": [
         "x64"
       ],
@@ -1716,9 +3674,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.19.2.tgz",
-      "integrity": "sha512-r+SI2t8srMPYZeoa1w0o/AfoVt9akI1ihgazGYPQGRilVAkuzMGiTtexNZkrPkQsyFrvqq/ni8f3zOnHw4hUbA==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.21.1.tgz",
+      "integrity": "sha512-sWWgdQ1fq+XKrlda8PsMCfut8caFwZBmhYeoehJ05FdI0YZXk6ZyUjWLrIgbR/VgiGycrFKMMgp7eJ69HOF2pQ==",
       "cpu": [
         "arm"
       ],
@@ -1730,9 +3688,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.19.2.tgz",
-      "integrity": "sha512-+tYiL4QVjtI3KliKBGtUU7yhw0GMcJJuB9mLTCEauHEsqfk49gtUBXGtGP3h1LW8MbaTY6rSFIQV1XOBps1gBA==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.21.1.tgz",
+      "integrity": "sha512-9OIiSuj5EsYQlmwhmFRA0LRO0dRRjdCVZA3hnmZe1rEwRk11Jy3ECGGq3a7RrVEZ0/pCsYWx8jG3IvcrJ6RCew==",
       "cpu": [
         "arm"
       ],
@@ -1744,9 +3702,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.19.2.tgz",
-      "integrity": "sha512-OR5DcvZiYN75mXDNQQxlQPTv4D+uNCUsmSCSY2FolLf9W5I4DSoJyg7z9Ea3TjKfhPSGgMJiey1aWvlWuBzMtg==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.21.1.tgz",
+      "integrity": "sha512-0kuAkRK4MeIUbzQYu63NrJmfoUVicajoRAL1bpwdYIYRcs57iyIV9NLcuyDyDXE2GiZCL4uhKSYAnyWpjZkWow==",
       "cpu": [
         "arm64"
       ],
@@ -1758,9 +3716,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.19.2.tgz",
-      "integrity": "sha512-Hw3jSfWdUSauEYFBSFIte6I8m6jOj+3vifLg8EU3lreWulAUpch4JBjDMtlKosrBzkr0kwKgL9iCfjA8L3geoA==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.21.1.tgz",
+      "integrity": "sha512-/6dYC9fZtfEY0vozpc5bx1RP4VrtEOhNQGb0HwvYNwXD1BBbwQ5cKIbUVVU7G2d5WRE90NfB922elN8ASXAJEA==",
       "cpu": [
         "arm64"
       ],
@@ -1772,9 +3730,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-powerpc64le-gnu": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.19.2.tgz",
-      "integrity": "sha512-rhjvoPBhBwVnJRq/+hi2Q3EMiVF538/o9dBuj9TVLclo9DuONqt5xfWSaE6MYiFKpo/lFPJ/iSI72rYWw5Hc7w==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.21.1.tgz",
+      "integrity": "sha512-ltUWy+sHeAh3YZ91NUsV4Xg3uBXAlscQe8ZOXRCVAKLsivGuJsrkawYPUEyCV3DYa9urgJugMLn8Z3Z/6CeyRQ==",
       "cpu": [
         "ppc64"
       ],
@@ -1786,9 +3744,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.19.2.tgz",
-      "integrity": "sha512-EAz6vjPwHHs2qOCnpQkw4xs14XJq84I81sDRGPEjKPFVPBw7fwvtwhVjcZR6SLydCv8zNK8YGFblKWd/vRmP8g==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.21.1.tgz",
+      "integrity": "sha512-BggMndzI7Tlv4/abrgLwa/dxNEMn2gC61DCLrTzw8LkpSKel4o+O+gtjbnkevZ18SKkeN3ihRGPuBxjaetWzWg==",
       "cpu": [
         "riscv64"
       ],
@@ -1800,9 +3758,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.19.2.tgz",
-      "integrity": "sha512-IJSUX1xb8k/zN9j2I7B5Re6B0NNJDJ1+soezjNojhT8DEVeDNptq2jgycCOpRhyGj0+xBn7Cq+PK7Q+nd2hxLA==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.21.1.tgz",
+      "integrity": "sha512-z/9rtlGd/OMv+gb1mNSjElasMf9yXusAxnRDrBaYB+eS1shFm6/4/xDH1SAISO5729fFKUkJ88TkGPRUh8WSAA==",
       "cpu": [
         "s390x"
       ],
@@ -1814,9 +3772,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.19.2.tgz",
-      "integrity": "sha512-OgaToJ8jSxTpgGkZSkwKE+JQGihdcaqnyHEFOSAU45utQ+yLruE1dkonB2SDI8t375wOKgNn8pQvaWY9kPzxDQ==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.21.1.tgz",
+      "integrity": "sha512-kXQVcWqDcDKw0S2E0TmhlTLlUgAmMVqPrJZR+KpH/1ZaZhLSl23GZpQVmawBQGVhyP5WXIsIQ/zqbDBBYmxm5w==",
       "cpu": [
         "x64"
       ],
@@ -1828,9 +3786,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.19.2.tgz",
-      "integrity": "sha512-5V3mPpWkB066XZZBgSd1lwozBk7tmOkKtquyCJ6T4LN3mzKENXyBwWNQn8d0Ci81hvlBw5RoFgleVpL6aScLYg==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.21.1.tgz",
+      "integrity": "sha512-CbFv/WMQsSdl+bpX6rVbzR4kAjSSBuDgCqb1l4J68UYsQNalz5wOqLGYj4ZI0thGpyX5kc+LLZ9CL+kpqDovZA==",
       "cpu": [
         "x64"
       ],
@@ -1842,9 +3800,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.19.2.tgz",
-      "integrity": "sha512-ayVstadfLeeXI9zUPiKRVT8qF55hm7hKa+0N1V6Vj+OTNFfKSoUxyZvzVvgtBxqSb5URQ8sK6fhwxr9/MLmxdA==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.21.1.tgz",
+      "integrity": "sha512-3Q3brDgA86gHXWHklrwdREKIrIbxC0ZgU8lwpj0eEKGBQH+31uPqr0P2v11pn0tSIxHvcdOWxa4j+YvLNx1i6g==",
       "cpu": [
         "arm64"
       ],
@@ -1856,9 +3814,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.19.2.tgz",
-      "integrity": "sha512-Mda7iG4fOLHNsPqjWSjANvNZYoW034yxgrndof0DwCy0D3FvTjeNo+HGE6oGWgvcLZNLlcp0hLEFcRs+UGsMLg==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.21.1.tgz",
+      "integrity": "sha512-tNg+jJcKR3Uwe4L0/wY3Ro0H+u3nrb04+tcq1GSYzBEmKLeOQF2emk1whxlzNqb6MMrQ2JOcQEpuuiPLyRcSIw==",
       "cpu": [
         "ia32"
       ],
@@ -1870,9 +3828,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.19.2.tgz",
-      "integrity": "sha512-DPi0ubYhSow/00YqmG1jWm3qt1F8aXziHc/UNy8bo9cpCacqhuWu+iSq/fp2SyEQK7iYTZ60fBU9cat3MXTjIQ==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.21.1.tgz",
+      "integrity": "sha512-xGiIH95H1zU7naUyTKEyOA/I0aexNMUdO9qRv0bLKN3qu25bBdrxZHqA3PTJ24YNN/GdMzG4xkDcd/GvjuhfLg==",
       "cpu": [
         "x64"
       ],
@@ -2427,9 +4385,9 @@
       }
     },
     "node_modules/@stylistic/eslint-plugin-js": {
-      "version": "2.6.1",
-      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin-js/-/eslint-plugin-js-2.6.1.tgz",
-      "integrity": "sha512-iLOiVzcvqzDGD9U0EuVOX680v+XOPiPAjkxWj+Q6iV2GLOM5NB27tKVOpJY7AzBhidwpRbaLTgg3T4UzYx09jw==",
+      "version": "2.6.5",
+      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin-js/-/eslint-plugin-js-2.6.5.tgz",
+      "integrity": "sha512-RSXHczNa9RO5aLKUB+3P3iLOtM52rfIt11zxnmp5qdXUs2ve7rPAWVoom9krdzYNSARnNpeKH5c5uQ3VuHoEaA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2446,20 +4404,20 @@
       }
     },
     "node_modules/@stylistic/stylelint-plugin": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@stylistic/stylelint-plugin/-/stylelint-plugin-3.0.0.tgz",
-      "integrity": "sha512-GymY+9CSqkPaZ1A3m3w/tvCdpP3qQcaL1FSaoVv9aKL3Tn6GVJWHc2VWVkbNEsYr4QImHjWnlmVZROwgUEjMmQ==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@stylistic/stylelint-plugin/-/stylelint-plugin-3.0.1.tgz",
+      "integrity": "sha512-j3mH8HSw2Rob/KJFWZ627w3CQ8gQqVHtzCdPeEffUg5vOgpz4rgrR+Xw2kU0OQCDcdW8Y1nKfdXKKjM5Rn8X0g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@csstools/css-parser-algorithms": "^2.7.1",
-        "@csstools/css-tokenizer": "^2.4.1",
-        "@csstools/media-query-list-parser": "^2.1.13",
+        "@csstools/css-parser-algorithms": "^3.0.0",
+        "@csstools/css-tokenizer": "^3.0.0",
+        "@csstools/media-query-list-parser": "^3.0.0",
         "is-plain-object": "^5.0.0",
-        "postcss-selector-parser": "^6.1.1",
+        "postcss-selector-parser": "^6.1.2",
         "postcss-value-parser": "^4.2.0",
         "style-search": "^0.1.0",
-        "stylelint": "^16.8.0"
+        "stylelint": "^16.8.2"
       },
       "engines": {
         "node": "^18.12 || >=20.9"
@@ -2468,6 +4426,170 @@
         "stylelint": "^16.8.0"
       }
     },
+    "node_modules/@stylistic/stylelint-plugin/node_modules/ansi-regex": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
+      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "node_modules/@stylistic/stylelint-plugin/node_modules/balanced-match": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-2.0.0.tgz",
+      "integrity": "sha512-1ugUSr8BHXRnK23KfuYS+gVMC3LB8QGH9W1iGtDPsNWoQbgtXSExkBu2aDR4epiGWZOjZsj6lDl/N/AqqTC3UA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@stylistic/stylelint-plugin/node_modules/file-entry-cache": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-9.1.0.tgz",
+      "integrity": "sha512-/pqPFG+FdxWQj+/WSuzXSDaNzxgTLr/OrR1QuqfEZzDakpdYE70PwUxL7BPUa8hpjbvY1+qvCl8k+8Tq34xJgg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "flat-cache": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@stylistic/stylelint-plugin/node_modules/flat-cache": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-5.0.0.tgz",
+      "integrity": "sha512-JrqFmyUl2PnPi1OvLyTVHnQvwQ0S+e6lGSwu8OkAZlSaNIZciTY2H/cOOROxsBA1m/LZNHDsqAgDZt6akWcjsQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "flatted": "^3.3.1",
+        "keyv": "^4.5.4"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@stylistic/stylelint-plugin/node_modules/postcss-safe-parser": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-safe-parser/-/postcss-safe-parser-7.0.0.tgz",
+      "integrity": "sha512-ovehqRNVCpuFzbXoTb4qLtyzK3xn3t/CUBxOs8LsnQjQrShaB4lKiHoVqY8ANaC0hBMHq5QVWk77rwGklFUDrg==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss-safe-parser"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=18.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4.31"
+      }
+    },
+    "node_modules/@stylistic/stylelint-plugin/node_modules/resolve-from": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz",
+      "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@stylistic/stylelint-plugin/node_modules/strip-ansi": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
+      "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
+    "node_modules/@stylistic/stylelint-plugin/node_modules/stylelint": {
+      "version": "16.9.0",
+      "resolved": "https://registry.npmjs.org/stylelint/-/stylelint-16.9.0.tgz",
+      "integrity": "sha512-31Nm3WjxGOBGpQqF43o3wO9L5AC36TPIe6030Lnm13H3vDMTcS21DrLh69bMX+DBilKqMMVLian4iG6ybBoNRQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/stylelint"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/stylelint"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "@csstools/css-parser-algorithms": "^3.0.1",
+        "@csstools/css-tokenizer": "^3.0.1",
+        "@csstools/media-query-list-parser": "^3.0.1",
+        "@csstools/selector-specificity": "^4.0.0",
+        "@dual-bundle/import-meta-resolve": "^4.1.0",
+        "balanced-match": "^2.0.0",
+        "colord": "^2.9.3",
+        "cosmiconfig": "^9.0.0",
+        "css-functions-list": "^3.2.2",
+        "css-tree": "^2.3.1",
+        "debug": "^4.3.6",
+        "fast-glob": "^3.3.2",
+        "fastest-levenshtein": "^1.0.16",
+        "file-entry-cache": "^9.0.0",
+        "global-modules": "^2.0.0",
+        "globby": "^11.1.0",
+        "globjoin": "^0.1.4",
+        "html-tags": "^3.3.1",
+        "ignore": "^5.3.2",
+        "imurmurhash": "^0.1.4",
+        "is-plain-object": "^5.0.0",
+        "known-css-properties": "^0.34.0",
+        "mathml-tag-names": "^2.1.3",
+        "meow": "^13.2.0",
+        "micromatch": "^4.0.8",
+        "normalize-path": "^3.0.0",
+        "picocolors": "^1.0.1",
+        "postcss": "^8.4.41",
+        "postcss-resolve-nested-selector": "^0.1.6",
+        "postcss-safe-parser": "^7.0.0",
+        "postcss-selector-parser": "^6.1.2",
+        "postcss-value-parser": "^4.2.0",
+        "resolve-from": "^5.0.0",
+        "string-width": "^4.2.3",
+        "strip-ansi": "^7.1.0",
+        "supports-hyperlinks": "^3.1.0",
+        "svg-tags": "^1.0.0",
+        "table": "^6.8.2",
+        "write-file-atomic": "^5.0.1"
+      },
+      "bin": {
+        "stylelint": "bin/stylelint.mjs"
+      },
+      "engines": {
+        "node": ">=18.12.0"
+      }
+    },
     "node_modules/@swc/helpers": {
       "version": "0.2.14",
       "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.2.14.tgz",
@@ -2514,25 +4636,16 @@
       }
     },
     "node_modules/@types/eslint": {
-      "version": "9.6.0",
-      "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-9.6.0.tgz",
-      "integrity": "sha512-gi6WQJ7cHRgZxtkQEoyHMppPjq9Kxo5Tjn2prSKDSmZrCz8TZ3jSRCeTJm+WoM+oB0WG37bRqLzaaU3q7JypGg==",
+      "version": "9.6.1",
+      "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-9.6.1.tgz",
+      "integrity": "sha512-FXx2pKgId/WyYo2jXw63kk7/+TY7u7AziEJxJAnSFzHlqTAS3Ync6SvgYAN/k4/PQpnnVuzoMuVnByKK2qp0ag==",
+      "dev": true,
       "license": "MIT",
       "dependencies": {
         "@types/estree": "*",
         "@types/json-schema": "*"
       }
     },
-    "node_modules/@types/eslint-scope": {
-      "version": "3.7.7",
-      "resolved": "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.7.tgz",
-      "integrity": "sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg==",
-      "license": "MIT",
-      "dependencies": {
-        "@types/eslint": "*",
-        "@types/estree": "*"
-      }
-    },
     "node_modules/@types/estree": {
       "version": "0.0.39",
       "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.39.tgz",
@@ -2586,12 +4699,12 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "22.1.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.1.0.tgz",
-      "integrity": "sha512-AOmuRF0R2/5j1knA3c6G3HOk523Ga+l+ZXltX8SF1+5oqcXijjfTd8fY3XRZqSihEu9XhtQnKYLmkFaoxgsJHw==",
+      "version": "22.5.1",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.1.tgz",
+      "integrity": "sha512-KkHsxej0j9IW1KKOOAA/XBA0z08UFSrRQHErzEfA3Vgq57eXIMYboIlHJuYIfd+lwCQjtKqUu3UnmKbtUc9yRw==",
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~6.13.0"
+        "undici-types": "~6.19.2"
       }
     },
     "node_modules/@types/normalize-package-data": {
@@ -2698,9 +4811,9 @@
       "license": "MIT"
     },
     "node_modules/@types/webpack": {
-      "version": "4.41.38",
-      "resolved": "https://registry.npmjs.org/@types/webpack/-/webpack-4.41.38.tgz",
-      "integrity": "sha512-oOW7E931XJU1mVfCnxCVgv8GLFL768pDO5u2Gzk82i8yTIgX6i7cntyZOkZYb/JtYM8252SN9bQp9tgkVDSsRw==",
+      "version": "4.41.39",
+      "resolved": "https://registry.npmjs.org/@types/webpack/-/webpack-4.41.39.tgz",
+      "integrity": "sha512-otxUJvoi6FbBq/64gGH34eblpKLgdi+gf08GaAh8Bx6So0ZZic028Ev/SUxD22gbthMKCkeeiXEat1kHLDJfYg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2735,17 +4848,17 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.0.0.tgz",
-      "integrity": "sha512-STIZdwEQRXAHvNUS6ILDf5z3u95Gc8jzywunxSNqX00OooIemaaNIA0vEgynJlycL5AjabYLLrIyHd4iazyvtg==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.3.0.tgz",
+      "integrity": "sha512-FLAIn63G5KH+adZosDYiutqkOkYEx0nvcwNNfJAf+c7Ae/H35qWwTYvPZUKFj5AS+WfHG/WJJfWnDnyNUlp8UA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.0.0",
-        "@typescript-eslint/type-utils": "8.0.0",
-        "@typescript-eslint/utils": "8.0.0",
-        "@typescript-eslint/visitor-keys": "8.0.0",
+        "@typescript-eslint/scope-manager": "8.3.0",
+        "@typescript-eslint/type-utils": "8.3.0",
+        "@typescript-eslint/utils": "8.3.0",
+        "@typescript-eslint/visitor-keys": "8.3.0",
         "graphemer": "^1.4.0",
         "ignore": "^5.3.1",
         "natural-compare": "^1.4.0",
@@ -2769,16 +4882,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.0.0.tgz",
-      "integrity": "sha512-pS1hdZ+vnrpDIxuFXYQpLTILglTjSYJ9MbetZctrUawogUsPdz31DIIRZ9+rab0LhYNTsk88w4fIzVheiTbWOQ==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.3.0.tgz",
+      "integrity": "sha512-h53RhVyLu6AtpUzVCYLPhZGL5jzTD9fZL+SYf/+hYOx2bDkyQXztXSc4tbvKYHzfMXExMLiL9CWqJmVz6+78IQ==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.0.0",
-        "@typescript-eslint/types": "8.0.0",
-        "@typescript-eslint/typescript-estree": "8.0.0",
-        "@typescript-eslint/visitor-keys": "8.0.0",
+        "@typescript-eslint/scope-manager": "8.3.0",
+        "@typescript-eslint/types": "8.3.0",
+        "@typescript-eslint/typescript-estree": "8.3.0",
+        "@typescript-eslint/visitor-keys": "8.3.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -2798,14 +4911,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.0.0.tgz",
-      "integrity": "sha512-V0aa9Csx/ZWWv2IPgTfY7T4agYwJyILESu/PVqFtTFz9RIS823mAze+NbnBI8xiwdX3iqeQbcTYlvB04G9wyQw==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.3.0.tgz",
+      "integrity": "sha512-mz2X8WcN2nVu5Hodku+IR8GgCOl4C0G/Z1ruaWN4dgec64kDBabuXyPAr+/RgJtumv8EEkqIzf3X2U5DUKB2eg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.0.0",
-        "@typescript-eslint/visitor-keys": "8.0.0"
+        "@typescript-eslint/types": "8.3.0",
+        "@typescript-eslint/visitor-keys": "8.3.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2816,14 +4929,14 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.0.0.tgz",
-      "integrity": "sha512-mJAFP2mZLTBwAn5WI4PMakpywfWFH5nQZezUQdSKV23Pqo6o9iShQg1hP2+0hJJXP2LnZkWPphdIq4juYYwCeg==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.3.0.tgz",
+      "integrity": "sha512-wrV6qh//nLbfXZQoj32EXKmwHf4b7L+xXLrP3FZ0GOUU72gSvLjeWUl5J5Ue5IwRxIV1TfF73j/eaBapxx99Lg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "8.0.0",
-        "@typescript-eslint/utils": "8.0.0",
+        "@typescript-eslint/typescript-estree": "8.3.0",
+        "@typescript-eslint/utils": "8.3.0",
         "debug": "^4.3.4",
         "ts-api-utils": "^1.3.0"
       },
@@ -2841,9 +4954,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.0.0.tgz",
-      "integrity": "sha512-wgdSGs9BTMWQ7ooeHtu5quddKKs5Z5dS+fHLbrQI+ID0XWJLODGMHRfhwImiHoeO2S5Wir2yXuadJN6/l4JRxw==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.3.0.tgz",
+      "integrity": "sha512-y6sSEeK+facMaAyixM36dQ5NVXTnKWunfD1Ft4xraYqxP0lC0POJmIaL/mw72CUMqjY9qfyVfXafMeaUj0noWw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2855,16 +4968,16 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.0.0.tgz",
-      "integrity": "sha512-5b97WpKMX+Y43YKi4zVcCVLtK5F98dFls3Oxui8LbnmRsseKenbbDinmvxrWegKDMmlkIq/XHuyy0UGLtpCDKg==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.3.0.tgz",
+      "integrity": "sha512-Mq7FTHl0R36EmWlCJWojIC1qn/ZWo2YiWYc1XVtasJ7FIgjo0MVv9rZWXEE7IK2CGrtwe1dVOxWwqXUdNgfRCA==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
-        "@typescript-eslint/types": "8.0.0",
-        "@typescript-eslint/visitor-keys": "8.0.0",
+        "@typescript-eslint/types": "8.3.0",
+        "@typescript-eslint/visitor-keys": "8.3.0",
         "debug": "^4.3.4",
-        "globby": "^11.1.0",
+        "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
         "minimatch": "^9.0.4",
         "semver": "^7.6.0",
@@ -2900,16 +5013,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.0.0.tgz",
-      "integrity": "sha512-k/oS/A/3QeGLRvOWCg6/9rATJL5rec7/5s1YmdS0ZU6LHveJyGFwBvLhSRBv6i9xaj7etmosp+l+ViN1I9Aj/Q==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.3.0.tgz",
+      "integrity": "sha512-F77WwqxIi/qGkIGOGXNBLV7nykwfjLsdauRB/DOFPdv6LTF3BHHkBpq81/b5iMPSF055oO2BiivDJV4ChvNtXA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.4.0",
-        "@typescript-eslint/scope-manager": "8.0.0",
-        "@typescript-eslint/types": "8.0.0",
-        "@typescript-eslint/typescript-estree": "8.0.0"
+        "@typescript-eslint/scope-manager": "8.3.0",
+        "@typescript-eslint/types": "8.3.0",
+        "@typescript-eslint/typescript-estree": "8.3.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2923,13 +5036,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.0.0.tgz",
-      "integrity": "sha512-oN0K4nkHuOyF3PVMyETbpP5zp6wfyOvm7tWhTMfoqxSSsPmJIh6JNASuZDlODE8eE+0EB9uar+6+vxr9DBTYOA==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.3.0.tgz",
+      "integrity": "sha512-RmZwrTbQ9QveF15m/Cl28n0LXD6ea2CjkhH5rQ55ewz3H24w+AMCJHPVYaZ8/0HoG8Z3cLLFFycRXxeO2tz9FA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.0.0",
+        "@typescript-eslint/types": "8.3.0",
         "eslint-visitor-keys": "^3.4.3"
       },
       "engines": {
@@ -3089,39 +5202,39 @@
       }
     },
     "node_modules/@vue/compiler-core": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.4.35.tgz",
-      "integrity": "sha512-gKp0zGoLnMYtw4uS/SJRRO7rsVggLjvot3mcctlMXunYNsX+aRJDqqw/lV5/gHK91nvaAAlWFgdVl020AW1Prg==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.4.38.tgz",
+      "integrity": "sha512-8IQOTCWnLFqfHzOGm9+P8OPSEDukgg3Huc92qSG49if/xI2SAwLHQO2qaPQbjCWPBcQoO1WYfXfTACUrWV3c5A==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.24.7",
-        "@vue/shared": "3.4.35",
+        "@vue/shared": "3.4.38",
         "entities": "^4.5.0",
         "estree-walker": "^2.0.2",
         "source-map-js": "^1.2.0"
       }
     },
     "node_modules/@vue/compiler-dom": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.4.35.tgz",
-      "integrity": "sha512-pWIZRL76/oE/VMhdv/ovZfmuooEni6JPG1BFe7oLk5DZRo/ImydXijoZl/4kh2406boRQ7lxTYzbZEEXEhj9NQ==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.4.38.tgz",
+      "integrity": "sha512-Osc/c7ABsHXTsETLgykcOwIxFktHfGSUDkb05V61rocEfsFDcjDLH/IHJSNJP+/Sv9KeN2Lx1V6McZzlSb9EhQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-core": "3.4.35",
-        "@vue/shared": "3.4.35"
+        "@vue/compiler-core": "3.4.38",
+        "@vue/shared": "3.4.38"
       }
     },
     "node_modules/@vue/compiler-sfc": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.4.35.tgz",
-      "integrity": "sha512-xacnRS/h/FCsjsMfxBkzjoNxyxEyKyZfBch/P4vkLRvYJwe5ChXmZZrj8Dsed/752H2Q3JE8kYu9Uyha9J6PgA==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.4.38.tgz",
+      "integrity": "sha512-s5QfZ+9PzPh3T5H4hsQDJtI8x7zdJaew/dCGgqZ2630XdzaZ3AD8xGZfBqpT8oaD/p2eedd+pL8tD5vvt5ZYJQ==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.24.7",
-        "@vue/compiler-core": "3.4.35",
-        "@vue/compiler-dom": "3.4.35",
-        "@vue/compiler-ssr": "3.4.35",
-        "@vue/shared": "3.4.35",
+        "@vue/compiler-core": "3.4.38",
+        "@vue/compiler-dom": "3.4.38",
+        "@vue/compiler-ssr": "3.4.38",
+        "@vue/shared": "3.4.38",
         "estree-walker": "^2.0.2",
         "magic-string": "^0.30.10",
         "postcss": "^8.4.40",
@@ -3138,63 +5251,63 @@
       }
     },
     "node_modules/@vue/compiler-ssr": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.4.35.tgz",
-      "integrity": "sha512-7iynB+0KB1AAJKk/biENTV5cRGHRdbdaD7Mx3nWcm1W8bVD6QmnH3B4AHhQQ1qZHhqFwzEzMwiytXm3PX1e60A==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.4.38.tgz",
+      "integrity": "sha512-YXznKFQ8dxYpAz9zLuVvfcXhc31FSPFDcqr0kyujbOwNhlmaNvL2QfIy+RZeJgSn5Fk54CWoEUeW+NVBAogGaw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.4.35",
-        "@vue/shared": "3.4.35"
+        "@vue/compiler-dom": "3.4.38",
+        "@vue/shared": "3.4.38"
       }
     },
     "node_modules/@vue/reactivity": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.4.35.tgz",
-      "integrity": "sha512-Ggtz7ZZHakriKioveJtPlStYardwQH6VCs9V13/4qjHSQb/teE30LVJNrbBVs4+aoYGtTQKJbTe4CWGxVZrvEw==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.4.38.tgz",
+      "integrity": "sha512-4vl4wMMVniLsSYYeldAKzbk72+D3hUnkw9z8lDeJacTxAkXeDAP1uE9xr2+aKIN0ipOL8EG2GPouVTH6yF7Gnw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/shared": "3.4.35"
+        "@vue/shared": "3.4.38"
       }
     },
     "node_modules/@vue/runtime-core": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.4.35.tgz",
-      "integrity": "sha512-D+BAjFoWwT5wtITpSxwqfWZiBClhBbR+bm0VQlWYFOadUUXFo+5wbe9ErXhLvwguPiLZdEF13QAWi2vP3ZD5tA==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.4.38.tgz",
+      "integrity": "sha512-21z3wA99EABtuf+O3IhdxP0iHgkBs1vuoCAsCKLVJPEjpVqvblwBnTj42vzHRlWDCyxu9ptDm7sI2ZMcWrQqlA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.4.35",
-        "@vue/shared": "3.4.35"
+        "@vue/reactivity": "3.4.38",
+        "@vue/shared": "3.4.38"
       }
     },
     "node_modules/@vue/runtime-dom": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.4.35.tgz",
-      "integrity": "sha512-yGOlbos+MVhlS5NWBF2HDNgblG8e2MY3+GigHEyR/dREAluvI5tuUUgie3/9XeqhPE4LF0i2wjlduh5thnfOqw==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.4.38.tgz",
+      "integrity": "sha512-afZzmUreU7vKwKsV17H1NDThEEmdYI+GCAK/KY1U957Ig2NATPVjCROv61R19fjZNzMmiU03n79OMnXyJVN0UA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.4.35",
-        "@vue/runtime-core": "3.4.35",
-        "@vue/shared": "3.4.35",
+        "@vue/reactivity": "3.4.38",
+        "@vue/runtime-core": "3.4.38",
+        "@vue/shared": "3.4.38",
         "csstype": "^3.1.3"
       }
     },
     "node_modules/@vue/server-renderer": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.4.35.tgz",
-      "integrity": "sha512-iZ0e/u9mRE4T8tNhlo0tbA+gzVkgv8r5BX6s1kRbOZqfpq14qoIvCZ5gIgraOmYkMYrSEZgkkojFPr+Nyq/Mnw==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.4.38.tgz",
+      "integrity": "sha512-NggOTr82FbPEkkUvBm4fTGcwUY8UuTsnWC/L2YZBmvaQ4C4Jl/Ao4HHTB+l7WnFCt5M/dN3l0XLuyjzswGYVCA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-ssr": "3.4.35",
-        "@vue/shared": "3.4.35"
+        "@vue/compiler-ssr": "3.4.38",
+        "@vue/shared": "3.4.38"
       },
       "peerDependencies": {
-        "vue": "3.4.35"
+        "vue": "3.4.38"
       }
     },
     "node_modules/@vue/shared": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.4.35.tgz",
-      "integrity": "sha512-hvuhBYYDe+b1G8KHxsQ0diDqDMA8D9laxWZhNAjE83VZb5UDaXl9Xnz7cGdDSyiHM90qqI/CyGMcpBpiDy6VVQ==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.4.38.tgz",
+      "integrity": "sha512-q0xCiLkuWWQLzVrecPb0RMsNWyxICOjPrcrwxTUEHb1fsnvni4dcuyG7RT/Ie7VPTvnjzIaWzRMUBsrqNj/hhw==",
       "license": "MIT"
     },
     "node_modules/@webassemblyjs/ast": {
@@ -3635,6 +5748,27 @@
         "node": ">=8"
       }
     },
+    "node_modules/array.prototype.findlast": {
+      "name": "@nolyfill/array.prototype.findlast",
+      "version": "1.0.24",
+      "resolved": "https://registry.npmjs.org/@nolyfill/array.prototype.findlast/-/array.prototype.findlast-1.0.24.tgz",
+      "integrity": "sha512-yFCyZLs0iNNubzYnBINcOCJAiGtusxiR2F1DnwkOB1HQbWXl/zltkDIWIXO3cJxhQdngDlmM4ysTfyAfoB297g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nolyfill/shared": "1.0.24"
+      },
+      "engines": {
+        "node": ">=12.4.0"
+      }
+    },
+    "node_modules/array.prototype.findlast/node_modules/@nolyfill/shared": {
+      "version": "1.0.24",
+      "resolved": "https://registry.npmjs.org/@nolyfill/shared/-/shared-1.0.24.tgz",
+      "integrity": "sha512-TGCpg3k5N7jj9AgU/1xFw9K1g4AC1vEE5ZFkW77oPNNLzprxT17PvFaNr/lr3BkkT5fJ5LNMntaTIq+pyWaeEA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/array.prototype.findlastindex": {
       "name": "@nolyfill/array.prototype.findlastindex",
       "version": "1.0.24",
@@ -3684,6 +5818,27 @@
         "node": ">=12.4.0"
       }
     },
+    "node_modules/array.prototype.tosorted": {
+      "name": "@nolyfill/array.prototype.tosorted",
+      "version": "1.0.24",
+      "resolved": "https://registry.npmjs.org/@nolyfill/array.prototype.tosorted/-/array.prototype.tosorted-1.0.24.tgz",
+      "integrity": "sha512-lVo8TVDqaslOaOvEH7iL7glu/WdlX7ZrB+7FZY4BL25hg8TLHvg3e9pxafCp8vAQ96IOL+tdgBdfeoC7qLeQYg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nolyfill/shared": "1.0.24"
+      },
+      "engines": {
+        "node": ">=12.4.0"
+      }
+    },
+    "node_modules/array.prototype.tosorted/node_modules/@nolyfill/shared": {
+      "version": "1.0.24",
+      "resolved": "https://registry.npmjs.org/@nolyfill/shared/-/shared-1.0.24.tgz",
+      "integrity": "sha512-TGCpg3k5N7jj9AgU/1xFw9K1g4AC1vEE5ZFkW77oPNNLzprxT17PvFaNr/lr3BkkT5fJ5LNMntaTIq+pyWaeEA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/as-table": {
       "version": "1.0.55",
       "resolved": "https://registry.npmjs.org/as-table/-/as-table-1.0.55.tgz",
@@ -3745,9 +5900,9 @@
       }
     },
     "node_modules/astring": {
-      "version": "1.8.6",
-      "resolved": "https://registry.npmjs.org/astring/-/astring-1.8.6.tgz",
-      "integrity": "sha512-ISvCdHdlTDlH5IpxQJIex7BWBywFWgjJSVdwst+/iQCoEYnyOaQ95+X1JGshuBjGp6nxKUy1jMgE3zPqN7fQdg==",
+      "version": "1.9.0",
+      "resolved": "https://registry.npmjs.org/astring/-/astring-1.9.0.tgz",
+      "integrity": "sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -3787,6 +5942,58 @@
         "deep-equal": "^2.0.5"
       }
     },
+    "node_modules/babel-plugin-polyfill-corejs2": {
+      "version": "0.4.11",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.11.tgz",
+      "integrity": "sha512-sMEJ27L0gRHShOh5G54uAAPaiCOygY/5ratXuiyb2G46FmlSpc9eFCzYVyDiPxfNbwzA7mYahmjQc5q+CZQ09Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/compat-data": "^7.22.6",
+        "@babel/helper-define-polyfill-provider": "^0.6.2",
+        "semver": "^6.3.1"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0"
+      }
+    },
+    "node_modules/babel-plugin-polyfill-corejs2/node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/babel-plugin-polyfill-corejs3": {
+      "version": "0.10.6",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.10.6.tgz",
+      "integrity": "sha512-b37+KR2i/khY5sKmWNVQAnitvquQbNdWy6lJdsr0kmquCKEEUgMKK4SboVM3HtfnZilfjr4MMQ7vY58FVWDtIA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-define-polyfill-provider": "^0.6.2",
+        "core-js-compat": "^3.38.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0"
+      }
+    },
+    "node_modules/babel-plugin-polyfill-regenerator": {
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.6.2.tgz",
+      "integrity": "sha512-2R25rQZWP63nGwaAswvDazbPXfrM3HwVoBXK6HcqeKrSrL/JqcC/rDcf95l4r7LXLyxDXc8uQDa064GubtCABg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-define-polyfill-provider": "^0.6.2"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0"
+      }
+    },
     "node_modules/balanced-match": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
@@ -3944,6 +6151,16 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/cac": {
       "version": "6.7.14",
       "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
@@ -3973,9 +6190,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001646",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001646.tgz",
-      "integrity": "sha512-dRg00gudiBDDTmUhClSdv3hqRfpbOnU28IpI1T6PBTLWa+kOj0681C8uML3PifYfREuBrVjDGhL3adYpBT6spw==",
+      "version": "1.0.30001653",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001653.tgz",
+      "integrity": "sha512-XGWQVB8wFQ2+9NZwZ10GxTYC5hk0Fa+q8cSkr0tgvMhYhMHP/QC+WTgrePMDBWiWc/pV+1ik82Al20XOK25Gcw==",
       "funding": [
         {
           "type": "opencollective",
@@ -4026,9 +6243,9 @@
       }
     },
     "node_modules/chart.js": {
-      "version": "4.4.3",
-      "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.4.3.tgz",
-      "integrity": "sha512-qK1gkGSRYcJzqrrzdR6a+I0vQ4/R+SoODXyAjscQ/4mzuNzySaMCd+hyVxitSY1+L2fjPD1Gbn+ibNqRmwQeLw==",
+      "version": "4.4.4",
+      "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.4.4.tgz",
+      "integrity": "sha512-emICKGBABnxhMjUjlYRR12PmOXhJ2eJjEHL2/dZlWjxRAZT1D8xplLFq5M0tMQK8ja+wBS/tuVEJB5C6r7VxJA==",
       "license": "MIT",
       "dependencies": {
         "@kurkle/color": "^0.3.0"
@@ -4328,14 +6545,21 @@
       "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
       "license": "MIT"
     },
+    "node_modules/convert-source-map": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz",
+      "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/core-js-compat": {
-      "version": "3.37.1",
-      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.1.tgz",
-      "integrity": "sha512-9TNiImhKvQqSUkOvk/mMRZzOANTiEVC7WaBNhHcKM7x+/5E1l5NvsysR19zuDQScE8k+kfQXWRN3AtS/eOSHpg==",
+      "version": "3.38.1",
+      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.38.1.tgz",
+      "integrity": "sha512-JRH6gfXxGmrzF3tZ57lFx97YARxCXPaMzPo6jELZhv88pBH5VXpQ+y0znKGlFnzuaihqhLbefxSJxWJMPtfDzw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "browserslist": "^4.23.0"
+        "browserslist": "^4.23.3"
       },
       "funding": {
         "type": "opencollective",
@@ -4547,9 +6771,9 @@
       "license": "MIT"
     },
     "node_modules/cytoscape": {
-      "version": "3.30.1",
-      "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.30.1.tgz",
-      "integrity": "sha512-TRJc3HbBPkHd50u9YfJh2FxD1lDLZ+JXnJoyBn5LkncoeuT7fapO/Hq/Ed8TdFclaKshzInge2i30bg7VKeoPQ==",
+      "version": "3.30.2",
+      "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.30.2.tgz",
+      "integrity": "sha512-oICxQsjW8uSaRmn4UK/jkczKOqTrVqt5/1WL0POiJUT2EKNc9STM4hYFHv917yu55aTBMFNRzymlJhVAiWPCxw==",
       "license": "MIT",
       "engines": {
         "node": ">=0.10"
@@ -5042,9 +7266,9 @@
       "license": "MIT"
     },
     "node_modules/dayjs": {
-      "version": "1.11.12",
-      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.12.tgz",
-      "integrity": "sha512-Rt2g+nTbLlDWZTwwrIXjy9MeiZmSDI375FvZs72ngxx8PDC6YXOeR3q5LAuPzjZQxhiWdRKac7RKV+YyQYfYIg==",
+      "version": "1.11.13",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.13.tgz",
+      "integrity": "sha512-oaMBel6gjolK862uaPQOVTA7q3TZhuSvuMQAAglQDOWYO9A91IrAOUJEyKVlqJlHE0vq5p5UXxzdPfMH/x6xNg==",
       "license": "MIT"
     },
     "node_modules/debug": {
@@ -5287,9 +7511,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.4",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.4.tgz",
-      "integrity": "sha512-orzA81VqLyIGUEA77YkVA1D+N+nNfl2isJVjjmOyrlxuooZ19ynb+dOlaDTqd/idKRS9lDCSBmtzM+kyCsMnkA==",
+      "version": "1.5.13",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.13.tgz",
+      "integrity": "sha512-lbBcvtIJ4J6sS4tb5TLp1b4LyfCdMkwStzXPyAgVgTRAsep4bvrAGaBOP7ZJtQMNJpSQ9SqG4brWOroNaQtm7Q==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -5601,18 +7825,19 @@
       }
     },
     "node_modules/eslint-import-resolver-typescript": {
-      "version": "3.6.1",
-      "resolved": "https://registry.npmjs.org/eslint-import-resolver-typescript/-/eslint-import-resolver-typescript-3.6.1.tgz",
-      "integrity": "sha512-xgdptdoi5W3niYeuQxKmzVDTATvLYqhpwmykwsh7f6HIOStGWEIL9iqZgQDF9u9OEzrRwR8no5q2VT+bjAujTg==",
+      "version": "3.6.3",
+      "resolved": "https://registry.npmjs.org/eslint-import-resolver-typescript/-/eslint-import-resolver-typescript-3.6.3.tgz",
+      "integrity": "sha512-ud9aw4szY9cCT1EWWdGv1L1XR6hh2PaRWif0j2QjQ0pgTY/69iw+W0Z4qZv5wHahOl8isEr+k/JnyAqNQkLkIA==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "debug": "^4.3.4",
-        "enhanced-resolve": "^5.12.0",
-        "eslint-module-utils": "^2.7.4",
-        "fast-glob": "^3.3.1",
-        "get-tsconfig": "^4.5.0",
-        "is-core-module": "^2.11.0",
+        "@nolyfill/is-core-module": "1.0.39",
+        "debug": "^4.3.5",
+        "enhanced-resolve": "^5.15.0",
+        "eslint-module-utils": "^2.8.1",
+        "fast-glob": "^3.3.2",
+        "get-tsconfig": "^4.7.5",
+        "is-bun-module": "^1.0.2",
         "is-glob": "^4.0.3"
       },
       "engines": {
@@ -5623,13 +7848,22 @@
       },
       "peerDependencies": {
         "eslint": "*",
-        "eslint-plugin-import": "*"
+        "eslint-plugin-import": "*",
+        "eslint-plugin-import-x": "*"
+      },
+      "peerDependenciesMeta": {
+        "eslint-plugin-import": {
+          "optional": true
+        },
+        "eslint-plugin-import-x": {
+          "optional": true
+        }
       }
     },
     "node_modules/eslint-module-utils": {
-      "version": "2.8.1",
-      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.8.1.tgz",
-      "integrity": "sha512-rXDXR3h7cs7dy9RNpUlQf80nX31XWJEyGq1tRMo+6GsO5VmTe4UTwtmonAD4ZkAsrfMVDA2wlGJ3790Ys+D49Q==",
+      "version": "2.8.2",
+      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.8.2.tgz",
+      "integrity": "sha512-3XnC5fDyc8M4J2E8pt8pmSVRX2M+5yWMCfI/kDZwauQeFgzQOuhcRBFKjTeJagqgk4sFKxe1mvNVnaWwImx/Tg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5815,9 +8049,9 @@
       }
     },
     "node_modules/eslint-plugin-escompat": {
-      "version": "3.11.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-escompat/-/eslint-plugin-escompat-3.11.0.tgz",
-      "integrity": "sha512-kSTb1wxBRW4aL43Yu23Ula5lSFd9KVVwxyZ4zkG2feBFoj/o4mmgqkN12DXYv3VclZ559ePpBG6b9UjAeYeUyA==",
+      "version": "3.11.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-escompat/-/eslint-plugin-escompat-3.11.1.tgz",
+      "integrity": "sha512-j/H70uveM+G9M0onQJOYM+h5trTjQfmBnhGzxAxwGrqARfgXwkfjs+SkvJ1j/a4ofyCIYpBQsGg7q+TowwPNmA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6352,9 +8586,9 @@
       }
     },
     "node_modules/eslint-plugin-no-only-tests": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-no-only-tests/-/eslint-plugin-no-only-tests-3.1.0.tgz",
-      "integrity": "sha512-Lf4YW/bL6Un1R6A76pRZyE1dl1vr31G/ev8UzIc/geCgFWyrKil8hVjYqWVKGB/UIGmb6Slzs9T0wNezdSVegw==",
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-no-only-tests/-/eslint-plugin-no-only-tests-3.3.0.tgz",
+      "integrity": "sha512-brcKcxGnISN2CcVhXJ/kEQlNa0MEfGRtwKtWA16SkqXHKitaKIMrfemJKLKX1YqDU5C/5JY3PvZXd5jEW04e0Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6433,6 +8667,117 @@
         }
       }
     },
+    "node_modules/eslint-plugin-react": {
+      "version": "7.35.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.35.0.tgz",
+      "integrity": "sha512-v501SSMOWv8gerHkk+IIQBkcGRGrO2nfybfj5pLxuJNFTPxxA3PSryhXTK+9pNbtkggheDdsC0E9Q8CuPk6JKA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "array-includes": "^3.1.8",
+        "array.prototype.findlast": "^1.2.5",
+        "array.prototype.flatmap": "^1.3.2",
+        "array.prototype.tosorted": "^1.1.4",
+        "doctrine": "^2.1.0",
+        "es-iterator-helpers": "^1.0.19",
+        "estraverse": "^5.3.0",
+        "hasown": "^2.0.2",
+        "jsx-ast-utils": "^2.4.1 || ^3.0.0",
+        "minimatch": "^3.1.2",
+        "object.entries": "^1.1.8",
+        "object.fromentries": "^2.0.8",
+        "object.values": "^1.2.0",
+        "prop-types": "^15.8.1",
+        "resolve": "^2.0.0-next.5",
+        "semver": "^6.3.1",
+        "string.prototype.matchall": "^4.0.11",
+        "string.prototype.repeat": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      },
+      "peerDependencies": {
+        "eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8 || ^9.7"
+      }
+    },
+    "node_modules/eslint-plugin-react-hooks": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-4.6.0.tgz",
+      "integrity": "sha512-oFc7Itz9Qxh2x4gNHStv3BqJq54ExXmfC+a1NjAta66IAN87Wu0R/QArgIS9qKzX3dXKPI9H5crl9QchNMY9+g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "peerDependencies": {
+        "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0"
+      }
+    },
+    "node_modules/eslint-plugin-react/node_modules/brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/eslint-plugin-react/node_modules/doctrine": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
+      "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "esutils": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/eslint-plugin-react/node_modules/minimatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/eslint-plugin-react/node_modules/resolve": {
+      "version": "2.0.0-next.5",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.5.tgz",
+      "integrity": "sha512-U7WjGVG9sH8tvjW5SmGbQuui75FiyjAX72HX15DwBBwF9dNiQZRQAg9nnPhYy+TUnE0+VcrttuvNI8oSxZcocA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-core-module": "^2.13.0",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      },
+      "bin": {
+        "resolve": "bin/resolve"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/eslint-plugin-react/node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
     "node_modules/eslint-plugin-regexp": {
       "version": "2.6.0",
       "resolved": "https://registry.npmjs.org/eslint-plugin-regexp/-/eslint-plugin-regexp-2.6.0.tgz",
@@ -6456,18 +8801,604 @@
       }
     },
     "node_modules/eslint-plugin-sonarjs": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-1.0.4.tgz",
-      "integrity": "sha512-jF0eGCUsq/HzMub4ExAyD8x1oEgjOyB9XVytYGyWgSFvdiJQJp6IuP7RmtauCf06o6N/kZErh+zW4b10y1WZ+Q==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-2.0.1.tgz",
+      "integrity": "sha512-hkiM2yJakXsEzdBhCzCvjd0DfdVL7w1JFSFYp08KEzlwu7SZtP5QKbDU7Hf8VI3Jkve3/py/yUGuT46+juSk6Q==",
       "dev": true,
       "license": "LGPL-3.0-only",
-      "engines": {
-        "node": ">=16"
+      "dependencies": {
+        "@babel/core": "7.24.3",
+        "@babel/eslint-parser": "7.24.1",
+        "@babel/plugin-proposal-decorators": "7.24.1",
+        "@babel/preset-env": "7.24.3",
+        "@babel/preset-flow": "7.24.1",
+        "@babel/preset-react": "7.24.1",
+        "@eslint-community/regexpp": "4.10.0",
+        "@types/eslint": "8.56.10",
+        "@typescript-eslint/eslint-plugin": "7.16.1",
+        "@typescript-eslint/utils": "^7.16.1",
+        "builtin-modules": "3.3.0",
+        "bytes": "3.1.2",
+        "eslint-plugin-import": "^2.29.1",
+        "eslint-plugin-jsx-a11y": "^6.8.0",
+        "eslint-plugin-react": "^7.35.0",
+        "eslint-plugin-react-hooks": "4.6.0",
+        "eslint-scope": "8.0.1",
+        "functional-red-black-tree": "1.0.1",
+        "jsx-ast-utils": "^3.3.5",
+        "minimatch": "^9.0.3",
+        "scslre": "0.3.0",
+        "semver": "7.6.0",
+        "typescript": "5.4.3",
+        "vue-eslint-parser": "9.4.3"
       },
       "peerDependencies": {
         "eslint": "^8.0.0 || ^9.0.0"
       }
     },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@eslint-community/regexpp": {
+      "version": "4.10.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz",
+      "integrity": "sha512-Cu96Sd2By9mCNTx2iyKOmq10v22jUVQv0lQnlGNy16oE9589yE+QADPbrMGCkA51cKZSg3Pu/aTJVTGfL/qjUA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^12.0.0 || ^14.0.0 || >=16.0.0"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@types/eslint": {
+      "version": "8.56.10",
+      "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.56.10.tgz",
+      "integrity": "sha512-Shavhk87gCtY2fhXDctcfS3e6FdxWkCx1iUZ9eEUbh7rTqlZT0/IzOkCOVt0fCjcFuZ9FPYfuezTBImfHCDBGQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "*",
+        "@types/json-schema": "*"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/eslint-plugin": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.16.1.tgz",
+      "integrity": "sha512-SxdPak/5bO0EnGktV05+Hq8oatjAYVY3Zh2bye9pGZy6+jwyR3LG3YKkV4YatlsgqXP28BTeVm9pqwJM96vf2A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@eslint-community/regexpp": "^4.10.0",
+        "@typescript-eslint/scope-manager": "7.16.1",
+        "@typescript-eslint/type-utils": "7.16.1",
+        "@typescript-eslint/utils": "7.16.1",
+        "@typescript-eslint/visitor-keys": "7.16.1",
+        "graphemer": "^1.4.0",
+        "ignore": "^5.3.1",
+        "natural-compare": "^1.4.0",
+        "ts-api-utils": "^1.3.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "@typescript-eslint/parser": "^7.0.0",
+        "eslint": "^8.56.0"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.16.1.tgz",
+      "integrity": "sha512-AQn9XqCzUXd4bAVEsAXM/Izk11Wx2u4H3BAfQVhSfzfDOm/wAON9nP7J5rpkCxts7E5TELmN845xTUCQrD1xIQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.16.1.tgz",
+      "integrity": "sha512-0vFPk8tMjj6apaAZ1HlwM8w7jbghC8jc1aRNJG5vN8Ym5miyhTQGMqU++kuBFDNKe9NcPeZ6x0zfSzV8xC1UlQ==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "@typescript-eslint/types": "7.16.1",
+        "@typescript-eslint/visitor-keys": "7.16.1",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-glob": "^4.0.3",
+        "minimatch": "^9.0.4",
+        "semver": "^7.6.0",
+        "ts-api-utils": "^1.3.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.16.1.tgz",
+      "integrity": "sha512-WrFM8nzCowV0he0RlkotGDujx78xudsxnGMBHI88l5J8wEhED6yBwaSLP99ygfrzAjsQvcYQ94quDwI0d7E1fA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@eslint-community/eslint-utils": "^4.4.0",
+        "@typescript-eslint/scope-manager": "7.16.1",
+        "@typescript-eslint/types": "7.16.1",
+        "@typescript-eslint/typescript-estree": "7.16.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^8.56.0"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/parser": {
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.18.0.tgz",
+      "integrity": "sha512-4Z+L8I2OqhZV8qA132M4wNL30ypZGYOQVBfMgxDH/K5UX0PNqTu1c6za9ST5r9+tavvHiTWmBnKzpCJ/GlVFtg==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "peer": true,
+      "dependencies": {
+        "@typescript-eslint/scope-manager": "7.18.0",
+        "@typescript-eslint/types": "7.18.0",
+        "@typescript-eslint/typescript-estree": "7.18.0",
+        "@typescript-eslint/visitor-keys": "7.18.0",
+        "debug": "^4.3.4"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^8.56.0"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.18.0.tgz",
+      "integrity": "sha512-jjhdIE/FPF2B7Z1uzc6i3oWKbGcHb87Qw7AWj6jmEqNOfDFbJWtjt/XfwCpvNkpGWlcJaog5vTR+VV8+w9JflA==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "@typescript-eslint/types": "7.18.0",
+        "@typescript-eslint/visitor-keys": "7.18.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.18.0.tgz",
+      "integrity": "sha512-cDF0/Gf81QpY3xYyJKDV14Zwdmid5+uuENhjH2EqFaF0ni+yAyq/LzMaIJdhNJXZI7uLzwIlA+V7oWoyn6Curg==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "@typescript-eslint/types": "7.18.0",
+        "eslint-visitor-keys": "^3.4.3"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/scope-manager": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.16.1.tgz",
+      "integrity": "sha512-nYpyv6ALte18gbMz323RM+vpFpTjfNdyakbf3nsLvF43uF9KeNC289SUEW3QLZ1xPtyINJ1dIsZOuWuSRIWygw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/types": "7.16.1",
+        "@typescript-eslint/visitor-keys": "7.16.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/scope-manager/node_modules/@typescript-eslint/types": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.16.1.tgz",
+      "integrity": "sha512-AQn9XqCzUXd4bAVEsAXM/Izk11Wx2u4H3BAfQVhSfzfDOm/wAON9nP7J5rpkCxts7E5TELmN845xTUCQrD1xIQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/type-utils": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.16.1.tgz",
+      "integrity": "sha512-rbu/H2MWXN4SkjIIyWcmYBjlp55VT+1G3duFOIukTNFxr9PI35pLc2ydwAfejCEitCv4uztA07q0QWanOHC7dA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/typescript-estree": "7.16.1",
+        "@typescript-eslint/utils": "7.16.1",
+        "debug": "^4.3.4",
+        "ts-api-utils": "^1.3.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^8.56.0"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.16.1.tgz",
+      "integrity": "sha512-AQn9XqCzUXd4bAVEsAXM/Izk11Wx2u4H3BAfQVhSfzfDOm/wAON9nP7J5rpkCxts7E5TELmN845xTUCQrD1xIQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.16.1.tgz",
+      "integrity": "sha512-0vFPk8tMjj6apaAZ1HlwM8w7jbghC8jc1aRNJG5vN8Ym5miyhTQGMqU++kuBFDNKe9NcPeZ6x0zfSzV8xC1UlQ==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "@typescript-eslint/types": "7.16.1",
+        "@typescript-eslint/visitor-keys": "7.16.1",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-glob": "^4.0.3",
+        "minimatch": "^9.0.4",
+        "semver": "^7.6.0",
+        "ts-api-utils": "^1.3.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.16.1.tgz",
+      "integrity": "sha512-WrFM8nzCowV0he0RlkotGDujx78xudsxnGMBHI88l5J8wEhED6yBwaSLP99ygfrzAjsQvcYQ94quDwI0d7E1fA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@eslint-community/eslint-utils": "^4.4.0",
+        "@typescript-eslint/scope-manager": "7.16.1",
+        "@typescript-eslint/types": "7.16.1",
+        "@typescript-eslint/typescript-estree": "7.16.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^8.56.0"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/types": {
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.18.0.tgz",
+      "integrity": "sha512-iZqi+Ds1y4EDYUtlOOC+aUmxnE9xS/yCigkjA7XpTKV6nCBd3Hp/PRGGmdwnfkV2ThMyYldP1wRpm/id99spTQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/typescript-estree": {
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.18.0.tgz",
+      "integrity": "sha512-aP1v/BSPnnyhMHts8cf1qQ6Q1IFwwRvAQGRvBFkWlo3/lH29OXA3Pts+c10nxRxIBrDnoMqzhgdwVe5f2D6OzA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "@typescript-eslint/types": "7.18.0",
+        "@typescript-eslint/visitor-keys": "7.18.0",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-glob": "^4.0.3",
+        "minimatch": "^9.0.4",
+        "semver": "^7.6.0",
+        "ts-api-utils": "^1.3.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/typescript-estree/node_modules/@typescript-eslint/visitor-keys": {
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.18.0.tgz",
+      "integrity": "sha512-cDF0/Gf81QpY3xYyJKDV14Zwdmid5+uuENhjH2EqFaF0ni+yAyq/LzMaIJdhNJXZI7uLzwIlA+V7oWoyn6Curg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/types": "7.18.0",
+        "eslint-visitor-keys": "^3.4.3"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/utils": {
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.18.0.tgz",
+      "integrity": "sha512-kK0/rNa2j74XuHVcoCZxdFBMF+aq/vH83CXAOHieC+2Gis4mF8jJXT5eAfyD3K0sAxtPuwxaIOIOvhwzVDt/kw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@eslint-community/eslint-utils": "^4.4.0",
+        "@typescript-eslint/scope-manager": "7.18.0",
+        "@typescript-eslint/types": "7.18.0",
+        "@typescript-eslint/typescript-estree": "7.18.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^8.56.0"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager": {
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.18.0.tgz",
+      "integrity": "sha512-jjhdIE/FPF2B7Z1uzc6i3oWKbGcHb87Qw7AWj6jmEqNOfDFbJWtjt/XfwCpvNkpGWlcJaog5vTR+VV8+w9JflA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/types": "7.18.0",
+        "@typescript-eslint/visitor-keys": "7.18.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys": {
+      "version": "7.18.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.18.0.tgz",
+      "integrity": "sha512-cDF0/Gf81QpY3xYyJKDV14Zwdmid5+uuENhjH2EqFaF0ni+yAyq/LzMaIJdhNJXZI7uLzwIlA+V7oWoyn6Curg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/types": "7.18.0",
+        "eslint-visitor-keys": "^3.4.3"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/visitor-keys": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.16.1.tgz",
+      "integrity": "sha512-Qlzzx4sE4u3FsHTPQAAQFJFNOuqtuY0LFrZHwQ8IHK705XxBiWOFkfKRWu6niB7hwfgnwIpO4jTC75ozW1PHWg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/types": "7.16.1",
+        "eslint-visitor-keys": "^3.4.3"
+      },
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/@typescript-eslint/visitor-keys/node_modules/@typescript-eslint/types": {
+      "version": "7.16.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.16.1.tgz",
+      "integrity": "sha512-AQn9XqCzUXd4bAVEsAXM/Izk11Wx2u4H3BAfQVhSfzfDOm/wAON9nP7J5rpkCxts7E5TELmN845xTUCQrD1xIQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || >=20.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/eslint-scope": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.0.1.tgz",
+      "integrity": "sha512-pL8XjgP4ZOmmwfFE8mEhSxA7ZY4C+LWyqjQ3o4yWkkmD0qcMT9kkW3zWHOczhWcjTSgqycYAgwSlXvZltv65og==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "esrecurse": "^4.3.0",
+        "estraverse": "^5.2.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/eslint-visitor-keys": {
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
+      "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/minimatch": {
+      "version": "9.0.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
+      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/semver": {
+      "version": "7.6.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz",
+      "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "lru-cache": "^6.0.0"
+      },
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/typescript": {
+      "version": "5.4.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.3.tgz",
+      "integrity": "sha512-KrPd3PKaCLr78MalgiwJnA25Nm8HAmdwN3mYUYZgG/wizIo9EainNVQI9/yDavtVFRN2h3k8uf3GLHuhDMgEHg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/eslint-plugin-sonarjs/node_modules/yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
+      "dev": true,
+      "license": "ISC"
+    },
     "node_modules/eslint-plugin-unicorn": {
       "version": "55.0.0",
       "resolved": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-55.0.0.tgz",
@@ -6515,6 +9446,19 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/eslint-plugin-unicorn/node_modules/jsesc": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz",
+      "integrity": "sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "jsesc": "bin/jsesc"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/eslint-plugin-vitest": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/eslint-plugin-vitest/-/eslint-plugin-vitest-0.4.1.tgz",
@@ -6729,9 +9673,9 @@
       }
     },
     "node_modules/eslint-plugin-wc": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-2.1.0.tgz",
-      "integrity": "sha512-s/BGOtmpgQ2yifR6EC1OM9t0DwYLgg4ZAL07Kw4eXvBb5TYaPafI+65tswvnZvhH8FqcjERLbBZPPvYsvinkfg==",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-2.1.1.tgz",
+      "integrity": "sha512-GfJo05ZgWfwAFbW6Gkf+9CMOIU6fmbd3b4nm+PKESHgUdUTmi7vawlELCrzOhdiQjXUPZxDfFIVxYt9D/v/GdQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7160,9 +10104,9 @@
       "license": "ISC"
     },
     "node_modules/foreground-child": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.2.1.tgz",
-      "integrity": "sha512-PXUUyLqrR2XCWICfv6ukppP96sdFwWbNEnfEMt7jNsISjMsvaLNinAHNDYyvkyU+SZG2BTSbT5NjG+vZslfGTA==",
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.0.tgz",
+      "integrity": "sha512-Ld2g8rrAyMYFXBhEqMz8ZAHBi4J4uS1i/CxGMDnjyFWddMXLVcDp051DZfu+t7+ab7Wv6SMqpWmyFIj5UbfFvg==",
       "license": "ISC",
       "dependencies": {
         "cross-spawn": "^7.0.0",
@@ -7210,6 +10154,23 @@
         "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
       }
     },
+    "node_modules/functional-red-black-tree": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
+      "integrity": "sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/gensync": {
+      "version": "1.0.0-beta.2",
+      "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz",
+      "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
     "node_modules/get-caller-file": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
@@ -7496,9 +10457,9 @@
       }
     },
     "node_modules/happy-dom": {
-      "version": "14.12.3",
-      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-14.12.3.tgz",
-      "integrity": "sha512-vsYlEs3E9gLwA1Hp+w3qzu+RUDFf4VTT8cyKqVICoZ2k7WM++Qyd2LwzyTi5bqMJFiIC/vNpTDYuxdreENRK/g==",
+      "version": "15.3.1",
+      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-15.3.1.tgz",
+      "integrity": "sha512-3nwi8abkBUHzdq/6UhseErN6b6J1obWZFl5XKKMUEp+OL4Vq7AIiLSVDmXQp83qykJHjhdrBxsae3CTA5nB36A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7507,7 +10468,7 @@
         "whatwg-mimetype": "^3.0.0"
       },
       "engines": {
-        "node": ">=16.0.0"
+        "node": ">=18.0.0"
       }
     },
     "node_modules/has-flag": {
@@ -7589,7 +10550,8 @@
     "node_modules/htmx.org": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-2.0.2.tgz",
-      "integrity": "sha512-eUPIpQaWKKstX393XNCRCMJTrqPzikh36Y9RceqsUZLTtlFjFaVDgwZLUsrFk8J2uzZxkkfiy0TE359j2eN6hA=="
+      "integrity": "sha512-eUPIpQaWKKstX393XNCRCMJTrqPzikh36Y9RceqsUZLTtlFjFaVDgwZLUsrFk8J2uzZxkkfiy0TE359j2eN6hA==",
+      "license": "0BSD"
     },
     "node_modules/human-signals": {
       "version": "5.0.0",
@@ -7652,9 +10614,9 @@
       "license": "BSD-3-Clause"
     },
     "node_modules/ignore": {
-      "version": "5.3.1",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz",
-      "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==",
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -7806,6 +10768,16 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/is-bun-module": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/is-bun-module/-/is-bun-module-1.1.0.tgz",
+      "integrity": "sha512-4mTAVPlrXpaN3jtF0lsnPCMGnq4+qZjVIKq0HCpfcqf8OC1SM5oATCIAPM5V5FN05qp2NNnFndphmdZS9CV3hA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.6.3"
+      }
+    },
     "node_modules/is-core-module": {
       "name": "@nolyfill/is-core-module",
       "version": "1.0.39",
@@ -8040,10 +11012,9 @@
       "license": "MIT"
     },
     "node_modules/js-tokens": {
-      "version": "9.0.0",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.0.tgz",
-      "integrity": "sha512-WriZw1luRMlmV3LGJaR6QOJjWwgLUTf89OwT2lUOyjX2dJGBwgmIkbcz+7WFZjrZM635JOIR517++e/67CP9dQ==",
-      "dev": true,
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
       "license": "MIT"
     },
     "node_modules/js-types": {
@@ -8069,9 +11040,9 @@
       }
     },
     "node_modules/jsdoc-type-pratt-parser": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/jsdoc-type-pratt-parser/-/jsdoc-type-pratt-parser-4.0.0.tgz",
-      "integrity": "sha512-YtOli5Cmzy3q4dP26GraSOeAhqecewG04hoO8DY56CH4KJ9Fvv5qKWUCCo3HZob7esJQHCv6/+bnTy72xZZaVQ==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/jsdoc-type-pratt-parser/-/jsdoc-type-pratt-parser-4.1.0.tgz",
+      "integrity": "sha512-Hicd6JK5Njt2QB6XYFS7ok9e37O8AYk3jTcppG4YVQnYjOemymvTcmc7OWsmq/Qqj5TdRFO5/x/tIPmBeRtGHg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -8089,16 +11060,16 @@
       }
     },
     "node_modules/jsesc": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz",
-      "integrity": "sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==",
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
+      "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==",
       "dev": true,
       "license": "MIT",
       "bin": {
         "jsesc": "bin/jsesc"
       },
       "engines": {
-        "node": ">=6"
+        "node": ">=4"
       }
     },
     "node_modules/json-buffer": {
@@ -8469,6 +11440,13 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/lodash.debounce": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz",
+      "integrity": "sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/lodash.kebabcase": {
       "version": "4.1.1",
       "resolved": "https://registry.npmjs.org/lodash.kebabcase/-/lodash.kebabcase-4.1.1.tgz",
@@ -8537,6 +11515,19 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/loose-envify": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
+      "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "js-tokens": "^3.0.0 || ^4.0.0"
+      },
+      "bin": {
+        "loose-envify": "cli.js"
+      }
+    },
     "node_modules/loupe": {
       "version": "3.1.1",
       "resolved": "https://registry.npmjs.org/loupe/-/loupe-3.1.1.tgz",
@@ -8558,10 +11549,14 @@
       }
     },
     "node_modules/lru-cache": {
-      "version": "10.4.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
-      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
-      "license": "ISC"
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
+      "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "yallist": "^3.0.2"
+      }
     },
     "node_modules/magic-string": {
       "version": "0.25.9",
@@ -8807,6 +11802,7 @@
       "version": "4.0.8",
       "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
       "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
+      "license": "MIT",
       "dependencies": {
         "braces": "^3.0.3",
         "picomatch": "^2.3.1"
@@ -8860,9 +11856,9 @@
       }
     },
     "node_modules/mini-css-extract-plugin": {
-      "version": "2.9.0",
-      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.0.tgz",
-      "integrity": "sha512-Zs1YsZVfemekSZG+44vBsYTLQORkPMwnlv+aehcxK/NLKC+EGhDB39/YePYYqx/sTk6NnYpuqikhSn7+JIevTA==",
+      "version": "2.9.1",
+      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.1.tgz",
+      "integrity": "sha512-+Vyi+GCCOHnrJ2VPS+6aPoXN2k2jgUzDRhTFLjjTBn23qyXJXkjUWQgTL+mXpF5/A8ixLdCc6kWsoeOjKGejKQ==",
       "license": "MIT",
       "dependencies": {
         "schema-utils": "^4.0.0",
@@ -8914,9 +11910,9 @@
       }
     },
     "node_modules/monaco-editor": {
-      "version": "0.50.0",
-      "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.50.0.tgz",
-      "integrity": "sha512-8CclLCmrRRh+sul7C08BmPBP3P8wVWfBHomsTcndxg5NRCEPfu/mc2AGU8k37ajjDVXcXFc12ORAMUkmk+lkFA==",
+      "version": "0.51.0",
+      "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.51.0.tgz",
+      "integrity": "sha512-xaGwVV1fq343cM7aOYB6lVE4Ugf0UyimdD/x5PWcWBMKENwectaEu77FAN7c5sFiyumqeJdX1RPTh1ocioyDjw==",
       "license": "MIT"
     },
     "node_modules/monaco-editor-webpack-plugin": {
@@ -9187,6 +12183,20 @@
         "node": ">=12.4.0"
       }
     },
+    "node_modules/object.entries": {
+      "name": "@nolyfill/object.entries",
+      "version": "1.0.28",
+      "resolved": "https://registry.npmjs.org/@nolyfill/object.entries/-/object.entries-1.0.28.tgz",
+      "integrity": "sha512-2t4PayP6Sx7Z20HJjcf8XhhPBO8/H31bwMdP0yEdDcxSXeEhl90Ibb9E3XKzSlcsGf43nXyfabHNrnfvdWE4Ng==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nolyfill/shared": "1.0.28"
+      },
+      "engines": {
+        "node": ">=12.4.0"
+      }
+    },
     "node_modules/object.fromentries": {
       "name": "@nolyfill/object.fromentries",
       "version": "1.0.28",
@@ -9411,6 +12421,12 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
+    "node_modules/path-scurry/node_modules/lru-cache": {
+      "version": "10.4.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
+      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
+      "license": "ISC"
+    },
     "node_modules/path-type": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
@@ -9545,13 +12561,13 @@
       }
     },
     "node_modules/playwright": {
-      "version": "1.45.3",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.45.3.tgz",
-      "integrity": "sha512-QhVaS+lpluxCaioejDZ95l4Y4jSFCsBvl2UZkpeXlzxmqS+aABr5c82YmfMHrL6x27nvrvykJAFpkzT2eWdJww==",
+      "version": "1.46.1",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.46.1.tgz",
+      "integrity": "sha512-oPcr1yqoXLCkgKtD5eNUPLiN40rYEM39odNpIb6VE6S7/15gJmA1NzVv6zJYusV0e7tzvkU/utBFNa/Kpxmwng==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.45.3"
+        "playwright-core": "1.46.1"
       },
       "bin": {
         "playwright": "cli.js"
@@ -9564,9 +12580,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.45.3",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.45.3.tgz",
-      "integrity": "sha512-+ym0jNbcjikaOwwSZycFbwkWgfruWvYlJfThKYAlImbxUgdWFO2oW70ojPm4OpE4t6TAo2FY/smM+hpVTtkhDA==",
+      "version": "1.46.1",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.46.1.tgz",
+      "integrity": "sha512-h9LqIQaAv+CYvWzsZ+h3RsrqCStkBHlgo6/TJlFst3cOTlLghBQlJwPOZKQJTKNaD3QIB7aAVQ+gfWbN3NXB7A==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
@@ -9613,9 +12629,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.4.40",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.40.tgz",
-      "integrity": "sha512-YF2kKIUzAofPMpfH6hOi2cGnv/HrUlfucspc7pDyvv7kGdqXrfj8SCl/t8owkEgKEuu8ZcRjSOxFxVLqwChZ2Q==",
+      "version": "8.4.41",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.41.tgz",
+      "integrity": "sha512-TesUflQ0WKZqAvg52PWL6kHgLKP6xB6heTOdoYM0Wt2UHyxNa4K25EZZMgKns3BH1RLVbZCREPpLY0rhnNoHVQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -9656,6 +12672,13 @@
         "node": "^12 || >=14"
       }
     },
+    "node_modules/postcss-html/node_modules/js-tokens": {
+      "version": "9.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.0.tgz",
+      "integrity": "sha512-WriZw1luRMlmV3LGJaR6QOJjWwgLUTf89OwT2lUOyjX2dJGBwgmIkbcz+7WFZjrZM635JOIR517++e/67CP9dQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/postcss-import": {
       "version": "15.1.0",
       "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz",
@@ -9855,9 +12878,9 @@
       }
     },
     "node_modules/postcss-nesting": {
-      "version": "12.1.5",
-      "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-12.1.5.tgz",
-      "integrity": "sha512-N1NgI1PDCiAGWPTYrwqm8wpjv0bgDmkYHH72pNsqTCv9CObxjxftdYu6AKtGN+pnJa7FQjMm3v4sp8QJbFsYdQ==",
+      "version": "13.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-13.0.0.tgz",
+      "integrity": "sha512-TCGQOizyqvEkdeTPM+t6NYwJ3EJszYE/8t8ILxw/YoeUvz2rz7aM8XTAmBWh9/DJjfaaabL88fWrsVHSPF2zgA==",
       "funding": [
         {
           "type": "github",
@@ -9870,21 +12893,21 @@
       ],
       "license": "MIT-0",
       "dependencies": {
-        "@csstools/selector-resolve-nested": "^1.1.0",
-        "@csstools/selector-specificity": "^3.1.1",
+        "@csstools/selector-resolve-nested": "^2.0.0",
+        "@csstools/selector-specificity": "^4.0.0",
         "postcss-selector-parser": "^6.1.0"
       },
       "engines": {
-        "node": "^14 || ^16 || >=18"
+        "node": ">=18"
       },
       "peerDependencies": {
         "postcss": "^8.4"
       }
     },
     "node_modules/postcss-resolve-nested-selector": {
-      "version": "0.1.4",
-      "resolved": "https://registry.npmjs.org/postcss-resolve-nested-selector/-/postcss-resolve-nested-selector-0.1.4.tgz",
-      "integrity": "sha512-R6vHqZWgVnTAPq0C+xjyHfEZqfIYboCBVSy24MjxEDm+tIh1BU4O6o7DP7AA7kHzf136d+Qc5duI4tlpHjixDw==",
+      "version": "0.1.6",
+      "resolved": "https://registry.npmjs.org/postcss-resolve-nested-selector/-/postcss-resolve-nested-selector-0.1.6.tgz",
+      "integrity": "sha512-0sglIs9Wmkzbr8lQwEyIzlDOOC9bGmfVKcJTaxv3vMmd3uo4o4DerC3En0bnmgceeql9BfC8hRkp7cg0fjdVqw==",
       "dev": true,
       "license": "MIT"
     },
@@ -9933,9 +12956,9 @@
       }
     },
     "node_modules/postcss-selector-parser": {
-      "version": "6.1.1",
-      "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.1.tgz",
-      "integrity": "sha512-b4dlw/9V8A71rLIDsSwVmak9z2DuBUB7CA1/wSdelNEzqsjoSPeADTWNO09lpH49Diy3/JIZ2bSPB1dI3LJCHg==",
+      "version": "6.1.2",
+      "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz",
+      "integrity": "sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==",
       "license": "MIT",
       "dependencies": {
         "cssesc": "^3.0.0",
@@ -10017,6 +13040,18 @@
       "dev": true,
       "license": "Unlicense"
     },
+    "node_modules/prop-types": {
+      "version": "15.8.1",
+      "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz",
+      "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "loose-envify": "^1.4.0",
+        "object-assign": "^4.1.1",
+        "react-is": "^16.13.1"
+      }
+    },
     "node_modules/proto-props": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/proto-props/-/proto-props-2.0.0.tgz",
@@ -10075,6 +13110,13 @@
         "safe-buffer": "^5.1.0"
       }
     },
+    "node_modules/react-is": {
+      "version": "16.13.1",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz",
+      "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/read-cache": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz",
@@ -10231,12 +13273,42 @@
         "node": "^12.0.0 || ^14.0.0 || >=16.0.0"
       }
     },
+    "node_modules/regenerate": {
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz",
+      "integrity": "sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/regenerate-unicode-properties": {
+      "version": "10.1.1",
+      "resolved": "https://registry.npmjs.org/regenerate-unicode-properties/-/regenerate-unicode-properties-10.1.1.tgz",
+      "integrity": "sha512-X007RyZLsCJVVrjgEFVpLUTZwyOZk3oiL75ZcuYjlIWd6rNJtOjkBwQc5AsRrpbKVkxN6sklw/k/9m2jJYOf8Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "regenerate": "^1.4.2"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/regenerator-runtime": {
       "version": "0.14.1",
       "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.1.tgz",
       "integrity": "sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==",
       "license": "MIT"
     },
+    "node_modules/regenerator-transform": {
+      "version": "0.15.2",
+      "resolved": "https://registry.npmjs.org/regenerator-transform/-/regenerator-transform-0.15.2.tgz",
+      "integrity": "sha512-hfMp2BoF0qOk3uc5V20ALGDS2ddjQaLrdl7xrGXvAIow7qeWRM2VA2HuCHkUKk9slq3VwEwLNK3DFBqDfPGYtg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/runtime": "^7.8.4"
+      }
+    },
     "node_modules/regexp-ast-analysis": {
       "version": "0.7.1",
       "resolved": "https://registry.npmjs.org/regexp-ast-analysis/-/regexp-ast-analysis-0.7.1.tgz",
@@ -10261,6 +13333,46 @@
         "regexp-tree": "bin/regexp-tree"
       }
     },
+    "node_modules/regexpu-core": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-5.3.2.tgz",
+      "integrity": "sha512-RAM5FlZz+Lhmo7db9L298p2vHP5ZywrVXmVXpmAD9GuL5MPH6t9ROw1iA/wfHkQ76Qe7AaPF0nGuim96/IrQMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/regjsgen": "^0.8.0",
+        "regenerate": "^1.4.2",
+        "regenerate-unicode-properties": "^10.1.0",
+        "regjsparser": "^0.9.1",
+        "unicode-match-property-ecmascript": "^2.0.0",
+        "unicode-match-property-value-ecmascript": "^2.1.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/regexpu-core/node_modules/jsesc": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz",
+      "integrity": "sha512-uZz5UnB7u4T9LvwmFqXii7pZSouaRPorGs5who1Ip7VO0wxanFvBL7GkM6dTHlgX+jhBApRetaWpnDabOeTcnA==",
+      "dev": true,
+      "bin": {
+        "jsesc": "bin/jsesc"
+      }
+    },
+    "node_modules/regexpu-core/node_modules/regjsparser": {
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.9.1.tgz",
+      "integrity": "sha512-dQUtn90WanSNl+7mQKcXAgZxvUe7Z0SqXlgzv0za4LwiUhyzBC58yQO3liFoUgu8GiJVInAhJjkj1N0EtQ5nkQ==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "jsesc": "~0.5.0"
+      },
+      "bin": {
+        "regjsparser": "bin/parser"
+      }
+    },
     "node_modules/regjsparser": {
       "version": "0.10.0",
       "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz",
@@ -10704,9 +13816,9 @@
       }
     },
     "node_modules/solid-js": {
-      "version": "1.8.19",
-      "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.8.19.tgz",
-      "integrity": "sha512-h8z/TvTQYsf894LM9Iau/ZW2iAKrCzAWDwjPhMcXnonmW1OIIihc28wp82b1wwei1p81fH5+gnfNOe8RzLbDRQ==",
+      "version": "1.8.22",
+      "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.8.22.tgz",
+      "integrity": "sha512-VBzN5j+9Y4rqIKEnK301aBk+S7fvFSTs9ljg+YEdFxjNjH0hkjXPiQRcws9tE5fUzMznSS6KToL5hwMfHDgpLA==",
       "license": "MIT",
       "dependencies": {
         "csstype": "^3.1.0",
@@ -10822,9 +13934,9 @@
       }
     },
     "node_modules/spdx-license-ids": {
-      "version": "3.0.18",
-      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.18.tgz",
-      "integrity": "sha512-xxRs31BqRYHwiMzudOrpSiHtZ8i/GeionCBDSilhYRj+9gIcI8wCZTlXZKu9vZIVqViP3dcp9qE5G6AlIaD+TQ==",
+      "version": "3.0.20",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.20.tgz",
+      "integrity": "sha512-jg25NiDV/1fLtSgEgyvVyDunvaNHbuwF9lfNV17gSmPFAlYzdfNBlLtLzXTevwkPj7DhGbmN9VnmJIgLnhvaBw==",
       "license": "CC0-1.0"
     },
     "node_modules/spdx-ranges": {
@@ -10924,6 +14036,34 @@
         "node": ">=12.4.0"
       }
     },
+    "node_modules/string.prototype.matchall": {
+      "name": "@nolyfill/string.prototype.matchall",
+      "version": "1.0.28",
+      "resolved": "https://registry.npmjs.org/@nolyfill/string.prototype.matchall/-/string.prototype.matchall-1.0.28.tgz",
+      "integrity": "sha512-k74WKi7WmtRV847QWlY1ndg6XU1loeAyO9+NVoXrd7RL5lEjBtovp4CPZkifipBMBrZrZu2WwrQqkGrvLNZYpw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nolyfill/shared": "1.0.28"
+      },
+      "engines": {
+        "node": ">=12.4.0"
+      }
+    },
+    "node_modules/string.prototype.repeat": {
+      "name": "@nolyfill/string.prototype.repeat",
+      "version": "1.0.28",
+      "resolved": "https://registry.npmjs.org/@nolyfill/string.prototype.repeat/-/string.prototype.repeat-1.0.28.tgz",
+      "integrity": "sha512-8ww39xe0r4qki8HwAaXTRamO0KpkHHyYoG+PCOFGaBZ8rrlAKcGQcJhu5aB2axauggqsnUfU25j5snEC0aJvYg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nolyfill/shared": "1.0.28"
+      },
+      "engines": {
+        "node": ">=12.4.0"
+      }
+    },
     "node_modules/strip-ansi": {
       "version": "6.0.1",
       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
@@ -11112,6 +14252,96 @@
         "stylelint": ">=16"
       }
     },
+    "node_modules/stylelint/node_modules/@csstools/css-parser-algorithms": {
+      "version": "2.7.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-2.7.1.tgz",
+      "integrity": "sha512-2SJS42gxmACHgikc1WGesXLIT8d/q2l0UFM7TaEeIzdFCE/FPMtTiizcPGGJtlPo2xuQzY09OhrLTzRxqJqwGw==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": "^14 || ^16 || >=18"
+      },
+      "peerDependencies": {
+        "@csstools/css-tokenizer": "^2.4.1"
+      }
+    },
+    "node_modules/stylelint/node_modules/@csstools/css-tokenizer": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-2.4.1.tgz",
+      "integrity": "sha512-eQ9DIktFJBhGjioABJRtUucoWR2mwllurfnM8LuNGAqX3ViZXaUchqk+1s7jjtkFiT9ySdACsFEA3etErkALUg==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": "^14 || ^16 || >=18"
+      }
+    },
+    "node_modules/stylelint/node_modules/@csstools/media-query-list-parser": {
+      "version": "2.1.13",
+      "resolved": "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-2.1.13.tgz",
+      "integrity": "sha512-XaHr+16KRU9Gf8XLi3q8kDlI18d5vzKSKCY510Vrtc9iNR0NJzbY9hhTmwhzYZj/ZwGL4VmB3TA9hJW0Um2qFA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": "^14 || ^16 || >=18"
+      },
+      "peerDependencies": {
+        "@csstools/css-parser-algorithms": "^2.7.1",
+        "@csstools/css-tokenizer": "^2.4.1"
+      }
+    },
+    "node_modules/stylelint/node_modules/@csstools/selector-specificity": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-3.1.1.tgz",
+      "integrity": "sha512-a7cxGcJ2wIlMFLlh8z2ONm+715QkPHiyJcxwQlKOz/03GPw1COpfhcmC9wm4xlZfp//jWHNNMwzjtqHXVWU9KA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT-0",
+      "engines": {
+        "node": "^14 || ^16 || >=18"
+      },
+      "peerDependencies": {
+        "postcss-selector-parser": "^6.0.13"
+      }
+    },
     "node_modules/stylelint/node_modules/ansi-regex": {
       "version": "6.0.1",
       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
@@ -11133,9 +14363,9 @@
       "license": "MIT"
     },
     "node_modules/stylelint/node_modules/file-entry-cache": {
-      "version": "9.0.0",
-      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-9.0.0.tgz",
-      "integrity": "sha512-6MgEugi8p2tiUhqO7GnPsmbCCzj0YRCwwaTbpGRyKZesjRSzkqkAE9fPp7V2yMs5hwfgbQLgdvSSkGNg1s5Uvw==",
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-9.1.0.tgz",
+      "integrity": "sha512-/pqPFG+FdxWQj+/WSuzXSDaNzxgTLr/OrR1QuqfEZzDakpdYE70PwUxL7BPUa8hpjbvY1+qvCl8k+8Tq34xJgg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11213,9 +14443,9 @@
       }
     },
     "node_modules/stylis": {
-      "version": "4.3.2",
-      "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.3.2.tgz",
-      "integrity": "sha512-bhtUjWd/z6ltJiQwg0dUfxEJ+W+jdqQd8TbWLWyeIJHlnsqmGLRFFd8e5mA0AZi/zx90smXRlN66YMTcaSFifg==",
+      "version": "4.3.4",
+      "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.3.4.tgz",
+      "integrity": "sha512-osIBl6BGUmSfDkyH2mB7EFvCJntXDrLhKjHTRj/rK6xLH0yuPrHULDRQzKokSOD4VoorhtKpfcfW1GAntu8now==",
       "license": "MIT"
     },
     "node_modules/stylus": {
@@ -11334,9 +14564,9 @@
       }
     },
     "node_modules/supports-hyperlinks": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-3.0.0.tgz",
-      "integrity": "sha512-QBDPHyPQDRTy9ku4URNGY5Lah8PAaXs6tAAwp55sL5WCsSW7GIfdf6W5ixfziW+t7wh3GVvHyHHyQ1ESsoRvaA==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-3.1.0.tgz",
+      "integrity": "sha512-2rn0BZ+/f7puLOHZm1HOJfwBggfaHXUpPUSSG/SWM4TWp5KCfmNYwnC3hruy2rZlMnmWZ+QAGpZfchu3f3695A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11345,6 +14575,9 @@
       },
       "engines": {
         "node": ">=14.18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
       }
     },
     "node_modules/supports-preserve-symlinks-flag": {
@@ -11466,9 +14699,9 @@
       }
     },
     "node_modules/tailwindcss": {
-      "version": "3.4.7",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.7.tgz",
-      "integrity": "sha512-rxWZbe87YJb4OcSopb7up2Ba4U82BoiSGUdoDr3Ydrg9ckxFS/YWsvhN323GMcddgU65QRy7JndC7ahhInhvlQ==",
+      "version": "3.4.10",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.10.tgz",
+      "integrity": "sha512-KWZkVPm7yJRhdu4SRSl9d4AK2wM3a50UsvgHZO7xY77NQr2V+fIrEuoDGQcbvswWvFGbS2f6e+jC/6WJm1Dl0w==",
       "license": "MIT",
       "dependencies": {
         "@alloc/quick-lru": "^5.2.0",
@@ -11527,9 +14760,9 @@
       "license": "ISC"
     },
     "node_modules/terser": {
-      "version": "5.31.3",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.31.3.tgz",
-      "integrity": "sha512-pAfYn3NIZLyZpa83ZKigvj6Rn9c/vd5KfYGX7cN1mnzqgDcxWvrU5ZtAfIKhEXz9nRecw4z3LXkjaq96/qZqAA==",
+      "version": "5.31.6",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.31.6.tgz",
+      "integrity": "sha512-PQ4DAriWzKj+qgehQ7LK5bQqCFNMmlhjR2PFFLuqGCpuCAauxemVBWwWOxo3UIwWQx8+Pr61Df++r76wDmkQBg==",
       "license": "BSD-2-Clause",
       "dependencies": {
         "@jridgewell/source-map": "^0.3.3",
@@ -11684,9 +14917,9 @@
       "license": "MIT"
     },
     "node_modules/tinypool": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-1.0.0.tgz",
-      "integrity": "sha512-KIKExllK7jp3uvrNtvRBYBWBOAXSX8ZvoaD8T+7KB/QHIuoJW3Pmr60zucywjAlMb5TeXUkcs/MWeWLu0qvuAQ==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-1.0.1.tgz",
+      "integrity": "sha512-URZYihUbRPcGv95En+sz6MfghfIc2OJ1sv/RmhWZLouPY0/8Vo80viwPvg3dlaS9fuq7fQMEfgRRK7BBZThBEA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -11816,9 +15049,9 @@
       }
     },
     "node_modules/tslib": {
-      "version": "2.6.3",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz",
-      "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==",
+      "version": "2.7.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.7.0.tgz",
+      "integrity": "sha512-gLXCKdN1/j47AiHiOkJN69hJmcbGTHI0ImLmbYLHykhgeN0jVGola9yVjFgzCUklsZQMW55o+dW7IXv3RCXDzA==",
       "dev": true,
       "license": "0BSD"
     },
@@ -11836,9 +15069,9 @@
       }
     },
     "node_modules/type-fest": {
-      "version": "4.23.0",
-      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.23.0.tgz",
-      "integrity": "sha512-ZiBujro2ohr5+Z/hZWHESLz3g08BBdrdLMieYFULJO+tWc437sn8kQsWLJoZErY8alNhxre9K4p3GURAG11n+w==",
+      "version": "4.26.0",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.26.0.tgz",
+      "integrity": "sha512-OduNjVJsFbifKb57UqZ2EMP1i4u64Xwow3NYXUtBbD4vIwJdQd4+xl8YDou1dlm4DVrtwT/7Ky8z8WyCULVfxw==",
       "dev": true,
       "license": "(MIT OR CC0-1.0)",
       "engines": {
@@ -11881,11 +15114,55 @@
       "license": "ISC"
     },
     "node_modules/undici-types": {
-      "version": "6.13.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.13.0.tgz",
-      "integrity": "sha512-xtFJHudx8S2DSoujjMd1WeWvn7KKWFRESZTMeL1RptAYERu29D6jphMjjY+vn96jvN3kVPDNxU/E13VTaXj6jg==",
+      "version": "6.19.8",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",
+      "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==",
       "license": "MIT"
     },
+    "node_modules/unicode-canonical-property-names-ecmascript": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.0.tgz",
+      "integrity": "sha512-yY5PpDlfVIU5+y/BSCxAJRBIS1Zc2dDG3Ujq+sR0U+JjUevW2JhocOF+soROYDSaAezOzOKuyyixhD6mBknSmQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/unicode-match-property-ecmascript": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-2.0.0.tgz",
+      "integrity": "sha512-5kaZCrbp5mmbz5ulBkDkbY0SsPOjKqVS35VpL9ulMPfSl0J0Xsm+9Evphv9CoIZFwre7aJoa94AY6seMKGVN5Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "unicode-canonical-property-names-ecmascript": "^2.0.0",
+        "unicode-property-aliases-ecmascript": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/unicode-match-property-value-ecmascript": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.1.0.tgz",
+      "integrity": "sha512-qxkjQt6qjg/mYscYMC0XKRn3Rh0wFPlfxB0xkt9CfyTvpX1Ra0+rAmdX2QyAobptSEvuy4RtpPRui6XkV+8wjA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/unicode-property-aliases-ecmascript": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.1.0.tgz",
+      "integrity": "sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/universalify": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
@@ -11927,9 +15204,9 @@
       }
     },
     "node_modules/updates": {
-      "version": "16.3.7",
-      "resolved": "https://registry.npmjs.org/updates/-/updates-16.3.7.tgz",
-      "integrity": "sha512-TTehJxoTMb/tdFDctvroLhFTA/r93Ow1OC87GAPtQ5NGp4/YwYsPqivnQqkBAe1nV3UMJWBoKUMZZKC4yoTrsw==",
+      "version": "16.4.0",
+      "resolved": "https://registry.npmjs.org/updates/-/updates-16.4.0.tgz",
+      "integrity": "sha512-HtkG1MgXbQ5gpqu5eX4qVOwclMHbygiTYjSkFMVDEXuwb5clwkDh75xRb11PzRX9ozVOfcVUHl7lpBNDPquXrw==",
       "dev": true,
       "license": "BSD-2-Clause",
       "bin": {
@@ -12012,15 +15289,15 @@
       "license": "MIT"
     },
     "node_modules/vite": {
-      "version": "5.3.5",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-5.3.5.tgz",
-      "integrity": "sha512-MdjglKR6AQXQb9JGiS7Rc2wC6uMjcm7Go/NHNO63EwiJXfuk9PgqiP/n5IDJCziMkfw9n4Ubp7lttNwz+8ZVKA==",
+      "version": "5.4.2",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-5.4.2.tgz",
+      "integrity": "sha512-dDrQTRHp5C1fTFzcSaMxjk6vdpKvT+2/mIdE07Gw2ykehT49O0z/VHS3zZ8iV/Gh8BJJKHWOe5RjaNrW5xf/GA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "esbuild": "^0.21.3",
-        "postcss": "^8.4.39",
-        "rollup": "^4.13.0"
+        "postcss": "^8.4.41",
+        "rollup": "^4.20.0"
       },
       "bin": {
         "vite": "bin/vite.js"
@@ -12039,6 +15316,7 @@
         "less": "*",
         "lightningcss": "^1.21.0",
         "sass": "*",
+        "sass-embedded": "*",
         "stylus": "*",
         "sugarss": "*",
         "terser": "^5.4.0"
@@ -12056,6 +15334,9 @@
         "sass": {
           "optional": true
         },
+        "sass-embedded": {
+          "optional": true
+        },
         "stylus": {
           "optional": true
         },
@@ -12120,9 +15401,9 @@
       }
     },
     "node_modules/vite/node_modules/rollup": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.19.2.tgz",
-      "integrity": "sha512-6/jgnN1svF9PjNYJ4ya3l+cqutg49vOZ4rVgsDKxdl+5gpGPnByFXWGyfH9YGx9i3nfBwSu1Iyu6vGwFFA0BdQ==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.21.1.tgz",
+      "integrity": "sha512-ZnYyKvscThhgd3M5+Qt3pmhO4jIRR5RGzaSovB6Q7rGNrK5cUncrtLmcTTJVSdcKXyZjW8X8MB0JMSuH9bcAJg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -12136,22 +15417,22 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.19.2",
-        "@rollup/rollup-android-arm64": "4.19.2",
-        "@rollup/rollup-darwin-arm64": "4.19.2",
-        "@rollup/rollup-darwin-x64": "4.19.2",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.19.2",
-        "@rollup/rollup-linux-arm-musleabihf": "4.19.2",
-        "@rollup/rollup-linux-arm64-gnu": "4.19.2",
-        "@rollup/rollup-linux-arm64-musl": "4.19.2",
-        "@rollup/rollup-linux-powerpc64le-gnu": "4.19.2",
-        "@rollup/rollup-linux-riscv64-gnu": "4.19.2",
-        "@rollup/rollup-linux-s390x-gnu": "4.19.2",
-        "@rollup/rollup-linux-x64-gnu": "4.19.2",
-        "@rollup/rollup-linux-x64-musl": "4.19.2",
-        "@rollup/rollup-win32-arm64-msvc": "4.19.2",
-        "@rollup/rollup-win32-ia32-msvc": "4.19.2",
-        "@rollup/rollup-win32-x64-msvc": "4.19.2",
+        "@rollup/rollup-android-arm-eabi": "4.21.1",
+        "@rollup/rollup-android-arm64": "4.21.1",
+        "@rollup/rollup-darwin-arm64": "4.21.1",
+        "@rollup/rollup-darwin-x64": "4.21.1",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.21.1",
+        "@rollup/rollup-linux-arm-musleabihf": "4.21.1",
+        "@rollup/rollup-linux-arm64-gnu": "4.21.1",
+        "@rollup/rollup-linux-arm64-musl": "4.21.1",
+        "@rollup/rollup-linux-powerpc64le-gnu": "4.21.1",
+        "@rollup/rollup-linux-riscv64-gnu": "4.21.1",
+        "@rollup/rollup-linux-s390x-gnu": "4.21.1",
+        "@rollup/rollup-linux-x64-gnu": "4.21.1",
+        "@rollup/rollup-linux-x64-musl": "4.21.1",
+        "@rollup/rollup-win32-arm64-msvc": "4.21.1",
+        "@rollup/rollup-win32-ia32-msvc": "4.21.1",
+        "@rollup/rollup-win32-x64-msvc": "4.21.1",
         "fsevents": "~2.3.2"
       }
     },
@@ -12280,16 +15561,16 @@
       "license": "MIT"
     },
     "node_modules/vue": {
-      "version": "3.4.35",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.4.35.tgz",
-      "integrity": "sha512-+fl/GLmI4GPileHftVlCdB7fUL4aziPcqTudpTGXCT8s+iZWuOCeNEB5haX6Uz2IpRrbEXOgIFbe+XciCuGbNQ==",
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.4.38.tgz",
+      "integrity": "sha512-f0ZgN+mZ5KFgVv9wz0f4OgVKukoXtS3nwET4c2vLBGQR50aI8G0cqbFtLlX9Yiyg3LFGBitruPHt2PxwTduJEw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.4.35",
-        "@vue/compiler-sfc": "3.4.35",
-        "@vue/runtime-dom": "3.4.35",
-        "@vue/server-renderer": "3.4.35",
-        "@vue/shared": "3.4.35"
+        "@vue/compiler-dom": "3.4.38",
+        "@vue/compiler-sfc": "3.4.38",
+        "@vue/runtime-dom": "3.4.38",
+        "@vue/server-renderer": "3.4.38",
+        "@vue/shared": "3.4.38"
       },
       "peerDependencies": {
         "typescript": "*"
@@ -12398,9 +15679,9 @@
       }
     },
     "node_modules/watchpack": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.1.tgz",
-      "integrity": "sha512-8wrBCMtVhqcXP2Sup1ctSkga6uc2Bx0IIvKyT7yTFier5AXHooSI+QyQQAtTb7+E0IUCCKyTFmXqdqgum2XWGg==",
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.2.tgz",
+      "integrity": "sha512-TnbFSbcOCcDgjZ4piURLCbJ3nJhznVh9kw6F6iokjiFPl8ONxe9A6nMDVXDiNbrSfLILs6vB07F7wLBrwPYzJw==",
       "license": "MIT",
       "dependencies": {
         "glob-to-regexp": "^0.4.1",
@@ -12421,12 +15702,11 @@
       }
     },
     "node_modules/webpack": {
-      "version": "5.93.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.93.0.tgz",
-      "integrity": "sha512-Y0m5oEY1LRuwly578VqluorkXbvXKh7U3rLoQCEO04M97ScRr44afGVkI0FQFsXzysk5OgFAxjZAb9rsGQVihA==",
+      "version": "5.94.0",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.94.0.tgz",
+      "integrity": "sha512-KcsGn50VT+06JH/iunZJedYGUJS5FGjow8wb9c0v5n1Om8O1g4L6LjtfxwlXIATopoQu+vOXXa7gYisWxCoPyg==",
       "license": "MIT",
       "dependencies": {
-        "@types/eslint-scope": "^3.7.3",
         "@types/estree": "^1.0.5",
         "@webassemblyjs/ast": "^1.12.1",
         "@webassemblyjs/wasm-edit": "^1.12.1",
@@ -12435,7 +15715,7 @@
         "acorn-import-attributes": "^1.9.5",
         "browserslist": "^4.21.10",
         "chrome-trace-event": "^1.0.2",
-        "enhanced-resolve": "^5.17.0",
+        "enhanced-resolve": "^5.17.1",
         "es-module-lexer": "^1.2.1",
         "eslint-scope": "5.1.1",
         "events": "^3.2.0",
@@ -12765,9 +16045,9 @@
       }
     },
     "node_modules/wrap-ansi/node_modules/emoji-regex": {
-      "version": "10.3.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.3.0.tgz",
-      "integrity": "sha512-QpLs9D9v9kArv4lfDEgg1X/gN5XLnf/A6l9cs8SPZLRZR3ZkY9+kwIQTxm+fsSej5UMYGE8fdoaZVIBlqG0XTw==",
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.4.0.tgz",
+      "integrity": "sha512-EC+0oUMY1Rqm4O6LLrgjtYDvcVYTy7chDnM4Q7030tP4Kwj3u/pR6gP9ygnp2CJMK5Gq+9Q2oqmrFJAz01DXjw==",
       "license": "MIT"
     },
     "node_modules/wrap-ansi/node_modules/string-width": {
@@ -12842,6 +16122,13 @@
         "node": ">=10"
       }
     },
+    "node_modules/yallist": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
+      "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
+      "dev": true,
+      "license": "ISC"
+    },
     "node_modules/yaml": {
       "version": "2.5.0",
       "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.5.0.tgz",
diff --git a/package.json b/package.json
index 9d3556475ee..d188e99a30d 100644
--- a/package.json
+++ b/package.json
@@ -17,12 +17,12 @@
     "add-asset-webpack-plugin": "3.0.0",
     "ansi_up": "6.0.2",
     "asciinema-player": "3.8.0",
-    "chart.js": "4.4.3",
+    "chart.js": "4.4.4",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.0.1",
     "clippie": "4.1.3",
     "css-loader": "7.1.2",
-    "dayjs": "1.11.12",
+    "dayjs": "1.11.13",
     "dropzone": "6.0.0-beta.2",
     "easymde": "2.18.0",
     "esbuild-loader": "4.2.2",
@@ -34,17 +34,17 @@
     "katex": "0.16.11",
     "license-checker-webpack-plugin": "0.2.1",
     "mermaid": "11.0.2",
-    "mini-css-extract-plugin": "2.9.0",
+    "mini-css-extract-plugin": "2.9.1",
     "minimatch": "10.0.1",
-    "monaco-editor": "0.50.0",
+    "monaco-editor": "0.51.0",
     "monaco-editor-webpack-plugin": "7.1.0",
     "pdfobject": "2.3.0",
-    "postcss": "8.4.40",
+    "postcss": "8.4.41",
     "postcss-loader": "8.1.1",
-    "postcss-nesting": "12.1.5",
+    "postcss-nesting": "13.0.0",
     "sortablejs": "1.15.2",
     "swagger-ui-dist": "5.17.14",
-    "tailwindcss": "3.4.7",
+    "tailwindcss": "3.4.10",
     "temporal-polyfill": "0.2.5",
     "throttle-debounce": "5.0.2",
     "tinycolor2": "1.6.0",
@@ -54,20 +54,20 @@
     "typescript": "5.5.4",
     "uint8-to-base64": "0.2.0",
     "vanilla-colorful": "0.7.2",
-    "vue": "3.4.35",
+    "vue": "3.4.38",
     "vue-bar-graph": "2.1.0",
     "vue-chartjs": "5.3.1",
     "vue-loader": "17.4.2",
-    "webpack": "5.93.0",
+    "webpack": "5.94.0",
     "webpack-cli": "5.1.4",
     "wrap-ansi": "9.0.0"
   },
   "devDependencies": {
-    "@eslint-community/eslint-plugin-eslint-comments": "4.3.0",
-    "@playwright/test": "1.45.3",
+    "@eslint-community/eslint-plugin-eslint-comments": "4.4.0",
+    "@playwright/test": "1.46.1",
     "@stoplight/spectral-cli": "6.11.1",
-    "@stylistic/eslint-plugin-js": "2.6.1",
-    "@stylistic/stylelint-plugin": "3.0.0",
+    "@stylistic/eslint-plugin-js": "2.6.5",
+    "@stylistic/stylelint-plugin": "3.0.1",
     "@types/dropzone": "5.7.8",
     "@types/jquery": "3.5.30",
     "@types/katex": "0.16.7",
@@ -78,11 +78,11 @@
     "@types/throttle-debounce": "5.0.2",
     "@types/tinycolor2": "1.4.6",
     "@types/toastify-js": "1.12.3",
-    "@typescript-eslint/eslint-plugin": "8.0.0",
-    "@typescript-eslint/parser": "8.0.0",
+    "@typescript-eslint/eslint-plugin": "8.3.0",
+    "@typescript-eslint/parser": "8.3.0",
     "@vitejs/plugin-vue": "5.1.2",
     "eslint": "8.57.0",
-    "eslint-import-resolver-typescript": "3.6.1",
+    "eslint-import-resolver-typescript": "3.6.3",
     "eslint-plugin-array-func": "4.0.0",
     "eslint-plugin-deprecation": "3.0.0",
     "eslint-plugin-github": "5.0.1",
@@ -91,14 +91,14 @@
     "eslint-plugin-no-use-extend-native": "0.5.0",
     "eslint-plugin-playwright": "1.6.2",
     "eslint-plugin-regexp": "2.6.0",
-    "eslint-plugin-sonarjs": "1.0.4",
+    "eslint-plugin-sonarjs": "2.0.1",
     "eslint-plugin-unicorn": "55.0.0",
     "eslint-plugin-vitest": "0.4.1",
     "eslint-plugin-vitest-globals": "1.5.0",
     "eslint-plugin-vue": "9.27.0",
     "eslint-plugin-vue-scoped-css": "2.8.1",
-    "eslint-plugin-wc": "2.1.0",
-    "happy-dom": "14.12.3",
+    "eslint-plugin-wc": "2.1.1",
+    "happy-dom": "15.3.1",
     "markdownlint-cli": "0.41.0",
     "nolyfill": "1.0.39",
     "postcss-html": "1.7.0",
@@ -107,8 +107,8 @@
     "stylelint-declaration-strict-value": "1.10.6",
     "stylelint-value-no-unknown-custom-properties": "6.0.1",
     "svgo": "3.3.2",
-    "type-fest": "4.23.0",
-    "updates": "16.3.7",
+    "type-fest": "4.26.0",
+    "updates": "16.4.0",
     "vite-string-plugin": "1.3.4",
     "vitest": "2.0.5"
   },
@@ -131,6 +131,10 @@
     "object.values": "npm:@nolyfill/object.values@^1",
     "safe-regex-test": "npm:@nolyfill/safe-regex-test@^1",
     "string.prototype.includes": "npm:@nolyfill/string.prototype.includes@^1",
-    "is-core-module": "npm:@nolyfill/is-core-module@^1"
+    "is-core-module": "npm:@nolyfill/is-core-module@^1",
+    "array.prototype.findlast": "npm:@nolyfill/array.prototype.findlast@^1",
+    "array.prototype.tosorted": "npm:@nolyfill/array.prototype.tosorted@^1",
+    "string.prototype.matchall": "npm:@nolyfill/string.prototype.matchall@^1",
+    "string.prototype.repeat": "npm:@nolyfill/string.prototype.repeat@^1"
   }
 }
diff --git a/poetry.lock b/poetry.lock
index 74536495d27..48ac8d22de7 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -42,13 +42,13 @@ six = ">=1.13.0"
 
 [[package]]
 name = "djlint"
-version = "1.34.1"
+version = "1.34.2"
 description = "HTML Template Linter and Formatter"
 optional = false
-python-versions = ">=3.8.0,<4.0.0"
+python-versions = "<4.0.0,>=3.8.0"
 files = [
-    {file = "djlint-1.34.1-py3-none-any.whl", hash = "sha256:96ff1c464fb6f061130ebc88663a2ea524d7ec51f4b56221a2b3f0320a3cfce8"},
-    {file = "djlint-1.34.1.tar.gz", hash = "sha256:db93fa008d19eaadb0454edf1704931d14469d48508daba2df9941111f408346"},
+    {file = "djlint-1.34.2-py3-none-any.whl", hash = "sha256:4825389e395eb77371857c77f547fa5ebd1a644b1bc4fe9fed19d49a2786b9e5"},
+    {file = "djlint-1.34.2.tar.gz", hash = "sha256:db9b2e59203a452b83532499bc243c749279090b905cc1f657973f78e7a31ddd"},
 ]
 
 [package.dependencies]
@@ -357,4 +357,4 @@ dev = ["doc8", "flake8", "flake8-import-order", "rstcheck[sphinx]", "sphinx"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.10"
-content-hash = "cd2ff218e9f27a464dfbc8ec2387824a90f4360e04c3f2e58cc375796b7df33a"
+content-hash = "af89bce0c442463621b6e536f9b94c31e188e1662c2caa84372c0858a2ee7d5c"
diff --git a/pyproject.toml b/pyproject.toml
index 0724a8e24ac..ff2c233cfb4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -5,7 +5,7 @@ package-mode = false
 python = "^3.10"
 
 [tool.poetry.group.dev.dependencies]
-djlint = "1.34.1"
+djlint = "1.34.2"
 yamllint = "1.35.1"
 
 [tool.djlint]

From 1f924d845eeea263eb0bf8f379cc93039d7f37ea Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Fri, 30 Aug 2024 00:29:03 +0000
Subject: [PATCH 035/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_ja-JP.ini | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index e7166e04dc9..c14fd2b98ea 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -628,6 +628,7 @@ org_still_own_repo=組織はまだ1つ以上のリポジトリを所有してい
 org_still_own_packages=組織はまだ1つ以上のパッケージを所有しています。 先にそれらを削除してください。
 
 target_branch_not_exist=ターゲットのブランチが存在していません。
+target_ref_not_exist=ターゲットの ref が存在しません %s
 
 admin_cannot_delete_self=あなたが管理者である場合、自分自身を削除することはできません。最初に管理者権限を削除してください。
 
@@ -1273,6 +1274,7 @@ commit_graph.color=カラー
 commit.contained_in=このコミットが含まれているのは:
 commit.contained_in_default_branch=このコミットはデフォルトブランチに含まれています
 commit.load_referencing_branches_and_tags=このコミットを参照しているブランチやタグを取得
+commit.load_tags_failed=内部エラーによりタグの読み込みに失敗しました
 blame=Blame
 download_file=ファイルをダウンロード
 normal_view=通常表示
@@ -2185,6 +2187,7 @@ settings.transfer_in_progress=現在進行中の移転があります。この
 settings.transfer_notices_1=- 個人ユーザーに移転すると、あなたはリポジトリへのアクセス権を失います。
 settings.transfer_notices_2=- あなたが所有(または共同で所有)している組織に移転すると、リポジトリへのアクセス権は維持されます。
 settings.transfer_notices_3=- プライベートリポジトリを個人ユーザーに移転した場合は、最低限そのユーザーが読み取り権限を持つよう設定されます (必要に応じて権限が変更されます)。
+settings.transfer_notices_4=- リポジトリが組織に属しており、それを他の組織や個人に移転した場合、そのリポジトリのイシューと組織のプロジェクトボードとのリンクが失われます。
 settings.transfer_owner=新しいオーナー
 settings.transfer_perform=転送を実行
 settings.transfer_started=このリポジトリは転送のためにマークされており、「%s」からの確認を待っています
@@ -3699,6 +3702,11 @@ workflow.disable_success=ワークフロー '%s' が無効になりました。
 workflow.enable=ワークフローを有効にする
 workflow.enable_success=ワークフロー '%s' が有効になりました。
 workflow.disabled=ワークフローは無効です。
+workflow.run=ワークフローを実行
+workflow.not_found=ワークフロー '%s' が見つかりません。
+workflow.run_success=ワークフロー '%s' は正常に実行されました。
+workflow.from_ref=使用するワークフローの取得元
+workflow.has_workflow_dispatch=このワークフローには workflow_dispatch イベントトリガーがあります。
 
 need_approval_desc=フォークプルリクエストのワークフローを実行するには承認が必要です。
 

From e5e40787dcce40f69d3489adca2a80cf685a3fe8 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Fri, 30 Aug 2024 09:36:53 +0200
Subject: [PATCH 036/129] Move web globals to `web_src/js/globals.d.ts`
 (#31943)

This file serves exclusively to support `web_src/js`, so move it there.
---
 tsconfig.json                         | 2 +-
 types.d.ts => web_src/js/globals.d.ts | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename types.d.ts => web_src/js/globals.d.ts (100%)

diff --git a/tsconfig.json b/tsconfig.json
index 5640c8e7418..744f1511e95 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -29,7 +29,7 @@
     "sourceMap": true,
     "types": [
       "vitest/globals",
-      "./types.d.ts",
+      "./web_src/js/globals.d.ts",
     ],
   }
 }
diff --git a/types.d.ts b/web_src/js/globals.d.ts
similarity index 100%
rename from types.d.ts
rename to web_src/js/globals.d.ts

From 80fa8d7740cc4321b46bcdce337efef821a8b6ac Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Sun, 1 Sep 2024 00:35:09 +0000
Subject: [PATCH 037/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_it-IT.ini | 27 +-------------
 options/locale/locale_ja-JP.ini | 16 ---------
 options/locale/locale_ko-KR.ini | 15 --------
 options/locale/locale_lv-LV.ini | 34 +-----------------
 options/locale/locale_nl-NL.ini | 32 +----------------
 options/locale/locale_pl-PL.ini | 26 --------------
 options/locale/locale_pt-BR.ini | 36 -------------------
 options/locale/locale_pt-PT.ini | 62 ---------------------------------
 options/locale/locale_ru-RU.ini | 29 ---------------
 options/locale/locale_si-LK.ini | 18 ----------
 options/locale/locale_sk-SK.ini |  9 -----
 options/locale/locale_sv-SE.ini | 14 --------
 options/locale/locale_tr-TR.ini | 33 ------------------
 options/locale/locale_uk-UA.ini | 20 -----------
 options/locale/locale_zh-CN.ini | 37 --------------------
 options/locale/locale_zh-HK.ini |  9 -----
 options/locale/locale_zh-TW.ini | 29 ---------------
 17 files changed, 3 insertions(+), 443 deletions(-)

diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 45998bb8056..5fb3e58e351 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -144,7 +144,7 @@ network_error=Errore di rete
 app_desc=Un servizio auto-ospitato per Git pronto all'uso
 install=Facile da installare
 platform=Multipiattaforma
-platform_desc=Gitea funziona ovunque <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> possa essere compilato: Windows, macOS, Linux, ARM, etc. Scegli ciò che ami!
+platform_desc=Gitea funziona ovunque <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> possa essere compilato: Windows, macOS, Linux, ARM, etc. Scegli ciò che ami!
 lightweight=Leggero
 lightweight_desc=Gitea ha requisiti minimi bassi e può funzionare su un economico Raspberry Pi. Risparmia l'energia della tua macchina!
 license=Open Source
@@ -516,10 +516,8 @@ applications=Applicazioni
 orgs=Gestisci le organizzazioni
 repos=Repository
 delete=Elimina account
-twofa=Verifica in due passaggi
 account_link=Account collegati
 organization=Organizzazioni
-webauthn=Chiavi Di Sicurezza
 
 public_profile=Profilo pubblico
 password_username_disabled=Gli utenti non locali non hanno il permesso di cambiare il proprio nome utente. per maggiori dettagli si prega di contattare l'amministratore del sito.
@@ -709,21 +707,17 @@ revoke_key=Revoca
 revoke_oauth2_grant=Revoca accesso
 revoke_oauth2_grant_description=Revocando l'accesso a questa applicazione di terze parti impedirá l'accesso ai tuoi dati. Sei sicuro?
 
-twofa_desc=L'autenticazione a due fattori migliora la sicurezza del tuo account.
 twofa_is_enrolled=La verifica in due passaggi è attualmente <strong>abilitata</strong> sul tuo account.
 twofa_not_enrolled=La verifica in due passaggi al momento non è abilitata sul tuo account.
 twofa_disable=Disattiva la verifica in due passaggi
-twofa_scratch_token_regenerate=Rigenera il token di sicurezza
 twofa_enroll=Iscriviti alla verifica in due passaggi
 twofa_disable_note=Se necessario, è possibile disattivare la verifica in due passaggi.
 twofa_disable_desc=Disattivare la verifica in due passaggi renderà il tuo account meno sicuro. Continuare?
-regenerate_scratch_token_desc=Se hai smarrito il tuo token di sicurezza o lo hai già utilizzato per effettuare il login è possibile resettarlo qui.
 twofa_disabled=L'autenticazione a due fattori è stata disattivata.
 scan_this_image=Scannerizza questa immagine con l'applicazione di autenticazione:
 or_enter_secret=O immettere il segreto: %s
 then_enter_passcode=E immetti il codice di accesso indicato nell'applicazione:
 passcode_invalid=Il codice di accesso non è corretto. Riprova.
-twofa_enrolled=Il tuo account è stato registrato alla verifica in due passaggi. Conserva il token di sicurezza (%s) in un luogo sicuro in quanto viene visualizzato sono una volta!
 twofa_failed_get_secret=Impossibile ottenere il segreto.
 
 webauthn_desc=Le chiavi di sicurezza sono dispositivi hardware contenenti chiavi crittografiche. Possono essere utilizzate per l'autenticazione a due fattori. Le chiavi di sicurezza devono supportare lo standard <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthenticator</a> di WebAuthn.
@@ -843,9 +837,7 @@ blame_prior=Visualizza la colpa prima di questa modifica
 
 
 transfer.accept=Accetta trasferimento
-transfer.accept_desc=`Trasferisci a "%s"`
 transfer.reject=Rifiuta trasferimento
-transfer.reject_desc=`Annulla il trasferimento a "%s"`
 
 desc.private=Privato
 desc.public=Pubblico
@@ -963,7 +955,6 @@ release=Rilascio
 releases=Rilasci
 tag=Etichetta
 released_this=ha rilasciato questo
-file.title=%s a %s
 file_raw=Originale
 file_history=Cronologia
 file_view_source=Visualizza sorgente
@@ -973,7 +964,6 @@ file_permalink=Permalink
 file_too_large=Il file è troppo grande per essere visualizzato.
 invisible_runes_line=`Questa riga ha caratteri unicode invisibili`
 ambiguous_runes_line=`Questa riga ha caratteri unicode ambigui`
-ambiguous_character=`%[1]c [U+%04[1]X] è confondibile con %[2]c [U+%04[2]X]`
 
 escape_control_characters=Fuga
 unescape_control_characters=Unescape
@@ -1456,9 +1446,7 @@ pulls.rebase_conflict_summary=Messaggio d'Errore
 pulls.unrelated_histories=Unione fallita: gli Head del ramo da unire e la base non condividono una storia cronologica in comune. Suggerimento: prova una strategia diversa
 pulls.merge_out_of_date=Unione fallita: Durante la generazione del merge, la base è stata aggiornata. Suggerimento: Riprova.
 pulls.head_out_of_date=Unione non riuscita: durante la generazione della fusione, la testa è stata aggiornata. Suggerimento: Riprova.
-pulls.push_rejected=Unisci non riuscito: il push è stato rifiutato. Rivedi gli Hooks Git per questo repository.
 pulls.push_rejected_summary=Messaggio Di Rifiuto Completo
-pulls.push_rejected_no_message=Unione non riuscita: il push è stato rifiutato ma non c'è stato un messaggio remoto.<br>Controlla gli Hooks di Git per questo repository
 pulls.open_unmerged_pull_exists=`Non è possibile riaprire questa pull request perché ne esiste un'altra (#%d) con proprietà identiche.`
 pulls.status_checking=Alcuni controlli sono in sospeso
 pulls.status_checks_success=Tutti i controlli sono stati effettuati con successo
@@ -1498,7 +1486,6 @@ milestones.closed=Chiuso %s
 milestones.no_due_date=Nessuna data di scadenza
 milestones.open=Apri
 milestones.close=Chiudi
-milestones.completeness=%d%% Completato
 milestones.create=Crea Milestone
 milestones.title=Titolo
 milestones.desc=Descrizione
@@ -1668,7 +1655,6 @@ settings.pulls.enable_autodetect_manual_merge=Abilita il rilevamento automatico
 settings.pulls.allow_rebase_update=Abilita l'aggiornamento del ramo pull request per rebase
 settings.pulls.default_delete_branch_after_merge=Elimina il ramo pull request dopo la fusione per impostazione predefinita
 settings.packages_desc=Abilita Il Registro Dei Pacchetti Repository
-settings.projects_desc=Abilita Progetti Repository
 settings.admin_settings=Impostazioni amministratore
 settings.admin_enable_health_check=Abilita verifica dell'integrità del repository (git fsck)
 settings.admin_code_indexer=Indicizzatore del codice
@@ -1871,8 +1857,6 @@ settings.branches=Branches
 settings.protected_branch=Protezione branch
 settings.protected_branch_can_push=Consentire push?
 settings.protected_branch_can_push_yes=Puoi pushare
-settings.protected_branch_can_push_no=Non puoi pushare
-settings.branch_protection=Protezione branch per il branch '<b>%s</b>'
 settings.protect_this_branch=Attiva protezione branch
 settings.protect_this_branch_desc=Impedisce l'eliminazione e limita il merge di Git effettuando il push e l'unione verso questo ramo.
 settings.protect_disable_push=Disabilita push
@@ -1880,7 +1864,6 @@ settings.protect_disable_push_desc=Nessun push sarà consentito in questo ramo.
 settings.protect_enable_push=Abilita push
 settings.protect_enable_push_desc=Chiunque con accesso in scrittura sarà autorizzato a pushare su questo ramo (ma non forzare il push).
 settings.protect_check_status_contexts=Abilita Controllo Stato
-settings.protect_check_status_contexts_desc=Richiedi il superamento di controlli di stato prima dell'unione di due rami. Scegliere quali controlli di stato devono passare prima che i rami possano essere uniti in un ramo che corrisponde a questa regola. Se abilitato, i commit devono prima essere inviati a un altro ramo, quindi uniti o pushati direttamente a un ramo che corrisponde a questa regola dopo aver superato i controlli di stato. Se non viene selezionato alcuna regola, l'ultimo commit avrá successo indipendentemente dal contesto.
 settings.protect_check_status_contexts_list=Controlli di stato trovati nell'ultima settimana per questo repository
 settings.protect_required_approvals=Approvazioni richieste:
 settings.protect_required_approvals_desc=Permetti solo di unire la richiesta pull con abbastanza recensioni positive.
@@ -1890,7 +1873,6 @@ settings.require_signed_commits=Richiede commit firmati
 settings.require_signed_commits_desc=Rifiuta i push a questo ramo se non sono firmati o verificabili.
 settings.add_protected_branch=Attiva protezione
 settings.delete_protected_branch=Disattiva protezione
-settings.protected_branch_deletion=Disattiva protezione branch
 settings.protected_branch_deletion_desc=Disattivare la protezione branch permette agli utenti con permesso di scrittura di pushare sul branch. Continuare?
 settings.block_rejected_reviews=Blocca il merge di revisioni rifiutate
 settings.block_rejected_reviews_desc=Il merge non sarà possibile quando sono richiesti cambiamenti da revisori, anche se ci sono sufficienti approvazioni.
@@ -1899,7 +1881,6 @@ settings.block_on_official_review_requests_desc=Il merge non sarà possibile qua
 settings.block_outdated_branch=Blocca il merge se la pull request è obsoleta
 settings.block_outdated_branch_desc=Il merging non sarà possibile quando il ramo testa è dietro il ramo base.
 settings.default_branch_desc=Seleziona un branch del repository predefinito per le pull request ed i commit di codice:
-settings.default_merge_style_desc=Modalità di merge predefinita per le richieste di pull:
 settings.choose_branch=Scegli un branch…
 settings.no_protected_branch=Non ci sono branch protetti.
 settings.edit_protected_branch=Modifica
@@ -2072,7 +2053,6 @@ tag.confirm_create_tag=Crea etichetta
 
 topic.manage_topics=Gestisci argomenti
 topic.done=Fatto
-topic.count_prompt=Non puoi selezionare più di 25 argomenti
 
 find_file.go_to_file=Vai al file
 find_file.no_matching=Nessun file corrispondente trovato
@@ -2155,7 +2135,6 @@ teams.leave.detail=Lasciare %s?
 teams.can_create_org_repo=Crea repository
 teams.can_create_org_repo_helper=I membri possono creare nuovi repository nell'organizzazione. Il creatore otterrà l'accesso di amministratore alla nuova repository.
 teams.none_access=Nessun Accesso
-teams.none_access_helper=I membri non possono visualizzare o fare altre azioni su questa unità.
 teams.general_access=Accesso Generale
 teams.general_access_helper=I permessi dei membri saranno decisi dalla seguente tabella dei permessi.
 teams.read_access=Lettura
@@ -2622,14 +2601,11 @@ monitor.next=La Prossima Volta
 monitor.previous=La Scorsa Volta
 monitor.execute_times=Esecuzioni
 monitor.process=Processi in Esecuzione
-monitor.stacktrace=Stacktraces
 monitor.desc=Descrizione
 monitor.start=Orario Avvio
 monitor.execute_time=Tempo di Esecuzione
 monitor.last_execution_result=Risultato
 monitor.process.cancel=Annulla processo
-monitor.process.cancel_desc=L'annullamento di un processo potrebbe causare la perdita di dati
-monitor.process.cancel_notices=Annulla: <strong>%s</strong>?
 monitor.process.children=Figli
 
 monitor.queues=Code
@@ -2714,7 +2690,6 @@ raw_minutes=minuti
 
 [dropzone]
 default_message=Trascina i file o clicca qui per caricare.
-invalid_input_type=Non è possibile caricare file di questo tipo.
 file_too_big=La dimensione del file ({{filesize}} MB) supera la dimensione massima ({{maxFilesize}} MB).
 remove_file=Rimuovi file
 
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index c14fd2b98ea..01cf6d8dffb 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -926,7 +926,6 @@ oauth2_client_secret_hint=このページから移動したりページを更新
 oauth2_application_edit=編集
 oauth2_application_create_description=OAuth2アプリケーションで、サードパーティアプリケーションがこのインスタンス上のユーザーアカウントにアクセスできるようになります。
 oauth2_application_remove_description=OAuth2アプリケーションを削除すると、このインスタンス上の許可されたユーザーアカウントへのアクセスができなくなります。 続行しますか？
-oauth2_application_locked=設定で有効にされた場合、Giteaは起動時にいくつかのOAuth2アプリケーションを事前登録します。 想定されていない動作を防ぐため、これらは編集も削除もできません。 詳細についてはOAuth2のドキュメントを参照してください。
 
 authorized_oauth2_applications=許可済みOAuth2アプリケーション
 authorized_oauth2_applications_description=これらのサードパーティ アプリケーションに、あなたのGiteaアカウントへのアクセスを許可しています。 不要になったアプリケーションはアクセス権を取り消すようにしてください。
@@ -1099,9 +1098,7 @@ tree_path_not_found_branch=パス %[1]s はブランチ %[2]s に存在しませ
 tree_path_not_found_tag=パス %[1]s はタグ %[2]s に存在しません
 
 transfer.accept=移転を承認
-transfer.accept_desc=`"%s" に移転`
 transfer.reject=移転を拒否
-transfer.reject_desc=`"%s" への移転をキャンセル`
 transfer.no_permission_to_accept=この移転を承認する権限がありません。
 transfer.no_permission_to_reject=この移転を拒否する権限がありません。
 
@@ -1236,7 +1233,6 @@ releases=リリース
 tag=タグ
 released_this=がこれをリリース
 tagged_this=がタグ付け
-file.title=%s at %s
 file_raw=Raw
 file_history=履歴
 file_view_source=ソースを表示
@@ -1253,7 +1249,6 @@ ambiguous_runes_header=このファイルには曖昧(ambiguous)なUnicode文字
 ambiguous_runes_description=このファイルには、他の文字と見間違える可能性があるUnicode文字が含まれています。 それが意図的なものと考えられる場合は、この警告を無視して構いません。 それらの文字を表示するにはエスケープボタンを使用します。
 invisible_runes_line=`この行には不可視のUnicode文字があります`
 ambiguous_runes_line=`この行には曖昧(ambiguous)なUnicode文字があります`
-ambiguous_character=`%[1]c [U+%04[1]X] は %[2]c [U+%04[2]X] と混同するおそれがあります`
 
 escape_control_characters=エスケープ
 unescape_control_characters=エスケープ解除
@@ -1866,9 +1861,7 @@ pulls.unrelated_histories=マージ失敗: マージHEADとベースには共通
 pulls.merge_out_of_date=マージ失敗: マージの生成中にベースが更新されました。 ヒント: もう一度試してみてください
 pulls.head_out_of_date=マージ失敗: マージの生成中に head が更新されました。 ヒント: もう一度試してみてください
 pulls.has_merged=失敗: プルリクエストはマージされていました。再度マージしたり、ターゲットブランチを変更することはできません。
-pulls.push_rejected=マージ失敗: プッシュは拒否されました。 このリポジトリのGitフックを見直してください。
 pulls.push_rejected_summary=拒否メッセージ全体:
-pulls.push_rejected_no_message=マージ失敗: プッシュは拒否され、リモートからのメッセージはありません。<br>このリポジトリのGitフックを見直してください
 pulls.open_unmerged_pull_exists=`同じ条件のプルリクエスト (#%d) が未処理のため、再オープンはできません。`
 pulls.status_checking=いくつかのステータスチェックが待機中です
 pulls.status_checks_success=ステータスチェックはすべて成功しました
@@ -1924,7 +1917,6 @@ milestones.no_due_date=期日なし
 milestones.open=オープン
 milestones.close=クローズ
 milestones.new_subheader=マイルストーンを使うとイシューの整理や進捗確認がしやすくなります。
-milestones.completeness=%d%%消化
 milestones.create=マイルストーンを作成
 milestones.title=タイトル
 milestones.desc=説明
@@ -2375,7 +2367,6 @@ settings.protected_branch.save_rule=ルールを保存
 settings.protected_branch.delete_rule=ルールを削除
 settings.protected_branch_can_push=プッシュを許可する
 settings.protected_branch_can_push_yes=プッシュできます
-settings.protected_branch_can_push_no=プッシュできません
 settings.branch_protection=ブランチ '<b>%s</b>' の保護ルール
 settings.protect_this_branch=ブランチの保護を有効にする
 settings.protect_this_branch_desc=ブランチの削除を防ぎ、ブランチへのプッシュやマージを制限します。
@@ -2676,7 +2667,6 @@ tag.create_success=タグ "%s" を作成しました。
 
 topic.manage_topics=トピックの管理
 topic.done=完了
-topic.count_prompt=選択できるのは25トピックまでです。
 topic.format_prompt=トピック名は英字または数字で始め、ダッシュ('-')やドット('.')を含めることができます。最大35文字までです。文字は小文字でなければなりません。
 
 find_file.go_to_file=ファイルへ移動
@@ -2774,7 +2764,6 @@ teams.leave.detail=%s から脱退しますか？
 teams.can_create_org_repo=リポジトリを作成
 teams.can_create_org_repo_helper=メンバーは組織のリポジトリを新たに作成できます。作成者には新しいリポジトリの管理者権限が与えられます。
 teams.none_access=アクセスなし
-teams.none_access_helper=メンバは、このユニットで表示や他の操作を行うことはできません。
 teams.general_access=一般的なアクセス
 teams.general_access_helper=メンバーの権限は下記の権限テーブルで決定されます。
 teams.read_access=読み取り
@@ -3312,7 +3301,6 @@ monitor.next=次回
 monitor.previous=前回
 monitor.execute_times=実行回数
 monitor.process=実行中のプロセス
-monitor.stacktrace=スタックトレース
 monitor.processes_count=%d プロセス
 monitor.download_diagnosis_report=診断レポートをダウンロード
 monitor.desc=説明
@@ -3320,8 +3308,6 @@ monitor.start=開始日時
 monitor.execute_time=実行時間
 monitor.last_execution_result=結果
 monitor.process.cancel=処理をキャンセル
-monitor.process.cancel_desc=処理をキャンセルするとデータが失われる可能性があります
-monitor.process.cancel_notices=キャンセル: <strong>%s</strong>?
 monitor.process.children=子プロセス
 
 monitor.queues=キュー
@@ -3423,7 +3409,6 @@ raw_minutes=分
 
 [dropzone]
 default_message=ファイルをここにドロップ、またはここをクリックしてアップロード
-invalid_input_type=この種類のファイルはアップロードできません。
 file_too_big=アップロードされたファイルのサイズ ({{filesize}} MB) は、最大サイズ ({{maxFilesize}} MB) を超えています。
 remove_file=ファイル削除
 
@@ -3571,7 +3556,6 @@ settings.link=このパッケージをリポジトリにリンク
 settings.link.description=パッケージをリポジトリにリンクすると、リポジトリのパッケージリストに表示されるようになります。
 settings.link.select=リポジトリを選択
 settings.link.button=リポジトリのリンクを更新
-settings.link.success=リポジトリのリンクが正常に更新されました。
 settings.link.error=リポジトリのリンクの更新に失敗しました。
 settings.delete=パッケージ削除
 settings.delete.description=パッケージの削除は恒久的で元に戻すことはできません。
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index 16f4bd310ef..29d11d88d3d 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -371,7 +371,6 @@ applications=어플리케이션
 orgs=조직 관리
 repos=저장소
 delete=계정 삭제
-twofa=2단계 인증
 account_link=연결된 계정
 organization=조직
 
@@ -494,15 +493,12 @@ oauth2_application_edit=수정하기
 revoke_key=취소
 revoke_oauth2_grant=접근 권한 제거
 
-twofa_desc=2단계 인증은 계정의 보안을 향상시킵니다.
 twofa_is_enrolled=귀하의 계정은 현재 2단계 인증에 <strong>등록</strong>되어 있습니다.
 twofa_not_enrolled=귀하의 계정은 현재 2단계 인증에 등록되어 있지 않습니다.
 twofa_disable=2단계 인증 해제
-twofa_scratch_token_regenerate=스크래치 토큰 재생성
 twofa_enroll=2단계 인증에 등록하기
 twofa_disable_note=필요한 경우 2단계 인증을 해제할 수 있습니다.
 twofa_disable_desc=2단계 인증을 해제하면 귀하의 계정이 보안에 취약해질 것 입니다. 계속하시겠습니까?
-regenerate_scratch_token_desc=스크래치 토큰을 분실 했거나 이미 로그인에 사용되었다면 여기에서 재설정 할 수 있습니다.
 twofa_disabled=2단계 인증이 해제되었습니다.
 scan_this_image=이 이미지를 당신의 인증 애플리케이션에서 스캔하세요:
 or_enter_secret=또는 이 비밀키를 입력하세요: %s
@@ -862,7 +858,6 @@ milestones.closed=닫힘 %s
 milestones.no_due_date=기한 없음
 milestones.open=열기
 milestones.close=닫기
-milestones.completeness=%d%% 완료됨
 milestones.create=마일스톤 생성
 milestones.title=타이틀
 milestones.desc=설명
@@ -1067,19 +1062,12 @@ settings.key_been_used=동일한 내용의 배포키를 이미 사용중입니
 settings.key_name_used=같은 이름의 배포키가 이미 있습니다.
 settings.deploy_key_deletion=배포키 삭제
 settings.deploy_key_deletion_success=배포키가 삭제되었습니다.
-settings.branches=브랜치
-settings.protected_branch=브랜치 보호
 settings.protected_branch_can_push=푸시를 허용하시겠습니까?
 settings.protected_branch_can_push_yes=푸시할 수 있습니다.
-settings.protected_branch_can_push_no=푸시할 수 없습니다.
-settings.branch_protection='<b>%s</b>' 브랜치 보호
 settings.protect_this_branch=브랜치 보호 활성화
 settings.protect_disable_push=푸시 끄기
 settings.protect_enable_push=푸시 켜기
 settings.protect_required_approvals=필요한 승인:
-settings.add_protected_branch=보호 활성화
-settings.delete_protected_branch=보호 비활성화
-settings.protected_branch_deletion=브랜치 보호 비활성화
 settings.choose_branch=브랜치 선택...
 settings.no_protected_branch=보호된 브랜치가 없습니다.
 settings.edit_protected_branch=편집
@@ -1142,7 +1130,6 @@ branch.deleted_by=%s 에 의해 삭제되었습니다.
 
 topic.manage_topics=토픽 관리
 topic.done=완료
-topic.count_prompt=25개 이상의 토픽을 선택하실 수 없습니다.
 
 
 
@@ -1534,7 +1521,6 @@ raw_seconds=초
 raw_minutes=분
 
 [dropzone]
-invalid_input_type=이 형식의 파일을 업로드할 수 없습니다.
 file_too_big=파일 크기({{filesize}} MB) 가 최대 크기({{maxFilesize}} MB) 를 초과합니다.
 remove_file=파일 제거
 
@@ -1560,7 +1546,6 @@ error.unit_not_allowed=이 저장소 섹션에 접근할 수 없습니다.
 
 [packages]
 filter.type=유형
-alpine.repository.branches=브랜치
 alpine.repository.repositories=저장소
 conan.details.repository=저장소
 owner.settings.cleanuprules.enabled=활성화됨
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index 035b0008e38..1df081d1498 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -195,7 +195,7 @@ app_desc=Viegli uzstādāms Git serviss
 install=Vienkārši instalējams
 install_desc=Vienkārši <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">jāpalaiž izpildāmais fails</a> vajadzīgajai platformai, jāizmanto <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, vai jāiegūst <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">pakotne</a>.
 platform=Pieejama dažādām platformām
-platform_desc=Gitea iespējams uzstādīt jebkur, kam <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> var nokompilēt: Windows, macOS, Linux, ARM utt. Izvēlies to, kas tev patīk!
+platform_desc=Gitea darbojas visur, kur <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> var kompilēt: Windows, macOS, Linux, ARM, utt.. Izvēlies to, kas Tev patīk!
 lightweight=Viegla
 lightweight_desc=Gitea ir miminālas prasības un to var darbināt uz nedārga Raspberry Pi datora. Ietaupi savai ierīcei resursus!
 license=Atvērtā pirmkoda
@@ -619,11 +619,9 @@ applications=Lietotnes
 orgs=Pārvaldīt organizācijas
 repos=Repozitoriji
 delete=Dzēst kontu
-twofa=Divfaktoru autentifikācija
 account_link=Saistītie konti
 organization=Organizācijas
 uid=UID
-webauthn=Drošības atslēgas
 
 public_profile=Publiskais profils
 biography_placeholder=Pastāsti mums mazliet par sevi! (Var izmantot Markdown)
@@ -856,12 +854,10 @@ revoke_oauth2_grant=Atsaukt piekļuvi
 revoke_oauth2_grant_description=Atsaucot piekļuvi šai trešas puses lietotnei tiks liegta piekļuve Jūsu datiem. Vai turpināt?
 revoke_oauth2_grant_success=Piekļuve veiksmīgi atsaukta.
 
-twofa_desc=Divfaktoru autentifikācija uzlabo konta drošību.
 twofa_recovery_tip=Ja ierīce tiek pazaudēta, iespējams izmantot vienreiz izmantojamo atkopšanas atslēgu, lai atgūtu piekļuvi savam kontam.
 twofa_is_enrolled=Kontam ir <strong>ieslēgta</strong> divfaktoru autentifikācija.
 twofa_not_enrolled=Kontam šobrīd nav ieslēgta divfaktoru autentifikācija.
 twofa_disable=Atslēgt divfaktoru autentifikāciju
-twofa_scratch_token_regenerate=Ģenerēt jaunu vienreizējo kodu
 twofa_scratch_token_regenerated=Vienreizējā pilnvara tagad ir %s. Tā ir jāglabā drošā vietā, tā vairs nekad netiks rādīta.
 twofa_enroll=Ieslēgt divfaktoru autentifikāciju
 twofa_disable_note=Nepieciešamības gadījumā divfaktoru autentifikāciju ir iespējams atslēgt.
@@ -872,7 +868,6 @@ scan_this_image=Noskenējiet šo attēlu ar autentifikācijas lietojumprogrammu:
 or_enter_secret=Vai ievadiet šo noslēpumu: %s
 then_enter_passcode=Ievadiet piekļuves kodu no lietojumprogrammas:
 passcode_invalid=Nederīgs piekļuves kods. Mēģiniet ievadīt atkārtoti.
-twofa_enrolled=Kontam tika ieslēgta divfaktoru autentifikācija. Saglabājiet vienreizējo kodu (%s) drošā vietā, jo to vairāk nebūs iespējams aplūkot!
 twofa_failed_get_secret=Neizdevās ielādēt noslēpumu.
 
 webauthn_desc=Drošības atslēgas ir fiziskas ierīces, kas satur kriptogrāfiskas atslēgas. Tās var tikt izmantotas divu faktoru autentifikācijai. Drošības atslēgām ir jāatbalsta <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn autentifikācijas</a> standarts.
@@ -1014,9 +1009,7 @@ tree_path_not_found_branch=Atzarā %[2]s nepastāv ceļš %[1]s
 tree_path_not_found_tag=Tagā %[2]s nepastāv ceļš %[1]s
 
 transfer.accept=Apstiprināt īpašnieka maiņu
-transfer.accept_desc=`Mainīt īpašnieku uz "%s"`
 transfer.reject=Noraidīt īpašnieka maiņu
-transfer.reject_desc=`Atcelt īpašnieka maiņu uz "%s"`
 transfer.no_permission_to_accept=Nav atļaujas pieņemt šo pārsūtīšanu.
 transfer.no_permission_to_reject=Nav atļaujas noraidīt šo pārsūtīšanu.
 
@@ -1150,7 +1143,6 @@ releases=Laidieni
 tag=Tags
 released_this=izveidoja šo laidienu
 tagged_this=izveidoja tagu revīzijai
-file.title=%s atzarā %s
 file_raw=Neapstrādāts
 file_history=Vēsture
 file_view_source=Skatīt avotu
@@ -1164,7 +1156,6 @@ ambiguous_runes_header=`Šis fails satur neviennozīmīgus unikoda simbolus`
 ambiguous_runes_description=`Šis fails satur unikoda simbolus, kas var tikt sajauktas ar citām rakstzīmēm. Ja šķiet, ka tas ir ar nolūku, šo brīdinājumu var droši neņemt vērā. Jāizmanto atsoļa taustiņš (Esc), lai atklātu tās.`
 invisible_runes_line=`Šī līnija satur neredzamus unikoda simbolus`
 ambiguous_runes_line=`Šī līnija satur neviennozīmīgus unikoda simbolus`
-ambiguous_character=`%[1]c [U+%04[1]X] var tikt sajaukts ar %[2]c [U+%04[2]X]`
 
 escape_control_characters=Kodēt
 unescape_control_characters=Atkodēt
@@ -1756,9 +1747,7 @@ pulls.unrelated_histories=Sapludināšana neizdevās: mērķa un bāzes atzariem
 pulls.merge_out_of_date=Sapludināšana neizdevās: sapludināšanas laikā, bāzes atzarā tika iesūtītas izmaiņas. Ieteikums: mēģiniet atkārtoti.
 pulls.head_out_of_date=Sapludināšana neizdevās: sapludināšanas laikā, bāzes atzarā tika iesūtītas izmaiņas. Ieteikums: mēģiniet atkārtoti.
 pulls.has_merged=Neizdevās: izmaiņu pieprasījums jau ir sapludināts, nevar to darīt atkārtoti vai mainīt mērķa atzaru.
-pulls.push_rejected=Sapludināšana neizdevās: iesūtīšana tika noraidīta. Pārbaudiet git āķus šim repozitorijam.
 pulls.push_rejected_summary=Pilns noraidīšanas ziņojums
-pulls.push_rejected_no_message=Sapludināšana neizdevās: Izmaiņu iesūtīšana tika noraidīta, bet serveris neatgrieza paziņojumu.<br>Pārbaudiet git āķus šim repozitorijam
 pulls.open_unmerged_pull_exists=`Jūs nevarat veikt atkārtotas atvēršanas darbību, jo jau eksistē izmaiņu pieprasījums (#%d) ar šādu sapludināšanas informāciju.`
 pulls.status_checking=Dažas pārbaudes vēl tiek veiktas
 pulls.status_checks_success=Visas pārbaudes ir veiksmīgas
@@ -1812,7 +1801,6 @@ milestones.no_due_date=Bez termiņa
 milestones.open=Atvērta
 milestones.close=Aizvērt
 milestones.new_subheader=Atskaites punkti var palīdzēt pārvaldīt problēmas un sekot to virzībai.
-milestones.completeness=%d%% pabeigti
 milestones.create=Izveidot atskaites punktu
 milestones.title=Virsraksts
 milestones.desc=Apraksts
@@ -2024,7 +2012,6 @@ settings.pulls.default_delete_branch_after_merge=Pēc noklusējuma dzēst izmai
 settings.pulls.default_allow_edits_from_maintainers=Atļaut uzturētājiem labot pēc noklusējuma
 settings.releases_desc=Iespējot repozitorija laidienus
 settings.packages_desc=Iespējot repozitorija pakotņu reģistru
-settings.projects_desc=Iespējot repozitorija projektus
 settings.projects_mode_all=Visi projekti
 settings.actions_desc=Iespējot repozitorija darbības
 settings.admin_settings=Administratora iestatījumi
@@ -2239,14 +2226,8 @@ settings.add_key_success=Izvietošanas atslēga "%s" tika pievienota.
 settings.deploy_key_deletion=Noņemt izvietošanas atslēgu
 settings.deploy_key_deletion_desc=Noņemot izvietošanas atslēgu, tai tiks liegta piekļuve šim repozitorija. Vai turpināt?
 settings.deploy_key_deletion_success=Izvietošanas atslēga tika noņemta.
-settings.branches=Atzari
-settings.protected_branch=Atzaru aizsargāšana
 settings.protected_branch.save_rule=Saglabāt noteikumu
 settings.protected_branch.delete_rule=Dzēst noteikumu
-settings.protected_branch_can_push=Atļaut izmaiņu nosūtīšanu?
-settings.protected_branch_can_push_yes=Jūs varat nosūtīt izmaiņas
-settings.protected_branch_can_push_no=Jūs nevarat nosūtīt izmaiņas
-settings.branch_protection=Atzara aizsardzība atzaram '<b>%s</b>'
 settings.protect_this_branch=Iespējot atzara aizsardzību
 settings.protect_this_branch_desc=Neļauj atzara dzēšanu, kā arī ierobežo izmaiņu iesūtīšanu un sapludināšanu šajā atzarā.
 settings.protect_disable_push=Neļaut iesūtīt izmaiņas
@@ -2258,7 +2239,6 @@ settings.protect_enable_merge_desc=Ikviens ar rakstīšanas tiesībām varēst s
 settings.protect_check_status_contexts=Iespējot statusu pārbaudi
 settings.protect_status_check_patterns=Statusa pārbaudes šabloni:
 settings.protect_status_check_patterns_desc=Norādiet šablonus, kurām statusa pārbaudēm ir jāatbilst pirms atzaru iespējams sapludināt šajā atzarā, kas atbilst šim nosacījumam. Katru šablonu norādīt savā rindā, tie nevar būt tukši.
-settings.protect_check_status_contexts_desc=Nepieciešamas veiksmīgas statusa pārbaudes pirms sapludināšanas. Izvēlieties, kurām statusa pārbaudēm ir jāizpildās pirms ir iespejams tās sapludināt. Ja iespējots, tad revīzijas sākotnēji jānosūta uz atsevišķu atzaru, pēc kā var tikt saplusinātas vai tieši nosūtītas uz atzariem, kas atbildst veiksmīgām norādītajām stautsa pārbaudēm. Ja konteksts nav norādīts, pēdējai revīzijai ir jābūt veiksmīga neatkarīgi no konteksta.
 settings.protect_check_status_contexts_list=Statusu pārbaudes, kas šim repozitorijam bijušas pēdējās nedēļas laikā
 settings.protect_status_check_matched=Atbilst
 settings.protect_invalid_status_check_pattern=Kļūdains statusa pārbaudes šablons: "%s".
@@ -2276,12 +2256,9 @@ settings.protect_protected_file_patterns=Aizsargāto failu šablons (vairākus v
 settings.protect_protected_file_patterns_desc=Aizsargātie faili, ko nevar mainīt, pat ja lietotājam ir tiesības veidot jaunus, labot vai dzēst failus šajā atzarā. Vairākus šablons ir iespējams norādīt atdalot tos ar semikolu (';'). Sīkāka informācija par šabloniem pieejama <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> dokumentācijā. Piemēram, <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Neaizsargāto failu šablons (vairākus var norādīt atdalot ar semikolu ';'):
 settings.protect_unprotected_file_patterns_desc=Neaizsargātie faili, ko iespējams mainīt apejot iesūtīšanas ierobežojumus, ja lietotājam ir tiesības iesūtīt izmaiņas šajā atzarā. Vairākus šablons ir iespējams norādīt atdalot tos ar semikolu (';'). Sīkāka informācija par šabloniem pieejama <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> dokumentācijā. Piemēram, <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
-settings.add_protected_branch=Iespējot aizsargāšanu
-settings.delete_protected_branch=Atspējot aizsargāšanu
 settings.update_protect_branch_success=Atzara aizsardzības nosacījums "%s" tika saglabāta.
 settings.remove_protected_branch_success=Atzara aizsardzības nosacījums "%s" tika noņemts.
 settings.remove_protected_branch_failed=Neizdevās izdzēst atzara aizsardzības nosacījumu "%s".
-settings.protected_branch_deletion=Atspējot atzara aizsardzību
 settings.protected_branch_deletion_desc=Atspējojot atzara aizsardzību, ļaus lietotājiem ar rakstīšanas tiesībām nosūtīt izmaiņas uz atzaru. Vai turpināt?
 settings.block_rejected_reviews=Neļaut sapludināt izmaiņu pieprasījumus, kam ir pieprasītas izmaiņas
 settings.block_rejected_reviews_desc=Sapludināšana nebūs iespējama, kad ir pieprasītas izmaiņas, pat ja ir nepieciešamais apstiprinājumu skaits.
@@ -2291,7 +2268,6 @@ settings.block_outdated_branch=Bloķēt sapludināšanau, ja izmaiņu pieprasīj
 settings.block_outdated_branch_desc=Sapludināšana nebūs pieejama, ja atzars būs atpalicis no bāzes atzara.
 settings.default_branch_desc=Norādiet noklusēto repozitorija atzaru izmaiņu pieprasījumiem un koda revīzijām:
 settings.merge_style_desc=Sapludināšanas veidi
-settings.default_merge_style_desc=Noklusētais sapludināšanas veids izmaiņu pieprasījumiem:
 settings.choose_branch=Izvēlieties atzaru…
 settings.no_protected_branch=Nav neviena aizsargātā atzara.
 settings.edit_protected_branch=Labot
@@ -2509,7 +2485,6 @@ tag.create_success=Tags "%s" tika izveidots.
 
 topic.manage_topics=Pārvaldīt tēmas
 topic.done=Gatavs
-topic.count_prompt=Nevar pievienot vairāk kā 25 tēmas
 topic.format_prompt=Tēmai jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un punktus ('.') un var būt līdz 35 rakstzīmēm gara. Burtiem jābūt mazajiem.
 
 find_file.go_to_file=Iet uz failu
@@ -2578,7 +2553,6 @@ settings.delete_prompt=Šī darbība pilnībā dzēsīs šo organizāciju, kā a
 settings.confirm_delete_account=Apstiprināt dzēšanu
 settings.delete_org_title=Dzēst organizāciju
 settings.delete_org_desc=Organizācija tiks dzēsta neatgriezeniski. Vai turpināt?
-settings.hooks_desc=Pievienot tīmekļa āķus, kas nostrādās <strong>visiem repozitorijiem</strong> šajā organizācijā.
 
 settings.labels_desc=Pievienojiet iezīmes, kas var tikt izmantotas <strong>visos</strong> šīs organizācijas repozitorijos.
 
@@ -2603,7 +2577,6 @@ teams.leave.detail=Pamest organizāciju %s?
 teams.can_create_org_repo=Veidot jaunus repozitorijus
 teams.can_create_org_repo_helper=Komandas biedri varēs veidot jaunus repozitorijus šajā organizācijā. Izveidotājam tiks piešķirtas administratora tiesības uz jauno repozitoriju.
 teams.none_access=Nav piekļuves
-teams.none_access_helper=Komandai nebūs tiesību skatīties vai veikt citas darbības ar šo vienumu.
 teams.general_access=Vispārēja piekļuve
 teams.general_access_helper=Komandas tiesības tiks noteiktas pēc tabulas zemāk.
 teams.read_access=Skatīšanās
@@ -3117,7 +3090,6 @@ monitor.next=Nākošās izpildes laiks
 monitor.previous=Pēdējās izpildes laiks
 monitor.execute_times=Izpildes
 monitor.process=Darbojošies procesi
-monitor.stacktrace=Steka izsekojamība
 monitor.processes_count=%d procesi
 monitor.download_diagnosis_report=Lejupielādēt diagnostikas atskaiti
 monitor.desc=Apraksts
@@ -3125,8 +3097,6 @@ monitor.start=Sākuma laiks
 monitor.execute_time=Izpildes laiks
 monitor.last_execution_result=Rezultāts
 monitor.process.cancel=Atcelt procesu
-monitor.process.cancel_desc=Procesa atcelšana var radīt datu zaudējumus
-monitor.process.cancel_notices=Atcelt: <strong>%s</strong>?
 monitor.process.children=Apakšprocesi
 
 monitor.queues=Rindas
@@ -3220,7 +3190,6 @@ raw_minutes=minūtes
 
 [dropzone]
 default_message=Ievelciet failus vai nospiediet šeit, lai augšupielādētu.
-invalid_input_type=Šādus failus nav iespējams augšupielādēt.
 file_too_big=Faila izmērs ({{filesize}} MB) pārsniedz maksimāli atļauto izmēru ({{maxFilesize}} MB).
 remove_file=Noņemt failu
 
@@ -3289,7 +3258,6 @@ alpine.registry.key=Lejupielādējiet reģistra publisko RSA atslēgu direktorij
 alpine.registry.info=Izvēlieties $branch un $repository no saraksta zemāk.
 alpine.install=Lai uzstādītu pakotni, ir jāizpilda šī komanda:
 alpine.repository=Repozitorija informācija
-alpine.repository.branches=Atzari
 alpine.repository.repositories=Repozitoriji
 alpine.repository.architectures=Arhitektūras
 cargo.registry=Uzstādiet šo reģistru Cargo konfigurācijas failā, piemēram, <code>~/.cargo/config.toml</code>:
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index 6acb3140181..30c2a142709 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -143,7 +143,7 @@ network_error=Netwerk fout
 app_desc=Een eenvoudige, self-hosted Git service
 install=Makkelijk te installeren
 platform=Cross-platform
-platform_desc=Gitea werkt op alles waar <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> op kan compileren: Windows, macOS, Linux, ARM, etc. Kies het platform dat bij je past!
+platform_desc=Gitea werkt op alles waar <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> op kan compileren: Windows, macOS, Linux, ARM, etc. Kies het platform dat bij je past!
 lightweight=Lichtgewicht
 lightweight_desc=Gitea heeft hele lage systeemeisen, je kunt Gitea al draaien op een goedkope Raspberry Pi.
 license=Open Source
@@ -515,10 +515,8 @@ applications=Applicaties
 orgs=Beheer organisaties
 repos=Repositories
 delete=Verwijder account
-twofa=Twee factor authenticatie
 account_link=Gekoppelde Accounts
 organization=Organisaties
-webauthn=Beveiligingssleutels
 
 public_profile=Openbaar profiel
 password_username_disabled=Niet-lokale gebruikers kunnen hun gebruikersnaam niet veranderen. Neem contact op met de sitebeheerder voor meer details.
@@ -707,21 +705,17 @@ revoke_key=Intrekken
 revoke_oauth2_grant=Toegang intrekken
 revoke_oauth2_grant_description=Het intrekken van toegang voor deze derde partij applicatie zal deze applicatie geen toegang tot uw gegevens geven. Weet u het zeker?
 
-twofa_desc=Tweefactorauthenticatie verbetert de beveiliging van je account.
 twofa_is_enrolled=Je account is momenteel <strong>ingeschreven</strong> voor two-factor authenticatie.
 twofa_not_enrolled=Je account is momenteel niet ingeschreven voor two-factor authenticatie.
 twofa_disable=Schakel tweetrapsauthenticatie uit
-twofa_scratch_token_regenerate=Genereer een nieuwe herstelcode
 twofa_enroll=Two-factor authenticatie inschakelen
 twofa_disable_note=Je kan tweefactorauthenticatie indien nodig uitschakelen.
 twofa_disable_desc=Het uitschakelen van tweefactorauthenticatie maakt je account minder veilig. Doorgaan?
-regenerate_scratch_token_desc=Als je je herstelcode bent verloren, of als je deze al hebt gebruikt om in te loggen, kun je deze hier opnieuw instellen.
 twofa_disabled=Two-factor authenticatie is uitgeschakeld.
 scan_this_image=Scan deze afbeelding met je authenticatie applicatie:
 or_enter_secret=Of voer deze geheime code in: %s
 then_enter_passcode=En vul de toegangscode, die in de applicatie weergegeven wordt, in:
 passcode_invalid=De code is niet correct. Probeer het nogmaals.
-twofa_enrolled=Tweefactorsauthenticatie is geactiveerd voor dit account. Bewaar je token (%s) op een veilige plek, omdat hij maar één keer wordt weergegeven!
 twofa_failed_get_secret=Kon geheim niet ophalen.
 
 webauthn_desc=Beveiligingssleutels zijn hardware apparaten die cryptografische sleutels bevatten. Ze kunnen worden gebruikt voor tweestapsverificatie. Beveiligingssleutels moeten de <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standaard ondersteunen.
@@ -841,9 +835,7 @@ blame_prior=Bekijk de schuld voorafgaand aan deze verandering
 
 
 transfer.accept=Accepteer overdracht
-transfer.accept_desc=`Overmaken naar "%s"`
 transfer.reject=Overdracht afwijzen
-transfer.reject_desc=`Annuleer overdracht naar "%s"`
 
 desc.private=Privé
 desc.public=Openbaar
@@ -961,7 +953,6 @@ release=Release
 releases=Publicaties
 tag=Label
 released_this=heeft dit gepubliceerd
-file.title=%s op %s
 file_raw=Ruw
 file_history=Geschiedenis
 file_view_source=Bron weergeven
@@ -971,7 +962,6 @@ file_permalink=Permalink
 file_too_large=Dit bestand is te groot om te tonen.
 invisible_runes_line=`Deze lijn heeft onzichtbare unicode karakters`
 ambiguous_runes_line=`Deze lijn heeft dubbelzinnige unicode karakters`
-ambiguous_character=`%[1]c [U+%04[1]X] is verwarrend met %[2]c [U+%04[2]X]`
 
 escape_control_characters=Escape
 unescape_control_characters=Onescape
@@ -1453,9 +1443,7 @@ pulls.rebase_conflict_summary=Foutmelding
 pulls.unrelated_histories=Samenvoegen mislukt: de HEAD en base delen geen gemeenschappelijke geschiedenis. Tip: Probeer een andere strategie
 pulls.merge_out_of_date=Samenvoegen mislukt: Tijdens het samenvoegen is de basis bijgewerkt. Tip: Probeer het opnieuw.
 pulls.head_out_of_date=Samenvoegen mislukt: tijdens het genereren van de samenvoeging is de kop bijgewerkt. Tip: Probeer het opnieuw.
-pulls.push_rejected=Samenvoegen mislukt: De push is geweigerd. Controleer de Git Hooks voor deze repository.
 pulls.push_rejected_summary=Volledig afwijzingsbericht
-pulls.push_rejected_no_message=Samenvoegen mislukt: De push is afgewezen, maar er was geen extern bericht.<br>Controleer de Git Hooks voor deze repository
 pulls.open_unmerged_pull_exists=`Je kan deze pull-aanvraag niet opnieuw openen omdat er een andere (#%d) met identieke eigenschappen open staat.`
 pulls.status_checking=Sommige controles zijn in behandeling
 pulls.status_checks_success=Alle checks waren succesvol
@@ -1493,7 +1481,6 @@ milestones.closed=%s werd gesloten
 milestones.no_due_date=Geen vervaldatum
 milestones.open=Open
 milestones.close=Sluit
-milestones.completeness=%d%% Voltooid
 milestones.create=Mijlpaal maken
 milestones.title=Titel
 milestones.desc=Beschrijving
@@ -1805,12 +1792,7 @@ settings.key_name_used=Een deploy sleutel met dezelfde naam bestaat al.
 settings.deploy_key_deletion=Verwijder deploy sleutel
 settings.deploy_key_deletion_desc=Het verwijderen van een deploy sleutel zal de toegang tot deze repository intrekken. Doorgaan?
 settings.deploy_key_deletion_success=De deploy-sleutel is verwijderd.
-settings.branches=Branches
-settings.protected_branch=Branch bescherming
-settings.protected_branch_can_push=Push toestaan?
 settings.protected_branch_can_push_yes=U mag pushen
-settings.protected_branch_can_push_no=U mag niet pushen
-settings.branch_protection=Branch Bescherming voor branch '<b>%s</b>'
 settings.protect_this_branch=Branch bescherming inschakelen
 settings.protect_this_branch_desc=Voorkomt verwijdering en beperkt Git pushing en samenvoegen tot de branch.
 settings.protect_disable_push=Push uitschakelen
@@ -1818,7 +1800,6 @@ settings.protect_disable_push_desc=Geen pushes zijn toegestaan in deze branch.
 settings.protect_enable_push=Push inschakelen
 settings.protect_enable_push_desc=Iedereen met schrijftoegang heeft toegang om te pushen naar deze branch (maar niet force push).
 settings.protect_check_status_contexts=Status controle inschakelen
-settings.protect_check_status_contexts_desc=Statuscontroles zijn vereist om te kunnen samenvoegen. Kies welke statuscontroles moeten slagen voordat branches kunnen worden samengevoegd tot een branch die aan deze regel voldoet. Wanneer ingeschakeld, moeten commits eerst naar een andere branch worden gepusht, vervolgens samengevoegd of gepusht worden naar een branch die overeenkomt met deze regel nadat de statuscontroles zijn uitgevoerd. Als er geen contexten worden geselecteerd, moet de laatste commit succesvol zijn, ongeacht de context.
 settings.protect_check_status_contexts_list=Status controles gevonden in de afgelopen week voor deze repository
 settings.protect_required_approvals=Vereiste goedkeuringen:
 settings.protect_required_approvals_desc=Sta alleen toe om pull request samen te voegen met voldoende positieve beoordelingen.
@@ -1826,9 +1807,6 @@ settings.dismiss_stale_approvals=Verouderde goedkeuringen afwijzen
 settings.dismiss_stale_approvals_desc=Wanneer nieuwe commits die de inhoud van het pull-verzoek veranderen, naar de branch worden gepusht, worden oude goedkeuringen verwijderd.
 settings.require_signed_commits=Ondertekende Commits vereisen
 settings.require_signed_commits_desc=Weiger pushes naar deze branch als deze niet ondertekend of niet verifieerbaar is.
-settings.add_protected_branch=Bescherming aanzetten
-settings.delete_protected_branch=Bescherming uitzetten
-settings.protected_branch_deletion=Branch bescherming uitschakelen
 settings.protected_branch_deletion_desc=Branch bescherming uitschakelen zorgt ervoor dat gebruikers met schrijfrechten naar de branch kunnen pushen. Doorgaan?
 settings.block_rejected_reviews=Samenvoegen van afgewezen beoordelingen blokkeren
 settings.block_rejected_reviews_desc=Samenvoegen zal niet mogelijk zijn wanneer er wijzigingen worden aangevraagd door officiële beoordelaars, zelfs niet als er genoeg goedkeuringen zijn.
@@ -1837,7 +1815,6 @@ settings.block_on_official_review_requests_desc=Samenvoegen is niet mogelijk wan
 settings.block_outdated_branch=Samenvoegen blokkeren als pull request verouderd is
 settings.block_outdated_branch_desc=Samenvoegen is niet mogelijk als de hoofd branch achter loop op de basis branch.
 settings.default_branch_desc=Selecteer een standaard repository branch voor pull requests en code commits:
-settings.default_merge_style_desc=Standaard samenvoegstijl voor pull verzoeken:
 settings.choose_branch=Kies een branch…
 settings.no_protected_branch=Er zijn geen beschermde branches.
 settings.edit_protected_branch=Bewerken
@@ -1991,7 +1968,6 @@ branch.confirm_rename_branch=Hernoem branch
 
 topic.manage_topics=Beheer topics
 topic.done=Klaar
-topic.count_prompt=Je kunt niet meer dan 25 onderwerpen selecteren
 
 
 
@@ -2035,7 +2011,6 @@ settings.visibility.private=Privé (alleen zichtbaar voor organisatieleden)
 settings.visibility.private_shortname=Privé
 
 settings.update_settings=Instellingen bijwerken
-settings.update_setting_success=Organisatie instellingen zijn succesvol bijgewerkt.
 settings.update_avatar_success=De avatar van de organisatie is aangepast.
 settings.delete=Verwijder organisatie
 settings.delete_account=Verwijder deze organisatie
@@ -2467,8 +2442,6 @@ monitor.start=Starttijd
 monitor.execute_time=Uitvoertijd
 monitor.last_execution_result=Resultaat
 monitor.process.cancel=Annuleer proces
-monitor.process.cancel_desc=Annuleren van een proces kan gegevensverlies veroorzaken
-monitor.process.cancel_notices=Annuleer: <strong>%s</strong>?
 
 monitor.queues=Wachtrijen
 monitor.queue=Wachtrij: %s
@@ -2531,8 +2504,6 @@ raw_minutes=minuten
 
 [dropzone]
 default_message=Sleep bestanden hier heen of klik om te uploaden.
-invalid_input_type=U kunt geen bestanden van dit type uploaden.
-file_too_big=Bestandsgrootte ({{filesize}} MB) overschrijdt de maximale grootte ({{maxFilesize}} MB).
 remove_file=Verwijder bestand
 
 [notification]
@@ -2562,7 +2533,6 @@ error.unit_not_allowed=U heeft geen toegang tot deze sectie van de repository.
 [packages]
 filter.type=Type
 assets=Assets
-alpine.repository.branches=Branches
 alpine.repository.repositories=Repositories
 conan.details.repository=Opslagplaats
 rubygems.required.ruby=Vereist Ruby versie
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index 699ee641d46..c5fd326258c 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -140,7 +140,6 @@ network_error=Błąd sieci
 app_desc=Bezbolesna usługa Git na własnym serwerze
 install=Łatwa instalacja
 platform=Wieloplatformowość
-platform_desc=Gitea ruszy gdziekolwiek <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> jest możliwe do skompilowania: Windows, macOS, Linux, ARM, itd. Wybierz swój ulubiony system!
 lightweight=Niskie wymagania
 lightweight_desc=Gitea ma niskie minimalne wymagania i może działać na niedrogim Raspberry Pi. Oszczędzaj energię swojego komputera!
 license=Otwarte źródło
@@ -500,10 +499,8 @@ applications=Aplikacje
 orgs=Zarządzaj organizacjami
 repos=Repozytoria
 delete=Usuń konto
-twofa=Autoryzacja dwuetapowa
 account_link=Powiązane Konta
 organization=Organizacje
-webauthn=Klucze bezpieczeństwa
 
 public_profile=Profil publiczny
 password_username_disabled=Użytkownicy nielokalni nie mogą zmieniać swoich nazw. Aby uzyskać więcej informacji, skontaktuj się z administratorem strony.
@@ -668,21 +665,17 @@ revoke_key=Odwołaj
 revoke_oauth2_grant=Odwołaj dostęp
 revoke_oauth2_grant_description=Odwołanie dostępu dla tej aplikacji uniemożliwi jej korzystanie z Twoich danych. Czy jesteś pewny(-a)?
 
-twofa_desc=Weryfikacja dwuskładnikowa zwiększa bezpieczeństwo Twojego konta.
 twofa_is_enrolled=Twoje konto ma obecnie <strong>włączoną</strong> autoryzację dwuetapową.
 twofa_not_enrolled=Twoje konto obecnie nie ma włączonej autoryzacji dwuetapowej.
 twofa_disable=Wyłącz weryfikację dwuetapową
-twofa_scratch_token_regenerate=Wygeneruj ponownie kod jednorazowy
 twofa_enroll=Włącz weryfikację dwuskładnikową
 twofa_disable_note=W każdej chwili możesz wyłączyć weryfikację dwuskładnikową.
 twofa_disable_desc=Wyłączenie weryfikacji dwuetapowej sprawi, że Twoje konto będzie mniej bezpieczne. Kontynuować?
-regenerate_scratch_token_desc=Jeśli zgubiłeś(-aś) lub zużyłeś(-aś) swój kod jednorazowy, możesz go wygenerować ponownie tutaj.
 twofa_disabled=Dwuetapowa autoryzacja została wyłączona.
 scan_this_image=Zeskanuj ten obraz za pomocą swojej aplikacji uwierzytelniającej:
 or_enter_secret=Lub wprowadź sekret: %s
 then_enter_passcode=Oraz wpisz kod dostępu pokazany w aplikacji:
 passcode_invalid=Kod dostępu jest nieprawidłowy. Spróbuj ponownie.
-twofa_enrolled=Na Twoim koncie została uruchomiona weryfikacja dwuetapowa. Przechowuj swój kod jednorazowy (%s) w bezpiecznym miejscu, gdyż jest widoczny tylko raz!
 twofa_failed_get_secret=Nie udało się uzyskać sekretu.
 
 webauthn_register_key=Dodaj klucz bezpieczeństwa
@@ -787,9 +780,7 @@ delete_preexisting_success=Usunięto nieprzyjęte pliki w %s
 
 
 transfer.accept=Akceptuj transfer
-transfer.accept_desc=`Przenieś do "%s"`
 transfer.reject=Odrzuć transfer
-transfer.reject_desc=`Anuluj transfer do "%s"`
 
 desc.private=Prywatne
 desc.public=Publiczne
@@ -902,7 +893,6 @@ release=Wydanie
 releases=Wydania
 tag=Tag
 released_this=wydał to
-file.title=%s w %s
 file_raw=Czysty
 file_history=Historia
 file_view_source=Zobacz Źródło
@@ -1346,7 +1336,6 @@ milestones.closed=Zamknięto %s
 milestones.no_due_date=Nie ustalono terminu
 milestones.open=Otwórz
 milestones.close=Zamknij
-milestones.completeness=%d%% Ukończono
 milestones.create=Utwórz kamień milowy
 milestones.title=Tytuł
 milestones.desc=Opis
@@ -1505,7 +1494,6 @@ settings.enable_timetracker=Włącz śledzenie czasu
 settings.allow_only_contributors_to_track_time=Zezwalaj wyłącznie współpracownikom na śledzenie czasu
 settings.pulls_desc=Włącz Pull Requesty w repozytorium
 settings.pulls.ignore_whitespace=Ignoruj znaki białe w konfliktach
-settings.projects_desc=Włącz projekty w repozytorium
 settings.admin_settings=Ustawienia administratora
 settings.admin_enable_health_check=Włącz sprawdzanie stanu zdrowia repozytoriów (git fsck)
 settings.admin_enable_close_issues_via_commit_in_any_branch=Zamknij zgłoszenie poprzez commit wprowadzony do nie-domyślnej gałęzi
@@ -1672,12 +1660,6 @@ settings.key_name_used=Klucz wdrożeniowy z identyczną nazwą już istnieje.
 settings.deploy_key_deletion=Usuń klucz wdrożeniowy
 settings.deploy_key_deletion_desc=Usunięcie klucza wdrożeniowego wycofa jego dostęp do tego repozytorium. Kontynuować?
 settings.deploy_key_deletion_success=Klucz wdrożeniowy został usunięty.
-settings.branches=Gałęzie
-settings.protected_branch=Ochrona gałęzi
-settings.protected_branch_can_push=Umożliwić push?
-settings.protected_branch_can_push_yes=Możesz wysyłać
-settings.protected_branch_can_push_no=Nie możesz wysyłać
-settings.branch_protection=`Ochrona gałęzi dla "<b>%s</b>"`
 settings.protect_this_branch=Włącz ochronę gałęzi
 settings.protect_this_branch_desc=Zapobiega usunięciu oraz ogranicza wypychanie i scalanie zmian do tej gałęzi.
 settings.protect_disable_push=Wyłącz wypychanie
@@ -1685,7 +1667,6 @@ settings.protect_disable_push_desc=Wypychanie do tej gałęzi nie będzie możli
 settings.protect_enable_push=Włącz wypychanie
 settings.protect_enable_push_desc=Każdy użytkownik z uprawnieniem zapisu będzie miał możliwość wypychania do tej gałęzi (oprócz wymuszonego wypchnięcia).
 settings.protect_check_status_contexts=Włącz kontrolę stanu
-settings.protect_check_status_contexts_desc=Wymagaj powodzenia kontroli stanów przed scalaniem. Wybierz które kontrole stanów muszą zostać ukończone pomyślnie, zanim gałęzie będą mogły zostać scalone z gałęzią, która pokrywa się z tą zasadą. Kiedy włączone, commity muszą być najpierw wypchnięte do innej gałęzi, a następnie scalone lub wypchnięte bezpośrednio do gałęzi, która pokrywa się z tą zasadą po pomyślnej kontroli stanów. Jeżeli nie zostaną wybrane konteksty, ostatni commit musi zakończyć się powodzeniem niezależnie od kontekstu.
 settings.protect_check_status_contexts_list=Kontrole stanów w poprzednim tygodniu dla tego repozytorium
 settings.protect_required_approvals=Wymagane zatwierdzenia:
 settings.protect_required_approvals_desc=Zezwól na scalanie Pull Requestów tylko z wystarczającą ilością pozytywnych recenzji.
@@ -1693,9 +1674,6 @@ settings.dismiss_stale_approvals=Unieważnij przestarzałe zatwierdzenia
 settings.dismiss_stale_approvals_desc=Kiedy nowe commity zmieniające zawartość Pull Requesta są wypychane do gałęzi, wcześniejsze zatwierdzenia zostaną unieważnione.
 settings.require_signed_commits=Wymagaj podpisanych commitów
 settings.require_signed_commits_desc=Odrzucaj zmiany wypychane do tej gałęzi, jeśli nie są podpisane, lub są niemożliwe do zweryfikowania.
-settings.add_protected_branch=Włącz ochronę
-settings.delete_protected_branch=Wyłącz ochronę
-settings.protected_branch_deletion=Wyłącz ochronę gałęzi
 settings.protected_branch_deletion_desc=Wyłączenie ochrony gałęzi pozwoli użytkownikom z uprawnieniami zapisu do przekazywania zmian do gałęzi. Kontynuować?
 settings.block_rejected_reviews=Zablokuj scalanie przy odrzuconych recenzjach
 settings.block_rejected_reviews_desc=Scalanie nie będzie możliwe, jeżeli zostały zażądane zmiany przez oficjalnych recenzentów nawet, jeśli jest wystarczająca ilość zatwierdzeń.
@@ -1703,7 +1681,6 @@ settings.block_on_official_review_requests_desc=Połączenie nie będzie możliw
 settings.block_outdated_branch=Zablokuj scalanie, jeśli pull request jest nieaktualny
 settings.block_outdated_branch_desc=Scalanie nie będzie możliwe, gdy gałąź główna jest za gałęzią bazową.
 settings.default_branch_desc=Wybierz domyślną gałąź repozytorium dla Pull Requestów i commitów kodu:
-settings.default_merge_style_desc=Domyślny styl scalania dla pull requestów:
 settings.choose_branch=Wybierz gałąź…
 settings.no_protected_branch=Nie ma chronionych gałęzi.
 settings.edit_protected_branch=Zmień
@@ -1858,7 +1835,6 @@ tag.create_tag=Utwóz tag <strong>%s</strong>
 
 topic.manage_topics=Zarządzaj tematami
 topic.done=Gotowe
-topic.count_prompt=Nie możesz wybrać więcej, niż 25 tematów
 
 
 error.csv.too_large=Nie można wyświetlić tego pliku, ponieważ jest on zbyt duży.
@@ -2420,7 +2396,6 @@ raw_minutes=minut
 
 [dropzone]
 default_message=Upuść pliki tutaj lub kliknij, aby przesłać.
-invalid_input_type=Nie można przesłać plików tego typu.
 file_too_big=Rozmiar pliku ({{filesize}} MB) przekracza maksymalny rozmiar ({{maxFilesize}} MB).
 remove_file=Usuń plik
 
@@ -2452,7 +2427,6 @@ error.unit_not_allowed=Nie masz uprawnień do tej sekcji repozytorium.
 
 [packages]
 filter.type=Typ
-alpine.repository.branches=Gałęzie
 alpine.repository.repositories=Repozytoria
 conan.details.repository=Repozytorium
 owner.settings.cleanuprules.enabled=Włączone
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 10f8f4c2b13..b48e67f45df 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -194,7 +194,6 @@ network_error=Erro de rede
 app_desc=Um serviço de hospedagem Git amigável
 install=Fácil de instalar
 platform=Multi-plataforma
-platform_desc=Gitea roda em qualquer sistema operacional em que <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> consegue compilar: Windows, macOS, Linux, ARM, etc. Escolha qual você gosta mais!
 lightweight=Leve e rápido
 lightweight_desc=Gitea utiliza poucos recursos e consegue mesmo rodar no barato Raspberry Pi. Economize energia elétrica da sua máquina!
 license=Código aberto
@@ -620,11 +619,9 @@ applications=Aplicativos
 orgs=Gerenciar organizações
 repos=Repositórios
 delete=Excluir conta
-twofa=Autenticação de dois fatores
 account_link=Contas vinculadas
 organization=Organizações
 uid=UID
-webauthn=Chaves de segurança
 
 public_profile=Perfil público
 biography_placeholder=Conte-nos um pouco sobre você! (Você pode usar Markdown)
@@ -855,23 +852,18 @@ revoke_oauth2_grant=Revogar acesso
 revoke_oauth2_grant_description=Revogando o acesso para este aplicativo de terceiros impedirá este aplicativo de acessar seus dados. Tem certeza?
 revoke_oauth2_grant_success=Acesso revogado com sucesso.
 
-twofa_desc=Autenticação de dois fatores melhora a segurança de sua conta.
 twofa_recovery_tip=Se você perder o seu dispositivo, você será capaz de usar uma chave de recuperação de uso único para recuperar o acesso à sua conta.
 twofa_is_enrolled=Sua conta está atualmente <strong>habilitada</strong> com autenticação de dois fatores.
 twofa_not_enrolled=Sua conta não está atualmente inscrita para a autenticação em duas etapas.
 twofa_disable=Desabilitar a autenticação de dois fatores
-twofa_scratch_token_regenerate=Gerar novamente o token de backup
-twofa_scratch_token_regenerated=Seu token agora é %s. Guarde-a em um local seguro, pois ela nunca mais será exibido.
 twofa_enroll=Inscrever para a autenticação de dois fatores
 twofa_disable_note=Você pode desabilitar a autenticação de dois fatores se necessário.
 twofa_disable_desc=Desabilitar a autenticação de dois fatores tornará sua conta menos segura. Tem certeza que deseja continuar?
-regenerate_scratch_token_desc=Se você perdeu o seu token de backup, ou teve que usá-lo para realizar um acesso, você pode redefini-lo.
 twofa_disabled=A autenticação de dois fatores foi desabilitada.
 scan_this_image=Escaneie esta imagem com o seu aplicativo de autenticação:
 or_enter_secret=Ou digite esse código: %s
 then_enter_passcode=E insira a senha mostrada no aplicativo:
 passcode_invalid=Esse código de acesso é inválido. Tente novamente.
-twofa_enrolled=Sua conta foi inscrita na autenticação de dois fatores. Armazene seu token de backup (%s) em um local seguro, pois ele é exibido apenas uma vez!
 twofa_failed_get_secret=Falha ao obter o segredo.
 
 webauthn_desc=Chaves de segurança são dispositivos de hardware que contém chaves de criptografia. Elas podem ser usadas para autenticação de dois fatores. A chave de segurança deve suportar o padrão <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthnn Authenticator</a>.
@@ -1009,9 +1001,7 @@ author_search_tooltip=Mostra um máximo de 30 usuários
 
 
 transfer.accept=Aceitar transferência
-transfer.accept_desc=`Transferir para "%s"`
 transfer.reject=Rejeitar transferência
-transfer.reject_desc=`Cancelar a transferência para "%s"`
 transfer.no_permission_to_accept=Você não tem permissão para aceitar essa transferência.
 transfer.no_permission_to_reject=Você não tem permissão para rejeitar essa transferência.
 
@@ -1145,7 +1135,6 @@ releases=Versões
 tag=Tag
 released_this=lançou isto
 tagged_this=criou essa tag
-file.title=%s em %s
 file_raw=Original
 file_history=Histórico
 file_view_source=Exibir código-fonte
@@ -1159,7 +1148,6 @@ ambiguous_runes_header=`Este arquivo contém caracteres Unicode ambíguos`
 ambiguous_runes_description=`Este arquivo contém caracteres Unicode que podem ser confundidos com outros caracteres. Se você acha que isso é intencional, pode ignorar esse aviso com segurança. Use o botão Escapar para revelá-los
 invisible_runes_line=`Esta linha tem caracteres unicode invisíveis`
 ambiguous_runes_line=`Esta linha tem caracteres unicode ambíguos`
-ambiguous_character=`%[1]c [U+%04[1]X] é confundível com o %[2]c [U+%04[2]X]`
 
 escape_control_characters=Escapar
 unescape_control_characters=Desescapar
@@ -1750,9 +1738,7 @@ pulls.rebase_conflict_summary=Mensagem de Erro
 pulls.unrelated_histories=Merge falhou: O merge do principal e da base não compartilham uma história comum. Dica: Tente uma estratégia diferente
 pulls.merge_out_of_date=Merge falhou: durante a geração do merge, a base não foi atualizada. Dica: Tente novamente.
 pulls.head_out_of_date=O merge falhou: Enquanto gerava o merge, a head foi atualizada. Dica: Tente novamente.
-pulls.push_rejected=O merge falhou: O push foi rejeitado. Revise os Git Hooks para este repositório.
 pulls.push_rejected_summary=Mensagem completa da rejeição
-pulls.push_rejected_no_message=O merge falhou: O push foi rejeitado mas não houve mensagem remota.<br>Revise os Git Hooks para este repositório
 pulls.open_unmerged_pull_exists=`Não é possível executar uma operação de reabertura pois há um pull request pendente (#%d) com propriedades idênticas.`
 pulls.status_checking=Algumas verificações estão pendentes
 pulls.status_checks_success=Todas as verificações foram bem sucedidas
@@ -1804,7 +1790,6 @@ milestones.no_due_date=Sem data limite
 milestones.open=Reabrir
 milestones.close=Fechar
 milestones.new_subheader=Os marcos podem ajudá-lo a organizar os problemas e acompanhar seu progresso.
-milestones.completeness=%d%% concluído
 milestones.create=Criar marco
 milestones.title=Título
 milestones.desc=Descrição
@@ -2010,7 +1995,6 @@ settings.pulls.default_delete_branch_after_merge=Excluir o branch de pull reques
 settings.pulls.default_allow_edits_from_maintainers=Permitir edições de mantenedores por padrão
 settings.releases_desc=Habilitar versões do Repositório
 settings.packages_desc=Habilitar Registro de Pacotes de Repositório
-settings.projects_desc=Habilitar Projetos do Repositório
 settings.projects_mode_all=Todos os projetos
 settings.actions_desc=Habilitar ações do repositório
 settings.admin_settings=Configurações do administrador
@@ -2215,14 +2199,8 @@ settings.key_name_used=Uma chave de deploy já existe com esse mesmo nome.
 settings.deploy_key_deletion=Remover chave de deploy
 settings.deploy_key_deletion_desc=A exclusão de uma chave de deploy irá revogar o seu acesso a este repositório. Continuar?
 settings.deploy_key_deletion_success=A chave de deploy foi removida.
-settings.branches=Branches
-settings.protected_branch=Proteção de Branch
 settings.protected_branch.save_rule=Salvar Regra
 settings.protected_branch.delete_rule=Excluir Regra
-settings.protected_branch_can_push=Permitir push?
-settings.protected_branch_can_push_yes=Você pode fazer push
-settings.protected_branch_can_push_no=Você não pode fazer push
-settings.branch_protection=Proteção de Branch para '<b>%s</b>'
 settings.protect_this_branch=Habilitar Proteção de Branch
 settings.protect_this_branch_desc=Previne a exclusão e restringe o merge e push para o branch.
 settings.protect_disable_push=Desabilitar push
@@ -2231,7 +2209,6 @@ settings.protect_enable_push=Habilitar push
 settings.protect_enable_push_desc=Qualquer pessoa com acesso de escrita terá permissão para realizar push neste branch (mas não forçar o push).
 settings.protect_enable_merge=Permitir merge
 settings.protect_check_status_contexts=Habilitar verificação de status
-settings.protect_check_status_contexts_desc=Exigir que as verificações de status passem antes de fazer merge. Escolha quais verificações de status devem passar antes que os branches possam ter o merge aplicado em um branch que corresponda a esta regra. Quando habilitado, os commits devem primeiro ser enviados para outro branch, então faça merge ou push diretamente para um branch que corresponde a esta regra após a verificação de status ter passado. Se nenhum contexto for selecionado, o último commit deve ser bem sucedido, independentemente do contexto.
 settings.protect_check_status_contexts_list=Verificações de status encontradas na última semana para este repositório
 settings.protect_required_approvals=Aprovações necessárias:
 settings.protect_required_approvals_desc=Permite apenas realizar merge do pull request com avaliações positivas suficientes.
@@ -2245,12 +2222,9 @@ settings.protect_protected_file_patterns=Padrões de arquivos protegidos (separa
 settings.protect_protected_file_patterns_desc=Arquivos protegidos não podem ser alterados diretamente, mesmo que o usuário tenha direitos para adicionar, editar ou excluir arquivos neste branch. Vários padrões podem ser separados usando ponto e vírgula (';'). Consulte a documentação <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> para a sintaxe padrão. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Padrões de arquivos desprotegidos (separados usando ponto e vírgula ';'):
 settings.protect_unprotected_file_patterns_desc=Arquivos não protegidos que podem ser alterados diretamente se o usuário tiver acesso de gravação, ignorando as restrições de push. Vários padrões podem ser separados usando ponto e vírgula (\;'). Veja <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> documentação para sintaxe de padrões. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
-settings.add_protected_branch=Habilitar proteção
-settings.delete_protected_branch=Desabilitar proteção
 settings.update_protect_branch_success=Proteção do branch "%s" foi atualizada.
 settings.remove_protected_branch_success=Proteção do branch "%s" foi desabilitada.
 settings.remove_protected_branch_failed=Removendo regra de proteção de branch "%s" falhou.
-settings.protected_branch_deletion=Desabilitar proteção de branch
 settings.protected_branch_deletion_desc=Desabilitar a proteção de branch permite que os usuários com permissão de escrita realizem push. Continuar?
 settings.block_rejected_reviews=Bloquear merge em revisões rejeitadas
 settings.block_rejected_reviews_desc=O merge não será possível quando são solicitadas alterações pelos revisores oficiais, mesmo que haja aprovação suficiente.
@@ -2260,7 +2234,6 @@ settings.block_outdated_branch=Bloquear o merge se o pull request estiver desatu
 settings.block_outdated_branch_desc=O merge não será possível quando o branch de topo estiver atrás do branch base.
 settings.default_branch_desc=Selecione um branch padrão para pull requests e commits de código:
 settings.merge_style_desc=Estilos de Merge
-settings.default_merge_style_desc=Estilo de merge padrão para pull requests:
 settings.choose_branch=Escolha um branch...
 settings.no_protected_branch=Não há branches protegidos.
 settings.edit_protected_branch=Editar
@@ -2469,7 +2442,6 @@ tag.create_success=Tag "%s" criada.
 
 topic.manage_topics=Gerenciar Tópicos
 topic.done=Feito
-topic.count_prompt=Você não pode selecionar mais de 25 tópicos
 
 find_file.go_to_file=Ir para arquivo
 find_file.no_matching=Nenhum arquivo correspondente encontrado
@@ -2559,7 +2531,6 @@ teams.leave.detail=Sair de %s?
 teams.can_create_org_repo=Criar repositórios
 teams.can_create_org_repo_helper=Membros podem criar novos repositórios na organização. O criador terá acesso administrativo ao novo repositório.
 teams.none_access=Sem Acesso
-teams.none_access_helper=Os membros não podem ver ou fazer qualquer outra ação nesta unidade.
 teams.general_access=Acesso Geral
 teams.general_access_helper=As permissões dos membros serão decididas pela tabela de permissões abaixo.
 teams.read_access=Leitura
@@ -2979,7 +2950,6 @@ config.default_enable_timetracking=Habilitar o Cronômetro por Padrão
 config.default_allow_only_contributors_to_track_time=Permitir que apenas os colaboradores acompanhem o contador de tempo
 config.no_reply_address=Ocultar domínio de e-mail
 config.default_visibility_organization=Visibilidade padrão para novas organizações
-config.default_enable_dependencies=Habilitar dependências de issue por padrão
 
 config.webhook_config=Configuração de Hook da Web
 config.queue_length=Tamanho da fila
@@ -3058,7 +3028,6 @@ monitor.next=Próxima vez
 monitor.previous=Vez anterior
 monitor.execute_times=Execuções
 monitor.process=Processos em execução
-monitor.stacktrace=Stacktraces
 monitor.processes_count=%d processos
 monitor.download_diagnosis_report=Baixar relatório de diagnóstico
 monitor.desc=Descrição
@@ -3066,8 +3035,6 @@ monitor.start=Hora de início
 monitor.execute_time=Tempo de execução
 monitor.last_execution_result=Resultado
 monitor.process.cancel=Cancelar processo
-monitor.process.cancel_desc=Cancelar um processo pode causar perda de dados
-monitor.process.cancel_notices=Cancelar: <strong>%s</strong>?
 monitor.process.children=Descendentes
 
 monitor.queues=Filas
@@ -3157,7 +3124,6 @@ raw_minutes=minutos
 
 [dropzone]
 default_message=Arraste e solte arquivos aqui, ou clique para selecioná-los.
-invalid_input_type=Você não pode enviar arquivos deste tipo.
 file_too_big=Tamanho de arquivo ({{filesize}} MB) excede o máximo de ({{maxFilesize}} MB).
 remove_file=Remover arquivo
 
@@ -3225,7 +3191,6 @@ alpine.registry.key=Baixe a chave RSA pública do registro para a pasta <code>/e
 alpine.registry.info=Escolha o $branch e $repository da lista abaixo.
 alpine.install=Para instalar o pacote, execute o seguinte comando:
 alpine.repository=Informações do repositório
-alpine.repository.branches=Branches
 alpine.repository.repositories=Repositórios
 alpine.repository.architectures=Arquiteturas
 cargo.registry=Configurar este registro no arquivo de configuração de Cargo (por exemplo <code>~/.cargo/config.toml</code>):
@@ -3301,7 +3266,6 @@ settings.link=Vincular este pacote a um repositório
 settings.link.description=Se você vincular um pacote a um repositório, o pacote será listado na lista de pacotes do repositório.
 settings.link.select=Selecionar Repositório
 settings.link.button=Atualizar Link do Repositório
-settings.link.success=Link do repositório foi atualizado com sucesso.
 settings.link.error=Falha ao atualizar o link do repositório.
 settings.delete=Excluir o pacote
 settings.delete.description=A exclusão de um pacote é permanente e não pode ser desfeita.
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 33b87267f90..3be3c7ff7b7 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -229,7 +229,6 @@ app_desc=Um serviço Git auto-hospedado e fácil de usar
 install=Fácil de instalar
 install_desc=Corra, simplesmente, <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">o ficheiro binário executável</a> para a sua plataforma, despache-o com o <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, ou obtenha-o sob a forma de <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">pacote</a>.
 platform=Multiplataforma
-platform_desc=Gitea corre em qualquer plataforma onde possa compilar em linguagem <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a>: Windows, macOS, Linux, ARM, etc. Escolha a sua preferida!
 lightweight=Leve
 lightweight_desc=Gitea requer poucos recursos e pode correr num simples Raspberry Pi. Economize a energia da sua máquina!
 license=Código aberto
@@ -406,7 +405,6 @@ reset_password_mail_sent_prompt=Foi enviado um email de confirmação para <b>%s
 active_your_account=Ponha a sua conta em funcionamento
 account_activated=A conta foi posta em funcionamento
 prohibit_login=Início de sessão proibido
-prohibit_login_desc=A sua conta está proibida de iniciar sessão. Contacte o administrador.
 resent_limit_prompt=Já fez um pedido recentemente para enviar um email para pôr a conta em funcionamento. Espere 3 minutos e tente novamente.
 has_unconfirmed_mail=Olá %s, tem um endereço de email não confirmado (<b>%s</b>). Se não recebeu um email de confirmação ou precisa de o voltar a enviar, clique no botão abaixo.
 change_unconfirmed_mail_address=Se o seu endereço de email estiver errado, pode mudá-lo aqui e enviar um novo email de confirmação.
@@ -418,7 +416,6 @@ invalid_code=O seu código de confirmação é inválido ou expirou.
 invalid_code_forgot_password=O seu código de confirmação é inválido ou já expirou. Clique <a href="%s">aqui</a> para iniciar uma nova sessão.
 invalid_password=A sua senha não corresponde à senha que foi usada para criar a conta.
 reset_password_helper=Recuperar conta
-reset_password_wrong_user=Tem conta iniciada como %s, mas a ligação de recuperação de conta é para %s
 password_too_short=O tamanho da senha não pode ser inferior a %d caracteres.
 non_local_account=Os utilizadores não-locais não podem alterar a sua senha através da interface web do Gitea.
 verify=Validar
@@ -454,7 +451,6 @@ authorize_application_created_by=Esta aplicação foi criada por %s.
 authorize_application_description=Se conceder acesso, a aplicação terá privilégios para alterar toda a informação da conta, incluindo repositórios e organizações privados.
 authorize_title=Autorizar o acesso de "%s" à sua conta?
 authorization_failed=A autorização falhou
-authorization_failed_desc=A autorização falhou porque encontrámos um pedido inválido. Entre em contacto com o responsável pela aplicação que tentou autorizar.
 sspi_auth_failed=Falhou a autenticação SSPI
 password_pwned=A senha utilizada está numa <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">lista de senhas roubadas</a> anteriormente expostas em fugas de dados públicas. Tente novamente com uma senha diferente e considere também mudar esta senha nos outros sítios.
 password_pwned_err=Não foi possível completar o pedido ao HaveIBeenPwned
@@ -474,7 +470,6 @@ activate_account.text_1=Olá <b>%[1]s</b>, obrigado por se registar em %[2]s!
 activate_account.text_2=Clique, por favor, na ligação seguinte para activar a sua conta dentro de <b>%s</b>:
 
 activate_email=Valide o seu endereço de email
-activate_email.title=%s, por favor valide o seu endereço de email
 activate_email.text=Por favor clique na seguinte ligação para validar o seu endereço de email dentro de <b>%s</b>:
 
 register_notify=Bem-vindo(a) a %s
@@ -694,11 +689,9 @@ applications=Aplicações
 orgs=Gerir organizações
 repos=Repositórios
 delete=Eliminar a conta
-twofa=Autenticação em dois passos
 account_link=Contas vinculadas
 organization=Organizações
 uid=UID
-webauthn=Chaves de segurança
 
 public_profile=Perfil público
 biography_placeholder=Conte-nos um pouco sobre si! (Pode usar Markdown)
@@ -716,7 +709,6 @@ update_language_success=O idioma foi modificado.
 update_profile_success=O seu perfil foi modificado.
 change_username=O seu nome de utilizador foi modificado.
 change_username_prompt=Note: Mudar o seu nome de utilizador também muda o URL da sua conta.
-change_username_redirect_prompt=O antigo nome de utilizador, enquanto não for reivindicado, irá reencaminhar para o novo.
 continue=Continuar
 cancel=Cancelar
 language=Idioma
@@ -796,7 +788,6 @@ add_email_success=O novo endereço de email foi adicionado.
 email_preference_set_success=As preferências relativas ao email foram definidas com sucesso.
 add_openid_success=O novo endereço OpenID foi adicionado.
 keep_email_private=Ocultar endereço de email
-keep_email_private_popup=Isto irá ocultar o seu endereço de email no seu perfil, assim como quando fizer um pedido de integração ou editar um ficheiro usando a interface web. Cometimentos enviados não serão modificados.
 openid_desc=O OpenID permite delegar a autenticação num fornecedor externo.
 
 manage_ssh_keys=Gerir chaves SSH
@@ -911,8 +902,6 @@ remove_oauth2_application_desc=Remover uma aplicação OAuth2 irá revogar o ace
 remove_oauth2_application_success=A aplicação foi eliminada.
 create_oauth2_application=Criar uma nova aplicação OAuth2
 create_oauth2_application_button=Criar aplicação
-create_oauth2_application_success=Criou com sucesso uma nova aplicação OAuth2.
-update_oauth2_application_success=Modificou com sucesso a aplicação OAuth2.
 oauth2_application_name=Nome da aplicação
 oauth2_confidential_client=Cliente confidencial. Escolha esta opção para aplicações que mantêm o segredo confidencial, tais como aplicações web. Não escolha esta opção para aplicações nativas, incluindo aplicações para computador e aplicações móveis.
 oauth2_skip_secondary_authorization=Saltar a autorização para clientes públicos depois de lhes ceder acesso uma vez. <strong>Pode representar um risco de segurança.</strong>
@@ -925,8 +914,6 @@ oauth2_regenerate_secret_hint=Perdeu o seu segredo?
 oauth2_client_secret_hint=O segredo não voltará a ser mostrado depois de sair ou refrescar esta página. Certifique-se de que o guardou.
 oauth2_application_edit=Editar
 oauth2_application_create_description=As aplicações OAuth2 dão à sua aplicação de terceiros acesso a contas de utilizador nesta instância.
-oauth2_application_remove_description=A remoção de uma aplicação OAuth2 impedi-la-á de aceder a contas de utilizador autorizadas nesta instância. Quer continuar?
-oauth2_application_locked=O Gitea pré-regista algumas aplicações OAuth2 no arranque, se for habilitado na configuração. Para evitar comportamentos inesperados, estas não podem ser editadas nem removidas. Consulte a documentação sobre o OAuth2, para obter mais informações.
 
 authorized_oauth2_applications=Aplicações OAuth2 autorizadas
 authorized_oauth2_applications_description=Concedeu acesso à sua conta pessoal do Gitea a estas aplicações de terceiros. Por favor, revogue o acesso às aplicações que já não precisa.
@@ -935,23 +922,18 @@ revoke_oauth2_grant=Revogar acesso
 revoke_oauth2_grant_description=Revogar o acesso desta aplicação de terceiros impedi-la-á de aceder aos seus dados. Tem a certeza?
 revoke_oauth2_grant_success=Acesso revogado com sucesso.
 
-twofa_desc=Autenticação em dois passos melhora a segurança da sua conta.
 twofa_recovery_tip=Se perder o seu dispositivo, poderá usar uma chave de recuperação de utilização única para voltar a ter acesso à sua conta.
 twofa_is_enrolled=A autenticação em dois passos <strong>está neste momento habilitada</strong> na sua conta.
 twofa_not_enrolled=A autenticação em dois passos não está neste momento habilitada na sua conta.
 twofa_disable=Desabilitar autenticação em dois passos
-twofa_scratch_token_regenerate=Voltar a gerar o código de recuperação
-twofa_scratch_token_regenerated=O seu código de recuperação agora é %s. Guarde-o num lugar seguro, não será mostrado novamente.
 twofa_enroll=Habilitar autenticação em dois passos
 twofa_disable_note=Pode desabilitar a autenticação em dois passos, se for necessário.
 twofa_disable_desc=Desabilitar a autenticação em dois passos tornará a sua conta menos segura. Quer continuar?
-regenerate_scratch_token_desc=Se perdeu o seu código de recuperação ou já o usou para iniciar uma sessão, pode restaurá-lo aqui.
 twofa_disabled=A autenticação em dois passos foi desabilitada.
 scan_this_image=Digitalize esta imagem com a sua aplicação de autenticação:
 or_enter_secret=Ou insira o segredo: %s
 then_enter_passcode=E insira o código apresentado na aplicação:
 passcode_invalid=O código está errado. Tente de novo.
-twofa_enrolled=A sua conta usa autenticação em dois passos. Guarde o seu código de recuperação (%s) num lugar seguro porque é mostrado somente uma vez!
 twofa_failed_get_secret=Falhou a obtenção do segredo.
 
 webauthn_desc=Chaves de segurança são dispositivos de hardware contendo chaves criptográficas. Podem ser usadas para autenticação em dois passos. As chaves de segurança têm de suportar o standard <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">Autenticador WebAuthn</a>.
@@ -992,12 +974,10 @@ visibility=Visibilidade do utilizador
 visibility.public=Pública
 visibility.public_tooltip=Visível para todos
 visibility.limited=Limitada
-visibility.limited_tooltip=Visível apenas para utilizadores autenticados
 visibility.private=Privada
 visibility.private_tooltip=Visível apenas para membros das organizações a que se associou
 
 [repo]
-new_repo_helper=Um repositório contém todos os ficheiros do trabalho, incluindo o histórico das revisões. Já tem um hospedado noutro sítio? <a href="%s">Migre o repositório</a>.
 owner=Proprietário(a)
 owner_helper=Algumas organizações podem não aparecer na lista suspensa devido a um limite máximo de contagem de repositórios.
 repo_name=Nome do repositório
@@ -1009,7 +989,6 @@ template_helper=Fazer do repositório um modelo
 template_description=Repositórios modelo permitem que os utilizadores gerem novos repositórios com a mesma estrutura de pastas, ficheiros e configurações opcionais.
 visibility=Visibilidade
 visibility_description=Somente o proprietário ou os membros da organização, se tiverem direitos, poderão vê-lo.
-visibility_helper=Tornar o repositório privado
 visibility_helper_forced=O administrador obriga a que os repositórios novos sejam privados.
 visibility_fork_helper=(alterar este parâmetro irá alterar também todas as derivações)
 clone_helper=Precisa de ajuda para clonar? Visite a <a target="_blank" rel="noopener noreferrer" href="%s">Ajuda</a>.
@@ -1062,8 +1041,6 @@ mirror_sync=sincronizado
 mirror_sync_on_commit=Sincronizar quando forem enviados cometimentos
 mirror_address=Clonar a partir do URL
 mirror_address_desc=Coloque, na secção de autorização, as credenciais que, eventualmente, sejam necessárias.
-mirror_address_url_invalid=O URL fornecido é inválido. Tem que codificar adequadamente todos os componentes do URL.
-mirror_address_protocol_invalid=O URL fornecido é inválido. Só se pode replicar a partir de endereços http(s):// ou git://.
 mirror_lfs=Armazenamento de Ficheiros Grandes (LFS)
 mirror_lfs_desc=Habilitar a réplica de dados LFS.
 mirror_lfs_endpoint=Destino LFS
@@ -1099,9 +1076,7 @@ tree_path_not_found_branch=A localização %[1]s não existe no ramo %[2]s
 tree_path_not_found_tag=A localização %[1]s não existe na etiqueta %[2]s
 
 transfer.accept=Aceitar transferência
-transfer.accept_desc=`Transferir para "%s"`
 transfer.reject=Rejeitar transferência
-transfer.reject_desc=`Cancelar transferência para "%s"`
 transfer.no_permission_to_accept=Você não tem permissão para aceitar esta transferência.
 transfer.no_permission_to_reject=Você não tem permissão para rejeitar esta transferência.
 
@@ -1123,8 +1098,6 @@ template.issue_labels=Rótulos das questões
 template.one_item=Tem que escolher pelo menos um item do modelo
 template.invalid=Tem que escolher um repositório modelo
 
-archive.title=Este repositório está arquivado. Pode ver os seus ficheiros e cloná-lo, mas não pode fazer envios para o repositório nem lançar questões ou fazer pedidos de integração.
-archive.title_date=Este repositório foi arquivado em %s. Pode ver os ficheiros e cloná-lo, mas não pode fazer envios ou abrir questões/pedidos de integração.
 archive.issue.nocomment=Este repositório está arquivado. Não pode comentar nas questões.
 archive.pull.nocomment=Este repositório está arquivado. Não pode comentar nos pedidos de integração.
 
@@ -1236,7 +1209,6 @@ releases=Lançamentos
 tag=Etiqueta
 released_this=lançou isto
 tagged_this=etiquetou isto
-file.title=%s em %s
 file_raw=Em bruto
 file_history=Histórico
 file_view_source=Ver código-fonte
@@ -1253,7 +1225,6 @@ ambiguous_runes_header=`Este ficheiro contém caracteres Unicode ambíguos`
 ambiguous_runes_description=`Este ficheiro contém caracteres Unicode que podem ser confundidos com outros caracteres. Se acha que é intencional, pode ignorar este aviso com segurança. Use o botão Revelar para os mostrar.`
 invisible_runes_line=`Esta linha tem caracteres unicode invisíveis`
 ambiguous_runes_line=`Esta linha tem caracteres unicode ambíguos`
-ambiguous_character=`%[1]c [U+%04[1]X] pode confundir-se com %[2]c [U+%04[2]X]`
 
 escape_control_characters=Revelar
 unescape_control_characters=Esconder
@@ -1414,7 +1385,6 @@ projects.column.new=Nova coluna
 projects.column.set_default=Tornar predefinida
 projects.column.set_default_desc=Definir esta coluna como a predefinida para questões e pedidos de integração não categorizados
 projects.column.delete=Eliminar coluna
-projects.column.deletion_desc=Eliminar uma coluna de um planeamento faz com que todas as questões que nela constam sejam movidas para a coluna 'Sem categoria'. Continuar?
 projects.column.color=Colorido
 projects.open=Abrir
 projects.close=Fechar
@@ -1496,7 +1466,6 @@ issues.delete_branch_at=`eliminou o ramo <b>%s</b> %s`
 issues.filter_label=Rótulo
 issues.filter_label_exclude=`Use <code>alt</code> + <code>clique/enter</code> para excluir rótulos`
 issues.filter_label_no_select=Todos os rótulos
-issues.filter_label_select_no_label=Sem rótulo
 issues.filter_milestone=Etapa
 issues.filter_milestone_all=Todas as etapas
 issues.filter_milestone_none=Sem etapas
@@ -1661,7 +1630,6 @@ issues.tracking_already_started=`Você já iniciou a contagem de tempo <a href="
 issues.stop_tracking=Parar cronómetro
 issues.stop_tracking_history=`parou de trabalhar %s`
 issues.cancel_tracking=Descartar
-issues.cancel_tracking_history=`cancelou a contagem de tempo %s`
 issues.add_time=Adicionar tempo manualmente
 issues.del_time=Eliminar este registo de tempo
 issues.add_time_short=Adicionar tempo
@@ -1824,12 +1792,6 @@ pulls.is_empty=As modificações feitas neste ramo já existem no ramo de destin
 pulls.required_status_check_failed=Algumas das verificações obrigatórias não foram bem sucedidas.
 pulls.required_status_check_missing=Estão faltando algumas verificações necessárias.
 pulls.required_status_check_administrator=Uma vez que é administrador, ainda pode realizar a integração deste pedido.
-pulls.blocked_by_approvals=Este pedido de integração ainda não tem aprovações suficientes. Já foram concedidas %d de um total de %d aprovações.
-pulls.blocked_by_rejection=Este pedido de integração tem modificações solicitadas por um revisor oficial.
-pulls.blocked_by_official_review_requests=Este pedido de integração tem pedidos de revisão oficiais.
-pulls.blocked_by_outdated_branch=Este pedido de integração foi bloqueado por ser obsoleto.
-pulls.blocked_by_changed_protected_files_1=Este pedido de integração está bloqueado porque modifica um ficheiro protegido:
-pulls.blocked_by_changed_protected_files_n=Este pedido de integração está bloqueado porque modifica ficheiros protegidos:
 pulls.can_auto_merge_desc=A integração constante neste pedido pode ser executada automaticamente.
 pulls.cannot_auto_merge_desc=A integração constante neste pedido não pode ser executada automaticamente porque existem conflitos.
 pulls.cannot_auto_merge_helper=Faça a integração manualmente para resolver os conflitos.
@@ -1866,9 +1828,7 @@ pulls.unrelated_histories=A integração falhou: O topo da integração e a base
 pulls.merge_out_of_date=Falhou a integração: Enquanto estava a gerar a integração, a base foi modificada. Dica: Tente de novo.
 pulls.head_out_of_date=Falhou a integração: Enquanto estava a gerar a integração, o topo foi modificado. Dica: Tente de novo.
 pulls.has_merged=Falhou: A integração constante do pedido foi executada, não pode integrar novamente nem modificar o ramo alvo.
-pulls.push_rejected=A integração falhou: O envio foi rejeitado. Reveja os Automatismos do Git neste repositório.
 pulls.push_rejected_summary=Mensagem completa de rejeição
-pulls.push_rejected_no_message=A integração falhou: O envio foi rejeitado mas não houve qualquer mensagem remota.<br>Reveja os Automatismos do Git para este repositório
 pulls.open_unmerged_pull_exists=`Não pode executar uma operação de reabertura porque há um pedido de integração pendente (#%d) com propriedades idênticas.`
 pulls.status_checking=Algumas verificações estão pendentes
 pulls.status_checks_success=Todas as verificações foram bem sucedidas
@@ -1924,7 +1884,6 @@ milestones.no_due_date=Sem data de vencimento
 milestones.open=Abrir
 milestones.close=Fechar
 milestones.new_subheader=As etapas podem ajudar organizar as questões e a acompanhar o seu progresso.
-milestones.completeness=%d%% concluído
 milestones.create=Criar etapa
 milestones.title=Título
 milestones.desc=Descrição
@@ -1995,7 +1954,6 @@ wiki.original_git_entry_tooltip=Ver o ficheiro Git original, ao invés de usar u
 activity=Trabalho
 activity.navbar.pulse=Pulso
 activity.navbar.code_frequency=Frequência de programação
-activity.navbar.contributors=Contribuidores
 activity.navbar.recent_commits=Cometimentos recentes
 activity.period.filter_label=Período:
 activity.period.daily=1 dia
@@ -2147,7 +2105,6 @@ settings.pulls.default_delete_branch_after_merge=Eliminar, por norma, o ramo do
 settings.pulls.default_allow_edits_from_maintainers=Permitir, por norma, que os responsáveis editem
 settings.releases_desc=Habilitar lançamentos no repositório
 settings.packages_desc=Habilitar o registo de pacotes do repositório
-settings.projects_desc=Habilitar planeamentos no repositório
 settings.projects_mode_desc=Modo de planeamentos (tipos de planeamentos a mostrar)
 settings.projects_mode_repo=Apenas planeamentos de repositórios
 settings.projects_mode_owner=Apenas planeamentos de utilizadores ou de organizações
@@ -2180,7 +2137,6 @@ settings.transfer.success=A transferência do repositório foi bem sucedida.
 settings.transfer.blocked_user=Não foi possível transferir o repositório porque foi bloqueado/a pelo/a novo/a proprietário/a.
 settings.transfer_abort=Cancelar a transferência
 settings.transfer_abort_invalid=Não pode cancelar a transferência de um repositório inexistente.
-settings.transfer_abort_success=A transferência de repositório para %s foi cancelada com sucesso.
 settings.transfer_desc=Transferir este repositório para um utilizador ou para uma organização na qual você tenha direitos de administrador.
 settings.transfer_form_title=Insira o nome do repositório para confirmar:
 settings.transfer_in_progress=Está a ser feita uma transferência. Cancele-a, por favor, se quiser transferir este repositório para outro utilizador.
@@ -2375,7 +2331,6 @@ settings.protected_branch.save_rule=Guardar regra
 settings.protected_branch.delete_rule=Eliminar regra
 settings.protected_branch_can_push=Permitir envios?
 settings.protected_branch_can_push_yes=Pode enviar
-settings.protected_branch_can_push_no=Não pode enviar
 settings.branch_protection=Regras de salvaguarda do ramo '<b>%s</b>'
 settings.protect_this_branch=Habilitar salvaguarda do ramo
 settings.protect_this_branch_desc=Impede a eliminação e restringe envios e integrações do Git no ramo.
@@ -2406,7 +2361,6 @@ settings.protect_merge_whitelist_teams=Equipas com permissão para executar inte
 settings.protect_check_status_contexts=Habilitar verificação de estado
 settings.protect_status_check_patterns=Padrões de verificação de estado:
 settings.protect_status_check_patterns_desc=Insira padrões para especificar que verificações de estado têm de passar antes que os ramos possam ser integrados num ramo correspondente a esta regra. Cada linha especifíca um padrão. Os padrões não podem estar em branco.
-settings.protect_check_status_contexts_desc=Exigir que as verificações de estado passem antes de ser aplicada a integração. Escolha quais as verificações de estado que têm de passar para que os ramos possam ser integrados num ramo que corresponda a esta regra. Quando habilitado, os cometimentos primeiro têm de ser enviados para outro ramo e depois integrados, ou então enviados imediatamente para um ramo que corresponda a esta regra, após terem passado as verificações de estado. Se não forem escolhidos quaisquer contextos, o último cometimento tem que ser bem sucedido, independentemente do contexto.
 settings.protect_check_status_contexts_list=Verificações de estado encontradas na última semana para este repositório
 settings.protect_status_check_matched=Correspondido
 settings.protect_invalid_status_check_pattern=Padrão de verificação de estado inválido: "%s".
@@ -2435,7 +2389,6 @@ settings.delete_protected_branch=Desabilitar salvaguarda
 settings.update_protect_branch_success=A salvaguarda do ramo "%s" foi modificada.
 settings.remove_protected_branch_success=A salvaguarda do ramo "%s" foi removida.
 settings.remove_protected_branch_failed=A remoção da regra "%s" de salvaguarda do ramo falhou.
-settings.protected_branch_deletion=Desabilitar salvaguarda do ramo
 settings.protected_branch_deletion_desc=Desabilitar a salvaguarda do ramo irá permitir que os utilizadores que tenham permissão de escrita enviem para o ramo. Quer continuar?
 settings.block_rejected_reviews=Bloquear a integração quando há revisões rejeitadas
 settings.block_rejected_reviews_desc=A integração não será possível quando as modificações forem pedidas pelos revisores oficiais, mesmo que haja aprovações suficientes.
@@ -2489,11 +2442,6 @@ settings.archive.error_ismirror=Não pode arquivar um repositório que tenha sid
 settings.archive.branchsettings_unavailable=As configurações dos ramos não estão disponíveis quando o repositório está arquivado.
 settings.archive.tagsettings_unavailable=As configurações sobre etiquetas não estão disponíveis quando o repositório está arquivado.
 settings.archive.mirrors_unavailable=As réplicas não estão disponíveis se o repositório estiver arquivado.
-settings.unarchive.button=Desarquivar repositório
-settings.unarchive.header=Desarquivar este repositório
-settings.unarchive.text=Desarquivar o repositório irá restaurar a capacidade de receber cometimentos e envios, assim como novas questões e pedidos de integração.
-settings.unarchive.success=O repositório foi desarquivado com sucesso.
-settings.unarchive.error=Ocorreu um erro enquanto decorria o processo de desarquivar o repositório. Veja os registos para obter mais detalhes.
 settings.update_avatar_success=O avatar do repositório foi modificado.
 settings.lfs=LFS
 settings.lfs_filelist=Ficheiros LFS armazenados neste repositório
@@ -2555,7 +2503,6 @@ diff.file_image_height=Altura
 diff.file_byte_size=Tamanho
 diff.file_suppressed=A apresentação das diferenças no ficheiro foi suprimida por ser demasiado grande
 diff.file_suppressed_line_too_long=A apresentação das diferenças entre ficheiros foi suprimida porque há linhas demasiado longas
-diff.too_many_files=Alguns ficheiros não foram mostrados porque foram modificados demasiados ficheiros neste diff
 diff.show_more=Mostrar mais
 diff.load=Carregar diff
 diff.generated=gerado
@@ -2676,7 +2623,6 @@ tag.create_success=A etiqueta "%s" foi criada.
 
 topic.manage_topics=Gerir tópicos
 topic.done=Concluído
-topic.count_prompt=Não pode escolher mais do que 25 tópicos
 topic.format_prompt=Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') ou pontos ('.') e podem ter até 35 caracteres. As letras têm que ser minúsculas.
 
 find_file.go_to_file=Ir para o ficheiro
@@ -2816,7 +2762,6 @@ teams.all_repositories_helper=A equipa tem acesso a todos os repositórios. Esco
 teams.all_repositories_read_permission_desc=Esta equipa atribui o acesso de <strong>leitura</strong> a <strong>todos os repositórios</strong>: os seus membros podem ver e clonar os repositórios.
 teams.all_repositories_write_permission_desc=Esta equipa atribui o acesso de <strong>escrita</strong> a <strong>todos os repositórios</strong>: os seus membros podem ler de, e enviar para os repositórios.
 teams.all_repositories_admin_permission_desc=Esta equipa atribui o acesso de <strong>administração</strong> a <strong>todos os repositórios</strong>: os seus membros podem ler de, enviar para, e adicionar colaboradores aos repositórios.
-teams.invite.title=Foi-lhe feito um convite para se juntar à equipa <strong>%s</strong> na organização<strong>%s</strong>.
 teams.invite.by=Convidado(a) por %s
 teams.invite.description=Clique no botão abaixo para se juntar à equipa.
 
@@ -2854,7 +2799,6 @@ dashboard.clean_unbind_oauth=Limpar conexões OAuth não vinculadas
 dashboard.clean_unbind_oauth_success=Todas as conexões OAuth não vinculadas foram eliminadas.
 dashboard.task.started=Tarefa iniciada: %[1]s
 dashboard.task.process=Tarefa: %[1]s
-dashboard.task.cancelled=Tarefa: %[1]s cancelada: %[3]s
 dashboard.task.error=Erro na tarefa: %[1]s: %[3]s
 dashboard.task.finished=Tarefa: %[1]s iniciada por %[2]s foi concluída
 dashboard.task.unknown=Tarefa desconhecida: %[1]s
@@ -2998,7 +2942,6 @@ emails.updated=Email modificado
 emails.not_updated=Falhou a modificação do endereço de email solicitado: %v
 emails.duplicate_active=Este endereço de email já está a ser usado por outro utilizador.
 emails.change_email_header=Modificar propriedades do email
-emails.change_email_text=Tem a certeza que quer modificar este endereço de email?
 emails.delete=Eliminar email
 emails.delete_desc=Tem a certeza que quer eliminar este endereço de email?
 emails.deletion_success=O endereço de email foi eliminado.
@@ -3312,7 +3255,6 @@ monitor.next=Próxima execução
 monitor.previous=Execução anterior
 monitor.execute_times=Execuções
 monitor.process=Processos em execução
-monitor.stacktrace=Vestígios da pilha
 monitor.processes_count=%d processos
 monitor.download_diagnosis_report=Descarregar relatório de diagnóstico
 monitor.desc=Descrição
@@ -3320,8 +3262,6 @@ monitor.start=Início
 monitor.execute_time=Tempo de execução
 monitor.last_execution_result=Resultado
 monitor.process.cancel=Cancelar processo
-monitor.process.cancel_desc=Cancelar um processo pode resultar na perda de dados
-monitor.process.cancel_notices=Cancelar: <strong>%s</strong>?
 monitor.process.children=Descendentes
 
 monitor.queues=Filas
@@ -3423,7 +3363,6 @@ raw_minutes=minutos
 
 [dropzone]
 default_message=Largue os ficheiros aqui ou clique aqui para os carregar.
-invalid_input_type=Não pode carregar ficheiros deste tipo.
 file_too_big=O tamanho do ficheiro ({{filesize}} MB) excede o tamanho máximo de ({{maxFilesize}} MB).
 remove_file=Remover ficheiro
 
@@ -3571,7 +3510,6 @@ settings.link=Vincular este pacote a um repositório
 settings.link.description=Se você vincular um pacote a um repositório, o pacote será listado na lista de pacotes do repositório.
 settings.link.select=Escolha o repositório
 settings.link.button=Modificar vínculo ao repositório
-settings.link.success=O vínculo ao repositório foi modificado com sucesso.
 settings.link.error=Falhou a modificação do vínculo ao repositório.
 settings.delete=Eliminar pacote
 settings.delete.description=Eliminar o pacote é permanente e não pode ser desfeito.
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 27761374267..c426e41b208 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -193,7 +193,6 @@ app_desc=Удобный сервис собственного хостинга 
 install=Простой в установке
 install_desc=Просто <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">запустите исполняемый файл</a> для вашей платформы, разверните через <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, или установите <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">с помощью менеджера пакетов</a>.
 platform=Кроссплатформенный
-platform_desc=Gitea работает на любой платформе, поддерживаемой <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a>: Windows, macOS, Linux, ARM и т. д. Выбирайте, что вам больше нравится!
 lightweight=Легковесный
 lightweight_desc=Gitea имеет низкие системные требования и может работать на недорогом Raspberry Pi. Экономьте энергию вашей машины!
 license=Открытый исходный код
@@ -617,11 +616,9 @@ applications=Приложения
 orgs=Управление организациями
 repos=Репозитории
 delete=Удалить аккаунт
-twofa=Двухфакторная аутентификация
 account_link=Привязанные аккаунты
 organization=Организации
 uid=UID
-webauthn=Ключи безопасности
 
 public_profile=Открытый профиль
 biography_placeholder=Расскажите немного о себе! (Можно использовать Markdown)
@@ -850,22 +847,18 @@ revoke_oauth2_grant=Отозвать доступ
 revoke_oauth2_grant_description=Отзыв доступа у этого стороннего приложения не позволит ему получать доступ к вашим данным. Вы уверены?
 revoke_oauth2_grant_success=Доступ был успешно отозван.
 
-twofa_desc=Двухфакторная аутентификация повышает уровень безопасности вашей учётной записи.
 twofa_recovery_tip=В случае утраты устройства можно использовать одноразовый ключ восстановления для получения доступа к учётной записи.
 twofa_is_enrolled=Ваша учётная запись в настоящее время <strong>использует</strong> двухфакторную аутентификацию.
 twofa_not_enrolled=Ваша учётная запись в настоящее время не использует двухфакторную аутентификацию.
 twofa_disable=Отключить двухфакторную аутентификацию
-twofa_scratch_token_regenerate=Пересоздать scratch-токен
 twofa_enroll=Включить двухфакторную аутентификацию
 twofa_disable_note=При необходимости можно отключить двухфакторную аутентификацию.
 twofa_disable_desc=Отключение двухфакторной аутентификации сделает ваш аккаунт менее безопасным. Продолжить?
-regenerate_scratch_token_desc=Если вы потеряли свой scratch-токен или уже использовали его для входа, вы можете сбросить его здесь.
 twofa_disabled=Двухфакторная аутентификация выключена.
 scan_this_image=Отсканируйте это изображение вашим приложением для двухфакторной аутентификации:
 or_enter_secret=Или введите кодовое слово: %s
 then_enter_passcode=И введите пароль, показанный в приложении:
 passcode_invalid=Неверный пароль. попробуйте снова.
-twofa_enrolled=Для вашего аккаунта была включена двухфакторная аутентификация. Сохраните ваш scratch-токен (%s), он будет показан только один раз!
 twofa_failed_get_secret=Не удалось получить ключ.
 
 webauthn_desc=Ключи безопасности - это аппаратные устройства, содержащие криптографические ключи. Они могут использоваться для двухфакторной аутентификации. Ключи безопасности должны поддерживать стандарт <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a>.
@@ -998,9 +991,7 @@ tree_path_not_found_commit=Путь %[1]s не существует в комм
 tree_path_not_found_branch=Путь %[1]s не существует в ветке %[2]s
 
 transfer.accept=Принять трансфер
-transfer.accept_desc=Переместить в «%s»
 transfer.reject=Отказаться от перемещения
-transfer.reject_desc=Отменить перемещение в «%s»
 
 desc.private=Приватный
 desc.public=Публичный
@@ -1128,7 +1119,6 @@ releases=Релизы
 tag=Тег
 released_this=выпустил(-а) это
 tagged_this=добавил(а) тег
-file.title=%s в %s
 file_raw=Исходник
 file_history=История
 file_view_source=Просмотреть исходный код
@@ -1140,7 +1130,6 @@ invisible_runes_header=`Этот файл содержит невидимые с
 ambiguous_runes_header=`Этот файл содержит неоднозначные символы Юникода`
 invisible_runes_line=`В этой строке есть невидимые символы Юникода`
 ambiguous_runes_line=`В этой строке есть неоднозначные символы Юникода`
-ambiguous_character=`%[1]c [U+%04[1]X] можно спутать с %[2]c [U+%04[2]X]`
 
 escape_control_characters=Экранировать
 unescape_control_characters=Убрать экранирование
@@ -1721,9 +1710,7 @@ pulls.rebase_conflict_summary=Сообщение об ошибке
 pulls.unrelated_histories=Слияние не удалось: У источника и цели слияния нет общей истории. Совет: попробуйте другую стратегию
 pulls.merge_out_of_date=Ошибка слияния: при создании слияния база данных была обновлена. Подсказка: попробуйте ещё раз.
 pulls.head_out_of_date=Ошибка слияния: во время слияния головной коммит был обновлён. Попробуйте ещё раз.
-pulls.push_rejected=Слияние не удалось: отправка была отклонена. Проверьте Git-хуки для этого репозитория.
 pulls.push_rejected_summary=Полная ошибка отклонения
-pulls.push_rejected_no_message=Слияние не удалось: отправка была отклонена, но сервер не указал причину.<br>Проверьте Git-хуки для этого репозитория
 pulls.open_unmerged_pull_exists=`Вы не можете снова открыть, поскольку уже существует запрос на слияние (#%d) из того же репозитория с той же информацией о слиянии и ожидающий слияния.`
 pulls.status_checking=Выполняются некоторые проверки
 pulls.status_checks_success=Все проверки выполнены успешно
@@ -1773,7 +1760,6 @@ milestones.update_ago=Обновлено %s
 milestones.no_due_date=Срок не указан
 milestones.open=Открыть
 milestones.close=Закрыть
-milestones.completeness=%d%% выполнено
 milestones.create=Создать этап
 milestones.title=Заголовок
 milestones.desc=Описание
@@ -1980,7 +1966,6 @@ settings.pulls.default_delete_branch_after_merge=Удалить ветку за
 settings.pulls.default_allow_edits_from_maintainers=По умолчанию разрешать редактирование сопровождающими
 settings.releases_desc=Включить релизы
 settings.packages_desc=Включить реестр пакетов
-settings.projects_desc=Включить проекты репозитория
 settings.projects_mode_all=Все проекты
 settings.actions_desc=Включить действия репозитория
 settings.admin_settings=Настройки администратора
@@ -2193,14 +2178,11 @@ settings.add_key_success=Ключ развёртывания «%s» добавл
 settings.deploy_key_deletion=Удалить ключ развёртывания
 settings.deploy_key_deletion_desc=Удаление ключа развёртывания сделает невозможным доступ к репозиторию с его помощью. Вы уверены?
 settings.deploy_key_deletion_success=Ключ развёртывания удалён.
-settings.branches=Ветки
-settings.protected_branch=Защита веток
 settings.protected_branch.save_rule=Сохранить правило
 settings.protected_branch.delete_rule=Удалить правило
 settings.protected_branch_can_push=Разрешить отправку?
 settings.protected_branch_can_push_yes=Вы можете выполнять отправку
 settings.protected_branch_can_push_no=Вы не можете выполнять отправку
-settings.branch_protection=Защита ветки <b>%s</b>
 settings.protect_this_branch=Защитить эту ветку
 settings.protect_this_branch_desc=Предотвращает удаление, ограничивает Push и слияние Git в ветку.
 settings.protect_disable_push=Отключить отправку
@@ -2212,7 +2194,6 @@ settings.protect_enable_merge_desc=Все, у кого есть доступ н
 settings.protect_check_status_contexts=Включить проверку статуса
 settings.protect_status_check_patterns=Шаблоны проверки состояния:
 settings.protect_status_check_patterns_desc=Добавьте шаблоны, чтобы указать, какие проверки состояния должны быть пройдены, прежде чем ветви могут быть объединены в ветвь, соответствующую этому правилу. В каждой строке указывается шаблон. Шаблоны не могут быть пустыми.
-settings.protect_check_status_contexts_desc=Требуется пройти проверку состояния перед слиянием. Выберите, какие проверки состояния должны быть пройдены, прежде чем ветви можно будет объединить в ветвь, соответствующую этому правилу. Если этот параметр включен, коммиты сначала должны быть перемещены в другую ветвь, а затем объединены или перемещены непосредственно в ветвь, соответствующую этому правилу, после прохождения проверки состояния. Если контексты не выбраны, то последняя фиксация должна быть успешной независимо от контекста.
 settings.protect_check_status_contexts_list=Проверки состояния за последнюю неделю для этого репозитория
 settings.protect_status_check_matched=Совпало
 settings.protect_invalid_status_check_pattern=Неверный шаблон проверки состояния: «%s».
@@ -2230,12 +2211,9 @@ settings.protect_protected_file_patterns=Шаблоны защищённых ф
 settings.protect_protected_file_patterns_desc=Защищенные файлы нельзя изменить напрямую, даже если пользователь имеет право добавлять, редактировать или удалять файлы в этой ветке. Можно указать несколько шаблонов, разделяя их точкой с запятой (';'). О синтаксисе шаблонов читайте в документации <a href='https://godoc.org/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a>. Примеры: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Шаблоны незащищённых файлов (разделённые точкой с запятой ';'):
 settings.protect_unprotected_file_patterns_desc=Незащищенные файлы, которые допускается изменять напрямую, если пользователь имеет право на запись, несмотря на ограничение отправки изменений. Можно указать несколько шаблонов, разделяя их точкой с запятой (';'). О синтаксисе шаблонов читайте в документации <a href='https://godoc.org/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a>. Примеры: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
-settings.add_protected_branch=Включить защиту
-settings.delete_protected_branch=Отключить защиту
 settings.update_protect_branch_success=Защита веток по правилу «%s» изменена.
 settings.remove_protected_branch_success=Защита веток по правилу «%s» удалена.
 settings.remove_protected_branch_failed=Не удалось удалить правило защиты веток «%s».
-settings.protected_branch_deletion=Отключение защиты ветки
 settings.protected_branch_deletion_desc=Любой пользователь с разрешениями на запись сможет выполнять push в эту ветку. Вы уверены?
 settings.block_rejected_reviews=Блокировка слияния по отклоненным отзывам
 settings.block_rejected_reviews_desc=Слияние будет невозможно, если официальными рецензентами будут запрошены изменения, даже если имеется достаточное количество одобрений.
@@ -2245,7 +2223,6 @@ settings.block_outdated_branch=Блокировать слияние, если 
 settings.block_outdated_branch_desc=Слияние будет невозможно, если головная ветвь находится позади базовой ветви.
 settings.default_branch_desc=Главная ветка является "базовой" для вашего репозитория, на которую по умолчанию направлены все запросы на слияние и которая является лицом вашего репозитория. Первое, что увидит посетитель — это содержимое главной ветки. Выберите её из уже существующих:
 settings.merge_style_desc=Стили слияния
-settings.default_merge_style_desc=Стиль слияния по умолчанию:
 settings.choose_branch=Выберите ветку…
 settings.no_protected_branch=Нет защищённых веток.
 settings.edit_protected_branch=Редактировать
@@ -3049,7 +3026,6 @@ monitor.next=Следующий раз
 monitor.previous=Предыдущий раз
 monitor.execute_times=Количество выполнений
 monitor.process=Запущенные процессы
-monitor.stacktrace=Трассировки стека
 monitor.processes_count=%d процессов
 monitor.download_diagnosis_report=Скачать диагностический отчёт
 monitor.desc=Описание
@@ -3057,8 +3033,6 @@ monitor.start=Время начала
 monitor.execute_time=Время выполнения
 monitor.last_execution_result=Результат
 monitor.process.cancel=Отменить процесс
-monitor.process.cancel_desc=Отмена процесса может привести к потере данных
-monitor.process.cancel_notices=Отменить: <strong>%s</strong>?
 monitor.process.children=Потомки
 
 monitor.queues=Очереди
@@ -3150,8 +3124,6 @@ raw_minutes=минут
 
 [dropzone]
 default_message=Перетащите файл или кликните сюда для загрузки.
-invalid_input_type=Вы не можете загружать файлы этого типа.
-file_too_big=Размер файла ({{filesize}} МБ) больше чем максимальный размер ({{maxFilesize}} МБ).
 remove_file=Удалить файл
 
 [notification]
@@ -3219,7 +3191,6 @@ alpine.registry.key=Загрузите публичный ключ RSA реес
 alpine.registry.info=Выберите $branch и $repository из списка ниже.
 alpine.install=Чтобы установить пакет, выполните следующую команду:
 alpine.repository=О репозитории
-alpine.repository.branches=Ветки
 alpine.repository.repositories=Репозитории
 alpine.repository.architectures=Архитектуры
 cargo.registry=Настройте этот реестр в файле конфигурации Cargo (например, <code>~/.cargo/config.toml</code>):
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index a6e1ae20ccb..35dd4607bfa 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -124,7 +124,6 @@ missing_csrf=නරක ඉල්ලීම: CSRF ටෝකන් නොමැත
 app_desc=වේදනාකාරී, ස්වයං-සත්කාරක Git සේවාවක්
 install=ස්ථාපනයට පහසුය
 platform=හරස් වේදිකාව
-platform_desc=Gitea ඕනෑම තැනක ධාවනය <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> සඳහා සම්පාදනය කළ හැකිය: වින්ඩෝස්, මැකෝස්, ලිනක්ස්, ARM, ආදිය ඔබ ආදරය කරන එකක් තෝරන්න!
 lightweight=සැහැල්ලු
 lightweight_desc=Gitea අඩු අවම අවශ්යතා ඇති අතර මිල අඩු Raspberry Pi මත ධාවනය කළ හැකිය. ඔබේ යන්ත්ර ශක්තිය සුරකින්න!
 license=විවෘත මූලාශ්‍ර
@@ -478,7 +477,6 @@ applications=යෙදුම්
 orgs=සංවිධාන කළමනාකරණය
 repos=කෝෂ්ඨ
 delete=ගිණුම මකන්න
-twofa=ද්වි-සාධක සත්යාපනය
 account_link=සම්බන්ධිත ගිණුම්
 organization=සංවිධාන
 
@@ -649,21 +647,17 @@ revoke_key=අවලංගු
 revoke_oauth2_grant=ප්රවේශ අවලංගු
 revoke_oauth2_grant_description=මෙම තෙවන පාර්ශවීය යෙදුම සඳහා ප්රවේශය අවලංගු කිරීමෙන් මෙම යෙදුම ඔබගේ දත්ත වෙත ප්රවේශ වීම වළක්වනු ඇත. ඔබට විශ්වාසද?
 
-twofa_desc=ද්වි-සාධක සත්යාපනය ඔබගේ ගිණුමේ ආරක්ෂාව වැඩි කරයි.
 twofa_is_enrolled=ඔබගේ ගිණුම දැනට <strong>සාධක දෙකක සත්යාපනය තුළ</strong> ලියාපදිංචි කර ඇත.
 twofa_not_enrolled=ඔබගේ ගිණුම දැනට සාධක දෙකක සත්යාපනය තුළ ලියාපදිංචි වී නොමැත.
 twofa_disable=ද්වි-සාධක සත්යාපනය අක්රීය කරන්න
-twofa_scratch_token_regenerate=ළමය ටෝකනය ප්රතිජනනය
 twofa_enroll=ද්වි-සාධක සත්යාපන බවට ඇතුල්
 twofa_disable_note=අවශ්ය නම් ඔබට ද්වි-සාධක සත්යාපනය අක්රිය කළ හැකිය.
 twofa_disable_desc=ද්වි-සාධක සත්යාපනය අක්රීය කිරීමෙන් ඔබගේ ගිණුම අඩු ආරක්ෂිත වනු ඇත. දිගටම?
-regenerate_scratch_token_desc=ඔබ ඔබේ සීරීම් ටෝකනය අස්ථානගත කර ඇත්නම් හෝ දැනටමත් ලියාපදිංචි වීමට එය භාවිතා කර ඇත්නම් ඔබට එය මෙහි නැවත සකස් කළ හැකිය.
 twofa_disabled=ද්වි-සාධක සත්යාපනය අක්රීය කර ඇත.
 scan_this_image=ඔබගේ සත්යාපන යෙදුම සමඟ මෙම රූපය පරිලෝකනය කරන්න:
 or_enter_secret=නැතහොත් රහස ඇතුල් කරන්න: %s
 then_enter_passcode=යෙදුමේ දැක්වෙන මුරකේතය ඇතුළත් කරන්න:
 passcode_invalid=මුරකේතය වැරදිය. නැවත උත්සාහ කරන්න.
-twofa_enrolled=ඔබගේ ගිණුම සාධක දෙකක සත්යාපනය බවට පත් කර ඇත. එක් වරක් පමණක් පෙන්වන පරිදි ඔබේ සීරීම් ටෝකනය (%s) ආරක්ෂිත ස්ථානයක ගබඩා කරන්න!
 twofa_failed_get_secret=රහස්ය වීමට අසමත් විය.
 
 
@@ -773,7 +767,6 @@ blame_prior=මෙම වෙනසට පෙර දොස් බලන්න
 
 
 transfer.accept=මාරු කිරීම පිළිගන්න
-transfer.accept_desc=`"%s" වෙත මාරු කරන්න`
 
 desc.private=පෞද්ගලික
 desc.public=ප්‍රසිද්ධ
@@ -871,7 +864,6 @@ release=නිකුතුව
 releases=නිකුතු
 tag=ටැග
 released_this=මෙය නිකුත් කරන ලදි
-file.title=%s දී %s
 file_raw=අමු
 file_history=ඉතිහාසය
 file_view_source=මූලාශ්‍රය දකින්න
@@ -1338,7 +1330,6 @@ milestones.closed=%s වසා ඇත
 milestones.no_due_date=නියමිත දිනයක් නැත
 milestones.open=විවෘත
 milestones.close=වසන්න
-milestones.completeness=%d% සම්පූර්ණ කරන ලදි
 milestones.create=සන්ධිස්ථානයක් සාදන්න
 milestones.title=සිරැසිය
 milestones.desc=සවිස්තරය
@@ -1501,7 +1492,6 @@ settings.pulls_desc=ගබඩාවක් අදින්න ඉල්ලීම
 settings.pulls.ignore_whitespace=ගැටුම් සඳහා වයිට්ස්පේස් නොසලකා හරින්න
 settings.pulls.enable_autodetect_manual_merge=ස්වයංක්රීය හඳුනාගැනීමේ අත්පොත ඒකාබද්ධ කිරීම සක්රීය කරන්න (සටහන: සමහර විශේෂ අවස්ථා වලදී වැරදි විනිශ්චයන් සිදුවිය හැක)
 settings.pulls.default_delete_branch_after_merge=පෙරනිමියෙන් ඒකාබද්ධ කිරීමෙන් පසු අදින්න ඉල්ලීම ශාඛාව මකන්න
-settings.projects_desc=ගබඩාවන ව්යාපෘති සක්රීය කරන්න
 settings.admin_settings=පරිපාලක සැකසුම්
 settings.admin_enable_health_check=ගබඩාවක් සෞඛ්ය චෙක්පත් සක්රීය කරන්න (git fsck)
 settings.admin_enable_close_issues_via_commit_in_any_branch=පෙරනිමි නොවන ශාඛාවකින් සිදු කරන ලද කැපවීමක් හරහා ගැටළුවක් වසන්න
@@ -1676,8 +1666,6 @@ settings.branches=ශාඛා
 settings.protected_branch=ශාඛා ආරක්ෂාව
 settings.protected_branch_can_push=තල්ලුව ඉඩ?
 settings.protected_branch_can_push_yes=ඔබට තල්ලු කළ හැකිය
-settings.protected_branch_can_push_no=ඔබට තල්ලු කළ නොහැක
-settings.branch_protection=ශාඛාව සඳහා ශාඛා ආරක්ෂාව -<b>%s</b>
 settings.protect_this_branch=ශාඛා ආරක්ෂාව සක්රීය කරන්න
 settings.protect_this_branch_desc=මකාදැමීම වැළැක්වීම සහ ශාඛා වෙත තල්ලු කිරීම සහ ඒකාබද්ධ කිරීම සීමා කරයි.
 settings.protect_disable_push=තල්ලුව අක්රීය
@@ -1685,7 +1673,6 @@ settings.protect_disable_push_desc=මෙම ශාඛාවට තල්ලු
 settings.protect_enable_push=තල්ලුව සක්රීය කරන්න
 settings.protect_enable_push_desc=ලිවීමේ ප්රවේශය ඇති ඕනෑම කෙනෙකුට මෙම ශාඛාවට තල්ලු කිරීමට ඉඩ දෙනු ඇත (නමුත් බල තල්ලුව නොවේ).
 settings.protect_check_status_contexts=තත්වය පරීක්‍ෂාව සබල කරන්න
-settings.protect_check_status_contexts_desc=ඒකාබද්ධ කිරීමට පෙර සම්මත කිරීම සඳහා තත්ව චෙක්පත් අවශ්ය වේ. මෙම රීතියට ගැලපෙන ශාඛාවකට ශාඛා ඒකාබද්ධ කිරීමට පෙර කුමන තත්ත්ව චෙක්පත් සමත් විය යුතුද යන්න තෝරන්න. සක්රීය කරන විට, සංක්රමණ පළමුව වෙනත් ශාඛාවකට තල්ලු කළ යුතුය, පසුව තත්ව පරීක්ෂාවන් සම්මත වූ පසු මෙම රීතියට ගැලපෙන ශාඛාවකට කෙලින්ම තල්ලු කළ යුතුය. සන්දර්භයන් තෝරා නොගන්නේ නම්, සන්දර්භය නොසලකා අවසාන කැප කිරීම සාර්ථක විය යුතුය.
 settings.protect_check_status_contexts_list=මෙම ගබඩාව සඳහා පසුගිය සතියේ හමු වූ තත්ව පරීක්ෂාවන්
 settings.protect_required_approvals=අවශ්ය අනුමැතිය:
 settings.protect_required_approvals_desc=ප්රමාණවත් ධනාත්මක සමාලෝචන සමඟ අදින්න ඉල්ලීම ඒකාබද්ධ කිරීමට පමණක් ඉඩ දෙන්න.
@@ -1695,7 +1682,6 @@ settings.require_signed_commits=අත්සන් කළ යුතු
 settings.require_signed_commits_desc=අත්සන් නොකළ හෝ සත්යාපනය කළ නොහැකි නම් මෙම ශාඛාවට තල්ලු කිරීම ප්රතික්ෂේප කරන්න.
 settings.add_protected_branch=ආරක්ෂාව සක්රීය කරන්න
 settings.delete_protected_branch=ආරක්ෂාව අක්‍රීය කරන්න
-settings.protected_branch_deletion=ශාඛා ආරක්ෂණය අක්රීය කරන්න
 settings.protected_branch_deletion_desc=ශාඛා ආරක්ෂාව අක්රිය කිරීමෙන් පරිශීලකයින්ට ශාඛාවට තල්ලු කිරීමට ලිඛිත අවසරයක් ඇත. දිගටම?
 settings.block_rejected_reviews=ප්රතික්ෂේප කරන ලද සමාලෝචන මත ඒකාබද්ධ කිරීම
 settings.block_rejected_reviews_desc=නිල විචාරකයින් විසින් වෙනස්කම් ඉල්ලා සිටින විට, ප්රමාණවත් අනුමැතීන් තිබුණත් ඒකාබද්ධ කිරීම කළ නොහැකි වනු ඇත.
@@ -1704,7 +1690,6 @@ settings.block_on_official_review_requests_desc=නිල සමාලෝචන
 settings.block_outdated_branch=අදින්න ඉල්ලීම යල් පැන ගිය නම් වාරණ ඒකාබද්ධ
 settings.block_outdated_branch_desc=ප්රධාන ශාඛාව මූලික ශාඛාව පිටුපස ඇති විට ඒකාබද්ධ කිරීම කළ නොහැකි වනු ඇත.
 settings.default_branch_desc=අදින්න ඉල්ලීම් සහ කේත විවරණය සඳහා පෙරනිමි ගබඩාවේ ශාඛාවක් තෝරන්න:
-settings.default_merge_style_desc=අදින්න ඉල්ලීම් සඳහා පෙරනිමි ඒකාබද්ධ ශෛලිය:
 settings.choose_branch=ශාඛාවක් තෝරන්න…
 settings.no_protected_branch=ආරක්ෂිත ශාඛා නොමැත.
 settings.edit_protected_branch=සංස්කරණය
@@ -1870,7 +1855,6 @@ tag.create_tag=ටැගය නිර්මාණය <strong>%s</strong>
 
 topic.manage_topics=මාතෘකා කළමනාකරණය
 topic.done=සිදු
-topic.count_prompt=ඔබට 25 මාතෘකා වලට වඩා තෝරා ගත නොහැක
 
 
 error.csv.too_large=එය ඉතා විශාල නිසා මෙම ගොනුව විදැහුම්කරණය කළ නොහැක.
@@ -2387,8 +2371,6 @@ monitor.desc=සවිස්තරය
 monitor.start=ආරම්භක වේලාව
 monitor.execute_time=ක්රියාත්මක කිරීමේ වේලාව
 monitor.process.cancel=ක්රියාවලිය අවලංගු කරන්න
-monitor.process.cancel_desc=ක්රියාවලියක් අවලංගු කිරීම දත්ත අහිමි වීමට හේතු විය හැක
-monitor.process.cancel_notices=<strong>%s</strong>: අවලංගු කරන්නද?
 
 monitor.queues=පෝලිම්
 monitor.queue=පෝලිම: %s
diff --git a/options/locale/locale_sk-SK.ini b/options/locale/locale_sk-SK.ini
index 3b9c02c7c87..ecaf935577c 100644
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@@ -192,7 +192,6 @@ app_desc=Jednoducho prístupný vlastný Git
 install=Jednoduchá inštalácia
 install_desc=Jednoducho <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">spustite binárku</a> pre vašu platformu, pošlite ju ako <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, alebo ju získajte <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">ako balíček</a>.
 platform=Multiplatformový
-platform_desc=Gitea beží všade kde je možné preložiť <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a>: Windows, macOS, Linux, ARM, a podobne. Vyberte si!
 lightweight=Ľahká
 lightweight_desc=Gitea má minimálne požiadavky a môže bežať na Raspberry Pi. Šetrite energiou vášho stroja!
 license=Otvorený zdrojový kód
@@ -585,10 +584,8 @@ applications=Aplikácie
 orgs=Spravovať organizácie
 repos=Repozitáre
 delete=Zmazať účet
-twofa=Dvojfaktorové overenie
 account_link=Prepojené účty
 organization=Organizácie
-webauthn=Bezpečnostné kľúče
 
 public_profile=Verejný profil
 password_username_disabled=Externí používatelia nemôžu meniť svoje používateľské meno. Kontaktujte, prosím, svojho administrátora kvôli detailom.
@@ -775,21 +772,17 @@ revoke_key=Odvolať
 revoke_oauth2_grant=Odstrániť prístup
 revoke_oauth2_grant_description=Zrušenie prístupu tejto aplikáciu tretej strany zabráni tejto aplikácii v prístupe k vašim údajom. Ste si istý?
 
-twofa_desc=Dvojstupňové overenie pridá ďalšiu vrstvu bezpečnosti k vášmu účtu.
 twofa_is_enrolled=Váš účet je momentálne <strong>používa</strong> dvojfaktorovú autentifikáciu.
 twofa_not_enrolled=Váš účet momentálne nepoužíva dvojfaktorovú autentifikáciu.
 twofa_disable=Vypnúť dvojfaktorovú autentifikáciu
-twofa_scratch_token_regenerate=Obnoviť token
 twofa_enroll=Povoliť dvojfaktorové overovanie
 twofa_disable_note=V prípade potreby môžete zakázať dvojfaktorové overenie.
 twofa_disable_desc=Vypnutím dvojfaktorovej autentifikácie bude váš účet menej bezpečný. Ďalej?
-regenerate_scratch_token_desc=Ak ste svoj token nesprávne umiestnili alebo ste ho už použili na prihlásenie, môžete ho resetovať tu.
 twofa_disabled=Dvojfaktorové overovanie bolo vypnuté.
 scan_this_image=Naskenujte tento obrázok pomocou overovacej aplikácie:
 or_enter_secret=Alebo zadajte tajný kód: %s
 then_enter_passcode=A zadajte prístupový kód zobrazený v aplikácii:
 passcode_invalid=Prístupový kód je nesprávny. Skúste to znova.
-twofa_enrolled=Váš účet bol zaregistrovaný do dvojfaktorovej autentifikácie. Uložte si token (%s) na bezpečnom mieste, pretože sa zobrazuje iba raz!
 twofa_failed_get_secret=Nepodarilo sa získať tajomstvo.
 
 webauthn_desc=Bezpečnostné kľúče sú hardvérové ​​zariadenia obsahujúce kryptografické kľúče. Môžu byť použité na dvojfaktorovú autentifikáciu. Bezpečnostné kľúče musia podporovať štandard <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a>.
@@ -894,9 +887,7 @@ delete_preexisting_success=Vymazané neprijaté súbory v %s
 
 
 transfer.accept=Prijať prevod
-transfer.accept_desc=`Previesť do "%s"`
 transfer.reject=Odmietnuť prevod
-transfer.reject_desc=`Zrušiť prevod do "%s"`
 
 desc.private=Súkromný
 desc.public=Verejný
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 11f5ed79fbf..4f7f10804f0 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -113,7 +113,6 @@ filter.private=Privat
 app_desc=En smidig, självhostad Git-tjänst
 install=Lätt att installera
 platform=Plattformsoberoende
-platform_desc=Gitea kan köra överallt där <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> kan kompileras: Windows, macOS, Linux, ARM, etc. Välj den du gillar!
 lightweight=Lättviktig
 lightweight_desc=Gitea har låga minimum-krav och kan köras på en billig Rasperry Pi. Spara på din maskins kraft!
 license=Öppen källkod
@@ -416,7 +415,6 @@ applications=Applikationer
 orgs=Hantera Organisationer
 repos=Utvecklingskataloger
 delete=Radera konto
-twofa=Tvåfaktorsautentisering
 account_link=Länkade Konton
 organization=Organisationer
 
@@ -560,21 +558,17 @@ revoke_key=Upphäv
 revoke_oauth2_grant=Upphäv åtkomst
 revoke_oauth2_grant_description=Återkallning av åtkomst för detta tredjepartsprogram kommer att hindra programmet från att komma åt dina data. Är du säker?
 
-twofa_desc=Tvåfaktorsautentisering förbättrar säkerheten på ditt konto.
 twofa_is_enrolled=Ditt konto är för närvarande <strong>uppsäkrad</strong> med tvåfaktorsautentisering.
 twofa_not_enrolled=Ditt konto är för närvarande inte uppsäkrad med tvåfaktorsautentisering.
 twofa_disable=Inaktivera tvåfaktorsautentisering
-twofa_scratch_token_regenerate=Generera ny skrapkod
 twofa_enroll=Aktivera tvåfaktorsautentisering
 twofa_disable_note=Du kan inaktivera tvåfaktorsautentisering om det behövs.
 twofa_disable_desc=Avaktivering av tvåfaktorsautentisering kommer göra ditt konto mindre säkert. Vill du fortsätta?
-regenerate_scratch_token_desc=Om du tappat bort din skrapkod, eller redan använt den för att logga in, så kan du återställa den här.
 twofa_disabled=Tvåfaktorsautentisering har blivit avaktiverat.
 scan_this_image=Skanna denna bild med ditt autentiseringsprogram:
 or_enter_secret=Eller skriv in följande sträng: %s
 then_enter_passcode=Och ange den lösenkod som visas i programmet:
 passcode_invalid=Koden är ogiltig. Försök igen.
-twofa_enrolled=Tvåfaktorsautentisering har aktiverats för ditt konto. Förvara din skrapkod (%s) på en säker plats eftersom den bara visas en gång!
 
 
 manage_account_links=Hantera Länkade Konton
@@ -1118,7 +1112,6 @@ milestones.closed=Stängt %s
 milestones.no_due_date=Inget förfallodatum
 milestones.open=Öppna
 milestones.close=Stäng
-milestones.completeness=%d%% Slutförd
 milestones.create=Skapa Milstolpe
 milestones.title=Titel
 milestones.desc=Beskrivning
@@ -1383,22 +1376,18 @@ settings.branches=Brancher
 settings.protected_branch=Branchskydd
 settings.protected_branch_can_push=Tillåt push?
 settings.protected_branch_can_push_yes=Du kan pusha
-settings.protected_branch_can_push_no=Du kan inte pusha
-settings.branch_protection=Branchskydd för '<b>%s</b>'
 settings.protect_this_branch=Aktivera branchskydd
 settings.protect_disable_push=Inaktivera Push
 settings.protect_disable_push_desc=Inga push-förfrågningar kommer att tillåtas till denna branch.
 settings.protect_enable_push=Aktivera Push
 settings.protect_enable_push_desc=Alla med skrivrättigheter kommer att kunna pusha till denna branch (men inte force-pusha).
 settings.protect_check_status_contexts=Aktivera statuskontroller
-settings.protect_check_status_contexts_desc=Kräv godkända statuskontroller innan merge. Välj vilka statuskontroller som godkännas innan grenar kan slås samman till en gren som matchar denna regel. När aktiverad, måste committer först pushas till en annan gren, sedan mergas eller pushas direkt till en gren som matchar denna regel efter statuskontroll har har godkännts. Om inga context väljs måste den sista committen vara framgångsrik oavsett context.
 settings.protect_check_status_contexts_list=Statuskontroller funna under senaste veckan för denna utvecklingskatalog
 settings.protect_required_approvals=Godkännanden som krävs:
 settings.require_signed_commits=Kräv signerade commits
 settings.require_signed_commits_desc=Avvisa pushar till den här grenen om dom är osignerade eller inte verifierbara.
 settings.add_protected_branch=Aktivera skydd
 settings.delete_protected_branch=Inaktivera skydd
-settings.protected_branch_deletion=Inaktivera skydd för branch
 settings.protected_branch_deletion_desc=Genom att inaktivera branchskyddet tillåts användare med skrivrättigheter att pusha till branchen. Vill du fortsätta?
 settings.default_branch_desc=Välj en standard branch för Pull Requests och Code Commits:
 settings.choose_branch=Välj en branch…
@@ -1508,7 +1497,6 @@ branch.deleted_by=Raderad av %s
 
 topic.manage_topics=Hantera ämnen
 topic.done=Klar
-topic.count_prompt=Du kan inte välja fler än 25 ämnen
 
 
 
@@ -1551,7 +1539,6 @@ settings.visibility.private=Privat (synlig endast för organisationens medlemmar
 settings.visibility.private_shortname=Privat
 
 settings.update_settings=Uppdatera inställningar
-settings.update_setting_success=Organisationsinställningarna har uppdaterats.
 settings.update_avatar_success=Organisationens avatar har uppdateras.
 settings.delete=Tag bort organisation
 settings.delete_account=Tag bort denna organisation
@@ -1978,7 +1965,6 @@ raw_minutes=minuter
 
 [dropzone]
 default_message=Släpp filer här eller klicka för att ladda upp.
-invalid_input_type=Du kan inte ladda upp filer av denna typen.
 file_too_big=Filstorleken ({{filesize}} MB) överskrider maxstorleken ({{maxFilesize}} MB).
 remove_file=Ta bort fil
 
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 0d15ac7f437..7ce6b65658c 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -229,7 +229,6 @@ app_desc=Zahmetsiz, kendi sunucunuzda barındırabileceğiniz Git servisi
 install=Kurulumu kolay
 install_desc=Platformunuz için <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">ikili dosyayı çalıştırın</a>, <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a> ile yükleyin veya <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">paket</a> olarak edinin.
 platform=Farklı platformlarda çalışablir
-platform_desc=Gitea <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a> ile derleme yapılabilecek her yerde çalışmaktadır: Windows, macOS, Linux, ARM, vb. Hangisini seviyorsanız onu seçin!
 lightweight=Hafif
 lightweight_desc=Gitea'nın minimal gereksinimleri çok düşüktür ve ucuz bir Raspberry Pi üzerinde çalışabilmektedir. Makine enerjinizden tasarruf edin!
 license=Açık Kaynak
@@ -693,11 +692,9 @@ applications=Uygulamalar
 orgs=Organizasyonları Yönet
 repos=Depolar
 delete=Hesabı Sil
-twofa=İki Aşamalı Doğrulama
 account_link=Bağlı Hesaplar
 organization=Organizasyonlar
 uid=UID
-webauthn=Güvenlik Anahtarları
 
 public_profile=Herkese Açık Profil
 biography_placeholder=Bize kendiniz hakkında birşeyler söyleyin! (Markdown kullanabilirsiniz)
@@ -795,7 +792,6 @@ add_email_success=Yeni e-posta adresi eklendi.
 email_preference_set_success=E-posta tercihi başarıyla ayarlandı.
 add_openid_success=Yeni OpenID adresi eklendi.
 keep_email_private=E-posta Adresini Gizle
-keep_email_private_popup=Bu, e-posta adresinizi profilde, değişiklik isteği yaptığınızda veya web arayüzünde dosya düzenlediğinizde gizleyecektir. İtilen işlemeler değişmeyecektir.
 openid_desc=OpenID, kimlik doğrulama işlemini harici bir sağlayıcıya devretmenize olanak sağlar.
 
 manage_ssh_keys=SSH Anahtarlarını Yönet
@@ -925,7 +921,6 @@ oauth2_client_secret_hint=Bu sayfadan ayrıldıktan veya yeniledikten sonra gizl
 oauth2_application_edit=Düzenle
 oauth2_application_create_description=OAuth2 uygulamaları, üçüncü taraf uygulamanıza bu durumda kullanıcı hesaplarına erişim sağlar.
 oauth2_application_remove_description=Bir OAuth2 uygulamasının kaldırılması, bu sunucudaki yetkili kullanıcı hesaplarına erişmesini önler. Devam edilsin mi?
-oauth2_application_locked=Gitea kimi OAuth2 uygulamalarının başlangıçta ön kaydını, yapılandırmada etkinleştirilmişse yapabilir. Beklenmeyen davranışı önlemek için bunlar ne düzenlenmeli ne de kaldırılmalı. Daha fazla bilgi için OAuth2 belgesine bakın.
 
 authorized_oauth2_applications=Yetkili OAuth2 Uygulamaları
 authorized_oauth2_applications_description=Kişisel Gitea hesabınıza bu üçüncü parti uygulamalara erişim izni verdiniz. Lütfen artık ihtiyaç duyulmayan uygulamalara erişimi iptal edin.
@@ -934,23 +929,18 @@ revoke_oauth2_grant=Erişimi İptal Et
 revoke_oauth2_grant_description=Bu üçüncü taraf uygulamasına erişimin iptal edilmesi bu uygulamanın verilerinize erişmesini önleyecektir. Emin misiniz?
 revoke_oauth2_grant_success=Erişim başarıyla kaldırıldı.
 
-twofa_desc=İki faktörlü kimlik doğrulama, hesabınızın güvenliğini artırır.
 twofa_recovery_tip=Aygıtınızı kaybetmeniz durumunda, hesabınıza tekrar erişmek için tek kullanımlık kurtarma anahtarını kullanabileceksiniz.
 twofa_is_enrolled=Hesabınız şu anda iki faktörlü kimlik doğrulaması içinde <strong>kaydedilmiş</strong>.
 twofa_not_enrolled=Hesabınız şu anda iki faktörlü kimlik doğrulaması içinde kaydedilmemiş.
 twofa_disable=İki Aşamalı Doğrulamayı Devre Dışı Bırak
-twofa_scratch_token_regenerate=Geçici Kodu Yeniden Üret
-twofa_scratch_token_regenerated=Geçici kodunuz şimdi %s. Güvenli bir yerde saklayın, tekrar gösterilmeyecektir.
 twofa_enroll=İki Faktörlü Kimlik Doğrulamaya Kaydolun
 twofa_disable_note=Gerekirse iki faktörlü kimlik doğrulamayı devre dışı bırakabilirsiniz.
 twofa_disable_desc=İki faktörlü kimlik doğrulamayı devre dışı bırakmak hesabınızı daha az güvenli hale getirir. Devam edilsin mi?
-regenerate_scratch_token_desc=Geçici kodunuzu kaybettiyseniz veya oturum açmak için kullandıysanız, buradan sıfırlayabilirsiniz.
 twofa_disabled=İki faktörlü kimlik doğrulama devre dışı bırakıldı.
 scan_this_image=Kim doğrulama uygulamanızla bu görüntüyü tarayın:
 or_enter_secret=Veya gizli şeyi girin: %s
 then_enter_passcode=Ve uygulamada gösterilen şifreyi girin:
 passcode_invalid=Şifre geçersiz. Tekrar deneyin.
-twofa_enrolled=Hesabınız iki faktörlü kimlik doğrulamasına kaydedildi. Kazıma belirtecini (%s) yalnızca bir kez gösterdiği gibi güvenli bir yerde saklayın!
 twofa_failed_get_secret=Gizlilik elde edilemedi.
 
 webauthn_desc=Güvenlik anahtarları, şifreleme anahtarlarını içeren donanım aygıtlarıdır. İki aşamalı kimlik doğrulama için kullanılabilirler. Güvenlik anahtarları <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standardını desteklemelidir.
@@ -1098,9 +1088,7 @@ tree_path_not_found_branch=%[1] yolu, %[2]s dalında mevcut değil
 tree_path_not_found_tag=%[1] yolu, %[2]s etiketinde mevcut değil
 
 transfer.accept=Aktarımı Kabul Et
-transfer.accept_desc=`"%s" tarafına aktar`
 transfer.reject=Aktarımı Reddet
-transfer.reject_desc=`"%s" tarafına aktarımı iptal et`
 transfer.no_permission_to_accept=Bu aktarımı kabul etme izniniz yok.
 transfer.no_permission_to_reject=Bu aktarımı reddetme izniniz yok.
 
@@ -1235,7 +1223,6 @@ releases=Sürüm
 tag=Etiket
 released_this=bu sürümü yayınladı
 tagged_this=şunu etiketledi
-file.title=%s dalındaki/etiketindeki %s
 file_raw=Ham
 file_history=Geçmiş
 file_view_source=Kaynağı Görüntüle
@@ -1252,7 +1239,6 @@ ambiguous_runes_header=`Bu dosya muğlak Evrensel Kodlu karakter içeriyor`
 ambiguous_runes_description=`Bu dosya, başka karakterlerle karıştırılabilecek evrensel kodlu karakter içeriyor. Eğer bunu kasıtlı olarak yaptıysanız bu uyarıyı yok sayabilirsiniz. Gizli karakterleri göstermek için Kaçış Karakterli düğmesine tıklayın.`
 invisible_runes_line=`Bu satırda görünmez evrensel kodlu karakter var`
 ambiguous_runes_line=`Bu satırda muğlak evrensel kodlu karakter var`
-ambiguous_character=`%[1]c [U+%04[1]X], %[2]c [U+%04[2]X] ile karıştırılabilir`
 
 escape_control_characters=Kaçış Karakterli
 unescape_control_characters=Kaçış Karaktersiz
@@ -1863,9 +1849,7 @@ pulls.unrelated_histories=Birleştirme Başarısız: Birleştirme başlığı ve
 pulls.merge_out_of_date=Birleştirme Başarısız: Birleştirme oluşturulurken, taban güncellendi. İpucu: Tekrar deneyin.
 pulls.head_out_of_date=Birleştirme Başarısız: Birleştirme oluşturulurken, ana güncellendi. İpucu: Tekrar deneyin.
 pulls.has_merged=Başarısız: Değişiklik isteği birleştirildi, yeniden birleştiremez veya hedef dalı değiştiremezsiniz.
-pulls.push_rejected=Birleştirme Başarısız Oldu: Gönderme reddedildi. Bu depo için Git İstemcilerini inceleyin.
 pulls.push_rejected_summary=Tam Red Mesajı
-pulls.push_rejected_no_message=Birleştirme başarısız oldu: Gönderme reddedildi, ancak uzak bir mesaj yoktu.<br>Bu depo için Git İstemcilerini inceleyin
 pulls.open_unmerged_pull_exists=`Aynı özelliklere sahip bekleyen bir değişiklik isteği (#%d) olduğundan yeniden açma işlemini gerçekleştiremezsiniz.`
 pulls.status_checking=Bazı denetlemeler beklemede
 pulls.status_checks_success=Tüm denetlemeler başarılı oldu
@@ -1920,7 +1904,6 @@ milestones.no_due_date=Bitiş tarihi yok
 milestones.open=Aç
 milestones.close=Kapat
 milestones.new_subheader=Kilometre taşları konuları yönetmenize ve gelişmelerini takip etmenize yardımcı olur.
-milestones.completeness=%d%% Tamamlandı
 milestones.create=Kilometre Taşı Oluştur
 milestones.title=Başlık
 milestones.desc=Açıklama
@@ -2143,7 +2126,6 @@ settings.pulls.default_delete_branch_after_merge=Varsayılan olarak birleştirme
 settings.pulls.default_allow_edits_from_maintainers=Bakımcıların düzenlemelerine izin ver
 settings.releases_desc=Depo Sürümlerini Etkinleştir
 settings.packages_desc=Depo Paket Kütüğünü Etkinleştir
-settings.projects_desc=Depo Projelerini Etkinleştir
 settings.projects_mode_desc=Proje Modu (ne tür projeler görüntülensin)
 settings.projects_mode_repo=Sadece depo projeleri
 settings.projects_mode_owner=Sadece kullanıcı veya organizasyon projeleri
@@ -2368,10 +2350,6 @@ settings.branches=Dallar
 settings.protected_branch=Dal Koruması
 settings.protected_branch.save_rule=Kuralı Kaydet
 settings.protected_branch.delete_rule=Kural sil
-settings.protected_branch_can_push=İtmeye izin verilsin mi?
-settings.protected_branch_can_push_yes=İtebilirsiniz
-settings.protected_branch_can_push_no=İtemezsiniz
-settings.branch_protection=<b>%s</b> dalı için Dal Koruması
 settings.protect_this_branch=Dal Korumayı Etkinleştir
 settings.protect_this_branch_desc=Silmeyi önler ve dala Git gönderimini ve birleştirmesini kısıtlar.
 settings.protect_disable_push=İtmeyi Devre Dışı Bırak
@@ -2401,7 +2379,6 @@ settings.protect_merge_whitelist_teams=Birleştirme için izin listesindeki tak
 settings.protect_check_status_contexts=Durum Denetimini Etkinleştir
 settings.protect_status_check_patterns=Durum denetleme desenleri:
 settings.protect_status_check_patterns_desc=Bu kurala uyan dala diğer dallar birleştirilmeden önce başarılı olması gereken durum denetlemelerini belirten desenleri girin. Her bir satır bir desen tanımlıyor. Desenler boş olamaz.
-settings.protect_check_status_contexts_desc=Birleştirmeden önce durum denetimlerinin geçmesini zorunlu kılın. Dalların bu kurala uyan bir dalda birleştirilebilmesi için hangi durum denetimlerinin geçmesi gerektiğini seçin. Etkinleştirildiğinde, işlemeler önce başka bir dala gönderilmeli, ardından durum denetimleri geçtikten sonra bu kuralla eşleşen bir dala birleştirilmeli veya doğrudan gönderilmelidir. Hiçbir bağlam seçilmezse, bağlamdan bağımsız olarak son işleme başarılı olmalıdır.
 settings.protect_check_status_contexts_list=Bu depo için geçen haftadaki durum denetimleri
 settings.protect_status_check_matched=Eşleşen
 settings.protect_invalid_status_check_pattern=Hatalı durum denetleme deseni: "%s".
@@ -2425,12 +2402,9 @@ settings.protect_protected_file_patterns=Korumalı dosya kalıpları (noktalı v
 settings.protect_protected_file_patterns_desc=Kullanıcının bu dalda dosya ekleme, düzenleme veya silme hakları olsa bile doğrudan değiştirilmesine izin verilmeyen korumalı dosyalar. Birden çok desen noktalı virgül (';') kullanılarak ayrılabilir. Desen sözdizimi için <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> belgelerine bakın. Örnekler: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Korunmasız dosya desenleri (noktalı virgülle ayrılmış ';'):
 settings.protect_unprotected_file_patterns_desc=Kullanıcının yazma erişimi, itme kısıtlamasını atlama hakkı olduğunda doğrudan değiştirmesine izin verilen korunmasız dosyalar. Birden çok desen noktalı virgül (';') kullanılarak ayrılabilir. Desen söz dizimi için <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> belgelerine bakın. Örnekler: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
-settings.add_protected_branch=Korumayı etkinleştir
-settings.delete_protected_branch=Korumayı devre dışı bırak
 settings.update_protect_branch_success=Dal koruma kuralı "%s" güncellendi.
 settings.remove_protected_branch_success=Dal koruma kuralı "%s" kaldırıldı.
 settings.remove_protected_branch_failed=Dal koruma kuralı "%s" kaldırılamadı.
-settings.protected_branch_deletion=Dal Korumasını Devre Dışı Bırak
 settings.protected_branch_deletion_desc=Dal korumasını devre dışı bırakmak, kullanıcıların dalı itmek için yazma izni olmasını sağlar. Devam edilsin mi?
 settings.block_rejected_reviews=Reddedilen incelemelerde birleştirmeyi engelle
 settings.block_rejected_reviews_desc=Yeterli onay olsa bile resmi gözden geçirenler tarafından değişiklik istendiğinde birleşme mümkün olmayacaktır.
@@ -2440,7 +2414,6 @@ settings.block_outdated_branch=Değişiklik isteği güncel değilse birleştirm
 settings.block_outdated_branch_desc=Baş dal taban dalın arkasındayken birleştirme mümkün olmayacaktır.
 settings.default_branch_desc=Değişiklik istekleri ve kod işlemeleri için varsayılan bir depo dalı seçin:
 settings.merge_style_desc=Biçimleri Birleştir
-settings.default_merge_style_desc=Değişiklik istekleri için varsayılan birleştirme tarzı:
 settings.choose_branch=Bir dal seç…
 settings.no_protected_branch=Korumalı dal yok.
 settings.edit_protected_branch=Düzenle
@@ -2659,7 +2632,6 @@ tag.create_success=`"%s" etiketi oluşturuldu.`
 
 topic.manage_topics=Konuları Yönet
 topic.done=Bitti
-topic.count_prompt=25'ten fazla konu seçemezsiniz
 topic.format_prompt=Konular bir harf veya rakamla başlamalı, kısa çizgi ('-') ve nokta ('.') içerebilir ve en fazla 35 karakter uzunluğunda olabilir. Harfler küçük harf olmalıdır.
 
 find_file.go_to_file=Dosyaya git
@@ -2757,7 +2729,6 @@ teams.leave.detail=%s bırakılsın mı?
 teams.can_create_org_repo=Depoları oluştur
 teams.can_create_org_repo_helper=Üyeler organizasyonda yeni depolar oluşturabilirler. Oluşturan yeni depoya yönetici erişimi sağlayacak.
 teams.none_access=Erişim Yok
-teams.none_access_helper=Üyeler bu birimi görüntüleyemez veya üzerinde başka bir işlem yapamaz.
 teams.general_access=Genel Erişim
 teams.general_access_helper=Üyelerin izinleri aşağıdaki izin tablosuna göre kararlaştırılacaktır.
 teams.read_access=Okuma
@@ -3295,7 +3266,6 @@ monitor.next=Sonraki Zaman
 monitor.previous=Önceki Zaman
 monitor.execute_times=Çalıştırma
 monitor.process=Çalışan Süreçler
-monitor.stacktrace=Yığın izleme
 monitor.processes_count=%d İşlem
 monitor.download_diagnosis_report=Tanı raporunu indir
 monitor.desc=Açıklama
@@ -3303,8 +3273,6 @@ monitor.start=Başlangıç Zamanı
 monitor.execute_time=Çalıştırma Zamanı
 monitor.last_execution_result=Sonuç
 monitor.process.cancel=İşlemi iptal et
-monitor.process.cancel_desc=Bir işlemi iptal etmek veri kaybına neden olabilir
-monitor.process.cancel_notices=İptal et: <strong>%s</strong>?
 monitor.process.children=Çocuklar
 
 monitor.queues=Kuyruklar
@@ -3406,7 +3374,6 @@ raw_minutes=dakikalar
 
 [dropzone]
 default_message=Dosyaları buraya bırakın veya yüklemek için tıklayın.
-invalid_input_type=Bu tür dosyaları yükleyemezsiniz.
 file_too_big=Dosya boyutu ({{filesize}} MB) maksimum boyutu ({{maxFilesize}} MB) aşıyor.
 remove_file=Dosya Kaldır
 
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index cb3c140c5cf..dc5d4cbf629 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -127,7 +127,6 @@ network_error=Помилка мережі
 app_desc=Зручний власний сервіс хостингу репозиторіїв Git
 install=Легко встановити
 platform=Платформонезалежність
-platform_desc=Gitea виконується на платформі, для якої можливо скомпілювати <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a>: Windows, macOS, Linux, ARM, та інших. Оберіть ту, яка вам до вподоби!
 lightweight=Невибагливість
 lightweight_desc=Gitea має низькі вимоги до ресурсів та може працювати на недорогому Raspberry Pi. Збережіть свою машину енергію!
 license=Відкритий вихідний код
@@ -493,7 +492,6 @@ applications=Додатки
 orgs=Керування організаціями
 repos=Репозиторії
 delete=Видалити обліковий запис
-twofa=Двофакторна авторизація
 account_link=Прив'язані облікові записи
 organization=Організації
 
@@ -669,21 +667,17 @@ revoke_key=Відкликати
 revoke_oauth2_grant=Скасувати доступ
 revoke_oauth2_grant_description=Скасування доступу для цієї програми третьої сторони не дозволить їй отримувати доступ до ваших даних. Ви впевнені?
 
-twofa_desc=Двофакторна автентифікація підвищує безпеку вашого облікового запису.
 twofa_is_enrolled=Ваш обліковий запис на даний час <strong>використовує</strong> двофакторну автентифікацію.
 twofa_not_enrolled=Ваш обліковий запис наразі не використовує двофакторну автентифікаціїю.
 twofa_disable=Вимкнути двофакторну автентифікацію
-twofa_scratch_token_regenerate=Перестворити токен одноразового пароля
 twofa_enroll=Увімкнути двофакторну автентифікацію
 twofa_disable_note=При необхідності можна відключити двофакторну автентифікацію.
 twofa_disable_desc=Вимкнення двофакторної автентифікації зробить ваш обліковий запис менш безпечним. Продовжити?
-regenerate_scratch_token_desc=Якщо ви втратили свій токен одноразового пароля або вже використовували його для входу, ви можете скинути його тут.
 twofa_disabled=Двофакторна автентифікація вимкнена.
 scan_this_image=Проскануйте це зображення вашим додатком для двуфакторної автентифікації:
 or_enter_secret=Або введіть секрет: %s
 then_enter_passcode=І введіть пароль, який відображається в додатку:
 passcode_invalid=Некоректний пароль. Спробуй ще раз.
-twofa_enrolled=Для вашого облікового запису було включена двофакторна автентифікація. Зберігайте свій scratch-токен (%s) у безпечному місці, оскільки він показується лише один раз!
 twofa_failed_get_secret=Не вдалося отримати секрет.
 
 
@@ -793,9 +787,7 @@ blame_prior=Переглянути анотацію, що передує цій
 
 
 transfer.accept=Дозволити трансфер
-transfer.accept_desc=`Перемістити до "%s"`
 transfer.reject=Відхилити трансфер
-transfer.reject_desc=`Скасувати переміщення до "%s"`
 
 desc.private=Приватний
 desc.public=Публічний
@@ -907,7 +899,6 @@ release=Реліз
 releases=Релізи
 tag=Тег
 released_this=випущені релізи
-file.title=%s в %s
 file_raw=Неформатований
 file_history=Історія
 file_view_source=Переглянути вихідний код
@@ -1385,7 +1376,6 @@ milestones.closed=Закрито %s
 milestones.no_due_date=Немає дати завершення
 milestones.open=Відкрити
 milestones.close=Закрити
-milestones.completeness=%d%% завершено
 milestones.create=Створити етап
 milestones.title=Заголовок
 milestones.desc=Опис
@@ -1549,7 +1539,6 @@ settings.pulls_desc=Увімкнути запити на злиття в реп
 settings.pulls.ignore_whitespace=Ігнорувати пробіл у конфліктах
 settings.pulls.enable_autodetect_manual_merge=Увімкнути автовизначення ручного злиття (Примітка: у деяких особливий випадках можуть виникнуть помилки)
 settings.pulls.default_delete_branch_after_merge=Видаляти гілку запиту злиття, коли його прийнято
-settings.projects_desc=Увімкнути проєкти у репозиторії
 settings.admin_settings=Налаштування адміністратора
 settings.admin_enable_health_check=Включити перевірки працездатності репозиторію (git fsck)
 settings.admin_enable_close_issues_via_commit_in_any_branch=Закрити задачу за допомогою коміта, зробленого не в головній гілці
@@ -1724,8 +1713,6 @@ settings.branches=Гілки
 settings.protected_branch=Захист гілки
 settings.protected_branch_can_push=Дозволити push?
 settings.protected_branch_can_push_yes=Ви можете виконувати push
-settings.protected_branch_can_push_no=Ви не можете виконувати push
-settings.branch_protection=Захист гілки <b>%s</b>
 settings.protect_this_branch=Захистити цю гілку
 settings.protect_this_branch_desc=Запобігає видаленню гілки та обмежує виконання в ній push та злиття.
 settings.protect_disable_push=Заборонити Push
@@ -1733,7 +1720,6 @@ settings.protect_disable_push_desc=Для цієї гілки буде забо
 settings.protect_enable_push=Дозволити Push
 settings.protect_enable_push_desc=Будь-хто із правом запису зможе виконувати push для цієї гілки (за виключенням force push).
 settings.protect_check_status_contexts=Увімкнути перевірку стану
-settings.protect_check_status_contexts_desc=Вимагати успішного проходження перевірок стану перед злиттям. Оберіть перевірки стану, які слід провести для гілок, перед їх об'єднанням з гілкою, що відповідає цьому правилу. Коли цей пункт увімкнено, коміти спершу надсилаються до іншої гілки, а потім зливаються або надсилаються безпосередньо до гілки, яка відповідає цьому правилу після успішного проходження перевірок стану. Якщо не вибрано контекст, останній коміт має успішно проходити перевірки, незалежно від контексту.
 settings.protect_check_status_contexts_list=Перевірки статусу знайдено для репозитарію за минулий тиждень
 settings.protect_required_approvals=Необхідно схвалення:
 settings.protect_required_approvals_desc=Дозволити об'єднання запитів на злиття лише із достатньою кількістю позитивних рецензій.
@@ -1743,7 +1729,6 @@ settings.require_signed_commits=Потрібно підписані коміти
 settings.require_signed_commits_desc=Відхиляти push до цієї гілки, якщо вони не підписані або підпис неможливо перевірити.
 settings.add_protected_branch=Увімкнути захист
 settings.delete_protected_branch=Вимкнути захист
-settings.protected_branch_deletion=Відключити захист гілки
 settings.protected_branch_deletion_desc=Будь-який користувач з дозволами на запис зможе виконувати push в цю гілку. Ви впевнені?
 settings.block_rejected_reviews=Блокувати злиття при відкидаючих рецензіях
 settings.block_rejected_reviews_desc=Злиття буде недоступним, якщо є запит змін від офіційних рецензентів, навіть за наявності достатньої кількості схвалень.
@@ -1752,7 +1737,6 @@ settings.block_on_official_review_requests_desc=Об’єднання немож
 settings.block_outdated_branch=Блокувати злиття, якщо запит на злиття застарів
 settings.block_outdated_branch_desc=Злиття буде неможливим, коли головна гілка позаду основної.
 settings.default_branch_desc=Головна гілка є 'базовою' для вашого репозиторія, на яку за замовчуванням спрямовані всі запити на злиття і яка є обличчям вашого репозиторія. Перше, що побачить відвідувач - це зміст головної гілки. Виберіть її з уже існуючих:
-settings.default_merge_style_desc=Стиль злиття за замовчуванням:
 settings.choose_branch=Оберіть гілку…
 settings.no_protected_branch=Немає захищених гілок.
 settings.edit_protected_branch=Редагувати
@@ -1920,7 +1904,6 @@ tag.create_tag=Створити тег <strong>%s</strong>
 
 topic.manage_topics=Керувати тематичними мітками
 topic.done=Готово
-topic.count_prompt=Ви не можете вибрати більше 25 тем
 
 
 error.csv.too_large=Не вдається відобразити цей файл, тому що він завеликий.
@@ -2438,8 +2421,6 @@ monitor.desc=Опис
 monitor.start=Час початку
 monitor.execute_time=Час виконання
 monitor.process.cancel=Зупинити процес
-monitor.process.cancel_desc=Зупинка процесу може призвести до втрати даних
-monitor.process.cancel_notices=Зупинити: <strong>%s</strong>?
 monitor.process.children=Дочірні процеси
 
 monitor.queues=Черги
@@ -2524,7 +2505,6 @@ raw_minutes=хвилини
 
 [dropzone]
 default_message=Перетягніть файли або натисніть тут, щоб завантажити.
-invalid_input_type=Ви не можете завантажувати файли цього типу.
 file_too_big=Розмір файлу ({{filesize}} MB), що більше ніж максимальний розмір: ({{maxFilesize}} MB).
 remove_file=Видалити файл
 
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index d8897735c2a..c85e84ad60c 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -228,7 +228,6 @@ app_desc=一款极易搭建的自助 Git 服务
 install=易安装
 install_desc=通过 <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">二进制</a> 来运行；或者通过 <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">docker</a> 来运行；或者通过 <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">安装包</a> 来运行
 platform=跨平台
-platform_desc=任何 <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go 语言</a> 支持的平台都可以运行 Gitea，包括 Windows、Mac、Linux 以及 ARM。挑一个您喜欢的就行！
 lightweight=轻量级
 lightweight_desc=一个廉价的树莓派的配置足以满足 Gitea 的最低系统硬件要求。最大程度上节省您的服务器资源！
 license=开源化
@@ -685,11 +684,9 @@ applications=应用
 orgs=管理组织
 repos=仓库列表
 delete=删除帐户
-twofa=两步验证
 account_link=已绑定帐户
 organization=组织
 uid=UID
-webauthn=安全密钥
 
 public_profile=公开信息
 biography_placeholder=告诉我们一点您自己！ (您可以使用Markdown)
@@ -787,7 +784,6 @@ add_email_success=新的电子邮件地址已添加。
 email_preference_set_success=电子邮件首选项已成功设置。
 add_openid_success=新的 OpenID 地址已添加。
 keep_email_private=隐藏电子邮件地址
-keep_email_private_popup=这将会隐藏您的电子邮件地址，不仅在您的个人资料中，还在您使用Web界面创建拉取请求或编辑文件时。已推送的提交将不会被修改。
 openid_desc=OpenID 让你可以将认证转发到外部服务。
 
 manage_ssh_keys=管理 SSH 密钥
@@ -916,7 +912,6 @@ oauth2_client_secret_hint=您离开或刷新此页面后将不会再显示此密
 oauth2_application_edit=编辑
 oauth2_application_create_description=OAuth2 应用允许您的第三方应用程序访问此实例的用户帐户。
 oauth2_application_remove_description=移除一个OAuth2应用将会阻止它访问此实例上的已授权用户账户。是否继续？
-oauth2_application_locked=如果配置启用，Gitea预注册一些OAuth2应用程序。 为了防止意外的行为, 这些应用既不能编辑也不能删除。请参阅OAuth2文档以获取更多信息。
 
 authorized_oauth2_applications=已授权的 OAuth2 应用
 authorized_oauth2_applications_description=您已授予这些第三方应用程序访问您的个人 Gitea 账户的权限。请撤销那些您不再需要的应用程序的访问权限。
@@ -925,23 +920,18 @@ revoke_oauth2_grant=撤回权限
 revoke_oauth2_grant_description=确定撤销此三方应用程序的授权，并阻止此应用程序访问您的数据？
 revoke_oauth2_grant_success=成功撤销了访问权限。
 
-twofa_desc=两步验证可以加强你的账号安全性。
 twofa_recovery_tip=如果您丢失了您的设备，您将能够使用一次性恢复密钥来重新获得对您账户的访问。
 twofa_is_enrolled=你的账号<strong>已启用</strong>了两步验证。
 twofa_not_enrolled=你的账号未开启两步验证。
 twofa_disable=禁用两步认证
-twofa_scratch_token_regenerate=重新生成初始令牌
-twofa_scratch_token_regenerated=您的临时令牌现在是 %s。将其存放在安全的地方，它将不会再次显示。
 twofa_enroll=启用两步验证
 twofa_disable_note=如果需要, 可以禁用双因素身份验证。
 twofa_disable_desc=关掉两步验证会使得您的账号不安全，继续执行？
-regenerate_scratch_token_desc=如果您丢失了您的验证口令或已经使用它登录, 您可以在这里重置它。
 twofa_disabled=两步验证已被禁用。
 scan_this_image=使用您的授权应用扫描这张图片：
 or_enter_secret=或者输入密钥：%s
 then_enter_passcode=并输入应用程序中显示的密码:
 passcode_invalid=密码不正确。再试一次。
-twofa_enrolled=你的账号已经启用了两步验证。请保存初始令牌（%s）到一个安全的地方，此令牌仅当前显示一次。
 twofa_failed_get_secret=获取 secret 失败。
 
 webauthn_desc=安全密钥是包含加密密钥的硬件设备。它们可以用于双因素身份验证。安全密钥必须支持 <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn 身份验证器</a> 标准。
@@ -1089,9 +1079,7 @@ tree_path_not_found_branch=路径 %[1]s 不存在于分支 %[2]s 中。
 tree_path_not_found_tag=路径 %[1]s 不存在于标签 %[2]s 中
 
 transfer.accept=接受转移
-transfer.accept_desc=`转移到 "%s"`
 transfer.reject=拒绝转移
-transfer.reject_desc=`取消转移到 "%s"`
 transfer.no_permission_to_accept=您没有权限接受此转让。
 transfer.no_permission_to_reject=您没有权限拒绝此转让。
 
@@ -1226,7 +1214,6 @@ releases=版本发布
 tag=Git标签
 released_this=发布
 tagged_this=已标记
-file.title=%s 位于 %s
 file_raw=原始文件
 file_history=文件历史
 file_view_source=源码模式
@@ -1242,7 +1229,6 @@ ambiguous_runes_header=`此文件含有模棱两可的 Unicode 字符`
 ambiguous_runes_description=`此文件含有可能会与其他字符混淆的 Unicode 字符。 如果您是想特意这样的，可以安全地忽略该警告。 使用 Escape 按钮显示他们。`
 invisible_runes_line=`此行含有不可见的 unicode 字符`
 ambiguous_runes_line=`此行有模棱两可的 unicode 字符`
-ambiguous_character=`%[1]c [U+%04[1]X] 容易和 %[2]c [U+%04[2]X] 混淆`
 
 escape_control_characters=Escape
 unescape_control_characters=Unescape
@@ -1851,9 +1837,7 @@ pulls.unrelated_histories=合并失败：两个分支没有共同历史。提示
 pulls.merge_out_of_date=合并失败：在生成合并时，主分支已更新。提示：再试一次。
 pulls.head_out_of_date=合并失败：在生成合并时，head 已更新。提示：再试一次。
 pulls.has_merged=失败：合并请求已经被合并，您不能再次合并或更改目标分支。
-pulls.push_rejected=合并失败：推送被拒绝。审查此仓库的 Git 钩子。
 pulls.push_rejected_summary=详细拒绝信息
-pulls.push_rejected_no_message=合并失败：此推送被拒绝但未提供其他信息。<br>请检查此仓库的 Git Hook。
 pulls.open_unmerged_pull_exists=`您不能执行重新打开操作, 因为已经存在相同的合并请求 (#%d)。`
 pulls.status_checking=一些检测仍在等待运行
 pulls.status_checks_success=所有检测均成功
@@ -1909,7 +1893,6 @@ milestones.no_due_date=暂无截止日期
 milestones.open=开启中
 milestones.close=关闭
 milestones.new_subheader=里程碑可以帮助您组织工单并跟踪其进度。
-milestones.completeness=%d%% 完成
 milestones.create=创建里程碑
 milestones.title=标题
 milestones.desc=描述
@@ -1980,7 +1963,6 @@ wiki.original_git_entry_tooltip=查看原始的 Git 文件而不是使用友好
 activity=动态
 activity.navbar.pulse=活动
 activity.navbar.code_frequency=代码频率
-activity.navbar.contributors=贡献者
 activity.navbar.recent_commits=最近的提交
 activity.period.filter_label=周期：
 activity.period.daily=1 天
@@ -2132,7 +2114,6 @@ settings.pulls.default_delete_branch_after_merge=默认合并后删除合并请
 settings.pulls.default_allow_edits_from_maintainers=默认开启允许维护者编辑
 settings.releases_desc=启用发布
 settings.packages_desc=启用仓库软件包注册中心
-settings.projects_desc=启用仓库项目
 settings.projects_mode_desc=项目模式 (要显示的项目类型)
 settings.projects_mode_repo=仅仓库项目
 settings.projects_mode_owner=仅限用户或组织项目
@@ -2353,13 +2334,9 @@ settings.deploy_key_deletion=删除部署密钥
 settings.deploy_key_deletion_desc=删除部署密钥将取消此密钥对此仓库的访问权限。继续？
 settings.deploy_key_deletion_success=部署密钥已删除。
 settings.branches=分支
-settings.protected_branch=分支保护
 settings.protected_branch.save_rule=保存规则
 settings.protected_branch.delete_rule=删除规则
-settings.protected_branch_can_push=允许推吗？
 settings.protected_branch_can_push_yes=你可以推
-settings.protected_branch_can_push_no=你不能推
-settings.branch_protection=分支 '<b>%s</b>' 的分支保护
 settings.protect_this_branch=启用分支保护
 settings.protect_this_branch_desc=阻止删除并限制Git推送和合并到分支。
 settings.protect_disable_push=禁用推送
@@ -2371,7 +2348,6 @@ settings.protect_enable_merge_desc=任何具有写入权限的人都可以将合
 settings.protect_check_status_contexts=启用状态检查
 settings.protect_status_check_patterns=状态检查模式：
 settings.protect_status_check_patterns_desc=输入模式，指定哪些状态检查必须通过，才能将分支合并到符合此规则的分支中去。每一行指定一个模式，模式不能为空。
-settings.protect_check_status_contexts_desc=要求状态检查通过才能合并，选择必须先通过哪些状态检查才能合并。如果启用，推送的合并请求必须先通过状态检查才能够合并到对应的分支。如果没有选择具体的状态检查上下文，则所有的状态检查都通过才能合并。
 settings.protect_check_status_contexts_list=此仓库上周进行过的状态检查
 settings.protect_status_check_matched=匹配
 settings.protect_invalid_status_check_pattern=无效的状态检查规则：“%s”。
@@ -2391,12 +2367,9 @@ settings.protect_protected_file_patterns=受保护的文件模式(使用分号 '
 settings.protect_protected_file_patterns_desc=即使用户有权添加、编辑或删除此分支中的文件，也不允许直接更改受保护的文件。 可以使用分号 (';') 分隔多个模式。 见<a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a>文档了解模式语法。例如： <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
 settings.protect_unprotected_file_patterns=不受保护的文件模式(使用分号 ';' 分隔)：
 settings.protect_unprotected_file_patterns_desc=如果用户有写权限，则允许直接更改的不受保护的文件，以绕过推送限制。可以使用分号分隔多个模式 (';')。 见 <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> 文档了解模式语法。例如： <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
-settings.add_protected_branch=启用保护
-settings.delete_protected_branch=禁用保护
 settings.update_protect_branch_success=分支保护规则 %s 更新成功。
 settings.remove_protected_branch_success=移除分支保护规则"%s"成功。
 settings.remove_protected_branch_failed=移除分支保护规则"%s"失败。
-settings.protected_branch_deletion=禁用分支保护
 settings.protected_branch_deletion_desc=禁用分支保护允许具有写入权限的用户推送提交到此分支。继续？
 settings.block_rejected_reviews=拒绝审核阻止了此合并
 settings.block_rejected_reviews_desc=如果官方审查人员要求作出改动，即使有足够的批准，合并也不允许。
@@ -2406,7 +2379,6 @@ settings.block_outdated_branch=如果合并请求已经过时，阻止合并
 settings.block_outdated_branch_desc=当头部分支落后基础分支时，不能合并。
 settings.default_branch_desc=请选择一个默认的分支用于合并请求和提交：
 settings.merge_style_desc=合并方式
-settings.default_merge_style_desc=合并请求的默认合并样式：
 settings.choose_branch=选择一个分支...
 settings.no_protected_branch=没有受保护的分支
 settings.edit_protected_branch=编辑
@@ -2625,7 +2597,6 @@ tag.create_success=标签"%s"已存在
 
 topic.manage_topics=管理主题
 topic.done=保存
-topic.count_prompt=您最多选择25个主题
 topic.format_prompt=主题必须以字母或数字开头，可以包含连字符 ('-') 和句点 ('.')，长度不得超过35个字符。字符必须为小写。
 
 find_file.go_to_file=转到文件
@@ -2698,7 +2669,6 @@ settings.delete_prompt=删除操作会永久清除该组织的信息，并且 <s
 settings.confirm_delete_account=确认删除组织
 settings.delete_org_title=删除组织
 settings.delete_org_desc=此组织将会被永久删除，确认继续吗？
-settings.hooks_desc=在此处添加的 Web 钩子将会应用到该组织下的 <strong>所有仓库</strong>。
 
 settings.labels_desc=添加能够被该组织下的 <strong>所有仓库</strong> 的工单使用的标签。
 
@@ -2723,7 +2693,6 @@ teams.leave.detail=离开 %s？
 teams.can_create_org_repo=创建仓库
 teams.can_create_org_repo_helper=成员可以在组织中创建仓库。创建者将自动获得创建的仓库的管理员权限。
 teams.none_access=无访问权限
-teams.none_access_helper=成员无法查看此单元或对其执行任何其他操作。
 teams.general_access=常规访问
 teams.general_access_helper=成员权限将由以下权限表决定。
 teams.read_access=可读
@@ -3246,7 +3215,6 @@ monitor.next=下次执行时间
 monitor.previous=上次执行时间
 monitor.execute_times=执行次数
 monitor.process=运行中进程
-monitor.stacktrace=调用栈踪迹
 monitor.processes_count=%d 个进程
 monitor.download_diagnosis_report=下载诊断报告
 monitor.desc=进程描述
@@ -3254,8 +3222,6 @@ monitor.start=开始时间
 monitor.execute_time=执行时长
 monitor.last_execution_result=结果
 monitor.process.cancel=中止进程
-monitor.process.cancel_desc=中止一个进程可能导致数据丢失
-monitor.process.cancel_notices=中止：<strong>%s</strong> ？
 monitor.process.children=子进程
 
 monitor.queues=队列
@@ -3357,8 +3323,6 @@ raw_minutes=分钟
 
 [dropzone]
 default_message=拖动文件或者点击此处上传。
-invalid_input_type=您不能上传该类型的文件
-file_too_big=文件体积（{{filesize}} MB）超过了最大允许体积（{{maxFilesize}} MB）
 remove_file=移除文件
 
 [notification]
@@ -3505,7 +3469,6 @@ settings.link=将此软件包链接到仓库
 settings.link.description=如果您将一个软件包与一个代码库链接起来，软件包将显示在代码库的软件包列表中。
 settings.link.select=选择仓库
 settings.link.button=更新仓库链接
-settings.link.success=仓库链接已成功更新。
 settings.link.error=更新仓库链接失败。
 settings.delete=删除软件包
 settings.delete.description=删除软件包是永久性的，无法撤消。
diff --git a/options/locale/locale_zh-HK.ini b/options/locale/locale_zh-HK.ini
index 64a012e3078..26b87f51540 100644
--- a/options/locale/locale_zh-HK.ini
+++ b/options/locale/locale_zh-HK.ini
@@ -217,7 +217,6 @@ social=社交帳號綁定
 orgs=管理組織
 repos=儲存庫管理
 delete=刪除帳戶
-twofa=兩步驟驗證
 organization=組織管理
 
 public_profile=公開訊息
@@ -600,13 +599,6 @@ settings.deploy_keys=管理部署金鑰
 settings.add_deploy_key=新增部署金鑰
 settings.title=標題
 settings.deploy_key_content=金鑰文本
-settings.branches=分支列表
-settings.protected_branch=分支保護
-settings.protected_branch_can_push=允許推送？
-settings.protected_branch_can_push_yes=你可以推送
-settings.protected_branch_can_push_no=你不能推送
-settings.add_protected_branch=啟用保護
-settings.delete_protected_branch=停用保護
 settings.edit_protected_branch=編輯
 
 diff.browse_source=瀏覽代碼
@@ -966,7 +958,6 @@ error.not_signed_commit=未簽名的提交
 
 [packages]
 filter.type=認證類型
-alpine.repository.branches=分支列表
 alpine.repository.repositories=儲存庫管理
 conan.details.repository=儲存庫
 owner.settings.cleanuprules.enabled=已啟用
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index a2e0d9298ba..045e0ddecec 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -176,7 +176,6 @@ network_error=網路錯誤
 app_desc=一套極易架設的 Git 服務
 install=安裝容易
 platform=跨平台
-platform_desc=Gitea 可以在所有能編譯 <a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go 語言</a>的平台上執行: Windows, macOS, Linux, ARM 等等。挑一個您喜歡的吧！
 lightweight=輕量級
 lightweight_desc=一片便宜的 Raspberry Pi 就可以滿足 Gitea 的最低需求。節省您的機器資源！
 license=開放原始碼
@@ -583,10 +582,8 @@ applications=應用程式
 orgs=管理組織
 repos=儲存庫
 delete=刪除帳戶
-twofa=兩步驟驗證
 account_link=已連結帳號
 organization=組織
-webauthn=安全金鑰
 
 public_profile=公開的個人資料
 password_username_disabled=非本地使用者不允許更改他們的帳號。詳細資訊請聯絡您的系統管理員。
@@ -784,21 +781,17 @@ revoke_key=撤銷
 revoke_oauth2_grant=撤銷存取權
 revoke_oauth2_grant_description=撤銷此第三方應用程式的存取權，此應用程式就無法再存取您的資料？您確定嗎？
 
-twofa_desc=兩步驟驗證可以增強您的帳戶安全性。
 twofa_is_enrolled=您的帳戶已經<strong>啟用</strong>兩步驟驗證。
 twofa_not_enrolled=您的帳戶目前尚未啟用兩步驟驗證。
 twofa_disable=停用兩步驟驗證
-twofa_scratch_token_regenerate=重新產生備用驗證碼
 twofa_enroll=啟用兩步驟驗證
 twofa_disable_note=如有需要，您可以停用兩步驟驗證。
 twofa_disable_desc=關閉兩步驟驗證會使您的帳戶安全性降低，是否繼續？
-regenerate_scratch_token_desc=如果您遺失了備用驗證碼或已經使用它登入，您可以在此重新設定。
 twofa_disabled=兩步驟驗證已經被關閉。
 scan_this_image=使用您的授權應用程式來掃瞄圖片:
 or_enter_secret=或者輸入密碼: %s
 then_enter_passcode=然後輸入應用程式中顯示的驗證碼：
 passcode_invalid=無效的驗證碼，請重試。
-twofa_enrolled=您的帳戶已經啟用了兩步驟驗證。請將備用驗證碼 (%s) 保存到安全的地方，它只會顯示這麼一次！
 twofa_failed_get_secret=取得密鑰 (Secret) 失敗。
 
 webauthn_desc=安全金鑰是包含加密密鑰的硬體設備，它們可以用於兩步驟驗證。安全金鑰必須支援 <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> 標準。
@@ -920,9 +913,7 @@ author_search_tooltip=最多顯示 30 位使用者
 
 
 transfer.accept=同意轉移
-transfer.accept_desc=轉移到「%s」
 transfer.reject=拒絕轉移
-transfer.reject_desc=取消轉移到「%s」
 
 desc.private=私有
 desc.public=公開
@@ -1046,7 +1037,6 @@ releases=版本發布
 tag=標籤
 released_this=發布了此版本
 tagged_this=標記了此標籤
-file.title=%s 於 %s
 file_raw=原始文件
 file_history=歷史記錄
 file_view_source=檢視原始碼
@@ -1056,7 +1046,6 @@ file_permalink=永久連結
 file_too_large=檔案太大，無法顯示。
 invisible_runes_line=`這一行有看不見的 Unicode 字元`
 ambiguous_runes_line=`這一行有易混淆的 Unicode 字元`
-ambiguous_character=`%[1]c [U+%04[1]X] 容易與 %[2]c [U+%04[2]X] 混淆`
 
 escape_control_characters=Escape
 unescape_control_characters=Unescape
@@ -1594,9 +1583,7 @@ pulls.rebase_conflict_summary=錯誤訊息
 pulls.unrelated_histories=合併失敗：要合併的 HEAD 和基底分支沒有共同的歷史。 提示：請嘗試不同的策略
 pulls.merge_out_of_date=合併失敗：產生合併時，基底已被更新。提示：再試一次。
 pulls.head_out_of_date=合併失敗：產生合併時，head 已被更新。提示：再試一次。
-pulls.push_rejected=合併失敗：此推送被拒絕。請檢查此儲存庫的 Git Hook。
 pulls.push_rejected_summary=完整的拒絕訊息
-pulls.push_rejected_no_message=合併失敗：此推送被拒絕但未提供其他資訊。<br>請檢查此儲存庫的 Git Hook。
 pulls.open_unmerged_pull_exists=`您不能重新開放，因為目前有相同的合併請求 (#%d) 正在進行中。`
 pulls.status_checking=還在進行一些檢查
 pulls.status_checks_success=已通過所有檢查
@@ -1640,7 +1627,6 @@ milestones.update_ago=已更新 %s
 milestones.no_due_date=暫無截止日期
 milestones.open=開啟
 milestones.close=關閉
-milestones.completeness=%d%% 完成
 milestones.create=建立里程碑
 milestones.title=標題
 milestones.desc=描述
@@ -1819,7 +1805,6 @@ settings.pulls.default_delete_branch_after_merge=預設在合併後刪除合併
 settings.pulls.default_allow_edits_from_maintainers=預設允許維護者進行編輯
 settings.releases_desc=啟用儲存庫版本發佈
 settings.packages_desc=啟用儲存庫套件註冊中心
-settings.projects_desc=啟用儲存庫專案
 settings.projects_mode_all=所有專案
 settings.actions_desc=啟用儲存庫 Actions
 settings.admin_settings=管理員設定
@@ -2027,13 +2012,8 @@ settings.deploy_key_deletion=刪除部署金鑰
 settings.deploy_key_deletion_desc=移除部署金鑰將拒絕它存取此儲存庫。是否繼續？
 settings.deploy_key_deletion_success=部署金鑰已移除。
 settings.branches=分支
-settings.protected_branch=分支保護
 settings.protected_branch.save_rule=儲存規則
 settings.protected_branch.delete_rule=刪除規則
-settings.protected_branch_can_push=允許推送？
-settings.protected_branch_can_push_yes=你可以推送
-settings.protected_branch_can_push_no=你不能推送
-settings.branch_protection=<b>%s</b> 的分支保護
 settings.protect_this_branch=啟用分支保護
 settings.protect_this_branch_desc=防止刪除分支，並限制 Git 推送與合併到分支。
 settings.protect_disable_push=停用推送
@@ -2043,7 +2023,6 @@ settings.protect_enable_push_desc=任何擁有寫入權限的使用者將可推
 settings.protect_enable_merge=啟用合併
 settings.protect_enable_merge_desc=任何有寫入權限的人都可將合併請求合併到此分支
 settings.protect_check_status_contexts=啟用狀態檢查
-settings.protect_check_status_contexts_desc=合併前必須先通過狀態檢查。選擇合併前必須通過的檢查。啟用時，必須先將提交推送到另一個分支，通過狀態檢查後再合併或直接推送到符合規則的分支。如果未選擇任何項目，最一個提交必將成功通過狀態檢查。
 settings.protect_check_status_contexts_list=此儲存庫一週內曾進行過狀態檢查
 settings.protect_required_approvals=需要的核可數量：
 settings.protect_required_approvals_desc=只有在獲得足夠數量的核可後才能進行合併。
@@ -2056,9 +2035,6 @@ settings.protect_protected_file_patterns=受保護的檔案模式 (以分號區
 settings.protect_protected_file_patterns_desc=即便使用者有權限新增、修改、刪除此分支的檔案，仍不允許直接修改受保護的檔案。可以用半形分號「;」分隔多個模式。請於 <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> 文件查看模式格式。範例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
 settings.protect_unprotected_file_patterns=未受保護的檔案模式 (以分號區隔「;」):
 settings.protect_unprotected_file_patterns_desc=當使用者有寫入權限時，可繞過推送限制，直接修改未受保護的檔案。可以用半形分號「;」分隔多個模式。請於 <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> 文件查看模式格式。範例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
-settings.add_protected_branch=啟用保護
-settings.delete_protected_branch=停用保護
-settings.protected_branch_deletion=停用分支保護
 settings.protected_branch_deletion_desc=停用分支保護將允許有寫入權限的使用者推送至該分支，是否繼續？
 settings.block_rejected_reviews=有退回的審核時阻擋合併
 settings.block_rejected_reviews_desc=如果官方審核人員提出變更請求，即使有足夠的核可也不允許進行合併。
@@ -2269,7 +2245,6 @@ tag.create_success=已建立標籤「%s」。
 
 topic.manage_topics=管理主題
 topic.done=完成
-topic.count_prompt=您最多能選擇 25 個主題
 
 find_file.go_to_file=移至檔案
 find_file.no_matching=找不到符合的檔案
@@ -2841,14 +2816,11 @@ monitor.next=下次執行時間
 monitor.previous=上次執行時間
 monitor.execute_times=執行次數
 monitor.process=執行中的處理程序
-monitor.stacktrace=堆疊追蹤
 monitor.desc=描述
 monitor.start=開始時間
 monitor.execute_time=已執行時間
 monitor.last_execution_result=結果
 monitor.process.cancel=結束處理程序
-monitor.process.cancel_desc=結束處理程序可能造成資料遺失
-monitor.process.cancel_notices=結束: <strong>%s</strong>?
 monitor.process.children=子程序
 
 monitor.queues=佇列
@@ -2936,7 +2908,6 @@ raw_minutes=分鐘
 
 [dropzone]
 default_message=拖放檔案或是點擊此處上傳。
-invalid_input_type=您無法上傳此類型的檔案
 file_too_big=檔案大小({{filesize}} MB) 超過了最大允許大小({{maxFilesize}} MB)
 remove_file=移除文件
 

From 286ede47ad683bf0431e531e82019cd016cc54dd Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Sun, 1 Sep 2024 13:57:31 +0800
Subject: [PATCH 038/129] Fix index too many file names bug (#31903)

Try to fix #31884
Fix #28584
---
 modules/indexer/code/git.go | 38 ++++++++++++++++++++++++++++++-------
 1 file changed, 31 insertions(+), 7 deletions(-)

diff --git a/modules/indexer/code/git.go b/modules/indexer/code/git.go
index bc345f23254..df9783288b0 100644
--- a/modules/indexer/code/git.go
+++ b/modules/indexer/code/git.go
@@ -113,7 +113,24 @@ func nonGenesisChanges(ctx context.Context, repo *repo_model.Repository, revisio
 	var changes internal.RepoChanges
 	var err error
 	updatedFilenames := make([]string, 0, 10)
-	for _, line := range strings.Split(stdout, "\n") {
+
+	updateChanges := func() error {
+		cmd := git.NewCommand(ctx, "ls-tree", "--full-tree", "-l").AddDynamicArguments(revision).
+			AddDashesAndList(updatedFilenames...)
+		lsTreeStdout, _, err := cmd.RunStdBytes(&git.RunOpts{Dir: repo.RepoPath()})
+		if err != nil {
+			return err
+		}
+
+		updates, err1 := parseGitLsTreeOutput(lsTreeStdout)
+		if err1 != nil {
+			return err1
+		}
+		changes.Updates = append(changes.Updates, updates...)
+		return nil
+	}
+	lines := strings.Split(stdout, "\n")
+	for _, line := range lines {
 		line = strings.TrimSpace(line)
 		if len(line) == 0 {
 			continue
@@ -161,15 +178,22 @@ func nonGenesisChanges(ctx context.Context, repo *repo_model.Repository, revisio
 		default:
 			log.Warn("Unrecognized status: %c (line=%s)", status, line)
 		}
+
+		// According to https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/command-line-string-limitation#more-information
+		// the command line length should less than 8191 characters, assume filepath is 256, then 8191/256 = 31, so we use 30
+		if len(updatedFilenames) >= 30 {
+			if err := updateChanges(); err != nil {
+				return nil, err
+			}
+			updatedFilenames = updatedFilenames[0:0]
+		}
 	}
 
-	cmd := git.NewCommand(ctx, "ls-tree", "--full-tree", "-l").AddDynamicArguments(revision).
-		AddDashesAndList(updatedFilenames...)
-	lsTreeStdout, _, err := cmd.RunStdBytes(&git.RunOpts{Dir: repo.RepoPath()})
-	if err != nil {
-		return nil, err
+	if len(updatedFilenames) > 0 {
+		if err := updateChanges(); err != nil {
+			return nil, err
+		}
 	}
 
-	changes.Updates, err = parseGitLsTreeOutput(lsTreeStdout)
 	return &changes, err
 }

From 55502265716f000a2c61c98fa093244e1310d97f Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Sun, 1 Sep 2024 17:15:29 +0200
Subject: [PATCH 039/129] Improve textarea paste (#31948)

- When pasting a URL over another URL, replace the URL instead of
creating a useless `[url](url)`. This is the 1-line change
[here](https://github.com/go-gitea/gitea/pull/31948/files#diff-be8e94d7e3da33b187381f53d28095107bd0cf29ae9a9e997e4f422f4a54479cR122).
- Always run `initTextareaEvents`, previously it was not run when
`dropzoneEl` was not present like when attachements are disabled on the
server. Refactored the function to gracefully handle absent `dropzoneEl`
and rename the function to a better name.
---
 web_src/js/features/comp/ComboMarkdownEditor.ts | 6 ++----
 web_src/js/features/comp/EditorUpload.ts        | 8 ++++----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/web_src/js/features/comp/ComboMarkdownEditor.ts b/web_src/js/features/comp/ComboMarkdownEditor.ts
index 69fe34269b3..5f1807f3733 100644
--- a/web_src/js/features/comp/ComboMarkdownEditor.ts
+++ b/web_src/js/features/comp/ComboMarkdownEditor.ts
@@ -3,7 +3,7 @@ import '@github/text-expander-element';
 import $ from 'jquery';
 import {attachTribute} from '../tribute.ts';
 import {hideElem, showElem, autosize, isElemVisible} from '../../utils/dom.ts';
-import {initEasyMDEPaste, initTextareaUpload} from './EditorUpload.ts';
+import {initEasyMDEPaste, initTextareaEvents} from './EditorUpload.ts';
 import {handleGlobalEnterQuickSubmit} from './QuickSubmit.ts';
 import {renderPreviewPanelContent} from '../repo-editor.ts';
 import {easyMDEToolbarActions} from './EasyMDEToolbarActions.ts';
@@ -110,9 +110,7 @@ class ComboMarkdownEditor {
     });
 
     initTextareaMarkdown(this.textarea);
-    if (this.dropzone) {
-      initTextareaUpload(this.textarea, this.dropzone);
-    }
+    initTextareaEvents(this.textarea, this.dropzone);
   }
 
   async setupDropzone() {
diff --git a/web_src/js/features/comp/EditorUpload.ts b/web_src/js/features/comp/EditorUpload.ts
index e572692cbfd..4cc031e5c81 100644
--- a/web_src/js/features/comp/EditorUpload.ts
+++ b/web_src/js/features/comp/EditorUpload.ts
@@ -119,7 +119,7 @@ function handleClipboardText(textarea, e, {text, isShiftDown}) {
   const {value, selectionStart, selectionEnd} = textarea;
   const selectedText = value.substring(selectionStart, selectionEnd);
   const trimmedText = text.trim();
-  if (selectedText && isUrl(trimmedText)) {
+  if (selectedText && isUrl(trimmedText) && !isUrl(selectedText)) {
     e.preventDefault();
     replaceTextareaSelection(textarea, `[${selectedText}](${trimmedText})`);
   }
@@ -156,7 +156,7 @@ export function initEasyMDEPaste(easyMDE, dropzoneEl) {
   });
 }
 
-export function initTextareaUpload(textarea, dropzoneEl) {
+export function initTextareaEvents(textarea, dropzoneEl) {
   let isShiftDown = false;
   textarea.addEventListener('keydown', (e) => {
     if (e.shiftKey) isShiftDown = true;
@@ -166,7 +166,7 @@ export function initTextareaUpload(textarea, dropzoneEl) {
   });
   textarea.addEventListener('paste', (e) => {
     const {images, text} = getPastedContent(e);
-    if (images.length) {
+    if (images.length && dropzoneEl) {
       handleUploadFiles(new TextareaEditor(textarea), dropzoneEl, images, e);
     } else if (text) {
       handleClipboardText(textarea, e, {text, isShiftDown});
@@ -176,7 +176,7 @@ export function initTextareaUpload(textarea, dropzoneEl) {
     if (!e.dataTransfer.files.length) return;
     handleUploadFiles(new TextareaEditor(textarea), dropzoneEl, e.dataTransfer.files, e);
   });
-  dropzoneEl.dropzone.on(DropzoneCustomEventRemovedFile, ({fileUuid}) => {
+  dropzoneEl?.dropzone.on(DropzoneCustomEventRemovedFile, ({fileUuid}) => {
     const newText = removeAttachmentLinksFromMarkdown(textarea.value, fileUuid);
     if (textarea.value !== newText) textarea.value = newText;
   });

From 661a1e10f7abd3527d2abc027dec936022db9379 Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Mon, 2 Sep 2024 01:55:05 +0900
Subject: [PATCH 040/129] Fix sort order for organization home and user profile
 page (#31921)

Fix #31916

In #30876, `sortOrder` has been changed into a map, but it is only
implemented in explore.
~~But it seems that size sort order has no effect from long long ago,~~
not directly caused by the PR above.

I think it is still caused by #29231.
In #29231, it merged the sort orders from
`templates/explore/repo_search.tmpl` and
`templates/admin/repo/search.tmpl`.
In `templates/admin/repo/search.tmpl`, it contains size sort orders, but
not in `templates/explore/repo_search.tmpl`, which is used in non-admin
pages.
So `order by size` is added from #29231, but the handler was not added.

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
---
 routers/web/org/home.go     | 30 +++++-------------------------
 routers/web/user/profile.go | 30 +++++-------------------------
 2 files changed, 10 insertions(+), 50 deletions(-)

diff --git a/routers/web/org/home.go b/routers/web/org/home.go
index 366a7b20de4..069bd549c1a 100644
--- a/routers/web/org/home.go
+++ b/routers/web/org/home.go
@@ -55,32 +55,12 @@ func home(ctx *context.Context, viewRepositories bool) {
 	ctx.Data["Title"] = org.DisplayName()
 
 	var orderBy db.SearchOrderBy
-	ctx.Data["SortType"] = ctx.FormString("sort")
-	switch ctx.FormString("sort") {
-	case "newest":
-		orderBy = db.SearchOrderByNewest
-	case "oldest":
-		orderBy = db.SearchOrderByOldest
-	case "recentupdate":
-		orderBy = db.SearchOrderByRecentUpdated
-	case "leastupdate":
-		orderBy = db.SearchOrderByLeastUpdated
-	case "reversealphabetically":
-		orderBy = db.SearchOrderByAlphabeticallyReverse
-	case "alphabetically":
-		orderBy = db.SearchOrderByAlphabetically
-	case "moststars":
-		orderBy = db.SearchOrderByStarsReverse
-	case "feweststars":
-		orderBy = db.SearchOrderByStars
-	case "mostforks":
-		orderBy = db.SearchOrderByForksReverse
-	case "fewestforks":
-		orderBy = db.SearchOrderByForks
-	default:
-		ctx.Data["SortType"] = "recentupdate"
-		orderBy = db.SearchOrderByRecentUpdated
+	sortOrder := ctx.FormString("sort")
+	if _, ok := repo_model.OrderByFlatMap[sortOrder]; !ok {
+		sortOrder = setting.UI.ExploreDefaultSort // TODO: add new default sort order for org home?
 	}
+	ctx.Data["SortType"] = sortOrder
+	orderBy = repo_model.OrderByFlatMap[sortOrder]
 
 	keyword := ctx.FormTrim("q")
 	ctx.Data["Keyword"] = keyword
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index 3f91233ee6e..39c6d230796 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -110,32 +110,12 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDb
 		orderBy db.SearchOrderBy
 	)
 
-	ctx.Data["SortType"] = ctx.FormString("sort")
-	switch ctx.FormString("sort") {
-	case "newest":
-		orderBy = db.SearchOrderByNewest
-	case "oldest":
-		orderBy = db.SearchOrderByOldest
-	case "recentupdate":
-		orderBy = db.SearchOrderByRecentUpdated
-	case "leastupdate":
-		orderBy = db.SearchOrderByLeastUpdated
-	case "reversealphabetically":
-		orderBy = db.SearchOrderByAlphabeticallyReverse
-	case "alphabetically":
-		orderBy = db.SearchOrderByAlphabetically
-	case "moststars":
-		orderBy = db.SearchOrderByStarsReverse
-	case "feweststars":
-		orderBy = db.SearchOrderByStars
-	case "mostforks":
-		orderBy = db.SearchOrderByForksReverse
-	case "fewestforks":
-		orderBy = db.SearchOrderByForks
-	default:
-		ctx.Data["SortType"] = "recentupdate"
-		orderBy = db.SearchOrderByRecentUpdated
+	sortOrder := ctx.FormString("sort")
+	if _, ok := repo_model.OrderByFlatMap[sortOrder]; !ok {
+		sortOrder = setting.UI.ExploreDefaultSort // TODO: add new default sort order for org home?
 	}
+	ctx.Data["SortType"] = sortOrder
+	orderBy = repo_model.OrderByFlatMap[sortOrder]
 
 	keyword := ctx.FormTrim("q")
 	ctx.Data["Keyword"] = keyword

From eba6bfbe150d88a04e71521e2a0b4b804da159ff Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Mon, 2 Sep 2024 03:08:27 +0900
Subject: [PATCH 041/129] Fix 500 error when `state` params is set when editing
 issue/PR by API (#31880)

A quick fix for #31871
---
 routers/api/v1/repo/issue.go | 24 +++++++++++++++++++-----
 routers/api/v1/repo/pull.go  | 24 +++++++++++++++++++-----
 services/issue/status.go     |  3 +++
 3 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index 108504ebb40..c53eb071905 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -891,13 +891,27 @@ func EditIssue(ctx *context.APIContext) {
 				return
 			}
 		}
-		if err := issue_service.ChangeStatus(ctx, issue, ctx.Doer, "", api.StateClosed == api.StateType(*form.State)); err != nil {
-			if issues_model.IsErrDependenciesLeft(err) {
-				ctx.Error(http.StatusPreconditionFailed, "DependenciesLeft", "cannot close this issue because it still has open dependencies")
+
+		var isClosed bool
+		switch state := api.StateType(*form.State); state {
+		case api.StateOpen:
+			isClosed = false
+		case api.StateClosed:
+			isClosed = true
+		default:
+			ctx.Error(http.StatusPreconditionFailed, "UnknownIssueStateError", fmt.Sprintf("unknown state: %s", state))
+			return
+		}
+
+		if issue.IsClosed != isClosed {
+			if err := issue_service.ChangeStatus(ctx, issue, ctx.Doer, "", isClosed); err != nil {
+				if issues_model.IsErrDependenciesLeft(err) {
+					ctx.Error(http.StatusPreconditionFailed, "DependenciesLeft", "cannot close this issue because it still has open dependencies")
+					return
+				}
+				ctx.Error(http.StatusInternalServerError, "ChangeStatus", err)
 				return
 			}
-			ctx.Error(http.StatusInternalServerError, "ChangeStatus", err)
-			return
 		}
 	}
 
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 148b6ed637f..de67057fddc 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -716,13 +716,27 @@ func EditPullRequest(ctx *context.APIContext) {
 			ctx.Error(http.StatusPreconditionFailed, "MergedPRState", "cannot change state of this pull request, it was already merged")
 			return
 		}
-		if err := issue_service.ChangeStatus(ctx, issue, ctx.Doer, "", api.StateClosed == api.StateType(*form.State)); err != nil {
-			if issues_model.IsErrDependenciesLeft(err) {
-				ctx.Error(http.StatusPreconditionFailed, "DependenciesLeft", "cannot close this pull request because it still has open dependencies")
+
+		var isClosed bool
+		switch state := api.StateType(*form.State); state {
+		case api.StateOpen:
+			isClosed = false
+		case api.StateClosed:
+			isClosed = true
+		default:
+			ctx.Error(http.StatusPreconditionFailed, "UnknownPRStateError", fmt.Sprintf("unknown state: %s", state))
+			return
+		}
+
+		if issue.IsClosed != isClosed {
+			if err := issue_service.ChangeStatus(ctx, issue, ctx.Doer, "", isClosed); err != nil {
+				if issues_model.IsErrDependenciesLeft(err) {
+					ctx.Error(http.StatusPreconditionFailed, "DependenciesLeft", "cannot close this pull request because it still has open dependencies")
+					return
+				}
+				ctx.Error(http.StatusInternalServerError, "ChangeStatus", err)
 				return
 			}
-			ctx.Error(http.StatusInternalServerError, "ChangeStatus", err)
-			return
 		}
 	}
 
diff --git a/services/issue/status.go b/services/issue/status.go
index 9b6c683f4f9..967c29bd222 100644
--- a/services/issue/status.go
+++ b/services/issue/status.go
@@ -13,6 +13,9 @@ import (
 )
 
 // ChangeStatus changes issue status to open or closed.
+// closed means the target status
+// Fix me: you should check whether the current issue status is same to the target status before call this function
+// as in function changeIssueStatus we will return WasClosedError, even the issue status and target status are both open
 func ChangeStatus(ctx context.Context, issue *issues_model.Issue, doer *user_model.User, commitID string, closed bool) error {
 	comment, err := issues_model.ChangeIssueStatus(ctx, issue, doer, closed)
 	if err != nil {

From c0db47bf9b6eb59d822ad21b7dd8b1d6acd8ad8e Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Sun, 1 Sep 2024 20:25:02 +0200
Subject: [PATCH 042/129] nix wording nit in todo code comment

---
 routers/web/user/profile.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index 39c6d230796..5748ce45ab3 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -112,7 +112,7 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDb
 
 	sortOrder := ctx.FormString("sort")
 	if _, ok := repo_model.OrderByFlatMap[sortOrder]; !ok {
-		sortOrder = setting.UI.ExploreDefaultSort // TODO: add new default sort order for org home?
+		sortOrder = setting.UI.ExploreDefaultSort // TODO: add new default sort order for user home?
 	}
 	ctx.Data["SortType"] = sortOrder
 	orderBy = repo_model.OrderByFlatMap[sortOrder]

From 052a8fe6cc6a49c4ac7f19463ce3e543fefe8274 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Mon, 2 Sep 2024 00:30:20 +0000
Subject: [PATCH 043/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_fr-FR.ini | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 6628b7d4556..a4a6a8f7c16 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -625,6 +625,7 @@ org_still_own_repo=Cette organisation possède encore un ou plusieurs dépôts.
 org_still_own_packages=Cette organisation possède encore un ou plusieurs paquets. Vous devez d’abord les supprimer.
 
 target_branch_not_exist=La branche cible n'existe pas.
+target_ref_not_exist=La réf cible %s n’existe pas
 
 admin_cannot_delete_self=Vous ne pouvez pas vous supprimer vous-même lorsque vous êtes admin. Veuillez d’abord supprimer vos privilèges d’administrateur.
 
@@ -1259,6 +1260,7 @@ commit_graph.color=Couleur
 commit.contained_in=Cette révision appartient à :
 commit.contained_in_default_branch=Cette révision appartient à la branche par défaut
 commit.load_referencing_branches_and_tags=Charger les branches et étiquettes référençant cette révision
+commit.load_tags_failed=Le chargement des étiquettes a échoué à cause d’une erreur interne
 blame=Annotations
 download_file=Télécharger le fichier
 normal_view=Vue normale
@@ -3645,6 +3647,11 @@ workflow.disable_success=Le flux de travail « %s » a bien été désactivé.
 workflow.enable=Activer le flux de travail
 workflow.enable_success=Le flux de travail « %s » a bien été activé.
 workflow.disabled=Le flux de travail est désactivé.
+workflow.run=Exécuter le flux de travail
+workflow.not_found=Flux de travail « %s » introuvable.
+workflow.run_success=Le flux de travail « %s » s’est correctement exécuté.
+workflow.from_ref=Utiliser le flux de travail depuis
+workflow.has_workflow_dispatch=Ce flux de travail a un déclencheur d’événement workflow_dispatch.
 
 need_approval_desc=Besoin d’approbation pour exécuter des flux de travail pour une demande d’ajout de bifurcation.
 

From ac344497473f92c9a04f7863374dbb14e3c09d4e Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 2 Sep 2024 15:38:27 +0800
Subject: [PATCH 044/129] Prevent update pull refs manually and will not affect
 other refs update (#31931)

All refs under `refs/pull` should only be changed from Gitea inside but
not by pushing from outside of Gitea.
This PR will prevent the pull refs update but allow other refs to be
updated on the same pushing with `--mirror` operations.

The main changes are to add checks on `update` hook but not
`pre-receive` because `update` will be invoked by every ref but
`pre-receive` will revert all changes once one ref update fails.
---
 cmd/hook.go                        | 14 ++++++++++++++
 tests/integration/git_push_test.go | 22 ++++++++++++++++++++++
 tests/test_utils.go                |  1 +
 3 files changed, 37 insertions(+)

diff --git a/cmd/hook.go b/cmd/hook.go
index 6e31710caff..e8a8b1f4ad2 100644
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -290,8 +290,22 @@ Gitea or set your environment appropriately.`, "")
 	return nil
 }
 
+// runHookUpdate avoid to do heavy operations on update hook because it will be
+// invoked for every ref update which does not like pre-receive and post-receive
 func runHookUpdate(c *cli.Context) error {
+	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
+		return nil
+	}
+
 	// Update is empty and is kept only for backwards compatibility
+	if len(os.Args) < 3 {
+		return nil
+	}
+	refName := git.RefName(os.Args[len(os.Args)-3])
+	if refName.IsPull() {
+		// ignore update to refs/pull/xxx/head, so we don't need to output any information
+		os.Exit(1)
+	}
 	return nil
 }
 
diff --git a/tests/integration/git_push_test.go b/tests/integration/git_push_test.go
index da254fc88f6..dc0b52203a9 100644
--- a/tests/integration/git_push_test.go
+++ b/tests/integration/git_push_test.go
@@ -6,8 +6,10 @@ package integration
 import (
 	"fmt"
 	"net/url"
+	"strings"
 	"testing"
 
+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/unittest"
@@ -192,3 +194,23 @@ func runTestGitPush(t *testing.T, u *url.URL, gitOperation func(t *testing.T, gi
 
 	require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
 }
+
+func TestPushPullRefs(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		baseAPITestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+
+		u.Path = baseAPITestContext.GitPath()
+		u.User = url.UserPassword("user2", userPassword)
+
+		dstPath := t.TempDir()
+		doGitClone(dstPath, u)(t)
+
+		cmd := git.NewCommand(git.DefaultContext, "push", "--delete", "origin", "refs/pull/2/head")
+		stdout, stderr, err := cmd.RunStdString(&git.RunOpts{
+			Dir: dstPath,
+		})
+		assert.Error(t, err)
+		assert.Empty(t, stdout)
+		assert.False(t, strings.Contains(stderr, "[deleted]"), "stderr: %s", stderr)
+	})
+}
diff --git a/tests/test_utils.go b/tests/test_utils.go
index 66a287ecad2..6f9592b2041 100644
--- a/tests/test_utils.go
+++ b/tests/test_utils.go
@@ -223,6 +223,7 @@ func PrepareTestEnv(t testing.TB, skip ...int) func() {
 			_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "objects", "info"), 0o755)
 			_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "heads"), 0o755)
 			_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "tag"), 0o755)
+			_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "pull"), 0o755)
 		}
 	}
 

From 83f37f630246e381eefd650fc2d4b1f3976ea882 Mon Sep 17 00:00:00 2001
From: Denys Konovalov <kontakt@denyskon.de>
Date: Mon, 2 Sep 2024 20:36:24 +0200
Subject: [PATCH 045/129] Remove urls from translations (#31950)

Part of #27700

Removes all URLs from translation strings to easy up changing them in
the future and to exclude people injecting malicious URLs through
translations. First measure as long as #24402 is out of scope.
---
 options/locale/locale_en-US.ini               | 48 +++++++++----------
 routers/web/admin/hooks.go                    |  4 +-
 routers/web/admin/users.go                    |  4 +-
 routers/web/auth/auth.go                      |  2 +-
 routers/web/auth/password.go                  |  4 +-
 routers/web/user/setting/account.go           |  2 +-
 templates/admin/auth/new.tmpl                 | 20 ++++----
 templates/admin/dashboard.tmpl                |  2 +-
 templates/home.tmpl                           |  6 +--
 templates/repo/settings/protected_branch.tmpl |  6 +--
 templates/repo/settings/tags.tmpl             |  2 +-
 templates/repo/settings/webhook/settings.tmpl |  2 +-
 templates/status/500.tmpl                     |  2 +-
 .../user/settings/security/webauthn.tmpl      |  2 +-
 14 files changed, 53 insertions(+), 53 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 042fd549a0b..a79a487392c 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -218,7 +218,7 @@ string.desc = Z - A
 
 [error]
 occurred = An error occurred
-report_message = If you believe that this is a Gitea bug, please search for issues on <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> or open a new issue if necessary.
+report_message = If you believe that this is a Gitea bug, please search for issues on <a href="%s" target="_blank">GitHub</a> or open a new issue if necessary.
 missing_csrf = Bad Request: no CSRF token present
 invalid_csrf = Bad Request: invalid CSRF token
 not_found = The target couldn't be found.
@@ -227,13 +227,13 @@ network_error = Network error
 [startpage]
 app_desc = A painless, self-hosted Git service
 install = Easy to install
-install_desc = Simply <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">run the binary</a> for your platform, ship it with <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, or get it <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">packaged</a>.
+install_desc = Simply <a target="_blank" rel="noopener noreferrer" href="%[1]s">run the binary</a> for your platform, ship it with <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>, or get it <a target="_blank" rel="noopener noreferrer" href="%[3]s">packaged</a>.
 platform = Cross-platform
-platform_desc = Gitea runs anywhere <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> can compile for: Windows, macOS, Linux, ARM, etc. Choose the one you love!
+platform_desc = Gitea runs anywhere <a target="_blank" rel="noopener noreferrer" href="%s">Go</a> can compile for: Windows, macOS, Linux, ARM, etc. Choose the one you love!
 lightweight = Lightweight
 lightweight_desc = Gitea has low minimal requirements and can run on an inexpensive Raspberry Pi. Save your machine energy!
 license = Open Source
-license_desc = Go get <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Join us by <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">contributing</a> to make this project even better. Don't be shy to be a contributor!
+license_desc = Go get <a target="_blank" rel="noopener noreferrer" href="%[1]s">%[2]s</a>! Join us by <a target="_blank" rel="noopener noreferrer" href="%[3]s">contributing</a> to make this project even better. Don't be shy to be a contributor!
 
 [install]
 install = Installation
@@ -456,7 +456,7 @@ authorize_title = Authorize "%s" to access your account?
 authorization_failed = Authorization failed
 authorization_failed_desc = The authorization failed because we detected an invalid request. Please contact the maintainer of the app you have tried to authorize.
 sspi_auth_failed = SSPI authentication failed
-password_pwned = The password you chose is on a <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">list of stolen passwords</a> previously exposed in public data breaches. Please try again with a different password and consider changing this password elsewhere too.
+password_pwned = The password you chose is on a <a target="_blank" rel="noopener noreferrer" href="%s">list of stolen passwords</a> previously exposed in public data breaches. Please try again with a different password and consider changing this password elsewhere too.
 password_pwned_err = Could not complete request to HaveIBeenPwned
 last_admin = You cannot remove the last admin. There must be at least one admin.
 signin_passkey = Sign in with a passkey
@@ -954,7 +954,7 @@ passcode_invalid = The passcode is incorrect. Try again.
 twofa_enrolled = Your account has been successfully enrolled. Store your single-use recovery key (%s) in a safe place, as it will not be shown again.
 twofa_failed_get_secret = Failed to get secret.
 
-webauthn_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standard.
+webauthn_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a> standard.
 webauthn_register_key = Add Security Key
 webauthn_nickname = Nickname
 webauthn_delete_key = Remove Security Key
@@ -2325,7 +2325,7 @@ settings.event_pull_request_merge = Pull Request Merge
 settings.event_package = Package
 settings.event_package_desc = Package created or deleted in a repository.
 settings.branch_filter = Branch filter
-settings.branch_filter_desc = Branch whitelist for push, branch creation and branch deletion events, specified as glob pattern. If empty or <code>*</code>, events for all branches are reported. See <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> documentation for syntax. Examples: <code>master</code>, <code>{master,release*}</code>.
+settings.branch_filter_desc = Branch whitelist for push, branch creation and branch deletion events, specified as glob pattern. If empty or <code>*</code>, events for all branches are reported. See <a href="%[1]s">%[2]s</a> documentation for syntax. Examples: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header = Authorization Header
 settings.authorization_header_desc = Will be included as authorization header for requests when present. Examples: %s.
 settings.active = Active
@@ -2425,12 +2425,12 @@ settings.ignore_stale_approvals_desc = Do not count approvals that were made on
 settings.require_signed_commits = Require Signed Commits
 settings.require_signed_commits_desc = Reject pushes to this branch if they are unsigned or unverifiable.
 settings.protect_branch_name_pattern = Protected Branch Name Pattern
-settings.protect_branch_name_pattern_desc = "Protected branch name patterns. See <a href="https://github.com/gobwas/glob">the documentation</a> for pattern syntax. Examples: main, release/**"
+settings.protect_branch_name_pattern_desc = "Protected branch name patterns. See <a href="%s">the documentation</a> for pattern syntax. Examples: main, release/**"
 settings.protect_patterns = Patterns
 settings.protect_protected_file_patterns = "Protected file patterns (separated using semicolon ';'):"
-settings.protect_protected_file_patterns_desc = "Protected files are not allowed to be changed directly even if user has rights to add, edit, or delete files in this branch. Multiple patterns can be separated using semicolon (';'). See <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> documentation for pattern syntax. Examples: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>."
+settings.protect_protected_file_patterns_desc = "Protected files are not allowed to be changed directly even if user has rights to add, edit, or delete files in this branch. Multiple patterns can be separated using semicolon (';'). See <a href='%[1]s'>%[2]s</a> documentation for pattern syntax. Examples: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>."
 settings.protect_unprotected_file_patterns = "Unprotected file patterns (separated using semicolon ';'):"
-settings.protect_unprotected_file_patterns_desc = "Unprotected files that are allowed to be changed directly if user has write access, bypassing push restriction. Multiple patterns can be separated using semicolon (';'). See <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> documentation for pattern syntax. Examples: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>."
+settings.protect_unprotected_file_patterns_desc = "Unprotected files that are allowed to be changed directly if user has write access, bypassing push restriction. Multiple patterns can be separated using semicolon (';'). See <a href='%[1]s'>%[2]s</a> documentation for pattern syntax. Examples: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>."
 settings.add_protected_branch = Enable protection
 settings.delete_protected_branch = Disable protection
 settings.update_protect_branch_success = Branch protection for rule "%s" has been updated.
@@ -2462,7 +2462,7 @@ settings.tags.protection.allowed.teams = Allowed teams
 settings.tags.protection.allowed.noone = No One
 settings.tags.protection.create = Protect Tag
 settings.tags.protection.none = There are no protected tags.
-settings.tags.protection.pattern.description = You can use a single name or a glob pattern or regular expression to match multiple tags. Read more in the <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">protected tags guide</a>.
+settings.tags.protection.pattern.description = You can use a single name or a glob pattern or regular expression to match multiple tags. Read more in the <a target="_blank" rel="noopener" href="%s">protected tags guide</a>.
 settings.bot_token = Bot Token
 settings.chat_id = Chat ID
 settings.thread_id = Thread ID
@@ -2844,7 +2844,7 @@ last_page = Last
 total = Total: %d
 settings = Admin Settings
 
-dashboard.new_version_hint = Gitea %s is now available, you are running %s. Check <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">the blog</a> for more details.
+dashboard.new_version_hint = Gitea %s is now available, you are running %s. Check <a target="_blank" rel="noreferrer" href="%s">the blog</a> for more details.
 dashboard.statistic = Summary
 dashboard.maintenance_operations = Maintenance Operations
 dashboard.system_status = System Status
@@ -3036,12 +3036,12 @@ packages.size = Size
 packages.published = Published
 
 defaulthooks = Default Webhooks
-defaulthooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here are defaults and will be copied into all new repositories. Read more in the <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">webhooks guide</a>.
+defaulthooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here are defaults and will be copied into all new repositories. Read more in the <a target="_blank" rel="noopener" href="%s">webhooks guide</a>.
 defaulthooks.add_webhook = Add Default Webhook
 defaulthooks.update_webhook = Update Default Webhook
 
 systemhooks = System Webhooks
-systemhooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here will act on all repositories on the system, so please consider any performance implications this may have. Read more in the <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">webhooks guide</a>.
+systemhooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here will act on all repositories on the system, so please consider any performance implications this may have. Read more in the <a target="_blank" rel="noopener" href="%s">webhooks guide</a>.
 systemhooks.add_webhook = Add System Webhook
 systemhooks.update_webhook = Update System Webhook
 
@@ -3136,18 +3136,18 @@ auths.tips = Tips
 auths.tips.oauth2.general = OAuth2 Authentication
 auths.tips.oauth2.general.tip = When registering a new OAuth2 authentication, the callback/redirect URL should be:
 auths.tip.oauth2_provider = OAuth2 Provider
-auths.tip.bitbucket = Register a new OAuth consumer on https://bitbucket.org/account/user/{your-username}/oauth-consumers/new and add the permission 'Account' - 'Read'
+auths.tip.bitbucket = Register a new OAuth consumer on %s and add the permission 'Account' - 'Read'
 auths.tip.nextcloud = Register a new OAuth consumer on your instance using the following menu "Settings -> Security -> OAuth 2.0 client"
-auths.tip.dropbox = Create a new application at https://www.dropbox.com/developers/apps
-auths.tip.facebook = Register a new application at https://developers.facebook.com/apps and add the product "Facebook Login"
-auths.tip.github = Register a new OAuth application on https://github.com/settings/applications/new
-auths.tip.gitlab_new = Register a new application on https://gitlab.com/-/profile/applications
-auths.tip.google_plus = Obtain OAuth2 client credentials from the Google API console at https://console.developers.google.com/
+auths.tip.dropbox = Create a new application at %s
+auths.tip.facebook = Register a new application at %s and add the product "Facebook Login"
+auths.tip.github = Register a new OAuth application on %s
+auths.tip.gitlab_new = Register a new application on %s
+auths.tip.google_plus = Obtain OAuth2 client credentials from the Google API console at %s
 auths.tip.openid_connect = Use the OpenID Connect Discovery URL "https://{server}/.well-known/openid-configuration" to specify the endpoints
-auths.tip.twitter = Go to https://dev.twitter.com/apps, create an application and ensure that the “Allow this application to be used to Sign in with Twitter” option is enabled
-auths.tip.discord = Register a new application on https://discordapp.com/developers/applications/me
-auths.tip.gitea = Register a new OAuth2 application. Guide can be found at https://docs.gitea.com/development/oauth2-provider
-auths.tip.yandex = Create a new application at https://oauth.yandex.com/client/new. Select following permissions from the "Yandex.Passport API" section: "Access to email address", "Access to user avatar" and "Access to username, first name and surname, gender"
+auths.tip.twitter = Go to %s, create an application and ensure that the “Allow this application to be used to Sign in with Twitter” option is enabled
+auths.tip.discord = Register a new application on %s
+auths.tip.gitea = Register a new OAuth2 application. Guide can be found at %s
+auths.tip.yandex = Create a new application at %s. Select following permissions from the "Yandex.Passport API" section: "Access to email address", "Access to user avatar" and "Access to username, first name and surname, gender"
 auths.tip.mastodon = Input a custom instance URL for the mastodon instance you want to authenticate with (or use the default one)
 auths.edit = Edit Authentication Source
 auths.activated = This Authentication Source is Activated
diff --git a/routers/web/admin/hooks.go b/routers/web/admin/hooks.go
index 8d59fbb858e..e40580b6e77 100644
--- a/routers/web/admin/hooks.go
+++ b/routers/web/admin/hooks.go
@@ -34,7 +34,7 @@ func DefaultOrSystemWebhooks(ctx *context.Context) {
 	}
 
 	sys["Title"] = ctx.Tr("admin.systemhooks")
-	sys["Description"] = ctx.Tr("admin.systemhooks.desc")
+	sys["Description"] = ctx.Tr("admin.systemhooks.desc", "https://docs.gitea.com/usage/webhooks")
 	sys["Webhooks"], err = webhook.GetSystemWebhooks(ctx, optional.None[bool]())
 	sys["BaseLink"] = setting.AppSubURL + "/admin/hooks"
 	sys["BaseLinkNew"] = setting.AppSubURL + "/admin/system-hooks"
@@ -44,7 +44,7 @@ func DefaultOrSystemWebhooks(ctx *context.Context) {
 	}
 
 	def["Title"] = ctx.Tr("admin.defaulthooks")
-	def["Description"] = ctx.Tr("admin.defaulthooks.desc")
+	def["Description"] = ctx.Tr("admin.defaulthooks.desc", "https://docs.gitea.com/usage/webhooks")
 	def["Webhooks"], err = webhook.GetDefaultWebhooks(ctx)
 	def["BaseLink"] = setting.AppSubURL + "/admin/hooks"
 	def["BaseLinkNew"] = setting.AppSubURL + "/admin/default-hooks"
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 623b39b4efc..34bb1dfe26d 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -166,7 +166,7 @@ func NewUserPost(ctx *context.Context) {
 		}
 		if err := password.IsPwned(ctx, form.Password); err != nil {
 			ctx.Data["Err_Password"] = true
-			errMsg := ctx.Tr("auth.password_pwned")
+			errMsg := ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords")
 			if password.IsErrIsPwnedRequest(err) {
 				log.Error(err.Error())
 				errMsg = ctx.Tr("auth.password_pwned_err")
@@ -401,7 +401,7 @@ func EditUserPost(ctx *context.Context) {
 			ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplUserEdit, &form)
 		case errors.Is(err, password.ErrIsPwned):
 			ctx.Data["Err_Password"] = true
-			ctx.RenderWithErr(ctx.Tr("auth.password_pwned"), tplUserEdit, &form)
+			ctx.RenderWithErr(ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords"), tplUserEdit, &form)
 		case password.IsErrIsPwnedRequest(err):
 			ctx.Data["Err_Password"] = true
 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned_err"), tplUserEdit, &form)
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index 15a80bc1046..f295cf039f6 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -504,7 +504,7 @@ func SignUpPost(ctx *context.Context) {
 		return
 	}
 	if err := password.IsPwned(ctx, form.Password); err != nil {
-		errMsg := ctx.Tr("auth.password_pwned")
+		errMsg := ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords")
 		if password.IsErrIsPwnedRequest(err) {
 			log.Error(err.Error())
 			errMsg = ctx.Tr("auth.password_pwned_err")
diff --git a/routers/web/auth/password.go b/routers/web/auth/password.go
index 0e88fe68f92..334d864c6a7 100644
--- a/routers/web/auth/password.go
+++ b/routers/web/auth/password.go
@@ -212,7 +212,7 @@ func ResetPasswdPost(ctx *context.Context) {
 		case errors.Is(err, password.ErrComplexity):
 			ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplResetPassword, nil)
 		case errors.Is(err, password.ErrIsPwned):
-			ctx.RenderWithErr(ctx.Tr("auth.password_pwned"), tplResetPassword, nil)
+			ctx.RenderWithErr(ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords"), tplResetPassword, nil)
 		case password.IsErrIsPwnedRequest(err):
 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned_err"), tplResetPassword, nil)
 		default:
@@ -295,7 +295,7 @@ func MustChangePasswordPost(ctx *context.Context) {
 			ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplMustChangePassword, &form)
 		case errors.Is(err, password.ErrIsPwned):
 			ctx.Data["Err_Password"] = true
-			ctx.RenderWithErr(ctx.Tr("auth.password_pwned"), tplMustChangePassword, &form)
+			ctx.RenderWithErr(ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords"), tplMustChangePassword, &form)
 		case password.IsErrIsPwnedRequest(err):
 			ctx.Data["Err_Password"] = true
 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned_err"), tplMustChangePassword, &form)
diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go
index 563f39f0c8a..7f2dece4169 100644
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@@ -85,7 +85,7 @@ func AccountPost(ctx *context.Context) {
 			case errors.Is(err, password.ErrComplexity):
 				ctx.Flash.Error(password.BuildComplexityError(ctx.Locale))
 			case errors.Is(err, password.ErrIsPwned):
-				ctx.Flash.Error(ctx.Tr("auth.password_pwned"))
+				ctx.Flash.Error(ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords"))
 			case password.IsErrIsPwnedRequest(err):
 				ctx.Flash.Error(ctx.Tr("auth.password_pwned_err"))
 			default:
diff --git a/templates/admin/auth/new.tmpl b/templates/admin/auth/new.tmpl
index e3985cb227f..be4995c7846 100644
--- a/templates/admin/auth/new.tmpl
+++ b/templates/admin/auth/new.tmpl
@@ -91,29 +91,29 @@
 			<h5 class="ui top attached header">{{ctx.Locale.Tr "admin.auths.tip.oauth2_provider"}}</h5>
 			<div class="ui attached segment">
 				<li>Bitbucket</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.bitbucket"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.bitbucket" "https://bitbucket.org/account/user/{your-username}/oauth-consumers/new"}}</span>
 				<li>Dropbox</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.dropbox"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.dropbox" "https://www.dropbox.com/developers/apps"}}</span>
 				<li>Facebook</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.facebook"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.facebook" "https://developers.facebook.com/apps"}}</span>
 				<li>GitHub</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.github"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.github" "https://github.com/settings/applications/new"}}</span>
 				<li>GitLab</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.gitlab_new"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.gitlab_new" "https://gitlab.com/-/profile/applications"}}</span>
 				<li>Google</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.google_plus"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.google_plus" "https://console.developers.google.com/"}}</span>
 				<li>OpenID Connect</li>
 				<span>{{ctx.Locale.Tr "admin.auths.tip.openid_connect"}}</span>
 				<li>Twitter</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.twitter"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.twitter" "https://dev.twitter.com/apps"}}</span>
 				<li>Discord</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.discord"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.discord" "https://discordapp.com/developers/applications/me"}}</span>
 				<li>Gitea</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.gitea"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.gitea" "https://docs.gitea.com/development/oauth2-provider"}}</span>
 				<li>Nextcloud</li>
 				<span>{{ctx.Locale.Tr "admin.auths.tip.nextcloud"}}</span>
 				<li>Yandex</li>
-				<span>{{ctx.Locale.Tr "admin.auths.tip.yandex"}}</span>
+				<span>{{ctx.Locale.Tr "admin.auths.tip.yandex" "https://oauth.yandex.com/client/new"}}</span>
 				<li>Mastodon</li>
 				<span>{{ctx.Locale.Tr "admin.auths.tip.mastodon"}}</span>
 			</div>
diff --git a/templates/admin/dashboard.tmpl b/templates/admin/dashboard.tmpl
index 2f9875f0d9a..b82922df0c7 100644
--- a/templates/admin/dashboard.tmpl
+++ b/templates/admin/dashboard.tmpl
@@ -2,7 +2,7 @@
 	<div class="admin-setting-content">
 		{{if .NeedUpdate}}
 			<div class="ui negative message flash-error">
-				<p>{{ctx.Locale.Tr "admin.dashboard.new_version_hint" .RemoteVersion AppVer}}</p>
+				<p>{{ctx.Locale.Tr "admin.dashboard.new_version_hint" .RemoteVersion AppVer "https://blog.gitea.com"}}</p>
 			</div>
 		{{end}}
 		<h4 class="ui top attached header">
diff --git a/templates/home.tmpl b/templates/home.tmpl
index e6fd4ef020d..116dc487dc3 100644
--- a/templates/home.tmpl
+++ b/templates/home.tmpl
@@ -17,7 +17,7 @@
 				{{svg "octicon-flame"}} {{ctx.Locale.Tr "startpage.install"}}
 			</h1>
 			<p class="large">
-				{{ctx.Locale.Tr "startpage.install_desc"}}
+				{{ctx.Locale.Tr "startpage.install_desc" "https://docs.gitea.com/installation/install-from-binary" "https://github.com/go-gitea/gitea/tree/master/docker" "https://docs.gitea.com/installation/install-from-package"}}
 			</p>
 		</div>
 		<div class="eight wide center column">
@@ -25,7 +25,7 @@
 				{{svg "octicon-device-desktop"}} {{ctx.Locale.Tr "startpage.platform"}}
 			</h1>
 			<p class="large">
-				{{ctx.Locale.Tr "startpage.platform_desc"}}
+				{{ctx.Locale.Tr "startpage.platform_desc" "https://go.dev/"}}
 			</p>
 		</div>
 	</div>
@@ -43,7 +43,7 @@
 				{{svg "octicon-code"}} {{ctx.Locale.Tr "startpage.license"}}
 			</h1>
 			<p class="large">
-				{{ctx.Locale.Tr "startpage.license_desc"}}
+				{{ctx.Locale.Tr "startpage.license_desc" "https://code.gitea.io/gitea" "code.gitea.io/gitea" "https://github.com/go-gitea/gitea"}}
 			</p>
 		</div>
 	</div>
diff --git a/templates/repo/settings/protected_branch.tmpl b/templates/repo/settings/protected_branch.tmpl
index 364b5ccc558..6fab4a625a5 100644
--- a/templates/repo/settings/protected_branch.tmpl
+++ b/templates/repo/settings/protected_branch.tmpl
@@ -10,17 +10,17 @@
 					<label>{{ctx.Locale.Tr "repo.settings.protect_branch_name_pattern"}}</label>
 					<input name="rule_name" type="text" value="{{.Rule.RuleName}}">
 					<input name="rule_id" type="hidden" value="{{.Rule.ID}}">
-					<p class="help tw-ml-0">{{ctx.Locale.Tr "repo.settings.protect_branch_name_pattern_desc"}}</p>
+					<p class="help tw-ml-0">{{ctx.Locale.Tr "repo.settings.protect_branch_name_pattern_desc" "https://github.com/gobwas/glob"}}</p>
 				</div>
 				<div class="field">
 					<label>{{ctx.Locale.Tr "repo.settings.protect_protected_file_patterns"}}</label>
 					<input name="protected_file_patterns" type="text" value="{{.Rule.ProtectedFilePatterns}}">
-					<p class="help tw-ml-0">{{ctx.Locale.Tr "repo.settings.protect_protected_file_patterns_desc"}}</p>
+					<p class="help tw-ml-0">{{ctx.Locale.Tr "repo.settings.protect_protected_file_patterns_desc" "https://pkg.go.dev/github.com/gobwas/glob#Compile" "github.com/gobwas/glob"}}</p>
 				</div>
 				<div class="field">
 					<label>{{ctx.Locale.Tr "repo.settings.protect_unprotected_file_patterns"}}</label>
 					<input name="unprotected_file_patterns" type="text" value="{{.Rule.UnprotectedFilePatterns}}">
-					<p class="help tw-ml-0">{{ctx.Locale.Tr "repo.settings.protect_unprotected_file_patterns_desc"}}</p>
+					<p class="help tw-ml-0">{{ctx.Locale.Tr "repo.settings.protect_unprotected_file_patterns_desc" "https://pkg.go.dev/github.com/gobwas/glob#Compile" "github.com/gobwas/glob"}}</p>
 				</div>
 
 				{{.CsrfTokenHtml}}
diff --git a/templates/repo/settings/tags.tmpl b/templates/repo/settings/tags.tmpl
index c9efb7b67e9..27b0f519a82 100644
--- a/templates/repo/settings/tags.tmpl
+++ b/templates/repo/settings/tags.tmpl
@@ -21,7 +21,7 @@
 										<div class="ui input">
 											<input class="prompt" name="name_pattern" autocomplete="off" value="{{.name_pattern}}" placeholder="v*" autofocus required>
 										</div>
-										<div class="help">{{ctx.Locale.Tr "repo.settings.tags.protection.pattern.description"}}</div>
+										<div class="help">{{ctx.Locale.Tr "repo.settings.tags.protection.pattern.description" "https://docs.gitea.com/usage/protected-tags"}}</div>
 									</div>
 								</div>
 								<div class="whitelist field">
diff --git a/templates/repo/settings/webhook/settings.tmpl b/templates/repo/settings/webhook/settings.tmpl
index 6862ce5a2c9..cf3b0eb0530 100644
--- a/templates/repo/settings/webhook/settings.tmpl
+++ b/templates/repo/settings/webhook/settings.tmpl
@@ -255,7 +255,7 @@
 <div class="field">
 	<label for="branch_filter">{{ctx.Locale.Tr "repo.settings.branch_filter"}}</label>
 	<input id="branch_filter" name="branch_filter" type="text" value="{{or .Webhook.BranchFilter "*"}}">
-	<span class="help">{{ctx.Locale.Tr "repo.settings.branch_filter_desc"}}</span>
+	<span class="help">{{ctx.Locale.Tr "repo.settings.branch_filter_desc" "https://pkg.go.dev/github.com/gobwas/glob#Compile" "github.com/gobwas/glob"}}</span>
 </div>
 
 <!-- Authorization Header -->
diff --git a/templates/status/500.tmpl b/templates/status/500.tmpl
index 0e8d0f6593f..198f1ea8981 100644
--- a/templates/status/500.tmpl
+++ b/templates/status/500.tmpl
@@ -43,7 +43,7 @@
 					{{end}}
 					<div class="tw-mt-8 tw-text-center">
 						{{if or .SignedUser.IsAdmin .ShowFooterVersion}}<p>{{ctx.Locale.Tr "admin.config.app_ver"}}: {{AppVer}}</p>{{end}}
-						{{if .SignedUser.IsAdmin}}<p>{{ctx.Locale.Tr "error.report_message"}}</p>{{end}}
+						{{if .SignedUser.IsAdmin}}<p>{{ctx.Locale.Tr "error.report_message" "https://github.com/go-gitea/gitea/issues"}}</p>{{end}}
 					</div>
 				</div>
 			</div>
diff --git a/templates/user/settings/security/webauthn.tmpl b/templates/user/settings/security/webauthn.tmpl
index eceee191bd8..280ece9175b 100644
--- a/templates/user/settings/security/webauthn.tmpl
+++ b/templates/user/settings/security/webauthn.tmpl
@@ -1,6 +1,6 @@
 <h4 class="ui top attached header">{{ctx.Locale.Tr "settings.webauthn"}}</h4>
 <div class="ui attached segment">
-	<p>{{ctx.Locale.Tr "settings.webauthn_desc"}}</p>
+	<p>{{ctx.Locale.Tr "settings.webauthn_desc" "https://w3c.github.io/webauthn/#webauthn-authenticator"}}</p>
 	<p>{{ctx.Locale.Tr "settings.webauthn_key_loss_warning"}} {{ctx.Locale.Tr "settings.webauthn_alternative_tip"}}</p>
 	{{template "user/auth/webauthn_error" .}}
 	<div class="flex-list">

From 85b1f3080c74681b6fca45625687606490408172 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 3 Sep 2024 03:05:09 +0800
Subject: [PATCH 046/129] Improve get feed with pagination (#31821)

Fix #31752

@somera

---------

Co-authored-by: delvh <dev.lh@web.de>
---
 models/activities/action.go | 49 +++++++++++++++++++++++++++++--------
 1 file changed, 39 insertions(+), 10 deletions(-)

diff --git a/models/activities/action.go b/models/activities/action.go
index d23f2bd986f..532667d4957 100644
--- a/models/activities/action.go
+++ b/models/activities/action.go
@@ -450,17 +450,46 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 		return nil, 0, err
 	}
 
-	sess := db.GetEngine(ctx).Where(cond).
-		Select("`action`.*"). // this line will avoid select other joined table's columns
-		Join("INNER", "repository", "`repository`.id = `action`.repo_id")
-
-	opts.SetDefaultValues()
-	sess = db.SetSessionPagination(sess, &opts)
-
 	actions := make([]*Action, 0, opts.PageSize)
-	count, err := sess.Desc("`action`.created_unix").FindAndCount(&actions)
-	if err != nil {
-		return nil, 0, fmt.Errorf("FindAndCount: %w", err)
+	var count int64
+
+	if opts.Page < 10 { // TODO: why it's 10 but other values? It's an experience value.
+		sess := db.GetEngine(ctx).Where(cond).
+			Select("`action`.*"). // this line will avoid select other joined table's columns
+			Join("INNER", "repository", "`repository`.id = `action`.repo_id")
+
+		opts.SetDefaultValues()
+		sess = db.SetSessionPagination(sess, &opts)
+
+		count, err = sess.Desc("`action`.created_unix").FindAndCount(&actions)
+		if err != nil {
+			return nil, 0, fmt.Errorf("FindAndCount: %w", err)
+		}
+	} else {
+		// First, only query which IDs are necessary, and only then query all actions to speed up the overall query
+		sess := db.GetEngine(ctx).Where(cond).
+			Select("`action`.id").
+			Join("INNER", "repository", "`repository`.id = `action`.repo_id")
+
+		opts.SetDefaultValues()
+		sess = db.SetSessionPagination(sess, &opts)
+
+		actionIDs := make([]int64, 0, opts.PageSize)
+		if err := sess.Table("action").Desc("`action`.created_unix").Find(&actionIDs); err != nil {
+			return nil, 0, fmt.Errorf("Find(actionsIDs): %w", err)
+		}
+
+		count, err = db.GetEngine(ctx).Where(cond).
+			Table("action").
+			Cols("`action`.id").
+			Join("INNER", "repository", "`repository`.id = `action`.repo_id").Count()
+		if err != nil {
+			return nil, 0, fmt.Errorf("Count: %w", err)
+		}
+
+		if err := db.GetEngine(ctx).In("`action`.id", actionIDs).Desc("`action`.created_unix").Find(&actions); err != nil {
+			return nil, 0, fmt.Errorf("Find: %w", err)
+		}
 	}
 
 	if err := ActionList(actions).LoadAttributes(ctx); err != nil {

From cf52cc985a24eb0aba02136f4a518b7bd2cbe9ce Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Tue, 3 Sep 2024 00:29:33 +0000
Subject: [PATCH 047/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_cs-CZ.ini | 24 ------------------------
 options/locale/locale_de-DE.ini | 23 -----------------------
 options/locale/locale_el-GR.ini | 22 ----------------------
 options/locale/locale_es-ES.ini | 21 ---------------------
 options/locale/locale_fa-IR.ini | 10 ----------
 options/locale/locale_fi-FI.ini |  2 --
 options/locale/locale_fr-FR.ini | 24 ------------------------
 options/locale/locale_hu-HU.ini |  6 ------
 options/locale/locale_id-ID.ini |  5 -----
 options/locale/locale_is-IS.ini |  4 ----
 options/locale/locale_it-IT.ini | 11 -----------
 options/locale/locale_ja-JP.ini | 24 ------------------------
 options/locale/locale_lv-LV.ini | 22 ----------------------
 options/locale/locale_nl-NL.ini |  8 --------
 options/locale/locale_pl-PL.ini |  8 --------
 options/locale/locale_pt-BR.ini | 15 ---------------
 options/locale/locale_pt-PT.ini | 23 -----------------------
 options/locale/locale_ru-RU.ini | 17 -----------------
 options/locale/locale_si-LK.ini |  8 --------
 options/locale/locale_sk-SK.ini |  4 ----
 options/locale/locale_sv-SE.ini |  7 -------
 options/locale/locale_tr-TR.ini | 23 -----------------------
 options/locale/locale_uk-UA.ini |  9 ---------
 options/locale/locale_zh-CN.ini | 23 -----------------------
 options/locale/locale_zh-HK.ini |  3 ---
 options/locale/locale_zh-TW.ini | 13 -------------
 26 files changed, 359 deletions(-)

diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index fbcbdde8d53..66cf0424a00 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -218,7 +218,6 @@ string.desc=Z – A
 
 [error]
 occurred=Došlo k chybě
-report_message=Pokud jste si jisti, že se jedná o chybu Gitea, prosím vyhledejte problém na <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> a v případě potřeby založte nový problém.
 missing_csrf=Špatný požadavek: Neexistuje CSRF token
 invalid_csrf=Špatný požadavek: Neplatný CSRF token
 not_found=Cíl nebyl nalezen.
@@ -227,13 +226,10 @@ network_error=Chyba sítě
 [startpage]
 app_desc=Snadno přístupný vlastní Git
 install=Jednoduchá na instalaci
-install_desc=Jednoduše <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">spusťte jako binární program</a> pro vaši platformu, nasaďte jej pomocí <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, nebo jej stáhněte jako <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">balíček</a>.
 platform=Multiplatformní
-platform_desc=Gitea běží všude, kde <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> může kompilovat: Windows, macOS, Linux, ARM, atd. Vyberte si ten, který milujete!
 lightweight=Lehká
 lightweight_desc=Gitea má minimální požadavky a může běžet na Raspberry Pi. Šetřete energii vašeho stroje!
 license=Open Source
-license_desc=Vše je na <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Připojte se tím, že <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">přispějete</a> a uděláte tento projekt ještě lepší. Nestyďte se být přispěvatel!
 
 [install]
 install=Instalace
@@ -452,7 +448,6 @@ authorize_title=Autorizovat „%s“ pro přístup k vašemu účtu?
 authorization_failed=Autorizace selhala
 authorization_failed_desc=Autorizace selhala, protože jsme detekovali neplatný požadavek. Kontaktujte prosím správce aplikace, kterou jste se pokoušeli autorizovat.
 sspi_auth_failed=SSPI autentizace selhala
-password_pwned=Heslo, které jste zvolili, je na <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">seznamu odcizených hesel</a>, která byla dříve odhalena při narušení veřejných dat. Zkuste to prosím znovu s jiným heslem.
 password_pwned_err=Nelze dokončit požadavek na HaveIBeenPwned
 last_admin=Nelze odstranit posledního správce. Musí existovat alespoň jeden správce.
 
@@ -941,7 +936,6 @@ then_enter_passcode=A zadejte přístupový kód zobrazený ve vaší aplikaci:
 passcode_invalid=Přístupový kód není platný. Zkuste to znovu.
 twofa_failed_get_secret=Nepodařilo se získat tajemství.
 
-webauthn_desc=Bezpečnostní klíče jsou hardwarová zařízení obsahující kryptografické klíče. Mohou být použity pro dvoufaktorové ověřování. Bezpečnostní klíče musí podporovat <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standard.
 webauthn_register_key=Přidat bezpečnostní klíč
 webauthn_nickname=Přezdívka
 webauthn_delete_key=Odstranit bezpečnostní klíč
@@ -2297,7 +2291,6 @@ settings.event_pull_request_merge=Sloučení pull requestu
 settings.event_package=Balíček
 settings.event_package_desc=Balíček vytvořen nebo odstraněn v repozitáři.
 settings.branch_filter=Filtr větví
-settings.branch_filter_desc=Povolené větve pro události nahrání, vytvoření větve a smazání větve jsou určeny pomocí zástupného vzoru. Pokud je prázdný nebo <code>*</code>, všechny události jsou ohlášeny. Podívejte se na dokumentaci syntaxe na <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a>. Příklady: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=Autorizační hlavička
 settings.authorization_header_desc=Pokud vyplněno, bude připojeno k požadavkům jako autorizační hlavička. Příklady: %s.
 settings.active=Aktivní
@@ -2372,12 +2365,9 @@ settings.ignore_stale_approvals_desc=Nezapočítávejte schválení, která byla
 settings.require_signed_commits=Vyžadovat podepsané revize
 settings.require_signed_commits_desc=Odmítnout nahrání do této větve pokud nejsou podepsaná nebo jsou neověřitelná.
 settings.protect_branch_name_pattern=Vzor jména chráněných větví
-settings.protect_branch_name_pattern_desc=Vzory jmen chráněných větví. Pro vzorovou syntaxi viz <a href="https://github.com/gobwas/glob">dokumentace</a>. Příklady: main, release/**
 settings.protect_patterns=Vzory
 settings.protect_protected_file_patterns=Vzory chráněných souborů (oddělené středníkem „;“):
-settings.protect_protected_file_patterns_desc=Chráněné soubory, které nemají povoleno být měněny přímo, i když uživatel má právo přidávat, upravovat nebo mazat soubory v této větvi. Více vzorů lze oddělit pomocí středníku („;“). Podívejte se na <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> dokumentaci pro syntaxi vzoru. Příklady: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Vzory nechráněných souborů (oddělené středníkem „;“):
-settings.protect_unprotected_file_patterns_desc=Nechráněné soubory, které je možné měnit přímo, pokud má uživatel právo zápisu, čímž se obejde omezení push. Více vzorů lze oddělit pomocí středníku („;“). Podívejte se na <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> dokumentaci pro syntaxi vzoru. Příklady: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.add_protected_branch=Zapnout ochranu
 settings.delete_protected_branch=Vypnout ochranu
 settings.update_protect_branch_success=Ochrana větví pro větev „%s“ byla aktualizována.
@@ -2407,7 +2397,6 @@ settings.tags.protection.allowed.teams=Povolené týmy
 settings.tags.protection.allowed.noone=Nikdo
 settings.tags.protection.create=Chránit značku
 settings.tags.protection.none=Neexistují žádné chráněné značky.
-settings.tags.protection.pattern.description=Můžete použít jediné jméno nebo vzor glob nebo regulární výraz, který bude odpovídat více značek. Přečtěte si více v <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">průvodci chráněnými značkami</a>.
 settings.bot_token=Token pro robota
 settings.chat_id=ID chatu
 settings.thread_id=ID vlákna
@@ -2774,7 +2763,6 @@ last_page=Poslední
 total=Celkem: %d
 settings=Nastavení správce
 
-dashboard.new_version_hint=Gitea %s je nyní k dispozici, právě u vás běži %s. Podívej se na <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">blogu</a> pro více informací.
 dashboard.statistic=Souhrn
 dashboard.maintenance_operations=Operace údržby
 dashboard.system_status=Status systému
@@ -2955,12 +2943,10 @@ packages.size=Velikost
 packages.published=Publikováno
 
 defaulthooks=Výchozí webové háčky
-defaulthooks.desc=Webové háčky automaticky vytvářejí HTTP POST dotazy na server při určitých Gitea událostech. Webové háčky definované zde jsou výchozí a budou zkopírovány do všech nových repozitářů. Přečtěte si více v <a target="_blank" rel="noopener" href="https://docs.gitea.io/en-us/webhooks/">průvodci webovými háčky</a>.
 defaulthooks.add_webhook=Přidat výchozí webový háček
 defaulthooks.update_webhook=Aktualizovat výchozí webový háček
 
 systemhooks=Systémové webové háčky
-systemhooks.desc=Webové háčky automaticky vytvářejí HTTP POST dotazy na server při určitých Gitea událostech. Webové háčky definované zde budou vykonány na všech repozitářích systému, proto prosím zvažte jakékoli důsledky, které to může mít na výkon. Přečtěte si více v <a target="_blank" rel="noopener" href="https://docs.gitea.io/en-us/webhooks/">průvodci webovými háčky</a>.
 systemhooks.add_webhook=Přidat systémový webový háček
 systemhooks.update_webhook=Aktualizovat systémový webový háček
 
@@ -3055,18 +3041,8 @@ auths.tips=Tipy
 auths.tips.oauth2.general=Ověřování OAuth2
 auths.tips.oauth2.general.tip=Při registraci nové OAuth2 autentizace by URL callbacku/přesměrování měla být:
 auths.tip.oauth2_provider=Poskytovatel OAuth2
-auths.tip.bitbucket=Vytvořte nového OAuth konzumenta na https://bitbucket.org/account/user/{vase-uzivatelske-jmeno}/oauth-consumers/new a přidejte oprávnění „Account“ - „Read“
 auths.tip.nextcloud=Zaregistrujte nového OAuth konzumenta na vaší instanci pomocí následujícího menu „Nastavení -> Zabezpečení -> OAuth 2.0 klient“
-auths.tip.dropbox=Vytvořte novou aplikaci na https://www.dropbox.com/developers/apps
-auths.tip.facebook=Registrujte novou aplikaci na https://developers.facebook.com/apps a přidejte produkt „Facebook Login“
-auths.tip.github=Registrujte novou OAuth aplikaci na https://github.com/settings/applications/new
-auths.tip.gitlab_new=Zaregistrujte novou aplikaci na https://gitlab.com/-/profile/applications
-auths.tip.google_plus=Získejte klientské pověření OAuth2 z Google API konzole na https://console.developers.google.com/
 auths.tip.openid_connect=Použijte OpenID Connect URL pro objevování spojení „https://{server}/.well-known/openid-configuration“ k nastavení koncových bodů
-auths.tip.twitter=Jděte na https://dev.twitter.com/apps, vytvořte aplikaci a ujistěte se, že volba „Allow this application to be used to Sign in with Twitter“ je povolená
-auths.tip.discord=Registrujte novou aplikaci na https://discordapp.com/developers/applications/me
-auths.tip.gitea=Registrovat novou Oauth2 aplikaci. Návod naleznete na https://docs.gitea.com/development/oauth2-provider
-auths.tip.yandex=Vytvořte novou aplikaci na https://oauth.yandex.com/client/new. Vyberte následující oprávnění z „Yandex.Passport API“ sekce: „Přístup k e-mailové adrese“, „Přístup k uživatelskému avataru“ a „Přístup k uživatelskému jménu, jménu a příjmení, pohlaví“
 auths.tip.mastodon=Vložte vlastní URL instance pro mastodon, kterou se chcete autentizovat (nebo použijte výchozí)
 auths.edit=Upravit zdroj ověřování
 auths.activated=Tento zdroj ověřování je aktivován
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index ab6a3cfcd69..ad8714eed0e 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -213,7 +213,6 @@ string.desc=Z–A
 
 [error]
 occurred=Ein Fehler ist aufgetreten
-report_message=Wenn du glaubst, dass dies ein Fehler von Gitea ist, suche bitte auf <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> nach diesem Fehler und erstelle gegebenenfalls einen neuen Bugreport.
 missing_csrf=Fehlerhafte Anfrage: Kein CSRF Token verfügbar
 invalid_csrf=Fehlerhafte Anfrage: Ungültiger CSRF Token
 not_found=Das Ziel konnte nicht gefunden werden.
@@ -222,13 +221,10 @@ network_error=Netzwerkfehler
 [startpage]
 app_desc=Ein einfacher, selbst gehosteter Git-Service
 install=Einfach zu installieren
-install_desc=Starte einfach <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">die Anwendung</a> für deine Plattform oder nutze <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>. Es existieren auch <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">paketierte Versionen</a>.
 platform=Plattformübergreifend
-platform_desc=Gitea läuft überall, wo <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> kompiliert: Windows, macOS, Linux, ARM, etc. Wähle das System, das dir am meisten gefällt!
 lightweight=Leichtgewicht
 lightweight_desc=Gitea hat minimale Systemanforderungen und kann selbst auf einem günstigen und stromsparenden Raspberry Pi betrieben werden!
 license=Quelloffen
-license_desc=Der komplette Code befindet sich auf <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/">GitHub</a>! Unterstütze uns bei der Verbesserung dieses Projekts. Trau dich!
 
 [install]
 install=Installation
@@ -446,7 +442,6 @@ authorize_title=`"%s" den Zugriff auf deinen Account gestatten?`
 authorization_failed=Autorisierung fehlgeschlagen
 authorization_failed_desc=Die Autorisierung ist fehlgeschlagen, da wir eine ungültige Anfrage erkannt haben. Bitte kontaktiere den Betreuer der App, die du zu autorisieren versucht hast.
 sspi_auth_failed=SSPI-Authentifizierung fehlgeschlagen
-password_pwned=Das von dir gewählte Passwort befindet sich auf einer <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">List gestohlener Passwörter</a>, die öffentlich verfügbar sind. Bitte versuche es erneut mit einem anderen Passwort und ziehe in Erwägung, auch anderswo deine Passwörter zu ändern.
 password_pwned_err=Anfrage an HaveIBeenPwned konnte nicht abgeschlossen werden
 last_admin=Du kannst den letzten Admin nicht entfernen. Es muss mindestens einen Administrator geben.
 
@@ -929,7 +924,6 @@ then_enter_passcode=Und gebe dann die angezeigte PIN der Anwendung ein:
 passcode_invalid=Die PIN ist falsch. Probiere es erneut.
 twofa_failed_get_secret=Fehler beim Abrufen des Secrets.
 
-webauthn_desc=Sicherheitsschlüssel sind Geräte, die kryptografische Schlüssel beeinhalten. Diese können für die Zwei-Faktor-Authentifizierung verwendet werden. Der Sicherheitsschlüssel muss den Standard „<a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn</a>“ unterstützen.
 webauthn_register_key=Sicherheitsschlüssel hinzufügen
 webauthn_nickname=Nickname
 webauthn_delete_key=Sicherheitsschlüssel entfernen
@@ -2273,7 +2267,6 @@ settings.event_pull_request_merge=Pull-Request-Merge
 settings.event_package=Paket
 settings.event_package_desc=Paket wurde in einem Repository erstellt oder gelöscht.
 settings.branch_filter=Branch-Filter
-settings.branch_filter_desc=Whitelist für Branches für Push-, Erzeugungs- und Löschevents, als glob Pattern beschrieben. Es werden Events für alle Branches gemeldet, falls das Pattern <code>*</code> ist, oder falls es leer ist. Siehe die <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> Dokumentation für die Syntax (Englisch). Beispiele: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=Authorization-Header
 settings.authorization_header_desc=Wird, falls vorhanden, als Authorization-Header mitgesendet. Beispiele: %s.
 settings.active=Aktiv
@@ -2346,12 +2339,9 @@ settings.ignore_stale_approvals_desc=Genehmigungen, die für ältere Commits ert
 settings.require_signed_commits=Signierte Commits erforderlich
 settings.require_signed_commits_desc=Pushes auf diesen Branch ablehnen, wenn Commits nicht signiert oder nicht überprüfbar sind.
 settings.protect_branch_name_pattern=Muster für geschützte Branchnamen
-settings.protect_branch_name_pattern_desc=Geschützte Branch-Namensmuster. Siehe <a href="https://github.com/gobwas/glob">die Dokumentation</a> für die Muster-Syntax. Beispiele: main, release/**
 settings.protect_patterns=Muster
 settings.protect_protected_file_patterns=Geschützte Dateimuster (durch Semikolon ';' getrennt):
-settings.protect_protected_file_patterns_desc=Geschützte Dateien dürfen nicht direkt geändert werden, auch wenn der Benutzer Rechte hat, Dateien in diesem Branch hinzuzufügen, zu bearbeiten oder zu löschen. Mehrere Muster können mit Semikolon (';') getrennt werden. Siehe <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> Dokumentation zur Mustersyntax. Beispiele: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Ungeschützte Dateimuster (durch Semikolon ';' getrennt):
-settings.protect_unprotected_file_patterns_desc=Ungeschützte Dateien, die direkt geändert werden dürfen, wenn der Benutzer Schreibzugriff hat, können die Push-Beschränkung umgehen. Mehrere Muster können mit Semikolon (';') getrennt werden. Siehe <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> Dokumentation zur Mustersyntax. Beispiele: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.update_protect_branch_success=Branchschutzregel "%s" wurde geändert.
 settings.remove_protected_branch_success=Branchschutzregel "%s" wurde deaktiviert.
 settings.remove_protected_branch_failed=Entfernen der Branchschutzregel "%s" fehlgeschlagen.
@@ -2379,7 +2369,6 @@ settings.tags.protection.allowed.teams=Erlaubte Teams
 settings.tags.protection.allowed.noone=Niemand
 settings.tags.protection.create=Tag schützen
 settings.tags.protection.none=Es gibt keine geschützten Tags.
-settings.tags.protection.pattern.description=Du kannst einen einzigen Namen oder ein globales Schema oder einen regulären Ausdruck verwenden, um mehrere Tags zu schützen. Mehr dazu im <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">Guide für geschützte Tags (Englisch)</a>.
 settings.bot_token=Bot-Token
 settings.chat_id=Chat-ID
 settings.thread_id=Thread-ID
@@ -2746,7 +2735,6 @@ last_page=Letzte
 total=Gesamt: %d
 settings=Administratoreinstellungen
 
-dashboard.new_version_hint=Gitea %s ist jetzt verfügbar, deine derzeitige Version ist %s. Weitere Details findest du im <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">Blog</a>.
 dashboard.statistic=Übersicht
 dashboard.system_status=System-Status
 dashboard.operation_name=Name der Operation
@@ -2926,12 +2914,10 @@ packages.size=Größe
 packages.published=Veröffentlicht
 
 defaulthooks=Standard-Webhooks
-defaulthooks.desc=Webhooks senden automatisch eine HTTP-POST-Anfrage an einen Server, wenn bestimmte Gitea-Events ausgelöst werden. Hier definierte Webhooks sind die Standardwerte, die in alle neuen Repositories kopiert werden. Mehr Infos findest du in der <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">Webhooks-Anleitung</a> (auf Englisch).
 defaulthooks.add_webhook=Standard-Webhook hinzufügen
 defaulthooks.update_webhook=Standard-Webhook aktualisieren
 
 systemhooks=System-Webhooks
-systemhooks.desc=Webhooks senden automatisch HTTP-POST-Anfragen an einen Server, wenn bestimmte Gitea-Events ausgelöst werden. Hier definierte Webhooks werden auf alle Repositories des Systems übertragen, beachte daher mögliche Performance-Einbrüche. Mehr Infos findest du in der <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">Webhooks-Anleitung</a> (auf Englisch).
 systemhooks.add_webhook=System-Webhook hinzufügen
 systemhooks.update_webhook=System-Webhook aktualisieren
 
@@ -3027,15 +3013,6 @@ auths.tips.oauth2.general=OAuth2-Authentifizierung
 auths.tips.oauth2.general.tip=Beim Registrieren einer OAuth2-Anwendung sollte die Callback-URL folgendermaßen lauten:
 auths.tip.oauth2_provider=OAuth2-Anbieter
 auths.tip.nextcloud=Registriere über das "Settings -> Security -> OAuth 2.0 client"-Menü einen neuen "OAuth consumer" auf der Nextcloud-Instanz
-auths.tip.dropbox=Erstelle eine neue App auf https://www.dropbox.com/developers/apps.
-auths.tip.facebook=Erstelle eine neue Anwendung auf https://developers.facebook.com/apps und füge das Produkt „Facebook Login“ hinzu.
-auths.tip.github=Erstelle unter https://github.com/settings/applications/new eine neue OAuth-Anwendung.
-auths.tip.gitlab_new=Erstelle eine neue Anwendung unter https://gitlab.com/-/profile/applications
-auths.tip.google_plus=Du erhältst die OAuth2-Client-Zugangsdaten in der Google-API-Konsole unter https://console.developers.google.com/
-auths.tip.twitter=Gehe auf https://dev.twitter.com/apps, erstelle eine Anwendung und stelle sicher, dass die Option „Allow this application to be used to Sign in with Twitter“ aktiviert ist
-auths.tip.discord=Erstelle unter https://discordapp.com/developers/applications/me eine neue Anwendung.
-auths.tip.gitea=Registriere eine neue OAuth2-Anwendung. Eine Anleitung findest du unter https://docs.gitea.com/development/oauth2-provider/
-auths.tip.yandex=`Erstelle eine neue Anwendung auf https://oauth.yandex.com/client/new. Wähle folgende Berechtigungen aus dem "Yandex.Passport API" Bereich: "Zugriff auf E-Mail-Adresse", "Zugriff auf Benutzeravatar" und "Zugriff auf Benutzername, Vor- und Nachname, Geschlecht"`
 auths.tip.mastodon=Gebe eine benutzerdefinierte URL für die Mastodon-Instanz ein, mit der du dich authentifizieren möchtest (oder benutze die standardmäßige)
 auths.edit=Authentifikationsquelle bearbeiten
 auths.activated=Diese Authentifikationsquelle ist aktiviert
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 7ed45df23c3..4f9a53a6df4 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -184,7 +184,6 @@ string.desc=Z - A
 
 [error]
 occurred=Παρουσιάστηκε ένα σφάλμα
-report_message=Αν πιστεύετε ότι αυτό είναι ένα πρόβλημα στο Gitea, παρακαλούμε αναζητήστε ζητήματα στο <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> ή ανοίξτε ένα νέο ζήτημα εάν είναι απαραίτητο.
 missing_csrf=Bad Request: δεν υπάρχει διακριτικό CSRF
 invalid_csrf=Λάθος Αίτημα: μη έγκυρο διακριτικό CSRF
 not_found=Ο προορισμός δεν βρέθηκε.
@@ -193,13 +192,10 @@ network_error=Σφάλμα δικτύου
 [startpage]
 app_desc=Μια ανώδυνη, αυτο-φιλοξενούμενη υπηρεσία Git
 install=Εύκολο στην εγκατάσταση
-install_desc=Απλά <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">εκτελέστε το αρχείο προγράμματος</a> για την πλατφόρμα σας, χρήσιμοποιήστε το με το <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, ή εγκαταστήστε το <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">πακέτο</a>.
 platform=Πολυπλατφορμικό
-platform_desc=Ο Gitea τρέχει οπουδήποτε <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> μπορεί να γίνει compile για: Windows, macOS, Linux, ARM, κλπ. Επιλέξτε αυτό που αγαπάτε!
 lightweight=Ελαφρύ
 lightweight_desc=Gitea έχει χαμηλές ελάχιστες απαιτήσεις και μπορεί να τρέξει σε ένα οικονομικό Raspberry Pi. Εξοικονομήστε ενέργεια!
 license=Ανοικτού κώδικα
-license_desc=Κατεβάστε το <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Ελάτε μαζί μας και <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">συνεισφέρετε</a> για να κάνετε αυτό το έργο ακόμα καλύτερο. Δεν είναι ντροπή να συνεισφέρετε!
 
 [install]
 install=Εγκατάσταση
@@ -413,7 +409,6 @@ authorize_title=Εξουσιοδότηση του "%s" για έχει πρόσ
 authorization_failed=Αποτυχία εξουσιοδότησης
 authorization_failed_desc=Η εξουσιοδότηση απέτυχε επειδή εντοπίστηκε μια μη έγκυρη αίτηση. Παρακαλούμε επικοινωνήστε με το συντηρητή της εφαρμογής που προσπαθήσατε να εξουσιοδοτήσετε.
 sspi_auth_failed=Αποτυχία ταυτοποίησης SSPI
-password_pwned=Ο κωδικός πρόσβασης που επιλέξατε είναι σε μια λίστα <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">κλεμμένων κωδικών πρόσβασης</a> που προηγουμένως εκτέθηκαν σε παραβίαση δημόσιων δεδομένων. Παρακαλώ δοκιμάστε ξανά με διαφορετικό κωδικό πρόσβασης και σκεφτείτε να αλλάξετε αυτόν τον κωδικό πρόσβασης όπου αλλού χρησιμοποιείται.
 password_pwned_err=Δεν ήταν δυνατή η ολοκλήρωση του αιτήματος προς το HaveIBeenPwned
 
 [mail]
@@ -868,7 +863,6 @@ then_enter_passcode=Και εισάγετε τον κωδικό που εμφα
 passcode_invalid=Ο κωδικός είναι λάθος. Δοκιμάστε ξανά.
 twofa_failed_get_secret=Αποτυχία λήψης μυστικού.
 
-webauthn_desc=Τα κλειδιά ασφαλείας είναι συσκευές που περιέχουν κρυπτογραφικά κλειδιά. Μπορούν να χρησιμοποιηθούν για έλεγχο ταυτότητας δύο παραγόντων. Τα κλειδιά ασφαλείας πρέπει να υποστηρίζουν το <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">πρότυπο WebAuthn Authn Authenticator</a>.
 webauthn_register_key=Προσθήκη Κλειδιού Ασφαλείας
 webauthn_nickname=Ψευδώνυμο
 webauthn_delete_key=Αφαίρεση Κλειδιού Ασφαλείας
@@ -2178,7 +2172,6 @@ settings.event_pull_request_merge=Συγχώνευση Pull Request
 settings.event_package=Πακέτο
 settings.event_package_desc=Το πακέτο δημιουργήθηκε ή διαγράφηκε σε ένα αποθετήριο.
 settings.branch_filter=Φίλτρο κλάδου
-settings.branch_filter_desc=Λίστα επιτρεπόμενων κλάδων για ωθήσεις, δημιουργία κλάδων και γεγονότα διαγραφής κλάδων, που ορίζονται ως μοτίβο glob. Εάν είναι κενό ή <code>*</code>, αναφέρονται συμβάντα για όλους τους κλάδους. Δείτε τη τεκμηρίωση<a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> για σύνταξη. Παραδείγματα: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=Κεφαλίδα Authorization
 settings.authorization_header_desc=Αν υπάρχει, θα προστίθεται ως κεφαλίδα authorization στις αιτήσεις HTTP. Παραδείγματα: %s.
 settings.active=Ενεργό
@@ -2251,12 +2244,9 @@ settings.dismiss_stale_approvals_desc=Όταν οι νέες υποβολές π
 settings.require_signed_commits=Απαιτούνται Υπογεγραμμένες Υποβολές
 settings.require_signed_commits_desc=Απόρριψη νέων υποβολών σε αυτόν τον κλάδο εάν είναι μη υπογεγραμμένες ή μη επαληθεύσιμες.
 settings.protect_branch_name_pattern=Μοτίβο Προστατευμένου Ονόματος Κλάδου
-settings.protect_branch_name_pattern_desc=Μοτίβα ονόματος προστατευμένων κλάδων. Δείτε <a href="https://github.com/gobwas/glob">την τεκμηρίωση</a> για σύνταξη μοτίβου. Παραδείγματα: main, release/**
 settings.protect_patterns=Μοτίβα
 settings.protect_protected_file_patterns=Μοτίβα προστατευμένων αρχείων (διαχωρισμένα με ερωτηματικό ';'):
-settings.protect_protected_file_patterns_desc=Τα προστατευόμενα αρχεία δεν επιτρέπεται να αλλάξουν άμεσα, ακόμη και αν ο χρήστης έχει δικαιώματα να προσθέσει, να επεξεργαστεί ή να διαγράψει αρχεία σε αυτόν τον κλάδο. Επιπλέων μοτίβα μπορούν να διαχωριστούν με ερωτηματικό (';'). Δείτε την τεκμηρίωση <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> για τη σύνταξη του μοτίβου. Πχ: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Μοτίβα μη προστατευμένων αρχείων (διαχωρισμένα με ερωτηματικό ';'):
-settings.protect_unprotected_file_patterns_desc=Μη προστατευμένα αρχεία που επιτρέπεται να αλλάξουν απευθείας εάν ο χρήστης έχει πρόσβαση εγγραφής, παρακάμπτοντας τον περιορισμό ώθησης. Επιπλέων μοτίβα μπορούν να διαχωριστούν με ερωτηματικό (';'). Δείτε την τεκμηρίωση <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> για τη σύνταξη του μοτίβου. Πχ: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.add_protected_branch=Ενεργοποίηση προστασίας
 settings.delete_protected_branch=Απενεργοποίηση προστασίας
 settings.update_protect_branch_success=Η προστασία κλάδου για τον κανόνα "%s" ενημερώθηκε.
@@ -2286,7 +2276,6 @@ settings.tags.protection.allowed.teams=Επιτρεπόμενες ομάδες
 settings.tags.protection.allowed.noone=Καμία
 settings.tags.protection.create=Προστασία Ετικέτας
 settings.tags.protection.none=Δεν υπάρχουν προστατευμένες ετικέτες.
-settings.tags.protection.pattern.description=Μπορείτε να χρησιμοποιήσετε ένα μόνο όνομα ή ένα μοτίβο τύπου glob ή κανονική έκφραση για να ταιριάξετε πολλαπλές ετικέτες. Διαβάστε περισσότερα στον <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">οδηγό προστατευμένων ετικετών</a>.
 settings.bot_token=Διακριτικό Bot
 settings.chat_id=ID Συνομιλίας
 settings.thread_id=ID Νήματος
@@ -2642,7 +2631,6 @@ last_page=Τελευταίο
 total=Σύνολο: %d
 settings=Ρυθμίσεις Διαχειριστή
 
-dashboard.new_version_hint=Το Gitea %s είναι διαθέσιμο, τώρα εκτελείτε το %s. Ανατρέξτε <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">στο blog</a> για περισσότερες λεπτομέρειες.
 dashboard.statistic=Περίληψη
 dashboard.system_status=Κατάσταση Συστήματος
 dashboard.operation_name=Όνομα Λειτουργίας
@@ -2820,12 +2808,10 @@ packages.size=Μέγεθος
 packages.published=Δημοσιευμένα
 
 defaulthooks=Προεπιλεγμένα Webhooks
-defaulthooks.desc=Τα Webhooks κάνουν αυτόματα αιτήσεις HTTP POST σε ένα διακομιστή όταν ενεργοποιούν ορισμένα γεγονότα στο Gitea. Τα Webhooks που ορίζονται εδώ είναι προκαθορισμένα και θα αντιγραφούν σε όλα τα νέα αποθετήρια. Διαβάστε περισσότερα στον οδηγό <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">webhooks</a>.
 defaulthooks.add_webhook=Προσθήκη Προεπιλεγμένου Webhook
 defaulthooks.update_webhook=Ενημέρωση Προεπιλεγμένου Webhook
 
 systemhooks=Webhooks Συστήματος
-systemhooks.desc=Τα Webhooks κάνουν αυτόματα αιτήσεις HTTP POST σε ένα διακομιστή όταν ενεργοποιούνται ορισμένα γεγονότα στο Gitea. Τα Webhooks που ορίζονται εδώ θα ενεργούν σε όλα τα αποθετήρια του συστήματος, γι 'αυτό παρακαλώ εξετάστε τυχόν επιπτώσεις απόδοσης που μπορεί να έχει. Διαβάστε περισσότερα στον οδηγό <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">webhooks</a>.
 systemhooks.add_webhook=Προσθήκη Webhook Συστήματος
 systemhooks.update_webhook=Ενημέρωση Webhook Συστήματος
 
@@ -2921,14 +2907,6 @@ auths.tips.oauth2.general=Ταυτοποίηση OAuth2
 auths.tips.oauth2.general.tip=Κατά την εγγραφή μιας νέας ταυτοποίησης OAuth2, το URL κλήσης/ανακατεύθυνσης πρέπει να είναι:
 auths.tip.oauth2_provider=Πάροχος OAuth2
 auths.tip.nextcloud=`Καταχωρήστε ένα νέο καταναλωτή OAuth στην υπηρεσία σας χρησιμοποιώντας το παρακάτω μενού "Settings -> Security -> OAuth 2.0 client"`
-auths.tip.dropbox=Δημιουργήστε μια νέα εφαρμογή στο https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Καταχωρήστε μια νέα εφαρμογή στο https://developers.facebook.com/apps και προσθέστε το προϊόν "Facebook Login"`
-auths.tip.github=Καταχωρήστε μια νέα εφαρμογή OAuth στο https://github.com/settings/applications/new
-auths.tip.google_plus=Αποκτήστε τα διαπιστευτήρια πελάτη OAuth2 από την κονσόλα API της Google στο https://console.developers.google.com/
-auths.tip.twitter=Πηγαίνετε στο https://dev.twitter.com/apps, δημιουργήστε μια εφαρμογή και βεβαιωθείτε ότι η επιλογή “Allow this application to be used to Sign in with Twitter” είναι ενεργοποιημένη
-auths.tip.discord=Καταχωρήστε μια νέα εφαρμογή στο https://discordapp.com/developers/applications/me
-auths.tip.gitea=Καταχωρήστε μια νέα εφαρμογή OAuth2. Μπορείτε να βρείτε τον οδηγό στο https://docs.gitea.com/development/oauth2-provider
-auths.tip.yandex=`Δημιουργήστε μια νέα εφαρμογή στο https://oauth.yandex.com/client/new. Επιλέξτε τα ακόλουθα δικαιώματα από την ενότητα "Yandex.Passport API": "Access to email address", "Access to user avatar" και "Access to username, first name and surname, gender"`
 auths.tip.mastodon=Εισαγάγετε ένα προσαρμομένο URL για την υπηρεσία mastodon με την οποία θέλετε να πιστοποιήσετε (ή να χρησιμοποιήσετε την προεπιλεγμένη)
 auths.edit=Επεξεργασία Πηγής Ταυτοποίησης
 auths.activated=Αυτή η Πηγή Ταυτοποίησης είναι Ενεργοποιημένη
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 5f142e99b37..83fc50e0e22 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -182,7 +182,6 @@ string.desc=Z - A
 
 [error]
 occurred=Ha ocurrido un error
-report_message=Si crees que este es un error de Gitea, por favor busca incidencias en <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> o abre una nueva incidencia si es necesario.
 missing_csrf=Solicitud incorrecta: sin token CSRF
 invalid_csrf=Solicitud incorrecta: el token CSRF no es válido
 not_found=El objetivo no pudo ser encontrado.
@@ -191,13 +190,10 @@ network_error=Error de red
 [startpage]
 app_desc=Un servicio de Git autoalojado y sin complicaciones
 install=Fácil de instalar
-install_desc=Simplemente <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">ejecuta el binario</a> para tu plataforma, lánzalo con <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>o consíguelo <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">empaquetado</a>.
 platform=Multiplataforma
-platform_desc=Gitea funciona en cualquier platforma <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> puede compilarlo en: Windows, macOS, Linux, ARM, etc. ¡Elige tu favorita!
 lightweight=Ligero
 lightweight_desc=Gitea tiene pocos requisitos y puede funcionar en una Raspberry Pi barata. ¡Ahorra energía!
 license=Código abierto
-license_desc=¡Está todo en < <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Únase <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">contribuyendo</a> a hacer este proyecto todavía mejor. ¡No sea tímido y colabore!
 
 [install]
 install=Instalación
@@ -410,7 +406,6 @@ authorize_title=¿Autorizar a "%s" a acceder a su cuenta?
 authorization_failed=Autorización fallida
 authorization_failed_desc=La autorización ha fallado porque hemos detectado una solicitud no válida. Por favor, póngase en contacto con el responsable de la aplicación que ha intentado autorizar.
 sspi_auth_failed=Fallo en la autenticación SSPI
-password_pwned=La contraseña que eligió está en <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">una lista de contraseñas robadas</a> previamente expuestas en violaciones de datos públicos. Por favor, inténtelo de nuevo con una contraseña diferente y considere cambiar esta contraseña también en otros lugares.
 password_pwned_err=No se pudo completar la solicitud a HaveIBeenPwned
 
 [mail]
@@ -861,7 +856,6 @@ then_enter_passcode=E introduzca el código de acceso mostrado en la aplicación
 passcode_invalid=El código de acceso es incorrecto. Vuelva a intentarlo.
 twofa_failed_get_secret=No se pudo obtener el secreto.
 
-webauthn_desc=Las claves de seguridad son dispositivos hardware que contienen claves criptográficas. Pueden ser usados para la autenticación de doble factor. Las claves de seguridad deben soportar el estándar <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a>.
 webauthn_register_key=Añadir clave de seguridad
 webauthn_nickname=Apodo
 webauthn_delete_key=Eliminar clave de seguridad
@@ -2161,7 +2155,6 @@ settings.event_pull_request_merge=Fusionar Pull Request
 settings.event_package=Paquete
 settings.event_package_desc=Paquete creado o eliminado en un repositorio.
 settings.branch_filter=Filtro de rama
-settings.branch_filter_desc=Lista blanca de rama para eventos de push, creación de rama y eliminación de rama, especificados como patrón globo. Si está vacío o <code>*</code>, se reportan eventos para todas las ramas. Ver <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> documentación para la sintaxis. Ejemplos: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=Encabezado de autorización
 settings.authorization_header_desc=Se incluirá como encabezado de autorización para solicitudes cuando esté presente. Ejemplo: %s.
 settings.active=Activo
@@ -2236,9 +2229,7 @@ settings.require_signed_commits_desc=Rechazar push en esta rama si los commits n
 settings.protect_branch_name_pattern=Patrón de nombre de la rama protegida
 settings.protect_patterns=Patrones
 settings.protect_protected_file_patterns=Patrones de archivos protegidos (separados con punto y coma ';'):
-settings.protect_protected_file_patterns_desc=No está permitido cambiar archivos directamente incluso si el usuario tiene permiso para agregar, editar o borrar archivos en esta rama. Múltiples patrones pueden separarse usando punto y coma (';'). Refvisa la documentación de <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> para la sintaxis de patrones. Ejemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Patrones de archivos sin protección (separados con punto y coma ';'):
-settings.protect_unprotected_file_patterns_desc=Los archivos sin protección se pueden cambiar directamente si el usuario tiene acceso de escritura, evitando la restricción push. Múltiples patrones pueden separarse usando punto y coma (';'). Vea la documentación de <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> para la sintaxis de patrones. Ejemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.update_protect_branch_success=Se ha actualizado la protección de la rama para la regla "%s".
 settings.remove_protected_branch_success=Se ha eliminado la protección de la rama para la regla "%s".
 settings.remove_protected_branch_failed=Error al eliminar la regla de protección de rama "%s".
@@ -2266,7 +2257,6 @@ settings.tags.protection.allowed.teams=Equipos permitidos
 settings.tags.protection.allowed.noone=Ningún
 settings.tags.protection.create=Proteger Etiqueta
 settings.tags.protection.none=No hay etiquetas protegidas.
-settings.tags.protection.pattern.description=Puede usar un solo nombre, un patrón de glob o expresión regular para que coincida con varias etiquetas. Lea más en la guía <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">de etiquetas protegidas</a>.
 settings.bot_token=Token del Bot
 settings.chat_id=ID Chat
 settings.thread_id=ID del hilo
@@ -2622,7 +2612,6 @@ last_page=Última
 total=Total: %d
 settings=Configuración de Admin
 
-dashboard.new_version_hint=Gitea %s ya está disponible, estás ejecutando %s. Revisa <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">el blog</a> para más detalles.
 dashboard.statistic=Resumen
 dashboard.system_status=Estado del sistema
 dashboard.operation_name=Nombre de la operación
@@ -2798,12 +2787,10 @@ packages.size=Tamaño
 packages.published=Publicado
 
 defaulthooks=Webhooks por defecto
-defaulthooks.desc=Los webhooks automáticamente hacen peticiones HTTP POST a un servidor cuando ciertos eventos de Gitea se activan. Los webhooks definidos aquí son predeterminados y serán copiados en todos los repositorios nuevos. Leer más en la guía <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">webhooks</a>.
 defaulthooks.add_webhook=Añadir Webhook por defecto
 defaulthooks.update_webhook=Actualizar Webhook por defecto
 
 systemhooks=Webhooks del sistema
-systemhooks.desc=Los webhooks automáticamente hacen peticiones HTTP POST a un servidor cuando ciertos eventos de Gitea se activan. Los webhooks definidos aquí actuarán en todos los repositorios del sistema, así que por favor considere las implicaciones de rendimiento que esto pueda tener. Lea más en la guía <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">de webhooks</a>.
 systemhooks.add_webhook=Añadir Webhook del Sistema
 systemhooks.update_webhook=Actualizar Webhook del Sistema
 
@@ -2899,14 +2886,6 @@ auths.tips.oauth2.general=Autenticación OAuth2
 auths.tips.oauth2.general.tip=Al registrar una nueva autenticación de OAuth2, la URL de devolución de llamada/redirección debe ser:
 auths.tip.oauth2_provider=Proveedor OAuth2
 auths.tip.nextcloud=`Registre un nuevo consumidor OAuth en su instancia usando el siguiente menú "Configuración-> Seguridad-> cliente OAuth 2.0"`
-auths.tip.dropbox=Crear nueva aplicación en https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Registre una nueva aplicación en https://developers.facebook.com/apps y agregue el producto "Facebook Login"`
-auths.tip.github=Registre una nueva aplicación OAuth en https://github.com/settings/applications/new
-auths.tip.google_plus=Obtener credenciales de cliente OAuth2 desde la consola API de Google en https://console.developers.google.com/
-auths.tip.twitter=Ir a https://dev.twitter.com/apps, crear una aplicación y asegurarse de que la opción "Permitir que esta aplicación sea usada para iniciar sesión con Twitter" está activada
-auths.tip.discord=Registrar una nueva aplicación en https://discordapp.com/developers/applications/me
-auths.tip.gitea=Registrar una nueva aplicación OAuth2. Puede encontrar la guía en https://docs.gitea.com/development/oauth2-provider
-auths.tip.yandex=`Crear una nueva aplicación en https://oauth.yandex.com/client/new. Seleccione los siguientes permisos del "Yandex.Passport API": "Access to email address", "Access to user avatar" y "Access to username, first name and surname, gender"`
 auths.tip.mastodon=Introduzca una URL de instancia personalizada para la instancia mastodon con la que desea autenticarse (o utilice la predeterminada)
 auths.edit=Editar origen de autenticación
 auths.activated=Este origen de autenticación ha sido activado
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index 2d159333a40..7d07d570f40 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -124,11 +124,9 @@ missing_csrf=درخواست بد: بلیط CSRF ندارد
 app_desc=یک سرویس گیت بی‌درد سر و راحت
 install=راه‌اندازی ساده
 platform=مستقل از سکو
-platform_desc=گیت همه جا اجرا می‌شود <a target="_blank" rel="noopener noreferrer" href="https://go.dev/"> بریم!</a> می‌توانید Windows, macOS, Linux, ARM و ... هر کدام را دوست داشتید انتخاب کنید!
 lightweight=ابزارک سبک
 lightweight_desc=گیتی با حداقل منابع میتوانید برای روی دستگاه Raspberry Pi اجرا شود و مصرف انرژی شما را کاهش دهد!
 license=متن باز
-license_desc=برو به <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! به ملحق شوید با <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea"> مشارکت کردن</a> برای این که این پروژه بهتر شود. برای مشارکت کردن خجالت نکشید!
 
 [install]
 install=نصب و راه اندازی
@@ -1675,7 +1673,6 @@ settings.event_pull_request_review_desc=درخواست pull تایید شده،
 settings.event_pull_request_sync=درخواست pull همگام شده
 settings.event_pull_request_sync_desc=درخواست کشش همگام شده است.
 settings.branch_filter=صافی شاخه
-settings.branch_filter_desc=فهرست سفید شاخه برای رویدادهای push، ایجاد شاخه و حذف شاخه، که به عنوان الگوی glob مشخص شده است. اگر خالی یا <code>*</code> باشد، رویدادها برای همه شاخه ها گزارش می شوند. برای syntax به اسناد <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> مراجعه کنید. مثال‌ها: <code>master</code>، <code>{master,release*}</code>.
 settings.active=فعال
 settings.active_helper=اطلاعات درباره کشیده شدن ماشه رویدادها به این نشانی هوک تحت وب ارسال خواهد شد.
 settings.add_hook_success=یک هوک تحت وب جدید افزوده شده است.
@@ -2259,13 +2256,6 @@ auths.tips=ﻧﮑﺎﺕ
 auths.tips.oauth2.general=احراز هویت OAuth2
 auths.tip.oauth2_provider=تامین کننده OAuth2
 auths.tip.nextcloud=با استفاده از منوی زیر "تنظیمات -> امنیت -> مشتری OAuth 2.0" مصرف کننده OAuth جدیدی را در نمونه خود ثبت کنید
-auths.tip.dropbox=یک برنامه جدید در https://www.dropbox.com/developers/apps بسازید
-auths.tip.facebook=`یک برنامه جدید در https://developers.facebook.com/apps بسازید برای ورود از طریق فیس بوک قسمت محصولات "Facebook Login"`
-auths.tip.github=یک برنامه OAuth جدید در https://github.com/settings/applications/new ثبت کنید
-auths.tip.google_plus=اطلاعات مربوط به مشتری OAuth2 را از کلاینت API Google در https://console.developers.google.com/
-auths.tip.twitter=به https://dev.twitter.com/apps بروید ، برنامه ای ایجاد کنید و اطمینان حاصل کنید که گزینه "اجازه استفاده از این برنامه برای ورود به سیستم با Twitter" را فعال کنید
-auths.tip.discord=یک برنامه جدید را در https://discordapp.com/developers/applications/me ثبت کنید
-auths.tip.yandex=`یک برنامه جدید در https://oauth.yandex.com/client/new ایجاد کنید. مجوزهای زیر را از بخش "Yandex.Passport API" انتخاب کنید: "دسترسی به آدرس ایمیل"، "دسترسی به آواتار کاربر" و "دسترسی به نام کاربری، نام و نام خانوادگی، جنسیت"`
 auths.tip.mastodon=یک URL نمونه سفارشی برای نمونه ماستودون که می خواهید با آن احراز هویت کنید وارد کنید (یا از یک پیش فرض استفاده کنید)
 auths.edit=ویرایش منبع احراز هویت
 auths.activated=این منبع احراز هویت فعال شده است
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 4b6b708d6e4..36af8d28708 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -142,11 +142,9 @@ network_error=Verkkovirhe
 app_desc=Kivuton, itsehostattu Git-palvelu
 install=Helppo asentaa
 platform=Alustariippumaton
-platform_desc=Gitea käy missä tahansa alustassa, johon <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> kykenee kääntämään. Windows, macOS, Linux, ARM, jne. Valitse omasi!
 lightweight=Kevyt
 lightweight_desc=Gitealla on vähäiset vähimmäisvaatimukset, joten se toimii jopa halvassa Raspberry Pi:ssä. Säästä koneesi energiaa!
 license=Avoin lähdekoodi
-license_desc=Mene osoitteeseen <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Liity mukaan tekemään <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">projektista</a> entistäkin parempi. Älä ujostele avustamista!
 
 [install]
 install=Asennus
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index a4a6a8f7c16..634836a7904 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -217,7 +217,6 @@ string.desc=Z - A
 
 [error]
 occurred=Une erreur s’est produite
-report_message=Si vous pensez qu'il s'agit d'un bug Gitea, veuillez consulter notre board <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> ou ouvrir un nouveau ticket si nécessaire.
 missing_csrf=Requête incorrecte: aucun jeton CSRF présent
 invalid_csrf=Requête incorrecte : jeton CSRF invalide
 not_found=La cible n'a pu être trouvée.
@@ -226,13 +225,10 @@ network_error=Erreur réseau
 [startpage]
 app_desc=Un service Git auto-hébergé sans prise de tête
 install=Facile à installer
-install_desc=Il suffit de <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">lancer l’exécutable</a> adapté à votre plateforme, le déployer avec <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a> ou de l’installer depuis un <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">gestionnaire de paquet</a>.
 platform=Multi-plateforme
-platform_desc=Gitea tourne partout où <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> peut être compilé : Windows, macOS, Linux, ARM, etc. Choisissez votre préféré !
 lightweight=Léger
 lightweight_desc=Gitea utilise peu de ressources. Il peut même tourner sur un Raspberry Pi très bon marché. Économisez l'énergie de vos serveurs !
 license=Open Source
-license_desc=Toutes les sources sont sur <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/">GitHub</a> ! Rejoignez-nous et <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">contribuez</a> à rendre ce projet encore meilleur!
 
 [install]
 install=Installation
@@ -454,7 +450,6 @@ authorize_title=Autoriser "%s" à accéder à votre compte ?
 authorization_failed=L’autorisation a échoué
 authorization_failed_desc=L'autorisation a échoué car nous avons détecté une demande incorrecte. Veuillez contacter le responsable de l'application que vous avez essayé d'autoriser.
 sspi_auth_failed=Échec de l'authentification SSPI
-password_pwned=Le mot de passe que vous avez choisi se trouve sur la liste <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">des mots de passe ayant fuité</a> sur internet. Veuillez réessayer avec un mot de passe différent et considérer remplacer ce mot de passe si vous l'utilisez ailleurs.
 password_pwned_err=Impossible d'envoyer la demande à HaveIBeenPwned
 last_admin=Vous ne pouvez pas supprimer ce compte car au moins un administrateur est requis.
 signin_passkey=Se connecter avec une clé d’identification (passkey)
@@ -943,7 +938,6 @@ then_enter_passcode=Et entrez le code de passe s'affichant dans l'application :
 passcode_invalid=Le mot de passe est invalide. Réessayez.
 twofa_failed_get_secret=Impossible d'obtenir le secret.
 
-webauthn_desc=Les clefs de sécurité sont des dispositifs matériels contenant des clefs cryptographiques. Elles peuvent être utilisées pour l'authentification à deux facteurs. La clef de sécurité doit supporter le standard <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a>.
 webauthn_register_key=Ajouter une clé de sécurité
 webauthn_nickname=Pseudonyme
 webauthn_delete_key=Retirer la clé de sécurité
@@ -2302,7 +2296,6 @@ settings.event_pull_request_merge=Fusion de demande d'ajout
 settings.event_package=Paquet
 settings.event_package_desc=Paquet créé ou supprimé.
 settings.branch_filter=Filtre de branche
-settings.branch_filter_desc=Liste de branches et motifs globs autorisant la soumission, la création et suppression de branches. Laisser vide ou utiliser <code>*</code> englobent toutes les branches. Voir la <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">syntaxe Glob</a>. Exemples : <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=En-tête « Authorization »
 settings.authorization_header_desc=Si présent, sera ajouté aux requêtes comme en-tête d’authentification. Exemples : %s.
 settings.active=Actif
@@ -2397,12 +2390,9 @@ settings.ignore_stale_approvals_desc=Ignorer les approbations d’anciennes rév
 settings.require_signed_commits=Exiger des révisions signées
 settings.require_signed_commits_desc=Rejeter les soumissions sur cette branche lorsqu'ils ne sont pas signés ou vérifiables.
 settings.protect_branch_name_pattern=Motif de nom de branche protégé
-settings.protect_branch_name_pattern_desc=Motifs de nom de branche protégé. Consultez la <a href="github.com/gobwas/glob">documentation</a> pour la syntaxe du motif. Exemples : <code>main</code>, <code>release/**</code>
 settings.protect_patterns=Motifs
 settings.protect_protected_file_patterns=Liste des fichiers et motifs protégés
-settings.protect_protected_file_patterns_desc=Liste de fichiers et de motifs, séparés par un point-virgule « ; », qui ne pourront pas être modifiés même si les utilisateurs disposent des droits sur la branche. Voir la <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>syntaxe glob</a>. Exemples : <code>.drone.yml ; /docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Liste des fichiers et motifs exclus
-settings.protect_unprotected_file_patterns_desc=Liste de fichiers et de motifs globs, séparés par un point-virgule « ; », qui pourront être modifiés malgré la protection de branche, par les utilisateurs autorisés. Voir la <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>syntaxe Glob</a>. Exemples : <code>.drone.yml ; /docs/**/*.txt</code>.
 settings.update_protect_branch_success=La règle de protection de branche "%s" a été mise à jour.
 settings.remove_protected_branch_success=La règle de protection de branche "%s" a été retirée.
 settings.remove_protected_branch_failed=Impossible de retirer la règle de protection de branche "%s".
@@ -2430,7 +2420,6 @@ settings.tags.protection.allowed.teams=Équipes autorisées
 settings.tags.protection.allowed.noone=Personne
 settings.tags.protection.create=Protéger l'étiquette
 settings.tags.protection.none=Il n'y a pas d'étiquettes protégées.
-settings.tags.protection.pattern.description=Vous pouvez utiliser au choix un nom unique, un motif de glob ou une expression régulière qui correspondra à plusieurs étiquettes. Pour plus d’informations, consultez le <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">guide sur les étiquettes protégées</a>.
 settings.bot_token=Jeton de Bot
 settings.chat_id=ID de conversation
 settings.thread_id=ID du fil
@@ -2799,7 +2788,6 @@ last_page=Dernière
 total=Total : %d
 settings=Paramètres administrateur
 
-dashboard.new_version_hint=Gitea %s est maintenant disponible, vous utilisez %s. Consultez <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">le blog</a> pour plus de détails.
 dashboard.statistic=Résumé
 dashboard.maintenance_operations=Opérations de maintenance
 dashboard.system_status=État du système
@@ -2984,12 +2972,10 @@ packages.size=Taille
 packages.published=Publiés
 
 defaulthooks=Déclencheurs web par défaut
-defaulthooks.desc=Les webhooks font automatiquement des requêtes POST HTTP à un serveur spécifié lorsque certains événements Gitea se déclenchent. Ceux créés ici sont par défaut copiés sur tous les nouveaux dépôts. Pour plus d'information, consultez le <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">guide des webhooks</a>.
 defaulthooks.add_webhook=Ajouter un déclencheur web par défaut
 defaulthooks.update_webhook=Mettre à jour le déclencheur web par défaut
 
 systemhooks=Webhooks système
-systemhooks.desc=Les webhooks font automatiquement des requêtes POST HTTP à un serveur spécifié lorsque certains événements Gitea se déclenchent. Ceux créé ici agiront sur tous les dépôts, ce qui peux impacter les performances du système. Pour plus d’information, consultez <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">le guide des webhooks</a>.
 systemhooks.add_webhook=Ajouter un rappel système
 systemhooks.update_webhook=Mettre à jour un rappel système
 
@@ -3084,18 +3070,8 @@ auths.tips=Conseils
 auths.tips.oauth2.general=Authentification OAuth2
 auths.tips.oauth2.general.tip=Lors de l'enregistrement d'une nouvelle authentification OAuth2, l'URL de rappel/redirection doit être :
 auths.tip.oauth2_provider=Fournisseur OAuth2
-auths.tip.bitbucket=Créez un nouveau jeton OAuth sur https://bitbucket.org/account/user/{your username}/oauth-consumers/new et ajoutez la permission “Compte” - “Lecture”.
 auths.tip.nextcloud=`Enregistrez un nouveau consommateur OAuth sur votre instance en utilisant le menu "Paramètres -> Sécurité -> Client OAuth 2.0"`
-auths.tip.dropbox=Créez une nouvelle application sur https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Enregistrez une nouvelle application sur https://developers.facebook.com/apps et ajoutez le produit "Facebook Login"`
-auths.tip.github=Créez une nouvelle application OAuth sur https://github.com/settings/applications/new
-auths.tip.gitlab_new=Enregistrez une nouvelle application sur https://gitlab.com/-/profile/applications
-auths.tip.google_plus=Obtenez des identifiants OAuth2 sur la console API de Google (https://console.developers.google.com/)
 auths.tip.openid_connect=Utilisez l’URL de découverte OpenID « https://{server}/.well-known/openid-configuration » pour spécifier les points d'accès.
-auths.tip.twitter=Rendez-vous sur https://dev.twitter.com/apps, créez une application et assurez-vous que l'option "Autoriser l'application à être utilisée avec Twitter Connect" est activée
-auths.tip.discord=Enregistrer une nouvelle application sur https://discordapp.com/developers/applications/me
-auths.tip.gitea=Enregistrez une nouvelle application OAuth2. Le guide peut être trouvé sur https://docs.gitea.com/development/oauth2-provider
-auths.tip.yandex=`Créez une nouvelle application sur https://oauth.yandex.com/client/new. Sélectionnez les autorisations suivantes dans la section "Yandex API passport" : "Accès à l'adresse e-mail", "Accès à l'avatar de l'utilisateur" et "Accès au nom d'utilisateur, prénom et prénom, genre"`
 auths.tip.mastodon=Entrez une URL d'instance personnalisée pour l'instance mastodon avec laquelle vous voulez vous authentifier (ou utiliser celle par défaut)
 auths.edit=Mettre à jour la source d'authentification
 auths.activated=Cette source d'authentification est activée
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 7d9dfd46d26..1c9ec305764 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -1389,12 +1389,6 @@ auths.enable_auto_register=Automatikus regisztráció engedélyezése
 auths.tips=Tippek
 auths.tips.oauth2.general=OAuth2 hitelesítés
 auths.tip.oauth2_provider=OAuth2 szolgáltató
-auths.tip.dropbox=Vegyen fel új alkalmazást itt: https://www.dropbox.com/developers/apps
-auths.tip.facebook=Vegyen fel új alkalmazást itt: https://developers.facebook.com/apps majd adja hozzá a "Facebook Login"-t
-auths.tip.github=Vegyen fel új OAuth alkalmazást itt: https://github.com/settings/applications/new
-auths.tip.google_plus=Szerezzen OAuth2 kliens hitelesítési adatokat a Google API konzolban (https://console.developers.google.com/)
-auths.tip.twitter=Menyjen ide: https://dev.twitter.com/apps, hozzon létre egy alkalmazást és győződjön meg róla, hogy az “Allow this application to be used to Sign in with Twitter” opció be van kapcsolva
-auths.tip.discord=Vegyen fel új alkalmazást itt: https://discordapp.com/developers/applications/me
 auths.edit=Hitelesítési forrás szerkesztése
 auths.activated=A hitelesítési forrás aktiválva lett
 auths.update_success=A hitelesítési forrás frissítve lett.
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index 2bb6d25d438..a49dfcb8ed3 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -103,11 +103,9 @@ filter.private=Pribadi
 app_desc=Sebuah layanan hosting Git sendiri yang tanpa kesulitan
 install=Mudah dipasang
 platform=Lintas platform
-platform_desc=Gitea bisa digunakan di mana <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> bisa dijalankan: Windows, macOS, Linux, ARM, dll. Silahkan pilih yang Anda suka!
 lightweight=Ringan
 lightweight_desc=Gitea hanya membutuhkan persyaratan minimal dan bisa berjalan pada Raspberry Pi yang murah. Bisa menghemat listrik!
 license=Sumber Terbuka
-license_desc=Go get (Dapatkan kode sumber dari) <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Mari bergabung dengan <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">berkontribusi</a> untuk membuat proyek ini lebih baik. Jangan malu untuk menjadi kontributor!
 
 [install]
 title=Konfigurasi Awal
@@ -1098,9 +1096,6 @@ auths.enable_auto_register=Mengaktifkan pendaftaran otomatis
 auths.tips=Cara
 auths.tips.oauth2.general=Otentikasi OAuth2
 auths.tip.oauth2_provider=Penyediaan OAuth2
-auths.tip.dropbox=Membuat aplikasi baru di https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Daftarkan sebuah aplikasi baru di https://developers.facebook.com/apps dan tambakan produk "Facebook Masuk"`
-auths.tip.github=Mendaftar aplikasi OAuth baru di https://github.com/settings/applications/new
 auths.delete=Menghapus Otentikasi Sumber
 auths.delete_auth_title=Menghapus Otentikasi Sumber
 
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index 69a0cb40d2e..41f8dac3e13 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -138,11 +138,9 @@ network_error=Netkerfisvilla
 app_desc=Þrautalaus og sjálfhýst Git þjónusta
 install=Einföld uppsetning
 platform=Fjölvettvangur
-platform_desc=Gitea virkar hvar sem að <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> gerir: Linux, macOS, Windows, ARM o. s. frv. Veldu það sem þú vilt!
 lightweight=Létt
 lightweight_desc=Gitea hefur lágar lágmarkskröfur og getur keyrt á ódýrum Raspberry Pi. Sparaðu orku!
 license=Frjáls Hugbúnaður
-license_desc=Sæktu <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Gakktu til liðs með því að <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">taka þátt</a> til þess að gera þetta verkefni jafnvel betra! Vertu ekki feimin(n) við að verða þátttakandi!
 
 [install]
 install=Uppsetning
@@ -1211,8 +1209,6 @@ auths.smtpport=SMTP Gátt
 auths.oauth2_icon_url=Táknmyndarvefslóð
 auths.oauth2_profileURL=Notandasíðuslóð
 auths.tips=Ábendingar
-auths.tip.dropbox=Búðu til nýtt forrit á https://www.dropbox.com/developers/apps
-auths.tip.yandex=`Búðu til nýja umsókn á https://oauth.yandex.com/client/new. Veldu eftirfarandi heimildir úr „Yandex.Passport API“ kaflanum: "Aðgangur að netfangi", "Aðgangur að notandamynd" og "Aðgangur að notendanafni, fornafni og eftirnafni, kyni"`
 
 config.app_name=Heiti Vefsvæðis
 config.app_ver=Útgáfu Gitea
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 5fb3e58e351..0c48a1fe774 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -144,11 +144,9 @@ network_error=Errore di rete
 app_desc=Un servizio auto-ospitato per Git pronto all'uso
 install=Facile da installare
 platform=Multipiattaforma
-platform_desc=Gitea funziona ovunque <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> possa essere compilato: Windows, macOS, Linux, ARM, etc. Scegli ciò che ami!
 lightweight=Leggero
 lightweight_desc=Gitea ha requisiti minimi bassi e può funzionare su un economico Raspberry Pi. Risparmia l'energia della tua macchina!
 license=Open Source
-license_desc=Ottieni <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Partecipa per <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">contribuire</a> a rendere questo progetto ancora migliore. Non aver paura di diventare un collaboratore!
 
 [install]
 install=Installazione
@@ -720,7 +718,6 @@ then_enter_passcode=E immetti il codice di accesso indicato nell'applicazione:
 passcode_invalid=Il codice di accesso non è corretto. Riprova.
 twofa_failed_get_secret=Impossibile ottenere il segreto.
 
-webauthn_desc=Le chiavi di sicurezza sono dispositivi hardware contenenti chiavi crittografiche. Possono essere utilizzate per l'autenticazione a due fattori. Le chiavi di sicurezza devono supportare lo standard <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthenticator</a> di WebAuthn.
 webauthn_register_key=Aggiungi Chiave Di Sicurezza
 webauthn_nickname=Soprannome
 webauthn_delete_key=Rimuovi Chiave Di Sicurezza
@@ -1811,7 +1808,6 @@ settings.event_pull_request_sync_desc=Pull request sincronizzata.
 settings.event_package=Pacchetto
 settings.event_package_desc=Pacchetto creato o eliminato in un repository.
 settings.branch_filter=Filtro branch
-settings.branch_filter_desc=Whitelist dei rami per gli eventi di spinta, creazione dei rami e cancellazione dei rami, specificati come modello globo. Se vuoto o <code>*</code>, gli eventi per tutti i rami sono segnalati. Vedi la documentazione <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> per la sintassi. Esempi: <code>master</code>, <code>{master,release*}</code>.
 settings.active=Attivo
 settings.active_helper=Le informazioni sugli eventi innescati saranno inviate a questo URL del webhook.
 settings.add_hook_success=Il webhook è stato aggiunto.
@@ -2446,13 +2442,6 @@ auths.tips=Consigli
 auths.tips.oauth2.general=Autenticazione OAuth2
 auths.tip.oauth2_provider=OAuth2 Provider
 auths.tip.nextcloud=`Registra un nuovo OAuth sulla tua istanza utilizzando il seguente menu "Impostazioni -> Sicurezza -> OAuth 2.0 client"`
-auths.tip.dropbox=Crea una nuova applicazione su https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Registra una nuova applicazione su https://developers.facebook.com/apps e aggiungi il prodotto "Facebook Login"`
-auths.tip.github=Registra una nuova applicazione OAuth su https://github.com/settings/applications/new
-auths.tip.google_plus=Ottieni le credenziali del client OAuth2 dalla console API di Google su https://console.developers.google.com/
-auths.tip.twitter=Vai su https://dev.twitter.com/apps, crea una applicazione e assicurati che l'opzione "Allow this application to be used to Sign In with Twitter" sia abilitata
-auths.tip.discord=Registra una nuova applicazione su https://discordapp.com/developers/applications/me
-auths.tip.yandex=`Crea una nuova applicazione su https://oauth.yandex.com/client/new. Seleziona i seguenti permessi da "Yandex. assport API": "Access to email address", "Access to user avatar" e "Access to username, name and surname, gender"`
 auths.tip.mastodon=Inserisci un URL di istanza personalizzato per l'istanza mastodon con cui vuoi autenticarti (o usa quella predefinita)
 auths.edit=Modifica fonte di autenticazione
 auths.activated=Questa fonte di autenticazione è attiva
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 01cf6d8dffb..6d9ab925787 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -218,7 +218,6 @@ string.desc=Z - A
 
 [error]
 occurred=エラーが発生しました
-report_message=Gitea のバグが疑われる場合は、<a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a>でIssueを検索して、見つからなければ新しいIssueを作成してください。
 missing_csrf=不正なリクエスト: CSRFトークンがありません
 invalid_csrf=不正なリクエスト: CSRFトークンが無効です
 not_found=ターゲットが見つかりませんでした。
@@ -227,13 +226,10 @@ network_error=ネットワークエラー
 [startpage]
 app_desc=自分で立てる、超簡単 Git サービス
 install=簡単インストール
-install_desc=シンプルに、プラットフォームに応じて<a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">バイナリを実行</a>したり、<a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>で動かしたり、<a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">パッケージ</a>を使うだけ。
 platform=クロスプラットフォーム
-platform_desc=Giteaは<a target="_blank" rel="noopener noreferrer" href="http://golang.org/">Go</a>がコンパイル可能なあらゆる環境で動きます: Windows、macOS、Linux、ARMなど。 あなたの好きなものを選んでください!
 lightweight=軽量
 lightweight_desc=Gitea の最小動作要件は小さいため、安価な Raspberry Pi でも動きます。エネルギーを節約しましょう!
 license=オープンソース
-license_desc=Go get <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! このプロジェクトをさらに向上させるため、ぜひ<a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">貢献</a>して参加してください。 貢献者になることを恥ずかしがらないで!
 
 [install]
 install=インストール
@@ -456,7 +452,6 @@ authorize_title=`"%s"にあなたのアカウントへのアクセスを許可
 authorization_failed=認可失敗
 authorization_failed_desc=無効なリクエストを検出したため認可が失敗しました。 認可しようとしたアプリの開発者に連絡してください。
 sspi_auth_failed=SSPI認証に失敗しました
-password_pwned=あなたが選択したパスワードは、過去の情報漏洩事件で流出した<a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">盗まれたパスワードのリスト</a>に含まれています。 別のパスワードでもう一度試してください。 また他の登録でもこのパスワードからの変更を検討してください。
 password_pwned_err=HaveIBeenPwnedへのリクエストを完了できませんでした
 last_admin=最後の管理者は削除できません。少なくとも一人の管理者が必要です。
 signin_passkey=パスキーでサインイン
@@ -953,7 +948,6 @@ passcode_invalid=パスコードが間違っています。 再度お試しく
 twofa_enrolled=あなたのアカウントは正常に登録されました。 一回限りのリカバリキー (%s) は安全な場所に保存してください。 これは二度と表示されません。
 twofa_failed_get_secret=シークレットが取得できません。
 
-webauthn_desc=セキュリティキーは暗号化キーを内蔵するハードウェア ・ デバイスです。 2要素認証に使用できます。 セキュリティキーは<a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a>規格をサポートしている必要があります。
 webauthn_register_key=セキュリティキーを追加
 webauthn_nickname=ニックネーム
 webauthn_delete_key=セキュリティキーの登録解除
@@ -2316,7 +2310,6 @@ settings.event_pull_request_merge=プルリクエストのマージ
 settings.event_package=パッケージ
 settings.event_package_desc=リポジトリにパッケージが作成または削除されたとき。
 settings.branch_filter=ブランチ フィルター
-settings.branch_filter_desc=プッシュ、ブランチ作成、ブランチ削除のイベントを通知するブランチを、globパターンで指定するホワイトリストです。 空か<code>*</code>のときは、すべてのブランチのイベントを通知します。 文法については <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> を参照してください。 例: <code>master</code> 、 <code>{master,release*}</code>
 settings.authorization_header=Authorizationヘッダー
 settings.authorization_header_desc=入力した場合、リクエストにAuthorizationヘッダーとして付加します。 例: %s
 settings.active=有効
@@ -2415,12 +2408,9 @@ settings.ignore_stale_approvals_desc=古いコミットに対して行われた
 settings.require_signed_commits=コミット署名必須
 settings.require_signed_commits_desc=署名されていない場合、または署名が検証できなかった場合は、このブランチへのプッシュを拒否します。
 settings.protect_branch_name_pattern=保護ブランチ名のパターン
-settings.protect_branch_name_pattern_desc=保護ブランチ名のパターン。書き方については <a href="https://github.com/gobwas/glob">ドキュメント</a> を参照してください。例: main, release/**
 settings.protect_patterns=パターン
 settings.protect_protected_file_patterns=保護されるファイルのパターン (セミコロン';'で区切る):
-settings.protect_protected_file_patterns_desc=保護されたファイルは、このブランチにファイルを追加・編集・削除する権限を持つユーザーであっても、直接変更することができなくなります。 セミコロン(';')で区切って複数のパターンを指定できます。 パターンの文法については <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> を参照してください。 例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
 settings.protect_unprotected_file_patterns=保護しないファイルのパターン (セミコロン';'で区切る):
-settings.protect_unprotected_file_patterns_desc=保護しないファイルは、ユーザーに書き込み権限があればプッシュ制限をバイパスして直接変更できます。 セミコロン(';')で区切って複数のパターンを指定できます。 パターンの文法については <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> を参照してください。 例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
 settings.add_protected_branch=保護を有効にする
 settings.delete_protected_branch=保護を無効にする
 settings.update_protect_branch_success=ルール "%s" に対するブランチ保護を更新しました。
@@ -2452,7 +2442,6 @@ settings.tags.protection.allowed.teams=許可するチーム
 settings.tags.protection.allowed.noone=なし
 settings.tags.protection.create=タグを保護
 settings.tags.protection.none=タグは保護されていません。
-settings.tags.protection.pattern.description=ひとつのタグ名か、複数のタグにマッチするglobパターンまたは正規表現を使用できます。 詳しくは<a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">タグの保護ガイド</a> をご覧ください。
 settings.bot_token=Botトークン
 settings.chat_id=チャットID
 settings.thread_id=スレッドID
@@ -2832,7 +2821,6 @@ last_page=最後
 total=合計: %d
 settings=管理設定
 
-dashboard.new_version_hint=Gitea %s が入手可能になりました。 現在実行しているのは %s です。 詳細は <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">ブログ</a> を確認してください。
 dashboard.statistic=サマリー
 dashboard.maintenance_operations=メンテナンス操作
 dashboard.system_status=システム状況
@@ -3024,12 +3012,10 @@ packages.size=サイズ
 packages.published=配布
 
 defaulthooks=デフォルトWebhook
-defaulthooks.desc=Webhookは、特定のGiteaイベントが発生したときに、サーバーにHTTP POSTリクエストを自動的に送信するものです。 ここで定義したWebhookはデフォルトとなり、全ての新規リポジトリにコピーされます。 詳しくは<a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">Webhooksガイド</a>をご覧下さい。
 defaulthooks.add_webhook=デフォルトWebhookの追加
 defaulthooks.update_webhook=デフォルトWebhookの更新
 
 systemhooks=システムWebhook
-systemhooks.desc=Webhookは、特定のGiteaイベントが発生したときに、サーバーにHTTP POSTリクエストを自動的に送信するものです。 ここで定義したWebhookは、システム内のすべてのリポジトリで呼び出されます。 そのため、パフォーマンスに及ぼす影響を考慮したうえで設定してください。 詳しくは<a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">Webhooksガイド</a>をご覧下さい。
 systemhooks.add_webhook=システムWebhookを追加
 systemhooks.update_webhook=システムWebhookを更新
 
@@ -3124,18 +3110,8 @@ auths.tips=ヒント
 auths.tips.oauth2.general=OAuth2認証
 auths.tips.oauth2.general.tip=新しいOAuth2認証を登録するときは、コールバック/リダイレクトURLは以下になります:
 auths.tip.oauth2_provider=OAuth2プロバイダー
-auths.tip.bitbucket=新しいOAuthコンシューマーを https://bitbucket.org/account/user/{あなたのユーザー名}/oauth-consumers/new から登録し、"アカウント" に "読み取り" 権限を追加してください。
 auths.tip.nextcloud=新しいOAuthコンシューマーを、インスタンスのメニュー "Settings -> Security -> OAuth 2.0 client" から登録してください。
-auths.tip.dropbox=新しいアプリケーションを https://www.dropbox.com/developers/apps から登録してください。
-auths.tip.facebook=新しいアプリケーションを https://developers.facebook.com/apps で登録し、"Facebook Login"を追加してください。
-auths.tip.github=新しいOAuthアプリケーションを https://github.com/settings/applications/new から登録してください。
-auths.tip.gitlab_new=新しいアプリケーションを https://gitlab.com/-/profile/applications から登録してください。
-auths.tip.google_plus=OAuth2クライアント資格情報を、Google APIコンソール https://console.developers.google.com/ から取得してください。
 auths.tip.openid_connect=OpenID Connect DiscoveryのURL "https://{server}/.well-known/openid-configuration" をエンドポイントとして指定してください
-auths.tip.twitter=https://dev.twitter.com/apps へアクセスしてアプリケーションを作成し、“Allow this application to be used to Sign in with Twitter”オプションを有効にしてください。
-auths.tip.discord=新しいアプリケーションを https://discordapp.com/developers/applications/me から登録してください。
-auths.tip.gitea=新しいOAuthアプリケーションを登録してください。 利用ガイドは https://docs.gitea.com/development/oauth2-provider にあります
-auths.tip.yandex=`https://oauth.yandex.com/client/new で新しいアプリケーションを作成してください。 "Yandex.Passport API" セクションで次の項目を許可します: "Access to email address"、"Access to user avatar"、"Access to username, first name and surname, gender"`
 auths.tip.mastodon=認証したいMastodonインスタンスのカスタムURLを入力してください (入力しない場合はデフォルトのURLを使用します)
 auths.edit=認証ソースの編集
 auths.activated=認証ソースはアクティベート済み
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index 1df081d1498..f1141ef8ee8 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -184,7 +184,6 @@ string.desc=Z - A
 
 [error]
 occurred=Radusies kļūda
-report_message=Ja ir pārliecība, ka šī ir Gitea nepilnība, lūgums pārbaudīt <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a>, vai tā jau nav zināma, vai izveidot jaunu pieteikumu, ja nepieciešams.
 missing_csrf=Kļūdains pieprasījums: netika iesūtīta drošības pilnvara
 invalid_csrf=Kļūdains pieprasījums: iesūtīta kļūdaina drošības pilnvara
 not_found=Pieprasītie dati netika atrasti.
@@ -193,13 +192,10 @@ network_error=Tīkla kļūda
 [startpage]
 app_desc=Viegli uzstādāms Git serviss
 install=Vienkārši instalējams
-install_desc=Vienkārši <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">jāpalaiž izpildāmais fails</a> vajadzīgajai platformai, jāizmanto <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, vai jāiegūst <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">pakotne</a>.
 platform=Pieejama dažādām platformām
-platform_desc=Gitea darbojas visur, kur <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> var kompilēt: Windows, macOS, Linux, ARM, utt.. Izvēlies to, kas Tev patīk!
 lightweight=Viegla
 lightweight_desc=Gitea ir miminālas prasības un to var darbināt uz nedārga Raspberry Pi datora. Ietaupi savai ierīcei resursus!
 license=Atvērtā pirmkoda
-license_desc=Iegūsti <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Pievienojies un palīdzi <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">uzlabot</a>, lai padarītu šo projektu vēl labāku! Nekautrējies un līdzdarbojies!
 
 [install]
 install=Instalācija
@@ -413,7 +409,6 @@ authorize_title=Autorizēt "%s" piekļuvi jūsu kontam?
 authorization_failed=Autorizācija neizdevās
 authorization_failed_desc=Autentifikācija neizdevās, jo tika veikts kļūdains pieprasījums. Sazinieties ar lietojumprogrammas, ar kuru mēģinājāt autentificēties, uzturētāju.
 sspi_auth_failed=SSPI autentifikācija neizdevās
-password_pwned=Izvēlētā parole ir <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">nozagto paroļu sarakstā</a>, kas iepriekš ir atklāts publiskās datu noplūdēs. Lūgums mēģināt vēlreiz ar citu paroli un apsvērt to nomainīt arī citur.
 password_pwned_err=Neizdevās pabeigt pieprasījumu uz HaveIBeenPwned
 
 [mail]
@@ -870,7 +865,6 @@ then_enter_passcode=Ievadiet piekļuves kodu no lietojumprogrammas:
 passcode_invalid=Nederīgs piekļuves kods. Mēģiniet ievadīt atkārtoti.
 twofa_failed_get_secret=Neizdevās ielādēt noslēpumu.
 
-webauthn_desc=Drošības atslēgas ir fiziskas ierīces, kas satur kriptogrāfiskas atslēgas. Tās var tikt izmantotas divu faktoru autentifikācijai. Drošības atslēgām ir jāatbalsta <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn autentifikācijas</a> standarts.
 webauthn_register_key=Pievienot drošības atslēgu
 webauthn_nickname=Segvārds
 webauthn_delete_key=Noņemt drošības atslēgu
@@ -2181,7 +2175,6 @@ settings.event_pull_request_merge=Izmaiņu pieprasījuma sapludināšana
 settings.event_package=Pakotne
 settings.event_package_desc=Repozitorijā izveidota vai dzēsta pakotne.
 settings.branch_filter=Atzaru filtrs
-settings.branch_filter_desc=Atzaru ierobežojumi izmaiņu iesūtīšanas, zaru izveidošanas vai dzēšanas notikumiem, izmantojot, glob šablonu. Ja norādīts tukšs vai <code>*</code>, tiks nosūtīti notikumi no visiem zariem. Skatieties <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> pieraksta dokumentāciju. Piemērs: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=Autorizācijas galvene
 settings.authorization_header_desc=Tiks iekļauta kā autorizācijas galvenei pieprasījumiem, ja ir norādīta. Piemēram: %s.
 settings.active=Aktīvs
@@ -2250,12 +2243,9 @@ settings.dismiss_stale_approvals_desc=Kad tiek iesūtītas jaunas revīzijas, ka
 settings.require_signed_commits=Pieprasīt parakstītas revīzijas
 settings.require_signed_commits_desc=Noraidīt iesūtītās izmaiņas šim atzaram, ja tās nav parakstītas vai nav iespējams pārbaudīt.
 settings.protect_branch_name_pattern=Aizsargātā zara šablons
-settings.protect_branch_name_pattern_desc=Aizsargāto atzaru nosaukumu šabloni. Šablonu pierakstu skatīt <a href="https://github.com/gobwas/glob">dokumentācijā</a>. Piemēri: main, release/**
 settings.protect_patterns=Šabloni
 settings.protect_protected_file_patterns=Aizsargāto failu šablons (vairākus var norādīt atdalot ar semikolu ';'):
-settings.protect_protected_file_patterns_desc=Aizsargātie faili, ko nevar mainīt, pat ja lietotājam ir tiesības veidot jaunus, labot vai dzēst failus šajā atzarā. Vairākus šablons ir iespējams norādīt atdalot tos ar semikolu (';'). Sīkāka informācija par šabloniem pieejama <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> dokumentācijā. Piemēram, <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Neaizsargāto failu šablons (vairākus var norādīt atdalot ar semikolu ';'):
-settings.protect_unprotected_file_patterns_desc=Neaizsargātie faili, ko iespējams mainīt apejot iesūtīšanas ierobežojumus, ja lietotājam ir tiesības iesūtīt izmaiņas šajā atzarā. Vairākus šablons ir iespējams norādīt atdalot tos ar semikolu (';'). Sīkāka informācija par šabloniem pieejama <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> dokumentācijā. Piemēram, <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.update_protect_branch_success=Atzara aizsardzības nosacījums "%s" tika saglabāta.
 settings.remove_protected_branch_success=Atzara aizsardzības nosacījums "%s" tika noņemts.
 settings.remove_protected_branch_failed=Neizdevās izdzēst atzara aizsardzības nosacījumu "%s".
@@ -2283,7 +2273,6 @@ settings.tags.protection.allowed.teams=Atļauts komandām
 settings.tags.protection.allowed.noone=Nevienam
 settings.tags.protection.create=Aizsargāt tagus
 settings.tags.protection.none=Nav uzstādīta tagu aizsargāšana.
-settings.tags.protection.pattern.description=Var izmantot vienkāršu nosaukumu vai glob šablonu, vai regulāro izteiksmi, lai atbilstu vairākiem tagiem. Vairāk ir lasāms <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">aizsargāto tagu šablonu dokumentācijā</a>.
 settings.bot_token=Bota pilnvara
 settings.chat_id=Tērzēšanas ID
 settings.thread_id=Pavediena ID
@@ -2643,7 +2632,6 @@ last_page=Pēdējā
 total=Kopā: %d
 settings=Administratora iestatījumi
 
-dashboard.new_version_hint=Ir pieejama Gitea versija %s, pašreizējā versija %s. Papildus informācija par jauno versiju ir pieejama <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">mājas lapā</a>.
 dashboard.statistic=Kopsavilkums
 dashboard.system_status=Sistēmas statuss
 dashboard.operation_name=Darbības nosaukums
@@ -2821,12 +2809,10 @@ packages.size=Izmērs
 packages.published=Publicēts
 
 defaulthooks=Noklusētie tīmekļa āķi
-defaulthooks.desc=Tīmekļa āķi automātiski nosūta HTTP POST pieprasījumus serverim, kad iestājas noteikti Gitea notikumi. Šeit pievienotie tīmekļa āķi ir noklusējuma, un tie tiks pievienoti visiem jaunajiem repozitorijiem. Vairāk ir lasāms <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">tīmekļa āķu dokumentācijā</a>.
 defaulthooks.add_webhook=Pievienot noklusēto tīmekļa āķi
 defaulthooks.update_webhook=Mainīt noklusēto tīmekļa āķi
 
 systemhooks=Sistēmas tīmekļa āķi
-systemhooks.desc=Tīmekļa āķi automātiski nosūta HTTP POST pieprasījumus serverim, kad iestājas noteikti Gitea notikumi. Šeit pievienotie tīmekļa āķi tiks izsaukti visiem sistēmas repozitorijiem, tādēļ lūgums apsvērt to iespējamo ietekmi uz veiktspēju. Vairāk ir lasāms <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">tīmekļa āķu dokumentācijā</a>.
 systemhooks.add_webhook=Pievienot sistēmas tīmekļa āķi
 systemhooks.update_webhook=Mainīt sistēmas tīmekļa āķi
 
@@ -2922,14 +2908,6 @@ auths.tips.oauth2.general=OAuth2 autentifikācija
 auths.tips.oauth2.general.tip=Kad tiek reģistrēta jauna OAuth2 autentifikācija, atzvanīšanas/pārvirzīšanas URL vajadzētu būt:
 auths.tip.oauth2_provider=OAuth2 pakalpojuma sniedzējs
 auths.tip.nextcloud=`Reģistrējiet jaunu OAuth klientu jūsu instances sadāļā "Settings -> Security -> OAuth 2.0 client"`
-auths.tip.dropbox=Izveidojiet jaunu aplikāciju adresē https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Reģistrējiet jaunu aplikāciju adresē https://developers.facebook.com/apps un pievienojiet produktu "Facebook Login"`
-auths.tip.github=Reģistrējiet jaunu aplikāciju adresē https://github.com/settings/applications/new
-auths.tip.google_plus=Iegūstiet OAuth2 klienta pilnvaru no Google API konsoles adresē https://console.developers.google.com/
-auths.tip.twitter=Dodieties uz adresi https://dev.twitter.com/apps, izveidojiet lietotni un pārliecinieties, ka ir atzīmēts “Allow this application to be used to Sign in with Twitter”
-auths.tip.discord=Reģistrējiet jaunu aplikāciju adresē https://discordapp.com/developers/applications/me
-auths.tip.gitea=Pievienot jaunu OAuth2 lietojumprogrammu. Dokumentācija ir pieejama https://docs.gitea.com/development/oauth2-provider
-auths.tip.yandex=`Izveidojiet jaunu lietotni adresē https://oauth.yandex.com/client/new. Izvēlieties sekojošas tiesības "Yandex.Passport API" sadaļā: "Access to email address", "Access to user avatar" un "Access to username, first name and surname, gender"`
 auths.tip.mastodon=Norādiet pielāgotu mastodon instances URL, ar kuru vēlaties autorizēties (vai izmantojiet noklusēto)
 auths.edit=Labot autentifikācijas avotu
 auths.activated=Autentifikācijas avots ir atkivizēts
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index 30c2a142709..c14c445a35a 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -143,11 +143,9 @@ network_error=Netwerk fout
 app_desc=Een eenvoudige, self-hosted Git service
 install=Makkelijk te installeren
 platform=Cross-platform
-platform_desc=Gitea werkt op alles waar <a target="_blank" rel="noopener noreferrer" href="https://go.dev/">Go</a> op kan compileren: Windows, macOS, Linux, ARM, etc. Kies het platform dat bij je past!
 lightweight=Lichtgewicht
 lightweight_desc=Gitea heeft hele lage systeemeisen, je kunt Gitea al draaien op een goedkope Raspberry Pi.
 license=Open Source
-license_desc=Alles staat op <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Help ons door mee te bouwen aan <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">Gitea</a>, samen maken we dit project nog beter. Aarzel dus niet om een bijdrage te leveren!
 
 [install]
 install=Installatie
@@ -718,7 +716,6 @@ then_enter_passcode=En vul de toegangscode, die in de applicatie weergegeven wor
 passcode_invalid=De code is niet correct. Probeer het nogmaals.
 twofa_failed_get_secret=Kon geheim niet ophalen.
 
-webauthn_desc=Beveiligingssleutels zijn hardware apparaten die cryptografische sleutels bevatten. Ze kunnen worden gebruikt voor tweestapsverificatie. Beveiligingssleutels moeten de <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standaard ondersteunen.
 webauthn_register_key=Voeg beveiligingssleutel toe
 webauthn_nickname=Bijnaam
 webauthn_delete_key=Verwijder beveiligingssleutel
@@ -2295,11 +2292,6 @@ auths.tips=Tips
 auths.tips.oauth2.general=OAuth2 authenticatie
 auths.tip.oauth2_provider=OAuth2 Provider
 auths.tip.nextcloud=`Registreer een nieuwe OAuth consument op je installatie met behulp van het volgende menu "Instellingen -> Security -> OAuth 2.0 client"`
-auths.tip.dropbox=Maak een nieuwe applicatie aan op https://www.dropbox.com/developers/apps
-auths.tip.facebook=Registreer een nieuwe applicatie op https://developers.facebook.com/apps en voeg het product "Facebook Login" toe
-auths.tip.github=Registreer een nieuwe OAuth toepassing op https://github.com/settings/applications/new
-auths.tip.google_plus=Verkrijg OAuth2 client referenties van de Google API console op https://console.developers.google.com/
-auths.tip.yandex=`Maak een nieuwe applicatie aan op https://oauth.yandex.com/client/new. Selecteer de volgende machtigingen van de "Yandex". assport API sectie: "Toegang tot e-mailadres", "Toegang tot avatar" en "Toegang tot gebruikersnaam, voornaam en achternaam, geslacht"`
 auths.edit=Authenticatiebron bewerken
 auths.activated=Deze authenticatiebron is geactiveerd
 auths.update_success=De authenticatie-bron is bijgewerkt.
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index c5fd326258c..4377256fe48 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -143,7 +143,6 @@ platform=Wieloplatformowość
 lightweight=Niskie wymagania
 lightweight_desc=Gitea ma niskie minimalne wymagania i może działać na niedrogim Raspberry Pi. Oszczędzaj energię swojego komputera!
 license=Otwarte źródło
-license_desc=Pobierz na <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Dołącz do nas dzięki <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">swojemu wkładowi</a>, aby uczynić ten projekt jeszcze lepszym. Nie wstydź się zostać współtwórcą!
 
 [install]
 install=Instalacja
@@ -2178,13 +2177,6 @@ auths.tips=Wskazówki
 auths.tips.oauth2.general=Uwierzytelnianie OAuth2
 auths.tip.oauth2_provider=Dostawca OAuth2
 auths.tip.nextcloud=`Zarejestruj nowego klienta OAuth w swojej instancji za pomocą menu "Ustawienia -> Bezpieczeństwo -> Klient OAuth 2.0"`
-auths.tip.dropbox=Stwórz nową aplikację na https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Zarejestruj nową aplikację na https://developers.facebook.com/apps i dodaj produkt "Facebook Login"`
-auths.tip.github=Zarejestruj nową aplikację OAuth na https://github.com/settings/applications/new
-auths.tip.google_plus=Uzyskaj dane uwierzytelniające klienta OAuth2 z konsoli Google API na https://console.developers.google.com/
-auths.tip.twitter=Przejdź na https://dev.twitter.com/apps, stwórz aplikację i upewnij się, że opcja “Allow this application to be used to Sign in with Twitter” jest włączona
-auths.tip.discord=Zarejestruj nową aplikację na https://discordapp.com/developers/applications/me
-auths.tip.yandex=`Utwórz nową aplikację na https://oauth.yandex.com/client/new. Wybierz następujące uprawnienia z "Yandex.Passport API": "Access to email address", "Access to user avatar" and "Access to username, first name and surname, gender"`
 auths.tip.mastodon=Wprowadź niestandardowy adres URL instancji mastodona, którą chcesz uwierzytelnić (lub użyj domyślnego)
 auths.edit=Edytuj źródło uwierzytelniania
 auths.activated=To źródło uwierzytelniania jest aktywne
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index b48e67f45df..402895f9996 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -184,7 +184,6 @@ string.desc=Z - A
 
 [error]
 occurred=Ocorreu um erro
-report_message=Se você acredita que esse é um falha do Gitea, pesquise por issues no <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> ou abra uma nova issue, se necessário.
 missing_csrf=Pedido inválido: não tem token CSRF presente
 invalid_csrf=Requisição Inválida: token CSRF inválido
 not_found=Não foi possível encontrar o destino.
@@ -197,7 +196,6 @@ platform=Multi-plataforma
 lightweight=Leve e rápido
 lightweight_desc=Gitea utiliza poucos recursos e consegue mesmo rodar no barato Raspberry Pi. Economize energia elétrica da sua máquina!
 license=Código aberto
-license_desc=Está tudo no <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/">GitHub</a>! Contribua e torne este projeto ainda melhor. Não tenha vergonha de contribuir!
 
 [install]
 install=Instalação
@@ -411,7 +409,6 @@ authorize_title=Autorizar "%s" para acessar sua conta?
 authorization_failed=Autorização falhou
 authorization_failed_desc=A autorização falhou porque detectamos uma solicitação inválida. Entre em contato com o responsável do aplicativo que você tentou autorizar.
 sspi_auth_failed=Falha de autenticação SSPI
-password_pwned=A senha que você escolheu faz parte de uma <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">lista de senhas roubadas</a> expostas anteriormente em violações de dados. Tente novamente com uma senha diferente e considere alterar essa senha em outro lugar também.
 password_pwned_err=Não foi possível concluir a requisição ao HaveIBeenPwned
 last_admin=Você não pode remover o último administrador. Deve haver pelo menos um administrador.
 
@@ -866,7 +863,6 @@ then_enter_passcode=E insira a senha mostrada no aplicativo:
 passcode_invalid=Esse código de acesso é inválido. Tente novamente.
 twofa_failed_get_secret=Falha ao obter o segredo.
 
-webauthn_desc=Chaves de segurança são dispositivos de hardware que contém chaves de criptografia. Elas podem ser usadas para autenticação de dois fatores. A chave de segurança deve suportar o padrão <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthnn Authenticator</a>.
 webauthn_register_key=Adicionar chave de segurança
 webauthn_nickname=Apelido
 webauthn_delete_key=Remover chave de segurança
@@ -2155,7 +2151,6 @@ settings.event_pull_request_sync_desc=Pull request sincronizado.
 settings.event_package=Pacote
 settings.event_package_desc=Pacote criado ou excluído em um repositório.
 settings.branch_filter=Filtro de branch
-settings.branch_filter_desc=Lista dos branches a serem considerados nos eventos push, criação de branch e exclusão de branch, especificados como padrão glob. Se estiver vazio ou for <code>*</code>, eventos para todos os branches serão relatados. Veja <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> documentação da sintaxe. Exemplos: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=Header de Autorização
 settings.authorization_header_desc=Será incluído como header de autorização para solicitações quando estiver presente. Exemplos: %s.
 settings.active=Ativo
@@ -2219,9 +2214,7 @@ settings.require_signed_commits_desc=Rejeitar pushes para este branch se não es
 settings.protect_branch_name_pattern=Padrão de Nome de Branch Protegida
 settings.protect_patterns=Padrões
 settings.protect_protected_file_patterns=Padrões de arquivos protegidos (separados usando ponto e vírgula ';'):
-settings.protect_protected_file_patterns_desc=Arquivos protegidos não podem ser alterados diretamente, mesmo que o usuário tenha direitos para adicionar, editar ou excluir arquivos neste branch. Vários padrões podem ser separados usando ponto e vírgula (';'). Consulte a documentação <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> para a sintaxe padrão. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Padrões de arquivos desprotegidos (separados usando ponto e vírgula ';'):
-settings.protect_unprotected_file_patterns_desc=Arquivos não protegidos que podem ser alterados diretamente se o usuário tiver acesso de gravação, ignorando as restrições de push. Vários padrões podem ser separados usando ponto e vírgula (\;'). Veja <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> documentação para sintaxe de padrões. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.update_protect_branch_success=Proteção do branch "%s" foi atualizada.
 settings.remove_protected_branch_success=Proteção do branch "%s" foi desabilitada.
 settings.remove_protected_branch_failed=Removendo regra de proteção de branch "%s" falhou.
@@ -2595,7 +2588,6 @@ last_page=Última
 total=Total: %d
 settings=Configurações de Administrador
 
-dashboard.new_version_hint=Uma nova versão está disponível: %s. Versão atual: %s. Visite <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">o blog</a> para mais informações.
 dashboard.statistic=Resumo
 dashboard.system_status=Status do sistema
 dashboard.operation_name=Nome da operação
@@ -2863,13 +2855,6 @@ auths.tips.oauth2.general=Autenticação OAuth2
 auths.tips.oauth2.general.tip=Ao registrar uma nova autenticação OAuth2, o URL de retorno de chamada/redirecionamento deve ser:
 auths.tip.oauth2_provider=Provedor OAuth2
 auths.tip.nextcloud=`Registre um novo consumidor OAuth em sua instância usando o seguinte menu "Configurações -> Segurança -> Cliente OAuth 2.0"`
-auths.tip.dropbox=Criar um novo aplicativo em https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Cadastrar um novo aplicativo em https://developers.facebook.com/apps e adicionar o produto "Facebook Login"`
-auths.tip.github=Cadastrar um novo aplicativo de OAuth na https://github.com/settings/applications/new
-auths.tip.google_plus=Obter credenciais de cliente OAuth2 do console de API do Google em https://console.developers.google.com/
-auths.tip.twitter=Vá em https://dev.twitter.com/apps, crie um aplicativo e certifique-se de que está habilitada a opção “Allow this application to be used to Sign in with Twitter“
-auths.tip.discord=Cadastrar um novo aplicativo em https://discordapp.com/developers/applications/me
-auths.tip.yandex=`Crie um novo aplicativo em https://oauth.yandex.com/client/new. Selecione as seguintes permissões da seção "Yandex.Passport API": "Access to email address", "Access to user avatar" and "Access to username, first name and surname, gender"`
 auths.tip.mastodon=Insira a URL da instância personalizada do mastodon que você deseja usar para autenticar (ou use o padrão)
 auths.edit=Editar fonte de autenticação
 auths.activated=Esta fonte de autenticação está ativada
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 3be3c7ff7b7..04e99b0d5d0 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -218,7 +218,6 @@ string.desc=Z - A
 
 [error]
 occurred=Ocorreu um erro
-report_message=Se acredita de que se trata de um erro do Gitea, procure, por favor, questões relacionadas no <a href="https://github.com/go-gitea/gitea/issues">GitHub</a> ou abra uma nova questão, se necessário.
 missing_csrf=Pedido inválido: não há código CSRF
 invalid_csrf=Pedido inválido: código CSRF inválido
 not_found=Não foi possível encontrar o destino.
@@ -227,12 +226,10 @@ network_error=Erro de rede
 [startpage]
 app_desc=Um serviço Git auto-hospedado e fácil de usar
 install=Fácil de instalar
-install_desc=Corra, simplesmente, <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">o ficheiro binário executável</a> para a sua plataforma, despache-o com o <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, ou obtenha-o sob a forma de <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">pacote</a>.
 platform=Multiplataforma
 lightweight=Leve
 lightweight_desc=Gitea requer poucos recursos e pode correr num simples Raspberry Pi. Economize a energia da sua máquina!
 license=Código aberto
-license_desc=Vá buscá-lo em <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Junte-se a nós dando a <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">sua contribuição</a> para tornar este programa ainda melhor. Não se acanhe e contribua!
 
 [install]
 install=Instalação
@@ -452,7 +449,6 @@ authorize_application_description=Se conceder acesso, a aplicação terá privil
 authorize_title=Autorizar o acesso de "%s" à sua conta?
 authorization_failed=A autorização falhou
 sspi_auth_failed=Falhou a autenticação SSPI
-password_pwned=A senha utilizada está numa <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">lista de senhas roubadas</a> anteriormente expostas em fugas de dados públicas. Tente novamente com uma senha diferente e considere também mudar esta senha nos outros sítios.
 password_pwned_err=Não foi possível completar o pedido ao HaveIBeenPwned
 last_admin=Não pode remover o último administrador. Tem que existir pelo menos um administrador.
 signin_passkey=Iniciar sessão com uma passkey
@@ -936,7 +932,6 @@ then_enter_passcode=E insira o código apresentado na aplicação:
 passcode_invalid=O código está errado. Tente de novo.
 twofa_failed_get_secret=Falhou a obtenção do segredo.
 
-webauthn_desc=Chaves de segurança são dispositivos de hardware contendo chaves criptográficas. Podem ser usadas para autenticação em dois passos. As chaves de segurança têm de suportar o standard <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">Autenticador WebAuthn</a>.
 webauthn_register_key=Adicionar chave de segurança
 webauthn_nickname=Apelido
 webauthn_delete_key=Remover chave de segurança
@@ -2280,7 +2275,6 @@ settings.event_pull_request_merge=Integração constante no pedido
 settings.event_package=Pacote
 settings.event_package_desc=Pacote criado ou eliminado num repositório.
 settings.branch_filter=Filtro de ramos
-settings.branch_filter_desc=Lista dos ramos a serem considerados nos eventos de envio e de criação e eliminação de ramos, especificada como um padrão glob. Se estiver em branco ou for <code>*</code>, serão reportados eventos para todos os ramos. Veja a documentação <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> para ver os detalhes da sintaxe. Exemplos: <code>trunk</code>, <code>{trunk,release*}</code>.
 settings.authorization_header=Cabeçalho de Autorização
 settings.authorization_header_desc=Será incluído como cabeçalho de autorização para pedidos, quando estiver presente. Exemplos: %s.
 settings.active=Em funcionamento
@@ -2378,12 +2372,9 @@ settings.ignore_stale_approvals_desc=Não contar as aprovações feitas em comet
 settings.require_signed_commits=Exigir cometimentos assinados
 settings.require_signed_commits_desc=Rejeitar envios para este ramo que não estejam assinados ou que não sejam validáveis.
 settings.protect_branch_name_pattern=Padrão do nome do ramo protegido
-settings.protect_branch_name_pattern_desc=Padrões de nomes de ramos protegidos. Consulte <a href="https://github.com/gobwas/glob">a documentação</a> para ver a sintaxe dos padrões. Exemplos: main, release/**
 settings.protect_patterns=Padrões
 settings.protect_protected_file_patterns=Padrões de ficheiros protegidos (separados com ponto e vírgula ';'):
-settings.protect_protected_file_patterns_desc=Ficheiros protegidos não podem ser modificados imediatamente, mesmo que o utilizador tenha direitos para adicionar, editar ou eliminar ficheiros neste ramo. Múltiplos padrões podem ser separados com ponto e vírgula (';'). Veja a documentação em <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> para ver a sintaxe. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Padrões de ficheiros desprotegidos (separados com ponto e vírgula ';'):
-settings.protect_unprotected_file_patterns_desc=Ficheiros desprotegidos que podem ser modificados imediatamente se o utilizador tiver direitos de escrita, contornando a restrição no envio. Padrões múltiplos podem ser separados com ponto e vírgula (';'). Veja a documentação em <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> para ver a sintaxe. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.add_protected_branch=Habilitar salvaguarda
 settings.delete_protected_branch=Desabilitar salvaguarda
 settings.update_protect_branch_success=A salvaguarda do ramo "%s" foi modificada.
@@ -2414,7 +2405,6 @@ settings.tags.protection.allowed.teams=Equipas com permissão
 settings.tags.protection.allowed.noone=Ninguém
 settings.tags.protection.create=Proteger etiqueta
 settings.tags.protection.none=Não há etiquetas protegidas.
-settings.tags.protection.pattern.description=Pode usar um só nome ou um padrão glob ou uma expressão regular para corresponder a várias etiquetas. Para mais informações leia o <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">guia das etiquetas protegidas</a>.
 settings.bot_token=Código do bot
 settings.chat_id=ID do diálogo
 settings.thread_id=ID da discussão
@@ -2788,7 +2778,6 @@ last_page=Última
 total=total: %d
 settings=Configurações de administração
 
-dashboard.new_version_hint=O Gitea %s está disponível, você está a correr a versão %s. Verifique o <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">blog</a> para mais detalhes.
 dashboard.statistic=Resumo
 dashboard.maintenance_operations=Operações de manutenção
 dashboard.system_status=Estado do sistema
@@ -2978,12 +2967,10 @@ packages.size=Tamanho
 packages.published=Publicado
 
 defaulthooks=Automatismos web predefinidos
-defaulthooks.desc=Os automatismos web fazem pedidos HTTP POST automaticamente a um servidor quando são despoletados determinados eventos do Gitea. Os automatismos web definidos aqui são os predefinidos e serão copiados para todos os novos repositórios. Leia mais no <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">guia de automatismos web</a>.
 defaulthooks.add_webhook=Adicionar automatismo web predefinido
 defaulthooks.update_webhook=Modificar automatismo web predefinido
 
 systemhooks=Automatismos web do sistema
-systemhooks.desc=Os automatismos web fazem pedidos HTTP POST automaticamente a um servidor quando são despoletados determinados eventos do Gitea. Os automatismos web definidos aqui irão operar em todos os repositórios deste sistema, por isso tenha em consideração quaisquer implicações de desempenho que isso possa ter. Leia mais no <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">guia de automatismos web</a>.
 systemhooks.add_webhook=Adicionar automatismo web do sistema
 systemhooks.update_webhook=Modificar automatismo web do sistema
 
@@ -3078,18 +3065,8 @@ auths.tips=Dicas
 auths.tips.oauth2.general=Autenticação OAuth2
 auths.tips.oauth2.general.tip=Ao registar uma nova autenticação OAuth2, o URL da ligação de retorno ou do reencaminhamento deve ser:
 auths.tip.oauth2_provider=Fornecedor OAuth2
-auths.tip.bitbucket=Registe um novo consumidor de OAuth em https://bitbucket.org/account/user/{your-username}/oauth-consumers/new e adicione a permissão 'Account' - 'Read'
 auths.tip.nextcloud=`Registe um novo consumidor OAuth na sua instância usando o seguinte menu "Configurações → Segurança → Cliente OAuth 2.0"`
-auths.tip.dropbox=Crie uma nova aplicação em https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Registe uma nova aplicação em https://developers.facebook.com/apps e adicione o produto "Facebook Login"`
-auths.tip.github=Registe uma nova aplicação OAuth em https://github.com/settings/applications/new
-auths.tip.gitlab_new=Registe uma nova aplicação em https://gitlab.com/-/profile/applications
-auths.tip.google_plus=Obtenha credenciais de cliente OAuth2 a partir da consola do Google API em https://console.developers.google.com/
 auths.tip.openid_connect=Use o URL da descoberta de conexão OpenID "https://{server}/.well-known/openid-configuration" para especificar os extremos
-auths.tip.twitter=`Vá a https://dev.twitter.com/apps, crie uma aplicação e certifique-se de que está habilitada a opção "Allow this application to be used to Sign in with Twitter"`
-auths.tip.discord=Registe uma nova aplicação em https://discordapp.com/developers/applications/me
-auths.tip.gitea=Registe uma nova aplicação OAuth2. O guia pode ser encontrado em https://docs.gitea.com/development/oauth2-provider
-auths.tip.yandex=`Crie uma nova aplicação em https://oauth.yandex.com/client/new. Escolha as seguintes permissões da secção "Yandex.Passport API": "Acesso ao endereço de email", "Acesso ao avatar do utilizador" e "Acesso ao nome de utilizador, nome e sobrenome, género"`
 auths.tip.mastodon=Insira o URL de uma instância personalizada para a instância do mastodon com que se pretende autenticar (ou então use a predefinida)
 auths.edit=Editar fonte de autenticação
 auths.activated=Esta fonte de autenticação está em funcionamento
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index c426e41b208..95d43435064 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -182,7 +182,6 @@ string.desc=Я - А
 
 [error]
 occurred=Произошла ошибка
-report_message=Если вы считаете, что это баг Gitea, пожалуйста, поищите задачу на <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> или создайте новую при необходимости.
 missing_csrf=Некорректный запрос: отсутствует токен CSRF
 invalid_csrf=Некорректный запрос: неверный токен CSRF
 not_found=Цель не найдена.
@@ -191,12 +190,10 @@ network_error=Ошибка сети
 [startpage]
 app_desc=Удобный сервис собственного хостинга репозиториев Git
 install=Простой в установке
-install_desc=Просто <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">запустите исполняемый файл</a> для вашей платформы, разверните через <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, или установите <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">с помощью менеджера пакетов</a>.
 platform=Кроссплатформенный
 lightweight=Легковесный
 lightweight_desc=Gitea имеет низкие системные требования и может работать на недорогом Raspberry Pi. Экономьте энергию вашей машины!
 license=Открытый исходный код
-license_desc=Всё это на <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Присоединяйтесь к нам, внося <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">вклад</a>, чтобы сделать этот проект ещё лучше. Не бойтесь помогать!
 
 [install]
 install=Установка
@@ -410,7 +407,6 @@ authorize_title=Разрешить «%s» доступ к вашей учётн
 authorization_failed=Ошибка авторизации
 authorization_failed_desc=Ошибка авторизации, обнаружен неверный запрос. Пожалуйста, свяжитесь с автором приложения, которое вы пытались авторизовать.
 sspi_auth_failed=Аутентификация SSPI не удалась
-password_pwned=Выбранный вами пароль находится в <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">списке украденных паролей</a> из ранее опубликованных утечек. Повторите попытку с другим паролем. Также рекомендуем сменить этот пароль в других местах.
 password_pwned_err=Не удалось завершить запрос к HaveIBeenPwned
 
 [mail]
@@ -861,7 +857,6 @@ then_enter_passcode=И введите пароль, показанный в пр
 passcode_invalid=Неверный пароль. попробуйте снова.
 twofa_failed_get_secret=Не удалось получить ключ.
 
-webauthn_desc=Ключи безопасности - это аппаратные устройства, содержащие криптографические ключи. Они могут использоваться для двухфакторной аутентификации. Ключи безопасности должны поддерживать стандарт <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a>.
 webauthn_register_key=Добавить ключ безопасности
 webauthn_nickname=Имя пользователя
 webauthn_delete_key=Удалить ключ безопасности
@@ -2133,7 +2128,6 @@ settings.event_pull_request_merge=Удовлетворение запросов
 settings.event_package=Пакеты
 settings.event_package_desc=Пакет создан или удален в репозитории.
 settings.branch_filter=Фильтр веток
-settings.branch_filter_desc=Белый список ветвей для событий Push, создания ветвей и удаления ветвей, указанных в виде глоб-шаблона. Если пустой или <code>*</code>, то все событий для всех ветвей будут зарегистрированы. Перейдите по ссылке <a href="https://godoc.org/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> на документацию по синтаксису. Примеры: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=Заголовок Authorization
 settings.authorization_header_desc=Будет включён в качестве заголовка авторизации для запросов. Примеры: %s.
 settings.active=Активный
@@ -2205,12 +2199,9 @@ settings.dismiss_stale_approvals_desc=Когда новые коммиты, из
 settings.require_signed_commits=Требовать подписанные коммиты
 settings.require_signed_commits_desc=Отклонить отправку изменений в эту ветку, если они не подписаны или не проверяемы.
 settings.protect_branch_name_pattern=Шаблон имени для защищённых веток
-settings.protect_branch_name_pattern_desc=Шаблоны имён защищённых веток. О синтаксисе шаблонов читайте в <a href="https://github.com/gobwas/glob">документации</a>. Примеры: main, release/**
 settings.protect_patterns=Шаблоны
 settings.protect_protected_file_patterns=Шаблоны защищённых файлов (разделённые точкой с запятой ';'):
-settings.protect_protected_file_patterns_desc=Защищенные файлы нельзя изменить напрямую, даже если пользователь имеет право добавлять, редактировать или удалять файлы в этой ветке. Можно указать несколько шаблонов, разделяя их точкой с запятой (';'). О синтаксисе шаблонов читайте в документации <a href='https://godoc.org/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a>. Примеры: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Шаблоны незащищённых файлов (разделённые точкой с запятой ';'):
-settings.protect_unprotected_file_patterns_desc=Незащищенные файлы, которые допускается изменять напрямую, если пользователь имеет право на запись, несмотря на ограничение отправки изменений. Можно указать несколько шаблонов, разделяя их точкой с запятой (';'). О синтаксисе шаблонов читайте в документации <a href='https://godoc.org/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a>. Примеры: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.update_protect_branch_success=Защита веток по правилу «%s» изменена.
 settings.remove_protected_branch_success=Защита веток по правилу «%s» удалена.
 settings.remove_protected_branch_failed=Не удалось удалить правило защиты веток «%s».
@@ -2587,7 +2578,6 @@ first_page=Первая
 last_page=Последняя
 total=Всего: %d
 
-dashboard.new_version_hint=Доступна новая версия Gitea %s, вы используете %s. Более подробную информацию читайте в <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">блоге</a>.
 dashboard.statistic=Статистика
 dashboard.system_status=Состояние системы
 dashboard.operation_name=Имя операции
@@ -2859,13 +2849,6 @@ auths.tips=Советы
 auths.tips.oauth2.general=Аутентификация OAuth2
 auths.tip.oauth2_provider=Поставщик OAuth2
 auths.tip.nextcloud=`Зарегистрируйте нового потребителя OAuth в вашем экземпляре, используя меню "Settings -> Security -> OAuth 2.0 client"`
-auths.tip.dropbox=Добавьте новое приложение на https://www.dropbox.com/developers/apps
-auths.tip.facebook=Зарегистрируйте новое приложение на https://developers.facebook.com/apps и добавьте модуль «Facebook Login»
-auths.tip.github=Добавьте OAuth приложение на https://github.com/settings/applications/new
-auths.tip.google_plus=Получите учётные данные клиента OAuth2 в консоли Google API на странице https://console.developers.google.com/
-auths.tip.twitter=Перейдите на https://dev.twitter.com/apps, создайте приложение и убедитесь, что включена опция «Разрешить это приложение для входа в систему с помощью Twitter»
-auths.tip.discord=Добавьте новое приложение на https://discordapp.com/developers/applications/me
-auths.tip.yandex=`Создайте новое приложение по адресу https://oauth.yandex.com/client/new. В разделе "API Яндекс.Паспорта" выберите следующие разрешения: "Доступ к адресу электронной почты", "Доступ к аватару пользователя" и "Доступ к имени пользователя, фамилии и полу"`
 auths.tip.mastodon=Введите пользовательский URL экземпляра для экземпляра mastodon, с которым вы хотите аутентифицироваться (или использовать его по умолчанию)
 auths.edit=Обновить параметры аутентификации
 auths.activated=Источник аутентификации активирован
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index 35dd4607bfa..57c84ed73ff 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -1637,7 +1637,6 @@ settings.event_pull_request_review_desc=අදින්න ඉල්ලීම 
 settings.event_pull_request_sync=සමමුහුර්ත ඉල්ලීම අදින්න
 settings.event_pull_request_sync_desc=සමමුහුර්ත ඉල්ලීම අදින්න.
 settings.branch_filter=ශාඛා පෙරහන
-settings.branch_filter_desc=ග්ලෝබ් රටාව ලෙස නිශ්චිතව දක්වා ඇති තල්ලුව, ශාඛා නිර්මාණය සහ ශාඛා මකාදැමීමේ සිදුවීම් සඳහා ශාඛා වයිට්ලිස්ට්. හිස් හෝ <code>*</code>නම්, සියලු ශාඛා සඳහා සිදුවීම් වාර්තා වේ. සින්ටැක්ස් සඳහා <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> ලියකියවිලි බලන්න. උදාහරණ: <code>ස්වාමියා</code>, <code>{ස්වාමියා, මුදාහැරීම*}</code>.
 settings.active=ක්රියාකාරී
 settings.active_helper=අවුලුවාලූ සිදුවීම් පිළිබඳ තොරතුරු මෙම වෙබ්කොක් URL වෙත යවනු ලැබේ.
 settings.add_hook_success=මෙම වෙබ් කොක්කෙන් එකතු කර ඇත.
@@ -2218,13 +2217,6 @@ auths.tips=ඉඟි
 auths.tips.oauth2.general=OUTU2 සත්යාපන
 auths.tip.oauth2_provider=OUTU2 සැපයුම්කරු
 auths.tip.nextcloud=පහත සඳහන් මෙනුව භාවිතා කරමින් ඔබගේ උදාහරණයක් මත නව OAUTH පාරිභෝගිකයෙකු ලියාපදිංචි කරන්න “සැකසීම් -> ආරක්ෂාව -> OAUTH 2.0 සේවාදායකයා”
-auths.tip.dropbox=https://www.dropbox.com/developers/apps හි නව යෙදුමක් සාදන්න
-auths.tip.facebook=https://developers.facebook.com/apps හි නව යෙදුමක් ලියාපදිංචි කර නිෂ්පාදනය එකතු කරන්න “ෆේස්බුක් ලොගින් වන්න”
-auths.tip.github=https://github.com/settings/applications/new හි නව OAUTH අයදුම්පතක් ලියාපදිංචි කරන්න
-auths.tip.google_plus=ගූගල් API කොන්සෝලය වෙතින් OUT2 සේවාදායක අක්තපත්ර ලබා ගන්න https://console.developers.google.com/
-auths.tip.twitter=https://dev.twitter.com/apps වෙත යන්න, යෙදුමක් සාදන්න සහ “මෙම යෙදුම ට්විටර් සමඟ පුරනය වීමට භාවිතා කිරීමට ඉඩ දෙන්න” විකල්පය සක්රීය කර ඇති බවට සහතික වන්න
-auths.tip.discord=https://discordapp.com/developers/applications/me හි නව අයදුම්පතක් ලියාපදිංචි කරන්න
-auths.tip.yandex=https://oauth.yandex.com/client/new හි නව යෙදුමක් සාදන්න. “Yandex.Passport API” කොටසේ පහත සඳහන් අවසරයන් තෝරන්න: “විද්යුත් තැපැල් ලිපිනය වෙත ප්රවේශය”, “පරිශීලක අවතාර් වෙත ප්රවේශය” සහ “පරිශීලක නාමය, මුල් නම සහ වාසගම, ස්ත්රී පුරුෂ භාවය”
 auths.tip.mastodon=ඔබට සත්යාපනය කිරීමට අවශ්ය mastodon උදාහරණයක් සඳහා අභිරුචි උදාහරණයක් URL එකක් ආදාන කරන්න (හෝ පෙරනිමි එකක් භාවිතා කරන්න)
 auths.edit=සත්යාපන මූලාශ්රය සංස්කරණය කරන්න
 auths.activated=මෙම සත්යාපන මූලාශ්රය සක්රිය කර ඇත
diff --git a/options/locale/locale_sk-SK.ini b/options/locale/locale_sk-SK.ini
index ecaf935577c..72613057ff0 100644
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@@ -181,7 +181,6 @@ string.desc=Z - A
 
 [error]
 occurred=Vyskytla sa chyba
-report_message=Ak si myslíte, že ide o chybu Gitea, vyhľadajte problémy na <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub-e</a> alebo v prípade potreby otvorte nový problém.
 missing_csrf=Nesprávna žiadosť: neprítomný CSFR token
 invalid_csrf=Nesprávna žiadosť: nesprávny CSFR token
 not_found=Nebolo možné nájsť cieľ.
@@ -190,12 +189,10 @@ network_error=Chyba siete
 [startpage]
 app_desc=Jednoducho prístupný vlastný Git
 install=Jednoduchá inštalácia
-install_desc=Jednoducho <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">spustite binárku</a> pre vašu platformu, pošlite ju ako <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a>, alebo ju získajte <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">ako balíček</a>.
 platform=Multiplatformový
 lightweight=Ľahká
 lightweight_desc=Gitea má minimálne požiadavky a môže bežať na Raspberry Pi. Šetrite energiou vášho stroja!
 license=Otvorený zdrojový kód
-license_desc=Získajte <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Pridajte sa k nám a <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">prispejte</a>, aby bol tento projekt ešte lepší. Nehanbite sa byť prispievateľom!
 
 [install]
 install=Inštalácia
@@ -785,7 +782,6 @@ then_enter_passcode=A zadajte prístupový kód zobrazený v aplikácii:
 passcode_invalid=Prístupový kód je nesprávny. Skúste to znova.
 twofa_failed_get_secret=Nepodarilo sa získať tajomstvo.
 
-webauthn_desc=Bezpečnostné kľúče sú hardvérové ​​zariadenia obsahujúce kryptografické kľúče. Môžu byť použité na dvojfaktorovú autentifikáciu. Bezpečnostné kľúče musia podporovať štandard <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a>.
 webauthn_register_key=Pridať bezpečnostný kľúč
 webauthn_nickname=Prezývka
 webauthn_delete_key=Odstrániť bezpečnostný kľúč
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 4f7f10804f0..784752db05f 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -116,7 +116,6 @@ platform=Plattformsoberoende
 lightweight=Lättviktig
 lightweight_desc=Gitea har låga minimum-krav och kan köras på en billig Rasperry Pi. Spara på din maskins kraft!
 license=Öppen källkod
-license_desc=Hämta <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Gå med oss genom att <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">bidra</a> för att göra projektet ännu bättre. Var inte blyg för att bli en medarbetare!
 
 [install]
 install=Installation
@@ -1772,12 +1771,6 @@ auths.enable_auto_register=Aktivera Automatisk Registrering
 auths.tips=Tips
 auths.tips.oauth2.general=OAuth2 Autensiering
 auths.tip.oauth2_provider=OAuth2 leverantör
-auths.tip.dropbox=Skapa en ny applikation på https://www.dropbox.com/developers/apps
-auths.tip.facebook=Registrera en ny appliaktion på https://developers.facebook.com/apps och lägg till produkten ”Facebook-inloggning”
-auths.tip.github=Registrera en ny OAuth applikation på https://github.com/settings/applications/new
-auths.tip.google_plus=Erhåll inloggningsuppgifter för OAuth2 från Google API-konsolen på https://console.developers.google.com/
-auths.tip.twitter=Gå till https://dev.twitter.com/app, skapa en applikation och försäkra att alternativet "Allow this application to be used to Sign in with Twitter" är aktiverat
-auths.tip.discord=Registrera en ny applikation på https://discordapp.com/developers/applications/me
 auths.edit=Redigera autensieringskälla
 auths.activated=Denna autentiseringskälla är aktiverad
 auths.update_success=Autentiseringskällan har uppdaterats.
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 7ce6b65658c..81b8dc05cb6 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -218,7 +218,6 @@ string.desc=Z - A
 
 [error]
 occurred=Bir hata oluştu
-report_message=Bunun bir Gitea hatası olduğunu düşünüyorsanız, lütfen <a href="https://github.com/go-gitea/gitea/issues">GitHub</a> sayfasında sorunu arayın veya gerekiyorsa yeni bir sorun oluşturun.
 missing_csrf=Hatalı İstek: CSRF anahtarı yok
 invalid_csrf=Hatalı İstek: geçersiz CSRF erişim anahtarı
 not_found=Hedef bulunamadı.
@@ -227,12 +226,10 @@ network_error=Ağ hatası
 [startpage]
 app_desc=Zahmetsiz, kendi sunucunuzda barındırabileceğiniz Git servisi
 install=Kurulumu kolay
-install_desc=Platformunuz için <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">ikili dosyayı çalıştırın</a>, <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">Docker</a> ile yükleyin veya <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">paket</a> olarak edinin.
 platform=Farklı platformlarda çalışablir
 lightweight=Hafif
 lightweight_desc=Gitea'nın minimal gereksinimleri çok düşüktür ve ucuz bir Raspberry Pi üzerinde çalışabilmektedir. Makine enerjinizden tasarruf edin!
 license=Açık Kaynak
-license_desc=Gidin ve <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>'yı edinin! Bu projeyi daha da iyi yapmak için <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">katkıda bulunarak</a> bize katılın. Katkıda bulunmaktan çekinmeyin!
 
 [install]
 install=Kurulum
@@ -455,7 +452,6 @@ authorize_title=Hesabınıza erişmesi için "%s" yetkilendirilsin mi?
 authorization_failed=Yetkilendirme başarısız oldu
 authorization_failed_desc=Geçersiz bir istek tespit ettiğimiz için yetkilendirme başarısız oldu. Lütfen izin vermeye çalıştığınız uygulamanın sağlayıcısı ile iletişim kurun.
 sspi_auth_failed=SSPI kimlik doğrulaması başarısız oldu
-password_pwned=Seçtiğiniz parola, daha önce herkese açık veri ihlallerinde açığa çıkan bir <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">çalınan parola listesindedir</a>. Lütfen farklı bir parola ile tekrar deneyin ve başka yerlerde de bu parolayı değiştirmeyi düşünün.
 password_pwned_err=HaveIBeenPwned'e yapılan istek tamamlanamadı
 last_admin=Son yöneticiyi silemezsiniz. En azından bir yönetici olmalıdır.
 signin_passkey=Bir parola anahtarı ile oturum aç
@@ -943,7 +939,6 @@ then_enter_passcode=Ve uygulamada gösterilen şifreyi girin:
 passcode_invalid=Şifre geçersiz. Tekrar deneyin.
 twofa_failed_get_secret=Gizlilik elde edilemedi.
 
-webauthn_desc=Güvenlik anahtarları, şifreleme anahtarlarını içeren donanım aygıtlarıdır. İki aşamalı kimlik doğrulama için kullanılabilirler. Güvenlik anahtarları <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standardını desteklemelidir.
 webauthn_register_key=Güvenlik Anahtarı Ekle
 webauthn_nickname=Takma Ad
 webauthn_delete_key=Güvenlik Anahtarını Kaldır
@@ -2301,7 +2296,6 @@ settings.event_pull_request_merge=Değişiklik İsteği Birleştirme
 settings.event_package=Paket
 settings.event_package_desc=Bir depoda paket oluşturuldu veya silindi.
 settings.branch_filter=Dal filtresi
-settings.branch_filter_desc=Gönderme, dal oluşturma ve dal silme olayları için glob deseni olarak belirtilen dal beyaz listesi. Boşsa veya <code>*</code> ise, tüm dallar için olaylar raporlanır. Sözdizimi için <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> belgelerine bakın. Örnekler: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=Yetkilendirme Başlığı
 settings.authorization_header_desc=Mevcutsa isteklere yetkilendirme başlığı olarak eklenecektir. Örnekler: %s.
 settings.active=Etkin
@@ -2396,12 +2390,9 @@ settings.ignore_stale_approvals_desc=Daha eski işlemelere (eski incelemelere) y
 settings.require_signed_commits=İmzalı İşleme Gerekli
 settings.require_signed_commits_desc=Reddetme, onlar imzasızsa veya doğrulanamazsa bu dala gönderir.
 settings.protect_branch_name_pattern=Korunmuş Dal Adı Deseni
-settings.protect_branch_name_pattern_desc=Korunmuş dal isim desenleri. Desen sözdizimi için <a href="https://github.com/gobwas/glob">belgelere</a> bakabilirsiniz. Örnekler: main, release/**
 settings.protect_patterns=Desenler
 settings.protect_protected_file_patterns=Korumalı dosya kalıpları (noktalı virgülle ayrılmış ';'):
-settings.protect_protected_file_patterns_desc=Kullanıcının bu dalda dosya ekleme, düzenleme veya silme hakları olsa bile doğrudan değiştirilmesine izin verilmeyen korumalı dosyalar. Birden çok desen noktalı virgül (';') kullanılarak ayrılabilir. Desen sözdizimi için <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> belgelerine bakın. Örnekler: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Korunmasız dosya desenleri (noktalı virgülle ayrılmış ';'):
-settings.protect_unprotected_file_patterns_desc=Kullanıcının yazma erişimi, itme kısıtlamasını atlama hakkı olduğunda doğrudan değiştirmesine izin verilen korunmasız dosyalar. Birden çok desen noktalı virgül (';') kullanılarak ayrılabilir. Desen söz dizimi için <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> belgelerine bakın. Örnekler: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.update_protect_branch_success=Dal koruma kuralı "%s" güncellendi.
 settings.remove_protected_branch_success=Dal koruma kuralı "%s" kaldırıldı.
 settings.remove_protected_branch_failed=Dal koruma kuralı "%s" kaldırılamadı.
@@ -2429,7 +2420,6 @@ settings.tags.protection.allowed.teams=İzin verilen takımlar
 settings.tags.protection.allowed.noone=Hiç kimse
 settings.tags.protection.create=Etiketi Koru
 settings.tags.protection.none=Korumalı etiket yok.
-settings.tags.protection.pattern.description=Birden çok etiketi eşleştirmek için tek bir ad, glob deseni veya normal ifade kullanabilirsiniz. Daha fazlası için <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">korumalı etiketler rehberini</a> okuyun.
 settings.bot_token=Bot Jetonu
 settings.chat_id=Sohbet Kimliği
 settings.thread_id=İş Parçacığı ID
@@ -2797,7 +2787,6 @@ last_page=Son
 total=Toplam: %d
 settings=Yönetici Ayarları
 
-dashboard.new_version_hint=Gitea %s şimdi hazır, %s çalıştırıyorsunuz. Ayrıntılar için <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">blog</a>'a bakabilirsiniz.
 dashboard.statistic=Özet
 dashboard.maintenance_operations=Bakım İşlemleri
 dashboard.system_status=Sistem Durumu
@@ -2989,12 +2978,10 @@ packages.size=Boyut
 packages.published=Yayınlandı
 
 defaulthooks=Varsayılan Web İstemcileri
-defaulthooks.desc=Web İstemcileri, belirli Gitea olayları tetiklendiğinde otomatik olarak HTTP POST isteklerini sunucuya yapar. Burada tanımlanan Web İstemcileri varsayılandır ve tüm yeni depolara kopyalanır. <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">web istemcileri kılavuzunda</a> daha fazla bilgi edinin.
 defaulthooks.add_webhook=Varsayılan Web İstemcisi Ekle
 defaulthooks.update_webhook=Varsayılan Web İstemcisini Güncelle
 
 systemhooks=Sistem Web İstemcileri
-systemhooks.desc=Belirli Gitea olayları tetiklendiğinde Web istemcileri otomatik olarak bir sunucuya HTTP POST istekleri yapar. Burada tanımlanan web istemcileri sistemdeki tüm depolar üzerinde çalışır, bu yüzden lütfen bunun olabilecek tüm performans sonuçlarını göz önünde bulundurun. <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">web istemcileri kılavuzunda</a> daha fazla bilgi edinin.
 systemhooks.add_webhook=Sistem Web İstemcisi Ekle
 systemhooks.update_webhook=Sistem Web İstemcisi Güncelle
 
@@ -3089,18 +3076,8 @@ auths.tips=İpuçları
 auths.tips.oauth2.general=OAuth2 Kimlik Doğrulama
 auths.tips.oauth2.general.tip=Yeni bir OAuth2 kimlik doğrulama kaydederken, geri çağırma/yönlendirme URL'si şu olmalıdır:
 auths.tip.oauth2_provider=OAuth2 Sağlayıcısı
-auths.tip.bitbucket=https://bitbucket.org/account/user/{your-username}/oauth-consumers/new sayfasında yeni bir OAuth tüketicisi kaydedin ve 'Hesap' - 'Oku' iznini ekleyin
 auths.tip.nextcloud=Aşağıdaki "Ayarlar -> Güvenlik -> OAuth 2.0 istemcisi" menüsünü kullanarak örneğinize yeni bir OAuth tüketicisi kaydedin
-auths.tip.dropbox=https://www.dropbox.com/developers/apps adresinde yeni bir uygulama oluştur
-auths.tip.facebook=https://developers.facebook.com/apps adresinde yeni bir uygulama kaydedin ve "Facebook Giriş" ürününü ekleyin
-auths.tip.github=https://github.com/settings/applications/new adresinde yeni bir OAuth uygulaması kaydedin
-auths.tip.gitlab_new=https://gitlab.com/-/profile/applications adresinde yeni bir uygulama kaydedin
-auths.tip.google_plus=OAuth2 istemci kimlik bilgilerini https://console.developers.google.com/ adresindeki Google API konsolundan edinin
 auths.tip.openid_connect=Bitiş noktalarını belirlemek için OpenID Connect Discovery URL'sini (https://{server}/.well-known/openid-configuration) kullanın
-auths.tip.twitter=https://dev.twitter.com/apps adresine gidin, bir uygulama oluşturun ve “Bu uygulamanın Twitter ile oturum açmak için kullanılmasına izin ver” seçeneğinin etkin olduğundan emin olun
-auths.tip.discord=https://discordapp.com/developers/applications/me adresinde yeni bir uygulama kaydedin
-auths.tip.gitea=Yeni bir OAuth2 uygulaması kaydedin. Rehber https://docs.gitea.com/development/oauth2-provider adresinde bulunabilir
-auths.tip.yandex=`https://oauth.yandex.com/client/new adresinde yeni bir uygulama oluşturun. "Yandex.Passport API'sı" bölümünden aşağıdaki izinleri seçin: "E-posta adresine erişim", "Kullanıcı avatarına erişim" ve "Kullanıcı adına, ad ve soyadına, cinsiyete erişim"`
 auths.tip.mastodon=Kimlik doğrulaması yapmak istediğiniz mastodon örneği için özel bir örnek URL girin (veya varsayılan olanı kullanın)
 auths.edit=Kimlik Doğrulama Kaynağı Düzenle
 auths.activated=Bu Kimlik Doğrulama Kaynağı Etkinleştirildi
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index dc5d4cbf629..ce072996cd3 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -130,7 +130,6 @@ platform=Платформонезалежність
 lightweight=Невибагливість
 lightweight_desc=Gitea має низькі вимоги до ресурсів та може працювати на недорогому Raspberry Pi. Збережіть свою машину енергію!
 license=Відкритий вихідний код
-license_desc=Відвідайте <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a>! Приєднайтесь до нас та <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">зробіть свій внесок</a> до проєкту, щоб зробити його ще краще. Не бійтеся долучитися!
 
 [install]
 install=Встановлення
@@ -1684,7 +1683,6 @@ settings.event_pull_request_review_desc=Коментар запиту до зл
 settings.event_pull_request_sync=Запит на злиття синхронізується
 settings.event_pull_request_sync_desc=Запит до злиття синхронізовано.
 settings.branch_filter=Фільтр гілок
-settings.branch_filter_desc=Білий список повідомлень для push, створення гілок та видалення гілок, визначається як glob шаблон. Якщо він пустий або містить <code>*</code>, повідомлення для вісіх гілок ввімкнені. Дівіться <a href="https://godoc.org/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a> документацію на синтаксис. Наприклад: <code>master</code>, <code>{master,release*}</code>.
 settings.active=Активний
 settings.active_helper=Інформацію про викликані події буде надіслано за цією веб-хук URL-адресою.
 settings.add_hook_success=Веб-хук було додано.
@@ -2267,13 +2265,6 @@ auths.tips=Поради
 auths.tips.oauth2.general=OAuth2 автентифікація
 auths.tip.oauth2_provider=Постачальник OAuth2
 auths.tip.nextcloud=`Зареєструйте нового споживача OAuth у вашому екземплярі за допомогою наступного меню "Налаштування -> Безпека -> клієнт OAuth 2.0"`
-auths.tip.dropbox=Додайте новий додаток на https://www.dropbox.com/developers/apps
-auths.tip.facebook=`Створіть новий додаток на https://developers.facebook.com/apps і додайте модуль "Facebook Login"`
-auths.tip.github=Додайте OAuth додаток на https://github.com/settings/applications/new
-auths.tip.google_plus=Отримайте облікові дані клієнта OAuth2 в консолі Google API на сторінці https://console.developers.google.com/
-auths.tip.twitter=Перейдіть на https://dev.twitter.com/apps, створіть програму і переконайтеся, що включена опція «Дозволити цю програму для входу в систему за допомогою Twitter»
-auths.tip.discord=Зареєструйте новий додаток на https://discordapp.com/developers/applications/me
-auths.tip.yandex=`Створіть нову програму в https://oauth.yandex.com/client/new. Виберіть наступні дозволи з "Yandex. assport API": "Доступ до адреси електронної пошти", "Доступ до аватара" і "Доступ до імені користувача, імені та прізвища, статі"`
 auths.tip.mastodon=Введіть URL спеціального екземпляра для екземпляра mastodon, який ви хочете автентифікувати за допомогою (або використовувати за замовчуванням)
 auths.edit=Редагувати джерело автентифікації
 auths.activated=Ця аутентифікація активована
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index c85e84ad60c..67bb965528f 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -217,7 +217,6 @@ string.desc=Z - A
 
 [error]
 occurred=发生了一个错误
-report_message=如果您确定这是一个 Gitea bug，请在 <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> 上搜索问题，或在必要时创建一个新工单。
 missing_csrf=错误的请求：没有 CSRF 令牌
 invalid_csrf=错误的请求：无效的 CSRF 令牌
 not_found=找不到目标。
@@ -226,12 +225,10 @@ network_error=网络错误
 [startpage]
 app_desc=一款极易搭建的自助 Git 服务
 install=易安装
-install_desc=通过 <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-binary">二进制</a> 来运行；或者通过 <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/tree/master/docker">docker</a> 来运行；或者通过 <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.com/installation/install-from-package">安装包</a> 来运行
 platform=跨平台
 lightweight=轻量级
 lightweight_desc=一个廉价的树莓派的配置足以满足 Gitea 的最低系统硬件要求。最大程度上节省您的服务器资源！
 license=开源化
-license_desc=所有的代码都开源在 <a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea/">GitHub</a> 上，赶快加入我们来共同发展这个伟大的项目！还等什么？成为贡献者吧！
 
 [install]
 install=安装页面
@@ -450,7 +447,6 @@ authorize_title=授权 %s 访问您的帐户？
 authorization_failed=授权失败
 authorization_failed_desc=因为检测到无效请求，授权失败。请尝试联系您授权应用的管理员。
 sspi_auth_failed=SSPI 认证失败
-password_pwned=此密码出现在 <a target="_blank" rel="noopener noreferrer" href="https://haveibeenpwned.com/Passwords">被盗密码</a> 列表上并且曾经被公开。 请使用另一个密码再试一次。
 password_pwned_err=无法完成对 HaveIBeenPwned 的请求
 last_admin=您不能删除最后一个管理员。必须至少保留一个管理员。
 
@@ -934,7 +930,6 @@ then_enter_passcode=并输入应用程序中显示的密码:
 passcode_invalid=密码不正确。再试一次。
 twofa_failed_get_secret=获取 secret 失败。
 
-webauthn_desc=安全密钥是包含加密密钥的硬件设备。它们可以用于双因素身份验证。安全密钥必须支持 <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn 身份验证器</a> 标准。
 webauthn_register_key=添加安全密钥
 webauthn_nickname=昵称
 webauthn_delete_key=移除安全密钥
@@ -2288,7 +2283,6 @@ settings.event_pull_request_merge=合并请求合并
 settings.event_package=软件包
 settings.event_package_desc=软件包已在仓库中被创建或删除。
 settings.branch_filter=分支过滤
-settings.branch_filter_desc=推送、创建，删除分支事件的分支白名单，使用 glob 模式匹配指定。若为空或 <code>*</code>，则将报告所有分支的事件。语法文档见 <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a>。示例：<code>master</code>,<code>{master,release*}</code>。
 settings.authorization_header=授权标头
 settings.authorization_header_desc=当存在时将被作为授权标头包含在内。例如: %s。
 settings.active=激活
@@ -2361,12 +2355,9 @@ settings.ignore_stale_approvals_desc=对旧提交（过期审核）的批准将
 settings.require_signed_commits=需要签名提交
 settings.require_signed_commits_desc=拒绝推送未签名或无法验证的提交到分支
 settings.protect_branch_name_pattern=受保护的分支名称模式
-settings.protect_branch_name_pattern_desc=分支保护的名称匹配规则。语法请参阅 <a href="https://github.com/gobwas/glob">文档</a> 。如：main, release/**
 settings.protect_patterns=规则
 settings.protect_protected_file_patterns=受保护的文件模式(使用分号 ';' 分隔)：
-settings.protect_protected_file_patterns_desc=即使用户有权添加、编辑或删除此分支中的文件，也不允许直接更改受保护的文件。 可以使用分号 (';') 分隔多个模式。 见<a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a>文档了解模式语法。例如： <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
 settings.protect_unprotected_file_patterns=不受保护的文件模式(使用分号 ';' 分隔)：
-settings.protect_unprotected_file_patterns_desc=如果用户有写权限，则允许直接更改的不受保护的文件，以绕过推送限制。可以使用分号分隔多个模式 (';')。 见 <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> 文档了解模式语法。例如： <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
 settings.update_protect_branch_success=分支保护规则 %s 更新成功。
 settings.remove_protected_branch_success=移除分支保护规则"%s"成功。
 settings.remove_protected_branch_failed=移除分支保护规则"%s"失败。
@@ -2394,7 +2385,6 @@ settings.tags.protection.allowed.teams=允许的团队
 settings.tags.protection.allowed.noone=无
 settings.tags.protection.create=保护Git标签
 settings.tags.protection.none=没有受保护的Git标签
-settings.tags.protection.pattern.description=你可以使用单个名称或 glob 模式匹配或正则表达式来匹配多个标签。了解详情请访问 <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/protected-tags">受保护Git标签指南</a>。
 settings.bot_token=Bot 令牌
 settings.chat_id=聊天 ID
 settings.thread_id=线程 ID
@@ -2761,7 +2751,6 @@ last_page=末页
 total=总计：%d
 settings=管理设置
 
-dashboard.new_version_hint=Gitea %s 现已可用，您正在运行 %s。查看 <a target="_blank" rel="noreferrer" href="https://blog.gitea.io">博客</a> 了解详情。
 dashboard.statistic=摘要
 dashboard.maintenance_operations=运维
 dashboard.system_status=系统状态
@@ -2942,12 +2931,10 @@ packages.size=大小
 packages.published=已发布
 
 defaulthooks=默认Web钩子
-defaulthooks.desc=当某些 Gitea 事件触发时，Web 钩子自动向服务器发出 HTTP POST 请求。这里定义的 Web 钩子是默认配置，将被复制到所有新的仓库中。详情请访问 <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">Web 钩子指南</a>。
 defaulthooks.add_webhook=添加默认Web 钩子
 defaulthooks.update_webhook=更新默认 Web 钩子
 
 systemhooks=系统 Web 钩子
-systemhooks.desc=当某些 Gitea 事件触发时，Web 钩子自动向服务器发出HTTP POST请求。这里定义的 Web 钩子将作用于系统上的所有仓库，所以请考虑这可能带来的任何性能影响。了解详情请访问 <a target="_blank" rel="noopener" href="https://docs.gitea.com/usage/webhooks">Web 钩子指南</a>。
 systemhooks.add_webhook=添加系统 Web 钩子
 systemhooks.update_webhook=更新系统 Web 钩子
 
@@ -3042,18 +3029,8 @@ auths.tips=帮助提示
 auths.tips.oauth2.general=OAuth2 认证
 auths.tips.oauth2.general.tip=当注册新的 OAuth2 身份验证时，回调/重定向 URL 应该是：
 auths.tip.oauth2_provider=OAuth2 提供程序
-auths.tip.bitbucket=在 https://bitbucket.org/account/user/{your username}/oauth-consumers/new 注册新的 OAuth 使用者同时添加权限“账号”-“读取”
 auths.tip.nextcloud=使用下面的菜单“设置（Settings） -> 安全（Security） -> OAuth 2.0 client”在您的实例上注册一个新的 OAuth 客户端。
-auths.tip.dropbox=在 https://www.dropbox.com/developers/apps 上创建一个新的应用程序
-auths.tip.facebook=`在 https://developers.facebook.com/apps 注册一个新的应用，并添加产品"Facebook 登录"`
-auths.tip.github=在 https://github.com/settings/applications/new 注册一个 OAuth 应用程序
-auths.tip.gitlab_new=在 https://gitlab.com/-/profile/applications 注册一个新的应用
-auths.tip.google_plus=从谷歌 API 控制台 (https://console.developers.google.com/) 获得 OAuth2 客户端凭据
 auths.tip.openid_connect=使用 OpenID 连接发现 URL ({server}/.well-known/openid-configuration) 来指定终点
-auths.tip.twitter=访问 https://dev.twitter.com/apps，创建应用并确保启用了"允许此应用程序用于登录 Twitter"的选项。
-auths.tip.discord=在 https://discordapp.com/developers/applications/me 上注册新应用程序
-auths.tip.gitea=注册一个新的 OAuth2 应用程序。可以访问 https://docs.gitea.com/development/oauth2-provider 查看帮助
-auths.tip.yandex=在 https://oauth.yandex.com/client/new 上创建一个新的应用程序。在“ Yandex.Passport API”这部分中选择以下权限：“访问电子邮件地址（Access to email address）”，“访问用户头像（Access to user avatar）”和“访问用户名，名字和姓氏，性别（Access to username, first name and surname, genderAccess to username, first name and surname, gender）”
 auths.tip.mastodon=输入您想要认证的 mastodon 实例的自定义 URL (或使用默认值)
 auths.edit=修改认证源
 auths.activated=该认证源已经启用
diff --git a/options/locale/locale_zh-HK.ini b/options/locale/locale_zh-HK.ini
index 26b87f51540..509be152703 100644
--- a/options/locale/locale_zh-HK.ini
+++ b/options/locale/locale_zh-HK.ini
@@ -797,9 +797,6 @@ auths.enable_auto_register=允許授權用戶自動註冊
 auths.tips=幫助提示
 auths.tips.oauth2.general=OAuth2 認證
 auths.tip.oauth2_provider=OAuth2 提供者
-auths.tip.dropbox=建立新 App 在 https://www.dropbox.com/developers/apps
-auths.tip.facebook=`在 https://developers.facebook.com/apps 註冊一個新的應用，並且新增一個產品 "Facebook Login"`
-auths.tip.github=在 https://github.com/settings/applications/new 註冊一個新的 OAuth 應用程式
 auths.delete=刪除認證來源
 auths.delete_auth_title=刪除認證來源
 
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index 045e0ddecec..b74bf22ccf3 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -179,7 +179,6 @@ platform=跨平台
 lightweight=輕量級
 lightweight_desc=一片便宜的 Raspberry Pi 就可以滿足 Gitea 的最低需求。節省您的機器資源！
 license=開放原始碼
-license_desc=取得 <a target="_blank" rel="noopener noreferrer" href="https://code.gitea.io/gitea">code.gitea.io/gitea</a> ！成為一名<a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea">貢獻者</a>和我們一起讓 Gitea 更好，快點加入我們吧！
 
 [install]
 install=安裝頁面
@@ -794,7 +793,6 @@ then_enter_passcode=然後輸入應用程式中顯示的驗證碼：
 passcode_invalid=無效的驗證碼，請重試。
 twofa_failed_get_secret=取得密鑰 (Secret) 失敗。
 
-webauthn_desc=安全金鑰是包含加密密鑰的硬體設備，它們可以用於兩步驟驗證。安全金鑰必須支援 <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> 標準。
 webauthn_register_key=新增安全金鑰
 webauthn_nickname=暱稱
 webauthn_delete_key=移除安全金鑰
@@ -1966,7 +1964,6 @@ settings.event_pull_request_sync_desc=合併請求同步。
 settings.event_package=套件
 settings.event_package_desc=套件已在儲存庫中建立或刪除。
 settings.branch_filter=分支篩選
-settings.branch_filter_desc=推送、建立分支、刪除分支事件的白名單，請使用 glob 比對模式。如果留白或輸入<code>*</code>，所有分支的事件都會被回報。語法參見 <a href="https://pkg.go.dev/github.com/gobwas/glob#Compile">github.com/gobwas/glob</a>。範例：<code>master</code>, <code>{master,release*}</code>。
 settings.authorization_header=Authorization 標頭
 settings.authorization_header_desc=存在時將將包含此 Authorization 標頭在請求中。例: %s。
 settings.active=啟用
@@ -2032,9 +2029,7 @@ settings.require_signed_commits=僅接受經簽署的提交
 settings.require_signed_commits_desc=拒絕未經簽署或未經驗證的提交推送到此分支。
 settings.protect_branch_name_pattern=受保護的分支名稱模式
 settings.protect_protected_file_patterns=受保護的檔案模式 (以分號區隔「;」):
-settings.protect_protected_file_patterns_desc=即便使用者有權限新增、修改、刪除此分支的檔案，仍不允許直接修改受保護的檔案。可以用半形分號「;」分隔多個模式。請於 <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> 文件查看模式格式。範例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
 settings.protect_unprotected_file_patterns=未受保護的檔案模式 (以分號區隔「;」):
-settings.protect_unprotected_file_patterns_desc=當使用者有寫入權限時，可繞過推送限制，直接修改未受保護的檔案。可以用半形分號「;」分隔多個模式。請於 <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> 文件查看模式格式。範例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
 settings.protected_branch_deletion_desc=停用分支保護將允許有寫入權限的使用者推送至該分支，是否繼續？
 settings.block_rejected_reviews=有退回的審核時阻擋合併
 settings.block_rejected_reviews_desc=如果官方審核人員提出變更請求，即使有足夠的核可也不允許進行合併。
@@ -2391,7 +2386,6 @@ first_page=首頁
 last_page=末頁
 total=總計：%d
 
-dashboard.new_version_hint=現已推出 Gitea %s，您正在執行 %s。詳情請參閱<a target="_blank" rel="noreferrer" href="https://blog.gitea.io">部落格</a>的說明。
 dashboard.statistic=摘要
 dashboard.system_status=系統狀態
 dashboard.operation_name=作業名稱
@@ -2654,13 +2648,6 @@ auths.tips=幫助提示
 auths.tips.oauth2.general=OAuth2 認證
 auths.tip.oauth2_provider=OAuth2 提供者
 auths.tip.nextcloud=在您的執行個體中，於選單「設定 -> 安全性 -> OAuth 2.0 客戶端」註冊新的 OAuth 客戶端
-auths.tip.dropbox=建立新的 App。網址：https://www.dropbox.com/developers/apps
-auths.tip.facebook=註冊新的應用程式並新增產品「Facebook 登入」。網址：https://developers.facebook.com/apps
-auths.tip.github=註冊新的 OAuth 應用程式。網址：https://github.com/settings/applications/new
-auths.tip.google_plus=從 Google API 控制台取得 OAuth2 用戶端憑證。網址：https://console.developers.google.com/
-auths.tip.twitter=建立應用程式並確保有啟用「Allow this application to be used to Sign in with Twitter」。網址：https://dev.twitter.com/apps
-auths.tip.discord=註冊新的應用程式。網址：https://discordapp.com/developers/applications/me
-auths.tip.yandex=建立新的應用程式，從「Yandex.Passport API」區塊選擇「Access to email address」、「Access to user avatar」和「Access to username, first name and surname, gender」。網址：https://oauth.yandex.com/client/new
 auths.tip.mastodon=輸入您欲認證的 Mastodon 執行個體的自訂網址 (或使用預設值)
 auths.edit=修改認證來源
 auths.activated=該認證來源已啟用

From d5f35cc54e820803c29df1866c6b8acb537ab417 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Wed, 4 Sep 2024 00:29:09 +0000
Subject: [PATCH 048/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_lv-LV.ini | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index f1141ef8ee8..cf297a8dcf2 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -25,6 +25,7 @@ enable_javascript=Šai tīmekļvietnei ir nepieciešams JavaScript.
 toc=Satura rādītājs
 licenses=Licences
 return_to_gitea=Atgriezties Gitea
+more_items=Vairāk vienumu
 
 username=Lietotājvārds
 email=E-pasta adrese
@@ -92,6 +93,7 @@ remove_all=Noņemt visus
 remove_label_str=`Noņemt ierakstu "%s"`
 edit=Labot
 view=Skatīt
+test=Pārbaudīt
 
 enabled=Iespējots
 disabled=Atspējots
@@ -113,6 +115,7 @@ loading=Notiek ielāde…
 error=Kļūda
 error404=Lapa, ko tiek mēģināts atvērt, vai nu <strong>nepastāv</strong> vai arī <strong>nav tiesību</strong> to aplūkot.
 go_back=Atgriezties
+invalid_data=Nederīgi dati: %v
 
 never=Nekad
 unknown=Nezināms

From 7eef261c3ebf9bfe37fe0dceb51bde9a79bbaf17 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 4 Sep 2024 10:52:00 +0800
Subject: [PATCH 049/129] Replace v-html with v-text in search inputbox
 (#31966)

Credit for @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com>
---
 web_src/js/components/RepoBranchTagSelector.vue | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/web_src/js/components/RepoBranchTagSelector.vue b/web_src/js/components/RepoBranchTagSelector.vue
index 00c2955f55c..7aecb1e351d 100644
--- a/web_src/js/components/RepoBranchTagSelector.vue
+++ b/web_src/js/components/RepoBranchTagSelector.vue
@@ -289,13 +289,11 @@ export default sfc; // activate IDE's Vue plugin
           <a href="#" @click="createNewBranch()">
             <div v-show="shouldCreateTag">
               <i class="reference tags icon"/>
-              <!-- eslint-disable-next-line vue/no-v-html -->
-              <span v-html="textCreateTag.replace('%s', searchTerm)"/>
+              <span v-text="textCreateTag.replace('%s', searchTerm)"/>
             </div>
             <div v-show="!shouldCreateTag">
               <svg-icon name="octicon-git-branch"/>
-              <!-- eslint-disable-next-line vue/no-v-html -->
-              <span v-html="textCreateBranch.replace('%s', searchTerm)"/>
+              <span v-text="textCreateBranch.replace('%s', searchTerm)"/>
             </div>
             <div class="text small">
               <span v-if="isViewBranch || release">{{ textCreateBranchFrom.replace('%s', branchName) }}</span>

From a366af4b7a067227386184067e203091923b5b10 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 4 Sep 2024 12:53:55 +0800
Subject: [PATCH 050/129] Remove html tags from create tag and branch
 translation (#31973)

Follow #31950 and Fix the display bug of #31966 .

This will only fix the English version. I will update all these
translation files in crowdin after this merged so that all the languages
can be fixed.

And all these files should be backported together.

This PR remove the bold effect around the name when creating a new tag
or branch.
---
 options/locale/locale_en-US.ini | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index a79a487392c..8d51864d3d1 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2642,7 +2642,7 @@ branch.delete_desc = Deleting a branch is permanent. Although the deleted branch
 branch.deletion_success = Branch "%s" has been deleted.
 branch.deletion_failed = Failed to delete branch "%s".
 branch.delete_branch_has_new_commits = Branch "%s" cannot be deleted because new commits have been added after merging.
-branch.create_branch = Create branch <strong>%s</strong>
+branch.create_branch = Create branch %s
 branch.create_from = from "%s"
 branch.create_success = Branch "%s" has been created.
 branch.branch_already_exists = Branch "%s" already exists in this repository.
@@ -2668,7 +2668,7 @@ branch.new_branch = Create new branch
 branch.new_branch_from = Create new branch from "%s"
 branch.renamed = Branch %s was renamed to %s.
 
-tag.create_tag = Create tag <strong>%s</strong>
+tag.create_tag = Create tag %s
 tag.create_tag_operation = Create tag
 tag.confirm_create_tag = Create tag
 tag.create_tag_from = Create new tag from "%s"

From 30da734f37f0bd60d13044374c1d5af54f2eb416 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Wed, 4 Sep 2024 05:30:04 +0000
Subject: [PATCH 051/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_cs-CZ.ini | 2 --
 options/locale/locale_de-DE.ini | 2 --
 options/locale/locale_el-GR.ini | 2 --
 options/locale/locale_es-ES.ini | 2 --
 options/locale/locale_fa-IR.ini | 2 --
 options/locale/locale_fi-FI.ini | 1 -
 options/locale/locale_fr-FR.ini | 2 --
 options/locale/locale_hu-HU.ini | 1 -
 options/locale/locale_id-ID.ini | 1 -
 options/locale/locale_it-IT.ini | 2 --
 options/locale/locale_ja-JP.ini | 2 --
 options/locale/locale_ko-KR.ini | 1 -
 options/locale/locale_lv-LV.ini | 2 --
 options/locale/locale_nl-NL.ini | 1 -
 options/locale/locale_pl-PL.ini | 2 --
 options/locale/locale_pt-BR.ini | 2 --
 options/locale/locale_pt-PT.ini | 2 --
 options/locale/locale_ru-RU.ini | 2 --
 options/locale/locale_si-LK.ini | 2 --
 options/locale/locale_sv-SE.ini | 1 -
 options/locale/locale_tr-TR.ini | 2 --
 options/locale/locale_uk-UA.ini | 2 --
 options/locale/locale_zh-CN.ini | 2 --
 options/locale/locale_zh-TW.ini | 2 --
 24 files changed, 42 deletions(-)

diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 66cf0424a00..280fe60a355 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -2564,7 +2564,6 @@ branch.delete_desc=Smazání větve je trvalé. Přestože zrušená větev mů
 branch.deletion_success=Větev „%s“ byla smazána.
 branch.deletion_failed=Nepodařilo se odstranit větev „%s“.
 branch.delete_branch_has_new_commits=Větev „%s“ nemůže být smazána, protože byly přidány nové commity po sloučení.
-branch.create_branch=Vytvořit větev <strong>%s</strong>
 branch.create_from=z „%s“
 branch.create_success=Větev „%s“ byla vytvořena.
 branch.branch_already_exists=Větev „%s“ již existuje v tomto repozitáři.
@@ -2590,7 +2589,6 @@ branch.new_branch=Vytvořit novou větev
 branch.new_branch_from=Vytvořit novou větev z „%s“
 branch.renamed=Větev %s byla přejmenována na %s.
 
-tag.create_tag=Vytvořit značku <strong>%s</strong>
 tag.create_tag_operation=Vytvořit značku
 tag.confirm_create_tag=Vytvořit značku
 tag.create_tag_from=Vytvořit novou značku z „%s“
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index ad8714eed0e..2c168a7bb7c 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -2536,7 +2536,6 @@ branch.delete_desc=Das Löschen eines Branches ist permanent. Obwohl der Branch
 branch.deletion_success=Branch "%s" wurde gelöscht.
 branch.deletion_failed=Branch "%s" konnte nicht gelöscht werden.
 branch.delete_branch_has_new_commits=Der Branch "%s" kann nicht gelöscht werden, da seit dem letzten Merge neue Commits hinzugefügt wurden.
-branch.create_branch=Erstelle Branch <strong>%s</strong>
 branch.create_from=`von "%s"`
 branch.create_success=Branch "%s" wurde erstellt.
 branch.branch_already_exists=Branch "%s" existiert bereits in diesem Repository.
@@ -2562,7 +2561,6 @@ branch.new_branch=Neue Branch erstellen
 branch.new_branch_from=Neuen Branch von "%s" erstellen
 branch.renamed=Branch %s wurde in %s umbenannt.
 
-tag.create_tag=Tag <strong>%s</strong> erstellen
 tag.create_tag_operation=Tag erstellen
 tag.confirm_create_tag=Tag erstellen
 tag.create_tag_from=Neuen Tag von "%s" erstellen
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 4f9a53a6df4..3396f65f01b 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -2442,7 +2442,6 @@ branch.delete_desc=Η διαγραφή ενός κλάδου είναι μόνι
 branch.deletion_success=Ο κλάδος "%s" διαγράφηκε.
 branch.deletion_failed=Αποτυχία διαγραφής του κλάδου "%s".
 branch.delete_branch_has_new_commits=Ο κλάδος "%s" δεν μπορεί να διαγραφεί επειδή προστέθηκαν νέες υποβολές μετά τη συγχώνευση.
-branch.create_branch=Δημιουργία κλάδου <strong>%s</strong>
 branch.create_from=`από το "%s"`
 branch.create_success=Ο κλάδος "%s" δημιουργήθηκε.
 branch.branch_already_exists=Ο κλάδος "%s" υπάρχει ήδη σε αυτό το αποθετήριο.
@@ -2468,7 +2467,6 @@ branch.new_branch=Δημιουργία νέου κλάδου
 branch.new_branch_from=`Δημιουργία νέου κλάδου από το "%s"`
 branch.renamed=Ο κλάδος %s μετονομάστηκε σε %s.
 
-tag.create_tag=Δημιουργία ετικέτας <strong>%s</strong>
 tag.create_tag_operation=Δημιουργία ετικέτας
 tag.confirm_create_tag=Δημιουργία ετικέτας
 tag.create_tag_from=`Δημιουργία νέας ετικέτας από το "%s"`
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 83fc50e0e22..242e9ce3ed4 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -2423,7 +2423,6 @@ branch.delete_desc=Eliminar una rama es permanente. Aunque la rama eliminada pue
 branch.deletion_success=La rama "%s" ha sido eliminada.
 branch.deletion_failed=Error al eliminar la rama "%s".
 branch.delete_branch_has_new_commits=La rama "%s" no se puede eliminar porque se han añadido nuevos commits después de la fusión.
-branch.create_branch=Crear rama <strong>%s</strong>
 branch.create_from=`de "%s"`
 branch.create_success=La rama "%s" ha sido creada.
 branch.branch_already_exists=La rama "%s" ya existe en este repositorio.
@@ -2449,7 +2448,6 @@ branch.new_branch=Crear nueva rama
 branch.new_branch_from=`Crear nueva rama de "%s"`
 branch.renamed=La rama %s fue renombrada a %s.
 
-tag.create_tag=Crear etiqueta <strong>%s</strong>
 tag.create_tag_operation=Crear etiqueta
 tag.confirm_create_tag=Crear etiqueta
 tag.create_tag_from=`Crear nueva etiqueta de "%s"`
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index 7d07d570f40..db675a22d03 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -1876,7 +1876,6 @@ release.add_tag=فقط تگ ایجاد کنید
 branch.name=نام شاخه
 branch.delete_head=حذف
 branch.delete_html=حذف شاخه
-branch.create_branch=ساختن شاخه <strong>%s</strong>
 branch.deleted_by=حذف شده توسط %s
 branch.included_desc=این شاخه بخشی از شاخه پیش فرض است
 branch.included=مشمول شده
@@ -1887,7 +1886,6 @@ branch.create_branch_operation=ایجاد شاخه
 branch.new_branch=شاخه جدید ایجاد کنید
 branch.renamed=شاخه %s قبلا به %s تغییر کرده است.
 
-tag.create_tag=تگ <strong>%s</strong> ایجاد کنید
 
 
 topic.manage_topics=مدیریت موضوعات
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 36af8d28708..769fbba5bf3 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -1280,7 +1280,6 @@ release.downloads=Lataukset
 
 branch.name=Haaran nimi
 branch.delete_head=Poista
-branch.create_branch=Luo haara <strong>%s</strong>
 
 
 
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 634836a7904..0583ce7c6d3 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -2587,7 +2587,6 @@ branch.delete_desc=La suppression d’une branche est permanente. Bien qu’une
 branch.deletion_success=La branche "%s" a été supprimée.
 branch.deletion_failed=Impossible de supprimer la branche "%s".
 branch.delete_branch_has_new_commits=La branche "%s" ne peut être supprimé, car de nouvelles révisions ont été ajoutées après la fusion.
-branch.create_branch=Créer la branche <strong>%s</strong>
 branch.create_from=`de "%s"`
 branch.create_success=La branche "%s" a été créée.
 branch.branch_already_exists=La branche "%s" existe déjà dans ce dépôt.
@@ -2613,7 +2612,6 @@ branch.new_branch=Créer une nouvelle branche
 branch.new_branch_from=`Créer une nouvelle branche à partir de "%s"`
 branch.renamed=La branche %s à été renommée en %s.
 
-tag.create_tag=Créer l'étiquette <strong>%s</strong>
 tag.create_tag_operation=Créer une étiquette
 tag.confirm_create_tag=Créer une étiquette
 tag.create_tag_from=`Créer une nouvelle étiquette à partir de "%s"`
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 1c9ec305764..01891b9c335 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -1141,7 +1141,6 @@ release.download_count=Letöltések: %s
 
 branch.delete_head=Törlés
 branch.delete_html=Ág törlése
-branch.create_branch=Ág <strong>%s</strong> létrehozása
 branch.deleted_by=Törölve %s által
 
 
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index a49dfcb8ed3..dfe0955b9cc 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -921,7 +921,6 @@ release.downloads=Unduhan
 
 branch.delete_head=Hapus
 branch.delete_html=Hapus cabang
-branch.create_branch=Membuat cabang <strong>%s</strong>
 branch.deleted_by=Dihapus oleh %s
 
 
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 0c48a1fe774..c8bc3138a51 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -2031,7 +2031,6 @@ release.add_tag=Crea Solo Branch
 branch.name=Nome branch
 branch.delete_head=Elimina
 branch.delete_html=Elimina branch
-branch.create_branch=Crea branch <strong>%s</strong>
 branch.deleted_by=Eliminato da %s
 branch.included_desc=Questo ramo fa parte del ramo predefinito
 branch.included=Incluso
@@ -2042,7 +2041,6 @@ branch.create_branch_operation=Crea ramo
 branch.new_branch=Crea nuovo ramo
 branch.renamed=Il ramo %s è stato rinominato in %s.
 
-tag.create_tag=Crea branch <strong>%s</strong>
 tag.create_tag_operation=Crea etichetta
 tag.confirm_create_tag=Crea etichetta
 
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 6d9ab925787..1ac79e0697c 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -2621,7 +2621,6 @@ branch.delete_desc=ブランチの削除は恒久的です。 実際に削除さ
 branch.deletion_success=ブランチ "%s" を削除しました。
 branch.deletion_failed=ブランチ "%s" の削除に失敗しました。
 branch.delete_branch_has_new_commits=マージ後に新しいコミットが追加されているため、ブランチ "%s" を削除できません。
-branch.create_branch=ブランチ <strong>%s</strong> を作成
 branch.create_from=`"%s" から`
 branch.create_success=ブランチ "%s" を作成しました。
 branch.branch_already_exists=ブランチ "%s" は、このリポジトリに既に存在します。
@@ -2647,7 +2646,6 @@ branch.new_branch=新しいブランチの作成
 branch.new_branch_from=`"%s" から新しいブランチを作成`
 branch.renamed=ブランチ %s は %s にリネームされました。
 
-tag.create_tag=タグ <strong>%s</strong> を作成
 tag.create_tag_operation=タグの作成
 tag.confirm_create_tag=タグを作成
 tag.create_tag_from=`"%s" から新しいタグを作成`
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index 29d11d88d3d..2f5f01b7325 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -1123,7 +1123,6 @@ release.downloads=다운로드
 branch.name=브랜치명
 branch.delete_head=삭제
 branch.delete_html=브랜치 삭제
-branch.create_branch=<strong>%s</strong> 브랜치 생성
 branch.deleted_by=%s 에 의해 삭제되었습니다.
 
 
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index cf297a8dcf2..c33bf91d828 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -2442,7 +2442,6 @@ branch.delete_desc=Atzara dzēšana ir neatgriezeniska. Kaut arī izdzēstais za
 branch.deletion_success=Atzars "%s" tika izdzēsts.
 branch.deletion_failed=Neizdevās izdzēst atzaru "%s".
 branch.delete_branch_has_new_commits=Atzars "%s" nevar tik dzēsts, jo pēc sapludināšanas, tam ir pievienotas jaunas revīzijas.
-branch.create_branch=Izveidot atzaru <strong>%s</strong>
 branch.create_from=`no "%s"`
 branch.create_success=Tika izveidots atzars "%s".
 branch.branch_already_exists=Atzars "%s" šajā repozitorijā jau eksistē.
@@ -2468,7 +2467,6 @@ branch.new_branch=Izveidot jaunu atzaru
 branch.new_branch_from=`Izveidot jaunu atzaru no "%s"`
 branch.renamed=Atzars %s tika pārsaukts par %s.
 
-tag.create_tag=Izveidot tagu <strong>%s</strong>
 tag.create_tag_operation=Izveidot tagu
 tag.confirm_create_tag=Izveidot tagu
 tag.create_tag_from=`Izveidot tagu no "%s"`
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index c14c445a35a..d71184612dd 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -1955,7 +1955,6 @@ release.download_count=Downloads: %s
 branch.name=Branch naam
 branch.delete_head=Verwijder
 branch.delete_html=Verwijder branch
-branch.create_branch=Maak branch <strong>%s</strong>
 branch.deleted_by=Verwijderd door %s
 branch.included_desc=Deze branch maakt deel uit van de standaard branch
 branch.included=Inbegrepen
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index 4377256fe48..529211812ad 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -1820,7 +1820,6 @@ release.add_tag=Utwórz tylko znacznik
 branch.name=Nazwa gałęzi
 branch.delete_head=Usuń
 branch.delete_html=Usuń gałąź
-branch.create_branch=Utwórz gałąź <strong>%s</strong>
 branch.deleted_by=Usunięta przez %s
 branch.included_desc=Ta gałąź jest częścią domyślnej gałęzi
 branch.included=Zawarte
@@ -1829,7 +1828,6 @@ branch.confirm_create_branch=Utwórz gałąź
 branch.create_branch_operation=Utwórz gałąź
 branch.new_branch=Utwórz nową gałąź
 
-tag.create_tag=Utwóz tag <strong>%s</strong>
 
 
 topic.manage_topics=Zarządzaj tematami
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 402895f9996..dc614fd4e0c 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -2402,7 +2402,6 @@ branch.delete_html=Excluir Branch
 branch.deletion_success=Branch "%s" excluído.
 branch.deletion_failed=Falha ao excluir o branch "%s".
 branch.delete_branch_has_new_commits=O branch "%s" não pode ser excluído porque novos commits foram feitos após o merge.
-branch.create_branch=Criar branch <strong>%s</strong>
 branch.create_from=`a partir de "%s"`
 branch.create_success=Branch "%s" criado.
 branch.branch_already_exists=Branch "%s" já existe neste repositório.
@@ -2426,7 +2425,6 @@ branch.new_branch=Criar novo branch
 branch.new_branch_from=`Criar novo branch a partir de "%s"`
 branch.renamed=Branch %s foi renomeado para %s.
 
-tag.create_tag=Criar tag <strong>%s</strong>
 tag.create_tag_operation=Criar tag
 tag.confirm_create_tag=Criar tag
 tag.create_tag_from=`Criar nova tag a partir de "%s"`
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 04e99b0d5d0..cfa48ef63cb 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -2578,7 +2578,6 @@ branch.delete_desc=Eliminar um ramo é algo permanente. Embora o ramo eliminado
 branch.deletion_success=O ramo "%s" foi eliminado.
 branch.deletion_failed=Falhou a eliminação do ramo "%s".
 branch.delete_branch_has_new_commits=O ramo "%s" não pode ser eliminado porque foram adicionados novos cometimentos após a integração.
-branch.create_branch=Criar ramo <strong>%s</strong>
 branch.create_from=`a partir de "%s"`
 branch.create_success=O ramo "%s" foi criado.
 branch.branch_already_exists=O ramo "%s" já existe neste repositório.
@@ -2604,7 +2603,6 @@ branch.new_branch=Criar um novo ramo
 branch.new_branch_from=`Criar um novo ramo a partir do ramo "%s"`
 branch.renamed=O ramo %s foi renomeado para %s.
 
-tag.create_tag=Criar etiqueta <strong>%s</strong>
 tag.create_tag_operation=Criar etiqueta
 tag.confirm_create_tag=Criar etiqueta
 tag.create_tag_from=`Criar uma etiqueta nova a partir do ramo "%s"`
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 95d43435064..074551be252 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -2390,7 +2390,6 @@ branch.delete_desc=Удаление ветки необратимо. Несмо
 branch.deletion_success=Ветка «%s» удалена.
 branch.deletion_failed=Не удалось удалить ветку «%s».
 branch.delete_branch_has_new_commits=Ветку «%s» нельзя удалить, поскольку после слияния были добавлены новые коммиты.
-branch.create_branch=Создать ветку <strong>%s</strong>
 branch.create_from=от «%s»
 branch.create_success=Ветка «%s» создана.
 branch.branch_already_exists=Ветка «%s» уже существует в этом репозитории.
@@ -2416,7 +2415,6 @@ branch.new_branch=Создать новую ветку
 branch.new_branch_from=Создать новую ветку из «%s»
 branch.renamed=Ветка %s была переименована в %s.
 
-tag.create_tag=Создать тег <strong>%s</strong>
 tag.create_tag_operation=Создать тег
 tag.confirm_create_tag=Создать тег
 tag.create_tag_from=Создать новый тег из «%s»
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index 57c84ed73ff..ab959ea312f 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -1838,7 +1838,6 @@ release.add_tag=ටැග පමණක් සාදන්න
 branch.name=ශාඛාවේ නම
 branch.delete_head=මකන්න
 branch.delete_html=ශාඛාව මකන්න
-branch.create_branch=<strong>%s</strong> ශාඛාව සාදන්න
 branch.deleted_by=%sවිසින් මකා දමන ලදි
 branch.included_desc=මෙම ශාඛාව පෙරනිමි ශාඛාවේ කොටසකි
 branch.included=ඇතුළත්
@@ -1849,7 +1848,6 @@ branch.create_branch_operation=ශාඛාව සාදන්න
 branch.new_branch=නව ශාඛාවක් සාදන්න
 branch.renamed=ශාඛාව %s %sලෙස නම් කරන ලදී.
 
-tag.create_tag=ටැගය නිර්මාණය <strong>%s</strong>
 
 
 topic.manage_topics=මාතෘකා කළමනාකරණය
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 784752db05f..204ca501334 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -1489,7 +1489,6 @@ release.download_count=Nedladdningar: %s
 branch.name=Branch namn
 branch.delete_head=Radera
 branch.delete_html=Radera branch
-branch.create_branch=Skapa branchen <strong>%s</strong>
 branch.deleted_by=Raderad av %s
 
 
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 81b8dc05cb6..8abe87202da 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -2587,7 +2587,6 @@ branch.delete_desc=Bir dalı silmek kalıcıdır. Her ne kadar silinen dal tamam
 branch.deletion_success=`"%s" dalı silindi.`
 branch.deletion_failed=`"%s" dalı silinemedi.`
 branch.delete_branch_has_new_commits=`"%s" dalı silinemedi çünkü birleştirme sonrasında yeni işlemeler eklendi.`
-branch.create_branch=<strong>%s</strong> dalı oluştur
 branch.create_from=`"%s"den`
 branch.create_success=`"%s" dalı oluşturuldu.`
 branch.branch_already_exists=Bu depoda "%s" dalı zaten var.
@@ -2613,7 +2612,6 @@ branch.new_branch=Yeni dal oluştur
 branch.new_branch_from=`"%s" dalından yeni dal oluştur`
 branch.renamed=%s dalının adı %s olarak değiştirildi.
 
-tag.create_tag=<strong>%s</strong> etiketi oluştur
 tag.create_tag_operation=Etiket oluştur
 tag.confirm_create_tag=Etiket oluştur
 tag.create_tag_from=`"%s" kullanarak yeni etiket oluştur`
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index ce072996cd3..013f16744b0 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -1886,7 +1886,6 @@ release.add_tag=Створити тільки мітку
 branch.name=Ім'я гілки
 branch.delete_head=Видалити
 branch.delete_html=Видалити гілку
-branch.create_branch=Створити гілку <strong>%s</strong>
 branch.deleted_by=Видалено %s
 branch.included_desc=Ця гілка є частиною типової гілки
 branch.included=Включено
@@ -1897,7 +1896,6 @@ branch.create_branch_operation=Створити гілку
 branch.new_branch=Створити нову гілку
 branch.renamed=Гілку %s перейменовано на %s.
 
-tag.create_tag=Створити тег <strong>%s</strong>
 
 
 topic.manage_topics=Керувати тематичними мітками
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 67bb965528f..1326b56a1d6 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -2552,7 +2552,6 @@ branch.delete_desc=删除分支是永久的。虽然已删除的分支在实际
 branch.deletion_success=分支 %s 已被删除。
 branch.deletion_failed=删除分支 %s 失败。
 branch.delete_branch_has_new_commits=因为合并之后有新的提交，分支 %s 无法被删除。
-branch.create_branch=创建分支 <strong>%s</strong>
 branch.create_from=从 %s
 branch.create_success=分支 '%s' 已创建。
 branch.branch_already_exists=此仓库已存在名为 %s 的分支。
@@ -2578,7 +2577,6 @@ branch.new_branch=创建新分支
 branch.new_branch_from=基于"%s"创建新分支
 branch.renamed=分支 %s 被重命名为 %s。
 
-tag.create_tag=创建标签 <strong>%s</strong>
 tag.create_tag_operation=创建标签
 tag.confirm_create_tag=创建标签
 tag.create_tag_from=基于"%s"创建新标签
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index b74bf22ccf3..0f90eca6fea 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -2209,7 +2209,6 @@ branch.delete_html=刪除分支
 branch.deletion_success=已刪除分支「%s」。
 branch.deletion_failed=刪除分支「%s」失敗。
 branch.delete_branch_has_new_commits=因為合併後已加入了新的提交，「%s」分支無法被刪除。
-branch.create_branch=建立分支 <strong>%s</strong>
 branch.create_from=從「%s」
 branch.create_success=已建立分支「%s」。
 branch.branch_already_exists=此儲存庫已有名為「%s」的分支。
@@ -2231,7 +2230,6 @@ branch.new_branch=建立新分支
 branch.new_branch_from=從「%s」建立新分支
 branch.renamed=分支 %s 被重新命名為 %s。
 
-tag.create_tag=建立標籤 <strong>%s</strong>
 tag.create_tag_operation=建立標籤
 tag.confirm_create_tag=建立標籤
 tag.create_tag_from=從「%s」建立新標籤

From 74b1c589c6c1a4261556e1a1a868bbcb2964a5d3 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Wed, 4 Sep 2024 06:28:39 +0000
Subject: [PATCH 052/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_cs-CZ.ini | 2 ++
 options/locale/locale_de-DE.ini | 2 ++
 options/locale/locale_el-GR.ini | 2 ++
 options/locale/locale_es-ES.ini | 2 ++
 options/locale/locale_fa-IR.ini | 2 ++
 options/locale/locale_fi-FI.ini | 1 +
 options/locale/locale_fr-FR.ini | 2 ++
 options/locale/locale_hu-HU.ini | 1 +
 options/locale/locale_id-ID.ini | 1 +
 options/locale/locale_it-IT.ini | 2 ++
 options/locale/locale_ja-JP.ini | 2 ++
 options/locale/locale_ko-KR.ini | 1 +
 options/locale/locale_lv-LV.ini | 2 ++
 options/locale/locale_nl-NL.ini | 2 ++
 options/locale/locale_pl-PL.ini | 2 ++
 options/locale/locale_pt-BR.ini | 2 ++
 options/locale/locale_pt-PT.ini | 2 ++
 options/locale/locale_ru-RU.ini | 2 ++
 options/locale/locale_si-LK.ini | 2 ++
 options/locale/locale_sv-SE.ini | 1 +
 options/locale/locale_tr-TR.ini | 2 ++
 options/locale/locale_uk-UA.ini | 2 ++
 options/locale/locale_zh-CN.ini | 2 ++
 options/locale/locale_zh-TW.ini | 2 ++
 24 files changed, 43 insertions(+)

diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 280fe60a355..e44f8ddb6b5 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -2564,6 +2564,7 @@ branch.delete_desc=Smazání větve je trvalé. Přestože zrušená větev mů
 branch.deletion_success=Větev „%s“ byla smazána.
 branch.deletion_failed=Nepodařilo se odstranit větev „%s“.
 branch.delete_branch_has_new_commits=Větev „%s“ nemůže být smazána, protože byly přidány nové commity po sloučení.
+branch.create_branch=Vytvořit větev %s
 branch.create_from=z „%s“
 branch.create_success=Větev „%s“ byla vytvořena.
 branch.branch_already_exists=Větev „%s“ již existuje v tomto repozitáři.
@@ -2589,6 +2590,7 @@ branch.new_branch=Vytvořit novou větev
 branch.new_branch_from=Vytvořit novou větev z „%s“
 branch.renamed=Větev %s byla přejmenována na %s.
 
+tag.create_tag=Vytvořit značku %s
 tag.create_tag_operation=Vytvořit značku
 tag.confirm_create_tag=Vytvořit značku
 tag.create_tag_from=Vytvořit novou značku z „%s“
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 2c168a7bb7c..e0b02cf7e65 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -2536,6 +2536,7 @@ branch.delete_desc=Das Löschen eines Branches ist permanent. Obwohl der Branch
 branch.deletion_success=Branch "%s" wurde gelöscht.
 branch.deletion_failed=Branch "%s" konnte nicht gelöscht werden.
 branch.delete_branch_has_new_commits=Der Branch "%s" kann nicht gelöscht werden, da seit dem letzten Merge neue Commits hinzugefügt wurden.
+branch.create_branch=Erstelle Branch %s
 branch.create_from=`von "%s"`
 branch.create_success=Branch "%s" wurde erstellt.
 branch.branch_already_exists=Branch "%s" existiert bereits in diesem Repository.
@@ -2561,6 +2562,7 @@ branch.new_branch=Neue Branch erstellen
 branch.new_branch_from=Neuen Branch von "%s" erstellen
 branch.renamed=Branch %s wurde in %s umbenannt.
 
+tag.create_tag=Tag %s erstellen
 tag.create_tag_operation=Tag erstellen
 tag.confirm_create_tag=Tag erstellen
 tag.create_tag_from=Neuen Tag von "%s" erstellen
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 3396f65f01b..589357d3385 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -2442,6 +2442,7 @@ branch.delete_desc=Η διαγραφή ενός κλάδου είναι μόνι
 branch.deletion_success=Ο κλάδος "%s" διαγράφηκε.
 branch.deletion_failed=Αποτυχία διαγραφής του κλάδου "%s".
 branch.delete_branch_has_new_commits=Ο κλάδος "%s" δεν μπορεί να διαγραφεί επειδή προστέθηκαν νέες υποβολές μετά τη συγχώνευση.
+branch.create_branch=Δημιουργία κλάδου %s
 branch.create_from=`από το "%s"`
 branch.create_success=Ο κλάδος "%s" δημιουργήθηκε.
 branch.branch_already_exists=Ο κλάδος "%s" υπάρχει ήδη σε αυτό το αποθετήριο.
@@ -2467,6 +2468,7 @@ branch.new_branch=Δημιουργία νέου κλάδου
 branch.new_branch_from=`Δημιουργία νέου κλάδου από το "%s"`
 branch.renamed=Ο κλάδος %s μετονομάστηκε σε %s.
 
+tag.create_tag=Δημιουργία ετικέτας %s
 tag.create_tag_operation=Δημιουργία ετικέτας
 tag.confirm_create_tag=Δημιουργία ετικέτας
 tag.create_tag_from=`Δημιουργία νέας ετικέτας από το "%s"`
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 242e9ce3ed4..c3cde7de5c8 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -2423,6 +2423,7 @@ branch.delete_desc=Eliminar una rama es permanente. Aunque la rama eliminada pue
 branch.deletion_success=La rama "%s" ha sido eliminada.
 branch.deletion_failed=Error al eliminar la rama "%s".
 branch.delete_branch_has_new_commits=La rama "%s" no se puede eliminar porque se han añadido nuevos commits después de la fusión.
+branch.create_branch=Crear rama %s
 branch.create_from=`de "%s"`
 branch.create_success=La rama "%s" ha sido creada.
 branch.branch_already_exists=La rama "%s" ya existe en este repositorio.
@@ -2448,6 +2449,7 @@ branch.new_branch=Crear nueva rama
 branch.new_branch_from=`Crear nueva rama de "%s"`
 branch.renamed=La rama %s fue renombrada a %s.
 
+tag.create_tag=Crear etiqueta %s
 tag.create_tag_operation=Crear etiqueta
 tag.confirm_create_tag=Crear etiqueta
 tag.create_tag_from=`Crear nueva etiqueta de "%s"`
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index db675a22d03..e0585aaa368 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -1876,6 +1876,7 @@ release.add_tag=فقط تگ ایجاد کنید
 branch.name=نام شاخه
 branch.delete_head=حذف
 branch.delete_html=حذف شاخه
+branch.create_branch=ساختن شاخه %s
 branch.deleted_by=حذف شده توسط %s
 branch.included_desc=این شاخه بخشی از شاخه پیش فرض است
 branch.included=مشمول شده
@@ -1886,6 +1887,7 @@ branch.create_branch_operation=ایجاد شاخه
 branch.new_branch=شاخه جدید ایجاد کنید
 branch.renamed=شاخه %s قبلا به %s تغییر کرده است.
 
+tag.create_tag=تگ %s ایجاد کنید
 
 
 topic.manage_topics=مدیریت موضوعات
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 769fbba5bf3..03ed5e739f7 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -1280,6 +1280,7 @@ release.downloads=Lataukset
 
 branch.name=Haaran nimi
 branch.delete_head=Poista
+branch.create_branch=Luo haara %s
 
 
 
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 0583ce7c6d3..51057658b09 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -2587,6 +2587,7 @@ branch.delete_desc=La suppression d’une branche est permanente. Bien qu’une
 branch.deletion_success=La branche "%s" a été supprimée.
 branch.deletion_failed=Impossible de supprimer la branche "%s".
 branch.delete_branch_has_new_commits=La branche "%s" ne peut être supprimé, car de nouvelles révisions ont été ajoutées après la fusion.
+branch.create_branch=Créer la branche %s
 branch.create_from=`de "%s"`
 branch.create_success=La branche "%s" a été créée.
 branch.branch_already_exists=La branche "%s" existe déjà dans ce dépôt.
@@ -2612,6 +2613,7 @@ branch.new_branch=Créer une nouvelle branche
 branch.new_branch_from=`Créer une nouvelle branche à partir de "%s"`
 branch.renamed=La branche %s à été renommée en %s.
 
+tag.create_tag=Créer l'étiquette %s
 tag.create_tag_operation=Créer une étiquette
 tag.confirm_create_tag=Créer une étiquette
 tag.create_tag_from=`Créer une nouvelle étiquette à partir de "%s"`
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 01891b9c335..939a03ab0b6 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -1141,6 +1141,7 @@ release.download_count=Letöltések: %s
 
 branch.delete_head=Törlés
 branch.delete_html=Ág törlése
+branch.create_branch=Ág %s létrehozása
 branch.deleted_by=Törölve %s által
 
 
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index dfe0955b9cc..94c60979a8d 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -921,6 +921,7 @@ release.downloads=Unduhan
 
 branch.delete_head=Hapus
 branch.delete_html=Hapus cabang
+branch.create_branch=Membuat cabang %s
 branch.deleted_by=Dihapus oleh %s
 
 
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index c8bc3138a51..7237b49ae89 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -2031,6 +2031,7 @@ release.add_tag=Crea Solo Branch
 branch.name=Nome branch
 branch.delete_head=Elimina
 branch.delete_html=Elimina branch
+branch.create_branch=Crea branch %s
 branch.deleted_by=Eliminato da %s
 branch.included_desc=Questo ramo fa parte del ramo predefinito
 branch.included=Incluso
@@ -2041,6 +2042,7 @@ branch.create_branch_operation=Crea ramo
 branch.new_branch=Crea nuovo ramo
 branch.renamed=Il ramo %s è stato rinominato in %s.
 
+tag.create_tag=Crea branch %s
 tag.create_tag_operation=Crea etichetta
 tag.confirm_create_tag=Crea etichetta
 
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 1ac79e0697c..6240f29f3bc 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -2621,6 +2621,7 @@ branch.delete_desc=ブランチの削除は恒久的です。 実際に削除さ
 branch.deletion_success=ブランチ "%s" を削除しました。
 branch.deletion_failed=ブランチ "%s" の削除に失敗しました。
 branch.delete_branch_has_new_commits=マージ後に新しいコミットが追加されているため、ブランチ "%s" を削除できません。
+branch.create_branch=ブランチ %s を作成
 branch.create_from=`"%s" から`
 branch.create_success=ブランチ "%s" を作成しました。
 branch.branch_already_exists=ブランチ "%s" は、このリポジトリに既に存在します。
@@ -2646,6 +2647,7 @@ branch.new_branch=新しいブランチの作成
 branch.new_branch_from=`"%s" から新しいブランチを作成`
 branch.renamed=ブランチ %s は %s にリネームされました。
 
+tag.create_tag=タグ %s を作成
 tag.create_tag_operation=タグの作成
 tag.confirm_create_tag=タグを作成
 tag.create_tag_from=`"%s" から新しいタグを作成`
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index 2f5f01b7325..e571f069beb 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -1123,6 +1123,7 @@ release.downloads=다운로드
 branch.name=브랜치명
 branch.delete_head=삭제
 branch.delete_html=브랜치 삭제
+branch.create_branch=%s 브랜치 생성
 branch.deleted_by=%s 에 의해 삭제되었습니다.
 
 
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index c33bf91d828..c1b74f68af1 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -2442,6 +2442,7 @@ branch.delete_desc=Atzara dzēšana ir neatgriezeniska. Kaut arī izdzēstais za
 branch.deletion_success=Atzars "%s" tika izdzēsts.
 branch.deletion_failed=Neizdevās izdzēst atzaru "%s".
 branch.delete_branch_has_new_commits=Atzars "%s" nevar tik dzēsts, jo pēc sapludināšanas, tam ir pievienotas jaunas revīzijas.
+branch.create_branch=Izveidot atzaru %s
 branch.create_from=`no "%s"`
 branch.create_success=Tika izveidots atzars "%s".
 branch.branch_already_exists=Atzars "%s" šajā repozitorijā jau eksistē.
@@ -2467,6 +2468,7 @@ branch.new_branch=Izveidot jaunu atzaru
 branch.new_branch_from=`Izveidot jaunu atzaru no "%s"`
 branch.renamed=Atzars %s tika pārsaukts par %s.
 
+tag.create_tag=Izveidot tagu %s
 tag.create_tag_operation=Izveidot tagu
 tag.confirm_create_tag=Izveidot tagu
 tag.create_tag_from=`Izveidot tagu no "%s"`
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index d71184612dd..be806147dda 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -1955,11 +1955,13 @@ release.download_count=Downloads: %s
 branch.name=Branch naam
 branch.delete_head=Verwijder
 branch.delete_html=Verwijder branch
+branch.create_branch=Maak branch %s
 branch.deleted_by=Verwijderd door %s
 branch.included_desc=Deze branch maakt deel uit van de standaard branch
 branch.included=Inbegrepen
 branch.confirm_rename_branch=Hernoem branch
 
+tag.create_tag=Maak tag %s
 
 
 topic.manage_topics=Beheer topics
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index 529211812ad..c272cecb9c9 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -1820,6 +1820,7 @@ release.add_tag=Utwórz tylko znacznik
 branch.name=Nazwa gałęzi
 branch.delete_head=Usuń
 branch.delete_html=Usuń gałąź
+branch.create_branch=Utwórz gałąź %s
 branch.deleted_by=Usunięta przez %s
 branch.included_desc=Ta gałąź jest częścią domyślnej gałęzi
 branch.included=Zawarte
@@ -1828,6 +1829,7 @@ branch.confirm_create_branch=Utwórz gałąź
 branch.create_branch_operation=Utwórz gałąź
 branch.new_branch=Utwórz nową gałąź
 
+tag.create_tag=Utwóz tag %s
 
 
 topic.manage_topics=Zarządzaj tematami
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index dc614fd4e0c..f37c29844b0 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -2402,6 +2402,7 @@ branch.delete_html=Excluir Branch
 branch.deletion_success=Branch "%s" excluído.
 branch.deletion_failed=Falha ao excluir o branch "%s".
 branch.delete_branch_has_new_commits=O branch "%s" não pode ser excluído porque novos commits foram feitos após o merge.
+branch.create_branch=Criar branch %s
 branch.create_from=`a partir de "%s"`
 branch.create_success=Branch "%s" criado.
 branch.branch_already_exists=Branch "%s" já existe neste repositório.
@@ -2425,6 +2426,7 @@ branch.new_branch=Criar novo branch
 branch.new_branch_from=`Criar novo branch a partir de "%s"`
 branch.renamed=Branch %s foi renomeado para %s.
 
+tag.create_tag=Criar tag %s
 tag.create_tag_operation=Criar tag
 tag.confirm_create_tag=Criar tag
 tag.create_tag_from=`Criar nova tag a partir de "%s"`
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index cfa48ef63cb..e6acad2e36f 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -2578,6 +2578,7 @@ branch.delete_desc=Eliminar um ramo é algo permanente. Embora o ramo eliminado
 branch.deletion_success=O ramo "%s" foi eliminado.
 branch.deletion_failed=Falhou a eliminação do ramo "%s".
 branch.delete_branch_has_new_commits=O ramo "%s" não pode ser eliminado porque foram adicionados novos cometimentos após a integração.
+branch.create_branch=Criar ramo %s
 branch.create_from=`a partir de "%s"`
 branch.create_success=O ramo "%s" foi criado.
 branch.branch_already_exists=O ramo "%s" já existe neste repositório.
@@ -2603,6 +2604,7 @@ branch.new_branch=Criar um novo ramo
 branch.new_branch_from=`Criar um novo ramo a partir do ramo "%s"`
 branch.renamed=O ramo %s foi renomeado para %s.
 
+tag.create_tag=Criar etiqueta %s
 tag.create_tag_operation=Criar etiqueta
 tag.confirm_create_tag=Criar etiqueta
 tag.create_tag_from=`Criar uma etiqueta nova a partir do ramo "%s"`
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 074551be252..e4363cbc881 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -2390,6 +2390,7 @@ branch.delete_desc=Удаление ветки необратимо. Несмо
 branch.deletion_success=Ветка «%s» удалена.
 branch.deletion_failed=Не удалось удалить ветку «%s».
 branch.delete_branch_has_new_commits=Ветку «%s» нельзя удалить, поскольку после слияния были добавлены новые коммиты.
+branch.create_branch=Создать ветку %s
 branch.create_from=от «%s»
 branch.create_success=Ветка «%s» создана.
 branch.branch_already_exists=Ветка «%s» уже существует в этом репозитории.
@@ -2415,6 +2416,7 @@ branch.new_branch=Создать новую ветку
 branch.new_branch_from=Создать новую ветку из «%s»
 branch.renamed=Ветка %s была переименована в %s.
 
+tag.create_tag=Создать тег %s
 tag.create_tag_operation=Создать тег
 tag.confirm_create_tag=Создать тег
 tag.create_tag_from=Создать новый тег из «%s»
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index ab959ea312f..9fe12f8b6a5 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -1838,6 +1838,7 @@ release.add_tag=ටැග පමණක් සාදන්න
 branch.name=ශාඛාවේ නම
 branch.delete_head=මකන්න
 branch.delete_html=ශාඛාව මකන්න
+branch.create_branch=%s ශාඛාව සාදන්න
 branch.deleted_by=%sවිසින් මකා දමන ලදි
 branch.included_desc=මෙම ශාඛාව පෙරනිමි ශාඛාවේ කොටසකි
 branch.included=ඇතුළත්
@@ -1848,6 +1849,7 @@ branch.create_branch_operation=ශාඛාව සාදන්න
 branch.new_branch=නව ශාඛාවක් සාදන්න
 branch.renamed=ශාඛාව %s %sලෙස නම් කරන ලදී.
 
+tag.create_tag=ටැගය නිර්මාණය %s
 
 
 topic.manage_topics=මාතෘකා කළමනාකරණය
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 204ca501334..f8112a69cec 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -1489,6 +1489,7 @@ release.download_count=Nedladdningar: %s
 branch.name=Branch namn
 branch.delete_head=Radera
 branch.delete_html=Radera branch
+branch.create_branch=Skapa branchen %s
 branch.deleted_by=Raderad av %s
 
 
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 8abe87202da..bf7ca860c62 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -2587,6 +2587,7 @@ branch.delete_desc=Bir dalı silmek kalıcıdır. Her ne kadar silinen dal tamam
 branch.deletion_success=`"%s" dalı silindi.`
 branch.deletion_failed=`"%s" dalı silinemedi.`
 branch.delete_branch_has_new_commits=`"%s" dalı silinemedi çünkü birleştirme sonrasında yeni işlemeler eklendi.`
+branch.create_branch=%s dalı oluştur
 branch.create_from=`"%s"den`
 branch.create_success=`"%s" dalı oluşturuldu.`
 branch.branch_already_exists=Bu depoda "%s" dalı zaten var.
@@ -2612,6 +2613,7 @@ branch.new_branch=Yeni dal oluştur
 branch.new_branch_from=`"%s" dalından yeni dal oluştur`
 branch.renamed=%s dalının adı %s olarak değiştirildi.
 
+tag.create_tag=%s etiketi oluştur
 tag.create_tag_operation=Etiket oluştur
 tag.confirm_create_tag=Etiket oluştur
 tag.create_tag_from=`"%s" kullanarak yeni etiket oluştur`
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 013f16744b0..c80a490c7d6 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -1886,6 +1886,7 @@ release.add_tag=Створити тільки мітку
 branch.name=Ім'я гілки
 branch.delete_head=Видалити
 branch.delete_html=Видалити гілку
+branch.create_branch=Створити гілку %s
 branch.deleted_by=Видалено %s
 branch.included_desc=Ця гілка є частиною типової гілки
 branch.included=Включено
@@ -1896,6 +1897,7 @@ branch.create_branch_operation=Створити гілку
 branch.new_branch=Створити нову гілку
 branch.renamed=Гілку %s перейменовано на %s.
 
+tag.create_tag=Створити тег %s
 
 
 topic.manage_topics=Керувати тематичними мітками
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 1326b56a1d6..90557d7f657 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -2552,6 +2552,7 @@ branch.delete_desc=删除分支是永久的。虽然已删除的分支在实际
 branch.deletion_success=分支 %s 已被删除。
 branch.deletion_failed=删除分支 %s 失败。
 branch.delete_branch_has_new_commits=因为合并之后有新的提交，分支 %s 无法被删除。
+branch.create_branch=创建分支 %s
 branch.create_from=从 %s
 branch.create_success=分支 '%s' 已创建。
 branch.branch_already_exists=此仓库已存在名为 %s 的分支。
@@ -2577,6 +2578,7 @@ branch.new_branch=创建新分支
 branch.new_branch_from=基于"%s"创建新分支
 branch.renamed=分支 %s 被重命名为 %s。
 
+tag.create_tag=创建标签 %s
 tag.create_tag_operation=创建标签
 tag.confirm_create_tag=创建标签
 tag.create_tag_from=基于"%s"创建新标签
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index 0f90eca6fea..b855ef7df6c 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -2209,6 +2209,7 @@ branch.delete_html=刪除分支
 branch.deletion_success=已刪除分支「%s」。
 branch.deletion_failed=刪除分支「%s」失敗。
 branch.delete_branch_has_new_commits=因為合併後已加入了新的提交，「%s」分支無法被刪除。
+branch.create_branch=建立分支 %s
 branch.create_from=從「%s」
 branch.create_success=已建立分支「%s」。
 branch.branch_already_exists=此儲存庫已有名為「%s」的分支。
@@ -2230,6 +2231,7 @@ branch.new_branch=建立新分支
 branch.new_branch_from=從「%s」建立新分支
 branch.renamed=分支 %s 被重新命名為 %s。
 
+tag.create_tag=建立標籤 %s
 tag.create_tag_operation=建立標籤
 tag.confirm_create_tag=建立標籤
 tag.create_tag_from=從「%s」建立新標籤

From 5c05dddbed8247a4fb272619f1eb7cf090443b8b Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 5 Sep 2024 15:05:42 +0800
Subject: [PATCH 053/129] Fix nuget/conan/container packages upload bugs
 (#31967)

---
 models/auth/access_token_scope.go             |  16 ++
 routers/api/packages/conan/auth.go            |  10 +-
 routers/api/packages/conan/conan.go           |  35 ++-
 routers/api/packages/container/auth.go        |  11 +-
 routers/api/packages/container/container.go   |  17 +-
 routers/api/packages/nuget/auth.go            |   3 +
 services/auth/basic.go                        |  27 ++-
 services/packages/auth.go                     |  30 ++-
 tests/integration/api_packages_conan_test.go  | 170 ++++++++++++++-
 .../api_packages_container_test.go            |  80 ++++++-
 tests/integration/api_packages_nuget_test.go  | 203 ++++++++++++------
 11 files changed, 512 insertions(+), 90 deletions(-)

diff --git a/models/auth/access_token_scope.go b/models/auth/access_token_scope.go
index fe57276700b..897ff3fc9ee 100644
--- a/models/auth/access_token_scope.go
+++ b/models/auth/access_token_scope.go
@@ -309,6 +309,22 @@ func (s AccessTokenScope) HasScope(scopes ...AccessTokenScope) (bool, error) {
 	return true, nil
 }
 
+// HasAnyScope returns true if any of the scopes is contained in the string
+func (s AccessTokenScope) HasAnyScope(scopes ...AccessTokenScope) (bool, error) {
+	bitmap, err := s.parse()
+	if err != nil {
+		return false, err
+	}
+
+	for _, s := range scopes {
+		if has, err := bitmap.hasScope(s); has || err != nil {
+			return has, err
+		}
+	}
+
+	return false, nil
+}
+
 // hasScope returns true if the string has the given scope
 func (bitmap accessTokenScopeBitmap) hasScope(scope AccessTokenScope) (bool, error) {
 	expectedBits, ok := allAccessTokenScopeBits[scope]
diff --git a/routers/api/packages/conan/auth.go b/routers/api/packages/conan/auth.go
index 521fa12372c..9c03d01391f 100644
--- a/routers/api/packages/conan/auth.go
+++ b/routers/api/packages/conan/auth.go
@@ -22,21 +22,25 @@ func (a *Auth) Name() string {
 
 // Verify extracts the user from the Bearer token
 func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
-	uid, err := packages.ParseAuthorizationToken(req)
+	packageMeta, err := packages.ParseAuthorizationRequest(req)
 	if err != nil {
 		log.Trace("ParseAuthorizationToken: %v", err)
 		return nil, err
 	}
 
-	if uid == 0 {
+	if packageMeta == nil || packageMeta.UserID == 0 {
 		return nil, nil
 	}
 
-	u, err := user_model.GetUserByID(req.Context(), uid)
+	u, err := user_model.GetUserByID(req.Context(), packageMeta.UserID)
 	if err != nil {
 		log.Error("GetUserByID:  %v", err)
 		return nil, err
 	}
+	if packageMeta.Scope != "" {
+		store.GetData()["IsApiToken"] = true
+		store.GetData()["ApiTokenScope"] = packageMeta.Scope
+	}
 
 	return u, nil
 }
diff --git a/routers/api/packages/conan/conan.go b/routers/api/packages/conan/conan.go
index 7afca2fab18..4a9f0a3ffc7 100644
--- a/routers/api/packages/conan/conan.go
+++ b/routers/api/packages/conan/conan.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"
 
+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	packages_model "code.gitea.io/gitea/models/packages"
 	conan_model "code.gitea.io/gitea/models/packages/conan"
@@ -21,6 +22,7 @@ import (
 	conan_module "code.gitea.io/gitea/modules/packages/conan"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers/api/packages/helper"
+	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/context"
 	notify_service "code.gitea.io/gitea/services/notify"
 	packages_service "code.gitea.io/gitea/services/packages"
@@ -117,7 +119,20 @@ func Authenticate(ctx *context.Context) {
 		return
 	}
 
-	token, err := packages_service.CreateAuthorizationToken(ctx.Doer)
+	packageScope := auth_service.GetAccessScope(ctx.Data)
+	if has, err := packageScope.HasAnyScope(
+		auth_model.AccessTokenScopeReadPackage,
+		auth_model.AccessTokenScopeWritePackage,
+		auth_model.AccessTokenScopeAll,
+	); !has {
+		if err != nil {
+			log.Error("Error checking access scope: %v", err)
+		}
+		apiError(ctx, http.StatusForbidden, nil)
+		return
+	}
+
+	token, err := packages_service.CreateAuthorizationToken(ctx.Doer, packageScope)
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
@@ -130,9 +145,23 @@ func Authenticate(ctx *context.Context) {
 func CheckCredentials(ctx *context.Context) {
 	if ctx.Doer == nil {
 		ctx.Status(http.StatusUnauthorized)
-	} else {
-		ctx.Status(http.StatusOK)
+		return
 	}
+
+	packageScope := auth_service.GetAccessScope(ctx.Data)
+	if has, err := packageScope.HasAnyScope(
+		auth_model.AccessTokenScopeReadPackage,
+		auth_model.AccessTokenScopeWritePackage,
+		auth_model.AccessTokenScopeAll,
+	); !has {
+		if err != nil {
+			log.Error("Error checking access scope: %v", err)
+		}
+		ctx.Status(http.StatusForbidden)
+		return
+	}
+
+	ctx.Status(http.StatusOK)
 }
 
 // RecipeSnapshot displays the recipe files with their md5 hash
diff --git a/routers/api/packages/container/auth.go b/routers/api/packages/container/auth.go
index 1c7afa95ff9..1d8ae6af7d7 100644
--- a/routers/api/packages/container/auth.go
+++ b/routers/api/packages/container/auth.go
@@ -23,21 +23,26 @@ func (a *Auth) Name() string {
 // Verify extracts the user from the Bearer token
 // If it's an anonymous session a ghost user is returned
 func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
-	uid, err := packages.ParseAuthorizationToken(req)
+	packageMeta, err := packages.ParseAuthorizationRequest(req)
 	if err != nil {
 		log.Trace("ParseAuthorizationToken: %v", err)
 		return nil, err
 	}
 
-	if uid == 0 {
+	if packageMeta == nil || packageMeta.UserID == 0 {
 		return nil, nil
 	}
 
-	u, err := user_model.GetPossibleUserByID(req.Context(), uid)
+	u, err := user_model.GetPossibleUserByID(req.Context(), packageMeta.UserID)
 	if err != nil {
 		log.Error("GetPossibleUserByID:  %v", err)
 		return nil, err
 	}
 
+	if packageMeta.Scope != "" {
+		store.GetData()["IsApiToken"] = true
+		store.GetData()["ApiTokenScope"] = packageMeta.Scope
+	}
+
 	return u, nil
 }
diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index 74a3295f09b..d495d199d9d 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -14,6 +14,7 @@ import (
 	"strconv"
 	"strings"
 
+	auth_model "code.gitea.io/gitea/models/auth"
 	packages_model "code.gitea.io/gitea/models/packages"
 	container_model "code.gitea.io/gitea/models/packages/container"
 	user_model "code.gitea.io/gitea/models/user"
@@ -25,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers/api/packages/helper"
+	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/context"
 	packages_service "code.gitea.io/gitea/services/packages"
 	container_service "code.gitea.io/gitea/services/packages/container"
@@ -148,6 +150,7 @@ func DetermineSupport(ctx *context.Context) {
 // If the current user is anonymous, the ghost user is used unless RequireSignInView is enabled.
 func Authenticate(ctx *context.Context) {
 	u := ctx.Doer
+	packageScope := auth_service.GetAccessScope(ctx.Data)
 	if u == nil {
 		if setting.Service.RequireSignInView {
 			apiUnauthorizedError(ctx)
@@ -155,9 +158,21 @@ func Authenticate(ctx *context.Context) {
 		}
 
 		u = user_model.NewGhostUser()
+	} else {
+		if has, err := packageScope.HasAnyScope(
+			auth_model.AccessTokenScopeReadPackage,
+			auth_model.AccessTokenScopeWritePackage,
+			auth_model.AccessTokenScopeAll,
+		); !has {
+			if err != nil {
+				log.Error("Error checking access scope: %v", err)
+			}
+			apiUnauthorizedError(ctx)
+			return
+		}
 	}
 
-	token, err := packages_service.CreateAuthorizationToken(u)
+	token, err := packages_service.CreateAuthorizationToken(u, packageScope)
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
diff --git a/routers/api/packages/nuget/auth.go b/routers/api/packages/nuget/auth.go
index 1bb68d059b2..e81ad01b2b3 100644
--- a/routers/api/packages/nuget/auth.go
+++ b/routers/api/packages/nuget/auth.go
@@ -43,5 +43,8 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 		log.Error("UpdateAccessToken:  %v", err)
 	}
 
+	store.GetData()["IsApiToken"] = true
+	store.GetData()["ApiToken"] = token
+
 	return u, nil
 }
diff --git a/services/auth/basic.go b/services/auth/basic.go
index 1184d12d1c4..90bd6423709 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -25,7 +25,12 @@ var (
 )
 
 // BasicMethodName is the constant name of the basic authentication method
-const BasicMethodName = "basic"
+const (
+	BasicMethodName       = "basic"
+	AccessTokenMethodName = "access_token"
+	OAuth2TokenMethodName = "oauth2_token"
+	ActionTokenMethodName = "action_token"
+)
 
 // Basic implements the Auth interface and authenticates requests (API requests
 // only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization"
@@ -82,6 +87,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			return nil, err
 		}
 
+		store.GetData()["LoginMethod"] = OAuth2TokenMethodName
 		store.GetData()["IsApiToken"] = true
 		return u, nil
 	}
@@ -101,6 +107,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			log.Error("UpdateAccessToken:  %v", err)
 		}
 
+		store.GetData()["LoginMethod"] = AccessTokenMethodName
 		store.GetData()["IsApiToken"] = true
 		store.GetData()["ApiTokenScope"] = token.Scope
 		return u, nil
@@ -113,6 +120,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	if err == nil && task != nil {
 		log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
 
+		store.GetData()["LoginMethod"] = ActionTokenMethodName
 		store.GetData()["IsActionsToken"] = true
 		store.GetData()["ActionsTaskID"] = task.ID
 
@@ -138,6 +146,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 		}
 	}
 
+	store.GetData()["LoginMethod"] = BasicMethodName
 	log.Trace("Basic Authorization: Logged in user %-v", u)
 
 	return u, nil
@@ -159,3 +168,19 @@ func validateTOTP(req *http.Request, u *user_model.User) error {
 	}
 	return nil
 }
+
+func GetAccessScope(store DataStore) auth_model.AccessTokenScope {
+	if v, ok := store.GetData()["ApiTokenScope"]; ok {
+		return v.(auth_model.AccessTokenScope)
+	}
+	switch store.GetData()["LoginMethod"] {
+	case OAuth2TokenMethodName:
+		fallthrough
+	case BasicMethodName, AccessTokenMethodName:
+		return auth_model.AccessTokenScopeAll
+	case ActionTokenMethodName:
+		fallthrough
+	default:
+		return ""
+	}
+}
diff --git a/services/packages/auth.go b/services/packages/auth.go
index 8263c28bed0..4526a8e303a 100644
--- a/services/packages/auth.go
+++ b/services/packages/auth.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 	"time"
 
+	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -18,10 +19,14 @@ import (
 
 type packageClaims struct {
 	jwt.RegisteredClaims
+	PackageMeta
+}
+type PackageMeta struct {
 	UserID int64
+	Scope  auth_model.AccessTokenScope
 }
 
-func CreateAuthorizationToken(u *user_model.User) (string, error) {
+func CreateAuthorizationToken(u *user_model.User, packageScope auth_model.AccessTokenScope) (string, error) {
 	now := time.Now()
 
 	claims := packageClaims{
@@ -29,7 +34,10 @@ func CreateAuthorizationToken(u *user_model.User) (string, error) {
 			ExpiresAt: jwt.NewNumericDate(now.Add(24 * time.Hour)),
 			NotBefore: jwt.NewNumericDate(now),
 		},
-		UserID: u.ID,
+		PackageMeta: PackageMeta{
+			UserID: u.ID,
+			Scope:  packageScope,
+		},
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 
@@ -41,32 +49,36 @@ func CreateAuthorizationToken(u *user_model.User) (string, error) {
 	return tokenString, nil
 }
 
-func ParseAuthorizationToken(req *http.Request) (int64, error) {
+func ParseAuthorizationRequest(req *http.Request) (*PackageMeta, error) {
 	h := req.Header.Get("Authorization")
 	if h == "" {
-		return 0, nil
+		return nil, nil
 	}
 
 	parts := strings.SplitN(h, " ", 2)
 	if len(parts) != 2 {
 		log.Error("split token failed: %s", h)
-		return 0, fmt.Errorf("split token failed")
+		return nil, fmt.Errorf("split token failed")
 	}
 
-	token, err := jwt.ParseWithClaims(parts[1], &packageClaims{}, func(t *jwt.Token) (any, error) {
+	return ParseAuthorizationToken(parts[1])
+}
+
+func ParseAuthorizationToken(tokenStr string) (*PackageMeta, error) {
+	token, err := jwt.ParseWithClaims(tokenStr, &packageClaims{}, func(t *jwt.Token) (any, error) {
 		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
 		}
 		return setting.GetGeneralTokenSigningSecret(), nil
 	})
 	if err != nil {
-		return 0, err
+		return nil, err
 	}
 
 	c, ok := token.Claims.(*packageClaims)
 	if !token.Valid || !ok {
-		return 0, fmt.Errorf("invalid token claim")
+		return nil, fmt.Errorf("invalid token claim")
 	}
 
-	return c.UserID, nil
+	return &c.PackageMeta, nil
 }
diff --git a/tests/integration/api_packages_conan_test.go b/tests/integration/api_packages_conan_test.go
index a25713f039f..3055e57a2ed 100644
--- a/tests/integration/api_packages_conan_test.go
+++ b/tests/integration/api_packages_conan_test.go
@@ -11,6 +11,7 @@ import (
 	"testing"
 	"time"
 
+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/packages"
 	conan_model "code.gitea.io/gitea/models/packages/conan"
@@ -19,6 +20,7 @@ import (
 	conan_module "code.gitea.io/gitea/modules/packages/conan"
 	"code.gitea.io/gitea/modules/setting"
 	conan_router "code.gitea.io/gitea/routers/api/packages/conan"
+	package_service "code.gitea.io/gitea/services/packages"
 	"code.gitea.io/gitea/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -225,7 +227,7 @@ func TestPackageConan(t *testing.T) {
 
 		token := ""
 
-		t.Run("Authenticate", func(t *testing.T) {
+		t.Run("UserName/Password Authenticate", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
 			req := NewRequest(t, "GET", fmt.Sprintf("%s/v1/users/authenticate", url)).
@@ -234,6 +236,73 @@ func TestPackageConan(t *testing.T) {
 
 			token = resp.Body.String()
 			assert.NotEmpty(t, token)
+
+			pkgMeta, err := package_service.ParseAuthorizationToken(token)
+			assert.NoError(t, err)
+			assert.Equal(t, user.ID, pkgMeta.UserID)
+			assert.Equal(t, auth_model.AccessTokenScopeAll, pkgMeta.Scope)
+		})
+
+		badToken := ""
+		t.Run("Token Scope Authentication", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, user.Name)
+
+			badToken = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadNotification)
+
+			testCase := func(t *testing.T, scope auth_model.AccessTokenScope, expectedAuthStatusCode, expectedStatusCode int) {
+				t.Helper()
+
+				token := getTokenForLoggedInUser(t, session, scope)
+
+				req := NewRequest(t, "GET", fmt.Sprintf("%s/v1/users/authenticate", url)).
+					AddTokenAuth(token)
+				resp := MakeRequest(t, req, expectedAuthStatusCode)
+				if expectedAuthStatusCode != http.StatusOK {
+					return
+				}
+
+				body := resp.Body.String()
+				assert.NotEmpty(t, body)
+
+				pkgMeta, err := package_service.ParseAuthorizationToken(body)
+				assert.NoError(t, err)
+				assert.Equal(t, user.ID, pkgMeta.UserID)
+				assert.Equal(t, scope, pkgMeta.Scope)
+
+				recipeURL := fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s", url, "TestScope", version1, "testing", channel1)
+
+				req = NewRequestWithJSON(t, "POST", fmt.Sprintf("%s/upload_urls", recipeURL), map[string]int64{
+					conanfileName: 64,
+					"removed.txt": 0,
+				}).AddTokenAuth(token)
+				MakeRequest(t, req, expectedStatusCode)
+			}
+
+			t.Run("No Package permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeReadNotification, http.StatusUnauthorized, http.StatusForbidden)
+			})
+
+			t.Run("Package Read permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeReadPackage, http.StatusOK, http.StatusUnauthorized)
+			})
+
+			t.Run("Package Write permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeWritePackage, http.StatusOK, http.StatusOK)
+			})
+
+			t.Run("All permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeAll, http.StatusOK, http.StatusOK)
+			})
 		})
 
 		t.Run("CheckCredentials", func(t *testing.T) {
@@ -431,6 +500,11 @@ func TestPackageConan(t *testing.T) {
 
 					req := NewRequestWithJSON(t, "POST", fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s/packages/delete", url, name, version1, user1, c.Channel), map[string][]string{
 						"package_ids": c.References,
+					}).AddTokenAuth(badToken)
+					MakeRequest(t, req, http.StatusUnauthorized)
+
+					req = NewRequestWithJSON(t, "POST", fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s/packages/delete", url, name, version1, user1, c.Channel), map[string][]string{
+						"package_ids": c.References,
 					}).AddTokenAuth(token)
 					MakeRequest(t, req, http.StatusOK)
 
@@ -457,6 +531,10 @@ func TestPackageConan(t *testing.T) {
 					assert.NotEmpty(t, revisions)
 
 					req := NewRequest(t, "DELETE", fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s", url, name, version1, user1, c.Channel)).
+						AddTokenAuth(badToken)
+					MakeRequest(t, req, http.StatusUnauthorized)
+
+					req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s", url, name, version1, user1, c.Channel)).
 						AddTokenAuth(token)
 					MakeRequest(t, req, http.StatusOK)
 
@@ -480,7 +558,7 @@ func TestPackageConan(t *testing.T) {
 
 		token := ""
 
-		t.Run("Authenticate", func(t *testing.T) {
+		t.Run("UserName/Password Authenticate", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
 			req := NewRequest(t, "GET", fmt.Sprintf("%s/v2/users/authenticate", url)).
@@ -490,9 +568,75 @@ func TestPackageConan(t *testing.T) {
 			body := resp.Body.String()
 			assert.NotEmpty(t, body)
 
+			pkgMeta, err := package_service.ParseAuthorizationToken(body)
+			assert.NoError(t, err)
+			assert.Equal(t, user.ID, pkgMeta.UserID)
+			assert.Equal(t, auth_model.AccessTokenScopeAll, pkgMeta.Scope)
+
 			token = fmt.Sprintf("Bearer %s", body)
 		})
 
+		badToken := ""
+
+		t.Run("Token Scope Authentication", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, user.Name)
+
+			badToken = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadNotification)
+
+			testCase := func(t *testing.T, scope auth_model.AccessTokenScope, expectedAuthStatusCode, expectedStatusCode int) {
+				t.Helper()
+
+				token := getTokenForLoggedInUser(t, session, scope)
+
+				req := NewRequest(t, "GET", fmt.Sprintf("%s/v2/users/authenticate", url)).
+					AddTokenAuth(token)
+				resp := MakeRequest(t, req, expectedAuthStatusCode)
+				if expectedAuthStatusCode != http.StatusOK {
+					return
+				}
+
+				body := resp.Body.String()
+				assert.NotEmpty(t, body)
+
+				pkgMeta, err := package_service.ParseAuthorizationToken(body)
+				assert.NoError(t, err)
+				assert.Equal(t, user.ID, pkgMeta.UserID)
+				assert.Equal(t, scope, pkgMeta.Scope)
+
+				recipeURL := fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s", url, "TestScope", version1, "testing", channel1, revision1)
+
+				req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/files/%s", recipeURL, conanfileName), strings.NewReader("Demo Conan file")).
+					AddTokenAuth(token)
+				MakeRequest(t, req, expectedStatusCode)
+			}
+
+			t.Run("No Package permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeReadNotification, http.StatusUnauthorized, http.StatusUnauthorized)
+			})
+
+			t.Run("Package Read permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeReadPackage, http.StatusOK, http.StatusUnauthorized)
+			})
+
+			t.Run("Package Write permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeWritePackage, http.StatusOK, http.StatusCreated)
+			})
+
+			t.Run("All permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeAll, http.StatusOK, http.StatusCreated)
+			})
+		})
+
 		t.Run("CheckCredentials", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
@@ -511,7 +655,7 @@ func TestPackageConan(t *testing.T) {
 
 				pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeConan)
 				assert.NoError(t, err)
-				assert.Len(t, pvs, 2)
+				assert.Len(t, pvs, 3)
 			})
 		})
 
@@ -663,11 +807,19 @@ func TestPackageConan(t *testing.T) {
 				checkPackageRevisionCount(2)
 
 				req := NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages/%s/revisions/%s", url, name, version1, user1, channel1, revision1, conanPackageReference, revision1)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages/%s/revisions/%s", url, name, version1, user1, channel1, revision1, conanPackageReference, revision1)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)
 
 				checkPackageRevisionCount(1)
 
+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages/%s", url, name, version1, user1, channel1, revision1, conanPackageReference)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
 				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages/%s", url, name, version1, user1, channel1, revision1, conanPackageReference)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)
@@ -678,6 +830,10 @@ func TestPackageConan(t *testing.T) {
 
 				checkPackageReferenceCount(1)
 
+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages", url, name, version1, user1, channel1, revision2)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
 				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages", url, name, version1, user1, channel1, revision2)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)
@@ -699,11 +855,19 @@ func TestPackageConan(t *testing.T) {
 				checkRecipeRevisionCount(2)
 
 				req := NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s", url, name, version1, user1, channel1, revision1)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s", url, name, version1, user1, channel1, revision1)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)
 
 				checkRecipeRevisionCount(1)
 
+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s", url, name, version1, user1, channel1)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
 				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s", url, name, version1, user1, channel1)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index fcd1cc529f2..409e7513a6e 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -23,6 +23,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/test"
+	package_service "code.gitea.io/gitea/services/packages"
 	"code.gitea.io/gitea/tests"
 
 	oci "github.com/opencontainers/image-spec/specs-go/v1"
@@ -78,6 +79,8 @@ func TestPackageContainer(t *testing.T) {
 
 	anonymousToken := ""
 	userToken := ""
+	readToken := ""
+	badToken := ""
 
 	t.Run("Authenticate", func(t *testing.T) {
 		type TokenResponse struct {
@@ -123,7 +126,7 @@ func TestPackageContainer(t *testing.T) {
 			assert.Equal(t, `Bearer realm="https://domain:8443/v2/token",service="container_registry",scope="*"`, resp.Header().Get("WWW-Authenticate"))
 		})
 
-		t.Run("User", func(t *testing.T) {
+		t.Run("UserName/Password", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
@@ -139,6 +142,10 @@ func TestPackageContainer(t *testing.T) {
 			DecodeJSON(t, resp, &tokenResponse)
 
 			assert.NotEmpty(t, tokenResponse.Token)
+			pkgMeta, err := package_service.ParseAuthorizationToken(tokenResponse.Token)
+			assert.NoError(t, err)
+			assert.Equal(t, user.ID, pkgMeta.UserID)
+			assert.Equal(t, auth_model.AccessTokenScopeAll, pkgMeta.Scope)
 
 			userToken = fmt.Sprintf("Bearer %s", tokenResponse.Token)
 
@@ -146,6 +153,52 @@ func TestPackageContainer(t *testing.T) {
 				AddTokenAuth(userToken)
 			MakeRequest(t, req, http.StatusOK)
 		})
+
+		// Token that should enforce the read scope.
+		t.Run("AccessToken", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, user.Name)
+
+			readToken = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadPackage)
+			req := NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
+			req.Request.SetBasicAuth(user.Name, readToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			tokenResponse := &TokenResponse{}
+			DecodeJSON(t, resp, &tokenResponse)
+
+			readToken = fmt.Sprintf("Bearer %s", tokenResponse.Token)
+
+			badToken = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadNotification)
+			req = NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
+			req.Request.SetBasicAuth(user.Name, badToken)
+			MakeRequest(t, req, http.StatusUnauthorized)
+
+			testCase := func(scope auth_model.AccessTokenScope, expectedAuthStatus, expectedStatus int) {
+				token := getTokenForLoggedInUser(t, session, scope)
+
+				req := NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
+				req.SetBasicAuth(user.Name, token)
+
+				resp := MakeRequest(t, req, expectedAuthStatus)
+				if expectedAuthStatus != http.StatusOK {
+					return
+				}
+
+				tokenResponse := &TokenResponse{}
+				DecodeJSON(t, resp, &tokenResponse)
+
+				assert.NotEmpty(t, tokenResponse.Token)
+
+				req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL)).
+					AddTokenAuth(fmt.Sprintf("Bearer %s", tokenResponse.Token))
+				MakeRequest(t, req, expectedStatus)
+			}
+			testCase(auth_model.AccessTokenScopeReadPackage, http.StatusOK, http.StatusOK)
+			testCase(auth_model.AccessTokenScopeAll, http.StatusOK, http.StatusOK)
+			testCase(auth_model.AccessTokenScopeReadNotification, http.StatusUnauthorized, http.StatusUnauthorized)
+			testCase(auth_model.AccessTokenScopeWritePackage, http.StatusOK, http.StatusOK)
+		})
 	})
 
 	t.Run("DetermineSupport", func(t *testing.T) {
@@ -155,6 +208,15 @@ func TestPackageContainer(t *testing.T) {
 			AddTokenAuth(userToken)
 		resp := MakeRequest(t, req, http.StatusOK)
 		assert.Equal(t, "registry/2.0", resp.Header().Get("Docker-Distribution-Api-Version"))
+
+		req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL)).
+			AddTokenAuth(readToken)
+		resp = MakeRequest(t, req, http.StatusOK)
+		assert.Equal(t, "registry/2.0", resp.Header().Get("Docker-Distribution-Api-Version"))
+
+		req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL)).
+			AddTokenAuth(badToken)
+		MakeRequest(t, req, http.StatusUnauthorized)
 	})
 
 	for _, image := range images {
@@ -168,6 +230,14 @@ func TestPackageContainer(t *testing.T) {
 					AddTokenAuth(anonymousToken)
 				MakeRequest(t, req, http.StatusUnauthorized)
 
+				req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
+					AddTokenAuth(readToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
 				req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", url, unknownDigest), bytes.NewReader(blobContent)).
 					AddTokenAuth(userToken)
 				MakeRequest(t, req, http.StatusBadRequest)
@@ -195,6 +265,14 @@ func TestPackageContainer(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()
 
 				req := NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
+					AddTokenAuth(readToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
 					AddTokenAuth(userToken)
 				resp := MakeRequest(t, req, http.StatusAccepted)
 
diff --git a/tests/integration/api_packages_nuget_test.go b/tests/integration/api_packages_nuget_test.go
index 630b4de3f92..622c2c43941 100644
--- a/tests/integration/api_packages_nuget_test.go
+++ b/tests/integration/api_packages_nuget_test.go
@@ -26,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/routers/api/packages/nuget"
+	packageService "code.gitea.io/gitea/services/packages"
 	"code.gitea.io/gitea/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -81,7 +82,9 @@ func TestPackageNuGet(t *testing.T) {
 	}
 
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	token := getUserToken(t, user.Name, auth_model.AccessTokenScopeWritePackage)
+	writeToken := getUserToken(t, user.Name, auth_model.AccessTokenScopeWritePackage)
+	readToken := getUserToken(t, user.Name, auth_model.AccessTokenScopeReadPackage)
+	badToken := getUserToken(t, user.Name, auth_model.AccessTokenScopeReadNotification)
 
 	packageName := "test.package"
 	packageVersion := "1.0.3"
@@ -127,34 +130,44 @@ func TestPackageNuGet(t *testing.T) {
 			privateUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Visibility: structs.VisibleTypePrivate})
 
 			cases := []struct {
-				Owner        string
-				UseBasicAuth bool
-				UseTokenAuth bool
+				Owner          string
+				UseBasicAuth   bool
+				token          string
+				expectedStatus int
 			}{
-				{privateUser.Name, false, false},
-				{privateUser.Name, true, false},
-				{privateUser.Name, false, true},
-				{user.Name, false, false},
-				{user.Name, true, false},
-				{user.Name, false, true},
+				{privateUser.Name, false, "", http.StatusOK},
+				{privateUser.Name, true, "", http.StatusOK},
+				{privateUser.Name, false, writeToken, http.StatusOK},
+				{privateUser.Name, false, readToken, http.StatusOK},
+				{privateUser.Name, false, badToken, http.StatusOK},
+				{user.Name, false, "", http.StatusOK},
+				{user.Name, true, "", http.StatusOK},
+				{user.Name, false, writeToken, http.StatusOK},
+				{user.Name, false, readToken, http.StatusOK},
+				{user.Name, false, badToken, http.StatusOK},
 			}
 
 			for _, c := range cases {
-				url := fmt.Sprintf("/api/packages/%s/nuget", c.Owner)
+				t.Run(c.Owner, func(t *testing.T) {
+					url := fmt.Sprintf("/api/packages/%s/nuget", c.Owner)
 
-				req := NewRequest(t, "GET", url)
-				if c.UseBasicAuth {
-					req.AddBasicAuth(user.Name)
-				} else if c.UseTokenAuth {
-					addNuGetAPIKeyHeader(req, token)
-				}
-				resp := MakeRequest(t, req, http.StatusOK)
+					req := NewRequest(t, "GET", url)
+					if c.UseBasicAuth {
+						req.AddBasicAuth(user.Name)
+					} else if c.token != "" {
+						addNuGetAPIKeyHeader(req, c.token)
+					}
+					resp := MakeRequest(t, req, c.expectedStatus)
+					if c.expectedStatus != http.StatusOK {
+						return
+					}
 
-				var result nuget.ServiceIndexResponseV2
-				decodeXML(t, resp, &result)
+					var result nuget.ServiceIndexResponseV2
+					decodeXML(t, resp, &result)
 
-				assert.Equal(t, setting.AppURL+url[1:], result.Base)
-				assert.Equal(t, "Packages", result.Workspace.Collection.Href)
+					assert.Equal(t, setting.AppURL+url[1:], result.Base)
+					assert.Equal(t, "Packages", result.Workspace.Collection.Href)
+				})
 			}
 		})
 
@@ -164,56 +177,67 @@ func TestPackageNuGet(t *testing.T) {
 			privateUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Visibility: structs.VisibleTypePrivate})
 
 			cases := []struct {
-				Owner        string
-				UseBasicAuth bool
-				UseTokenAuth bool
+				Owner          string
+				UseBasicAuth   bool
+				token          string
+				expectedStatus int
 			}{
-				{privateUser.Name, false, false},
-				{privateUser.Name, true, false},
-				{privateUser.Name, false, true},
-				{user.Name, false, false},
-				{user.Name, true, false},
-				{user.Name, false, true},
+				{privateUser.Name, false, "", http.StatusOK},
+				{privateUser.Name, true, "", http.StatusOK},
+				{privateUser.Name, false, writeToken, http.StatusOK},
+				{privateUser.Name, false, readToken, http.StatusOK},
+				{privateUser.Name, false, badToken, http.StatusOK},
+				{user.Name, false, "", http.StatusOK},
+				{user.Name, true, "", http.StatusOK},
+				{user.Name, false, writeToken, http.StatusOK},
+				{user.Name, false, readToken, http.StatusOK},
+				{user.Name, false, badToken, http.StatusOK},
 			}
 
 			for _, c := range cases {
-				url := fmt.Sprintf("/api/packages/%s/nuget", c.Owner)
+				t.Run(c.Owner, func(t *testing.T) {
+					url := fmt.Sprintf("/api/packages/%s/nuget", c.Owner)
 
-				req := NewRequest(t, "GET", fmt.Sprintf("%s/index.json", url))
-				if c.UseBasicAuth {
-					req.AddBasicAuth(user.Name)
-				} else if c.UseTokenAuth {
-					addNuGetAPIKeyHeader(req, token)
-				}
-				resp := MakeRequest(t, req, http.StatusOK)
-
-				var result nuget.ServiceIndexResponseV3
-				DecodeJSON(t, resp, &result)
-
-				assert.Equal(t, "3.0.0", result.Version)
-				assert.NotEmpty(t, result.Resources)
-
-				root := setting.AppURL + url[1:]
-				for _, r := range result.Resources {
-					switch r.Type {
-					case "SearchQueryService":
-						fallthrough
-					case "SearchQueryService/3.0.0-beta":
-						fallthrough
-					case "SearchQueryService/3.0.0-rc":
-						assert.Equal(t, root+"/query", r.ID)
-					case "RegistrationsBaseUrl":
-						fallthrough
-					case "RegistrationsBaseUrl/3.0.0-beta":
-						fallthrough
-					case "RegistrationsBaseUrl/3.0.0-rc":
-						assert.Equal(t, root+"/registration", r.ID)
-					case "PackageBaseAddress/3.0.0":
-						assert.Equal(t, root+"/package", r.ID)
-					case "PackagePublish/2.0.0":
-						assert.Equal(t, root, r.ID)
+					req := NewRequest(t, "GET", fmt.Sprintf("%s/index.json", url))
+					if c.UseBasicAuth {
+						req.AddBasicAuth(user.Name)
+					} else if c.token != "" {
+						addNuGetAPIKeyHeader(req, c.token)
 					}
-				}
+					resp := MakeRequest(t, req, c.expectedStatus)
+
+					if c.expectedStatus != http.StatusOK {
+						return
+					}
+
+					var result nuget.ServiceIndexResponseV3
+					DecodeJSON(t, resp, &result)
+
+					assert.Equal(t, "3.0.0", result.Version)
+					assert.NotEmpty(t, result.Resources)
+
+					root := setting.AppURL + url[1:]
+					for _, r := range result.Resources {
+						switch r.Type {
+						case "SearchQueryService":
+							fallthrough
+						case "SearchQueryService/3.0.0-beta":
+							fallthrough
+						case "SearchQueryService/3.0.0-rc":
+							assert.Equal(t, root+"/query", r.ID)
+						case "RegistrationsBaseUrl":
+							fallthrough
+						case "RegistrationsBaseUrl/3.0.0-beta":
+							fallthrough
+						case "RegistrationsBaseUrl/3.0.0-rc":
+							assert.Equal(t, root+"/registration", r.ID)
+						case "PackageBaseAddress/3.0.0":
+							assert.Equal(t, root+"/package", r.ID)
+						case "PackagePublish/2.0.0":
+							assert.Equal(t, root, r.ID)
+						}
+					}
+				})
 			}
 		})
 	})
@@ -222,6 +246,7 @@ func TestPackageNuGet(t *testing.T) {
 		t.Run("DependencyPackage", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
+			// create with username/password
 			req := NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusCreated)
@@ -258,6 +283,52 @@ func TestPackageNuGet(t *testing.T) {
 			req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusConflict)
+
+			// delete the package
+			assert.NoError(t, packageService.DeletePackageVersionAndReferences(db.DefaultContext, pvs[0]))
+
+			// create failure with token without write access
+			req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
+				AddTokenAuth(readToken)
+			MakeRequest(t, req, http.StatusUnauthorized)
+
+			// create with token
+			req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
+				AddTokenAuth(writeToken)
+			MakeRequest(t, req, http.StatusCreated)
+
+			pvs, err = packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeNuGet)
+			assert.NoError(t, err)
+			assert.Len(t, pvs, 1, "Should have one version")
+
+			pd, err = packages.GetPackageDescriptor(db.DefaultContext, pvs[0])
+			assert.NoError(t, err)
+			assert.NotNil(t, pd.SemVer)
+			assert.IsType(t, &nuget_module.Metadata{}, pd.Metadata)
+			assert.Equal(t, packageName, pd.Package.Name)
+			assert.Equal(t, packageVersion, pd.Version.Version)
+
+			pfs, err = packages.GetFilesByVersionID(db.DefaultContext, pvs[0].ID)
+			assert.NoError(t, err)
+			assert.Len(t, pfs, 2, "Should have 2 files: nuget and nuspec")
+			for _, pf := range pfs {
+				switch pf.Name {
+				case fmt.Sprintf("%s.%s.nupkg", packageName, packageVersion):
+					assert.True(t, pf.IsLead)
+
+					pb, err := packages.GetBlobByID(db.DefaultContext, pf.BlobID)
+					assert.NoError(t, err)
+					assert.Equal(t, int64(len(content)), pb.Size)
+				case fmt.Sprintf("%s.nuspec", packageName):
+					assert.False(t, pf.IsLead)
+				default:
+					assert.Fail(t, "unexpected filename: %v", pf.Name)
+				}
+			}
+
+			req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
+				AddBasicAuth(user.Name)
+			MakeRequest(t, req, http.StatusConflict)
 		})
 
 		t.Run("SymbolPackage", func(t *testing.T) {

From 19af5344623ba999f418520fad1a3bde77980561 Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Thu, 5 Sep 2024 12:53:30 +0200
Subject: [PATCH 054/129] For consistency make repo search sort options case
 sensitive (#31951)

---
 routers/web/explore/repo.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/routers/web/explore/repo.go b/routers/web/explore/repo.go
index ab487dff5fc..62090e5bf4d 100644
--- a/routers/web/explore/repo.go
+++ b/routers/web/explore/repo.go
@@ -6,7 +6,6 @@ package explore
 import (
 	"fmt"
 	"net/http"
-	"strings"
 
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -58,7 +57,7 @@ func RenderRepoSearch(ctx *context.Context, opts *RepoSearchOptions) {
 		orderBy db.SearchOrderBy
 	)
 
-	sortOrder := strings.ToLower(ctx.FormString("sort"))
+	sortOrder := ctx.FormString("sort")
 	if sortOrder == "" {
 		sortOrder = setting.UI.ExploreDefaultSort
 	}

From bf7ae0429cdf236510aa6702e499878bc2345a6e Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.com>
Date: Thu, 5 Sep 2024 20:39:23 +0200
Subject: [PATCH 055/129] Return 404 instead of error when commit not exist
 (#31977)

Fix #31976
---
 routers/api/v1/repo/commits.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routers/api/v1/repo/commits.go b/routers/api/v1/repo/commits.go
index d33be9d80a8..cec7c3d534c 100644
--- a/routers/api/v1/repo/commits.go
+++ b/routers/api/v1/repo/commits.go
@@ -195,7 +195,7 @@ func GetAllCommits(ctx *context.APIContext) {
 			// get commit specified by sha
 			baseCommit, err = ctx.Repo.GitRepo.GetCommit(sha)
 			if err != nil {
-				ctx.Error(http.StatusInternalServerError, "GetCommit", err)
+				ctx.NotFoundOrServerError("GetCommit", git.IsErrNotExist, err)
 				return
 			}
 		}

From e9c64f41a6895806e578fc6c9746044bdd31c563 Mon Sep 17 00:00:00 2001
From: william-allspice <william@allspice.io>
Date: Fri, 6 Sep 2024 01:40:02 -0500
Subject: [PATCH 056/129] =?UTF-8?q?Distinguish=20official=20vs=20non-offic?=
 =?UTF-8?q?ial=20reviews,=20add=20tool=20tips,=20and=20upgr=E2=80=A6=20(#3?=
 =?UTF-8?q?1924)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This Pull Request is a follow up to
https://github.com/go-gitea/gitea/pull/31886:

1. Adds a UI indicator between official (green) and unofficial (grey)
approved pull requests on the Pull Request page (as suggested by
@kdumontnu )
2. Adds tooltips adding clarity to the type and status of a review on
the Pull Request page (as suggested by @kdumontnu)
3. Updates text adding more clarity to required approvals (as suggested
by @kdumontnu)
4. Updates text on the branch settings page explaining what branch
approval limitations (as suggested by @yp05327)

Official approval:
<img width="376" alt="Screenshot 2024-08-26 at 1 03 52 PM"
src="https://github.com/user-attachments/assets/500f083d-bfc0-45c5-82b7-b98e20495696">

Unofficial approval:
<img width="442" alt="Screenshot 2024-08-26 at 12 53 15 PM"
src="https://github.com/user-attachments/assets/e8c565ff-5886-4ce1-8b79-a0fa26c282f7">

Rejected approval:
<img width="452" alt="Screenshot 2024-08-26 at 12 53 06 PM"
src="https://github.com/user-attachments/assets/aebc0e2f-7052-4dea-8098-7caa0db86617">

Stale approval:
<img width="546" alt="Screenshot 2024-08-26 at 1 07 59 PM"
src="https://github.com/user-attachments/assets/da599ff3-e35c-4fa3-8141-ed80b738dd77">

Requested review tooltip:
<img width="434" alt="Screenshot 2024-08-26 at 12 53 22 PM"
src="https://github.com/user-attachments/assets/460d163e-8724-43b6-8760-34b285da8fe2">

Updated text for approvals:
<img width="991" alt="Screenshot 2024-08-26 at 12 54 00 PM"
src="https://github.com/user-attachments/assets/ab3ff012-9742-4c1b-933d-21addcb89f2c">

Updated text for allowlisted/whitelisted approvals:
<img width="990" alt="Screenshot 2024-08-26 at 1 01 40 PM"
src="https://github.com/user-attachments/assets/1a5bae61-d9e0-4d96-b86f-92610b0940d1">

Protected branch settings text:
<img width="1022" alt="Screenshot 2024-08-26 at 1 01 14 PM"
src="https://github.com/user-attachments/assets/892ce208-e1c2-41f7-8fec-46d5a0e7e776">

Comments list:
<img width="1048" alt="Screenshot 2024-08-28 at 9 25 31 AM"
src="https://github.com/user-attachments/assets/9c5c00c5-06cf-43b3-b413-4f7f673609b2">

---------

Co-authored-by: Kyle D. <kdumontnu@gmail.com>
---
 models/issues/review.go                       | 25 +++++++++++++++++++
 options/locale/locale_en-US.ini               | 11 ++++++--
 routers/web/repo/issue.go                     |  1 +
 .../repo/issue/view_content/comments.tmpl     |  2 +-
 templates/repo/issue/view_content/pull.tmpl   |  6 ++++-
 .../repo/issue/view_content/sidebar.tmpl      |  8 ++++--
 6 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/models/issues/review.go b/models/issues/review.go
index ca6fd6035b1..9a08e265ff3 100644
--- a/models/issues/review.go
+++ b/models/issues/review.go
@@ -214,9 +214,13 @@ func (r *Review) LoadAttributes(ctx context.Context) (err error) {
 	return err
 }
 
+// HTMLTypeColorName returns the color used in the ui indicating the review
 func (r *Review) HTMLTypeColorName() string {
 	switch r.Type {
 	case ReviewTypeApprove:
+		if !r.Official {
+			return "grey"
+		}
 		if r.Stale {
 			return "yellow"
 		}
@@ -231,6 +235,27 @@ func (r *Review) HTMLTypeColorName() string {
 	return "grey"
 }
 
+// TooltipContent returns the locale string describing the review type
+func (r *Review) TooltipContent() string {
+	switch r.Type {
+	case ReviewTypeApprove:
+		if r.Stale {
+			return "repo.issues.review.stale"
+		}
+		if !r.Official {
+			return "repo.issues.review.unofficial"
+		}
+		return "repo.issues.review.official"
+	case ReviewTypeComment:
+		return "repo.issues.review.comment"
+	case ReviewTypeReject:
+		return "repo.issues.review.rejected"
+	case ReviewTypeRequest:
+		return "repo.issues.review.requested"
+	}
+	return ""
+}
+
 // GetReviewByID returns the review by the given ID
 func GetReviewByID(ctx context.Context, id int64) (*Review, error) {
 	review := new(Review)
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 8d51864d3d1..7d8eb1a4753 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1752,6 +1752,12 @@ issues.review.hide_resolved = Hide resolved
 issues.review.resolve_conversation = Resolve conversation
 issues.review.un_resolve_conversation = Unresolve conversation
 issues.review.resolved_by = marked this conversation as resolved
+issues.review.comment = Comment
+issues.review.official = Approved
+issues.review.requested = Review pending
+issues.review.rejected = Changes requested
+issues.review.stale = Updated since approval
+issues.review.unofficial = Uncounted approval
 issues.assignee.error = Not all assignees was added due to an unexpected error.
 issues.reference_issue.body = Body
 issues.content_history.deleted = deleted
@@ -1825,7 +1831,8 @@ pulls.is_empty = "The changes on this branch are already on the target branch. T
 pulls.required_status_check_failed = Some required checks were not successful.
 pulls.required_status_check_missing = Some required checks are missing.
 pulls.required_status_check_administrator = As an administrator, you may still merge this pull request.
-pulls.blocked_by_approvals = "This pull request doesn't have enough approvals yet. %d of %d approvals granted."
+pulls.blocked_by_approvals = "This pull request doesn't have enough required approvals yet. %d of %d official approvals granted."
+pulls.blocked_by_approvals_whitelisted = "This pull request doesn't have enough required approvals yet. %d of %d approvals granted from users or teams on the allowlist."
 pulls.blocked_by_rejection = "This pull request has changes requested by an official reviewer."
 pulls.blocked_by_official_review_requests = "This pull request has official review requests."
 pulls.blocked_by_outdated_branch = "This pull request is blocked because it's outdated."
@@ -2413,7 +2420,7 @@ settings.protect_status_check_matched = Matched
 settings.protect_invalid_status_check_pattern = Invalid status check pattern: "%s".
 settings.protect_no_valid_status_check_patterns = No valid status check patterns.
 settings.protect_required_approvals = Required approvals:
-settings.protect_required_approvals_desc = Allow only to merge pull request with enough positive reviews.
+settings.protect_required_approvals_desc = Allow only to merge pull request with enough required approvals. Required approvals are either from users or teams who are on the allowlist or anyone with write access.
 settings.protect_approvals_whitelist_enabled = Restrict approvals to allowlisted users or teams
 settings.protect_approvals_whitelist_enabled_desc = Only reviews from allowlisted users or teams will count to the required approvals. Without approval allowlist, reviews from anyone with write access count to the required approvals.
 settings.protect_approvals_whitelist_users = Allowlisted reviewers:
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 856e2f7392b..fd6abe04fe6 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -1940,6 +1940,7 @@ func ViewIssue(ctx *context.Context) {
 			ctx.Data["ChangedProtectedFiles"] = pull.ChangedProtectedFiles
 			ctx.Data["IsBlockedByChangedProtectedFiles"] = len(pull.ChangedProtectedFiles) != 0
 			ctx.Data["ChangedProtectedFilesNum"] = len(pull.ChangedProtectedFiles)
+			ctx.Data["RequireApprovalsWhitelist"] = pb.EnableApprovalsWhitelist
 		}
 		ctx.Data["WillSign"] = false
 		if ctx.Doer != nil {
diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl
index 1cf92871110..57abbeb8f79 100644
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@@ -380,7 +380,7 @@
 						{{ctx.AvatarUtils.Avatar .Poster 40}}
 					</a>
 					{{end}}
-					<span class="badge{{if eq $reviewType 1}} tw-bg-green tw-text-white{{else if eq $reviewType 3}} tw-bg-red tw-text-white{{end}}">
+					<span class="badge tw-text-white{{if eq $reviewType 1}}{{if .Review.Official}} tw-bg-green {{else}} tw-bg-grey{{end}}{{else if eq $reviewType 3}} tw-bg-red{{end}}">
 						{{if .Review}}{{svg (printf "octicon-%s" .Review.Type.Icon)}}{{end}}
 					</span>
 					<span class="text grey muted-links">
diff --git a/templates/repo/issue/view_content/pull.tmpl b/templates/repo/issue/view_content/pull.tmpl
index 69e74da3a09..1ce658ed00f 100644
--- a/templates/repo/issue/view_content/pull.tmpl
+++ b/templates/repo/issue/view_content/pull.tmpl
@@ -109,7 +109,11 @@
 				{{if .IsBlockedByApprovals}}
 					<div class="item">
 						{{svg "octicon-x"}}
-						{{ctx.Locale.Tr "repo.pulls.blocked_by_approvals" .GrantedApprovals .ProtectedBranch.RequiredApprovals}}
+						{{if .RequireApprovalsWhitelist}}
+							{{ctx.Locale.Tr "repo.pulls.blocked_by_approvals_whitelisted" .GrantedApprovals .ProtectedBranch.RequiredApprovals}}
+						{{else}}
+							{{ctx.Locale.Tr "repo.pulls.blocked_by_approvals" .GrantedApprovals .ProtectedBranch.RequiredApprovals}}
+						{{end}}
 					</div>
 				{{else if .IsBlockedByRejection}}
 					<div class="item">
diff --git a/templates/repo/issue/view_content/sidebar.tmpl b/templates/repo/issue/view_content/sidebar.tmpl
index ce34c5e9392..49c40be5a94 100644
--- a/templates/repo/issue/view_content/sidebar.tmpl
+++ b/templates/repo/issue/view_content/sidebar.tmpl
@@ -94,7 +94,9 @@
 							{{if and .CanChange (or .Checked (and (not $.Issue.IsClosed) (not $.Issue.PullRequest.HasMerged)))}}
 								<a href="#" class="ui muted icon re-request-review{{if .Checked}} checked{{end}}" data-tooltip-content="{{if .Checked}}{{ctx.Locale.Tr "repo.issues.remove_request_review"}}{{else}}{{ctx.Locale.Tr "repo.issues.re_request_review"}}{{end}}" data-issue-id="{{$.Issue.ID}}" data-id="{{.ItemID}}" data-update-url="{{$.RepoLink}}/issues/request_review">{{svg (Iif .Checked "octicon-trash" "octicon-sync")}}</a>
 							{{end}}
-							{{svg (printf "octicon-%s" .Review.Type.Icon) 16 (printf "text %s" (.Review.HTMLTypeColorName))}}
+							<span {{if .Review.TooltipContent}}data-tooltip-content="{{ctx.Locale.Tr .Review.TooltipContent}}"{{end}}>
+								{{svg (printf "octicon-%s" .Review.Type.Icon) 16 (printf "text %s" (.Review.HTMLTypeColorName))}}
+							</span>
 						</div>
 					</div>
 				{{end}}
@@ -107,7 +109,9 @@
 							</a>
 						</div>
 						<div class="tw-flex tw-items-center tw-gap-2">
-							{{svg (printf "octicon-%s" .Type.Icon) 16 (printf "text %s" (.HTMLTypeColorName))}}
+							<span {{if .Review.TooltipContent}}data-tooltip-content="{{ctx.Locale.Tr .Review.TooltipContent}}"{{end}}>
+								{{svg (printf "octicon-%s" .Type.Icon) 16 (printf "text %s" (.HTMLTypeColorName))}}
+							</span>
 						</div>
 					</div>
 				{{end}}

From a5818470fe62677d8859b590b2d80b98fe23d098 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Fri, 6 Sep 2024 15:20:30 +0800
Subject: [PATCH 057/129] Use forum.gitea.com instead of old URL (#31989)

---
 .github/ISSUE_TEMPLATE/bug-report.yaml      | 2 +-
 .github/ISSUE_TEMPLATE/config.yml           | 2 +-
 .github/ISSUE_TEMPLATE/feature-request.yaml | 2 +-
 .github/ISSUE_TEMPLATE/ui.bug-report.yaml   | 2 +-
 modules/activitypub/user_settings_test.go   | 2 +-
 templates/install.tmpl                      | 4 ++--
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug-report.yaml b/.github/ISSUE_TEMPLATE/bug-report.yaml
index ed29bdb4e63..4dbe1a4c56d 100644
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -11,7 +11,7 @@ body:
       value: |
         1. Please speak English, this is the language all maintainers can speak and write.
         2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
         3. Make sure you are using the latest release and
            take a moment to check that your issue hasn't been reported before.
         4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index e769873f470..d37ce219c39 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -7,7 +7,7 @@ contact_links:
     url: https://discord.gg/Gitea
     about: Please ask questions and discuss configuration or deployment problems here.
   - name: Discourse Forum
-    url: https://discourse.gitea.io
+    url: https://forum.gitea.com
     about: Questions and configuration or deployment problems can also be discussed on our forum.
   - name: Frequently Asked Questions
     url: https://docs.gitea.com/help/faq
diff --git a/.github/ISSUE_TEMPLATE/feature-request.yaml b/.github/ISSUE_TEMPLATE/feature-request.yaml
index 3c9953019dd..d5c480d2023 100644
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@@ -7,7 +7,7 @@ body:
       value: |
         1. Please speak English, this is the language all maintainers can speak and write.
         2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
         3. Please take a moment to check that your feature hasn't already been suggested.
   - type: textarea
     id: description
diff --git a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
index 15608796742..3ad5dbaf54e 100644
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@@ -11,7 +11,7 @@ body:
       value: |
         1. Please speak English, this is the language all maintainers can speak and write.
         2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
         3. Please take a moment to check that your issue doesn't already exist.
         4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
         5. Please give all relevant information below for bug reports, because
diff --git a/modules/activitypub/user_settings_test.go b/modules/activitypub/user_settings_test.go
index 2d77906521b..55862357f16 100644
--- a/modules/activitypub/user_settings_test.go
+++ b/modules/activitypub/user_settings_test.go
@@ -10,7 +10,7 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 
-	_ "code.gitea.io/gitea/models" // https://discourse.gitea.io/t/testfixtures-could-not-clean-table-access-no-such-table-access/4137/4
+	_ "code.gitea.io/gitea/models" // https://forum.gitea.com/t/testfixtures-could-not-clean-table-access-no-such-table-access/4137/4
 
 	"github.com/stretchr/testify/assert"
 )
diff --git a/templates/install.tmpl b/templates/install.tmpl
index 965e57f2137..5055031a902 100644
--- a/templates/install.tmpl
+++ b/templates/install.tmpl
@@ -124,7 +124,7 @@
 					</div>
 					<div class="inline required field">
 						<label for="domain">{{ctx.Locale.Tr "install.domain"}}</label>
-						<input id="domain" name="domain" value="{{.domain}}" placeholder="try.gitea.io" required>
+						<input id="domain" name="domain" value="{{.domain}}" placeholder="demo.gitea.com" required>
 						<span class="help">{{ctx.Locale.Tr "install.domain_helper"}}</span>
 					</div>
 					<div class="inline field">
@@ -139,7 +139,7 @@
 					</div>
 					<div class="inline required field">
 						<label for="app_url">{{ctx.Locale.Tr "install.app_url"}}</label>
-						<input id="app_url" name="app_url" value="{{.app_url}}" placeholder="https://try.gitea.io" required>
+						<input id="app_url" name="app_url" value="{{.app_url}}" placeholder="https://demo.gitea.com" required>
 						<span class="help">{{ctx.Locale.Tr "install.app_url_helper"}}</span>
 					</div>
 					<div class="inline required field">

From 2da2000413e0fd4739872e067a462a14f1dc6f8e Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Fri, 6 Sep 2024 18:12:41 +0800
Subject: [PATCH 058/129] Use global lock instead of NewExclusivePool to allow
 distributed lock between multiple Gitea instances (#31813)

Replace #26486
Fix #19620

---------

Co-authored-by: Jason Song <i@wolfogre.com>
---
 assets/go-licenses.json             | 15 +++++++
 custom/conf/app.example.ini         |  6 +++
 modules/globallock/globallock.go    | 12 ++++-
 modules/setting/gloabl_lock.go      | 37 ++++++++++++++++
 modules/setting/global_lock_test.go | 35 +++++++++++++++
 modules/setting/setting.go          |  1 +
 modules/sync/exclusive_pool.go      | 69 -----------------------------
 services/pull/check.go              | 13 ++++--
 services/pull/merge.go              | 25 ++++++++---
 services/pull/pull.go               | 15 ++++---
 services/pull/update.go             |  9 +++-
 services/repository/transfer.go     | 32 ++++++++-----
 services/wiki/wiki.go               | 23 ++++++----
 13 files changed, 185 insertions(+), 107 deletions(-)
 create mode 100644 modules/setting/gloabl_lock.go
 create mode 100644 modules/setting/global_lock_test.go
 delete mode 100644 modules/sync/exclusive_pool.go

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 1b6c2d9e786..ccce3e33142 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -489,6 +489,11 @@
     "path": "github.com/go-ldap/ldap/v3/LICENSE",
     "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2011-2015 Michael Mitton (mmitton@gmail.com)\nPortions copyright (c) 2015-2016 go-ldap Authors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
   },
+  {
+    "name": "github.com/go-redsync/redsync/v4",
+    "path": "github.com/go-redsync/redsync/v4/LICENSE",
+    "licenseText": "Copyright (c) 2023, Mahmud Ridwan\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n* Redistributions of source code must retain the above copyright notice, this\n  list of conditions and the following disclaimer.\n\n* Redistributions in binary form must reproduce the above copyright notice,\n  this list of conditions and the following disclaimer in the documentation\n  and/or other materials provided with the distribution.\n\n* Neither the name of the Redsync nor the names of its\n  contributors may be used to endorse or promote products derived from\n  this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+  },
   {
     "name": "github.com/go-sql-driver/mysql",
     "path": "github.com/go-sql-driver/mysql/LICENSE",
@@ -624,11 +629,21 @@
     "path": "github.com/gorilla/sessions/LICENSE",
     "licenseText": "Copyright (c) 2023 The Gorilla Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n\t * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n\t * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n\t * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
+  {
+    "name": "github.com/hashicorp/errwrap",
+    "path": "github.com/hashicorp/errwrap/LICENSE",
+    "licenseText": "Mozilla Public License, version 2.0\n\n1. Definitions\n\n1.1. “Contributor”\n\n     means each individual or legal entity that creates, contributes to the\n     creation of, or owns Covered Software.\n\n1.2. “Contributor Version”\n\n     means the combination of the Contributions of others (if any) used by a\n     Contributor and that particular Contributor’s Contribution.\n\n1.3. “Contribution”\n\n     means Covered Software of a particular Contributor.\n\n1.4. “Covered Software”\n\n     means Source Code Form to which the initial Contributor has attached the\n     notice in Exhibit A, the Executable Form of such Source Code Form, and\n     Modifications of such Source Code Form, in each case including portions\n     thereof.\n\n1.5. “Incompatible With Secondary Licenses”\n     means\n\n     a. that the initial Contributor has attached the notice described in\n        Exhibit B to the Covered Software; or\n\n     b. that the Covered Software was made available under the terms of version\n        1.1 or earlier of the License, but not also under the terms of a\n        Secondary License.\n\n1.6. “Executable Form”\n\n     means any form of the work other than Source Code Form.\n\n1.7. “Larger Work”\n\n     means a work that combines Covered Software with other material, in a separate\n     file or files, that is not Covered Software.\n\n1.8. “License”\n\n     means this document.\n\n1.9. “Licensable”\n\n     means having the right to grant, to the maximum extent possible, whether at the\n     time of the initial grant or subsequently, any and all of the rights conveyed by\n     this License.\n\n1.10. “Modifications”\n\n     means any of the following:\n\n     a. any file in Source Code Form that results from an addition to, deletion\n        from, or modification of the contents of Covered Software; or\n\n     b. any new file in Source Code Form that contains any Covered Software.\n\n1.11. “Patent Claims” of a Contributor\n\n      means any patent claim(s), including without limitation, method, process,\n      and apparatus claims, in any patent Licensable by such Contributor that\n      would be infringed, but for the grant of the License, by the making,\n      using, selling, offering for sale, having made, import, or transfer of\n      either its Contributions or its Contributor Version.\n\n1.12. “Secondary License”\n\n      means either the GNU General Public License, Version 2.0, the GNU Lesser\n      General Public License, Version 2.1, the GNU Affero General Public\n      License, Version 3.0, or any later versions of those licenses.\n\n1.13. “Source Code Form”\n\n      means the form of the work preferred for making modifications.\n\n1.14. “You” (or “Your”)\n\n      means an individual or a legal entity exercising rights under this\n      License. For legal entities, “You” includes any entity that controls, is\n      controlled by, or is under common control with You. For purposes of this\n      definition, “control” means (a) the power, direct or indirect, to cause\n      the direction or management of such entity, whether by contract or\n      otherwise, or (b) ownership of more than fifty percent (50%) of the\n      outstanding shares or beneficial ownership of such entity.\n\n\n2. License Grants and Conditions\n\n2.1. Grants\n\n     Each Contributor hereby grants You a world-wide, royalty-free,\n     non-exclusive license:\n\n     a. under intellectual property rights (other than patent or trademark)\n        Licensable by such Contributor to use, reproduce, make available,\n        modify, display, perform, distribute, and otherwise exploit its\n        Contributions, either on an unmodified basis, with Modifications, or as\n        part of a Larger Work; and\n\n     b. under Patent Claims of such Contributor to make, use, sell, offer for\n        sale, have made, import, and otherwise transfer either its Contributions\n        or its Contributor Version.\n\n2.2. Effective Date\n\n     The licenses granted in Section 2.1 with respect to any Contribution become\n     effective for each Contribution on the date the Contributor first distributes\n     such Contribution.\n\n2.3. Limitations on Grant Scope\n\n     The licenses granted in this Section 2 are the only rights granted under this\n     License. No additional rights or licenses will be implied from the distribution\n     or licensing of Covered Software under this License. Notwithstanding Section\n     2.1(b) above, no patent license is granted by a Contributor:\n\n     a. for any code that a Contributor has removed from Covered Software; or\n\n     b. for infringements caused by: (i) Your and any other third party’s\n        modifications of Covered Software, or (ii) the combination of its\n        Contributions with other software (except as part of its Contributor\n        Version); or\n\n     c. under Patent Claims infringed by Covered Software in the absence of its\n        Contributions.\n\n     This License does not grant any rights in the trademarks, service marks, or\n     logos of any Contributor (except as may be necessary to comply with the\n     notice requirements in Section 3.4).\n\n2.4. Subsequent Licenses\n\n     No Contributor makes additional grants as a result of Your choice to\n     distribute the Covered Software under a subsequent version of this License\n     (see Section 10.2) or under the terms of a Secondary License (if permitted\n     under the terms of Section 3.3).\n\n2.5. Representation\n\n     Each Contributor represents that the Contributor believes its Contributions\n     are its original creation(s) or it has sufficient rights to grant the\n     rights to its Contributions conveyed by this License.\n\n2.6. Fair Use\n\n     This License is not intended to limit any rights You have under applicable\n     copyright doctrines of fair use, fair dealing, or other equivalents.\n\n2.7. Conditions\n\n     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in\n     Section 2.1.\n\n\n3. Responsibilities\n\n3.1. Distribution of Source Form\n\n     All distribution of Covered Software in Source Code Form, including any\n     Modifications that You create or to which You contribute, must be under the\n     terms of this License. You must inform recipients that the Source Code Form\n     of the Covered Software is governed by the terms of this License, and how\n     they can obtain a copy of this License. You may not attempt to alter or\n     restrict the recipients’ rights in the Source Code Form.\n\n3.2. Distribution of Executable Form\n\n     If You distribute Covered Software in Executable Form then:\n\n     a. such Covered Software must also be made available in Source Code Form,\n        as described in Section 3.1, and You must inform recipients of the\n        Executable Form how they can obtain a copy of such Source Code Form by\n        reasonable means in a timely manner, at a charge no more than the cost\n        of distribution to the recipient; and\n\n     b. You may distribute such Executable Form under the terms of this License,\n        or sublicense it under different terms, provided that the license for\n        the Executable Form does not attempt to limit or alter the recipients’\n        rights in the Source Code Form under this License.\n\n3.3. Distribution of a Larger Work\n\n     You may create and distribute a Larger Work under terms of Your choice,\n     provided that You also comply with the requirements of this License for the\n     Covered Software. If the Larger Work is a combination of Covered Software\n     with a work governed by one or more Secondary Licenses, and the Covered\n     Software is not Incompatible With Secondary Licenses, this License permits\n     You to additionally distribute such Covered Software under the terms of\n     such Secondary License(s), so that the recipient of the Larger Work may, at\n     their option, further distribute the Covered Software under the terms of\n     either this License or such Secondary License(s).\n\n3.4. Notices\n\n     You may not remove or alter the substance of any license notices (including\n     copyright notices, patent notices, disclaimers of warranty, or limitations\n     of liability) contained within the Source Code Form of the Covered\n     Software, except that You may alter any license notices to the extent\n     required to remedy known factual inaccuracies.\n\n3.5. Application of Additional Terms\n\n     You may choose to offer, and to charge a fee for, warranty, support,\n     indemnity or liability obligations to one or more recipients of Covered\n     Software. However, You may do so only on Your own behalf, and not on behalf\n     of any Contributor. You must make it absolutely clear that any such\n     warranty, support, indemnity, or liability obligation is offered by You\n     alone, and You hereby agree to indemnify every Contributor for any\n     liability incurred by such Contributor as a result of warranty, support,\n     indemnity or liability terms You offer. You may include additional\n     disclaimers of warranty and limitations of liability specific to any\n     jurisdiction.\n\n4. Inability to Comply Due to Statute or Regulation\n\n   If it is impossible for You to comply with any of the terms of this License\n   with respect to some or all of the Covered Software due to statute, judicial\n   order, or regulation then You must: (a) comply with the terms of this License\n   to the maximum extent possible; and (b) describe the limitations and the code\n   they affect. Such description must be placed in a text file included with all\n   distributions of the Covered Software under this License. Except to the\n   extent prohibited by statute or regulation, such description must be\n   sufficiently detailed for a recipient of ordinary skill to be able to\n   understand it.\n\n5. Termination\n\n5.1. The rights granted under this License will terminate automatically if You\n     fail to comply with any of its terms. However, if You become compliant,\n     then the rights granted under this License from a particular Contributor\n     are reinstated (a) provisionally, unless and until such Contributor\n     explicitly and finally terminates Your grants, and (b) on an ongoing basis,\n     if such Contributor fails to notify You of the non-compliance by some\n     reasonable means prior to 60 days after You have come back into compliance.\n     Moreover, Your grants from a particular Contributor are reinstated on an\n     ongoing basis if such Contributor notifies You of the non-compliance by\n     some reasonable means, this is the first time You have received notice of\n     non-compliance with this License from such Contributor, and You become\n     compliant prior to 30 days after Your receipt of the notice.\n\n5.2. If You initiate litigation against any entity by asserting a patent\n     infringement claim (excluding declaratory judgment actions, counter-claims,\n     and cross-claims) alleging that a Contributor Version directly or\n     indirectly infringes any patent, then the rights granted to You by any and\n     all Contributors for the Covered Software under Section 2.1 of this License\n     shall terminate.\n\n5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user\n     license agreements (excluding distributors and resellers) which have been\n     validly granted by You or Your distributors under this License prior to\n     termination shall survive termination.\n\n6. Disclaimer of Warranty\n\n   Covered Software is provided under this License on an “as is” basis, without\n   warranty of any kind, either expressed, implied, or statutory, including,\n   without limitation, warranties that the Covered Software is free of defects,\n   merchantable, fit for a particular purpose or non-infringing. The entire\n   risk as to the quality and performance of the Covered Software is with You.\n   Should any Covered Software prove defective in any respect, You (not any\n   Contributor) assume the cost of any necessary servicing, repair, or\n   correction. This disclaimer of warranty constitutes an essential part of this\n   License. No use of  any Covered Software is authorized under this License\n   except under this disclaimer.\n\n7. Limitation of Liability\n\n   Under no circumstances and under no legal theory, whether tort (including\n   negligence), contract, or otherwise, shall any Contributor, or anyone who\n   distributes Covered Software as permitted above, be liable to You for any\n   direct, indirect, special, incidental, or consequential damages of any\n   character including, without limitation, damages for lost profits, loss of\n   goodwill, work stoppage, computer failure or malfunction, or any and all\n   other commercial damages or losses, even if such party shall have been\n   informed of the possibility of such damages. This limitation of liability\n   shall not apply to liability for death or personal injury resulting from such\n   party’s negligence to the extent applicable law prohibits such limitation.\n   Some jurisdictions do not allow the exclusion or limitation of incidental or\n   consequential damages, so this exclusion and limitation may not apply to You.\n\n8. Litigation\n\n   Any litigation relating to this License may be brought only in the courts of\n   a jurisdiction where the defendant maintains its principal place of business\n   and such litigation shall be governed by laws of that jurisdiction, without\n   reference to its conflict-of-law provisions. Nothing in this Section shall\n   prevent a party’s ability to bring cross-claims or counter-claims.\n\n9. Miscellaneous\n\n   This License represents the complete agreement concerning the subject matter\n   hereof. If any provision of this License is held to be unenforceable, such\n   provision shall be reformed only to the extent necessary to make it\n   enforceable. Any law or regulation which provides that the language of a\n   contract shall be construed against the drafter shall not be used to construe\n   this License against a Contributor.\n\n\n10. Versions of the License\n\n10.1. New Versions\n\n      Mozilla Foundation is the license steward. Except as provided in Section\n      10.3, no one other than the license steward has the right to modify or\n      publish new versions of this License. Each version will be given a\n      distinguishing version number.\n\n10.2. Effect of New Versions\n\n      You may distribute the Covered Software under the terms of the version of\n      the License under which You originally received the Covered Software, or\n      under the terms of any subsequent version published by the license\n      steward.\n\n10.3. Modified Versions\n\n      If you create software not governed by this License, and you want to\n      create a new license for such software, you may create and use a modified\n      version of this License if you rename the license and remove any\n      references to the name of the license steward (except to note that such\n      modified license differs from this License).\n\n10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses\n      If You choose to distribute Source Code Form that is Incompatible With\n      Secondary Licenses under the terms of this version of the License, the\n      notice described in Exhibit B of this License must be attached.\n\nExhibit A - Source Code Form License Notice\n\n      This Source Code Form is subject to the\n      terms of the Mozilla Public License, v.\n      2.0. If a copy of the MPL was not\n      distributed with this file, You can\n      obtain one at\n      http://mozilla.org/MPL/2.0/.\n\nIf it is not possible or desirable to put the notice in a particular file, then\nYou may include the notice in a location (such as a LICENSE file in a relevant\ndirectory) where a recipient would be likely to look for such a notice.\n\nYou may add additional accurate notices of copyright ownership.\n\nExhibit B - “Incompatible With Secondary Licenses” Notice\n\n      This Source Code Form is “Incompatible\n      With Secondary Licenses”, as defined by\n      the Mozilla Public License, v. 2.0.\n\n"
+  },
   {
     "name": "github.com/hashicorp/go-cleanhttp",
     "path": "github.com/hashicorp/go-cleanhttp/LICENSE",
     "licenseText": "Mozilla Public License, version 2.0\n\n1. Definitions\n\n1.1. \"Contributor\"\n\n     means each individual or legal entity that creates, contributes to the\n     creation of, or owns Covered Software.\n\n1.2. \"Contributor Version\"\n\n     means the combination of the Contributions of others (if any) used by a\n     Contributor and that particular Contributor's Contribution.\n\n1.3. \"Contribution\"\n\n     means Covered Software of a particular Contributor.\n\n1.4. \"Covered Software\"\n\n     means Source Code Form to which the initial Contributor has attached the\n     notice in Exhibit A, the Executable Form of such Source Code Form, and\n     Modifications of such Source Code Form, in each case including portions\n     thereof.\n\n1.5. \"Incompatible With Secondary Licenses\"\n     means\n\n     a. that the initial Contributor has attached the notice described in\n        Exhibit B to the Covered Software; or\n\n     b. that the Covered Software was made available under the terms of\n        version 1.1 or earlier of the License, but not also under the terms of\n        a Secondary License.\n\n1.6. \"Executable Form\"\n\n     means any form of the work other than Source Code Form.\n\n1.7. \"Larger Work\"\n\n     means a work that combines Covered Software with other material, in a\n     separate file or files, that is not Covered Software.\n\n1.8. \"License\"\n\n     means this document.\n\n1.9. \"Licensable\"\n\n     means having the right to grant, to the maximum extent possible, whether\n     at the time of the initial grant or subsequently, any and all of the\n     rights conveyed by this License.\n\n1.10. \"Modifications\"\n\n     means any of the following:\n\n     a. any file in Source Code Form that results from an addition to,\n        deletion from, or modification of the contents of Covered Software; or\n\n     b. any new file in Source Code Form that contains any Covered Software.\n\n1.11. \"Patent Claims\" of a Contributor\n\n      means any patent claim(s), including without limitation, method,\n      process, and apparatus claims, in any patent Licensable by such\n      Contributor that would be infringed, but for the grant of the License,\n      by the making, using, selling, offering for sale, having made, import,\n      or transfer of either its Contributions or its Contributor Version.\n\n1.12. \"Secondary License\"\n\n      means either the GNU General Public License, Version 2.0, the GNU Lesser\n      General Public License, Version 2.1, the GNU Affero General Public\n      License, Version 3.0, or any later versions of those licenses.\n\n1.13. \"Source Code Form\"\n\n      means the form of the work preferred for making modifications.\n\n1.14. \"You\" (or \"Your\")\n\n      means an individual or a legal entity exercising rights under this\n      License. For legal entities, \"You\" includes any entity that controls, is\n      controlled by, or is under common control with You. For purposes of this\n      definition, \"control\" means (a) the power, direct or indirect, to cause\n      the direction or management of such entity, whether by contract or\n      otherwise, or (b) ownership of more than fifty percent (50%) of the\n      outstanding shares or beneficial ownership of such entity.\n\n\n2. License Grants and Conditions\n\n2.1. Grants\n\n     Each Contributor hereby grants You a world-wide, royalty-free,\n     non-exclusive license:\n\n     a. under intellectual property rights (other than patent or trademark)\n        Licensable by such Contributor to use, reproduce, make available,\n        modify, display, perform, distribute, and otherwise exploit its\n        Contributions, either on an unmodified basis, with Modifications, or\n        as part of a Larger Work; and\n\n     b. under Patent Claims of such Contributor to make, use, sell, offer for\n        sale, have made, import, and otherwise transfer either its\n        Contributions or its Contributor Version.\n\n2.2. Effective Date\n\n     The licenses granted in Section 2.1 with respect to any Contribution\n     become effective for each Contribution on the date the Contributor first\n     distributes such Contribution.\n\n2.3. Limitations on Grant Scope\n\n     The licenses granted in this Section 2 are the only rights granted under\n     this License. No additional rights or licenses will be implied from the\n     distribution or licensing of Covered Software under this License.\n     Notwithstanding Section 2.1(b) above, no patent license is granted by a\n     Contributor:\n\n     a. for any code that a Contributor has removed from Covered Software; or\n\n     b. for infringements caused by: (i) Your and any other third party's\n        modifications of Covered Software, or (ii) the combination of its\n        Contributions with other software (except as part of its Contributor\n        Version); or\n\n     c. under Patent Claims infringed by Covered Software in the absence of\n        its Contributions.\n\n     This License does not grant any rights in the trademarks, service marks,\n     or logos of any Contributor (except as may be necessary to comply with\n     the notice requirements in Section 3.4).\n\n2.4. Subsequent Licenses\n\n     No Contributor makes additional grants as a result of Your choice to\n     distribute the Covered Software under a subsequent version of this\n     License (see Section 10.2) or under the terms of a Secondary License (if\n     permitted under the terms of Section 3.3).\n\n2.5. Representation\n\n     Each Contributor represents that the Contributor believes its\n     Contributions are its original creation(s) or it has sufficient rights to\n     grant the rights to its Contributions conveyed by this License.\n\n2.6. Fair Use\n\n     This License is not intended to limit any rights You have under\n     applicable copyright doctrines of fair use, fair dealing, or other\n     equivalents.\n\n2.7. Conditions\n\n     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in\n     Section 2.1.\n\n\n3. Responsibilities\n\n3.1. Distribution of Source Form\n\n     All distribution of Covered Software in Source Code Form, including any\n     Modifications that You create or to which You contribute, must be under\n     the terms of this License. You must inform recipients that the Source\n     Code Form of the Covered Software is governed by the terms of this\n     License, and how they can obtain a copy of this License. You may not\n     attempt to alter or restrict the recipients' rights in the Source Code\n     Form.\n\n3.2. Distribution of Executable Form\n\n     If You distribute Covered Software in Executable Form then:\n\n     a. such Covered Software must also be made available in Source Code Form,\n        as described in Section 3.1, and You must inform recipients of the\n        Executable Form how they can obtain a copy of such Source Code Form by\n        reasonable means in a timely manner, at a charge no more than the cost\n        of distribution to the recipient; and\n\n     b. You may distribute such Executable Form under the terms of this\n        License, or sublicense it under different terms, provided that the\n        license for the Executable Form does not attempt to limit or alter the\n        recipients' rights in the Source Code Form under this License.\n\n3.3. Distribution of a Larger Work\n\n     You may create and distribute a Larger Work under terms of Your choice,\n     provided that You also comply with the requirements of this License for\n     the Covered Software. If the Larger Work is a combination of Covered\n     Software with a work governed by one or more Secondary Licenses, and the\n     Covered Software is not Incompatible With Secondary Licenses, this\n     License permits You to additionally distribute such Covered Software\n     under the terms of such Secondary License(s), so that the recipient of\n     the Larger Work may, at their option, further distribute the Covered\n     Software under the terms of either this License or such Secondary\n     License(s).\n\n3.4. Notices\n\n     You may not remove or alter the substance of any license notices\n     (including copyright notices, patent notices, disclaimers of warranty, or\n     limitations of liability) contained within the Source Code Form of the\n     Covered Software, except that You may alter any license notices to the\n     extent required to remedy known factual inaccuracies.\n\n3.5. Application of Additional Terms\n\n     You may choose to offer, and to charge a fee for, warranty, support,\n     indemnity or liability obligations to one or more recipients of Covered\n     Software. However, You may do so only on Your own behalf, and not on\n     behalf of any Contributor. You must make it absolutely clear that any\n     such warranty, support, indemnity, or liability obligation is offered by\n     You alone, and You hereby agree to indemnify every Contributor for any\n     liability incurred by such Contributor as a result of warranty, support,\n     indemnity or liability terms You offer. You may include additional\n     disclaimers of warranty and limitations of liability specific to any\n     jurisdiction.\n\n4. Inability to Comply Due to Statute or Regulation\n\n   If it is impossible for You to comply with any of the terms of this License\n   with respect to some or all of the Covered Software due to statute,\n   judicial order, or regulation then You must: (a) comply with the terms of\n   this License to the maximum extent possible; and (b) describe the\n   limitations and the code they affect. Such description must be placed in a\n   text file included with all distributions of the Covered Software under\n   this License. Except to the extent prohibited by statute or regulation,\n   such description must be sufficiently detailed for a recipient of ordinary\n   skill to be able to understand it.\n\n5. Termination\n\n5.1. The rights granted under this License will terminate automatically if You\n     fail to comply with any of its terms. However, if You become compliant,\n     then the rights granted under this License from a particular Contributor\n     are reinstated (a) provisionally, unless and until such Contributor\n     explicitly and finally terminates Your grants, and (b) on an ongoing\n     basis, if such Contributor fails to notify You of the non-compliance by\n     some reasonable means prior to 60 days after You have come back into\n     compliance. Moreover, Your grants from a particular Contributor are\n     reinstated on an ongoing basis if such Contributor notifies You of the\n     non-compliance by some reasonable means, this is the first time You have\n     received notice of non-compliance with this License from such\n     Contributor, and You become compliant prior to 30 days after Your receipt\n     of the notice.\n\n5.2. If You initiate litigation against any entity by asserting a patent\n     infringement claim (excluding declaratory judgment actions,\n     counter-claims, and cross-claims) alleging that a Contributor Version\n     directly or indirectly infringes any patent, then the rights granted to\n     You by any and all Contributors for the Covered Software under Section\n     2.1 of this License shall terminate.\n\n5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user\n     license agreements (excluding distributors and resellers) which have been\n     validly granted by You or Your distributors under this License prior to\n     termination shall survive termination.\n\n6. Disclaimer of Warranty\n\n   Covered Software is provided under this License on an \"as is\" basis,\n   without warranty of any kind, either expressed, implied, or statutory,\n   including, without limitation, warranties that the Covered Software is free\n   of defects, merchantable, fit for a particular purpose or non-infringing.\n   The entire risk as to the quality and performance of the Covered Software\n   is with You. Should any Covered Software prove defective in any respect,\n   You (not any Contributor) assume the cost of any necessary servicing,\n   repair, or correction. This disclaimer of warranty constitutes an essential\n   part of this License. No use of  any Covered Software is authorized under\n   this License except under this disclaimer.\n\n7. Limitation of Liability\n\n   Under no circumstances and under no legal theory, whether tort (including\n   negligence), contract, or otherwise, shall any Contributor, or anyone who\n   distributes Covered Software as permitted above, be liable to You for any\n   direct, indirect, special, incidental, or consequential damages of any\n   character including, without limitation, damages for lost profits, loss of\n   goodwill, work stoppage, computer failure or malfunction, or any and all\n   other commercial damages or losses, even if such party shall have been\n   informed of the possibility of such damages. This limitation of liability\n   shall not apply to liability for death or personal injury resulting from\n   such party's negligence to the extent applicable law prohibits such\n   limitation. Some jurisdictions do not allow the exclusion or limitation of\n   incidental or consequential damages, so this exclusion and limitation may\n   not apply to You.\n\n8. Litigation\n\n   Any litigation relating to this License may be brought only in the courts\n   of a jurisdiction where the defendant maintains its principal place of\n   business and such litigation shall be governed by laws of that\n   jurisdiction, without reference to its conflict-of-law provisions. Nothing\n   in this Section shall prevent a party's ability to bring cross-claims or\n   counter-claims.\n\n9. Miscellaneous\n\n   This License represents the complete agreement concerning the subject\n   matter hereof. If any provision of this License is held to be\n   unenforceable, such provision shall be reformed only to the extent\n   necessary to make it enforceable. Any law or regulation which provides that\n   the language of a contract shall be construed against the drafter shall not\n   be used to construe this License against a Contributor.\n\n\n10. Versions of the License\n\n10.1. New Versions\n\n      Mozilla Foundation is the license steward. Except as provided in Section\n      10.3, no one other than the license steward has the right to modify or\n      publish new versions of this License. Each version will be given a\n      distinguishing version number.\n\n10.2. Effect of New Versions\n\n      You may distribute the Covered Software under the terms of the version\n      of the License under which You originally received the Covered Software,\n      or under the terms of any subsequent version published by the license\n      steward.\n\n10.3. Modified Versions\n\n      If you create software not governed by this License, and you want to\n      create a new license for such software, you may create and use a\n      modified version of this License if you rename the license and remove\n      any references to the name of the license steward (except to note that\n      such modified license differs from this License).\n\n10.4. Distributing Source Code Form that is Incompatible With Secondary\n      Licenses If You choose to distribute Source Code Form that is\n      Incompatible With Secondary Licenses under the terms of this version of\n      the License, the notice described in Exhibit B of this License must be\n      attached.\n\nExhibit A - Source Code Form License Notice\n\n      This Source Code Form is subject to the\n      terms of the Mozilla Public License, v.\n      2.0. If a copy of the MPL was not\n      distributed with this file, You can\n      obtain one at\n      http://mozilla.org/MPL/2.0/.\n\nIf it is not possible or desirable to put the notice in a particular file,\nthen You may include the notice in a location (such as a LICENSE file in a\nrelevant directory) where a recipient would be likely to look for such a\nnotice.\n\nYou may add additional accurate notices of copyright ownership.\n\nExhibit B - \"Incompatible With Secondary Licenses\" Notice\n\n      This Source Code Form is \"Incompatible\n      With Secondary Licenses\", as defined by\n      the Mozilla Public License, v. 2.0.\n\n"
   },
+  {
+    "name": "github.com/hashicorp/go-multierror",
+    "path": "github.com/hashicorp/go-multierror/LICENSE",
+    "licenseText": "Mozilla Public License, version 2.0\n\n1. Definitions\n\n1.1. “Contributor”\n\n     means each individual or legal entity that creates, contributes to the\n     creation of, or owns Covered Software.\n\n1.2. “Contributor Version”\n\n     means the combination of the Contributions of others (if any) used by a\n     Contributor and that particular Contributor’s Contribution.\n\n1.3. “Contribution”\n\n     means Covered Software of a particular Contributor.\n\n1.4. “Covered Software”\n\n     means Source Code Form to which the initial Contributor has attached the\n     notice in Exhibit A, the Executable Form of such Source Code Form, and\n     Modifications of such Source Code Form, in each case including portions\n     thereof.\n\n1.5. “Incompatible With Secondary Licenses”\n     means\n\n     a. that the initial Contributor has attached the notice described in\n        Exhibit B to the Covered Software; or\n\n     b. that the Covered Software was made available under the terms of version\n        1.1 or earlier of the License, but not also under the terms of a\n        Secondary License.\n\n1.6. “Executable Form”\n\n     means any form of the work other than Source Code Form.\n\n1.7. “Larger Work”\n\n     means a work that combines Covered Software with other material, in a separate\n     file or files, that is not Covered Software.\n\n1.8. “License”\n\n     means this document.\n\n1.9. “Licensable”\n\n     means having the right to grant, to the maximum extent possible, whether at the\n     time of the initial grant or subsequently, any and all of the rights conveyed by\n     this License.\n\n1.10. “Modifications”\n\n     means any of the following:\n\n     a. any file in Source Code Form that results from an addition to, deletion\n        from, or modification of the contents of Covered Software; or\n\n     b. any new file in Source Code Form that contains any Covered Software.\n\n1.11. “Patent Claims” of a Contributor\n\n      means any patent claim(s), including without limitation, method, process,\n      and apparatus claims, in any patent Licensable by such Contributor that\n      would be infringed, but for the grant of the License, by the making,\n      using, selling, offering for sale, having made, import, or transfer of\n      either its Contributions or its Contributor Version.\n\n1.12. “Secondary License”\n\n      means either the GNU General Public License, Version 2.0, the GNU Lesser\n      General Public License, Version 2.1, the GNU Affero General Public\n      License, Version 3.0, or any later versions of those licenses.\n\n1.13. “Source Code Form”\n\n      means the form of the work preferred for making modifications.\n\n1.14. “You” (or “Your”)\n\n      means an individual or a legal entity exercising rights under this\n      License. For legal entities, “You” includes any entity that controls, is\n      controlled by, or is under common control with You. For purposes of this\n      definition, “control” means (a) the power, direct or indirect, to cause\n      the direction or management of such entity, whether by contract or\n      otherwise, or (b) ownership of more than fifty percent (50%) of the\n      outstanding shares or beneficial ownership of such entity.\n\n\n2. License Grants and Conditions\n\n2.1. Grants\n\n     Each Contributor hereby grants You a world-wide, royalty-free,\n     non-exclusive license:\n\n     a. under intellectual property rights (other than patent or trademark)\n        Licensable by such Contributor to use, reproduce, make available,\n        modify, display, perform, distribute, and otherwise exploit its\n        Contributions, either on an unmodified basis, with Modifications, or as\n        part of a Larger Work; and\n\n     b. under Patent Claims of such Contributor to make, use, sell, offer for\n        sale, have made, import, and otherwise transfer either its Contributions\n        or its Contributor Version.\n\n2.2. Effective Date\n\n     The licenses granted in Section 2.1 with respect to any Contribution become\n     effective for each Contribution on the date the Contributor first distributes\n     such Contribution.\n\n2.3. Limitations on Grant Scope\n\n     The licenses granted in this Section 2 are the only rights granted under this\n     License. No additional rights or licenses will be implied from the distribution\n     or licensing of Covered Software under this License. Notwithstanding Section\n     2.1(b) above, no patent license is granted by a Contributor:\n\n     a. for any code that a Contributor has removed from Covered Software; or\n\n     b. for infringements caused by: (i) Your and any other third party’s\n        modifications of Covered Software, or (ii) the combination of its\n        Contributions with other software (except as part of its Contributor\n        Version); or\n\n     c. under Patent Claims infringed by Covered Software in the absence of its\n        Contributions.\n\n     This License does not grant any rights in the trademarks, service marks, or\n     logos of any Contributor (except as may be necessary to comply with the\n     notice requirements in Section 3.4).\n\n2.4. Subsequent Licenses\n\n     No Contributor makes additional grants as a result of Your choice to\n     distribute the Covered Software under a subsequent version of this License\n     (see Section 10.2) or under the terms of a Secondary License (if permitted\n     under the terms of Section 3.3).\n\n2.5. Representation\n\n     Each Contributor represents that the Contributor believes its Contributions\n     are its original creation(s) or it has sufficient rights to grant the\n     rights to its Contributions conveyed by this License.\n\n2.6. Fair Use\n\n     This License is not intended to limit any rights You have under applicable\n     copyright doctrines of fair use, fair dealing, or other equivalents.\n\n2.7. Conditions\n\n     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in\n     Section 2.1.\n\n\n3. Responsibilities\n\n3.1. Distribution of Source Form\n\n     All distribution of Covered Software in Source Code Form, including any\n     Modifications that You create or to which You contribute, must be under the\n     terms of this License. You must inform recipients that the Source Code Form\n     of the Covered Software is governed by the terms of this License, and how\n     they can obtain a copy of this License. You may not attempt to alter or\n     restrict the recipients’ rights in the Source Code Form.\n\n3.2. Distribution of Executable Form\n\n     If You distribute Covered Software in Executable Form then:\n\n     a. such Covered Software must also be made available in Source Code Form,\n        as described in Section 3.1, and You must inform recipients of the\n        Executable Form how they can obtain a copy of such Source Code Form by\n        reasonable means in a timely manner, at a charge no more than the cost\n        of distribution to the recipient; and\n\n     b. You may distribute such Executable Form under the terms of this License,\n        or sublicense it under different terms, provided that the license for\n        the Executable Form does not attempt to limit or alter the recipients’\n        rights in the Source Code Form under this License.\n\n3.3. Distribution of a Larger Work\n\n     You may create and distribute a Larger Work under terms of Your choice,\n     provided that You also comply with the requirements of this License for the\n     Covered Software. If the Larger Work is a combination of Covered Software\n     with a work governed by one or more Secondary Licenses, and the Covered\n     Software is not Incompatible With Secondary Licenses, this License permits\n     You to additionally distribute such Covered Software under the terms of\n     such Secondary License(s), so that the recipient of the Larger Work may, at\n     their option, further distribute the Covered Software under the terms of\n     either this License or such Secondary License(s).\n\n3.4. Notices\n\n     You may not remove or alter the substance of any license notices (including\n     copyright notices, patent notices, disclaimers of warranty, or limitations\n     of liability) contained within the Source Code Form of the Covered\n     Software, except that You may alter any license notices to the extent\n     required to remedy known factual inaccuracies.\n\n3.5. Application of Additional Terms\n\n     You may choose to offer, and to charge a fee for, warranty, support,\n     indemnity or liability obligations to one or more recipients of Covered\n     Software. However, You may do so only on Your own behalf, and not on behalf\n     of any Contributor. You must make it absolutely clear that any such\n     warranty, support, indemnity, or liability obligation is offered by You\n     alone, and You hereby agree to indemnify every Contributor for any\n     liability incurred by such Contributor as a result of warranty, support,\n     indemnity or liability terms You offer. You may include additional\n     disclaimers of warranty and limitations of liability specific to any\n     jurisdiction.\n\n4. Inability to Comply Due to Statute or Regulation\n\n   If it is impossible for You to comply with any of the terms of this License\n   with respect to some or all of the Covered Software due to statute, judicial\n   order, or regulation then You must: (a) comply with the terms of this License\n   to the maximum extent possible; and (b) describe the limitations and the code\n   they affect. Such description must be placed in a text file included with all\n   distributions of the Covered Software under this License. Except to the\n   extent prohibited by statute or regulation, such description must be\n   sufficiently detailed for a recipient of ordinary skill to be able to\n   understand it.\n\n5. Termination\n\n5.1. The rights granted under this License will terminate automatically if You\n     fail to comply with any of its terms. However, if You become compliant,\n     then the rights granted under this License from a particular Contributor\n     are reinstated (a) provisionally, unless and until such Contributor\n     explicitly and finally terminates Your grants, and (b) on an ongoing basis,\n     if such Contributor fails to notify You of the non-compliance by some\n     reasonable means prior to 60 days after You have come back into compliance.\n     Moreover, Your grants from a particular Contributor are reinstated on an\n     ongoing basis if such Contributor notifies You of the non-compliance by\n     some reasonable means, this is the first time You have received notice of\n     non-compliance with this License from such Contributor, and You become\n     compliant prior to 30 days after Your receipt of the notice.\n\n5.2. If You initiate litigation against any entity by asserting a patent\n     infringement claim (excluding declaratory judgment actions, counter-claims,\n     and cross-claims) alleging that a Contributor Version directly or\n     indirectly infringes any patent, then the rights granted to You by any and\n     all Contributors for the Covered Software under Section 2.1 of this License\n     shall terminate.\n\n5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user\n     license agreements (excluding distributors and resellers) which have been\n     validly granted by You or Your distributors under this License prior to\n     termination shall survive termination.\n\n6. Disclaimer of Warranty\n\n   Covered Software is provided under this License on an “as is” basis, without\n   warranty of any kind, either expressed, implied, or statutory, including,\n   without limitation, warranties that the Covered Software is free of defects,\n   merchantable, fit for a particular purpose or non-infringing. The entire\n   risk as to the quality and performance of the Covered Software is with You.\n   Should any Covered Software prove defective in any respect, You (not any\n   Contributor) assume the cost of any necessary servicing, repair, or\n   correction. This disclaimer of warranty constitutes an essential part of this\n   License. No use of  any Covered Software is authorized under this License\n   except under this disclaimer.\n\n7. Limitation of Liability\n\n   Under no circumstances and under no legal theory, whether tort (including\n   negligence), contract, or otherwise, shall any Contributor, or anyone who\n   distributes Covered Software as permitted above, be liable to You for any\n   direct, indirect, special, incidental, or consequential damages of any\n   character including, without limitation, damages for lost profits, loss of\n   goodwill, work stoppage, computer failure or malfunction, or any and all\n   other commercial damages or losses, even if such party shall have been\n   informed of the possibility of such damages. This limitation of liability\n   shall not apply to liability for death or personal injury resulting from such\n   party’s negligence to the extent applicable law prohibits such limitation.\n   Some jurisdictions do not allow the exclusion or limitation of incidental or\n   consequential damages, so this exclusion and limitation may not apply to You.\n\n8. Litigation\n\n   Any litigation relating to this License may be brought only in the courts of\n   a jurisdiction where the defendant maintains its principal place of business\n   and such litigation shall be governed by laws of that jurisdiction, without\n   reference to its conflict-of-law provisions. Nothing in this Section shall\n   prevent a party’s ability to bring cross-claims or counter-claims.\n\n9. Miscellaneous\n\n   This License represents the complete agreement concerning the subject matter\n   hereof. If any provision of this License is held to be unenforceable, such\n   provision shall be reformed only to the extent necessary to make it\n   enforceable. Any law or regulation which provides that the language of a\n   contract shall be construed against the drafter shall not be used to construe\n   this License against a Contributor.\n\n\n10. Versions of the License\n\n10.1. New Versions\n\n      Mozilla Foundation is the license steward. Except as provided in Section\n      10.3, no one other than the license steward has the right to modify or\n      publish new versions of this License. Each version will be given a\n      distinguishing version number.\n\n10.2. Effect of New Versions\n\n      You may distribute the Covered Software under the terms of the version of\n      the License under which You originally received the Covered Software, or\n      under the terms of any subsequent version published by the license\n      steward.\n\n10.3. Modified Versions\n\n      If you create software not governed by this License, and you want to\n      create a new license for such software, you may create and use a modified\n      version of this License if you rename the license and remove any\n      references to the name of the license steward (except to note that such\n      modified license differs from this License).\n\n10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses\n      If You choose to distribute Source Code Form that is Incompatible With\n      Secondary Licenses under the terms of this version of the License, the\n      notice described in Exhibit B of this License must be attached.\n\nExhibit A - Source Code Form License Notice\n\n      This Source Code Form is subject to the\n      terms of the Mozilla Public License, v.\n      2.0. If a copy of the MPL was not\n      distributed with this file, You can\n      obtain one at\n      http://mozilla.org/MPL/2.0/.\n\nIf it is not possible or desirable to put the notice in a particular file, then\nYou may include the notice in a location (such as a LICENSE file in a relevant\ndirectory) where a recipient would be likely to look for such a notice.\n\nYou may add additional accurate notices of copyright ownership.\n\nExhibit B - “Incompatible With Secondary Licenses” Notice\n\n      This Source Code Form is “Incompatible\n      With Secondary Licenses”, as defined by\n      the Mozilla Public License, v. 2.0.\n"
+  },
   {
     "name": "github.com/hashicorp/go-retryablehttp",
     "path": "github.com/hashicorp/go-retryablehttp/LICENSE",
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index adec5aff365..0f70a1a3d04 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2713,3 +2713,9 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; storage type
 ;STORAGE_TYPE = local
+
+;[global_lock]
+;; Lock service type, could be memory or redis
+;SERVICE_TYPE = memory
+;; Ignored for the "memory" type. For "redis" use something like `redis://127.0.0.1:6379/0`
+;SERVICE_CONN_STR =
diff --git a/modules/globallock/globallock.go b/modules/globallock/globallock.go
index aa535577292..24e91881bb3 100644
--- a/modules/globallock/globallock.go
+++ b/modules/globallock/globallock.go
@@ -6,14 +6,22 @@ package globallock
 import (
 	"context"
 	"sync"
+
+	"code.gitea.io/gitea/modules/setting"
 )
 
 var (
 	defaultLocker Locker
 	initOnce      sync.Once
 	initFunc      = func() {
-		// TODO: read the setting and initialize the default locker.
-		//       Before implementing this, don't use it.
+		switch setting.GlobalLock.ServiceType {
+		case "redis":
+			defaultLocker = NewRedisLocker(setting.GlobalLock.ServiceConnStr)
+		case "memory":
+			fallthrough
+		default:
+			defaultLocker = NewMemoryLocker()
+		}
 	} // define initFunc as a variable to make it possible to change it in tests
 )
 
diff --git a/modules/setting/gloabl_lock.go b/modules/setting/gloabl_lock.go
new file mode 100644
index 00000000000..a7802a9df1f
--- /dev/null
+++ b/modules/setting/gloabl_lock.go
@@ -0,0 +1,37 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/nosql"
+)
+
+// GlobalLock represents configuration of global lock
+var GlobalLock = struct {
+	ServiceType    string
+	ServiceConnStr string
+}{
+	ServiceType: "memory",
+}
+
+func loadGlobalLockFrom(rootCfg ConfigProvider) {
+	sec := rootCfg.Section("global_lock")
+	GlobalLock.ServiceType = sec.Key("SERVICE_TYPE").MustString("memory")
+	switch GlobalLock.ServiceType {
+	case "memory":
+	case "redis":
+		connStr := sec.Key("SERVICE_CONN_STR").String()
+		if connStr == "" {
+			log.Fatal("SERVICE_CONN_STR is empty for redis")
+		}
+		u := nosql.ToRedisURI(connStr)
+		if u == nil {
+			log.Fatal("SERVICE_CONN_STR %s is not a valid redis connection string", connStr)
+		}
+		GlobalLock.ServiceConnStr = connStr
+	default:
+		log.Fatal("Unknown sync lock service type: %s", GlobalLock.ServiceType)
+	}
+}
diff --git a/modules/setting/global_lock_test.go b/modules/setting/global_lock_test.go
new file mode 100644
index 00000000000..5eeb275523a
--- /dev/null
+++ b/modules/setting/global_lock_test.go
@@ -0,0 +1,35 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLoadGlobalLockConfig(t *testing.T) {
+	t.Run("DefaultGlobalLockConfig", func(t *testing.T) {
+		iniStr := ``
+		cfg, err := NewConfigProviderFromData(iniStr)
+		assert.NoError(t, err)
+
+		loadGlobalLockFrom(cfg)
+		assert.EqualValues(t, "memory", GlobalLock.ServiceType)
+	})
+
+	t.Run("RedisGlobalLockConfig", func(t *testing.T) {
+		iniStr := `
+[global_lock]
+SERVICE_TYPE = redis
+SERVICE_CONN_STR = addrs=127.0.0.1:6379 db=0
+`
+		cfg, err := NewConfigProviderFromData(iniStr)
+		assert.NoError(t, err)
+
+		loadGlobalLockFrom(cfg)
+		assert.EqualValues(t, "redis", GlobalLock.ServiceType)
+		assert.EqualValues(t, "addrs=127.0.0.1:6379 db=0", GlobalLock.ServiceConnStr)
+	})
+}
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index b4f913cdae1..c93d199b1b6 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -147,6 +147,7 @@ func loadCommonSettingsFrom(cfg ConfigProvider) error {
 	loadGitFrom(cfg)
 	loadMirrorFrom(cfg)
 	loadMarkupFrom(cfg)
+	loadGlobalLockFrom(cfg)
 	loadOtherFrom(cfg)
 	return nil
 }
diff --git a/modules/sync/exclusive_pool.go b/modules/sync/exclusive_pool.go
deleted file mode 100644
index fbfc1f22924..00000000000
--- a/modules/sync/exclusive_pool.go
+++ /dev/null
@@ -1,69 +0,0 @@
-// Copyright 2016 The Gogs Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package sync
-
-import (
-	"sync"
-)
-
-// ExclusivePool is a pool of non-identical instances
-// that only one instance with same identity is in the pool at a time.
-// In other words, only instances with different identities can be in
-// the pool the same time. If another instance with same identity tries
-// to get into the pool, it hangs until previous instance left the pool.
-//
-// This pool is particularly useful for performing tasks on same resource
-// on the file system in different goroutines.
-type ExclusivePool struct {
-	lock sync.Mutex
-
-	// pool maintains locks for each instance in the pool.
-	pool map[string]*sync.Mutex
-
-	// count maintains the number of times an instance with same identity checks in
-	// to the pool, and should be reduced to 0 (removed from map) by checking out
-	// with same number of times.
-	// The purpose of count is to delete lock when count down to 0 and recycle memory
-	// from map object.
-	count map[string]int
-}
-
-// NewExclusivePool initializes and returns a new ExclusivePool object.
-func NewExclusivePool() *ExclusivePool {
-	return &ExclusivePool{
-		pool:  make(map[string]*sync.Mutex),
-		count: make(map[string]int),
-	}
-}
-
-// CheckIn checks in an instance to the pool and hangs while instance
-// with same identity is using the lock.
-func (p *ExclusivePool) CheckIn(identity string) {
-	p.lock.Lock()
-
-	lock, has := p.pool[identity]
-	if !has {
-		lock = &sync.Mutex{}
-		p.pool[identity] = lock
-	}
-	p.count[identity]++
-
-	p.lock.Unlock()
-	lock.Lock()
-}
-
-// CheckOut checks out an instance from the pool and releases the lock
-// to let other instances with same identity to grab the lock.
-func (p *ExclusivePool) CheckOut(identity string) {
-	p.lock.Lock()
-	defer p.lock.Unlock()
-
-	p.pool[identity].Unlock()
-	if p.count[identity] == 1 {
-		delete(p.pool, identity)
-		delete(p.count, identity)
-	} else {
-		p.count[identity]--
-	}
-}
diff --git a/services/pull/check.go b/services/pull/check.go
index 7d93ff7a8a4..ce212f7d83b 100644
--- a/services/pull/check.go
+++ b/services/pull/check.go
@@ -21,6 +21,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
@@ -334,9 +335,15 @@ func handler(items ...string) []string {
 }
 
 func testPR(id int64) {
-	pullWorkingPool.CheckIn(fmt.Sprint(id))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(id))
-	ctx, _, finished := process.GetManager().AddContext(graceful.GetManager().HammerContext(), fmt.Sprintf("Test PR[%d] from patch checking queue", id))
+	ctx := graceful.GetManager().HammerContext()
+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(id))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return
+	}
+	defer releaser()
+
+	ctx, _, finished := process.GetManager().AddContext(ctx, fmt.Sprintf("Test PR[%d] from patch checking queue", id))
 	defer finished()
 
 	pr, err := issues_model.GetPullRequestByID(ctx, id)
diff --git a/services/pull/merge.go b/services/pull/merge.go
index eb67e069461..a3fbe4f627b 100644
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@@ -23,6 +23,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/httplib"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/references"
@@ -169,9 +170,6 @@ func Merge(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.U
 		return fmt.Errorf("unable to load head repo: %w", err)
 	}
 
-	pullWorkingPool.CheckIn(fmt.Sprint(pr.ID))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(pr.ID))
-
 	prUnit, err := pr.BaseRepo.GetUnit(ctx, unit.TypePullRequests)
 	if err != nil {
 		log.Error("pr.BaseRepo.GetUnit(unit.TypePullRequests): %v", err)
@@ -184,11 +182,18 @@ func Merge(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.U
 		return models.ErrInvalidMergeStyle{ID: pr.BaseRepo.ID, Style: mergeStyle}
 	}
 
+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(pr.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()
 	defer func() {
 		go AddTestPullRequestTask(doer, pr.BaseRepo.ID, pr.BaseBranch, false, "", "")
 	}()
 
 	_, err = doMergeAndPush(ctx, pr, doer, mergeStyle, expectedHeadCommitID, message, repo_module.PushTriggerPRMergeToBase)
+	releaser()
 	if err != nil {
 		return err
 	}
@@ -487,10 +492,14 @@ func CheckPullBranchProtections(ctx context.Context, pr *issues_model.PullReques
 
 // MergedManually mark pr as merged manually
 func MergedManually(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.User, baseGitRepo *git.Repository, commitID string) error {
-	pullWorkingPool.CheckIn(fmt.Sprint(pr.ID))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(pr.ID))
+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(pr.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()
 
-	if err := db.WithTx(ctx, func(ctx context.Context) error {
+	err = db.WithTx(ctx, func(ctx context.Context) error {
 		if err := pr.LoadBaseRepo(ctx); err != nil {
 			return err
 		}
@@ -540,7 +549,9 @@ func MergedManually(ctx context.Context, pr *issues_model.PullRequest, doer *use
 			return fmt.Errorf("SetMerged failed")
 		}
 		return nil
-	}); err != nil {
+	})
+	releaser()
+	if err != nil {
 		return err
 	}
 
diff --git a/services/pull/pull.go b/services/pull/pull.go
index e69c842a2d4..154ff6c5c68 100644
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@@ -25,20 +25,21 @@ import (
 	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/sync"
 	"code.gitea.io/gitea/modules/util"
 	gitea_context "code.gitea.io/gitea/services/context"
 	issue_service "code.gitea.io/gitea/services/issue"
 	notify_service "code.gitea.io/gitea/services/notify"
 )
 
-// TODO: use clustered lock (unique queue? or *abuse* cache)
-var pullWorkingPool = sync.NewExclusivePool()
+func getPullWorkingLockKey(prID int64) string {
+	return fmt.Sprintf("pull_working_%d", prID)
+}
 
 // NewPullRequest creates new pull request with labels for repository.
 func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *issues_model.Issue, labelIDs []int64, uuids []string, pr *issues_model.PullRequest, assigneeIDs []int64) error {
@@ -202,8 +203,12 @@ func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *iss
 
 // ChangeTargetBranch changes the target branch of this pull request, as the given user.
 func ChangeTargetBranch(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.User, targetBranch string) (err error) {
-	pullWorkingPool.CheckIn(fmt.Sprint(pr.ID))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(pr.ID))
+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(pr.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()
 
 	// Current target branch is already the same
 	if pr.BaseBranch == targetBranch {
diff --git a/services/pull/update.go b/services/pull/update.go
index a7fd81421e9..311ffc2442d 100644
--- a/services/pull/update.go
+++ b/services/pull/update.go
@@ -14,6 +14,7 @@ import (
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/repository"
 )
@@ -25,8 +26,12 @@ func Update(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.
 		return fmt.Errorf("update of agit flow pull request's head branch is unsupported")
 	}
 
-	pullWorkingPool.CheckIn(fmt.Sprint(pr.ID))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(pr.ID))
+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(pr.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()
 
 	diffCount, err := GetDiverging(ctx, pr)
 	if err != nil {
diff --git a/services/repository/transfer.go b/services/repository/transfer.go
index f48653072a8..7ad6b46fa4c 100644
--- a/services/repository/transfer.go
+++ b/services/repository/transfer.go
@@ -18,16 +18,16 @@ import (
 	project_model "code.gitea.io/gitea/models/project"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/log"
 	repo_module "code.gitea.io/gitea/modules/repository"
-	"code.gitea.io/gitea/modules/sync"
 	"code.gitea.io/gitea/modules/util"
 	notify_service "code.gitea.io/gitea/services/notify"
 )
 
-// repoWorkingPool represents a working pool to order the parallel changes to the same repository
-// TODO: use clustered lock (unique queue? or *abuse* cache)
-var repoWorkingPool = sync.NewExclusivePool()
+func getRepoWorkingLockKey(repoID int64) string {
+	return fmt.Sprintf("repo_working_%d", repoID)
+}
 
 // TransferOwnership transfers all corresponding setting from old user to new one.
 func TransferOwnership(ctx context.Context, doer, newOwner *user_model.User, repo *repo_model.Repository, teams []*organization.Team) error {
@@ -42,12 +42,17 @@ func TransferOwnership(ctx context.Context, doer, newOwner *user_model.User, rep
 
 	oldOwner := repo.Owner
 
-	repoWorkingPool.CheckIn(fmt.Sprint(repo.ID))
+	releaser, err := globallock.Lock(ctx, getRepoWorkingLockKey(repo.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()
+
 	if err := transferOwnership(ctx, doer, newOwner.Name, repo); err != nil {
-		repoWorkingPool.CheckOut(fmt.Sprint(repo.ID))
 		return err
 	}
-	repoWorkingPool.CheckOut(fmt.Sprint(repo.ID))
+	releaser()
 
 	newRepo, err := repo_model.GetRepositoryByID(ctx, repo.ID)
 	if err != nil {
@@ -360,15 +365,20 @@ func ChangeRepositoryName(ctx context.Context, doer *user_model.User, repo *repo
 	oldRepoName := repo.Name
 
 	// Change repository directory name. We must lock the local copy of the
-	// repo so that we can atomically rename the repo path and updates the
+	// repo so that we can automatically rename the repo path and updates the
 	// local copy's origin accordingly.
 
-	repoWorkingPool.CheckIn(fmt.Sprint(repo.ID))
+	releaser, err := globallock.Lock(ctx, getRepoWorkingLockKey(repo.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()
+
 	if err := changeRepositoryName(ctx, repo, newRepoName); err != nil {
-		repoWorkingPool.CheckOut(fmt.Sprint(repo.ID))
 		return err
 	}
-	repoWorkingPool.CheckOut(fmt.Sprint(repo.ID))
+	releaser()
 
 	repo.Name = newRepoName
 	notify_service.RenameRepository(ctx, doer, repo, oldRepoName)
diff --git a/services/wiki/wiki.go b/services/wiki/wiki.go
index fdcc5feefa7..7a0419aea7c 100644
--- a/services/wiki/wiki.go
+++ b/services/wiki/wiki.go
@@ -18,19 +18,20 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/log"
 	repo_module "code.gitea.io/gitea/modules/repository"
-	"code.gitea.io/gitea/modules/sync"
 	"code.gitea.io/gitea/modules/util"
 	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	repo_service "code.gitea.io/gitea/services/repository"
 )
 
-// TODO: use clustered lock (unique queue? or *abuse* cache)
-var wikiWorkingPool = sync.NewExclusivePool()
-
 const DefaultRemote = "origin"
 
+func getWikiWorkingLockKey(repoID int64) string {
+	return fmt.Sprintf("wiki_working_%d", repoID)
+}
+
 // InitWiki initializes a wiki for repository,
 // it does nothing when repository already has wiki.
 func InitWiki(ctx context.Context, repo *repo_model.Repository) error {
@@ -89,8 +90,11 @@ func updateWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model
 	if err = validateWebPath(newWikiName); err != nil {
 		return err
 	}
-	wikiWorkingPool.CheckIn(fmt.Sprint(repo.ID))
-	defer wikiWorkingPool.CheckOut(fmt.Sprint(repo.ID))
+	releaser, err := globallock.Lock(ctx, getWikiWorkingLockKey(repo.ID))
+	if err != nil {
+		return err
+	}
+	defer releaser()
 
 	if err = InitWiki(ctx, repo); err != nil {
 		return fmt.Errorf("InitWiki: %w", err)
@@ -250,8 +254,11 @@ func DeleteWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model
 		return err
 	}
 
-	wikiWorkingPool.CheckIn(fmt.Sprint(repo.ID))
-	defer wikiWorkingPool.CheckOut(fmt.Sprint(repo.ID))
+	releaser, err := globallock.Lock(ctx, getWikiWorkingLockKey(repo.ID))
+	if err != nil {
+		return err
+	}
+	defer releaser()
 
 	if err = InitWiki(ctx, repo); err != nil {
 		return fmt.Errorf("InitWiki: %w", err)

From e8b801ff027bf32f7b3078c6be4e690f70f1223b Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Sat, 7 Sep 2024 00:29:09 +0000
Subject: [PATCH 059/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_cs-CZ.ini | 4 +---
 options/locale/locale_de-DE.ini | 4 +---
 options/locale/locale_el-GR.ini | 4 +---
 options/locale/locale_es-ES.ini | 4 +---
 options/locale/locale_fa-IR.ini | 3 +--
 options/locale/locale_fi-FI.ini | 1 +
 options/locale/locale_fr-FR.ini | 4 +---
 options/locale/locale_hu-HU.ini | 2 +-
 options/locale/locale_is-IS.ini | 2 +-
 options/locale/locale_it-IT.ini | 3 +--
 options/locale/locale_ja-JP.ini | 4 +---
 options/locale/locale_ko-KR.ini | 2 +-
 options/locale/locale_lv-LV.ini | 4 +---
 options/locale/locale_nl-NL.ini | 3 +--
 options/locale/locale_pl-PL.ini | 3 +--
 options/locale/locale_pt-BR.ini | 4 +---
 options/locale/locale_pt-PT.ini | 3 +--
 options/locale/locale_ru-RU.ini | 4 +---
 options/locale/locale_si-LK.ini | 3 +--
 options/locale/locale_sk-SK.ini | 2 --
 options/locale/locale_sv-SE.ini | 2 +-
 options/locale/locale_tr-TR.ini | 4 +---
 options/locale/locale_uk-UA.ini | 3 +--
 options/locale/locale_zh-CN.ini | 4 +---
 options/locale/locale_zh-TW.ini | 3 +--
 25 files changed, 24 insertions(+), 55 deletions(-)

diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index e44f8ddb6b5..271bf114020 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -1701,7 +1701,7 @@ issues.dependency.add_error_dep_not_same_repo=Oba úkoly musí být ve stejném
 issues.review.self.approval=Nemůžete schválit svůj pull request.
 issues.review.self.rejection=Nemůžete požadovat změny ve svém vlastním pull requestu.
 issues.review.approve=schválil tyto změny %s
-issues.review.comment=posoudil %s
+issues.review.comment=Okomentovat
 issues.review.dismissed=zamítl/a posouzení od %s %s
 issues.review.dismissed_label=Zamítnuto
 issues.review.left_comment=zanechal komentář
@@ -1798,7 +1798,6 @@ pulls.is_empty=Změny na této větvi jsou již na cílové větvi. Toto bude pr
 pulls.required_status_check_failed=Některé požadované kontroly nebyly úspěšné.
 pulls.required_status_check_missing=Některé požadované kontroly chybí.
 pulls.required_status_check_administrator=Jako administrátor stále můžete sloučit tento pull request.
-pulls.blocked_by_approvals=Tento pull request ještě nemá dostatek schválení. Uděleno %d z %d schválení.
 pulls.blocked_by_rejection=Tento pull request obsahuje změny požadované oficiálním posuzovatelem.
 pulls.blocked_by_official_review_requests=Tento pull request obsahuje oficiální žádosti o posouzení.
 pulls.blocked_by_outdated_branch=Tento pull request je zablokován, protože je zastaralý.
@@ -2357,7 +2356,6 @@ settings.protect_status_check_matched=Odpovídá
 settings.protect_invalid_status_check_pattern=Neplatný vzor kontroly stavu: „%s“.
 settings.protect_no_valid_status_check_patterns=Žádné platné vzory kontroly stavu.
 settings.protect_required_approvals=Požadovaná schválení:
-settings.protect_required_approvals_desc=Umožnit sloučení pouze pull requestů s dostatečným pozitivním hodnocením.
 settings.dismiss_stale_approvals=Odmítnout nekvalitní schválení
 settings.dismiss_stale_approvals_desc=Pokud budou do větve nahrány nové revize, které mění obsah tohoto pull requestu, všechna stará schválení budou zamítnuta.
 settings.ignore_stale_approvals=Ignorovat zastaralá schválení
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index e0b02cf7e65..78c9f0b41d6 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -1681,7 +1681,7 @@ issues.dependency.add_error_dep_not_same_repo=Beide Issues müssen sich im selbe
 issues.review.self.approval=Du kannst nicht dein eigenen Pull-Request genehmigen.
 issues.review.self.rejection=Du kannst keine Änderungen an deinem eigenen Pull-Request anfragen.
 issues.review.approve=hat die Änderungen %s genehmigt
-issues.review.comment=hat %s überprüft
+issues.review.comment=Kommentieren
 issues.review.dismissed=verwarf %ss Review %s
 issues.review.dismissed_label=Verworfen
 issues.review.left_comment=hat einen Kommentar hinterlassen
@@ -1777,7 +1777,6 @@ pulls.is_empty=Die Änderungen an diesem Branch sind bereits auf dem Zielbranch.
 pulls.required_status_check_failed=Einige erforderliche Prüfungen waren nicht erfolgreich.
 pulls.required_status_check_missing=Einige erforderliche Prüfungen fehlen.
 pulls.required_status_check_administrator=Als Administrator kannst du diesen Pull-Request weiterhin mergen.
-pulls.blocked_by_approvals=Dieser Pull-Request hat noch nicht genügend Zustimmungen. %d von %d Zustimmungen erteilt.
 pulls.blocked_by_rejection=Dieser Pull-Request hat Änderungen, die von einem offiziellen Reviewer angefragt wurden.
 pulls.blocked_by_official_review_requests=Dieser Pull Request hat offizielle Review-Anfragen.
 pulls.blocked_by_outdated_branch=Dieser Pull Request ist blockiert, da er veraltet ist.
@@ -2331,7 +2330,6 @@ settings.protect_status_check_matched=Übereinstimmung
 settings.protect_invalid_status_check_pattern=Ungültiges Muster: "%s".
 settings.protect_no_valid_status_check_patterns=Keine gültigen Statuscheck-Muster.
 settings.protect_required_approvals=Erforderliche Zustimmungen:
-settings.protect_required_approvals_desc=Erlaube das Mergen des Pull-Requests nur mit genügend positiven Reviews.
 settings.dismiss_stale_approvals=Entferne alte Genehmigungen
 settings.dismiss_stale_approvals_desc=Wenn neue Commits gepusht werden, die den Inhalt des Pull-Requests ändern, werden alte Genehmigungen entfernt.
 settings.ignore_stale_approvals=Veraltete Genehmigungen ignorieren
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 589357d3385..ef314b13922 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -1603,7 +1603,7 @@ issues.dependency.add_error_dep_not_same_repo=Και τα δύο ζητήματ
 issues.review.self.approval=Δεν μπορείτε να εγκρίνετε το δικό σας pull request.
 issues.review.self.rejection=Δεν μπορείτε να ζητήσετε αλλαγές στο δικό σας pull request.
 issues.review.approve=ενέκρινε αυτές τις αλλαγές %s
-issues.review.comment=αξιολόγησε %s
+issues.review.comment=Σχόλιο
 issues.review.dismissed=απέρριψε την αξιολόγηση %s %s
 issues.review.dismissed_label=Απορρίφθηκε
 issues.review.left_comment=άφησε ένα σχόλιο
@@ -1697,7 +1697,6 @@ pulls.is_empty=Οι αλλαγές σε αυτόν τον κλάδο είναι
 pulls.required_status_check_failed=Ορισμένοι απαιτούμενοι έλεγχοι δεν ήταν επιτυχείς.
 pulls.required_status_check_missing=Λείπουν ορισμένοι απαιτούμενοι έλεγχοι.
 pulls.required_status_check_administrator=Ως διαχειριστής, μπορείτε ακόμα να συγχωνεύσετε αυτό το pull request.
-pulls.blocked_by_approvals=Το pull request δεν έχει ακόμα αρκετές εγκρίσεις. Δόθηκαν %d από %d εγκρίσεις.
 pulls.blocked_by_rejection=Αυτό το Pull Request έχει αλλαγές που ζητούνται από έναν επίσημο εξεταστή.
 pulls.blocked_by_official_review_requests=Αυτό το Pull Request έχει επίσημες αιτήσεις αξιολόγησης.
 pulls.blocked_by_outdated_branch=Αυτό το pull request έχει αποκλειστεί επειδή είναι παρωχημένο.
@@ -2238,7 +2237,6 @@ settings.protect_status_check_matched=Ταιριάζει
 settings.protect_invalid_status_check_pattern=Μη έγκυρο μοτίβο ελέγχου κατάστασης: "%s".
 settings.protect_no_valid_status_check_patterns=Μη έγκυρα μοτίβα ελέγχου κατάστασης.
 settings.protect_required_approvals=Απαιτούμενες εγκρίσεις:
-settings.protect_required_approvals_desc=Επιτρέψτε μόνο να συγχωνεύσετε pull request με αρκετές θετικές κριτικές.
 settings.dismiss_stale_approvals=Παράβλεψη καθυστερημένων εγκρίσεων
 settings.dismiss_stale_approvals_desc=Όταν οι νέες υποβολές που αλλάζουν το περιεχόμενο του pull request γίνονται push στο κλάδο, οι παλιές εγκρίσεις απορρίπτονται.
 settings.require_signed_commits=Απαιτούνται Υπογεγραμμένες Υποβολές
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index c3cde7de5c8..5c0384b4477 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -1593,7 +1593,7 @@ issues.dependency.add_error_dep_not_same_repo=Ambas incidencias deben estar en e
 issues.review.self.approval=No puede aprobar su propio pull request.
 issues.review.self.rejection=No puede sugerir cambios en su propio pull request.
 issues.review.approve=aprobado estos cambios %s
-issues.review.comment=revisado %s
+issues.review.comment=Comentario
 issues.review.dismissed=descartó la revisión de %s %s
 issues.review.dismissed_label=Descartado
 issues.review.left_comment=dejó un comentario
@@ -1687,7 +1687,6 @@ pulls.is_empty=Los cambios en esta rama ya están en la rama de destino. Esto se
 pulls.required_status_check_failed=Algunos controles requeridos no han tenido éxito.
 pulls.required_status_check_missing=Faltan algunos controles necesarios.
 pulls.required_status_check_administrator=Como administrador, aún puede fusionar este Pull Request.
-pulls.blocked_by_approvals=Esta pull request aún no tiene suficientes aprobaciones. %d de %d aprobaciones concedidas.
 pulls.blocked_by_rejection=Este pull request tiene cambios solicitados por un revisor oficial.
 pulls.blocked_by_official_review_requests=Esta pull request tiene solicitudes de revisión oficiales.
 pulls.blocked_by_outdated_branch=Esta pull request está bloqueada porque está desactualizada.
@@ -2221,7 +2220,6 @@ settings.protect_status_check_matched=Coincide
 settings.protect_invalid_status_check_pattern=Patrón de verificación de estado no válido: "%s".
 settings.protect_no_valid_status_check_patterns=No hay patrones de verificación de estado.
 settings.protect_required_approvals=Aprobaciones requeridas:
-settings.protect_required_approvals_desc=Permite fusionar sólo los pull request con suficientes comentarios positivos.
 settings.dismiss_stale_approvals=Descartar aprobaciones obsoletas
 settings.dismiss_stale_approvals_desc=Cuando los nuevos commits que cambien el contenido de la pull request sean empujados a la rama, se descartarán las aprobaciones antiguas.
 settings.require_signed_commits=Requiere commits firmados
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index e0585aaa368..b141c7959e4 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -1235,7 +1235,7 @@ issues.dependency.add_error_dep_not_same_repo=هر دو موضوع باید از
 issues.review.self.approval=شما نمی‌توانید تقاضای واکشی خود را تایید کنید.
 issues.review.self.rejection=شما نمی‌توانید تقاضا تغییرات تقاضای واکشی خود را تغییر دهید.
 issues.review.approve=این تغییرات را تایید شدند %s
-issues.review.comment=بازبینی شدند %s
+issues.review.comment=دیدگاه
 issues.review.dismissed=بررسی %s %s را رد شده
 issues.review.dismissed_label=رها شده
 issues.review.left_comment=یک نظر ثبت کرد
@@ -1710,7 +1710,6 @@ settings.protect_enable_push_desc=هرکسی که دسترسی به نوشتن 
 settings.protect_check_status_contexts=فعال کردن حالات بررسی
 settings.protect_check_status_contexts_list=آخرین بررسی حالات این مخزن در هفته گذشته اتفاق افتاده است
 settings.protect_required_approvals=نیازمند تاییدیه:
-settings.protect_required_approvals_desc=فقط مجاز به ادغام تقاضای واکشی با بررسی های مثبت کافی می شوند.
 settings.dismiss_stale_approvals=تاییدیه های قدیمی را رد کنید
 settings.dismiss_stale_approvals_desc=وقتی commit های جدیدی که محتوای درخواست pull را تغییر می‌دهند به شاخه ارسال می‌شوند، تأییدیه‌های قدیمی رد می‌شوند.
 settings.require_signed_commits=نیاز به commit های امضا شده
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 03ed5e739f7..1f8143ad846 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -950,6 +950,7 @@ issues.dependency.remove_info=Poistä tämä riippuvuus
 issues.review.self.approval=Et voi hyväksyä omia vetopyyntöjä.
 issues.review.self.rejection=Et voi pyytää muutoksia omaan vetopyyntöön.
 issues.review.approve=hyväksyi nämä muutokset %s
+issues.review.comment=Kommentoi
 issues.review.left_comment=jätti kommentin
 issues.review.pending=Odottaa
 issues.review.show_resolved=Näytä ratkaisu
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 51057658b09..4866f931bae 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -1705,7 +1705,7 @@ issues.dependency.add_error_dep_not_same_repo=Les deux tickets doivent être dan
 issues.review.self.approval=Vous ne pouvez approuver vos propres demandes d'ajout.
 issues.review.self.rejection=Vous ne pouvez demander de changements sur vos propres demandes de changement.
 issues.review.approve=a approuvé ces modifications %s.
-issues.review.comment=a évalué cette demande d’ajout %s.
+issues.review.comment=Commenter
 issues.review.dismissed=a révoqué l’évaluation de %s %s.
 issues.review.dismissed_label=Révoquée
 issues.review.left_comment=laisser un commentaire
@@ -1803,7 +1803,6 @@ pulls.is_empty=Les changements sur cette branche sont déjà sur la branche cibl
 pulls.required_status_check_failed=Certains contrôles requis n'ont pas réussi.
 pulls.required_status_check_missing=Certains contrôles requis sont manquants.
 pulls.required_status_check_administrator=En tant qu'administrateur, vous pouvez toujours fusionner cette requête de pull.
-pulls.blocked_by_approvals=Cette demande d'ajout n’est pas suffisamment approuvée. %d approbations obtenues sur %d.
 pulls.blocked_by_rejection=Cette demande d’ajout nécessite des corrections sollicitées par un évaluateur officiel.
 pulls.blocked_by_official_review_requests=Cette demande d’ajout a des sollicitations officielles d’évaluation.
 pulls.blocked_by_outdated_branch=Cette demande d’ajout est bloquée car elle est obsolète.
@@ -2378,7 +2377,6 @@ settings.protect_status_check_matched=Correspondant
 settings.protect_invalid_status_check_pattern=Motif de vérification des statuts incorrect : « %s ».
 settings.protect_no_valid_status_check_patterns=Aucun motif de vérification des statuts valide.
 settings.protect_required_approvals=Minimum d'approbations requis :
-settings.protect_required_approvals_desc=Permet de fusionner les demandes d’ajout lorsque suffisamment d’évaluation sont positives.
 settings.protect_approvals_whitelist_enabled=Restreindre les approbations aux utilisateurs ou aux équipes sur liste d’autorisés
 settings.protect_approvals_whitelist_enabled_desc=Seuls les évaluations des utilisateurs ou des équipes suivantes compteront dans les approbations requises. Si laissé vide, les évaluations de toute personne ayant un accès en écriture seront comptabilisées à la place.
 settings.protect_approvals_whitelist_users=Évaluateurs autorisés :
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 939a03ab0b6..6f057dc4c81 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -901,7 +901,7 @@ issues.dependency.add_error_dep_issue_not_exist=Függő hibajegy nem létezik.
 issues.dependency.add_error_dep_not_exist=A függőség nem létezik.
 issues.dependency.add_error_dep_exists=A függőség már létezik.
 issues.dependency.add_error_dep_not_same_repo=Mindkét hibajegynek ugyanabban a tárolóban kell lennie.
-issues.review.comment=Értékelve: %s
+issues.review.comment=Hozzászólás
 issues.review.reject=%s változtatások kérése
 issues.review.pending=Függőben
 issues.review.review=Értékelés
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index 41f8dac3e13..01219b16c4c 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -850,7 +850,7 @@ issues.dependency.remove_header=Fjarlægja Kröfu
 issues.dependency.add_error_dep_not_exist=Krafa er ekki til.
 issues.dependency.add_error_dep_exists=Krafa er nú þegar til.
 issues.review.approve=samþykkti þessar breytingar %s
-issues.review.comment=fór yfir %s
+issues.review.comment=Senda Ummæli
 issues.review.dismissed_label=Hunsað
 issues.review.left_comment=gerði ummæli
 issues.review.pending=Í bið
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 7237b49ae89..1f7fe7939c2 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -1331,7 +1331,7 @@ issues.dependency.add_error_dep_not_same_repo=Entrambi i problemi devono essere
 issues.review.self.approval=Non puoi approvare la tua pull request.
 issues.review.self.rejection=Non puoi richiedere modifiche sulla tua pull request.
 issues.review.approve=hanno approvato queste modifiche %s
-issues.review.comment=revisionato %s
+issues.review.comment=Commentare
 issues.review.dismissed=recensione %s di %s respinta
 issues.review.dismissed_label=Respinta
 issues.review.left_comment=lascia un commento
@@ -1862,7 +1862,6 @@ settings.protect_enable_push_desc=Chiunque con accesso in scrittura sarà autori
 settings.protect_check_status_contexts=Abilita Controllo Stato
 settings.protect_check_status_contexts_list=Controlli di stato trovati nell'ultima settimana per questo repository
 settings.protect_required_approvals=Approvazioni richieste:
-settings.protect_required_approvals_desc=Permetti solo di unire la richiesta pull con abbastanza recensioni positive.
 settings.dismiss_stale_approvals=Ignora impostazione vecchie
 settings.dismiss_stale_approvals_desc=Quando i nuovi commit che cambiano il contenuto della pull request vengono pushati nel branch, le vecchie approvazioni verranno eliminate.
 settings.require_signed_commits=Richiede commit firmati
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 6240f29f3bc..ea5a95c6a11 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -1715,7 +1715,7 @@ issues.dependency.add_error_dep_not_same_repo=両方とも同じリポジトリ
 issues.review.self.approval=自分のプルリクエストを承認することはできません。
 issues.review.self.rejection=自分のプルリクエストに対して修正を要求することはできません。
 issues.review.approve=が変更を承認 %s
-issues.review.comment=がレビュー %s
+issues.review.comment=コメント
 issues.review.dismissed=が %s のレビューを棄却 %s
 issues.review.dismissed_label=棄却
 issues.review.left_comment=がコメント
@@ -1813,7 +1813,6 @@ pulls.is_empty=このブランチの変更は既にターゲットブランチ
 pulls.required_status_check_failed=いくつかの必要なステータスチェックが成功していません。
 pulls.required_status_check_missing=必要なチェックがいくつか抜けています。
 pulls.required_status_check_administrator=管理者であるため、このプルリクエストをマージすることは可能です。
-pulls.blocked_by_approvals=このプルリクエストはまだ承認数が足りません。 %[1]d/%[2]dの承認を得ています。
 pulls.blocked_by_rejection=このプルリクエストは公式レビューアにより変更要請されています。
 pulls.blocked_by_official_review_requests=このプルリクエストには公式レビュー依頼があります。
 pulls.blocked_by_outdated_branch=このプルリクエストは遅れのためブロックされています。
@@ -2396,7 +2395,6 @@ settings.protect_status_check_matched=マッチ
 settings.protect_invalid_status_check_pattern=`不正なステータスチェックパターン: "%s"`
 settings.protect_no_valid_status_check_patterns=有効なステータスチェックパターンがありません。
 settings.protect_required_approvals=必要な承認数:
-settings.protect_required_approvals_desc=肯定的なレビューの数を満たしたプルリクエストしかマージできないようにします。
 settings.protect_approvals_whitelist_enabled=許可リストに登録したユーザーやチームに承認を制限
 settings.protect_approvals_whitelist_enabled_desc=許可リストに登録したユーザーまたはチームによるレビューのみを、必要な承認数にカウントします。 承認の許可リストが無い場合は、書き込み権限を持つ人によるレビューを必要な承認数にカウントします。
 settings.protect_approvals_whitelist_users=許可リストに含めるレビューア:
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index e571f069beb..ef11284b08f 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -818,7 +818,7 @@ issues.dependency.add_error_dep_not_same_repo=두 이슈는 같은 레포지토
 issues.review.self.approval=자신의 풀 리퀘스트를 승인할 수 없습니다.
 issues.review.self.rejection=자신의 풀 리퀘스트에 대한 변경을 요청할 수 없습니다.
 issues.review.approve="이 변경사항을 승인하였습니다. %s"
-issues.review.comment=검토됨 %s
+issues.review.comment=댓글
 issues.review.pending=보류
 issues.review.review=검토
 issues.review.reviewers=리뷰어
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index c1b74f68af1..ee7ab1192c9 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -1609,7 +1609,7 @@ issues.dependency.add_error_dep_not_same_repo=Abām problēmām ir jābūt no vi
 issues.review.self.approval=Nevar apstiprināt savu izmaiņu pieprasījumi.
 issues.review.self.rejection=Nevar pieprasīt izmaiņas savam izmaiņu pieprasījumam.
 issues.review.approve=apstiprināja izmaiņas %s
-issues.review.comment=recenzēja %s
+issues.review.comment=Komentēt
 issues.review.dismissed=atmeta %s recenziju %s
 issues.review.dismissed_label=Atmesta
 issues.review.left_comment=atstāja komentāru
@@ -1703,7 +1703,6 @@ pulls.is_empty=Mērķa atzars jau satur šī atzara izmaiņas. Šī revīzija b
 pulls.required_status_check_failed=Dažas no pārbaudēm nebija veiksmīgas.
 pulls.required_status_check_missing=Trūkst dažu obligāto pārbaužu.
 pulls.required_status_check_administrator=Kā administrators Jūs varat sapludināt šo izmaiņu pieprasījumu.
-pulls.blocked_by_approvals=Šim izmaiņu pieprasījumam vēl nav pietiekami daudz apstiprinājumu. Nodrošināti %d no %d apstiprinājumiem.
 pulls.blocked_by_rejection=Šim izmaiņu pieprasījumam oficiālais recenzents ir pieprasījis labojumus.
 pulls.blocked_by_official_review_requests=Šim izmaiņu pieprasījumam ir oficiāli recenzijas pieprasījumi.
 pulls.blocked_by_outdated_branch=Šis izmaiņu pieprasījums ir bloķēts, jo tas ir novecojis.
@@ -2240,7 +2239,6 @@ settings.protect_status_check_matched=Atbilst
 settings.protect_invalid_status_check_pattern=Kļūdains statusa pārbaudes šablons: "%s".
 settings.protect_no_valid_status_check_patterns=Nav korekta statusa pārbaudes šablona.
 settings.protect_required_approvals=Vajadzīgi apstiprinājumi:
-settings.protect_required_approvals_desc=Atļaut sapludināt izmaiņu pieprasījumu tikai ar pietiekamu skaitu pozitīvu recenziju.
 settings.dismiss_stale_approvals=Pieprasīt apstiprinājumus jaunākajām izmaiņām
 settings.dismiss_stale_approvals_desc=Kad tiek iesūtītas jaunas revīzijas, kas izmaina izmaiņu pieprasījuma saturu, iepriekšējie apstiprinājumi tiks atzīmēti kā novecojuši un būs nepieciešams apstiprināt tos atkāroti.
 settings.require_signed_commits=Pieprasīt parakstītas revīzijas
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index be806147dda..5de274da2bd 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -1328,7 +1328,7 @@ issues.dependency.add_error_dep_not_same_repo=Beide kwesties moeten in dezelfde
 issues.review.self.approval=Je kan je eigen pull-aanvraag niet goedkeuren.
 issues.review.self.rejection=Je kan geen wijzigingen aanvragen op je eigen pull-aanvraag.
 issues.review.approve=heeft deze veranderingen %s goedgekeurd
-issues.review.comment=beoordeeld %s
+issues.review.comment=Opmerking
 issues.review.dismissed=%s's beoordeling afgewezen %s
 issues.review.dismissed_label=Afgewezen
 issues.review.left_comment=heeft een reactie achtergelaten
@@ -1799,7 +1799,6 @@ settings.protect_enable_push_desc=Iedereen met schrijftoegang heeft toegang om t
 settings.protect_check_status_contexts=Status controle inschakelen
 settings.protect_check_status_contexts_list=Status controles gevonden in de afgelopen week voor deze repository
 settings.protect_required_approvals=Vereiste goedkeuringen:
-settings.protect_required_approvals_desc=Sta alleen toe om pull request samen te voegen met voldoende positieve beoordelingen.
 settings.dismiss_stale_approvals=Verouderde goedkeuringen afwijzen
 settings.dismiss_stale_approvals_desc=Wanneer nieuwe commits die de inhoud van het pull-verzoek veranderen, naar de branch worden gepusht, worden oude goedkeuringen verwijderd.
 settings.require_signed_commits=Ondertekende Commits vereisen
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index c272cecb9c9..88e54fc3be0 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -1220,7 +1220,7 @@ issues.dependency.add_error_dep_not_same_repo=Oba zgłoszenia muszą być w tym
 issues.review.self.approval=Nie możesz zatwierdzić swojego własnego Pull Requesta.
 issues.review.self.rejection=Nie możesz zażądać zmian w swoim własnym Pull Requeście.
 issues.review.approve=zatwierdza te zmiany %s
-issues.review.comment=zrecenzowano %s
+issues.review.comment=Skomentuj
 issues.review.dismissed_label=Odrzucony
 issues.review.left_comment=zostawił komentarz
 issues.review.content.empty=Musisz pozostawić komentarz o pożądanej zmianie/zmianach.
@@ -1668,7 +1668,6 @@ settings.protect_enable_push_desc=Każdy użytkownik z uprawnieniem zapisu będz
 settings.protect_check_status_contexts=Włącz kontrolę stanu
 settings.protect_check_status_contexts_list=Kontrole stanów w poprzednim tygodniu dla tego repozytorium
 settings.protect_required_approvals=Wymagane zatwierdzenia:
-settings.protect_required_approvals_desc=Zezwól na scalanie Pull Requestów tylko z wystarczającą ilością pozytywnych recenzji.
 settings.dismiss_stale_approvals=Unieważnij przestarzałe zatwierdzenia
 settings.dismiss_stale_approvals_desc=Kiedy nowe commity zmieniające zawartość Pull Requesta są wypychane do gałęzi, wcześniejsze zatwierdzenia zostaną unieważnione.
 settings.require_signed_commits=Wymagaj podpisanych commitów
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index f37c29844b0..e172aa0a01e 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -1599,7 +1599,7 @@ issues.dependency.add_error_dep_not_same_repo=Ambas as issues devem estar no mes
 issues.review.self.approval=Você não pode aprovar o seu próprio pull request.
 issues.review.self.rejection=Você não pode solicitar alterações em seu próprio pull request.
 issues.review.approve=aprovou estas alterações %s
-issues.review.comment=revisou %s
+issues.review.comment=Comentar
 issues.review.dismissed=rejeitou a revisão de %s %s
 issues.review.dismissed_label=Rejeitada
 issues.review.left_comment=deixou um comentário
@@ -1693,7 +1693,6 @@ pulls.is_empty=As alterações neste branch já estão na branch de destino. Est
 pulls.required_status_check_failed=Algumas verificações necessárias não foram bem sucedidas.
 pulls.required_status_check_missing=Estão faltando algumas verificações necessárias.
 pulls.required_status_check_administrator=Como administrador, você ainda pode aplicar o merge deste pull request.
-pulls.blocked_by_approvals=Este pull request ainda não tem aprovações suficientes. %d de %d aprovações concedidas.
 pulls.blocked_by_rejection=Este pull request tem alterações solicitadas por um revisor oficial.
 pulls.blocked_by_official_review_requests=Este pull request tem solicitações de revisão oficiais.
 pulls.blocked_by_outdated_branch=Este pull request está bloqueado porque está desatualizado.
@@ -2206,7 +2205,6 @@ settings.protect_enable_merge=Permitir merge
 settings.protect_check_status_contexts=Habilitar verificação de status
 settings.protect_check_status_contexts_list=Verificações de status encontradas na última semana para este repositório
 settings.protect_required_approvals=Aprovações necessárias:
-settings.protect_required_approvals_desc=Permite apenas realizar merge do pull request com avaliações positivas suficientes.
 settings.dismiss_stale_approvals=Descartar aprovações obsoletas
 settings.dismiss_stale_approvals_desc=Quando novos commits que mudam o conteúdo do pull request são enviados para o branch, as antigas aprovações serão descartadas.
 settings.require_signed_commits=Exibir commits assinados
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index e6acad2e36f..dd79cb7758e 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1689,7 +1689,7 @@ issues.dependency.add_error_dep_not_same_repo=Ambas as questões têm que estar
 issues.review.self.approval=Não pode aprovar o seu próprio pedido de integração.
 issues.review.self.rejection=Não pode solicitar modificações sobre o seu próprio pedido de integração.
 issues.review.approve=aprovou estas modificações %s
-issues.review.comment=reviu %s
+issues.review.comment=Comentar
 issues.review.dismissed=descartou a revisão de %s %s
 issues.review.dismissed_label=Descartada
 issues.review.left_comment=deixou um comentário
@@ -2360,7 +2360,6 @@ settings.protect_status_check_matched=Correspondido
 settings.protect_invalid_status_check_pattern=Padrão de verificação de estado inválido: "%s".
 settings.protect_no_valid_status_check_patterns=Não existem padrões de verificação de estado válidos.
 settings.protect_required_approvals=Aprovações necessárias:
-settings.protect_required_approvals_desc=Permitir somente a integração constante de pedidos que tenham revisões positivas suficientes.
 settings.protect_approvals_whitelist_enabled=Restringir aprovações a utilizadores ou equipas da lista de permissão
 settings.protect_approvals_whitelist_enabled_desc=Somente as revisões dos utilizadores ou equipas da lista de permissão irão contar para as aprovações necessárias. Se não houver uma lista de permissão de aprovações, revisões de qualquer pessoa com acesso de escrita contam para as aprovações necessárias.
 settings.protect_approvals_whitelist_users=Revisores com permissão:
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index e4363cbc881..20e82273cb5 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -1578,7 +1578,7 @@ issues.dependency.add_error_dep_not_same_repo=Обе задачи должны 
 issues.review.self.approval=Вы не можете одобрить собственный запрос на слияние.
 issues.review.self.rejection=Невозможно запрашивать изменения своего запроса на слияние.
 issues.review.approve=одобрил(а) эти изменения %s
-issues.review.comment=рассмотрел(а) изменения %s
+issues.review.comment=Комментировать
 issues.review.dismissed=отклонен отзыв %s %s
 issues.review.dismissed_label=Отклонено
 issues.review.left_comment=оставил комментарий
@@ -1669,7 +1669,6 @@ pulls.is_empty=Изменения из этой ветки уже есть в ц
 pulls.required_status_check_failed=Некоторые необходимые проверки не были пройдены.
 pulls.required_status_check_missing=Отсутствуют некоторые обязательные проверки.
 pulls.required_status_check_administrator=Как администратор, вы все равно можете принять этот запрос на слияние.
-pulls.blocked_by_approvals=Этот запрос на слияние пока не имеет достаточного количества одобрений. Получено %d из %d одобрений.
 pulls.blocked_by_rejection=Официальный рецензент запросил изменения к этому запросу на слияние.
 pulls.can_auto_merge_desc=Этот запрос на слияние может быть объединён автоматически.
 pulls.cannot_auto_merge_desc=Этот запрос на слияние не может быть объединён автоматически.
@@ -2193,7 +2192,6 @@ settings.protect_status_check_matched=Совпало
 settings.protect_invalid_status_check_pattern=Неверный шаблон проверки состояния: «%s».
 settings.protect_no_valid_status_check_patterns=Нет допустимых шаблонов проверки состояния.
 settings.protect_required_approvals=Необходимые одобрения:
-settings.protect_required_approvals_desc=Разрешить принятие запроса на слияние только с достаточным количеством положительных отзывов.
 settings.dismiss_stale_approvals=Отклонить устаревшие разрешения
 settings.dismiss_stale_approvals_desc=Когда новые коммиты, изменяющие содержимое запроса на слияние, отправляются в ветку, старые разрешения будут отклонены.
 settings.require_signed_commits=Требовать подписанные коммиты
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index 9fe12f8b6a5..077a4014e80 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -1200,7 +1200,7 @@ issues.dependency.add_error_dep_not_same_repo=මෙම ගැටළු දෙ
 issues.review.self.approval=ඔබ ඔබේ ම අදින්න ඉල්ලීම අනුමත කළ නොහැක.
 issues.review.self.rejection=ඔබ ඔබේ ම අදින්න ඉල්ලීම මත වෙනස්කම් ඉල්ලා සිටිය නොහැක.
 issues.review.approve=මෙම වෙනස්කම් අනුමත %s
-issues.review.comment=සමාලෝචනය %s
+issues.review.comment=අදහස
 issues.review.dismissed=%sහි සමාලෝචනය %sප්රතික්ෂේප කරන ලද
 issues.review.dismissed_label=බැහැර
 issues.review.left_comment=අදහසක් හැරගියා
@@ -1674,7 +1674,6 @@ settings.protect_enable_push_desc=ලිවීමේ ප්රවේශය ඇ
 settings.protect_check_status_contexts=තත්වය පරීක්‍ෂාව සබල කරන්න
 settings.protect_check_status_contexts_list=මෙම ගබඩාව සඳහා පසුගිය සතියේ හමු වූ තත්ව පරීක්ෂාවන්
 settings.protect_required_approvals=අවශ්ය අනුමැතිය:
-settings.protect_required_approvals_desc=ප්රමාණවත් ධනාත්මක සමාලෝචන සමඟ අදින්න ඉල්ලීම ඒකාබද්ධ කිරීමට පමණක් ඉඩ දෙන්න.
 settings.dismiss_stale_approvals=ස්ථාවර අනුමැතිය බැහැර
 settings.dismiss_stale_approvals_desc=අදින්න ඉල්ලීමෙහි අන්තර්ගතය වෙනස් කරන නව විවරයන් ශාඛාවට තල්ලු කරන විට, පැරණි අනුමත කිරීම් නිෂ්ප්රභා කරනු ලැබේ.
 settings.require_signed_commits=අත්සන් කළ යුතු
diff --git a/options/locale/locale_sk-SK.ini b/options/locale/locale_sk-SK.ini
index 72613057ff0..d27dfa83bc3 100644
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@@ -1076,7 +1076,6 @@ issues.save=Uložiť
 issues.cancel_tracking=Zahodiť
 issues.add_time_cancel=Zrušiť
 issues.dependency.cancel=Zrušiť
-issues.review.comment=revidoval %s
 issues.review.dismissed=zamietol revíziu od %s %s
 issues.review.wait=bol požiadaný o revidovanie %s
 issues.review.add_review_request=požiadal o revidovanie od %s %s
@@ -1187,7 +1186,6 @@ settings.delete_webhook=Odstrániť webhook
 settings.slack_token=Token
 settings.web_hook_name_gitea=Gitea
 settings.packagist_api_token=API token
-settings.protect_required_approvals_desc=Umožniť merge iba žiadostiam o natiahnutie s dostatočným počtom pozitívnych revízií.
 settings.require_signed_commits=Vyžadovať podpísané commity
 settings.block_rejected_reviews=Zablokovať zlúčenie pri zamietavých revíziách
 settings.block_rejected_reviews_desc=Zlúčenie nebude možné v prípade že oficiálni revidenti požadujú zmeny, aj keď je k dispozícii dostatok schválení.
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index f8112a69cec..34c70ab422a 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -1039,7 +1039,7 @@ issues.dependency.add_error_dep_not_same_repo=Båda ärendena måste vara i samm
 issues.review.self.approval=Du kan inte godkänna din egen pull-begäran.
 issues.review.self.rejection=Du kan inte begära ändringar för din egna pull-förfrågan.
 issues.review.approve=godkände dessa ändringar %s
-issues.review.comment=granskad av %s
+issues.review.comment=Kommentar
 issues.review.left_comment=lämnade en kommentar
 issues.review.content.empty=Du måste skriva en kommentar som anger de önskade ändringarna.
 issues.review.reject=begärda ändringar %s
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index bf7ca860c62..d388e79c27e 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -1704,7 +1704,7 @@ issues.dependency.add_error_dep_not_same_repo=Her iki konu da aynı depoda olmal
 issues.review.self.approval=Kendi değişiklik isteğinizi onaylayamazsınız.
 issues.review.self.rejection=Kendi değişiklik isteğinizde değişiklik isteyemezsiniz.
 issues.review.approve=%s bu değişiklikleri onayladı
-issues.review.comment=%s incelendi
+issues.review.comment=Yorum Yap
 issues.review.dismissed=%s incelemesini %s reddetti
 issues.review.dismissed_label=Reddedildi
 issues.review.left_comment=bir yorum yaptı
@@ -1802,7 +1802,6 @@ pulls.is_empty=Bu daldaki değişiklikler zaten hedef dalda mevcut. Bu boş bir
 pulls.required_status_check_failed=Bazı gerekli denetimler başarılı olmadı.
 pulls.required_status_check_missing=Gerekli bazı kontroller eksik.
 pulls.required_status_check_administrator=Yönetici olarak, bu değişiklik isteğini yine de birleştirebilirsiniz.
-pulls.blocked_by_approvals=Bu değişiklik isteğinin henüz yeterli onayı yok. %d onay var, %d onay gerekiyor.
 pulls.blocked_by_rejection=Bu değişiklik isteğinde resmi bir gözden geçiren tarafından istenen değişiklikler var.
 pulls.blocked_by_official_review_requests=Bu değişiklik isteğinde resmi inceleme istekleri var.
 pulls.blocked_by_outdated_branch=Bu değişiklik isteği eskidiği için engellendi.
@@ -2378,7 +2377,6 @@ settings.protect_status_check_matched=Eşleşen
 settings.protect_invalid_status_check_pattern=Hatalı durum denetleme deseni: "%s".
 settings.protect_no_valid_status_check_patterns=Geçerli durum denetleme deseni yok.
 settings.protect_required_approvals=Gerekli onaylar:
-settings.protect_required_approvals_desc=Değişiklik isteğini yalnızca yeterince olumlu yorumla birleştirmeye izin ver.
 settings.protect_approvals_whitelist_enabled=Onayları izin listesine giren kullanıcılar veya takımlar için kısıtla
 settings.protect_approvals_whitelist_enabled_desc=Yalnızca izin listesindeki kullanıcıların veya takımların gözden geçirmeleri gerekli onaylar için dikkate alınır. Onaylı izin listesi olmadan, yazma erişimi olan herkesin gözden geçirmeleri gerekli onaylar için dikkate alınır.
 settings.protect_approvals_whitelist_users=İzin listesindeki gözden geçirenler:
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index c80a490c7d6..b8b7a290379 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -1245,7 +1245,7 @@ issues.dependency.add_error_dep_not_same_repo=Обидві задачі пови
 issues.review.self.approval=Ви не можете схвалити власний пулл-реквест.
 issues.review.self.rejection=Ви не можете надіслати запит на зміну на власний пулл-реквест.
 issues.review.approve=зміни затверджено %s
-issues.review.comment=рецензовано %s
+issues.review.comment=Коментар
 issues.review.dismissed=відхилено відгук %s %s
 issues.review.dismissed_label=Відхилено
 issues.review.left_comment=додав коментар
@@ -1720,7 +1720,6 @@ settings.protect_enable_push_desc=Будь-хто із правом запису
 settings.protect_check_status_contexts=Увімкнути перевірку стану
 settings.protect_check_status_contexts_list=Перевірки статусу знайдено для репозитарію за минулий тиждень
 settings.protect_required_approvals=Необхідно схвалення:
-settings.protect_required_approvals_desc=Дозволити об'єднання запитів на злиття лише із достатньою кількістю позитивних рецензій.
 settings.dismiss_stale_approvals=Відхилити застарілі погодження
 settings.dismiss_stale_approvals_desc=Коли нові коміти що змінюють вміст пулл-запиту відправляються в гілку, старі погодження будуть відхилені.
 settings.require_signed_commits=Потрібно підписані коміти
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 90557d7f657..223277b540f 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -1692,7 +1692,7 @@ issues.dependency.add_error_dep_not_same_repo=这两个工单必须在同一仓
 issues.review.self.approval=您不能批准您自己的合并请求。
 issues.review.self.rejection=您不能请求对您自己的合并请求进行更改。
 issues.review.approve=于 %s 批准此合并请求
-issues.review.comment=评审于 %s
+issues.review.comment=评论
 issues.review.dismissed=于 %[2]s 取消了 %[1]s 的评审
 issues.review.dismissed_label=已取消
 issues.review.left_comment=留下了一条评论
@@ -1790,7 +1790,6 @@ pulls.is_empty=此分支上的更改已经在目标分支上。这将是一个
 pulls.required_status_check_failed=一些必要的检查没有成功
 pulls.required_status_check_missing=缺少一些必要的检查。
 pulls.required_status_check_administrator=作为管理员，您仍可合并此合并请求
-pulls.blocked_by_approvals=此合并请求还没有足够的批准。已获批准数 %d 个，需获批准数 %d 个。
 pulls.blocked_by_rejection=此合并请求有官方审核员请求的更改。
 pulls.blocked_by_official_review_requests=此合并请求需要官方评审。
 pulls.blocked_by_outdated_branch=此合并请求因过期而被阻止。
@@ -2347,7 +2346,6 @@ settings.protect_status_check_matched=匹配
 settings.protect_invalid_status_check_pattern=无效的状态检查规则：“%s”。
 settings.protect_no_valid_status_check_patterns=没有有效的状态检查规则。
 settings.protect_required_approvals=所需的批准：
-settings.protect_required_approvals_desc=只允许合并有足够审核人数的合并请求。
 settings.dismiss_stale_approvals=取消过时的批准
 settings.dismiss_stale_approvals_desc=当新的提交更改合并请求内容被推送到分支时，旧的批准将被撤销。
 settings.ignore_stale_approvals=忽略过期批准
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index b855ef7df6c..2eb03fa84c7 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -1467,7 +1467,7 @@ issues.dependency.add_error_dep_not_same_repo=這兩個問題必須在同一個
 issues.review.self.approval=您不能核可自己的合併請求。
 issues.review.self.rejection=您不能對自己的合併請求提出請求變更。
 issues.review.approve=核可了這些變更 %s
-issues.review.comment=已審核 %s
+issues.review.comment=留言
 issues.review.dismissed=取消 %s 的審核 %s
 issues.review.dismissed_label=已取消
 issues.review.left_comment=留下了回應
@@ -2022,7 +2022,6 @@ settings.protect_enable_merge_desc=任何有寫入權限的人都可將合併請
 settings.protect_check_status_contexts=啟用狀態檢查
 settings.protect_check_status_contexts_list=此儲存庫一週內曾進行過狀態檢查
 settings.protect_required_approvals=需要的核可數量：
-settings.protect_required_approvals_desc=只有在獲得足夠數量的核可後才能進行合併。
 settings.dismiss_stale_approvals=捨棄過時的核可
 settings.dismiss_stale_approvals_desc=當新的提交有修改到合併請求的內容，並被推送到此分支時，將捨棄舊的核可。
 settings.require_signed_commits=僅接受經簽署的提交

From f3090977c64192c23cdee192124fcaf5565a4630 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luca=20S=C3=B6the?= <luca.soethe@rwth-aachen.de>
Date: Sat, 7 Sep 2024 05:09:40 +0200
Subject: [PATCH 060/129] Add automatic light/dark option for the colorblind
 theme (#31997)

The normal themes already have a variant which automatically chooses
light/dark mode based on the browser.
This PR adds the same variant, but for the colorblind themes.
---
 web_src/css/themes/theme-gitea-auto-protanopia-deuteranopia.css | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 web_src/css/themes/theme-gitea-auto-protanopia-deuteranopia.css

diff --git a/web_src/css/themes/theme-gitea-auto-protanopia-deuteranopia.css b/web_src/css/themes/theme-gitea-auto-protanopia-deuteranopia.css
new file mode 100644
index 00000000000..bcbf67d13dc
--- /dev/null
+++ b/web_src/css/themes/theme-gitea-auto-protanopia-deuteranopia.css
@@ -0,0 +1,2 @@
+@import "./theme-gitea-light-protanopia-deuteranopia.css" (prefers-color-scheme: light);
+@import "./theme-gitea-dark-protanopia-deuteranopia.css" (prefers-color-scheme: dark);

From d8f34988759c8c2e11dcb6452ad29f84e79bb2e1 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Sun, 8 Sep 2024 01:12:37 +0800
Subject: [PATCH 061/129] Upgrade cache to v0.2.1 (#32003)

Fix #31757
---
 go.mod |  2 +-
 go.sum | 35 ++---------------------------------
 2 files changed, 3 insertions(+), 34 deletions(-)

diff --git a/go.mod b/go.mod
index 69695fa1787..71ba0ab10b9 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
 	connectrpc.com/connect v1.15.0
 	gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed
-	gitea.com/go-chi/cache v0.2.0
+	gitea.com/go-chi/cache v0.2.1
 	gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098
 	gitea.com/go-chi/session v0.0.0-20240316035857-16768d98ec96
 	gitea.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
diff --git a/go.sum b/go.sum
index 510ef8479de..df67b4f3727 100644
--- a/go.sum
+++ b/go.sum
@@ -20,8 +20,8 @@ gitea.com/gitea/act v0.259.1 h1:8GG1o/xtUHl3qjn5f0h/2FXrT5ubBn05TJOM5ry+FBw=
 gitea.com/gitea/act v0.259.1/go.mod h1:UxZWRYqQG2Yj4+4OqfGWW5a3HELwejyWFQyU7F1jUD8=
 gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed h1:EZZBtilMLSZNWtHHcgq2mt6NSGhJSZBuduAlinMEmso=
 gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed/go.mod h1:E3i3cgB04dDx0v3CytCgRTTn9Z/9x891aet3r456RVw=
-gitea.com/go-chi/cache v0.2.0 h1:E0npuTfDW6CT1yD8NMDVc1SK6IeRjfmRL2zlEsCEd7w=
-gitea.com/go-chi/cache v0.2.0/go.mod h1:iQlVK2aKTZ/rE9UcHyz9pQWGvdP9i1eI2spOpzgCrtE=
+gitea.com/go-chi/cache v0.2.1 h1:bfAPkvXlbcZxPCpcmDVCWoHgiBSBmZN/QosnZvEC0+g=
+gitea.com/go-chi/cache v0.2.1/go.mod h1:Qic0HZ8hOHW62ETGbonpwz8WYypj9NieU9659wFUJ8Q=
 gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098 h1:p2ki+WK0cIeNQuqjR98IP2KZQKRzJJiV7aTeMAFwaWo=
 gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098/go.mod h1:LjzIOHlRemuUyO7WR12fmm18VZIlCAaOt9L3yKw40pk=
 gitea.com/go-chi/session v0.0.0-20240316035857-16768d98ec96 h1:IFDiMBObsP6CZIRaDLd54SR6zPYAffPXiXck5Xslu0Q=
@@ -170,7 +170,6 @@ github.com/blevesearch/zapx/v16 v16.1.5/go.mod h1:J4mSF39w1QELc11EWRSBFkPeZuO7r/
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
 github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 h1:N7oVaKyGp8bttX0bfZGmcGkjz7DLQXhAn3DNd3T0ous=
 github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
 github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
@@ -214,7 +213,6 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cupcake/rdb v0.0.0-20161107195141-43ba34106c76/go.mod h1:vYwsqCOLxGiisLwp9rITslkFNpZD5rz43tf41QFkTWY=
 github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
 github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -247,7 +245,6 @@ github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+m
 github.com/dvyukov/go-fuzz v0.0.0-20210429054444-fca39067bc72/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.2 h1:dKG8sc7n321deIVRcQtwlMNoBEra7j0qQ8RwxO8RN0w=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.2/go.mod h1:7dvD3GCm7eBw53xZ/lsiq72LqobdMg3ITbMBxnmJmqY=
-github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/elazarl/go-bindata-assetfs v1.0.1/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
@@ -341,7 +338,6 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
 github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
-github.com/go-redis/redis v6.15.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg=
 github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis/v7 v7.4.1 h1:PASvf36gyUpr2zdOUS/9Zqc80GbM+9BDyiJSJDDOrTI=
@@ -350,7 +346,6 @@ github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC
 github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
 github.com/go-redsync/redsync/v4 v4.13.0 h1:49X6GJfnbLGaIpBBREM/zA4uIMDXKAh1NDkvQ1EkZKA=
 github.com/go-redsync/redsync/v4 v4.13.0/go.mod h1:HMW4Q224GZQz6x1Xc7040Yfgacukdzu7ifTDAKiyErQ=
-github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/go-swagger/go-swagger v0.31.0 h1:H8eOYQnY2u7vNKWDNykv2xJP3pBhRG/R+SOCAmKrLlc=
@@ -389,7 +384,6 @@ github.com/golang/geo v0.0.0-20230421003525-6adc56603217/go.mod h1:8wI0hitZ3a1Ix
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
@@ -433,7 +427,6 @@ github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 h1:twflg0XRTjwKpxb/jFExr4HGq6on2dEOmnL6FV+fgPw=
 github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -554,13 +547,10 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
-github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/libdns/libdns v0.2.2 h1:O6ws7bAfRPaBsgAYt8MDe2HcNBGC29hkZ9MX2eUSX3s=
 github.com/libdns/libdns v0.2.2/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
-github.com/lunny/log v0.0.0-20160921050905-7887c61bf0de/go.mod h1:3q8WtuPQsoRbatJuy3nvq/hRSvuBJrHHr+ybPPiNvHQ=
-github.com/lunny/nodb v0.0.0-20160621015157-fc1ef06ad4af/go.mod h1:Cqz6pqow14VObJ7peltM+2n3PWOz7yTrfUuGbVFkzN0=
 github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0 h1:F/3FfGmKdiKFa8kL3YrpZ7pe9H4l4AzA1pbaOUnRvPI=
 github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0/go.mod h1:JEfTc3+2DF9Z4PXhLLvXL42zexJyh8rIq3OzUj/0rAk=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@@ -580,7 +570,6 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/meilisearch/meilisearch-go v0.26.3 h1:EYt+C1n7IvjKzgXM3xqce5iJzNBq33F7ayZOKx96TKY=
@@ -638,12 +627,10 @@ github.com/olivere/elastic/v7 v7.0.32 h1:R7CXvbu8Eq+WlsLgxmKVKPox0oOwAE/2T9Si5Bn
 github.com/olivere/elastic/v7 v7.0.32/go.mod h1:c7PVmLe3Fxq77PIfY/bZmxY/TAamBhCzZ8xDOE09a9k=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
@@ -657,7 +644,6 @@ github.com/paulmach/orb v0.11.1 h1:3koVegMC4X/WeiXYz9iswopaTwMem53NzTJuTF20JzU=
 github.com/paulmach/orb v0.11.1/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
 github.com/paulmach/protoscan v0.2.1/go.mod h1:SpcSwydNLrxUGSDvXvO0P7g7AuhJ7lcKfDlhJCDw2gY=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
 github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
@@ -729,16 +715,11 @@ github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c h1:aqg5Vm5dwtvL+YgDpBcK1ITf3o96N/K7/wsRXQnUTEs=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c/go.mod h1:owqhoLW1qZoYLZzLnBw+QkPP9WZnjlSWihhxAJC1+/M=
-github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726/go.mod h1:3yhqj7WBBfRhbBlzyOC3gUxftwsU0u8gqevxwIHQpMw=
-github.com/siddontang/go-snappy v0.0.0-20140704025258-d8f7bb82a96d/go.mod h1:vq0tzqLRu6TS7Id0wMo2N5QzJoKedVeovOpHjnykSzY=
-github.com/siddontang/ledisdb v0.0.0-20190202134119-8ceb77e66a92/go.mod h1:mF1DpOSOUiJRMR+FDqaqu3EBqrybQtrDDszLUZ6oxPg=
-github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
 github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.1.1 h1:T/YLemO5Yp7KPzS+lVtu+WsHn8yoSwTfItdAd1r3cck=
 github.com/smartystreets/assertions v1.1.1/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
@@ -799,7 +780,6 @@ github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oW
 github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
 github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/unknwon/com v0.0.0-20190804042917-757f69c95f3e/go.mod h1:tOOxU81rwgoCLoOVVPHb6T/wt8HZygqH5id+GNnlCXM=
 github.com/unknwon/com v1.0.1 h1:3d1LTxD+Lnf3soQiD4Cp/0BRB+Rsa/+RTvz8GMMzIXs=
 github.com/unknwon/com v1.0.1/go.mod h1:tOOxU81rwgoCLoOVVPHb6T/wt8HZygqH5id+GNnlCXM=
 github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
@@ -875,7 +855,6 @@ go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
@@ -902,11 +881,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
 golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -940,8 +916,6 @@ golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190730183949-1393eb018365/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -986,7 +960,6 @@ golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
 golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
@@ -1001,8 +974,6 @@ golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
@@ -1018,7 +989,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c h1:lfpJ/2rWPa/kJgxyyXM8PrNnfCzcmxJ265mADgwmvLI=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
@@ -1044,7 +1014,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
-gopkg.in/ini.v1 v1.44.2/go.mod h1:M3Cogqpuv0QCi3ExAY5V4uOt4qb/R3xZubo9m8lK5wg=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=

From 01dec7577a051d9bb30e91f6cf6653dc51a37d06 Mon Sep 17 00:00:00 2001
From: Wim <wim@42.be>
Date: Sun, 8 Sep 2024 00:05:18 +0200
Subject: [PATCH 062/129] Remove SHA1 for support for ssh rsa signing (#31857)

https://github.com/go-fed/httpsig seems to be unmaintained.

Switch to github.com/42wim/httpsig which has removed deprecated crypto
and default sha256 signing for ssh rsa.

No impact for those that use ed25519 ssh certificates.

This is a breaking change for:
- gitea.com/gitea/tea (go-sdk) - I'll be sending a PR there too
- activitypub using deprecated crypto (is this actually used?)
---
 assets/go-licenses.json                    | 13 +++++++++----
 go.mod                                     | 11 ++++++-----
 go.sum                                     | 22 ++++++++++++----------
 modules/activitypub/client.go              |  2 +-
 modules/setting/federation.go              |  2 +-
 routers/api/v1/activitypub/reqsignature.go |  2 +-
 services/auth/httpsign.go                  |  4 ++--
 tests/integration/api_httpsig_test.go      |  2 +-
 8 files changed, 33 insertions(+), 25 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index ccce3e33142..cebbe468d2b 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -74,6 +74,11 @@
     "path": "gitea.com/lunny/levelqueue/LICENSE",
     "licenseText": "Copyright (c) 2019 Lunny Xiao\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n"
   },
+  {
+    "name": "github.com/42wim/httpsig",
+    "path": "github.com/42wim/httpsig/LICENSE",
+    "licenseText": "BSD 3-Clause License\n\nCopyright (c) 2018, go-fed\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n* Redistributions of source code must retain the above copyright notice, this\n  list of conditions and the following disclaimer.\n\n* Redistributions in binary form must reproduce the above copyright notice,\n  this list of conditions and the following disclaimer in the documentation\n  and/or other materials provided with the distribution.\n\n* Neither the name of the copyright holder nor the names of its\n  contributors may be used to endorse or promote products derived from\n  this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+  },
   {
     "name": "github.com/42wim/sshsig",
     "path": "github.com/42wim/sshsig/LICENSE",
@@ -1127,7 +1132,7 @@
   {
     "name": "golang.org/x/crypto",
     "path": "golang.org/x/crypto/LICENSE",
-    "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+    "licenseText": "Copyright 2009 The Go Authors.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google LLC nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
     "name": "golang.org/x/image",
@@ -1152,17 +1157,17 @@
   {
     "name": "golang.org/x/sync",
     "path": "golang.org/x/sync/LICENSE",
-    "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+    "licenseText": "Copyright 2009 The Go Authors.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google LLC nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
     "name": "golang.org/x/sys",
     "path": "golang.org/x/sys/LICENSE",
-    "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+    "licenseText": "Copyright 2009 The Go Authors.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google LLC nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
     "name": "golang.org/x/text",
     "path": "golang.org/x/text/LICENSE",
-    "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+    "licenseText": "Copyright 2009 The Go Authors.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google LLC nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
     "name": "golang.org/x/time/rate",
diff --git a/go.mod b/go.mod
index 71ba0ab10b9..29126a70bc4 100644
--- a/go.mod
+++ b/go.mod
@@ -14,6 +14,7 @@ require (
 	gitea.com/go-chi/session v0.0.0-20240316035857-16768d98ec96
 	gitea.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
 	gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
+	github.com/42wim/httpsig v1.2.2
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2
@@ -45,7 +46,6 @@ require (
 	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.8.8
-	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
 	github.com/go-git/go-billy/v5 v5.5.0
 	github.com/go-git/go-git/v5 v5.12.0
 	github.com/go-ldap/ldap/v3 v3.4.6
@@ -110,12 +110,12 @@ require (
 	github.com/yuin/goldmark v1.7.2
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	github.com/yuin/goldmark-meta v1.1.0
-	golang.org/x/crypto v0.24.0
+	golang.org/x/crypto v0.26.0
 	golang.org/x/image v0.18.0
 	golang.org/x/net v0.26.0
 	golang.org/x/oauth2 v0.21.0
-	golang.org/x/sys v0.21.0
-	golang.org/x/text v0.16.0
+	golang.org/x/sys v0.23.0
+	golang.org/x/text v0.17.0
 	golang.org/x/tools v0.22.0
 	google.golang.org/grpc v1.62.1
 	google.golang.org/protobuf v1.34.2
@@ -190,6 +190,7 @@ require (
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
 	github.com/go-faster/city v1.0.1 // indirect
 	github.com/go-faster/errors v0.7.1 // indirect
+	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
 	github.com/go-openapi/errors v0.22.0 // indirect
@@ -300,7 +301,7 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f // indirect
 	golang.org/x/mod v0.18.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
diff --git a/go.sum b/go.sum
index df67b4f3727..db99b632fca 100644
--- a/go.sum
+++ b/go.sum
@@ -32,6 +32,8 @@ gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4 h1:IFT+hup2xejHq
 gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU=
+github.com/42wim/httpsig v1.2.2 h1:ofAYoHUNs/MJOLqQ8hIxeyz2QxOz8qdSVvp3PX/oPgA=
+github.com/42wim/httpsig v1.2.2/go.mod h1:P/UYo7ytNBFwc+dg35IubuAUIs8zj5zzFIgUCEl55WY=
 github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121 h1:r3qt8PCHnfjOv9PN3H+XXKmDA1dfFMIN1AislhlA/ps=
 github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121/go.mod h1:Ock8XgA7pvULhIaHGAk/cDnRfNrF9Jey81nPcc403iU=
 github.com/6543/go-version v1.3.1 h1:HvOp+Telns7HWJ2Xo/05YXQSB2bE0WmVgbHqwMPZT4U=
@@ -866,8 +868,8 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f h1:3CW0unweImhOzd5FmYuRsD4Y4oQFKZIjAnKbjV4WIrw=
 golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
 golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ=
@@ -909,8 +911,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -946,8 +948,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
+golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@@ -957,8 +959,8 @@ golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
-golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
+golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -969,8 +971,8 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/modules/activitypub/client.go b/modules/activitypub/client.go
index 66b977c01fb..a9941f9b759 100644
--- a/modules/activitypub/client.go
+++ b/modules/activitypub/client.go
@@ -18,7 +18,7 @@ import (
 	"code.gitea.io/gitea/modules/proxy"
 	"code.gitea.io/gitea/modules/setting"
 
-	"github.com/go-fed/httpsig"
+	"github.com/42wim/httpsig"
 )
 
 const (
diff --git a/modules/setting/federation.go b/modules/setting/federation.go
index 2bea900633f..62aeaa01b49 100644
--- a/modules/setting/federation.go
+++ b/modules/setting/federation.go
@@ -6,7 +6,7 @@ package setting
 import (
 	"code.gitea.io/gitea/modules/log"
 
-	"github.com/go-fed/httpsig"
+	"github.com/42wim/httpsig"
 )
 
 // Federation settings
diff --git a/routers/api/v1/activitypub/reqsignature.go b/routers/api/v1/activitypub/reqsignature.go
index 59ebc74b89e..853c3c0b590 100644
--- a/routers/api/v1/activitypub/reqsignature.go
+++ b/routers/api/v1/activitypub/reqsignature.go
@@ -17,8 +17,8 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	gitea_context "code.gitea.io/gitea/services/context"
 
+	"github.com/42wim/httpsig"
 	ap "github.com/go-ap/activitypub"
-	"github.com/go-fed/httpsig"
 )
 
 func getPublicKeyFromResponse(b []byte, keyID *url.URL) (p crypto.PublicKey, err error) {
diff --git a/services/auth/httpsign.go b/services/auth/httpsign.go
index b604349f80d..83a36bef238 100644
--- a/services/auth/httpsign.go
+++ b/services/auth/httpsign.go
@@ -17,7 +17,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 
-	"github.com/go-fed/httpsig"
+	"github.com/42wim/httpsig"
 	"golang.org/x/crypto/ssh"
 )
 
@@ -205,7 +205,7 @@ func doVerify(verifier httpsig.Verifier, sshPublicKeys []ssh.PublicKey) error {
 		case strings.HasPrefix(publicKey.Type(), "ssh-ed25519"):
 			algos = []httpsig.Algorithm{httpsig.ED25519}
 		case strings.HasPrefix(publicKey.Type(), "ssh-rsa"):
-			algos = []httpsig.Algorithm{httpsig.RSA_SHA1, httpsig.RSA_SHA256, httpsig.RSA_SHA512}
+			algos = []httpsig.Algorithm{httpsig.RSA_SHA256, httpsig.RSA_SHA512}
 		}
 		for _, algo := range algos {
 			if err := verifier.Verify(cryptoPubkey, algo); err == nil {
diff --git a/tests/integration/api_httpsig_test.go b/tests/integration/api_httpsig_test.go
index 30aed3cacce..cca477f5e13 100644
--- a/tests/integration/api_httpsig_test.go
+++ b/tests/integration/api_httpsig_test.go
@@ -15,7 +15,7 @@ import (
 	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/tests"
 
-	"github.com/go-fed/httpsig"
+	"github.com/42wim/httpsig"
 	"golang.org/x/crypto/ssh"
 )
 

From df96088bc4209c1c589849a9791269c0c8228ce4 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Sun, 8 Sep 2024 00:32:28 +0000
Subject: [PATCH 063/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_pt-PT.ini | 92 +++++++++++++++++++++++++++++++++
 options/locale/locale_zh-CN.ini |  2 +
 2 files changed, 94 insertions(+)

diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index dd79cb7758e..fffc54559b4 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -218,6 +218,7 @@ string.desc=Z - A
 
 [error]
 occurred=Ocorreu um erro
+report_message=Se acredita tratar-se de um erro do Gitea, procure questões relacionadas no <a href="%s">GitHub</a> ou abra uma nova questão, se necessário.
 missing_csrf=Pedido inválido: não há código CSRF
 invalid_csrf=Pedido inválido: código CSRF inválido
 not_found=Não foi possível encontrar o destino.
@@ -226,10 +227,13 @@ network_error=Erro de rede
 [startpage]
 app_desc=Um serviço Git auto-hospedado e fácil de usar
 install=Fácil de instalar
+install_desc=Corra, simplesmente, <a target="_blank" rel="noopener noreferrer" href="%[1]s">o ficheiro binário executável</a> para a sua plataforma, despache-o com o <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>, ou obtenha-o sob a forma de <a target="_blank" rel="noopener noreferrer" href="%[3]s">pacote</a>.
 platform=Multiplataforma
+platform_desc=Gitea corre em qualquer plataforma onde possa compilar em linguagem <a target="_blank" rel="noopener noreferrer" href="%s">Go</a>: Windows, macOS, Linux, ARM, etc. Escolha a sua preferida!
 lightweight=Leve
 lightweight_desc=Gitea requer poucos recursos e pode correr num simples Raspberry Pi. Economize a energia da sua máquina!
 license=Código aberto
+license_desc=Vá buscar <a target="_blank" rel="noopener noreferrer" href="%[1]s">%[2]s</a>! Junte-se a nós dando a <a target="_blank" rel="noopener noreferrer" href="%[3]s">sua contribuição</a> para tornar este programa ainda melhor. Não se acanhe e contribua!
 
 [install]
 install=Instalação
@@ -402,6 +406,7 @@ reset_password_mail_sent_prompt=Foi enviado um email de confirmação para <b>%s
 active_your_account=Ponha a sua conta em funcionamento
 account_activated=A conta foi posta em funcionamento
 prohibit_login=Início de sessão proibido
+prohibit_login_desc=A sua conta está proibida de iniciar sessão. Contacte o administrador.
 resent_limit_prompt=Já fez um pedido recentemente para enviar um email para pôr a conta em funcionamento. Espere 3 minutos e tente novamente.
 has_unconfirmed_mail=Olá %s, tem um endereço de email não confirmado (<b>%s</b>). Se não recebeu um email de confirmação ou precisa de o voltar a enviar, clique no botão abaixo.
 change_unconfirmed_mail_address=Se o seu endereço de email estiver errado, pode mudá-lo aqui e enviar um novo email de confirmação.
@@ -413,6 +418,7 @@ invalid_code=O seu código de confirmação é inválido ou expirou.
 invalid_code_forgot_password=O seu código de confirmação é inválido ou já expirou. Clique <a href="%s">aqui</a> para iniciar uma nova sessão.
 invalid_password=A sua senha não corresponde à senha que foi usada para criar a conta.
 reset_password_helper=Recuperar conta
+reset_password_wrong_user=Tem conta iniciada como %s, mas a ligação de recuperação de conta é para %s
 password_too_short=O tamanho da senha não pode ser inferior a %d caracteres.
 non_local_account=Os utilizadores não-locais não podem alterar a sua senha através da interface web do Gitea.
 verify=Validar
@@ -448,7 +454,9 @@ authorize_application_created_by=Esta aplicação foi criada por %s.
 authorize_application_description=Se conceder acesso, a aplicação terá privilégios para alterar toda a informação da conta, incluindo repositórios e organizações privados.
 authorize_title=Autorizar o acesso de "%s" à sua conta?
 authorization_failed=A autorização falhou
+authorization_failed_desc=A autorização falhou porque encontrámos um pedido inválido. Entre em contacto com o responsável pela aplicação que tentou autorizar.
 sspi_auth_failed=Falhou a autenticação SSPI
+password_pwned=A senha que escolheu está numa <a target="_blank" rel="noopener noreferrer" href="%s">lista de senhas roubadas</a> anteriormente expostas em fugas de dados públicas. Tente novamente com uma senha diferente e considere também mudar esta senha nos outros sítios.
 password_pwned_err=Não foi possível completar o pedido ao HaveIBeenPwned
 last_admin=Não pode remover o último administrador. Tem que existir pelo menos um administrador.
 signin_passkey=Iniciar sessão com uma passkey
@@ -466,6 +474,7 @@ activate_account.text_1=Olá <b>%[1]s</b>, obrigado por se registar em %[2]s!
 activate_account.text_2=Clique, por favor, na ligação seguinte para activar a sua conta dentro de <b>%s</b>:
 
 activate_email=Valide o seu endereço de email
+activate_email.title=%s, por favor valide o seu endereço de email
 activate_email.text=Por favor clique na seguinte ligação para validar o seu endereço de email dentro de <b>%s</b>:
 
 register_notify=Bem-vindo(a) a %s
@@ -685,9 +694,11 @@ applications=Aplicações
 orgs=Gerir organizações
 repos=Repositórios
 delete=Eliminar a conta
+twofa=Autenticação em dois passos (TOTP)
 account_link=Contas vinculadas
 organization=Organizações
 uid=UID
+webauthn=Autenticação em dois passos (Chaves de Segurança)
 
 public_profile=Perfil público
 biography_placeholder=Conte-nos um pouco sobre si! (Pode usar Markdown)
@@ -705,6 +716,7 @@ update_language_success=O idioma foi modificado.
 update_profile_success=O seu perfil foi modificado.
 change_username=O seu nome de utilizador foi modificado.
 change_username_prompt=Note: Mudar o seu nome de utilizador também muda o URL da sua conta.
+change_username_redirect_prompt=O antigo nome de utilizador, enquanto ninguém o reivindicar, irá reencaminhar para o novo.
 continue=Continuar
 cancel=Cancelar
 language=Idioma
@@ -784,6 +796,7 @@ add_email_success=O novo endereço de email foi adicionado.
 email_preference_set_success=As preferências relativas ao email foram definidas com sucesso.
 add_openid_success=O novo endereço OpenID foi adicionado.
 keep_email_private=Ocultar endereço de email
+keep_email_private_popup=Isto irá ocultar o seu endereço de email no seu perfil, assim como quando fizer um pedido de integração ou editar um ficheiro usando a interface web. Cometimentos enviados não serão modificados. Utilize %s nos cometimentos para os associar à sua conta.
 openid_desc=O OpenID permite delegar a autenticação num fornecedor externo.
 
 manage_ssh_keys=Gerir chaves SSH
@@ -898,6 +911,8 @@ remove_oauth2_application_desc=Remover uma aplicação OAuth2 irá revogar o ace
 remove_oauth2_application_success=A aplicação foi eliminada.
 create_oauth2_application=Criar uma nova aplicação OAuth2
 create_oauth2_application_button=Criar aplicação
+create_oauth2_application_success=Criou com sucesso uma nova aplicação OAuth2.
+update_oauth2_application_success=Modificou com sucesso a aplicação OAuth2.
 oauth2_application_name=Nome da aplicação
 oauth2_confidential_client=Cliente confidencial. Escolha esta opção para aplicações que mantêm o segredo confidencial, tais como aplicações web. Não escolha esta opção para aplicações nativas, incluindo aplicações para computador e aplicações móveis.
 oauth2_skip_secondary_authorization=Saltar a autorização para clientes públicos depois de lhes ceder acesso uma vez. <strong>Pode representar um risco de segurança.</strong>
@@ -910,6 +925,8 @@ oauth2_regenerate_secret_hint=Perdeu o seu segredo?
 oauth2_client_secret_hint=O segredo não voltará a ser mostrado depois de sair ou refrescar esta página. Certifique-se de que o guardou.
 oauth2_application_edit=Editar
 oauth2_application_create_description=As aplicações OAuth2 dão à sua aplicação de terceiros acesso a contas de utilizador nesta instância.
+oauth2_application_remove_description=A remoção de uma aplicação OAuth2 impedi-la-á de aceder a contas de utilizador autorizadas nesta instância. Quer continuar?
+oauth2_application_locked=O Gitea pré-regista algumas aplicações OAuth2 no arranque, se forem habilitadas na configuração. Para evitar comportamentos inesperados, estas não podem ser editadas nem removidas. Consulte a documentação sobre o OAuth2 para obter mais informações.
 
 authorized_oauth2_applications=Aplicações OAuth2 autorizadas
 authorized_oauth2_applications_description=Concedeu acesso à sua conta pessoal do Gitea a estas aplicações de terceiros. Por favor, revogue o acesso às aplicações que já não precisa.
@@ -918,20 +935,26 @@ revoke_oauth2_grant=Revogar acesso
 revoke_oauth2_grant_description=Revogar o acesso desta aplicação de terceiros impedi-la-á de aceder aos seus dados. Tem a certeza?
 revoke_oauth2_grant_success=Acesso revogado com sucesso.
 
+twofa_desc=Para proteger a sua conta contra o roubo de senhas, pode usar um telemóvel ou outro dispositivo para recerber um código de utilização única baseado no tempo ("TOTP").
 twofa_recovery_tip=Se perder o seu dispositivo, poderá usar uma chave de recuperação de utilização única para voltar a ter acesso à sua conta.
 twofa_is_enrolled=A autenticação em dois passos <strong>está neste momento habilitada</strong> na sua conta.
 twofa_not_enrolled=A autenticação em dois passos não está neste momento habilitada na sua conta.
 twofa_disable=Desabilitar autenticação em dois passos
+twofa_scratch_token_regenerate=Voltar a gerar o código de recuperação de utilização única
+twofa_scratch_token_regenerated=O seu código de recuperação de utilização única agora é %s. Guarde-o num lugar seguro, uma vez que nunca mais vai ser mostrado.
 twofa_enroll=Habilitar autenticação em dois passos
 twofa_disable_note=Pode desabilitar a autenticação em dois passos, se for necessário.
 twofa_disable_desc=Desabilitar a autenticação em dois passos tornará a sua conta menos segura. Quer continuar?
+regenerate_scratch_token_desc=Se perdeu o seu código de recuperação ou já o usou para iniciar uma sessão, pode restaurá-lo aqui.
 twofa_disabled=A autenticação em dois passos foi desabilitada.
 scan_this_image=Digitalize esta imagem com a sua aplicação de autenticação:
 or_enter_secret=Ou insira o segredo: %s
 then_enter_passcode=E insira o código apresentado na aplicação:
 passcode_invalid=O código está errado. Tente de novo.
+twofa_enrolled=A sua conta foi registada com sucesso. Guarde o seu código de recuperação de utilização única (%s) num lugar seguro, uma vez que não vai ser mostrado novamente.
 twofa_failed_get_secret=Falhou a obtenção do segredo.
 
+webauthn_desc=Chaves de segurança são dispositivos de hardware contendo chaves criptográficas. Podem ser usadas para autenticação em dois passos. As chaves de segurança têm de suportar o standard <a rel="noreferrer" target="_blank" href="%s">Autenticador WebAuthn</a>.
 webauthn_register_key=Adicionar chave de segurança
 webauthn_nickname=Apelido
 webauthn_delete_key=Remover chave de segurança
@@ -969,10 +992,12 @@ visibility=Visibilidade do utilizador
 visibility.public=Pública
 visibility.public_tooltip=Visível para todos
 visibility.limited=Limitada
+visibility.limited_tooltip=Visível apenas para utilizadores autenticados
 visibility.private=Privada
 visibility.private_tooltip=Visível apenas para membros das organizações a que se associou
 
 [repo]
+new_repo_helper=Um repositório contém todos os ficheiros do trabalho, incluindo o histórico das revisões. Já tem um hospedado noutro sítio? <a href="%s">Migre o repositório</a>.
 owner=Proprietário(a)
 owner_helper=Algumas organizações podem não aparecer na lista suspensa devido a um limite máximo de contagem de repositórios.
 repo_name=Nome do repositório
@@ -984,6 +1009,7 @@ template_helper=Fazer do repositório um modelo
 template_description=Repositórios modelo permitem que os utilizadores gerem novos repositórios com a mesma estrutura de pastas, ficheiros e configurações opcionais.
 visibility=Visibilidade
 visibility_description=Somente o proprietário ou os membros da organização, se tiverem direitos, poderão vê-lo.
+visibility_helper=Tornar o repositório privado
 visibility_helper_forced=O administrador obriga a que os repositórios novos sejam privados.
 visibility_fork_helper=(alterar este parâmetro irá alterar também todas as derivações)
 clone_helper=Precisa de ajuda para clonar? Visite a <a target="_blank" rel="noopener noreferrer" href="%s">Ajuda</a>.
@@ -1036,6 +1062,8 @@ mirror_sync=sincronizado
 mirror_sync_on_commit=Sincronizar quando forem enviados cometimentos
 mirror_address=Clonar a partir do URL
 mirror_address_desc=Coloque, na secção de autorização, as credenciais que, eventualmente, sejam necessárias.
+mirror_address_url_invalid=O URL fornecido é inválido. Tem que codificar adequadamente todos os componentes do URL.
+mirror_address_protocol_invalid=O URL fornecido é inválido. Só se pode replicar a partir de endereços http(s):// ou git://.
 mirror_lfs=Armazenamento de Ficheiros Grandes (LFS)
 mirror_lfs_desc=Habilitar a réplica de dados LFS.
 mirror_lfs_endpoint=Destino LFS
@@ -1071,7 +1099,9 @@ tree_path_not_found_branch=A localização %[1]s não existe no ramo %[2]s
 tree_path_not_found_tag=A localização %[1]s não existe na etiqueta %[2]s
 
 transfer.accept=Aceitar transferência
+transfer.accept_desc=`Transferir para "%s"`
 transfer.reject=Rejeitar transferência
+transfer.reject_desc=`Cancelar transferência para "%s"`
 transfer.no_permission_to_accept=Você não tem permissão para aceitar esta transferência.
 transfer.no_permission_to_reject=Você não tem permissão para rejeitar esta transferência.
 
@@ -1093,6 +1123,8 @@ template.issue_labels=Rótulos das questões
 template.one_item=Tem que escolher pelo menos um item do modelo
 template.invalid=Tem que escolher um repositório modelo
 
+archive.title=Este repositório está arquivado. Pode ver os seus ficheiros e cloná-lo, mas não pode fazer envios para o repositório nem lançar questões ou fazer pedidos de integração.
+archive.title_date=Este repositório foi arquivado em %s. Pode ver os ficheiros e cloná-lo, mas não pode fazer envios ou abrir questões ou pedidos de integração.
 archive.issue.nocomment=Este repositório está arquivado. Não pode comentar nas questões.
 archive.pull.nocomment=Este repositório está arquivado. Não pode comentar nos pedidos de integração.
 
@@ -1204,6 +1236,7 @@ releases=Lançamentos
 tag=Etiqueta
 released_this=lançou isto
 tagged_this=etiquetou isto
+file.title=%s em %s
 file_raw=Em bruto
 file_history=Histórico
 file_view_source=Ver código-fonte
@@ -1220,6 +1253,7 @@ ambiguous_runes_header=`Este ficheiro contém caracteres Unicode ambíguos`
 ambiguous_runes_description=`Este ficheiro contém caracteres Unicode que podem ser confundidos com outros caracteres. Se acha que é intencional, pode ignorar este aviso com segurança. Use o botão Revelar para os mostrar.`
 invisible_runes_line=`Esta linha tem caracteres unicode invisíveis`
 ambiguous_runes_line=`Esta linha tem caracteres unicode ambíguos`
+ambiguous_character=`%[1]c [U+%04[1]X] pode confundir-se com %[2]c [U+%04[2]X]`
 
 escape_control_characters=Revelar
 unescape_control_characters=Esconder
@@ -1380,6 +1414,7 @@ projects.column.new=Nova coluna
 projects.column.set_default=Tornar predefinida
 projects.column.set_default_desc=Definir esta coluna como a predefinida para questões e pedidos de integração não categorizados
 projects.column.delete=Eliminar coluna
+projects.column.deletion_desc=Eliminar uma coluna de um planeamento faz com que todas as questões que nela constam sejam movidas para a coluna predefinida. Continuar?
 projects.column.color=Colorido
 projects.open=Abrir
 projects.close=Fechar
@@ -1461,6 +1496,7 @@ issues.delete_branch_at=`eliminou o ramo <b>%s</b> %s`
 issues.filter_label=Rótulo
 issues.filter_label_exclude=`Use <code>alt</code> + <code>clique/enter</code> para excluir rótulos`
 issues.filter_label_no_select=Todos os rótulos
+issues.filter_label_select_no_label=Sem rótulo
 issues.filter_milestone=Etapa
 issues.filter_milestone_all=Todas as etapas
 issues.filter_milestone_none=Sem etapas
@@ -1625,6 +1661,7 @@ issues.tracking_already_started=`Você já iniciou a contagem de tempo <a href="
 issues.stop_tracking=Parar cronómetro
 issues.stop_tracking_history=`parou de trabalhar %s`
 issues.cancel_tracking=Descartar
+issues.cancel_tracking_history=`cancelou a contagem de tempo %s`
 issues.add_time=Adicionar tempo manualmente
 issues.del_time=Eliminar este registo de tempo
 issues.add_time_short=Adicionar tempo
@@ -1714,6 +1751,11 @@ issues.review.hide_resolved=Ocultar os concluídos
 issues.review.resolve_conversation=Passar diálogo ao estado de resolvido
 issues.review.un_resolve_conversation=Passar diálogo ao estado de não resolvido
 issues.review.resolved_by=marcou este diálogo como estando concluído
+issues.review.official=Aprovada
+issues.review.requested=Revisão pendente
+issues.review.rejected=Modificações solicitadas
+issues.review.stale=Modificada depois da aprovação
+issues.review.unofficial=Aprovação não oficial
 issues.assignee.error=Nem todos os encarregados foram adicionados devido a um erro inesperado.
 issues.reference_issue.body=Conteúdo
 issues.content_history.deleted=eliminado
@@ -1787,6 +1829,13 @@ pulls.is_empty=As modificações feitas neste ramo já existem no ramo de destin
 pulls.required_status_check_failed=Algumas das verificações obrigatórias não foram bem sucedidas.
 pulls.required_status_check_missing=Estão faltando algumas verificações necessárias.
 pulls.required_status_check_administrator=Uma vez que é administrador, ainda pode realizar a integração deste pedido.
+pulls.blocked_by_approvals=Este pedido de integração ainda não tem aprovações necessárias suficientes. Já foram concedidas %d de um total de %d aprovações oficiais.
+pulls.blocked_by_approvals_whitelisted=Este pedido de integração ainda não tem um número de aprovações suficiente. %d em %d aprovações atribuídas pelos utilizadores ou equipas da lista de permissões.
+pulls.blocked_by_rejection=Este pedido de integração tem modificações solicitadas por um revisor oficial.
+pulls.blocked_by_official_review_requests=Este pedido de integração tem pedidos de revisão oficiais.
+pulls.blocked_by_outdated_branch=Este pedido de integração foi bloqueado por ser obsoleto.
+pulls.blocked_by_changed_protected_files_1=Este pedido de integração está bloqueado porque modifica um ficheiro protegido:
+pulls.blocked_by_changed_protected_files_n=Este pedido de integração está bloqueado porque modifica ficheiros protegidos:
 pulls.can_auto_merge_desc=A integração constante neste pedido pode ser executada automaticamente.
 pulls.cannot_auto_merge_desc=A integração constante neste pedido não pode ser executada automaticamente porque existem conflitos.
 pulls.cannot_auto_merge_helper=Faça a integração manualmente para resolver os conflitos.
@@ -1823,7 +1872,9 @@ pulls.unrelated_histories=A integração falhou: O topo da integração e a base
 pulls.merge_out_of_date=Falhou a integração: Enquanto estava a gerar a integração, a base foi modificada. Dica: Tente de novo.
 pulls.head_out_of_date=Falhou a integração: Enquanto estava a gerar a integração, o topo foi modificado. Dica: Tente de novo.
 pulls.has_merged=Falhou: A integração constante do pedido foi executada, não pode integrar novamente nem modificar o ramo alvo.
+pulls.push_rejected=O envio falhou: O envio foi rejeitado. Reveja os Automatismos do Git neste repositório.
 pulls.push_rejected_summary=Mensagem completa de rejeição
+pulls.push_rejected_no_message=O envio falhou: O envio foi rejeitado mas não houve qualquer mensagem remota. Reveja os Automatismos do Git para este repositório
 pulls.open_unmerged_pull_exists=`Não pode executar uma operação de reabertura porque há um pedido de integração pendente (#%d) com propriedades idênticas.`
 pulls.status_checking=Algumas verificações estão pendentes
 pulls.status_checks_success=Todas as verificações foram bem sucedidas
@@ -1879,6 +1930,7 @@ milestones.no_due_date=Sem data de vencimento
 milestones.open=Abrir
 milestones.close=Fechar
 milestones.new_subheader=As etapas podem ajudar organizar as questões e a acompanhar o seu progresso.
+milestones.completeness=<strong>%d%%</strong> concluído
 milestones.create=Criar etapa
 milestones.title=Título
 milestones.desc=Descrição
@@ -1949,6 +2001,7 @@ wiki.original_git_entry_tooltip=Ver o ficheiro Git original, ao invés de usar u
 activity=Trabalho
 activity.navbar.pulse=Pulso
 activity.navbar.code_frequency=Frequência de programação
+activity.navbar.contributors=Contribuidores
 activity.navbar.recent_commits=Cometimentos recentes
 activity.period.filter_label=Período:
 activity.period.daily=1 dia
@@ -2100,6 +2153,7 @@ settings.pulls.default_delete_branch_after_merge=Eliminar, por norma, o ramo do
 settings.pulls.default_allow_edits_from_maintainers=Permitir, por norma, que os responsáveis editem
 settings.releases_desc=Habilitar lançamentos no repositório
 settings.packages_desc=Habilitar o registo de pacotes do repositório
+settings.projects_desc=Habilitar planeamentos
 settings.projects_mode_desc=Modo de planeamentos (tipos de planeamentos a mostrar)
 settings.projects_mode_repo=Apenas planeamentos de repositórios
 settings.projects_mode_owner=Apenas planeamentos de utilizadores ou de organizações
@@ -2132,6 +2186,7 @@ settings.transfer.success=A transferência do repositório foi bem sucedida.
 settings.transfer.blocked_user=Não foi possível transferir o repositório porque foi bloqueado/a pelo/a novo/a proprietário/a.
 settings.transfer_abort=Cancelar a transferência
 settings.transfer_abort_invalid=Não pode cancelar a transferência de um repositório inexistente.
+settings.transfer_abort_success=A transferência de repositório para %s foi cancelada com sucesso.
 settings.transfer_desc=Transferir este repositório para um utilizador ou para uma organização na qual você tenha direitos de administrador.
 settings.transfer_form_title=Insira o nome do repositório para confirmar:
 settings.transfer_in_progress=Está a ser feita uma transferência. Cancele-a, por favor, se quiser transferir este repositório para outro utilizador.
@@ -2275,6 +2330,7 @@ settings.event_pull_request_merge=Integração constante no pedido
 settings.event_package=Pacote
 settings.event_package_desc=Pacote criado ou eliminado num repositório.
 settings.branch_filter=Filtro de ramos
+settings.branch_filter_desc=Lista dos ramos a serem considerados nos eventos de envio e de criação e eliminação de ramos, especificada como um padrão glob. Se estiver em branco ou for <code>*</code>, serão reportados eventos para todos os ramos. Veja a <a href="%[1]s">documentação</a> para ver os detalhes da sintaxe. Exemplos: <code>main</code>, <code>{main,release*}</code>.
 settings.authorization_header=Cabeçalho de Autorização
 settings.authorization_header_desc=Será incluído como cabeçalho de autorização para pedidos, quando estiver presente. Exemplos: %s.
 settings.active=Em funcionamento
@@ -2325,6 +2381,7 @@ settings.protected_branch.save_rule=Guardar regra
 settings.protected_branch.delete_rule=Eliminar regra
 settings.protected_branch_can_push=Permitir envios?
 settings.protected_branch_can_push_yes=Pode enviar
+settings.protected_branch_can_push_no=Não pode enviar
 settings.branch_protection=Regras de salvaguarda do ramo '<b>%s</b>'
 settings.protect_this_branch=Habilitar salvaguarda do ramo
 settings.protect_this_branch_desc=Impede a eliminação e restringe envios e integrações do Git no ramo.
@@ -2355,11 +2412,13 @@ settings.protect_merge_whitelist_teams=Equipas com permissão para executar inte
 settings.protect_check_status_contexts=Habilitar verificação de estado
 settings.protect_status_check_patterns=Padrões de verificação de estado:
 settings.protect_status_check_patterns_desc=Insira padrões para especificar que verificações de estado têm de passar antes que os ramos possam ser integrados num ramo correspondente a esta regra. Cada linha especifíca um padrão. Os padrões não podem estar em branco.
+settings.protect_check_status_contexts_desc=Exigir que as verificações de estado passem antes de ser aplicada a integração. Quando habilitado, os cometimentos primeiro têm de ser enviados para outro ramo, depois integrados ou enviados imediatamente para um ramo que corresponda a esta regra, após terem passado as verificações de estado. Se não houver correspondência com quaisquer contextos, o último cometimento tem que ser bem sucedido, independentemente do contexto.
 settings.protect_check_status_contexts_list=Verificações de estado encontradas na última semana para este repositório
 settings.protect_status_check_matched=Correspondido
 settings.protect_invalid_status_check_pattern=Padrão de verificação de estado inválido: "%s".
 settings.protect_no_valid_status_check_patterns=Não existem padrões de verificação de estado válidos.
 settings.protect_required_approvals=Aprovações necessárias:
+settings.protect_required_approvals_desc=Permitir somente a integração constante de pedidos que tenham aprovações exigidas suficientes. Aprovações exigidas são as dos utilizadores ou das equipas ou de qualquer pessoa que esteja na lista de permissão com acesso de escrita.
 settings.protect_approvals_whitelist_enabled=Restringir aprovações a utilizadores ou equipas da lista de permissão
 settings.protect_approvals_whitelist_enabled_desc=Somente as revisões dos utilizadores ou equipas da lista de permissão irão contar para as aprovações necessárias. Se não houver uma lista de permissão de aprovações, revisões de qualquer pessoa com acesso de escrita contam para as aprovações necessárias.
 settings.protect_approvals_whitelist_users=Revisores com permissão:
@@ -2371,14 +2430,18 @@ settings.ignore_stale_approvals_desc=Não contar as aprovações feitas em comet
 settings.require_signed_commits=Exigir cometimentos assinados
 settings.require_signed_commits_desc=Rejeitar envios para este ramo que não estejam assinados ou que não sejam validáveis.
 settings.protect_branch_name_pattern=Padrão do nome do ramo protegido
+settings.protect_branch_name_pattern_desc=Padrões de nomes de ramos protegidos. Consulte <a href="%s">a documentação</a> para ver a sintaxe dos padrões. Exemplos: main, release/**
 settings.protect_patterns=Padrões
 settings.protect_protected_file_patterns=Padrões de ficheiros protegidos (separados com ponto e vírgula ';'):
+settings.protect_protected_file_patterns_desc=Ficheiros protegidos não podem ser modificados imediatamente, mesmo que o utilizador tenha direitos para adicionar, editar ou eliminar ficheiros neste ramo. Múltiplos padrões podem ser separados com ponto e vírgula (';'). Veja a documentação <a href='%[1]s'>%[2]s</a> para ver a sintaxe. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Padrões de ficheiros desprotegidos (separados com ponto e vírgula ';'):
+settings.protect_unprotected_file_patterns_desc=Ficheiros desprotegidos que podem ser modificados imediatamente se o utilizador tiver direitos de escrita, contornando a restrição no envio. Padrões múltiplos podem ser separados com ponto e vírgula (';'). Veja a documentação <a href='%[1]s'>%[2]s</a> para ver a sintaxe. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.add_protected_branch=Habilitar salvaguarda
 settings.delete_protected_branch=Desabilitar salvaguarda
 settings.update_protect_branch_success=A salvaguarda do ramo "%s" foi modificada.
 settings.remove_protected_branch_success=A salvaguarda do ramo "%s" foi removida.
 settings.remove_protected_branch_failed=A remoção da regra "%s" de salvaguarda do ramo falhou.
+settings.protected_branch_deletion=Eliminar salvaguarda do ramo
 settings.protected_branch_deletion_desc=Desabilitar a salvaguarda do ramo irá permitir que os utilizadores que tenham permissão de escrita enviem para o ramo. Quer continuar?
 settings.block_rejected_reviews=Bloquear a integração quando há revisões rejeitadas
 settings.block_rejected_reviews_desc=A integração não será possível quando as modificações forem pedidas pelos revisores oficiais, mesmo que haja aprovações suficientes.
@@ -2404,6 +2467,7 @@ settings.tags.protection.allowed.teams=Equipas com permissão
 settings.tags.protection.allowed.noone=Ninguém
 settings.tags.protection.create=Proteger etiqueta
 settings.tags.protection.none=Não há etiquetas protegidas.
+settings.tags.protection.pattern.description=Pode usar um só nome ou um padrão glob ou uma expressão regular para corresponder a várias etiquetas. Para mais informações leia o <a target="_blank" rel="noopener" href="%s">guia das etiquetas protegidas</a>.
 settings.bot_token=Código do bot
 settings.chat_id=ID do diálogo
 settings.thread_id=ID da discussão
@@ -2431,6 +2495,11 @@ settings.archive.error_ismirror=Não pode arquivar um repositório que tenha sid
 settings.archive.branchsettings_unavailable=As configurações dos ramos não estão disponíveis quando o repositório está arquivado.
 settings.archive.tagsettings_unavailable=As configurações sobre etiquetas não estão disponíveis quando o repositório está arquivado.
 settings.archive.mirrors_unavailable=As réplicas não estão disponíveis se o repositório estiver arquivado.
+settings.unarchive.button=Desarquivar repositório
+settings.unarchive.header=Desarquivar este repositório
+settings.unarchive.text=Desarquivar o repositório irá restaurar a capacidade de receber cometimentos e envios, assim como novas questões e pedidos de integração.
+settings.unarchive.success=O repositório foi desarquivado com sucesso.
+settings.unarchive.error=Ocorreu um erro enquanto decorria o processo de desarquivar o repositório. Veja os registos para obter mais detalhes.
 settings.update_avatar_success=O avatar do repositório foi modificado.
 settings.lfs=LFS
 settings.lfs_filelist=Ficheiros LFS armazenados neste repositório
@@ -2492,6 +2561,7 @@ diff.file_image_height=Altura
 diff.file_byte_size=Tamanho
 diff.file_suppressed=A apresentação das diferenças no ficheiro foi suprimida por ser demasiado grande
 diff.file_suppressed_line_too_long=A apresentação das diferenças entre ficheiros foi suprimida porque há linhas demasiado longas
+diff.too_many_files=Alguns ficheiros não foram mostrados porque foram modificados demasiados ficheiros neste diff
 diff.show_more=Mostrar mais
 diff.load=Carregar diff
 diff.generated=gerado
@@ -2612,6 +2682,7 @@ tag.create_success=A etiqueta "%s" foi criada.
 
 topic.manage_topics=Gerir tópicos
 topic.done=Concluído
+topic.count_prompt=Não pode escolher mais do que 25 tópicos
 topic.format_prompt=Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') ou pontos ('.') e podem ter até 35 caracteres. As letras têm que ser minúsculas.
 
 find_file.go_to_file=Ir para o ficheiro
@@ -2751,6 +2822,7 @@ teams.all_repositories_helper=A equipa tem acesso a todos os repositórios. Esco
 teams.all_repositories_read_permission_desc=Esta equipa atribui o acesso de <strong>leitura</strong> a <strong>todos os repositórios</strong>: os seus membros podem ver e clonar os repositórios.
 teams.all_repositories_write_permission_desc=Esta equipa atribui o acesso de <strong>escrita</strong> a <strong>todos os repositórios</strong>: os seus membros podem ler de, e enviar para os repositórios.
 teams.all_repositories_admin_permission_desc=Esta equipa atribui o acesso de <strong>administração</strong> a <strong>todos os repositórios</strong>: os seus membros podem ler de, enviar para, e adicionar colaboradores aos repositórios.
+teams.invite.title=Foi-lhe feito um convite para se juntar à equipa <strong>%s</strong> na organização<strong>%s</strong>.
 teams.invite.by=Convidado(a) por %s
 teams.invite.description=Clique no botão abaixo para se juntar à equipa.
 
@@ -2777,6 +2849,7 @@ last_page=Última
 total=total: %d
 settings=Configurações de administração
 
+dashboard.new_version_hint=O Gitea %s está disponível, você está a correr a versão %s. Verifique <a target="_blank" rel="noreferrer" href="%s">o blog</a> para mais detalhes.
 dashboard.statistic=Resumo
 dashboard.maintenance_operations=Operações de manutenção
 dashboard.system_status=Estado do sistema
@@ -2787,6 +2860,7 @@ dashboard.clean_unbind_oauth=Limpar conexões OAuth não vinculadas
 dashboard.clean_unbind_oauth_success=Todas as conexões OAuth não vinculadas foram eliminadas.
 dashboard.task.started=Tarefa iniciada: %[1]s
 dashboard.task.process=Tarefa: %[1]s
+dashboard.task.cancelled=Tarefa: %[1]s cancelada: %[3]s
 dashboard.task.error=Erro na tarefa: %[1]s: %[3]s
 dashboard.task.finished=Tarefa: %[1]s iniciada por %[2]s foi concluída
 dashboard.task.unknown=Tarefa desconhecida: %[1]s
@@ -2930,6 +3004,7 @@ emails.updated=Email modificado
 emails.not_updated=Falhou a modificação do endereço de email solicitado: %v
 emails.duplicate_active=Este endereço de email já está a ser usado por outro utilizador.
 emails.change_email_header=Modificar propriedades do email
+emails.change_email_text=Tem a certeza que quer modificar este endereço de email?
 emails.delete=Eliminar email
 emails.delete_desc=Tem a certeza que quer eliminar este endereço de email?
 emails.deletion_success=O endereço de email foi eliminado.
@@ -2966,10 +3041,12 @@ packages.size=Tamanho
 packages.published=Publicado
 
 defaulthooks=Automatismos web predefinidos
+defaulthooks.desc=Os automatismos web fazem pedidos HTTP POST automaticamente a um servidor quando são despoletados determinados eventos do Gitea. Os automatismos web definidos aqui são os predefinidos e serão copiados para todos os novos repositórios. Leia mais no <a target="_blank" rel="noopener" href="%s">guia de automatismos web</a>.
 defaulthooks.add_webhook=Adicionar automatismo web predefinido
 defaulthooks.update_webhook=Modificar automatismo web predefinido
 
 systemhooks=Automatismos web do sistema
+systemhooks.desc=Os automatismos web fazem pedidos HTTP POST automaticamente a um servidor quando são despoletados determinados eventos do Gitea. Os automatismos web definidos aqui irão operar em todos os repositórios deste sistema, por isso tenha em consideração quaisquer implicações de desempenho que isso possa ter. Leia mais no <a target="_blank" rel="noopener" href="%s">guia de automatismos web</a>.
 systemhooks.add_webhook=Adicionar automatismo web do sistema
 systemhooks.update_webhook=Modificar automatismo web do sistema
 
@@ -3064,8 +3141,18 @@ auths.tips=Dicas
 auths.tips.oauth2.general=Autenticação OAuth2
 auths.tips.oauth2.general.tip=Ao registar uma nova autenticação OAuth2, o URL da ligação de retorno ou do reencaminhamento deve ser:
 auths.tip.oauth2_provider=Fornecedor OAuth2
+auths.tip.bitbucket=Registe um novo consumidor de OAuth em %s e adicione a permissão 'Account' - 'Read'
 auths.tip.nextcloud=`Registe um novo consumidor OAuth na sua instância usando o seguinte menu "Configurações → Segurança → Cliente OAuth 2.0"`
+auths.tip.dropbox=Crie uma nova aplicação em %s
+auths.tip.facebook=`Registe uma nova aplicação em %s e adicione o produto "Facebook Login"`
+auths.tip.github=Registe uma nova aplicação OAuth em %s
+auths.tip.gitlab_new=Registe uma nova aplicação em %s
+auths.tip.google_plus=Obtenha credenciais de cliente OAuth2 a partir da consola do Google API em %s
 auths.tip.openid_connect=Use o URL da descoberta de conexão OpenID "https://{server}/.well-known/openid-configuration" para especificar os extremos
+auths.tip.twitter=`Vá a %s, crie uma aplicação e certifique-se de que está habilitada a opção "Allow this application to be used to Sign in with Twitter"`
+auths.tip.discord=Registe uma nova aplicação em %s
+auths.tip.gitea=Registe uma nova aplicação OAuth2. O guia pode ser encontrado em %s
+auths.tip.yandex=`Crie uma nova aplicação em %s. Escolha as seguintes permissões da secção "Yandex.Passport API": "Acesso ao endereço de email", "Acesso ao avatar do utilizador" e "Acesso ao nome de utilizador, nome e sobrenome, género"`
 auths.tip.mastodon=Insira o URL de uma instância personalizada para a instância do mastodon com que se pretende autenticar (ou então use a predefinida)
 auths.edit=Editar fonte de autenticação
 auths.activated=Esta fonte de autenticação está em funcionamento
@@ -3231,6 +3318,7 @@ monitor.next=Próxima execução
 monitor.previous=Execução anterior
 monitor.execute_times=Execuções
 monitor.process=Processos em execução
+monitor.stacktrace=Vestígios da pilha
 monitor.processes_count=%d processos
 monitor.download_diagnosis_report=Descarregar relatório de diagnóstico
 monitor.desc=Descrição
@@ -3238,6 +3326,8 @@ monitor.start=Início
 monitor.execute_time=Tempo de execução
 monitor.last_execution_result=Resultado
 monitor.process.cancel=Cancelar processo
+monitor.process.cancel_desc=Cancelar um processo pode resultar na perda de dados
+monitor.process.cancel_notices=Cancelar: <strong>%s</strong>?
 monitor.process.children=Descendentes
 
 monitor.queues=Filas
@@ -3339,6 +3429,7 @@ raw_minutes=minutos
 
 [dropzone]
 default_message=Largue os ficheiros aqui ou clique aqui para os carregar.
+invalid_input_type=Não pode carregar ficheiros deste tipo.
 file_too_big=O tamanho do ficheiro ({{filesize}} MB) excede o tamanho máximo de ({{maxFilesize}} MB).
 remove_file=Remover ficheiro
 
@@ -3486,6 +3577,7 @@ settings.link=Vincular este pacote a um repositório
 settings.link.description=Se você vincular um pacote a um repositório, o pacote será listado na lista de pacotes do repositório.
 settings.link.select=Escolha o repositório
 settings.link.button=Modificar vínculo ao repositório
+settings.link.success=A ligação ao repositório foi modificada com sucesso.
 settings.link.error=Falhou a modificação do vínculo ao repositório.
 settings.delete=Eliminar pacote
 settings.delete.description=Eliminar o pacote é permanente e não pode ser desfeito.
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 223277b540f..8fe44e6009f 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -1790,6 +1790,8 @@ pulls.is_empty=此分支上的更改已经在目标分支上。这将是一个
 pulls.required_status_check_failed=一些必要的检查没有成功
 pulls.required_status_check_missing=缺少一些必要的检查。
 pulls.required_status_check_administrator=作为管理员，您仍可合并此合并请求
+pulls.blocked_by_approvals=此合并请求还没有足够的批准。已获批准数 %d 个，需获批准数 %d 个。
+pulls.blocked_by_approvals_whitelisted=此合并请求还没有足够的批准。%[2]d 中的 %[1]d 个已由允许名单中的用户或团队批准。
 pulls.blocked_by_rejection=此合并请求有官方审核员请求的更改。
 pulls.blocked_by_official_review_requests=此合并请求需要官方评审。
 pulls.blocked_by_outdated_branch=此合并请求因过期而被阻止。

From 972eae358db0c20bda23833ca94b4324d6d343cb Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Mon, 9 Sep 2024 00:31:04 +0000
Subject: [PATCH 064/129] [skip ci] Updated licenses and gitignores

---
 options/gitignore/Hexo                        | 14 +++++
 options/gitignore/ReScript                    |  3 +
 options/gitignore/Terragrunt                  |  3 +
 options/license/DocBook-Stylesheet            | 13 +++++
 options/license/GPL-3.0-389-ds-base-exception | 10 ++++
 options/license/MIT-Click                     | 30 ++++++++++
 options/license/TrustedQSL                    | 58 +++++++++++++++++++
 7 files changed, 131 insertions(+)
 create mode 100644 options/gitignore/Hexo
 create mode 100644 options/gitignore/ReScript
 create mode 100644 options/gitignore/Terragrunt
 create mode 100644 options/license/DocBook-Stylesheet
 create mode 100644 options/license/GPL-3.0-389-ds-base-exception
 create mode 100644 options/license/MIT-Click
 create mode 100644 options/license/TrustedQSL

diff --git a/options/gitignore/Hexo b/options/gitignore/Hexo
new file mode 100644
index 00000000000..570a5e7b5db
--- /dev/null
+++ b/options/gitignore/Hexo
@@ -0,0 +1,14 @@
+# gitignore template for Hexo sites
+# website: https://hexo.io/
+# Recommended: Node.gitignore
+
+# Ignore generated directory
+public/
+
+# Ignore temp files
+tmp/
+.tmp*
+
+# additional files
+db.json
+.deploy*/
diff --git a/options/gitignore/ReScript b/options/gitignore/ReScript
new file mode 100644
index 00000000000..b7364c932a4
--- /dev/null
+++ b/options/gitignore/ReScript
@@ -0,0 +1,3 @@
+/node_modules/
+/lib/
+.bsb.lock
diff --git a/options/gitignore/Terragrunt b/options/gitignore/Terragrunt
new file mode 100644
index 00000000000..ea4808637fd
--- /dev/null
+++ b/options/gitignore/Terragrunt
@@ -0,0 +1,3 @@
+# Ignore the default terragrunt cache directory
+# https://terragrunt.gruntwork.io/docs/features/caching/
+.terragrunt-cache
diff --git a/options/license/DocBook-Stylesheet b/options/license/DocBook-Stylesheet
new file mode 100644
index 00000000000..e986ed42359
--- /dev/null
+++ b/options/license/DocBook-Stylesheet
@@ -0,0 +1,13 @@
+Copyright 2005 Norman Walsh, Sun Microsystems,
+Inc., and the Organization for the Advancement
+of Structured Information Standards (OASIS).
+
+Release: $Id: db4-upgrade.xsl 8905 2010-09-12 11:47:07Z bobstayton $
+
+Permission to use, copy, modify and distribute this stylesheet
+and its accompanying documentation for any purpose and
+without fee is hereby granted in perpetuity, provided that
+the above copyright notice and this paragraph appear in
+all copies. The copyright holders make no representation
+about the suitability of the schema for any purpose. It
+is provided "as is" without expressed or implied warranty.
diff --git a/options/license/GPL-3.0-389-ds-base-exception b/options/license/GPL-3.0-389-ds-base-exception
new file mode 100644
index 00000000000..52be470c102
--- /dev/null
+++ b/options/license/GPL-3.0-389-ds-base-exception
@@ -0,0 +1,10 @@
+Additional permission under GPLv3 section 7:
+
+If you modify this Program, or any covered work, by
+linking or combining it with OpenSSL, or a modified
+version of OpenSSL licensed under the OpenSSL license
+(https://www.openssl.org/source/license.html), the licensors of this
+Program grant you additional permission to convey the resulting work.                                                                                                   
+Corresponding Source for a non-source form of such a combination
+shall include the source code for the parts that are licensed
+under the OpenSSL license as well as that of the covered work.
diff --git a/options/license/MIT-Click b/options/license/MIT-Click
new file mode 100644
index 00000000000..82054edc397
--- /dev/null
+++ b/options/license/MIT-Click
@@ -0,0 +1,30 @@
+Portions of this software are subject to the license below.  The relevant
+source files are clearly marked; they refer to this file using the phrase
+"the Click LICENSE file". This license is an MIT license, plus a clause
+(taken from the W3C license) requiring prior written permission to use our
+names in publicity.
+
+===========================================================================
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+The name and trademarks of copyright holders may NOT be used in advertising
+or publicity pertaining to the Software without specific, written prior
+permission. Title to copyright in this Software and any associated
+documentation will at all times remain with copyright holders.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/options/license/TrustedQSL b/options/license/TrustedQSL
new file mode 100644
index 00000000000..982d4269f62
--- /dev/null
+++ b/options/license/TrustedQSL
@@ -0,0 +1,58 @@
+Copyright (C) 2001-2015 American Radio Relay League, Inc. All rights
+reserved.
+
+Portions (C) 2003-2023 The TrustedQSL Developers. Please see the AUTHORS.txt
+file for contributors.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Any redistribution of source code must retain the above copyright
+notice, this list of conditions and the disclaimer shown in
+Paragraph 5 (below).
+
+2. Redistribution in binary form must reproduce the above copyright
+notice, this list of conditions and the disclaimer shown in
+Paragraph 5 (below) in the documentation and/or other materials
+provided with the distribution.
+
+3. Products derived from or including this software may not use
+"Logbook of the World" or "LoTW" or any other American Radio Relay
+League, Incorporated trademarks or servicemarks in their names
+without prior written permission of the ARRL. See Paragraph 6
+(below) for contact information.
+
+4. Use of this software does not imply endorsement by ARRL of
+products derived from or including this software and vendors may not
+claim such endorsement. 
+
+5. Disclaimer: This software is provided "as-is" without
+representation, guarantee or warranty of any kind, either express or
+implied, including but not limited to the implied warranties of
+merchantability or of fitness for a particular purpose. The entire
+risk as to the quality and performance of the software is solely
+with you. Should the software prove defective, you (and not the
+American Radio Relay League, its officers, directors, employees or
+agents) assume the entire cost of all necessary servicing, repair or
+correction. In no event will ARRL be liable to you or to any third
+party for any damages, whether direct or indirect, including lost
+profits, lost savings, or other incidental or consequential damages
+arising out of the use or inability to use such software, regardless
+of whether ARRL has been advised of the possibility of such damages.
+
+6. Contact information:
+
+American Radio Relay League, Inc.
+Attn: Logbook of the World Manager
+225 Main St
+Newington, CT 06111
+voice: 860-594-0200
+fax: 860-594-0259
+email: logbook@arrl.org
+Worldwide Web: www.arrl.org
+
+This software consists of voluntary contributions made by many
+individuals on behalf of the ARRL. More information on the "Logbook
+of The World" project and the ARRL is available from the ARRL Web
+site at www.arrl.org.

From a323a82ec4bde6ae39b97200439829bf67c0d31e Mon Sep 17 00:00:00 2001
From: Jason Song <i@wolfogre.com>
Date: Mon, 9 Sep 2024 12:51:25 +0800
Subject: [PATCH 065/129] Increase `cacheContextLifetime` to reduce false
 reports (#32011)

Replace #32001.

To prevent the context cache from being misused for long-term work
(which would result in using invalid cache without awareness), the
context cache is designed to exist for a maximum of 10 seconds. This
leads to many false reports, especially in the case of slow SQL.

This PR increases it to 5 minutes to reduce false reports.

5 minutes is not a very safe value, as a lot of changes may have
occurred within that time frame. However, as far as I know, there has
not been a case of misuse of context cache discovered so far, so I think
5 minutes should be OK.

Please note that after this PR, if warning logs are found again, it
should get attention, at that time it can be almost 100% certain that it
is a misuse.
---
 modules/cache/context.go      | 12 ++++++------
 modules/cache/context_test.go |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/modules/cache/context.go b/modules/cache/context.go
index 62bbf5dcba8..5cca5afd6ec 100644
--- a/modules/cache/context.go
+++ b/modules/cache/context.go
@@ -63,9 +63,9 @@ func (cc *cacheContext) isDiscard() bool {
 }
 
 // cacheContextLifetime is the max lifetime of cacheContext.
-// Since cacheContext is used to cache data in a request level context, 10s is enough.
-// If a cacheContext is used more than 10s, it's probably misuse.
-const cacheContextLifetime = 10 * time.Second
+// Since cacheContext is used to cache data in a request level context, 5 minutes is enough.
+// If a cacheContext is used more than 5 minutes, it's probably misuse.
+const cacheContextLifetime = 5 * time.Minute
 
 var timeNow = time.Now
 
@@ -131,7 +131,7 @@ func GetContextData(ctx context.Context, tp, key any) any {
 		if c.Expired() {
 			// The warning means that the cache context is misused for long-life task,
 			// it can be resolved with WithNoCacheContext(ctx).
-			log.Warn("cache context is expired, may be misused for long-life tasks: %v", c)
+			log.Warn("cache context is expired, is highly likely to be misused for long-life tasks: %v", c)
 			return nil
 		}
 		return c.Get(tp, key)
@@ -144,7 +144,7 @@ func SetContextData(ctx context.Context, tp, key, value any) {
 		if c.Expired() {
 			// The warning means that the cache context is misused for long-life task,
 			// it can be resolved with WithNoCacheContext(ctx).
-			log.Warn("cache context is expired, may be misused for long-life tasks: %v", c)
+			log.Warn("cache context is expired, is highly likely to be misused for long-life tasks: %v", c)
 			return
 		}
 		c.Put(tp, key, value)
@@ -157,7 +157,7 @@ func RemoveContextData(ctx context.Context, tp, key any) {
 		if c.Expired() {
 			// The warning means that the cache context is misused for long-life task,
 			// it can be resolved with WithNoCacheContext(ctx).
-			log.Warn("cache context is expired, may be misused for long-life tasks: %v", c)
+			log.Warn("cache context is expired, is highly likely to be misused for long-life tasks: %v", c)
 			return
 		}
 		c.Delete(tp, key)
diff --git a/modules/cache/context_test.go b/modules/cache/context_test.go
index 5315547865e..c01b9e8d84b 100644
--- a/modules/cache/context_test.go
+++ b/modules/cache/context_test.go
@@ -45,7 +45,7 @@ func TestWithCacheContext(t *testing.T) {
 		timeNow = now
 	}()
 	timeNow = func() time.Time {
-		return now().Add(10 * time.Second)
+		return now().Add(5 * time.Minute)
 	}
 	v = GetContextData(ctx, field, "my_config1")
 	assert.Nil(t, v)

From f183783baa67e7da0b0ae0909d3d6cb3045c0501 Mon Sep 17 00:00:00 2001
From: techknowlogick <techknowlogick@gitea.com>
Date: Mon, 9 Sep 2024 17:05:16 -0400
Subject: [PATCH 066/129] Save initial signup information for users to aid in
 spam prevention (#31852)

This will allow instance admins to view signup pattern patterns for
public instances. It is modelled after discourse, mastodon, and
MediaWiki's approaches.

Note: This has privacy implications, but as the above-stated open-source
projects take this approach, especially MediaWiki, which I have no doubt
looked into this thoroughly, it is likely okay for us, too. However, I
would be appreciative of any feedback on how this could be improved.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
---
 cmd/admin_user_create.go                      |  2 +-
 custom/conf/app.example.ini                   |  3 ++
 models/user/setting_keys.go                   |  4 +++
 models/user/user.go                           | 34 ++++++++++++++++---
 models/user/user_test.go                      |  8 ++---
 modules/setting/security.go                   |  3 ++
 routers/api/v1/admin/user.go                  |  2 +-
 routers/install/install.go                    |  2 +-
 routers/web/admin/users.go                    |  2 +-
 routers/web/auth/auth.go                      |  6 +++-
 services/auth/reverseproxy.go                 |  2 +-
 .../auth/source/ldap/source_authenticate.go   |  2 +-
 services/auth/source/ldap/source_sync.go      |  2 +-
 .../auth/source/oauth2/source_sync_test.go    |  2 +-
 .../auth/source/pam/source_authenticate.go    |  2 +-
 .../auth/source/smtp/source_authenticate.go   |  2 +-
 services/auth/sspi.go                         |  2 +-
 services/user/user_test.go                    |  4 +--
 18 files changed, 61 insertions(+), 23 deletions(-)

diff --git a/cmd/admin_user_create.go b/cmd/admin_user_create.go
index f328b753d86..106d14b25a7 100644
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -158,7 +158,7 @@ func runCreateUser(c *cli.Context) error {
 		IsRestricted: restricted,
 	}
 
-	if err := user_model.CreateUser(ctx, u, overwriteDefault); err != nil {
+	if err := user_model.CreateUser(ctx, u, &user_model.Meta{}, overwriteDefault); err != nil {
 		return fmt.Errorf("CreateUser: %w", err)
 	}
 
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 0f70a1a3d04..7009df54db4 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -507,6 +507,9 @@ INTERNAL_TOKEN =
 ;; stemming from cached/logged plain-text API tokens.
 ;; In future releases, this will become the default behavior
 ;DISABLE_QUERY_AUTH_TOKEN = false
+;;
+;; On user registration, record the IP address and user agent of the user to help identify potential abuse.
+;; RECORD_USER_SIGNUP_METADATA = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/models/user/setting_keys.go b/models/user/setting_keys.go
index 72b3974eee4..3149aae18ba 100644
--- a/models/user/setting_keys.go
+++ b/models/user/setting_keys.go
@@ -14,4 +14,8 @@ const (
 	UserActivityPubPrivPem = "activitypub.priv_pem"
 	// UserActivityPubPubPem is user's public key
 	UserActivityPubPubPem = "activitypub.pub_pem"
+	// SignupIP is the IP address that the user signed up with
+	SignupIP = "signup.ip"
+	// SignupUserAgent is the user agent that the user signed up with
+	SignupUserAgent = "signup.user_agent"
 )
diff --git a/models/user/user.go b/models/user/user.go
index 2a3c1833b91..f93fba8ae0c 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -150,6 +150,14 @@ type User struct {
 	KeepActivityPrivate bool   `xorm:"NOT NULL DEFAULT false"`
 }
 
+// Meta defines the meta information of a user, to be stored in the K/V table
+type Meta struct {
+	// Store the initial registration of the user, to aid in spam prevention
+	// Ensure that one IP isn't creating many accounts (following mediawiki approach)
+	InitialIP        string
+	InitialUserAgent string
+}
+
 func init() {
 	db.RegisterModel(new(User))
 }
@@ -615,17 +623,17 @@ type CreateUserOverwriteOptions struct {
 }
 
 // CreateUser creates record of a new user.
-func CreateUser(ctx context.Context, u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
-	return createUser(ctx, u, false, overwriteDefault...)
+func CreateUser(ctx context.Context, u *User, meta *Meta, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
+	return createUser(ctx, u, meta, false, overwriteDefault...)
 }
 
 // AdminCreateUser is used by admins to manually create users
-func AdminCreateUser(ctx context.Context, u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
-	return createUser(ctx, u, true, overwriteDefault...)
+func AdminCreateUser(ctx context.Context, u *User, meta *Meta, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
+	return createUser(ctx, u, meta, true, overwriteDefault...)
 }
 
 // createUser creates record of a new user.
-func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
+func createUser(ctx context.Context, u *User, meta *Meta, createdByAdmin bool, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
 	if err = IsUsableUsername(u.Name); err != nil {
 		return err
 	}
@@ -745,6 +753,22 @@ func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefa
 		return err
 	}
 
+	if setting.RecordUserSignupMetadata {
+		// insert initial IP and UserAgent
+		if err = SetUserSetting(ctx, u.ID, SignupIP, meta.InitialIP); err != nil {
+			return err
+		}
+
+		// trim user agent string to a reasonable length, if necessary
+		userAgent := strings.TrimSpace(meta.InitialUserAgent)
+		if len(userAgent) > 255 {
+			userAgent = userAgent[:255]
+		}
+		if err = SetUserSetting(ctx, u.ID, SignupUserAgent, userAgent); err != nil {
+			return err
+		}
+	}
+
 	// insert email address
 	if err := db.Insert(ctx, &EmailAddress{
 		UID:         u.ID,
diff --git a/models/user/user_test.go b/models/user/user_test.go
index 26cda3f89e3..67efb3859fd 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -227,7 +227,7 @@ func TestCreateUserInvalidEmail(t *testing.T) {
 		MustChangePassword: false,
 	}
 
-	err := user_model.CreateUser(db.DefaultContext, user)
+	err := user_model.CreateUser(db.DefaultContext, user, &user_model.Meta{})
 	assert.Error(t, err)
 	assert.True(t, user_model.IsErrEmailCharIsNotSupported(err))
 }
@@ -241,7 +241,7 @@ func TestCreateUserEmailAlreadyUsed(t *testing.T) {
 	user.Name = "testuser"
 	user.LowerName = strings.ToLower(user.Name)
 	user.ID = 0
-	err := user_model.CreateUser(db.DefaultContext, user)
+	err := user_model.CreateUser(db.DefaultContext, user, &user_model.Meta{})
 	assert.Error(t, err)
 	assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
 }
@@ -258,7 +258,7 @@ func TestCreateUserCustomTimestamps(t *testing.T) {
 	user.ID = 0
 	user.Email = "unique@example.com"
 	user.CreatedUnix = creationTimestamp
-	err := user_model.CreateUser(db.DefaultContext, user)
+	err := user_model.CreateUser(db.DefaultContext, user, &user_model.Meta{})
 	assert.NoError(t, err)
 
 	fetched, err := user_model.GetUserByID(context.Background(), user.ID)
@@ -283,7 +283,7 @@ func TestCreateUserWithoutCustomTimestamps(t *testing.T) {
 	user.Email = "unique@example.com"
 	user.CreatedUnix = 0
 	user.UpdatedUnix = 0
-	err := user_model.CreateUser(db.DefaultContext, user)
+	err := user_model.CreateUser(db.DefaultContext, user, &user_model.Meta{})
 	assert.NoError(t, err)
 
 	timestampEnd := time.Now().Unix()
diff --git a/modules/setting/security.go b/modules/setting/security.go
index 3d7b1f9ce77..3d12fcf8d9f 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -37,6 +37,7 @@ var (
 	DisableQueryAuthToken              bool
 	CSRFCookieName                     = "_csrf"
 	CSRFCookieHTTPOnly                 = true
+	RecordUserSignupMetadata           = false
 )
 
 // loadSecret load the secret from ini by uriKey or verbatimKey, only one of them could be set
@@ -164,6 +165,8 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 	// TODO: default value should be true in future releases
 	DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false)
 
+	RecordUserSignupMetadata = sec.Key("RECORD_USER_SIGNUP_METADATA").MustBool(false)
+
 	// warn if the setting is set to false explicitly
 	if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken {
 		log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 3e2fefc6da2..b0f40084da3 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -133,7 +133,7 @@ func CreateUser(ctx *context.APIContext) {
 		u.UpdatedUnix = u.CreatedUnix
 	}
 
-	if err := user_model.AdminCreateUser(ctx, u, overwriteDefault); err != nil {
+	if err := user_model.AdminCreateUser(ctx, u, &user_model.Meta{}, overwriteDefault); err != nil {
 		if user_model.IsErrUserAlreadyExist(err) ||
 			user_model.IsErrEmailAlreadyUsed(err) ||
 			db.IsErrNameReserved(err) ||
diff --git a/routers/install/install.go b/routers/install/install.go
index fde8b37ed59..e420d36da5a 100644
--- a/routers/install/install.go
+++ b/routers/install/install.go
@@ -554,7 +554,7 @@ func SubmitInstall(ctx *context.Context) {
 			IsActive:     optional.Some(true),
 		}
 
-		if err = user_model.CreateUser(ctx, u, overwriteDefault); err != nil {
+		if err = user_model.CreateUser(ctx, u, &user_model.Meta{}, overwriteDefault); err != nil {
 			if !user_model.IsErrUserAlreadyExist(err) {
 				setting.InstallLock = false
 				ctx.Data["Err_AdminName"] = true
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 34bb1dfe26d..48ff8ea04b0 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -177,7 +177,7 @@ func NewUserPost(ctx *context.Context) {
 		u.MustChangePassword = form.MustChangePassword
 	}
 
-	if err := user_model.AdminCreateUser(ctx, u, overwriteDefault); err != nil {
+	if err := user_model.AdminCreateUser(ctx, u, &user_model.Meta{}, overwriteDefault); err != nil {
 		switch {
 		case user_model.IsErrUserAlreadyExist(err):
 			ctx.Data["Err_UserName"] = true
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index f295cf039f6..b86c1ff1c23 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -541,7 +541,11 @@ func createAndHandleCreatedUser(ctx *context.Context, tpl base.TplName, form any
 // createUserInContext creates a user and handles errors within a given context.
 // Optionally a template can be specified.
 func createUserInContext(ctx *context.Context, tpl base.TplName, form any, u *user_model.User, overwrites *user_model.CreateUserOverwriteOptions, gothUser *goth.User, allowLink bool) (ok bool) {
-	if err := user_model.CreateUser(ctx, u, overwrites); err != nil {
+	meta := &user_model.Meta{
+		InitialIP:        ctx.RemoteAddr(),
+		InitialUserAgent: ctx.Req.UserAgent(),
+	}
+	if err := user_model.CreateUser(ctx, u, meta, overwrites); err != nil {
 		if allowLink && (user_model.IsErrUserAlreadyExist(err) || user_model.IsErrEmailAlreadyUsed(err)) {
 			if setting.OAuth2Client.AccountLinking == setting.OAuth2AccountLinkingAuto {
 				var user *user_model.User
diff --git a/services/auth/reverseproxy.go b/services/auth/reverseproxy.go
index b6aeb0aed2c..36b4ef68f42 100644
--- a/services/auth/reverseproxy.go
+++ b/services/auth/reverseproxy.go
@@ -164,7 +164,7 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User {
 		IsActive: optional.Some(true),
 	}
 
-	if err := user_model.CreateUser(req.Context(), user, &overwriteDefault); err != nil {
+	if err := user_model.CreateUser(req.Context(), user, &user_model.Meta{}, &overwriteDefault); err != nil {
 		// FIXME: should I create a system notice?
 		log.Error("CreateUser: %v", err)
 		return nil
diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index 6ebd3ea50ac..01cb7437205 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -89,7 +89,7 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 			IsActive:     optional.Some(true),
 		}
 
-		err := user_model.CreateUser(ctx, user, overwriteDefault)
+		err := user_model.CreateUser(ctx, user, &user_model.Meta{}, overwriteDefault)
 		if err != nil {
 			return user, err
 		}
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
index 2a95326b9e8..a6d6d2a0f2f 100644
--- a/services/auth/source/ldap/source_sync.go
+++ b/services/auth/source/ldap/source_sync.go
@@ -129,7 +129,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 				IsActive:     optional.Some(true),
 			}
 
-			err = user_model.CreateUser(ctx, usr, overwriteDefault)
+			err = user_model.CreateUser(ctx, usr, &user_model.Meta{}, overwriteDefault)
 			if err != nil {
 				log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.authSource.Name, su.Username, err)
 			}
diff --git a/services/auth/source/oauth2/source_sync_test.go b/services/auth/source/oauth2/source_sync_test.go
index e2f04bcb256..25408e8727e 100644
--- a/services/auth/source/oauth2/source_sync_test.go
+++ b/services/auth/source/oauth2/source_sync_test.go
@@ -36,7 +36,7 @@ func TestSource(t *testing.T) {
 		Email:       "external@example.com",
 	}
 
-	err := user_model.CreateUser(context.Background(), user, &user_model.CreateUserOverwriteOptions{})
+	err := user_model.CreateUser(context.Background(), user, &user_model.Meta{}, &user_model.CreateUserOverwriteOptions{})
 	assert.NoError(t, err)
 
 	e := &user_model.ExternalLoginUser{
diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go
index addd1bd2c95..6fd02dc29f8 100644
--- a/services/auth/source/pam/source_authenticate.go
+++ b/services/auth/source/pam/source_authenticate.go
@@ -63,7 +63,7 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 		IsActive: optional.Some(true),
 	}
 
-	if err := user_model.CreateUser(ctx, user, overwriteDefault); err != nil {
+	if err := user_model.CreateUser(ctx, user, &user_model.Meta{}, overwriteDefault); err != nil {
 		return user, err
 	}
 
diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go
index 1f0a61c7891..b2e94933a6d 100644
--- a/services/auth/source/smtp/source_authenticate.go
+++ b/services/auth/source/smtp/source_authenticate.go
@@ -79,7 +79,7 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 		IsActive: optional.Some(true),
 	}
 
-	if err := user_model.CreateUser(ctx, user, overwriteDefault); err != nil {
+	if err := user_model.CreateUser(ctx, user, &user_model.Meta{}, overwriteDefault); err != nil {
 		return user, err
 	}
 
diff --git a/services/auth/sspi.go b/services/auth/sspi.go
index 64a127e97a6..7f8a03a4c67 100644
--- a/services/auth/sspi.go
+++ b/services/auth/sspi.go
@@ -176,7 +176,7 @@ func (s *SSPI) newUser(ctx context.Context, username string, cfg *sspi.Source) (
 		KeepEmailPrivate:             optional.Some(true),
 		EmailNotificationsPreference: &emailNotificationPreference,
 	}
-	if err := user_model.CreateUser(ctx, user, overwriteDefault); err != nil {
+	if err := user_model.CreateUser(ctx, user, &user_model.Meta{}, overwriteDefault); err != nil {
 		return nil, err
 	}
 
diff --git a/services/user/user_test.go b/services/user/user_test.go
index bd6019a14fd..cd0f5975015 100644
--- a/services/user/user_test.go
+++ b/services/user/user_test.go
@@ -92,7 +92,7 @@ func TestCreateUser(t *testing.T) {
 		MustChangePassword: false,
 	}
 
-	assert.NoError(t, user_model.CreateUser(db.DefaultContext, user))
+	assert.NoError(t, user_model.CreateUser(db.DefaultContext, user, &user_model.Meta{}))
 
 	assert.NoError(t, DeleteUser(db.DefaultContext, user, false))
 }
@@ -177,7 +177,7 @@ func TestCreateUser_Issue5882(t *testing.T) {
 	for _, v := range tt {
 		setting.Admin.DisableRegularOrgCreation = v.disableOrgCreation
 
-		assert.NoError(t, user_model.CreateUser(db.DefaultContext, v.user))
+		assert.NoError(t, user_model.CreateUser(db.DefaultContext, v.user, &user_model.Meta{}))
 
 		u, err := user_model.GetUserByEmail(db.DefaultContext, v.user.Email)
 		assert.NoError(t, err)

From 1620e3f03bad1feb22c8e9c3c9baf4da04aaefe5 Mon Sep 17 00:00:00 2001
From: Jason Song <i@wolfogre.com>
Date: Tue, 10 Sep 2024 05:34:42 +0800
Subject: [PATCH 067/129] Enable compression for Actions logs by default
 (#32013)

Close #31801. Follow #31761.

Since there are so many benefits of compression and there are no reports
of related issues after weeks, it should be fine to enable compression
by default.
---
 custom/conf/app.example.ini | 2 +-
 modules/setting/actions.go  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 7009df54db4..a2dd92b1051 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2695,7 +2695,7 @@ LEVEL = Info
 ;; It's always recommended to use compression when using local disk as log storage if CPU or memory is not a bottleneck.
 ;; And for object storage services like S3, which is billed for requests, it would cause extra 2 times of get requests for each log view.
 ;; But it will save storage space and network bandwidth, so it's still recommended to use compression.
-;LOG_COMPRESSION = none
+;LOG_COMPRESSION = zstd
 ;; Default artifact retention time in days. Artifacts could have their own retention periods by setting the `retention-days` option in `actions/upload-artifact` step.
 ;ARTIFACT_RETENTION_DAYS = 90
 ;; Timeout to stop the task which have running status, but haven't been updated for a long time
diff --git a/modules/setting/actions.go b/modules/setting/actions.go
index a515b1ca69f..913872eaf23 100644
--- a/modules/setting/actions.go
+++ b/modules/setting/actions.go
@@ -62,11 +62,11 @@ func (c logCompression) IsValid() bool {
 }
 
 func (c logCompression) IsNone() bool {
-	return c == "" || strings.ToLower(string(c)) == "none"
+	return strings.ToLower(string(c)) == "none"
 }
 
 func (c logCompression) IsZstd() bool {
-	return strings.ToLower(string(c)) == "zstd"
+	return c == "" || strings.ToLower(string(c)) == "zstd"
 }
 
 func loadActionsFrom(rootCfg ConfigProvider) error {

From d9a7748cdc3f13392acbde87edd18602b566c216 Mon Sep 17 00:00:00 2001
From: techknowlogick <techknowlogick@gitea.com>
Date: Mon, 9 Sep 2024 22:23:07 -0400
Subject: [PATCH 068/129] bump to go 1.23 (#31855)

---
 .devcontainer/devcontainer.json        |  4 +--
 Dockerfile                             |  2 +-
 Dockerfile.rootless                    |  2 +-
 Makefile                               |  6 ++---
 assets/go-licenses.json                |  9 +++++--
 cmd/hook.go                            |  4 +--
 go.mod                                 | 18 +++++++------
 go.sum                                 | 35 ++++++++++++++------------
 models/asymkey/gpg_key_common.go       |  4 +--
 models/db/sql_postgres_with_schema.go  |  4 +--
 models/migrations/v1_16/v189.go        |  2 +-
 models/repo/repo_list.go               |  2 +-
 modules/cache/context.go               |  3 ++-
 modules/git/log_name_status.go         |  2 +-
 modules/issue/template/template.go     |  2 +-
 modules/queue/base_channel.go          |  2 +-
 modules/storage/azureblob.go           |  2 +-
 routers/api/v1/repo/pull.go            |  2 +-
 routers/web/repo/pull.go               |  2 +-
 routers/web/repo/view.go               |  3 ++-
 routers/web/user/home.go               |  2 +-
 routers/web/user/profile.go            |  2 +-
 services/actions/notifier_helper.go    |  3 ++-
 services/automerge/automerge.go        |  2 +-
 snap/snapcraft.yaml                    |  2 +-
 tests/integration/api_releases_test.go |  6 ++---
 tests/integration/migrate_test.go      |  2 +-
 27 files changed, 71 insertions(+), 58 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 1b0255d198b..9f9f6f27d17 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,12 +1,12 @@
 {
   "name": "Gitea DevContainer",
-  "image": "mcr.microsoft.com/devcontainers/go:1.22-bullseye",
+  "image": "mcr.microsoft.com/devcontainers/go:1.23-bookworm",
   "features": {
     // installs nodejs into container
     "ghcr.io/devcontainers/features/node:1": {
       "version": "20"
     },
-    "ghcr.io/devcontainers/features/git-lfs:1.1.0": {},
+    "ghcr.io/devcontainers/features/git-lfs:1.2.2": {},
     "ghcr.io/devcontainers-contrib/features/poetry:2": {},
     "ghcr.io/devcontainers/features/python:1": {
       "version": "3.12"
diff --git a/Dockerfile b/Dockerfile
index 6621dded9d7..2a6b1dd6b7d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Build stage
-FROM docker.io/library/golang:1.22-alpine3.20 AS build-env
+FROM docker.io/library/golang:1.23-alpine3.20 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-direct}
diff --git a/Dockerfile.rootless b/Dockerfile.rootless
index 736cea5d055..26f02205a7a 100644
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,5 +1,5 @@
 # Build stage
-FROM docker.io/library/golang:1.22-alpine3.20 AS build-env
+FROM docker.io/library/golang:1.23-alpine3.20 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-direct}
diff --git a/Makefile b/Makefile
index 0f72f976734..065b66d28c6 100644
--- a/Makefile
+++ b/Makefile
@@ -23,12 +23,12 @@ SHASUM ?= shasum -a 256
 HAS_GO := $(shell hash $(GO) > /dev/null 2>&1 && echo yes)
 COMMA := ,
 
-XGO_VERSION := go-1.22.x
+XGO_VERSION := go-1.23.x
 
 AIR_PACKAGE ?= github.com/air-verse/air@v1
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.7.0
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.6.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.59.0
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.7.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.60.3
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
 MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.5.1
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0
diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index cebbe468d2b..156387eabef 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -849,6 +849,11 @@
     "path": "github.com/modern-go/reflect2/LICENSE",
     "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
   },
+  {
+    "name": "github.com/munnerz/goautoneg",
+    "path": "github.com/munnerz/goautoneg/LICENSE",
+    "licenseText": "Copyright (c) 2011, Open Knowledge Foundation Ltd.\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n    Redistributions of source code must retain the above copyright\n    notice, this list of conditions and the following disclaimer.\n\n    Redistributions in binary form must reproduce the above copyright\n    notice, this list of conditions and the following disclaimer in\n    the documentation and/or other materials provided with the\n    distribution.\n\n    Neither the name of the Open Knowledge Foundation Ltd. nor the\n    names of its contributors may be used to endorse or promote\n    products derived from this software without specific prior written\n    permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nHOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+  },
   {
     "name": "github.com/nektos/act/pkg",
     "path": "github.com/nektos/act/pkg/LICENSE",
@@ -1142,12 +1147,12 @@
   {
     "name": "golang.org/x/mod/semver",
     "path": "golang.org/x/mod/semver/LICENSE",
-    "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+    "licenseText": "Copyright 2009 The Go Authors.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google LLC nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
     "name": "golang.org/x/net",
     "path": "golang.org/x/net/LICENSE",
-    "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+    "licenseText": "Copyright 2009 The Go Authors.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google LLC nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
     "name": "golang.org/x/oauth2",
diff --git a/cmd/hook.go b/cmd/hook.go
index e8a8b1f4ad2..11d0d072c97 100644
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -542,14 +542,14 @@ Gitea or set your environment appropriately.`, "")
 
 	index := bytes.IndexByte(rs.Data, byte(0))
 	if index >= len(rs.Data) {
-		return fail(ctx, "Protocol: format error", "pkt-line: format error "+fmt.Sprint(rs.Data))
+		return fail(ctx, "Protocol: format error", "pkt-line: format error %s", rs.Data)
 	}
 
 	if index < 0 {
 		if len(rs.Data) == 10 && rs.Data[9] == '\n' {
 			index = 9
 		} else {
-			return fail(ctx, "Protocol: format error", "pkt-line: format error "+fmt.Sprint(rs.Data))
+			return fail(ctx, "Protocol: format error", "pkt-line: format error %s", rs.Data)
 		}
 	}
 
diff --git a/go.mod b/go.mod
index 29126a70bc4..ad03f6532e7 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module code.gitea.io/gitea
 
-go 1.22
+go 1.23
 
 require (
 	code.gitea.io/actions-proto-go v0.4.0
@@ -112,11 +112,11 @@ require (
 	github.com/yuin/goldmark-meta v1.1.0
 	golang.org/x/crypto v0.26.0
 	golang.org/x/image v0.18.0
-	golang.org/x/net v0.26.0
+	golang.org/x/net v0.28.0
 	golang.org/x/oauth2 v0.21.0
 	golang.org/x/sys v0.23.0
 	golang.org/x/text v0.17.0
-	golang.org/x/tools v0.22.0
+	golang.org/x/tools v0.24.0
 	google.golang.org/grpc v1.62.1
 	google.golang.org/protobuf v1.34.2
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
@@ -249,18 +249,20 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/mrjones/oauth v0.0.0-20190623134757-126b35219450 // indirect
 	github.com/mschoch/smat v0.2.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nwaples/rardecode v1.1.3 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
+	github.com/onsi/gomega v1.33.1 // indirect
 	github.com/paulmach/orb v0.11.1 // indirect
-	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_model v0.6.0 // indirect
-	github.com/prometheus/common v0.50.0 // indirect
-	github.com/prometheus/procfs v0.13.0 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rhysd/actionlint v1.7.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
@@ -300,7 +302,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f // indirect
-	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/mod v0.20.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect
diff --git a/go.sum b/go.sum
index db99b632fca..647fad6e298 100644
--- a/go.sum
+++ b/go.sum
@@ -611,6 +611,8 @@ github.com/mschoch/smat v0.2.0 h1:8imxQsjDm8yFEAVBe7azKmKSgzSkZXDuKkSq9374khM=
 github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw=
 github.com/msteinert/pam v1.2.0 h1:mYfjlvN2KYs2Pb9G6nb/1f/nPfAttT/Jee5Sq9r3bGE=
 github.com/msteinert/pam v1.2.0/go.mod h1:d2n0DCUK8rGecChV3JzvmsDjOY4R7AYbsNxAT+ftQl0=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 h1:W6apQkHrMkS0Muv8G/TipAy/FJl/rCYT0+EuS8+Z0z4=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
 github.com/niklasfasching/go-org v1.7.0 h1:vyMdcMWWTe/XmANk19F4k8XGBYg0GQ/gJGMimOjGMek=
@@ -635,8 +637,8 @@ github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
-github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
@@ -646,8 +648,8 @@ github.com/paulmach/orb v0.11.1 h1:3koVegMC4X/WeiXYz9iswopaTwMem53NzTJuTF20JzU=
 github.com/paulmach/orb v0.11.1/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
 github.com/paulmach/protoscan v0.2.1/go.mod h1:SpcSwydNLrxUGSDvXvO0P7g7AuhJ7lcKfDlhJCDw2gY=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
-github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
 github.com/pierrec/lz4/v4 v4.1.2/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
@@ -666,12 +668,12 @@ github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
 github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
 github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
-github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos=
-github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8=
-github.com/prometheus/common v0.50.0 h1:YSZE6aa9+luNa2da6/Tik0q0A5AbR+U003TItK57CPQ=
-github.com/prometheus/common v0.50.0/go.mod h1:wHFBCEVWVmHMUpg7pYcOm2QUR/ocQdYSJVQJKnHc3xQ=
-github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o=
-github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/quasoft/websspi v1.1.2 h1:/mA4w0LxWlE3novvsoEL6BBA1WnjJATbjkh1kFrTidw=
 github.com/quasoft/websspi v1.1.2/go.mod h1:HmVdl939dQ0WIXZhyik+ARdI03M6bQzaSEKcgpFmewk=
 github.com/rcrowley/go-metrics v0.0.0-20190826022208-cac0b30c2563/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
@@ -752,6 +754,7 @@ github.com/steveyen/gtreap v0.1.0/go.mod h1:kl/5J7XbrOmlIbYIXdRHDDE5QxHqpk0cmkT7
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -880,8 +883,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -899,8 +902,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
 golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -985,8 +988,8 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
+golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/models/asymkey/gpg_key_common.go b/models/asymkey/gpg_key_common.go
index 9c015582f1b..28cb8f4e766 100644
--- a/models/asymkey/gpg_key_common.go
+++ b/models/asymkey/gpg_key_common.go
@@ -114,7 +114,7 @@ func readArmoredSign(r io.Reader) (body io.Reader, err error) {
 		return nil, err
 	}
 	if block.Type != openpgp.SignatureType {
-		return nil, fmt.Errorf("expected '" + openpgp.SignatureType + "', got: " + block.Type)
+		return nil, fmt.Errorf("expected '%s', got: %s", openpgp.SignatureType, block.Type)
 	}
 	return block.Body, nil
 }
@@ -139,7 +139,7 @@ func tryGetKeyIDFromSignature(sig *packet.Signature) string {
 	if sig.IssuerKeyId != nil && (*sig.IssuerKeyId) != 0 {
 		return fmt.Sprintf("%016X", *sig.IssuerKeyId)
 	}
-	if sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) > 0 {
+	if len(sig.IssuerFingerprint) > 0 {
 		return fmt.Sprintf("%016X", sig.IssuerFingerprint[12:20])
 	}
 	return ""
diff --git a/models/db/sql_postgres_with_schema.go b/models/db/sql_postgres_with_schema.go
index ec63447f6f6..64b61b2ef34 100644
--- a/models/db/sql_postgres_with_schema.go
+++ b/models/db/sql_postgres_with_schema.go
@@ -39,7 +39,7 @@ func (d *postgresSchemaDriver) Open(name string) (driver.Conn, error) {
 
 	// golangci lint is incorrect here - there is no benefit to using driver.ExecerContext here
 	// and in any case pq does not implement it
-	if execer, ok := conn.(driver.Execer); ok { //nolint
+	if execer, ok := conn.(driver.Execer); ok { //nolint:staticcheck
 		_, err := execer.Exec(`SELECT set_config(
 			'search_path',
 			$1 || ',' || current_setting('search_path'),
@@ -64,7 +64,7 @@ func (d *postgresSchemaDriver) Open(name string) (driver.Conn, error) {
 	// driver.String.ConvertValue will never return err for string
 
 	// golangci lint is incorrect here - there is no benefit to using stmt.ExecWithContext here
-	_, err = stmt.Exec([]driver.Value{schemaValue}) //nolint
+	_, err = stmt.Exec([]driver.Value{schemaValue}) //nolint:staticcheck
 	if err != nil {
 		_ = conn.Close()
 		return nil, err
diff --git a/models/migrations/v1_16/v189.go b/models/migrations/v1_16/v189.go
index afd93b0eac1..56496450519 100644
--- a/models/migrations/v1_16/v189.go
+++ b/models/migrations/v1_16/v189.go
@@ -83,7 +83,7 @@ func UnwrapLDAPSourceCfg(x *xorm.Engine) error {
 			if err != nil {
 				return fmt.Errorf("failed to unmarshal %s: %w", source.Cfg, err)
 			}
-			if wrapped.Source != nil && len(wrapped.Source) > 0 {
+			if len(wrapped.Source) > 0 {
 				bs, err := json.Marshal(wrapped.Source)
 				if err != nil {
 					return err
diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
index e22d872ae46..1bffadbf0ae 100644
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@@ -749,7 +749,7 @@ func GetUserRepositories(ctx context.Context, opts *SearchRepoOptions) (Reposito
 		cond = cond.And(builder.Eq{"is_private": false})
 	}
 
-	if opts.LowerNames != nil && len(opts.LowerNames) > 0 {
+	if len(opts.LowerNames) > 0 {
 		cond = cond.And(builder.In("lower_name", opts.LowerNames))
 	}
 
diff --git a/modules/cache/context.go b/modules/cache/context.go
index 5cca5afd6ec..484cee659a1 100644
--- a/modules/cache/context.go
+++ b/modules/cache/context.go
@@ -109,7 +109,8 @@ func WithCacheContext(ctx context.Context) context.Context {
 			return ctx
 		}
 	}
-	return context.WithValue(ctx, cacheContextKey, &cacheContext{
+	// FIXME: review the use of this nolint directive
+	return context.WithValue(ctx, cacheContextKey, &cacheContext{ //nolint:staticcheck
 		data:    make(map[any]map[any]any),
 		created: timeNow(),
 	})
diff --git a/modules/git/log_name_status.go b/modules/git/log_name_status.go
index 9e345f3ee0e..1fd58abfcdc 100644
--- a/modules/git/log_name_status.go
+++ b/modules/git/log_name_status.go
@@ -114,7 +114,7 @@ type LogNameStatusCommitData struct {
 // Next returns the next LogStatusCommitData
 func (g *LogNameStatusRepoParser) Next(treepath string, paths2ids map[string]int, changed []bool, maxpathlen int) (*LogNameStatusCommitData, error) {
 	var err error
-	if g.next == nil || len(g.next) == 0 {
+	if len(g.next) == 0 {
 		g.buffull = false
 		g.next, err = g.rd.ReadSlice('\x00')
 		if err != nil {
diff --git a/modules/issue/template/template.go b/modules/issue/template/template.go
index 0a105c723c1..a2b9d6b33e3 100644
--- a/modules/issue/template/template.go
+++ b/modules/issue/template/template.go
@@ -401,7 +401,7 @@ func (f *valuedField) Render() string {
 }
 
 func (f *valuedField) Value() string {
-	return strings.TrimSpace(f.Get(fmt.Sprintf("form-field-" + f.ID)))
+	return strings.TrimSpace(f.Get(fmt.Sprintf("form-field-%s", f.ID)))
 }
 
 func (f *valuedField) Options() []*valuedOption {
diff --git a/modules/queue/base_channel.go b/modules/queue/base_channel.go
index d03c72bdaef..dd8ccb15f44 100644
--- a/modules/queue/base_channel.go
+++ b/modules/queue/base_channel.go
@@ -120,7 +120,7 @@ func (q *baseChannel) RemoveAll(ctx context.Context) error {
 	q.mu.Lock()
 	defer q.mu.Unlock()
 
-	for q.c != nil && len(q.c) > 0 {
+	for len(q.c) > 0 {
 		<-q.c
 	}
 
diff --git a/modules/storage/azureblob.go b/modules/storage/azureblob.go
index 211522c5bba..568227ca478 100644
--- a/modules/storage/azureblob.go
+++ b/modules/storage/azureblob.go
@@ -114,7 +114,7 @@ func convertAzureBlobErr(err error) error {
 	if !errors.As(err, &respErr) {
 		return err
 	}
-	return fmt.Errorf(respErr.ErrorCode)
+	return fmt.Errorf("%s", respErr.ErrorCode)
 }
 
 // NewAzureBlobStorage returns a azure blob storage
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index de67057fddc..7eb4a8b8a2d 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -766,7 +766,7 @@ func EditPullRequest(ctx *context.APIContext) {
 	// update allow edits
 	if form.AllowMaintainerEdit != nil {
 		if err := pull_service.SetAllowEdits(ctx, ctx.Doer, pr, *form.AllowMaintainerEdit); err != nil {
-			if errors.Is(pull_service.ErrUserHasNoPermissionForAction, err) {
+			if errors.Is(err, pull_service.ErrUserHasNoPermissionForAction) {
 				ctx.Error(http.StatusForbidden, "SetAllowEdits", fmt.Sprintf("SetAllowEdits: %s", err))
 				return
 			}
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index e001e872aa8..7187a35e0e7 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -1625,7 +1625,7 @@ func SetAllowEdits(ctx *context.Context) {
 	}
 
 	if err := pull_service.SetAllowEdits(ctx, ctx.Doer, pr, form.AllowMaintainerEdit); err != nil {
-		if errors.Is(pull_service.ErrUserHasNoPermissionForAction, err) {
+		if errors.Is(err, pull_service.ErrUserHasNoPermissionForAction) {
 			ctx.Error(http.StatusForbidden)
 			return
 		}
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 5e673864578..12d202e4a0d 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -8,6 +8,7 @@ import (
 	"bytes"
 	gocontext "context"
 	"encoding/base64"
+	"errors"
 	"fmt"
 	"html/template"
 	"image"
@@ -739,7 +740,7 @@ func checkHomeCodeViewable(ctx *context.Context) {
 		}
 	}
 
-	ctx.NotFound("Home", fmt.Errorf(ctx.Locale.TrString("units.error.no_unit_allowed_repo")))
+	ctx.NotFound("Home", errors.New(ctx.Locale.TrString("units.error.no_unit_allowed_repo")))
 }
 
 func checkCitationFile(ctx *context.Context, entry *git.TreeEntry) {
diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index 2ecc2cc8d13..2b16142f6d5 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -730,7 +730,7 @@ func UsernameSubRoute(ctx *context.Context) {
 
 		// check view permissions
 		if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
-			ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
+			ctx.NotFound("user", fmt.Errorf("%s", ctx.ContextUser.Name))
 			return false
 		}
 		return true
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index 5748ce45ab3..d0abf603c31 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -54,7 +54,7 @@ func OwnerProfile(ctx *context.Context) {
 func userProfile(ctx *context.Context) {
 	// check view permissions
 	if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
-		ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
+		ctx.NotFound("user", fmt.Errorf("%s", ctx.ContextUser.Name))
 		return
 	}
 
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 0030ef9a916..b21d889d036 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -43,7 +43,8 @@ func withMethod(ctx context.Context, method string) context.Context {
 			return ctx
 		}
 	}
-	return context.WithValue(ctx, methodCtxKey, method)
+	// FIXME: review the use of this nolint directive
+	return context.WithValue(ctx, methodCtxKey, method) //nolint:staticcheck
 }
 
 // getMethod gets the notification method that this context currently executes.
diff --git a/services/automerge/automerge.go b/services/automerge/automerge.go
index ed7a0141b9f..a1ee204882f 100644
--- a/services/automerge/automerge.go
+++ b/services/automerge/automerge.go
@@ -288,7 +288,7 @@ func handlePullRequestAutoMerge(pullID int64, sha string) {
 	}
 
 	if err := pull_service.CheckPullMergeable(ctx, doer, &perm, pr, pull_service.MergeCheckTypeGeneral, false); err != nil {
-		if errors.Is(pull_service.ErrUserNotAllowedToMerge, err) {
+		if errors.Is(err, pull_service.ErrUserNotAllowedToMerge) {
 			log.Info("%-v was scheduled to automerge by an unauthorized user", pr)
 			return
 		}
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 4c09a9d588d..a0a85d85af0 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -44,7 +44,7 @@ parts:
     source: .
     stage-packages: [ git, sqlite3, openssh-client ]
     build-packages: [ git, libpam0g-dev, libsqlite3-dev, build-essential]
-    build-snaps: [ go/1.22/stable, node/20/stable ]
+    build-snaps: [ go/1.23/stable, node/20/stable ]
     build-environment:
       - LDFLAGS: ""
     override-pull: |
diff --git a/tests/integration/api_releases_test.go b/tests/integration/api_releases_test.go
index 0b336a90e22..d912452802a 100644
--- a/tests/integration/api_releases_test.go
+++ b/tests/integration/api_releases_test.go
@@ -260,17 +260,17 @@ func TestAPIDeleteReleaseByTagName(t *testing.T) {
 	createNewReleaseUsingAPI(t, token, owner, repo, "release-tag", "", "Release Tag", "test")
 
 	// delete release
-	req := NewRequestf(t, http.MethodDelete, fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/release-tag", owner.Name, repo.Name)).
+	req := NewRequestf(t, http.MethodDelete, "/api/v1/repos/%s/%s/releases/tags/release-tag", owner.Name, repo.Name).
 		AddTokenAuth(token)
 	_ = MakeRequest(t, req, http.StatusNoContent)
 
 	// make sure release is deleted
-	req = NewRequestf(t, http.MethodDelete, fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/release-tag", owner.Name, repo.Name)).
+	req = NewRequestf(t, http.MethodDelete, "/api/v1/repos/%s/%s/releases/tags/release-tag", owner.Name, repo.Name).
 		AddTokenAuth(token)
 	_ = MakeRequest(t, req, http.StatusNotFound)
 
 	// delete release tag too
-	req = NewRequestf(t, http.MethodDelete, fmt.Sprintf("/api/v1/repos/%s/%s/tags/release-tag", owner.Name, repo.Name)).
+	req = NewRequestf(t, http.MethodDelete, "/api/v1/repos/%s/%s/tags/release-tag", owner.Name, repo.Name).
 		AddTokenAuth(token)
 	_ = MakeRequest(t, req, http.StatusNoContent)
 }
diff --git a/tests/integration/migrate_test.go b/tests/integration/migrate_test.go
index 2f44de8a4f0..4c784dd22b9 100644
--- a/tests/integration/migrate_test.go
+++ b/tests/integration/migrate_test.go
@@ -72,7 +72,7 @@ func TestMigrateGiteaForm(t *testing.T) {
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeReadMisc)
 
 		// Step 0: verify the repo is available
-		req := NewRequestf(t, "GET", fmt.Sprintf("/%s/%s", ownerName, repoName))
+		req := NewRequestf(t, "GET", "/%s/%s", ownerName, repoName)
 		_ = session.MakeRequest(t, req, http.StatusOK)
 		// Step 1: get the Gitea migration form
 		req = NewRequestf(t, "GET", "/repo/migrate/?service_type=%d", structs.GiteaService)

From def1c9670b5f8d5cc967bea61255fb3935dd5f50 Mon Sep 17 00:00:00 2001
From: Zettat123 <zettat123@gmail.com>
Date: Wed, 11 Sep 2024 07:49:42 +0800
Subject: [PATCH 069/129] Support migration from AWS CodeCommit (#31981)

This PR adds support for migrating repos from [AWS
CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html).

The access key ID and secret access key are required to get repository
information and pull requests. And [HTTPS Git
credentials](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html)
are required to clone the repository.

<img
src="https://github.com/user-attachments/assets/82ecb2d0-8d43-42b0-b5af-f5347a13b9d0"
width="680" />

The AWS CodeCommit icon is from [AWS Architecture
Icons](https://aws.amazon.com/architecture/icons/).

<img
src="https://github.com/user-attachments/assets/3c44d21f-d753-40f5-9eae-5d3589e0d50d"
width="320" />
---
 assets/go-licenses.json                    |  50 ++++
 go.mod                                     |   7 +
 go.sum                                     |  18 ++
 modules/migration/options.go               |   3 +
 modules/structs/repo.go                    |  25 +-
 options/locale/locale_en-US.ini            |   5 +
 public/assets/img/svg/gitea-codecommit.svg |   1 +
 routers/api/v1/repo/migrate.go             |   4 +
 routers/web/repo/migrate.go                |   4 +
 services/convert/utils.go                  |   2 +
 services/forms/repo_form.go                |   3 +
 services/migrations/codecommit.go          | 269 +++++++++++++++++++++
 templates/repo/migrate/codecommit.tmpl     | 117 +++++++++
 templates/swagger/v1_json.tmpl             |   8 +
 web_src/svg/gitea-codecommit.svg           |   6 +
 15 files changed, 513 insertions(+), 9 deletions(-)
 create mode 100644 public/assets/img/svg/gitea-codecommit.svg
 create mode 100644 services/migrations/codecommit.go
 create mode 100644 templates/repo/migrate/codecommit.tmpl
 create mode 100644 web_src/svg/gitea-codecommit.svg

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 156387eabef..0181fd68ae7 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -149,6 +149,56 @@
     "path": "github.com/anmitsu/go-shlex/LICENSE",
     "licenseText": "Copyright (c) anmitsu \u003canmitsu.s@gmail.com\u003e\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE\nLIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\nOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\nWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
   },
+  {
+    "name": "github.com/aws/aws-sdk-go-v2",
+    "path": "github.com/aws/aws-sdk-go-v2/LICENSE.txt",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
+  {
+    "name": "github.com/aws/aws-sdk-go-v2/credentials",
+    "path": "github.com/aws/aws-sdk-go-v2/credentials/LICENSE.txt",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
+  {
+    "name": "github.com/aws/aws-sdk-go-v2/internal/configsources",
+    "path": "github.com/aws/aws-sdk-go-v2/internal/configsources/LICENSE.txt",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
+  {
+    "name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2",
+    "path": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/LICENSE.txt",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
+  {
+    "name": "github.com/aws/aws-sdk-go-v2/internal/sync/singleflight",
+    "path": "github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE",
+    "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n"
+  },
+  {
+    "name": "github.com/aws/aws-sdk-go-v2/service/codecommit",
+    "path": "github.com/aws/aws-sdk-go-v2/service/codecommit/LICENSE.txt",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
+  {
+    "name": "github.com/aws/aws-sdk-go",
+    "path": "github.com/aws/aws-sdk-go/LICENSE.txt",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
+  {
+    "name": "github.com/aws/aws-sdk-go/internal/sync/singleflight",
+    "path": "github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE",
+    "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+  },
+  {
+    "name": "github.com/aws/smithy-go",
+    "path": "github.com/aws/smithy-go/LICENSE",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n"
+  },
+  {
+    "name": "github.com/aws/smithy-go/internal/sync/singleflight",
+    "path": "github.com/aws/smithy-go/internal/sync/singleflight/LICENSE",
+    "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n"
+  },
   {
     "name": "github.com/aymerick/douceur",
     "path": "github.com/aymerick/douceur/LICENSE",
diff --git a/go.mod b/go.mod
index ad03f6532e7..fae080f12f2 100644
--- a/go.mod
+++ b/go.mod
@@ -23,6 +23,9 @@ require (
 	github.com/PuerkitoBio/goquery v1.9.2
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
 	github.com/alecthomas/chroma/v2 v2.14.0
+	github.com/aws/aws-sdk-go v1.43.21
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.30
+	github.com/aws/aws-sdk-go-v2/service/codecommit v1.25.1
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
 	github.com/blevesearch/bleve/v2 v2.4.2
 	github.com/buildkite/terminal-to-html/v3 v3.12.1
@@ -146,6 +149,10 @@ require (
 	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.30.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16 // indirect
+	github.com/aws/smithy-go v1.20.4 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.13.0 // indirect
diff --git a/go.sum b/go.sum
index 647fad6e298..690e1301b76 100644
--- a/go.sum
+++ b/go.sum
@@ -109,6 +109,20 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/aws/aws-sdk-go v1.43.21 h1:E4S2eX3d2gKJyI/ISrcIrSwXwqjIvCK85gtBMt4sAPE=
+github.com/aws/aws-sdk-go v1.43.21/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go-v2 v1.30.4 h1:frhcagrVNrzmT95RJImMHgabt99vkXGslubDaDagTk8=
+github.com/aws/aws-sdk-go-v2 v1.30.4/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.30 h1:aau/oYFtibVovr2rDt8FHlU17BTicFEMAi29V1U+L5Q=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.30/go.mod h1:BPJ/yXV92ZVq6G8uYvbU0gSl8q94UB63nMT5ctNO38g=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16 h1:TNyt/+X43KJ9IJJMjKfa3bNTiZbUP7DeCxfbTROESwY=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16/go.mod h1:2DwJF39FlNAUiX5pAc0UNeiz16lK2t7IaFcm0LFHEgc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16 h1:jYfy8UPmd+6kJW5YhY0L1/KftReOGxI/4NtVSTh9O/I=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16/go.mod h1:7ZfEPZxkW42Afq4uQB8H2E2e6ebh6mXTueEpYzjCzcs=
+github.com/aws/aws-sdk-go-v2/service/codecommit v1.25.1 h1:mOOALIM4JzhYkq3voCBbmZqmyEVEhHsfasMTbVxLkNs=
+github.com/aws/aws-sdk-go-v2/service/codecommit v1.25.1/go.mod h1:6zf5j3mIUXKM0s2iz5ttR2Qwq+o47D0jotpAyaKgZRA=
+github.com/aws/smithy-go v1.20.4 h1:2HK1zBdPgRbjFOHlfeQZfpC4r72MOb9bZkiFwggKO+4=
+github.com/aws/smithy-go v1.20.4/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -504,6 +518,9 @@ github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LF
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jhillyerd/enmime v1.2.0 h1:dIu1IPEymQgoT2dzuB//ttA/xcV40NMPpQtmd4wslHk=
 github.com/jhillyerd/enmime v1.2.0/go.mod h1:FRFuUPCLh8PByQv+8xRcLO9QHqaqTqreYhopv5eyk4I=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -894,6 +911,7 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
diff --git a/modules/migration/options.go b/modules/migration/options.go
index 234e72c295e..163aa0cfaaa 100644
--- a/modules/migration/options.go
+++ b/modules/migration/options.go
@@ -38,4 +38,7 @@ type MigrateOptions struct {
 	ReleaseAssets   bool
 	MigrateToRepoID int64
 	MirrorInterval  string `json:"mirror_interval"`
+
+	AWSAccessKeyID     string
+	AWSSecretAccessKey string
 }
diff --git a/modules/structs/repo.go b/modules/structs/repo.go
index 444967c3e75..fd27df384da 100644
--- a/modules/structs/repo.go
+++ b/modules/structs/repo.go
@@ -291,15 +291,16 @@ type GitServiceType int
 
 // enumerate all GitServiceType
 const (
-	NotMigrated      GitServiceType = iota // 0 not migrated from external sites
-	PlainGitService                        // 1 plain git service
-	GithubService                          // 2 github.com
-	GiteaService                           // 3 gitea service
-	GitlabService                          // 4 gitlab service
-	GogsService                            // 5 gogs service
-	OneDevService                          // 6 onedev service
-	GitBucketService                       // 7 gitbucket service
-	CodebaseService                        // 8 codebase service
+	NotMigrated       GitServiceType = iota // 0 not migrated from external sites
+	PlainGitService                         // 1 plain git service
+	GithubService                           // 2 github.com
+	GiteaService                            // 3 gitea service
+	GitlabService                           // 4 gitlab service
+	GogsService                             // 5 gogs service
+	OneDevService                           // 6 onedev service
+	GitBucketService                        // 7 gitbucket service
+	CodebaseService                         // 8 codebase service
+	CodeCommitService                       // 9 codecommit service
 )
 
 // Name represents the service type's name
@@ -325,6 +326,8 @@ func (gt GitServiceType) Title() string {
 		return "GitBucket"
 	case CodebaseService:
 		return "Codebase"
+	case CodeCommitService:
+		return "CodeCommit"
 	case PlainGitService:
 		return "Git"
 	}
@@ -361,6 +364,9 @@ type MigrateRepoOptions struct {
 	PullRequests   bool   `json:"pull_requests"`
 	Releases       bool   `json:"releases"`
 	MirrorInterval string `json:"mirror_interval"`
+
+	AWSAccessKeyID     string `json:"aws_access_key_id"`
+	AWSSecretAccessKey string `json:"aws_secret_access_key"`
 }
 
 // TokenAuth represents whether a service type supports token-based auth
@@ -382,6 +388,7 @@ var SupportedFullGitService = []GitServiceType{
 	OneDevService,
 	GitBucketService,
 	CodebaseService,
+	CodeCommitService,
 }
 
 // RepoTransfer represents a pending repo transfer
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 7d8eb1a4753..818a8aa5b0d 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1176,6 +1176,11 @@ migrate.gogs.description = Migrate data from notabug.org or other Gogs instances
 migrate.onedev.description = Migrate data from code.onedev.io or other OneDev instances.
 migrate.codebase.description = Migrate data from codebasehq.com.
 migrate.gitbucket.description = Migrate data from GitBucket instances.
+migrate.codecommit.description = Migrate data from AWS CodeCommit.
+migrate.codecommit.aws_access_key_id = AWS Access Key ID
+migrate.codecommit.aws_secret_access_key = AWS Secret Access Key
+migrate.codecommit.https_git_credentials_username = HTTPS Git Credentials Username
+migrate.codecommit.https_git_credentials_password = HTTPS Git Credentials Password
 migrate.migrating_git = Migrating Git Data
 migrate.migrating_topics = Migrating Topics
 migrate.migrating_milestones = Migrating Milestones
diff --git a/public/assets/img/svg/gitea-codecommit.svg b/public/assets/img/svg/gitea-codecommit.svg
new file mode 100644
index 00000000000..b44847d9e13
--- /dev/null
+++ b/public/assets/img/svg/gitea-codecommit.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="-10 -10 100 100" class="svg gitea-codecommit" width="16" height="16" aria-hidden="true"><g fill="none" fill-rule="evenodd"><path fill="#C925D1" d="M0 0h80v80H0z"/><path fill="#FFF" d="M26.628 28.105h-2.017v-6.982c0-.558.36-.99.926-.99l7.144-.007v1.994H27.95l4.862 4.819-1.445 1.434-4.806-4.728zm28.07 10.867 1.869.827-6.541 14.446-1.868-.827zm1.311 10.493 4.003-2.89-3.526-3.535 1.458-1.422 4.36 4.373a1.002 1.002 0 0 1-.126 1.527l-4.963 3.58zm-9.043-8.802 1.205 1.633-4.061 2.932 3.538 3.536-1.454 1.424-4.374-4.373a1 1 0 0 1 .124-1.528zM69 24.13v42.858c0 .56-.458 1.012-1.024 1.012h-31.26c-.272 0-.53-.107-.723-.297a.96.96 0 0 1-.285-.7V55.034h2.018v10.971h29.256V25.113H37.726v-1.995h30.25c.566 0 1.024.453 1.024 1.012M33.182 34.588c0-1.927 1.585-3.495 3.535-3.495s3.535 1.568 3.535 3.495-1.585 3.495-3.535 3.495-3.535-1.568-3.535-3.495M17.549 66.009c-1.95 0-3.535-1.568-3.535-3.495s1.585-3.494 3.535-3.494 3.535 1.567 3.535 3.494-1.585 3.495-3.535 3.495m-3.535-23.442c0-1.927 1.585-3.495 3.535-3.495 1.982 0 3.535 1.535 3.535 3.495 0 1.927-1.585 3.495-3.535 3.495s-3.535-1.568-3.535-3.495m.004-25.081c0-1.925 1.584-3.491 3.53-3.491 1.948 0 3.532 1.566 3.532 3.49s-1.584 3.491-3.531 3.491-3.531-1.566-3.531-3.49m23.708 29.762v-7.276c2.57-.477 4.535-2.708 4.535-5.384 0-3.022-2.487-5.482-5.544-5.482s-5.545 2.46-5.545 5.482c0 2.676 1.966 4.907 4.536 5.384v7.276c0 1.163-.786 2.218-1.98 2.686l-10.451 4.1c-1.673.657-2.903 1.948-3.434 3.496-.433-.195-.801-.336-1.285-.416v-9.146c2.623-.433 4.535-2.687 4.535-5.401 0-2.764-1.878-4.972-4.535-5.393V22.889c2.626-.431 4.54-2.688 4.54-5.403 0-3.025-2.49-5.486-5.55-5.486S12 14.46 12 17.486c0 2.64 2.022 4.85 4.54 5.369v14.347c-2.515.518-4.536 2.727-4.536 5.365s2.02 4.846 4.536 5.365v9.217c-2.515.52-4.536 2.727-4.536 5.365 0 3.022 2.488 5.482 5.545 5.482s5.544-2.46 5.544-5.482a5.43 5.43 0 0 0-1.458-3.693c.167-1.27 1.066-2.384 2.397-2.905l10.45-4.1c1.98-.777 3.244-2.57 3.244-4.568"/></g></svg>
\ No newline at end of file
diff --git a/routers/api/v1/repo/migrate.go b/routers/api/v1/repo/migrate.go
index 14c8c01f4e8..dcbd8f3dd50 100644
--- a/routers/api/v1/repo/migrate.go
+++ b/routers/api/v1/repo/migrate.go
@@ -169,6 +169,10 @@ func Migrate(ctx *context.APIContext) {
 		opts.PullRequests = false
 		opts.Releases = false
 	}
+	if gitServiceType == api.CodeCommitService {
+		opts.AWSAccessKeyID = form.AWSAccessKeyID
+		opts.AWSSecretAccessKey = form.AWSSecretAccessKey
+	}
 
 	repo, err := repo_service.CreateRepositoryDirectly(ctx, ctx.Doer, repoOwner, repo_service.CreateRepoOptions{
 		Name:           opts.RepoName,
diff --git a/routers/web/repo/migrate.go b/routers/web/repo/migrate.go
index 97b0c425ea3..31a65c65ea2 100644
--- a/routers/web/repo/migrate.go
+++ b/routers/web/repo/migrate.go
@@ -231,6 +231,10 @@ func MigratePost(ctx *context.Context) {
 		opts.PullRequests = false
 		opts.Releases = false
 	}
+	if form.Service == structs.CodeCommitService {
+		opts.AWSAccessKeyID = form.AWSAccessKeyID
+		opts.AWSSecretAccessKey = form.AWSSecretAccessKey
+	}
 
 	err = repo_model.CheckCreateRepository(ctx, ctx.Doer, ctxUser, opts.RepoName, false)
 	if err != nil {
diff --git a/services/convert/utils.go b/services/convert/utils.go
index cdce60831c9..5e9d32cc8ed 100644
--- a/services/convert/utils.go
+++ b/services/convert/utils.go
@@ -36,6 +36,8 @@ func ToGitServiceType(value string) structs.GitServiceType {
 		return structs.OneDevService
 	case "gitbucket":
 		return structs.GitBucketService
+	case "codecommit":
+		return structs.CodeCommitService
 	default:
 		return structs.PlainGitService
 	}
diff --git a/services/forms/repo_form.go b/services/forms/repo_form.go
index a2c2af3facd..988e479a481 100644
--- a/services/forms/repo_form.go
+++ b/services/forms/repo_form.go
@@ -79,6 +79,9 @@ type MigrateRepoForm struct {
 	PullRequests   bool   `json:"pull_requests"`
 	Releases       bool   `json:"releases"`
 	MirrorInterval string `json:"mirror_interval"`
+
+	AWSAccessKeyID     string `json:"aws_access_key_id"`
+	AWSSecretAccessKey string `json:"aws_secret_access_key"`
 }
 
 // Validate validates the fields
diff --git a/services/migrations/codecommit.go b/services/migrations/codecommit.go
new file mode 100644
index 00000000000..ccda62fc3d9
--- /dev/null
+++ b/services/migrations/codecommit.go
@@ -0,0 +1,269 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package migrations
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strconv"
+	"strings"
+
+	git_module "code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	base "code.gitea.io/gitea/modules/migration"
+	"code.gitea.io/gitea/modules/structs"
+
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/aws/aws-sdk-go-v2/service/codecommit"
+	"github.com/aws/aws-sdk-go-v2/service/codecommit/types"
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+var (
+	_ base.Downloader        = &CodeCommitDownloader{}
+	_ base.DownloaderFactory = &CodeCommitDownloaderFactory{}
+)
+
+func init() {
+	RegisterDownloaderFactory(&CodeCommitDownloaderFactory{})
+}
+
+// CodeCommitDownloaderFactory defines a codecommit downloader factory
+type CodeCommitDownloaderFactory struct{}
+
+// New returns a Downloader related to this factory according MigrateOptions
+func (c *CodeCommitDownloaderFactory) New(ctx context.Context, opts base.MigrateOptions) (base.Downloader, error) {
+	u, err := url.Parse(opts.CloneAddr)
+	if err != nil {
+		return nil, err
+	}
+
+	hostElems := strings.Split(u.Host, ".")
+	if len(hostElems) != 4 {
+		return nil, fmt.Errorf("cannot get the region from clone URL")
+	}
+	region := hostElems[1]
+
+	pathElems := strings.Split(u.Path, "/")
+	if len(pathElems) == 0 {
+		return nil, fmt.Errorf("cannot get the repo name from clone URL")
+	}
+	repoName := pathElems[len(pathElems)-1]
+
+	baseURL := u.Scheme + "://" + u.Host
+
+	return NewCodeCommitDownloader(ctx, repoName, baseURL, opts.AWSAccessKeyID, opts.AWSSecretAccessKey, region), nil
+}
+
+// GitServiceType returns the type of git service
+func (c *CodeCommitDownloaderFactory) GitServiceType() structs.GitServiceType {
+	return structs.CodeCommitService
+}
+
+func NewCodeCommitDownloader(ctx context.Context, repoName, baseURL, accessKeyID, secretAccessKey, region string) *CodeCommitDownloader {
+	downloader := CodeCommitDownloader{
+		ctx:      ctx,
+		repoName: repoName,
+		baseURL:  baseURL,
+		codeCommitClient: codecommit.New(codecommit.Options{
+			Credentials: credentials.NewStaticCredentialsProvider(accessKeyID, secretAccessKey, ""),
+			Region:      region,
+		}),
+	}
+
+	return &downloader
+}
+
+// CodeCommitDownloader implements a downloader for AWS CodeCommit
+type CodeCommitDownloader struct {
+	base.NullDownloader
+	ctx               context.Context
+	codeCommitClient  *codecommit.Client
+	repoName          string
+	baseURL           string
+	allPullRequestIDs []string
+}
+
+// SetContext set context
+func (c *CodeCommitDownloader) SetContext(ctx context.Context) {
+	c.ctx = ctx
+}
+
+// GetRepoInfo returns a repository information
+func (c *CodeCommitDownloader) GetRepoInfo() (*base.Repository, error) {
+	output, err := c.codeCommitClient.GetRepository(c.ctx, &codecommit.GetRepositoryInput{
+		RepositoryName: aws.String(c.repoName),
+	})
+	if err != nil {
+		return nil, err
+	}
+	repoMeta := output.RepositoryMetadata
+
+	repo := &base.Repository{
+		Name:      *repoMeta.RepositoryName,
+		Owner:     *repoMeta.AccountId,
+		IsPrivate: true, // CodeCommit repos are always private
+		CloneURL:  *repoMeta.CloneUrlHttp,
+	}
+	if repoMeta.DefaultBranch != nil {
+		repo.DefaultBranch = *repoMeta.DefaultBranch
+	}
+	if repoMeta.RepositoryDescription != nil {
+		repo.DefaultBranch = *repoMeta.RepositoryDescription
+	}
+	return repo, nil
+}
+
+// GetComments returns comments of an issue or PR
+func (c *CodeCommitDownloader) GetComments(commentable base.Commentable) ([]*base.Comment, bool, error) {
+	var (
+		nextToken *string
+		comments  []*base.Comment
+	)
+
+	for {
+		resp, err := c.codeCommitClient.GetCommentsForPullRequest(c.ctx, &codecommit.GetCommentsForPullRequestInput{
+			NextToken:     nextToken,
+			PullRequestId: aws.String(strconv.FormatInt(commentable.GetForeignIndex(), 10)),
+		})
+		if err != nil {
+			return nil, false, err
+		}
+
+		for _, prComment := range resp.CommentsForPullRequestData {
+			for _, ccComment := range prComment.Comments {
+				comment := &base.Comment{
+					IssueIndex: commentable.GetForeignIndex(),
+					PosterName: c.getUsernameFromARN(*ccComment.AuthorArn),
+					Content:    *ccComment.Content,
+					Created:    *ccComment.CreationDate,
+					Updated:    *ccComment.LastModifiedDate,
+				}
+				comments = append(comments, comment)
+			}
+		}
+
+		nextToken = resp.NextToken
+		if nextToken == nil {
+			break
+		}
+	}
+
+	return comments, true, nil
+}
+
+// GetPullRequests returns pull requests according page and perPage
+func (c *CodeCommitDownloader) GetPullRequests(page, perPage int) ([]*base.PullRequest, bool, error) {
+	allPullRequestIDs, err := c.getAllPullRequestIDs()
+	if err != nil {
+		return nil, false, err
+	}
+
+	startIndex := (page - 1) * perPage
+	endIndex := page * perPage
+	if endIndex > len(allPullRequestIDs) {
+		endIndex = len(allPullRequestIDs)
+	}
+	batch := allPullRequestIDs[startIndex:endIndex]
+
+	prs := make([]*base.PullRequest, 0, len(batch))
+	for _, id := range batch {
+		output, err := c.codeCommitClient.GetPullRequest(c.ctx, &codecommit.GetPullRequestInput{
+			PullRequestId: aws.String(id),
+		})
+		if err != nil {
+			return nil, false, err
+		}
+		orig := output.PullRequest
+		number, err := strconv.ParseInt(*orig.PullRequestId, 10, 64)
+		if err != nil {
+			log.Error("CodeCommit pull request id is not a number: %s", *orig.PullRequestId)
+			continue
+		}
+		if len(orig.PullRequestTargets) == 0 {
+			log.Error("CodeCommit pull request does not contain targets", *orig.PullRequestId)
+			continue
+		}
+		target := orig.PullRequestTargets[0]
+		pr := &base.PullRequest{
+			Number:     number,
+			Title:      *orig.Title,
+			PosterName: c.getUsernameFromARN(*orig.AuthorArn),
+			Content:    *orig.Description,
+			State:      "open",
+			Created:    *orig.CreationDate,
+			Updated:    *orig.LastActivityDate,
+			Merged:     target.MergeMetadata.IsMerged,
+			Head: base.PullRequestBranch{
+				Ref:      strings.TrimPrefix(*target.SourceReference, git_module.BranchPrefix),
+				SHA:      *target.SourceCommit,
+				RepoName: c.repoName,
+			},
+			Base: base.PullRequestBranch{
+				Ref:      strings.TrimPrefix(*target.DestinationReference, git_module.BranchPrefix),
+				SHA:      *target.DestinationCommit,
+				RepoName: c.repoName,
+			},
+			ForeignIndex: number,
+		}
+
+		if orig.PullRequestStatus == types.PullRequestStatusEnumClosed {
+			pr.State = "closed"
+			pr.Closed = orig.LastActivityDate
+		}
+
+		_ = CheckAndEnsureSafePR(pr, c.baseURL, c)
+		prs = append(prs, pr)
+	}
+
+	return prs, len(prs) < perPage, nil
+}
+
+// FormatCloneURL add authentication into remote URLs
+func (c *CodeCommitDownloader) FormatCloneURL(opts MigrateOptions, remoteAddr string) (string, error) {
+	u, err := url.Parse(remoteAddr)
+	if err != nil {
+		return "", err
+	}
+	u.User = url.UserPassword(opts.AuthUsername, opts.AuthPassword)
+	return u.String(), nil
+}
+
+func (c *CodeCommitDownloader) getAllPullRequestIDs() ([]string, error) {
+	if len(c.allPullRequestIDs) > 0 {
+		return c.allPullRequestIDs, nil
+	}
+
+	var (
+		nextToken *string
+		prIDs     []string
+	)
+
+	for {
+		output, err := c.codeCommitClient.ListPullRequests(c.ctx, &codecommit.ListPullRequestsInput{
+			RepositoryName: aws.String(c.repoName),
+			NextToken:      nextToken,
+		})
+		if err != nil {
+			return nil, err
+		}
+		prIDs = append(prIDs, output.PullRequestIds...)
+		nextToken = output.NextToken
+		if nextToken == nil {
+			break
+		}
+	}
+
+	c.allPullRequestIDs = prIDs
+	return c.allPullRequestIDs, nil
+}
+
+func (c *CodeCommitDownloader) getUsernameFromARN(arn string) string {
+	parts := strings.Split(arn, "/")
+	if len(parts) > 0 {
+		return parts[len(parts)-1]
+	}
+	return ""
+}
diff --git a/templates/repo/migrate/codecommit.tmpl b/templates/repo/migrate/codecommit.tmpl
new file mode 100644
index 00000000000..d1cebd0e485
--- /dev/null
+++ b/templates/repo/migrate/codecommit.tmpl
@@ -0,0 +1,117 @@
+{{template "base/head" .}}
+<div role="main" aria-label="{{.Title}}" class="page-content repository new migrate">
+	<div class="ui middle very relaxed page grid">
+		<div class="column">
+			<form class="ui form" action="{{.Link}}" method="post">
+				{{template "base/disable_form_autofill"}}
+				{{.CsrfTokenHtml}}
+				<h3 class="ui top attached header">
+					{{ctx.Locale.Tr "repo.migrate.migrate" .service.Title}}
+					<input id="service_type" type="hidden" name="service" value="{{.service}}">
+				</h3>
+				<div class="ui attached segment">
+					{{template "base/alert" .}}
+					<div class="inline required field {{if .Err_CloneAddr}}error{{end}}">
+						<label for="clone_addr">{{ctx.Locale.Tr "repo.migrate.clone_address"}}</label>
+						<input id="clone_addr" name="clone_addr" value="{{.clone_addr}}" autofocus required>
+						<span class="help">
+						{{ctx.Locale.Tr "repo.migrate.clone_address_desc"}}{{if .ContextUser.CanImportLocal}} {{ctx.Locale.Tr "repo.migrate.clone_local_path"}}{{end}}
+						</span>
+					</div>
+
+					<div class="inline required field {{if .Err_Auth}}error{{end}}">
+						<label for="aws_access_key_id">{{ctx.Locale.Tr "repo.migrate.codecommit.aws_access_key_id"}}</label>
+						<input id="aws_access_key_id" name="aws_access_key_id" value="{{.aws_access_key_id}}" required>
+					</div>
+					<div class="inline required field {{if .Err_Auth}}error{{end}}">
+						<label for="aws_secret_access_key">{{ctx.Locale.Tr "repo.migrate.codecommit.aws_secret_access_key"}}</label>
+						<input id="aws_secret_access_key" name="aws_secret_access_key" type="password" value="{{.aws_secret_access_key}}" required>
+					</div>
+					<div class="inline required field {{if .Err_Auth}}error{{end}}">
+						<label for="auth_username">{{ctx.Locale.Tr "repo.migrate.codecommit.https_git_credentials_username"}}</label>
+						<input id="auth_username" name="auth_username" value="{{.auth_username}}" required>
+					</div>
+					<div class="inline required field {{if .Err_Auth}}error{{end}}">
+						<label for="auth_password">{{ctx.Locale.Tr "repo.migrate.codecommit.https_git_credentials_password"}}</label>
+						<input id="auth_password" name="auth_password" type="password" value="{{.auth_password}}" required>
+					</div>
+
+					{{if not .DisableNewPullMirrors}}
+					<div class="inline field">
+						<label>{{ctx.Locale.Tr "repo.migrate_options"}}</label>
+						<div class="ui checkbox">
+							<input id="mirror" name="mirror" type="checkbox" {{if .mirror}} checked{{end}}>
+							<label>{{ctx.Locale.Tr "repo.migrate_options_mirror_helper"}}</label>
+						</div>
+					</div>
+					{{end}}
+
+					<div id="migrate_items">
+						<div class="inline field">
+							<label>{{ctx.Locale.Tr "repo.migrate_items"}}</label>
+							<div class="ui checkbox">
+								<input name="pull_requests" type="checkbox" {{if .pull_requests}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "repo.migrate_items_pullrequests"}}</label>
+							</div>
+						</div>
+					</div>
+
+					<div class="divider"></div>
+
+					<div class="inline required field {{if .Err_Owner}}error{{end}}">
+						<label>{{ctx.Locale.Tr "repo.owner"}}</label>
+						<div class="ui selection owner dropdown">
+							<input type="hidden" id="uid" name="uid" value="{{.ContextUser.ID}}" required>
+							<span class="text truncated-item-container" title="{{.ContextUser.Name}}">
+								{{ctx.AvatarUtils.Avatar .ContextUser 28 "mini"}}
+								<span class="truncated-item-name">{{.ContextUser.ShortName 40}}</span>
+							</span>
+							{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+							<div class="menu" title="{{.SignedUser.Name}}">
+								<div class="item truncated-item-container" data-value="{{.SignedUser.ID}}">
+									{{ctx.AvatarUtils.Avatar .SignedUser 28 "mini"}}
+									<span class="truncated-item-name">{{.SignedUser.ShortName 40}}</span>
+								</div>
+								{{range .Orgs}}
+									<div class="item truncated-item-container" data-value="{{.ID}}" title="{{.Name}}">
+										{{ctx.AvatarUtils.Avatar . 28 "mini"}}
+										<span class="truncated-item-name">{{.ShortName 40}}</span>
+									</div>
+								{{end}}
+							</div>
+						</div>
+					</div>
+
+					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
+						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+					</div>
+					<div class="inline field">
+						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
+						<div class="ui checkbox">
+							{{if .IsForcedPrivate}}
+								<input name="private" type="checkbox" checked disabled>
+								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
+							{{else}}
+								<input name="private" type="checkbox" {{if .private}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
+							{{end}}
+						</div>
+					</div>
+					<div class="inline field {{if .Err_Description}}error{{end}}">
+						<label for="description">{{ctx.Locale.Tr "repo.repo_desc"}}</label>
+						<textarea id="description" name="description" maxlength="2048">{{.description}}</textarea>
+					</div>
+
+					<div class="inline field">
+						<label></label>
+						<button class="ui primary button">
+							{{ctx.Locale.Tr "repo.migrate_repo"}}
+						</button>
+					</div>
+				</div>
+			</form>
+		</div>
+	</div>
+</div>
+{{template "base/footer" .}}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 52d37547374..d9f1a8f5e93 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -22615,6 +22615,14 @@
           "type": "string",
           "x-go-name": "AuthUsername"
         },
+        "aws_access_key_id": {
+          "type": "string",
+          "x-go-name": "AWSAccessKeyID"
+        },
+        "aws_secret_access_key": {
+          "type": "string",
+          "x-go-name": "AWSSecretAccessKey"
+        },
         "clone_addr": {
           "type": "string",
           "x-go-name": "CloneAddr"
diff --git a/web_src/svg/gitea-codecommit.svg b/web_src/svg/gitea-codecommit.svg
new file mode 100644
index 00000000000..074f932022e
--- /dev/null
+++ b/web_src/svg/gitea-codecommit.svg
@@ -0,0 +1,6 @@
+<svg width="80" height="80" viewBox="-10 -10 100 100" xmlns="http://www.w3.org/2000/svg">
+    <g fill="none" fill-rule="evenodd">
+        <path d="M0 0h80v80H0z" fill="#C925D1"/>
+        <path d="M26.628 28.105h-2.017v-6.982c0-.558.36-.99.926-.99l7.144-.007v1.994H27.95l4.862 4.819-1.445 1.434-4.806-4.728.067 4.46zm28.07 10.867l1.869.827-6.541 14.446-1.868-.827 6.54-14.446zm1.311 10.493l4.003-2.89-3.526-3.535 1.458-1.422 4.36 4.373a1.002 1.002 0 0 1-.126 1.527l-4.963 3.58-1.206-1.633zm-9.043-8.802l1.205 1.633-4.061 2.932 3.538 3.536-1.454 1.424-4.374-4.373a1 1 0 0 1 .124-1.528l5.022-3.624zM69 24.13v42.858c0 .56-.458 1.012-1.024 1.012h-31.26c-.272 0-.53-.107-.723-.297a.958.958 0 0 1-.285-.7V55.034h2.018v10.971h29.256V25.113H37.726v-1.995h30.25c.566 0 1.024.453 1.024 1.012zM33.182 34.588c0-1.927 1.585-3.495 3.535-3.495 1.95 0 3.535 1.568 3.535 3.495s-1.585 3.495-3.535 3.495c-1.95 0-3.535-1.568-3.535-3.495zM17.549 66.009c-1.95 0-3.535-1.568-3.535-3.495s1.585-3.494 3.535-3.494c1.95 0 3.535 1.567 3.535 3.494 0 1.927-1.585 3.495-3.535 3.495zm-3.535-23.442c0-1.927 1.585-3.495 3.535-3.495 1.982 0 3.535 1.535 3.535 3.495 0 1.927-1.585 3.495-3.535 3.495-1.95 0-3.535-1.568-3.535-3.495zm.004-25.081c0-1.925 1.584-3.491 3.53-3.491 1.948 0 3.532 1.566 3.532 3.49 0 1.925-1.584 3.491-3.531 3.491s-3.531-1.566-3.531-3.49zm23.708 29.762v-7.276c2.57-.477 4.535-2.708 4.535-5.384 0-3.022-2.487-5.482-5.544-5.482-3.057 0-5.545 2.46-5.545 5.482 0 2.676 1.966 4.907 4.536 5.384v7.276c0 1.163-.786 2.218-1.98 2.686l-10.451 4.1c-1.673.657-2.903 1.948-3.434 3.496-.433-.195-.801-.336-1.285-.416v-9.146c2.623-.433 4.535-2.687 4.535-5.401 0-2.764-1.878-4.972-4.535-5.393V22.889c2.626-.431 4.54-2.688 4.54-5.403 0-3.025-2.49-5.486-5.55-5.486C14.489 12 12 14.46 12 17.486c0 2.64 2.022 4.85 4.54 5.369v14.347c-2.515.518-4.536 2.727-4.536 5.365 0 2.638 2.02 4.846 4.536 5.365v9.217c-2.515.52-4.536 2.727-4.536 5.365 0 3.022 2.488 5.482 5.545 5.482 3.056 0 5.544-2.46 5.544-5.482a5.425 5.425 0 0 0-1.458-3.693c.167-1.27 1.066-2.384 2.397-2.905l10.45-4.1c1.98-.777 3.244-2.57 3.244-4.568z" fill="#FFF"/>
+    </g>
+</svg>

From 125679f2e14cdc8a26a147f7e8fd0e5f174fb5cb Mon Sep 17 00:00:00 2001
From: Jason Song <i@wolfogre.com>
Date: Wed, 11 Sep 2024 13:47:00 +0800
Subject: [PATCH 070/129] Support allowed hosts for migrations to work with
 proxy (#32025)

---
 modules/hostmatcher/http.go        | 6 +-----
 services/migrations/http_client.go | 2 +-
 services/migrations/migrate.go     | 4 ----
 services/webhook/deliver.go        | 2 +-
 4 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/modules/hostmatcher/http.go b/modules/hostmatcher/http.go
index c743f6efb3b..8828902034a 100644
--- a/modules/hostmatcher/http.go
+++ b/modules/hostmatcher/http.go
@@ -13,11 +13,7 @@ import (
 )
 
 // NewDialContext returns a DialContext for Transport, the DialContext will do allow/block list check
-func NewDialContext(usage string, allowList, blockList *HostMatchList) func(ctx context.Context, network, addr string) (net.Conn, error) {
-	return NewDialContextWithProxy(usage, allowList, blockList, nil)
-}
-
-func NewDialContextWithProxy(usage string, allowList, blockList *HostMatchList, proxy *url.URL) func(ctx context.Context, network, addr string) (net.Conn, error) {
+func NewDialContext(usage string, allowList, blockList *HostMatchList, proxy *url.URL) func(ctx context.Context, network, addr string) (net.Conn, error) {
 	// How Go HTTP Client works with redirection:
 	//   transport.RoundTrip URL=http://domain.com, Host=domain.com
 	//   transport.DialContext addrOrHost=domain.com:80
diff --git a/services/migrations/http_client.go b/services/migrations/http_client.go
index 9e3caec191f..0b997e08f4b 100644
--- a/services/migrations/http_client.go
+++ b/services/migrations/http_client.go
@@ -24,6 +24,6 @@ func NewMigrationHTTPTransport() *http.Transport {
 	return &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Migrations.SkipTLSVerify},
 		Proxy:           proxy.Proxy(),
-		DialContext:     hostmatcher.NewDialContext("migration", allowList, blockList),
+		DialContext:     hostmatcher.NewDialContext("migration", allowList, blockList, setting.Proxy.ProxyURLFixed),
 	}
 }
diff --git a/services/migrations/migrate.go b/services/migrations/migrate.go
index 21bdc68e732..d0ad6d0139a 100644
--- a/services/migrations/migrate.go
+++ b/services/migrations/migrate.go
@@ -499,9 +499,5 @@ func Init() error {
 	// TODO: at the moment, if ALLOW_LOCALNETWORKS=false, ALLOWED_DOMAINS=domain.com, and domain.com has IP 127.0.0.1, then it's still allowed.
 	// if we want to block such case, the private&loopback should be added to the blockList when ALLOW_LOCALNETWORKS=false
 
-	if setting.Proxy.Enabled && setting.Proxy.ProxyURLFixed != nil {
-		allowList.AppendPattern(setting.Proxy.ProxyURLFixed.Host)
-	}
-
 	return nil
 }
diff --git a/services/webhook/deliver.go b/services/webhook/deliver.go
index b2c0a73784d..4707602cdf4 100644
--- a/services/webhook/deliver.go
+++ b/services/webhook/deliver.go
@@ -303,7 +303,7 @@ func Init() error {
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify},
 			Proxy:           webhookProxy(allowedHostMatcher),
-			DialContext:     hostmatcher.NewDialContextWithProxy("webhook", allowedHostMatcher, nil, setting.Webhook.ProxyURLFixed),
+			DialContext:     hostmatcher.NewDialContext("webhook", allowedHostMatcher, nil, setting.Webhook.ProxyURLFixed),
 		},
 	}
 

From 7c6edf1ba06d4c3269eaa78f4039c9123b006c51 Mon Sep 17 00:00:00 2001
From: charles-plutohealth
 <143208583+charles-plutohealth@users.noreply.github.com>
Date: Wed, 11 Sep 2024 13:29:27 -0400
Subject: [PATCH 071/129] Fix `/repos/{owner}/{repo}/pulls/{index}/files`
 endpoint not populating `previous_filename` (#32017)

---
`status == "rename"` should have read `status == "renamed"`. The typo
means that file.PreviousFilename would never be populated, which e.g.
breaks usage of the Github Action at
https://github.com/dorny/paths-filter.
---
 services/convert/convert.go | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/services/convert/convert.go b/services/convert/convert.go
index d70c1b940a5..041d553e98c 100644
--- a/services/convert/convert.go
+++ b/services/convert/convert.go
@@ -485,6 +485,7 @@ func ToLFSLock(ctx context.Context, l *git_model.LFSLock) *api.LFSLock {
 // ToChangedFile convert a gitdiff.DiffFile to api.ChangedFile
 func ToChangedFile(f *gitdiff.DiffFile, repo *repo_model.Repository, commit string) *api.ChangedFile {
 	status := "changed"
+	previousFilename := ""
 	if f.IsDeleted {
 		status = "deleted"
 	} else if f.IsCreated {
@@ -493,23 +494,21 @@ func ToChangedFile(f *gitdiff.DiffFile, repo *repo_model.Repository, commit stri
 		status = "copied"
 	} else if f.IsRenamed && f.Type == gitdiff.DiffFileRename {
 		status = "renamed"
+		previousFilename = f.OldName
 	} else if f.Addition == 0 && f.Deletion == 0 {
 		status = "unchanged"
 	}
 
 	file := &api.ChangedFile{
-		Filename:    f.GetDiffFileName(),
-		Status:      status,
-		Additions:   f.Addition,
-		Deletions:   f.Deletion,
-		Changes:     f.Addition + f.Deletion,
-		HTMLURL:     fmt.Sprint(repo.HTMLURL(), "/src/commit/", commit, "/", util.PathEscapeSegments(f.GetDiffFileName())),
-		ContentsURL: fmt.Sprint(repo.APIURL(), "/contents/", util.PathEscapeSegments(f.GetDiffFileName()), "?ref=", commit),
-		RawURL:      fmt.Sprint(repo.HTMLURL(), "/raw/commit/", commit, "/", util.PathEscapeSegments(f.GetDiffFileName())),
-	}
-
-	if status == "rename" {
-		file.PreviousFilename = f.OldName
+		Filename:         f.GetDiffFileName(),
+		Status:           status,
+		Additions:        f.Addition,
+		Deletions:        f.Deletion,
+		Changes:          f.Addition + f.Deletion,
+		PreviousFilename: previousFilename,
+		HTMLURL:          fmt.Sprint(repo.HTMLURL(), "/src/commit/", commit, "/", util.PathEscapeSegments(f.GetDiffFileName())),
+		ContentsURL:      fmt.Sprint(repo.APIURL(), "/contents/", util.PathEscapeSegments(f.GetDiffFileName()), "?ref=", commit),
+		RawURL:           fmt.Sprint(repo.HTMLURL(), "/raw/commit/", commit, "/", util.PathEscapeSegments(f.GetDiffFileName())),
 	}
 
 	return file

From 64298dcb9e72a5a87a4680563d91fae5b90e0160 Mon Sep 17 00:00:00 2001
From: Daniel <39636934+itzonban@users.noreply.github.com>
Date: Wed, 11 Sep 2024 19:58:45 +0200
Subject: [PATCH 072/129]  Failed authentications are logged to level Warning
 (#32016)

PR for issue #31968
Replaces PR #31983 to comply with gitea's error definition

Failed authentications are now logged to level `Warning` instead of
`Info`.
---
 routers/web/auth/auth.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index b86c1ff1c23..5cbe2f5388c 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -228,12 +228,12 @@ func SignInPost(ctx *context.Context) {
 	if err != nil {
 		if errors.Is(err, util.ErrNotExist) || errors.Is(err, util.ErrInvalidArgument) {
 			ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form)
-			log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
+			log.Warn("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 		} else if user_model.IsErrEmailAlreadyUsed(err) {
 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSignIn, &form)
-			log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
+			log.Warn("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 		} else if user_model.IsErrUserProhibitLogin(err) {
-			log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
+			log.Warn("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 			ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
 			ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
 		} else if user_model.IsErrUserInactive(err) {
@@ -241,7 +241,7 @@ func SignInPost(ctx *context.Context) {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
 				ctx.HTML(http.StatusOK, TplActivate)
 			} else {
-				log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
+				log.Warn("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
 				ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
 			}

From 20d7707124c2b4b9616526c6b242660729028ae7 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Thu, 12 Sep 2024 00:30:02 +0000
Subject: [PATCH 073/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_pt-PT.ini | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index fffc54559b4..c743cdfaad3 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1176,6 +1176,11 @@ migrate.gogs.description=Migrar dados de notabug.org ou de outras instâncias do
 migrate.onedev.description=Migrar dados de code.onedev.io ou de outras instâncias do OneDev.
 migrate.codebase.description=Migrar dados de codebasehq.com.
 migrate.gitbucket.description=Migrar dados de instâncias do GitBucket.
+migrate.codecommit.description=Migrar dados de AWS CodeCommit.
+migrate.codecommit.aws_access_key_id=ID da chave de acesso AWS
+migrate.codecommit.aws_secret_access_key=Chave de acesso secreto AWS
+migrate.codecommit.https_git_credentials_username=Nome de utilizador das credenciais Git para HTTPS
+migrate.codecommit.https_git_credentials_password=Senha das credenciais Git para HTTPS
 migrate.migrating_git=Migrando dados Git
 migrate.migrating_topics=Migrando tópicos
 migrate.migrating_milestones=Migrando etapas

From 4ab6fc62d23bcef060cb98c60cfc29aa286a02d1 Mon Sep 17 00:00:00 2001
From: Lauris BH <lauris@nix.lv>
Date: Thu, 12 Sep 2024 06:53:40 +0300
Subject: [PATCH 074/129] Add option to filter board cards by labels and
 assignees (#31999)

Works in both organization and repository project boards

Fixes #21846

Replaces #21963
Replaces #27117


![image](https://github.com/user-attachments/assets/1837ace8-3de2-444f-a153-e166bd0da2c0)

**Note** that implementation was made intentionally to work same as in
issue list so that URL can be bookmarked for quick access with
predefined filters in URL
---
 models/issues/issue_project.go                | 16 ++--
 models/issues/issue_search.go                 | 13 ++++
 models/organization/org_user.go               | 45 +++++++++++
 routers/web/org/projects.go                   | 65 +++++++++++++++-
 routers/web/repo/actions/actions.go           |  4 +-
 routers/web/repo/helper.go                    | 14 ----
 routers/web/repo/issue.go                     |  7 +-
 routers/web/repo/projects.go                  | 74 +++++++++++++++++-
 routers/web/repo/pull.go                      |  3 +-
 routers/web/repo/release.go                   |  5 +-
 routers/web/shared/user/helper.go             | 22 ++++++
 .../web/{repo => shared/user}/helper_test.go  |  2 +-
 templates/projects/view.tmpl                  | 76 +++++++++++++++++++
 web_src/css/features/projects.css             | 12 +++
 14 files changed, 325 insertions(+), 33 deletions(-)
 create mode 100644 routers/web/shared/user/helper.go
 rename routers/web/{repo => shared/user}/helper_test.go (97%)

diff --git a/models/issues/issue_project.go b/models/issues/issue_project.go
index 835ea1db525..c4515fd8985 100644
--- a/models/issues/issue_project.go
+++ b/models/issues/issue_project.go
@@ -48,12 +48,12 @@ func (issue *Issue) ProjectColumnID(ctx context.Context) int64 {
 }
 
 // LoadIssuesFromColumn load issues assigned to this column
-func LoadIssuesFromColumn(ctx context.Context, b *project_model.Column) (IssueList, error) {
-	issueList, err := Issues(ctx, &IssuesOptions{
-		ProjectColumnID: b.ID,
-		ProjectID:       b.ProjectID,
-		SortType:        "project-column-sorting",
-	})
+func LoadIssuesFromColumn(ctx context.Context, b *project_model.Column, opts *IssuesOptions) (IssueList, error) {
+	issueList, err := Issues(ctx, opts.Copy(func(o *IssuesOptions) {
+		o.ProjectColumnID = b.ID
+		o.ProjectID = b.ProjectID
+		o.SortType = "project-column-sorting"
+	}))
 	if err != nil {
 		return nil, err
 	}
@@ -78,10 +78,10 @@ func LoadIssuesFromColumn(ctx context.Context, b *project_model.Column) (IssueLi
 }
 
 // LoadIssuesFromColumnList load issues assigned to the columns
-func LoadIssuesFromColumnList(ctx context.Context, bs project_model.ColumnList) (map[int64]IssueList, error) {
+func LoadIssuesFromColumnList(ctx context.Context, bs project_model.ColumnList, opts *IssuesOptions) (map[int64]IssueList, error) {
 	issuesMap := make(map[int64]IssueList, len(bs))
 	for i := range bs {
-		il, err := LoadIssuesFromColumn(ctx, bs[i])
+		il, err := LoadIssuesFromColumn(ctx, bs[i], opts)
 		if err != nil {
 			return nil, err
 		}
diff --git a/models/issues/issue_search.go b/models/issues/issue_search.go
index e9f116bfc6e..5948a67d4eb 100644
--- a/models/issues/issue_search.go
+++ b/models/issues/issue_search.go
@@ -54,6 +54,19 @@ type IssuesOptions struct { //nolint
 	User           *user_model.User           // issues permission scope
 }
 
+// Copy returns a copy of the options.
+// Be careful, it's not a deep copy, so `IssuesOptions.RepoIDs = {...}` is OK while `IssuesOptions.RepoIDs[0] = ...` is not.
+func (o *IssuesOptions) Copy(edit ...func(options *IssuesOptions)) *IssuesOptions {
+	if o == nil {
+		return nil
+	}
+	v := *o
+	for _, e := range edit {
+		e(&v)
+	}
+	return &v
+}
+
 // applySorts sort an issues-related session based on the provided
 // sortType string
 func applySorts(sess *xorm.Session, sortType string, priorityRepoID int64) {
diff --git a/models/organization/org_user.go b/models/organization/org_user.go
index 5fe3a178d2b..1d3b2fab44d 100644
--- a/models/organization/org_user.go
+++ b/models/organization/org_user.go
@@ -9,7 +9,9 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
+	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/log"
 
 	"xorm.io/builder"
@@ -112,6 +114,49 @@ func IsUserOrgOwner(ctx context.Context, users user_model.UserList, orgID int64)
 	return results
 }
 
+// GetOrgAssignees returns all users that have write access and can be assigned to issues
+// of the any repository in the organization.
+func GetOrgAssignees(ctx context.Context, orgID int64) (_ []*user_model.User, err error) {
+	e := db.GetEngine(ctx)
+	userIDs := make([]int64, 0, 10)
+	if err = e.Table("access").
+		Join("INNER", "repository", "`repository`.id = `access`.repo_id").
+		Where("`repository`.owner_id = ? AND `access`.mode >= ?", orgID, perm.AccessModeWrite).
+		Select("user_id").
+		Find(&userIDs); err != nil {
+		return nil, err
+	}
+
+	additionalUserIDs := make([]int64, 0, 10)
+	if err = e.Table("team_user").
+		Join("INNER", "team_repo", "`team_repo`.team_id = `team_user`.team_id").
+		Join("INNER", "team_unit", "`team_unit`.team_id = `team_user`.team_id").
+		Join("INNER", "repository", "`repository`.id = `team_repo`.repo_id").
+		Where("`repository`.owner_id = ? AND (`team_unit`.access_mode >= ? OR (`team_unit`.access_mode = ? AND `team_unit`.`type` = ?))",
+			orgID, perm.AccessModeWrite, perm.AccessModeRead, unit.TypePullRequests).
+		Distinct("`team_user`.uid").
+		Select("`team_user`.uid").
+		Find(&additionalUserIDs); err != nil {
+		return nil, err
+	}
+
+	uniqueUserIDs := make(container.Set[int64])
+	uniqueUserIDs.AddMultiple(userIDs...)
+	uniqueUserIDs.AddMultiple(additionalUserIDs...)
+
+	users := make([]*user_model.User, 0, len(uniqueUserIDs))
+	if len(userIDs) > 0 {
+		if err = e.In("id", uniqueUserIDs.Values()).
+			Where(builder.Eq{"`user`.is_active": true}).
+			OrderBy(user_model.GetOrderByName()).
+			Find(&users); err != nil {
+			return nil, err
+		}
+	}
+
+	return users, nil
+}
+
 func loadOrganizationOwners(ctx context.Context, users user_model.UserList, orgID int64) (map[int64]*TeamUser, error) {
 	if len(users) == 0 {
 		return nil, nil
diff --git a/routers/web/org/projects.go b/routers/web/org/projects.go
index 66760d31db7..2a5434b4147 100644
--- a/routers/web/org/projects.go
+++ b/routers/web/org/projects.go
@@ -11,6 +11,7 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	issues_model "code.gitea.io/gitea/models/issues"
+	org_model "code.gitea.io/gitea/models/organization"
 	project_model "code.gitea.io/gitea/models/project"
 	attachment_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
@@ -333,7 +334,29 @@ func ViewProject(ctx *context.Context) {
 		return
 	}
 
-	issuesMap, err := issues_model.LoadIssuesFromColumnList(ctx, columns)
+	var labelIDs []int64
+	// 1,-2 means including label 1 and excluding label 2
+	// 0 means issues with no label
+	// blank means labels will not be filtered for issues
+	selectLabels := ctx.FormString("labels")
+	if selectLabels == "" {
+		ctx.Data["AllLabels"] = true
+	} else if selectLabels == "0" {
+		ctx.Data["NoLabel"] = true
+	}
+	if len(selectLabels) > 0 {
+		labelIDs, err = base.StringsToInt64s(strings.Split(selectLabels, ","))
+		if err != nil {
+			ctx.Flash.Error(ctx.Tr("invalid_data", selectLabels), true)
+		}
+	}
+
+	assigneeID := ctx.FormInt64("assignee")
+
+	issuesMap, err := issues_model.LoadIssuesFromColumnList(ctx, columns, &issues_model.IssuesOptions{
+		LabelIDs:   labelIDs,
+		AssigneeID: assigneeID,
+	})
 	if err != nil {
 		ctx.ServerError("LoadIssuesOfColumns", err)
 		return
@@ -372,6 +395,46 @@ func ViewProject(ctx *context.Context) {
 		}
 	}
 
+	// TODO: Add option to filter also by repository specific labels
+	labels, err := issues_model.GetLabelsByOrgID(ctx, project.OwnerID, "", db.ListOptions{})
+	if err != nil {
+		ctx.ServerError("GetLabelsByOrgID", err)
+		return
+	}
+
+	// Get the exclusive scope for every label ID
+	labelExclusiveScopes := make([]string, 0, len(labelIDs))
+	for _, labelID := range labelIDs {
+		foundExclusiveScope := false
+		for _, label := range labels {
+			if label.ID == labelID || label.ID == -labelID {
+				labelExclusiveScopes = append(labelExclusiveScopes, label.ExclusiveScope())
+				foundExclusiveScope = true
+				break
+			}
+		}
+		if !foundExclusiveScope {
+			labelExclusiveScopes = append(labelExclusiveScopes, "")
+		}
+	}
+
+	for _, l := range labels {
+		l.LoadSelectedLabelsAfterClick(labelIDs, labelExclusiveScopes)
+	}
+	ctx.Data["Labels"] = labels
+	ctx.Data["NumLabels"] = len(labels)
+
+	// Get assignees.
+	assigneeUsers, err := org_model.GetOrgAssignees(ctx, project.OwnerID)
+	if err != nil {
+		ctx.ServerError("GetRepoAssignees", err)
+		return
+	}
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
+
+	ctx.Data["SelectLabels"] = selectLabels
+	ctx.Data["AssigneeID"] = assigneeID
+
 	project.RenderedContent = templates.RenderMarkdownToHtml(ctx, project.Description)
 	ctx.Data["LinkedPRs"] = linkedPrsMap
 	ctx.Data["PageIsViewProjects"] = true
diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go
index 63cf3e948a8..f5fb056494d 100644
--- a/routers/web/repo/actions/actions.go
+++ b/routers/web/repo/actions/actions.go
@@ -23,7 +23,7 @@ import (
 	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/routers/web/repo"
+	shared_user "code.gitea.io/gitea/routers/web/shared/user"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/convert"
 
@@ -252,7 +252,7 @@ func List(ctx *context.Context) {
 		ctx.ServerError("GetActors", err)
 		return
 	}
-	ctx.Data["Actors"] = repo.MakeSelfOnTop(ctx.Doer, actors)
+	ctx.Data["Actors"] = shared_user.MakeSelfOnTop(ctx.Doer, actors)
 
 	ctx.Data["StatusInfoList"] = actions_model.GetStatusInfoList(ctx)
 
diff --git a/routers/web/repo/helper.go b/routers/web/repo/helper.go
index 5e1e116018e..ed6216fa5ce 100644
--- a/routers/web/repo/helper.go
+++ b/routers/web/repo/helper.go
@@ -5,25 +5,11 @@ package repo
 
 import (
 	"net/url"
-	"sort"
 
-	"code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/services/context"
 )
 
-func MakeSelfOnTop(doer *user.User, users []*user.User) []*user.User {
-	if doer != nil {
-		sort.Slice(users, func(i, j int) bool {
-			if users[i].ID == users[j].ID {
-				return false
-			}
-			return users[i].ID == doer.ID // if users[i] is self, put it before others, so less=true
-		})
-	}
-	return users
-}
-
 func HandleGitError(ctx *context.Context, msg string, err error) {
 	if git.IsErrNotExist(err) {
 		refType := ""
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index fd6abe04fe6..596abb4b9ca 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -49,6 +49,7 @@ import (
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
+	shared_user "code.gitea.io/gitea/routers/web/shared/user"
 	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/context/upload"
@@ -360,7 +361,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
 		ctx.ServerError("GetRepoAssignees", err)
 		return
 	}
-	ctx.Data["Assignees"] = MakeSelfOnTop(ctx.Doer, assigneeUsers)
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
 
 	handleTeamMentions(ctx)
 	if ctx.Written() {
@@ -580,7 +581,7 @@ func RetrieveRepoMilestonesAndAssignees(ctx *context.Context, repo *repo_model.R
 		ctx.ServerError("GetRepoAssignees", err)
 		return
 	}
-	ctx.Data["Assignees"] = MakeSelfOnTop(ctx.Doer, assigneeUsers)
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
 
 	handleTeamMentions(ctx)
 }
@@ -3771,7 +3772,7 @@ func issuePosters(ctx *context.Context, isPullList bool) {
 		}
 	}
 
-	posters = MakeSelfOnTop(ctx.Doer, posters)
+	posters = shared_user.MakeSelfOnTop(ctx.Doer, posters)
 
 	resp := &userSearchResponse{}
 	resp.Results = make([]*userSearchInfo, len(posters))
diff --git a/routers/web/repo/projects.go b/routers/web/repo/projects.go
index aac8997d627..664ea7eb76d 100644
--- a/routers/web/repo/projects.go
+++ b/routers/web/repo/projects.go
@@ -23,6 +23,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
+	shared_user "code.gitea.io/gitea/routers/web/shared/user"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/forms"
 	project_service "code.gitea.io/gitea/services/projects"
@@ -313,7 +314,29 @@ func ViewProject(ctx *context.Context) {
 		return
 	}
 
-	issuesMap, err := issues_model.LoadIssuesFromColumnList(ctx, columns)
+	var labelIDs []int64
+	// 1,-2 means including label 1 and excluding label 2
+	// 0 means issues with no label
+	// blank means labels will not be filtered for issues
+	selectLabels := ctx.FormString("labels")
+	if selectLabels == "" {
+		ctx.Data["AllLabels"] = true
+	} else if selectLabels == "0" {
+		ctx.Data["NoLabel"] = true
+	}
+	if len(selectLabels) > 0 {
+		labelIDs, err = base.StringsToInt64s(strings.Split(selectLabels, ","))
+		if err != nil {
+			ctx.Flash.Error(ctx.Tr("invalid_data", selectLabels), true)
+		}
+	}
+
+	assigneeID := ctx.FormInt64("assignee")
+
+	issuesMap, err := issues_model.LoadIssuesFromColumnList(ctx, columns, &issues_model.IssuesOptions{
+		LabelIDs:   labelIDs,
+		AssigneeID: assigneeID,
+	})
 	if err != nil {
 		ctx.ServerError("LoadIssuesOfColumns", err)
 		return
@@ -353,6 +376,55 @@ func ViewProject(ctx *context.Context) {
 	}
 	ctx.Data["LinkedPRs"] = linkedPrsMap
 
+	labels, err := issues_model.GetLabelsByRepoID(ctx, project.RepoID, "", db.ListOptions{})
+	if err != nil {
+		ctx.ServerError("GetLabelsByRepoID", err)
+		return
+	}
+
+	if ctx.Repo.Owner.IsOrganization() {
+		orgLabels, err := issues_model.GetLabelsByOrgID(ctx, ctx.Repo.Owner.ID, "", db.ListOptions{})
+		if err != nil {
+			ctx.ServerError("GetLabelsByOrgID", err)
+			return
+		}
+
+		labels = append(labels, orgLabels...)
+	}
+
+	// Get the exclusive scope for every label ID
+	labelExclusiveScopes := make([]string, 0, len(labelIDs))
+	for _, labelID := range labelIDs {
+		foundExclusiveScope := false
+		for _, label := range labels {
+			if label.ID == labelID || label.ID == -labelID {
+				labelExclusiveScopes = append(labelExclusiveScopes, label.ExclusiveScope())
+				foundExclusiveScope = true
+				break
+			}
+		}
+		if !foundExclusiveScope {
+			labelExclusiveScopes = append(labelExclusiveScopes, "")
+		}
+	}
+
+	for _, l := range labels {
+		l.LoadSelectedLabelsAfterClick(labelIDs, labelExclusiveScopes)
+	}
+	ctx.Data["Labels"] = labels
+	ctx.Data["NumLabels"] = len(labels)
+
+	// Get assignees.
+	assigneeUsers, err := repo_model.GetRepoAssignees(ctx, ctx.Repo.Repository)
+	if err != nil {
+		ctx.ServerError("GetRepoAssignees", err)
+		return
+	}
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
+
+	ctx.Data["SelectLabels"] = selectLabels
+	ctx.Data["AssigneeID"] = assigneeID
+
 	project.RenderedContent, err = markdown.RenderString(&markup.RenderContext{
 		Links: markup.Links{
 			Base: ctx.Repo.RepoLink,
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 7187a35e0e7..95299b44d5a 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -34,6 +34,7 @@ import (
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
+	shared_user "code.gitea.io/gitea/routers/web/shared/user"
 	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/automerge"
 	"code.gitea.io/gitea/services/context"
@@ -825,7 +826,7 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		ctx.ServerError("GetRepoAssignees", err)
 		return
 	}
-	ctx.Data["Assignees"] = MakeSelfOnTop(ctx.Doer, assigneeUsers)
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
 
 	handleTeamMentions(ctx)
 	if ctx.Written() {
diff --git a/routers/web/repo/release.go b/routers/web/repo/release.go
index 85c7828f2e4..a2833034925 100644
--- a/routers/web/repo/release.go
+++ b/routers/web/repo/release.go
@@ -26,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/web/feed"
+	shared_user "code.gitea.io/gitea/routers/web/shared/user"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/context/upload"
 	"code.gitea.io/gitea/services/forms"
@@ -370,7 +371,7 @@ func NewRelease(ctx *context.Context) {
 		ctx.ServerError("GetRepoAssignees", err)
 		return
 	}
-	ctx.Data["Assignees"] = MakeSelfOnTop(ctx.Doer, assigneeUsers)
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
 
 	upload.AddUploadContext(ctx, "release")
 
@@ -559,7 +560,7 @@ func EditRelease(ctx *context.Context) {
 		ctx.ServerError("GetRepoAssignees", err)
 		return
 	}
-	ctx.Data["Assignees"] = MakeSelfOnTop(ctx.Doer, assigneeUsers)
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
 
 	ctx.HTML(http.StatusOK, tplReleaseNew)
 }
diff --git a/routers/web/shared/user/helper.go b/routers/web/shared/user/helper.go
new file mode 100644
index 00000000000..6186b9b9ffb
--- /dev/null
+++ b/routers/web/shared/user/helper.go
@@ -0,0 +1,22 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package user
+
+import (
+	"sort"
+
+	"code.gitea.io/gitea/models/user"
+)
+
+func MakeSelfOnTop(doer *user.User, users []*user.User) []*user.User {
+	if doer != nil {
+		sort.Slice(users, func(i, j int) bool {
+			if users[i].ID == users[j].ID {
+				return false
+			}
+			return users[i].ID == doer.ID // if users[i] is self, put it before others, so less=true
+		})
+	}
+	return users
+}
diff --git a/routers/web/repo/helper_test.go b/routers/web/shared/user/helper_test.go
similarity index 97%
rename from routers/web/repo/helper_test.go
rename to routers/web/shared/user/helper_test.go
index 978758e77fd..ccdf536c137 100644
--- a/routers/web/repo/helper_test.go
+++ b/routers/web/shared/user/helper_test.go
@@ -1,7 +1,7 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package repo
+package user
 
 import (
 	"testing"
diff --git a/templates/projects/view.tmpl b/templates/projects/view.tmpl
index 584462d2a24..f5c1bb76703 100644
--- a/templates/projects/view.tmpl
+++ b/templates/projects/view.tmpl
@@ -3,6 +3,82 @@
 <div class="ui container tw-max-w-full">
 	<div class="tw-flex tw-justify-between tw-items-center tw-mb-4 tw-gap-3">
 		<h2 class="tw-mb-0 tw-flex-1 tw-break-anywhere">{{.Project.Title}}</h2>
+			<div class="project-toolbar-right">
+				<div class="ui secondary filter menu labels">
+					<!-- Label -->
+					<div class="ui {{if not .Labels}}disabled{{end}} dropdown jump item label-filter">
+						<span class="text">
+							{{ctx.Locale.Tr "repo.issues.filter_label"}}
+						</span>
+						{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+						<div class="menu">
+							<div class="ui icon search input">
+								<i class="icon">{{svg "octicon-search" 16}}</i>
+								<input type="text" placeholder="{{ctx.Locale.Tr "repo.issues.filter_label"}}">
+							</div>
+							<div class="ui checkbox compact archived-label-filter">
+								<input name="archived" type="checkbox"
+									id="archived-filter-checkbox"
+									{{if .ShowArchivedLabels}}checked{{end}}
+								>
+								<label for="archived-filter-checkbox">
+									{{ctx.Locale.Tr "repo.issues.label_archived_filter"}}
+									<i class="tw-ml-1" data-tooltip-content={{ctx.Locale.Tr "repo.issues.label_archive_tooltip"}}>
+										{{svg "octicon-info"}}
+									</i>
+								</label>
+							</div>
+							<span class="info">{{ctx.Locale.Tr "repo.issues.filter_label_exclude"}}</span>
+							<div class="divider"></div>
+							<a class="{{if .AllLabels}}active selected {{end}}item" href="?assignee={{$.AssigneeID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_label_no_select"}}</a>
+							<a class="{{if .NoLabel}}active selected {{end}}item" href="?assignee={{$.AssigneeID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_label_select_no_label"}}</a>
+							{{$previousExclusiveScope := "_no_scope"}}
+							{{range .Labels}}
+								{{$exclusiveScope := .ExclusiveScope}}
+								{{if and (ne $previousExclusiveScope $exclusiveScope)}}
+									<div class="divider"></div>
+								{{end}}
+								{{$previousExclusiveScope = $exclusiveScope}}
+								<a class="item label-filter-item tw-flex tw-items-center" {{if .IsArchived}}data-is-archived{{end}} href="?labels={{.QueryString}}&assignee={{$.AssigneeID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}" data-label-id="{{.ID}}">
+									{{if .IsExcluded}}
+										{{svg "octicon-circle-slash"}}
+									{{else if .IsSelected}}
+										{{if $exclusiveScope}}
+											{{svg "octicon-dot-fill"}}
+										{{else}}
+											{{svg "octicon-check"}}
+										{{end}}
+									{{end}}
+									{{RenderLabel $.Context ctx.Locale .}}
+									<p class="tw-ml-auto">{{template "repo/issue/labels/label_archived" .}}</p>
+								</a>
+							{{end}}
+						</div>
+					</div>
+
+					<!-- Assignee -->
+					<div class="ui {{if not .Assignees}}disabled{{end}} dropdown jump item">
+						<span class="text">
+							{{ctx.Locale.Tr "repo.issues.filter_assignee"}}
+						</span>
+						{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+						<div class="menu">
+							<div class="ui icon search input">
+								<i class="icon">{{svg "octicon-search" 16}}</i>
+								<input type="text" placeholder="{{ctx.Locale.Tr "repo.issues.filter_assignee"}}">
+							</div>
+							<a class="{{if not .AssigneeID}}active selected {{end}}item" href="?labels={{.SelectLabels}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_assginee_no_select"}}</a>
+							<a class="{{if eq .AssigneeID -1}}active selected {{end}}item" href="?labels={{.SelectLabels}}&assignee=-1{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_assginee_no_assignee"}}</a>
+							<div class="divider"></div>
+							{{range .Assignees}}
+								<a class="{{if eq $.AssigneeID .ID}}active selected{{end}} item tw-flex" href="?labels={{$.SelectLabels}}&assignee={{.ID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">
+									{{ctx.AvatarUtils.Avatar . 20}}{{template "repo/search_name" .}}
+								</a>
+							{{end}}
+						</div>
+					</div>
+				</div>
+			</div>
 		{{if $canWriteProject}}
 			<div class="ui compact mini menu">
 				<a class="item" href="{{.Link}}/edit?redirect=project">
diff --git a/web_src/css/features/projects.css b/web_src/css/features/projects.css
index 4a0205c910a..08547cd8728 100644
--- a/web_src/css/features/projects.css
+++ b/web_src/css/features/projects.css
@@ -6,6 +6,18 @@
   margin: 0 0.5em;
 }
 
+.project-toolbar-right .filter.menu {
+  flex-direction: row;
+  flex-wrap: wrap;
+}
+
+@media (max-width: 767.98px) {
+  .project-toolbar-right .dropdown .menu {
+    left: auto !important;
+    right: auto !important;
+  }
+}
+
 .project-column {
   background-color: var(--color-project-column-bg) !important;
   border: 1px solid var(--color-secondary) !important;

From f05d9c98c4cb95e3a8a71bf3e2f8f4529e09f96f Mon Sep 17 00:00:00 2001
From: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
Date: Thu, 12 Sep 2024 00:47:31 -0700
Subject: [PATCH 075/129] Handle invalid target when creating releases using
 API (#31841)

A 500 status code was thrown when passing a non-existent target to the
create release API. This snapshot handles this error and instead throws
a 404 status code.

Discovered while working on #31840.
---
 routers/api/v1/repo/release.go         |  3 +++
 services/release/release.go            |  2 +-
 tests/integration/api_releases_test.go | 18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/routers/api/v1/repo/release.go b/routers/api/v1/repo/release.go
index ef587f6274b..478bdbd797a 100644
--- a/routers/api/v1/repo/release.go
+++ b/routers/api/v1/repo/release.go
@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/modules/git"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/utils"
@@ -251,6 +252,8 @@ func CreateRelease(ctx *context.APIContext) {
 				ctx.Error(http.StatusConflict, "ReleaseAlreadyExist", err)
 			} else if models.IsErrProtectedTagName(err) {
 				ctx.Error(http.StatusUnprocessableEntity, "ProtectedTagName", err)
+			} else if git.IsErrNotExist(err) {
+				ctx.Error(http.StatusNotFound, "ErrNotExist", fmt.Errorf("target \"%v\" not found: %w", rel.Target, err))
 			} else {
 				ctx.Error(http.StatusInternalServerError, "CreateRelease", err)
 			}
diff --git a/services/release/release.go b/services/release/release.go
index 399fdc79c01..5c021404b8f 100644
--- a/services/release/release.go
+++ b/services/release/release.go
@@ -65,7 +65,7 @@ func createTag(ctx context.Context, gitRepo *git.Repository, rel *repo_model.Rel
 
 			commit, err := gitRepo.GetCommit(rel.Target)
 			if err != nil {
-				return false, fmt.Errorf("createTag::GetCommit[%v]: %w", rel.Target, err)
+				return false, err
 			}
 
 			if len(msg) > 0 {
diff --git a/tests/integration/api_releases_test.go b/tests/integration/api_releases_test.go
index d912452802a..b3d4928b7ba 100644
--- a/tests/integration/api_releases_test.go
+++ b/tests/integration/api_releases_test.go
@@ -208,6 +208,24 @@ func TestAPICreateReleaseToDefaultBranchOnExistingTag(t *testing.T) {
 	createNewReleaseUsingAPI(t, token, owner, repo, "v0.0.1", "", "v0.0.1", "test")
 }
 
+func TestAPICreateReleaseGivenInvalidTarget(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	session := loginUser(t, owner.LowerName)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases", owner.Name, repo.Name)
+	req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateReleaseOption{
+		TagName: "i-point-to-an-invalid-target",
+		Title:   "Invalid Target",
+		Target:  "invalid-target",
+	}).AddTokenAuth(token)
+
+	MakeRequest(t, req, http.StatusNotFound)
+}
+
 func TestAPIGetLatestRelease(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From 3a51c37672d2fbad1f222922e75ce704d5a1ac71 Mon Sep 17 00:00:00 2001
From: Zettat123 <zettat123@gmail.com>
Date: Sun, 15 Sep 2024 00:40:36 +0800
Subject: [PATCH 076/129] Check if the `due_date` is nil when editing issues
 (#32035)

---
 routers/api/v1/repo/issue.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index c53eb071905..c1218440e59 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -833,10 +833,16 @@ func EditIssue(ctx *context.APIContext) {
 	if (form.Deadline != nil || form.RemoveDeadline != nil) && canWrite {
 		var deadlineUnix timeutil.TimeStamp
 
-		if (form.RemoveDeadline == nil || !*form.RemoveDeadline) && !form.Deadline.IsZero() {
-			deadline := time.Date(form.Deadline.Year(), form.Deadline.Month(), form.Deadline.Day(),
-				23, 59, 59, 0, form.Deadline.Location())
-			deadlineUnix = timeutil.TimeStamp(deadline.Unix())
+		if form.RemoveDeadline == nil || !*form.RemoveDeadline {
+			if form.Deadline == nil {
+				ctx.Error(http.StatusBadRequest, "", "The due_date cannot be empty")
+				return
+			}
+			if !form.Deadline.IsZero() {
+				deadline := time.Date(form.Deadline.Year(), form.Deadline.Month(), form.Deadline.Day(),
+					23, 59, 59, 0, form.Deadline.Location())
+				deadlineUnix = timeutil.TimeStamp(deadline.Unix())
+			}
 		}
 
 		if err := issues_model.UpdateIssueDeadline(ctx, issue, deadlineUnix, ctx.Doer); err != nil {

From 3febcaa53bf6107c35b3d54b0f7a82effc39fe35 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Sun, 15 Sep 2024 01:17:49 +0800
Subject: [PATCH 077/129] Use a common message template instead of a special
 one (#31878)

---
 options/locale/locale_en-US.ini | 2 +-
 routers/web/repo/commit.go      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 818a8aa5b0d..601671d8b90 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -159,6 +159,7 @@ filter.public = Public
 filter.private = Private
 
 no_results_found = No results found.
+internal_error_skipped = Internal error occurred but is skipped: %s
 
 [search]
 search = Search...
@@ -1279,7 +1280,6 @@ commit_graph.color = Color
 commit.contained_in = This commit is contained in:
 commit.contained_in_default_branch = This commit is part of the default branch
 commit.load_referencing_branches_and_tags = Load branches and tags referencing this commit
-commit.load_tags_failed = Load tags failed because of internal error
 blame = Blame
 download_file = Download file
 normal_view = Normal View
diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index c91d5fad056..a433dd228e3 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -90,7 +90,7 @@ func Commits(ctx *context.Context) {
 	commitsTagsMap, err := repo_model.FindTagsByCommitIDs(ctx, ctx.Repo.Repository.ID, commitIDs...)
 	if err != nil {
 		log.Error("FindTagsByCommitIDs: %v", err)
-		ctx.Flash.Error(ctx.Tr("repo.commit.load_tags_failed"))
+		ctx.Flash.Error(ctx.Tr("internal_error_skipped", "FindTagsByCommitIDs"))
 	} else {
 		ctx.Data["CommitsTagsMap"] = commitsTagsMap
 	}

From 6f989fc50623840449efd5b269ad4607c0c6d869 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Sun, 15 Sep 2024 00:34:01 +0000
Subject: [PATCH 078/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_fr-FR.ini | 1 -
 options/locale/locale_ja-JP.ini | 1 -
 options/locale/locale_pt-PT.ini | 1 -
 3 files changed, 3 deletions(-)

diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 4866f931bae..8491e9b6074 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -1254,7 +1254,6 @@ commit_graph.color=Couleur
 commit.contained_in=Cette révision appartient à :
 commit.contained_in_default_branch=Cette révision appartient à la branche par défaut
 commit.load_referencing_branches_and_tags=Charger les branches et étiquettes référençant cette révision
-commit.load_tags_failed=Le chargement des étiquettes a échoué à cause d’une erreur interne
 blame=Annotations
 download_file=Télécharger le fichier
 normal_view=Vue normale
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index ea5a95c6a11..92d040541aa 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -1263,7 +1263,6 @@ commit_graph.color=カラー
 commit.contained_in=このコミットが含まれているのは:
 commit.contained_in_default_branch=このコミットはデフォルトブランチに含まれています
 commit.load_referencing_branches_and_tags=このコミットを参照しているブランチやタグを取得
-commit.load_tags_failed=内部エラーによりタグの読み込みに失敗しました
 blame=Blame
 download_file=ファイルをダウンロード
 normal_view=通常表示
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index c743cdfaad3..fdb81e88c62 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1279,7 +1279,6 @@ commit_graph.color=Colorido
 commit.contained_in=Este cometimento está contido em:
 commit.contained_in_default_branch=Este cometimento é parte do ramo principal
 commit.load_referencing_branches_and_tags=Carregar ramos e etiquetas que referenciem este cometimento
-commit.load_tags_failed=O carregamento das etiquetas falhou por causa de um erro interno
 blame=Responsabilidade
 download_file=Descarregar ficheiro
 normal_view=Vista normal

From 74550a9b941abcb4ea1bb5ac60669c2e5862c1c2 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Mon, 16 Sep 2024 00:31:40 +0000
Subject: [PATCH 079/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_pt-PT.ini | 1 +
 1 file changed, 1 insertion(+)

diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index fdb81e88c62..d33cddeaf76 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -159,6 +159,7 @@ filter.public=Público
 filter.private=Privado
 
 no_results_found=Não foram encontrados quaisquer resultados.
+internal_error_skipped=Ocorreu um erro interno mas foi ignorado: %s
 
 [search]
 search=Pesquisar...

From 859be098131de3d09d5677e48b00cb9421e4d849 Mon Sep 17 00:00:00 2001
From: Simon Pistache <105607989+SimonPistache@users.noreply.github.com>
Date: Mon, 16 Sep 2024 22:41:46 +0200
Subject: [PATCH 080/129] feat(#31666): Set the columns height to hug all its
 contents (#31726)

In Projects, columns heights are defined by the sum of all contents
height of the biggest column, rather than a fraction of the viewport
height. It default to 60vh when there is no cards to display.

Fix #31666
---
 web_src/css/features/projects.css | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/web_src/css/features/projects.css b/web_src/css/features/projects.css
index 08547cd8728..9d462c4c4ab 100644
--- a/web_src/css/features/projects.css
+++ b/web_src/css/features/projects.css
@@ -3,6 +3,8 @@
   flex-direction: row;
   flex-wrap: nowrap;
   overflow-x: auto;
+  overflow-y: clip;
+  align-items: stretch;
   margin: 0 0.5em;
 }
 
@@ -25,8 +27,8 @@
   margin: 0 0.5rem !important;
   padding: 0.5rem !important;
   width: 320px;
-  height: calc(100vh - 450px);
-  min-height: 60vh;
+  height: initial;
+  min-height: max(calc(100vh - 400px), 300px);
   flex: 0 0 auto;
   overflow: visible;
   display: flex;
@@ -61,7 +63,7 @@
   padding: 0 !important;
   flex-wrap: nowrap !important;
   flex-direction: column;
-  overflow-x: auto;
+  overflow-x: clip;
   gap: .25rem;
 }
 

From f528df944bb9436afcb9272add2ee0cccefbdb55 Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Mon, 16 Sep 2024 23:10:33 +0200
Subject: [PATCH 081/129] Do not escape relative path in RPM primary index
 (#32038)

Fixes #32021

Do not escape the relative path.
---
 services/packages/rpm/repository.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/services/packages/rpm/repository.go b/services/packages/rpm/repository.go
index bc342e53ab6..a7d196c15c5 100644
--- a/services/packages/rpm/repository.go
+++ b/services/packages/rpm/repository.go
@@ -13,7 +13,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"net/url"
 	"strings"
 	"time"
 
@@ -438,7 +437,7 @@ func buildPrimary(ctx context.Context, pv *packages_model.PackageVersion, pfs []
 				Archive:   pd.FileMetadata.ArchiveSize,
 			},
 			Location: Location{
-				Href: fmt.Sprintf("package/%s/%s/%s/%s", url.PathEscape(pd.Package.Name), url.PathEscape(packageVersion), url.PathEscape(pd.FileMetadata.Architecture), url.PathEscape(fmt.Sprintf("%s-%s.%s.rpm", pd.Package.Name, packageVersion, pd.FileMetadata.Architecture))),
+				Href: fmt.Sprintf("package/%s/%s/%s/%s-%s.%s.rpm", pd.Package.Name, packageVersion, pd.FileMetadata.Architecture, pd.Package.Name, packageVersion, pd.FileMetadata.Architecture),
 			},
 			Format: Format{
 				License:   pd.VersionMetadata.License,

From 7dde3e64894edf9949f5199c0d1084bb3015cac9 Mon Sep 17 00:00:00 2001
From: Bruno Sofiato <bruno.sofiato@gmail.com>
Date: Tue, 17 Sep 2024 15:33:11 -0300
Subject: [PATCH 082/129] Included tag search capabilities (#32045)

Resolves #31998

The first screenshot shows the tag page without any filter being
applied:


![image](https://github.com/user-attachments/assets/eac0e51c-9e48-42b2-bb1c-a25896ca40cb)

The second one, shows the page when the given filter returns no tag:


![image](https://github.com/user-attachments/assets/98df191e-1a7b-4947-b0ef-4987a0293c3e)

The last one shows a single tag being filtered:


![image](https://github.com/user-attachments/assets/79c7e05e-8c86-4f06-b17e-15818b7b9291)

Signed-off-by: Bruno Sofiato <bruno.sofiato@gmail.com>
---
 models/repo/release.go          |  6 ++++++
 options/locale/locale_en-US.ini |  2 ++
 routers/web/repo/release.go     | 18 ++++++++++++++----
 templates/repo/tag/list.tmpl    | 16 ++++++++++++----
 4 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/models/repo/release.go b/models/repo/release.go
index 16432583011..7c66cbc1af7 100644
--- a/models/repo/release.go
+++ b/models/repo/release.go
@@ -234,6 +234,7 @@ type FindReleasesOptions struct {
 	IsDraft       optional.Option[bool]
 	TagNames      []string
 	HasSha1       optional.Option[bool] // useful to find draft releases which are created with existing tags
+	NamePattern   optional.Option[string]
 }
 
 func (opts FindReleasesOptions) ToConds() builder.Cond {
@@ -261,6 +262,11 @@ func (opts FindReleasesOptions) ToConds() builder.Cond {
 			cond = cond.And(builder.Eq{"sha1": ""})
 		}
 	}
+
+	if opts.NamePattern.Has() && opts.NamePattern.Value() != "" {
+		cond = cond.And(builder.Like{"lower_tag_name", strings.ToLower(opts.NamePattern.Value())})
+	}
+
 	return cond
 }
 
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 601671d8b90..951994253ac 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -178,6 +178,8 @@ code_search_by_git_grep = Current code search results are provided by "git grep"
 package_kind = Search packages...
 project_kind = Search projects...
 branch_kind = Search branches...
+tag_kind = Search tags...
+tag_tooltip = Search for matching tags. Use '%' to match any sequence of numbers.
 commit_kind = Search commits...
 runner_kind = Search runners...
 no_results = No matching results found.
diff --git a/routers/web/repo/release.go b/routers/web/repo/release.go
index a2833034925..f551fffe956 100644
--- a/routers/web/repo/release.go
+++ b/routers/web/repo/release.go
@@ -214,6 +214,8 @@ func TagsList(ctx *context.Context) {
 	ctx.Data["HideBranchesInDropdown"] = true
 	ctx.Data["CanCreateRelease"] = ctx.Repo.CanWrite(unit.TypeReleases) && !ctx.Repo.Repository.IsArchived
 
+	namePattern := ctx.FormTrim("q")
+
 	listOptions := db.ListOptions{
 		Page:     ctx.FormInt("page"),
 		PageSize: ctx.FormInt("limit"),
@@ -233,6 +235,7 @@ func TagsList(ctx *context.Context) {
 		IncludeTags:   true,
 		HasSha1:       optional.Some(true),
 		RepoID:        ctx.Repo.Repository.ID,
+		NamePattern:   optional.Some(namePattern),
 	}
 
 	releases, err := db.Find[repo_model.Release](ctx, opts)
@@ -241,14 +244,21 @@ func TagsList(ctx *context.Context) {
 		return
 	}
 
-	ctx.Data["Releases"] = releases
+	count, err := db.Count[repo_model.Release](ctx, opts)
+	if err != nil {
+		ctx.ServerError("GetReleasesByRepoID", err)
+		return
+	}
 
-	numTags := ctx.Data["NumTags"].(int64)
-	pager := context.NewPagination(int(numTags), opts.PageSize, opts.Page, 5)
+	ctx.Data["Keyword"] = namePattern
+	ctx.Data["Releases"] = releases
+	ctx.Data["TagCount"] = count
+
+	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
-
 	ctx.Data["PageIsViewCode"] = !ctx.Repo.Repository.UnitEnabled(ctx, unit.TypeReleases)
+
 	ctx.HTML(http.StatusOK, tplTagsList)
 }
 
diff --git a/templates/repo/tag/list.tmpl b/templates/repo/tag/list.tmpl
index 354808ed2e0..eac846da7dd 100644
--- a/templates/repo/tag/list.tmpl
+++ b/templates/repo/tag/list.tmpl
@@ -4,14 +4,19 @@
 	<div class="ui container">
 		{{template "base/alert" .}}
 		{{template "repo/release_tag_header" .}}
-		{{if .Releases}}
 		<h4 class="ui top attached header">
 			<div class="five wide column tw-flex tw-items-center">
-				{{svg "octicon-tag" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.release.tags"}}
+				{{.TagCount}} {{ctx.Locale.Tr "repo.release.tags"}}
 			</div>
 		</h4>
 		{{$canReadReleases := $.Permission.CanRead ctx.Consts.RepoUnitTypeReleases}}
+		<div class="ui attached segment">
+			<form class="ignore-dirty" method="get">
+				{{template "shared/search/combo" dict "Value" .Keyword "Placeholder" (ctx.Locale.Tr "search.tag_kind") "Tooltip" (ctx.Locale.Tr "search.tag_tooltip")}}
+			</form>
+		</div>
 		<div class="ui attached table segment">
+			{{if .Releases}}
 			<table class="ui very basic striped fixed table single line" id="tags-table">
 				<tbody class="tag-list">
 					{{range $idx, $release := .Releases}}
@@ -57,9 +62,12 @@
 					{{end}}
 				</tbody>
 			</table>
+			{{else}}
+				{{if .NumTags}}
+					<p class="tw-p-4">{{ctx.Locale.Tr "no_results_found"}}</p>
+				{{end}}
+			{{end}}
 		</div>
-		{{end}}
-
 		{{template "base/paginate" .}}
 	</div>
 </div>

From f38e1014483b84f4541ffb354cd5dfdd7e000e2c Mon Sep 17 00:00:00 2001
From: hiifong <i@hiif.ong>
Date: Wed, 18 Sep 2024 03:02:48 +0800
Subject: [PATCH 083/129] Lazy load avatar images (#32051)

---
 modules/templates/util_avatar.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/templates/util_avatar.go b/modules/templates/util_avatar.go
index 85832cf264c..afc10915163 100644
--- a/modules/templates/util_avatar.go
+++ b/modules/templates/util_avatar.go
@@ -34,7 +34,7 @@ func AvatarHTML(src string, size int, class, name string) template.HTML {
 		name = "avatar"
 	}
 
-	return template.HTML(`<img class="` + class + `" src="` + src + `" title="` + html.EscapeString(name) + `" width="` + sizeStr + `" height="` + sizeStr + `"/>`)
+	return template.HTML(`<img loading="lazy" class="` + class + `" src="` + src + `" title="` + html.EscapeString(name) + `" width="` + sizeStr + `" height="` + sizeStr + `"/>`)
 }
 
 // Avatar renders user avatars. args: user, size (int), class (string)

From 8cdf4e29c4646cd3c35453e09a153406650c4fbc Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 18 Sep 2024 03:35:59 +0800
Subject: [PATCH 084/129] Fix CI (#32062)

---
 go.mod | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/go.mod b/go.mod
index fae080f12f2..dd36f639860 100644
--- a/go.mod
+++ b/go.mod
@@ -2,6 +2,11 @@ module code.gitea.io/gitea
 
 go 1.23
 
+// rfc5280 said: "The serial number is an integer assigned by the CA to each certificate."
+// But some CAs use negative serial number, just relax the check. related:
+// Default TLS cert uses negative serial number #895 https://github.com/microsoft/mssql-docker/issues/895
+godebug x509negativeserial=1
+
 require (
 	code.gitea.io/actions-proto-go v0.4.0
 	code.gitea.io/gitea-vet v0.2.3

From 55f1fcf0ad20d69fcd62c764f6da74ae56bd5f73 Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Tue, 17 Sep 2024 22:56:26 +0200
Subject: [PATCH 085/129] Add missing comment reply handling (#32050)

Fixes #31937

- Add missing comment reply handling
- Use `onGiteaRun` in the test because the fixtures are not present
otherwise (did this behaviour change?)

Compare without whitespaces.
---
 services/mailer/incoming/incoming_handler.go |  62 ++--
 tests/integration/incoming_email_test.go     | 304 ++++++++++---------
 2 files changed, 186 insertions(+), 180 deletions(-)

diff --git a/services/mailer/incoming/incoming_handler.go b/services/mailer/incoming/incoming_handler.go
index dc0b5398221..38a234eac1f 100644
--- a/services/mailer/incoming/incoming_handler.go
+++ b/services/mailer/incoming/incoming_handler.go
@@ -82,43 +82,40 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
 		return nil
 	}
 
+	attachmentIDs := make([]string, 0, len(content.Attachments))
+	if setting.Attachment.Enabled {
+		for _, attachment := range content.Attachments {
+			a, err := attachment_service.UploadAttachment(ctx, bytes.NewReader(attachment.Content), setting.Attachment.AllowedTypes, int64(len(attachment.Content)), &repo_model.Attachment{
+				Name:       attachment.Name,
+				UploaderID: doer.ID,
+				RepoID:     issue.Repo.ID,
+			})
+			if err != nil {
+				if upload.IsErrFileTypeForbidden(err) {
+					log.Info("Skipping disallowed attachment type: %s", attachment.Name)
+					continue
+				}
+				return err
+			}
+			attachmentIDs = append(attachmentIDs, a.UUID)
+		}
+	}
+
+	if content.Content == "" && len(attachmentIDs) == 0 {
+		return nil
+	}
+
 	switch r := ref.(type) {
 	case *issues_model.Issue:
-		attachmentIDs := make([]string, 0, len(content.Attachments))
-		if setting.Attachment.Enabled {
-			for _, attachment := range content.Attachments {
-				a, err := attachment_service.UploadAttachment(ctx, bytes.NewReader(attachment.Content), setting.Attachment.AllowedTypes, int64(len(attachment.Content)), &repo_model.Attachment{
-					Name:       attachment.Name,
-					UploaderID: doer.ID,
-					RepoID:     issue.Repo.ID,
-				})
-				if err != nil {
-					if upload.IsErrFileTypeForbidden(err) {
-						log.Info("Skipping disallowed attachment type: %s", attachment.Name)
-						continue
-					}
-					return err
-				}
-				attachmentIDs = append(attachmentIDs, a.UUID)
-			}
-		}
-
-		if content.Content == "" && len(attachmentIDs) == 0 {
-			return nil
-		}
-
-		_, err = issue_service.CreateIssueComment(ctx, doer, issue.Repo, issue, content.Content, attachmentIDs)
+		_, err := issue_service.CreateIssueComment(ctx, doer, issue.Repo, issue, content.Content, attachmentIDs)
 		if err != nil {
 			return fmt.Errorf("CreateIssueComment failed: %w", err)
 		}
 	case *issues_model.Comment:
 		comment := r
 
-		if content.Content == "" {
-			return nil
-		}
-
-		if comment.Type == issues_model.CommentTypeCode {
+		switch comment.Type {
+		case issues_model.CommentTypeCode:
 			_, err := pull_service.CreateCodeComment(
 				ctx,
 				doer,
@@ -130,11 +127,16 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
 				false, // not pending review but a single review
 				comment.ReviewID,
 				"",
-				nil,
+				attachmentIDs,
 			)
 			if err != nil {
 				return fmt.Errorf("CreateCodeComment failed: %w", err)
 			}
+		default:
+			_, err := issue_service.CreateIssueComment(ctx, doer, issue.Repo, issue, content.Content, attachmentIDs)
+			if err != nil {
+				return fmt.Errorf("CreateIssueComment failed: %w", err)
+			}
 		}
 	}
 	return nil
diff --git a/tests/integration/incoming_email_test.go b/tests/integration/incoming_email_test.go
index 12848338648..88571303ac7 100644
--- a/tests/integration/incoming_email_test.go
+++ b/tests/integration/incoming_email_test.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"net"
 	"net/smtp"
+	"net/url"
 	"strings"
 	"testing"
 	"time"
@@ -26,187 +27,190 @@ import (
 )
 
 func TestIncomingEmail(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 1})
 
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 1})
+		t.Run("Payload", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
 
-	t.Run("Payload", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
+			comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 1})
 
-		comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 1})
+			_, err := incoming_payload.CreateReferencePayload(user)
+			assert.Error(t, err)
 
-		_, err := incoming_payload.CreateReferencePayload(user)
-		assert.Error(t, err)
+			issuePayload, err := incoming_payload.CreateReferencePayload(issue)
+			assert.NoError(t, err)
+			commentPayload, err := incoming_payload.CreateReferencePayload(comment)
+			assert.NoError(t, err)
 
-		issuePayload, err := incoming_payload.CreateReferencePayload(issue)
-		assert.NoError(t, err)
-		commentPayload, err := incoming_payload.CreateReferencePayload(comment)
-		assert.NoError(t, err)
+			_, err = incoming_payload.GetReferenceFromPayload(db.DefaultContext, []byte{1, 2, 3})
+			assert.Error(t, err)
 
-		_, err = incoming_payload.GetReferenceFromPayload(db.DefaultContext, []byte{1, 2, 3})
-		assert.Error(t, err)
+			ref, err := incoming_payload.GetReferenceFromPayload(db.DefaultContext, issuePayload)
+			assert.NoError(t, err)
+			assert.IsType(t, ref, new(issues_model.Issue))
+			assert.EqualValues(t, issue.ID, ref.(*issues_model.Issue).ID)
 
-		ref, err := incoming_payload.GetReferenceFromPayload(db.DefaultContext, issuePayload)
-		assert.NoError(t, err)
-		assert.IsType(t, ref, new(issues_model.Issue))
-		assert.EqualValues(t, issue.ID, ref.(*issues_model.Issue).ID)
+			ref, err = incoming_payload.GetReferenceFromPayload(db.DefaultContext, commentPayload)
+			assert.NoError(t, err)
+			assert.IsType(t, ref, new(issues_model.Comment))
+			assert.EqualValues(t, comment.ID, ref.(*issues_model.Comment).ID)
+		})
 
-		ref, err = incoming_payload.GetReferenceFromPayload(db.DefaultContext, commentPayload)
-		assert.NoError(t, err)
-		assert.IsType(t, ref, new(issues_model.Comment))
-		assert.EqualValues(t, comment.ID, ref.(*issues_model.Comment).ID)
-	})
+		t.Run("Token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
 
-	t.Run("Token", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
+			payload := []byte{1, 2, 3, 4, 5}
 
-		payload := []byte{1, 2, 3, 4, 5}
+			token, err := token_service.CreateToken(token_service.ReplyHandlerType, user, payload)
+			assert.NoError(t, err)
+			assert.NotEmpty(t, token)
 
-		token, err := token_service.CreateToken(token_service.ReplyHandlerType, user, payload)
-		assert.NoError(t, err)
-		assert.NotEmpty(t, token)
+			ht, u, p, err := token_service.ExtractToken(db.DefaultContext, token)
+			assert.NoError(t, err)
+			assert.Equal(t, token_service.ReplyHandlerType, ht)
+			assert.Equal(t, user.ID, u.ID)
+			assert.Equal(t, payload, p)
+		})
 
-		ht, u, p, err := token_service.ExtractToken(db.DefaultContext, token)
-		assert.NoError(t, err)
-		assert.Equal(t, token_service.ReplyHandlerType, ht)
-		assert.Equal(t, user.ID, u.ID)
-		assert.Equal(t, payload, p)
-	})
+		t.Run("Handler", func(t *testing.T) {
+			t.Run("Reply", func(t *testing.T) {
+				t.Run("Comment", func(t *testing.T) {
+					defer tests.PrintCurrentTest(t)()
 
-	t.Run("Handler", func(t *testing.T) {
-		t.Run("Reply", func(t *testing.T) {
-			t.Run("Comment", func(t *testing.T) {
+					handler := &incoming.ReplyHandler{}
+
+					payload, err := incoming_payload.CreateReferencePayload(issue)
+					assert.NoError(t, err)
+
+					assert.Error(t, handler.Handle(db.DefaultContext, &incoming.MailContent{}, nil, payload))
+					assert.NoError(t, handler.Handle(db.DefaultContext, &incoming.MailContent{}, user, payload))
+
+					content := &incoming.MailContent{
+						Content: "reply by mail",
+						Attachments: []*incoming.Attachment{
+							{
+								Name:    "attachment.txt",
+								Content: []byte("test"),
+							},
+						},
+					}
+
+					assert.NoError(t, handler.Handle(db.DefaultContext, content, user, payload))
+
+					comments, err := issues_model.FindComments(db.DefaultContext, &issues_model.FindCommentsOptions{
+						IssueID: issue.ID,
+						Type:    issues_model.CommentTypeComment,
+					})
+					assert.NoError(t, err)
+					assert.NotEmpty(t, comments)
+					comment := comments[len(comments)-1]
+					assert.Equal(t, user.ID, comment.PosterID)
+					assert.Equal(t, content.Content, comment.Content)
+					assert.NoError(t, comment.LoadAttachments(db.DefaultContext))
+					assert.Len(t, comment.Attachments, 1)
+					attachment := comment.Attachments[0]
+					assert.Equal(t, content.Attachments[0].Name, attachment.Name)
+					assert.EqualValues(t, 4, attachment.Size)
+				})
+
+				t.Run("CodeComment", func(t *testing.T) {
+					defer tests.PrintCurrentTest(t)()
+
+					comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 6})
+					issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: comment.IssueID})
+
+					handler := &incoming.ReplyHandler{}
+					content := &incoming.MailContent{
+						Content: "code reply by mail",
+						Attachments: []*incoming.Attachment{
+							{
+								Name:    "attachment.txt",
+								Content: []byte("test"),
+							},
+						},
+					}
+
+					payload, err := incoming_payload.CreateReferencePayload(comment)
+					assert.NoError(t, err)
+
+					assert.NoError(t, handler.Handle(db.DefaultContext, content, user, payload))
+
+					comments, err := issues_model.FindComments(db.DefaultContext, &issues_model.FindCommentsOptions{
+						IssueID: issue.ID,
+						Type:    issues_model.CommentTypeCode,
+					})
+					assert.NoError(t, err)
+					assert.NotEmpty(t, comments)
+					comment = comments[len(comments)-1]
+					assert.Equal(t, user.ID, comment.PosterID)
+					assert.Equal(t, content.Content, comment.Content)
+					assert.NoError(t, comment.LoadAttachments(db.DefaultContext))
+					assert.Len(t, comment.Attachments, 1)
+					attachment := comment.Attachments[0]
+					assert.Equal(t, content.Attachments[0].Name, attachment.Name)
+					assert.EqualValues(t, 4, attachment.Size)
+				})
+			})
+
+			t.Run("Unsubscribe", func(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()
 
-				handler := &incoming.ReplyHandler{}
+				watching, err := issues_model.CheckIssueWatch(db.DefaultContext, user, issue)
+				assert.NoError(t, err)
+				assert.True(t, watching)
+
+				handler := &incoming.UnsubscribeHandler{}
+
+				content := &incoming.MailContent{
+					Content: "unsub me",
+				}
 
 				payload, err := incoming_payload.CreateReferencePayload(issue)
 				assert.NoError(t, err)
 
-				assert.Error(t, handler.Handle(db.DefaultContext, &incoming.MailContent{}, nil, payload))
-				assert.NoError(t, handler.Handle(db.DefaultContext, &incoming.MailContent{}, user, payload))
-
-				content := &incoming.MailContent{
-					Content: "reply by mail",
-					Attachments: []*incoming.Attachment{
-						{
-							Name:    "attachment.txt",
-							Content: []byte("test"),
-						},
-					},
-				}
-
 				assert.NoError(t, handler.Handle(db.DefaultContext, content, user, payload))
 
-				comments, err := issues_model.FindComments(db.DefaultContext, &issues_model.FindCommentsOptions{
-					IssueID: issue.ID,
-					Type:    issues_model.CommentTypeComment,
-				})
+				watching, err = issues_model.CheckIssueWatch(db.DefaultContext, user, issue)
 				assert.NoError(t, err)
-				assert.NotEmpty(t, comments)
-				comment := comments[len(comments)-1]
-				assert.Equal(t, user.ID, comment.PosterID)
-				assert.Equal(t, content.Content, comment.Content)
-				assert.NoError(t, comment.LoadAttachments(db.DefaultContext))
-				assert.Len(t, comment.Attachments, 1)
-				attachment := comment.Attachments[0]
-				assert.Equal(t, content.Attachments[0].Name, attachment.Name)
-				assert.EqualValues(t, 4, attachment.Size)
+				assert.False(t, watching)
 			})
+		})
 
-			t.Run("CodeComment", func(t *testing.T) {
+		if setting.IncomingEmail.Enabled {
+			// This test connects to the configured email server and is currently only enabled for MySql integration tests.
+			// It sends a reply to create a comment. If the comment is not detected after 10 seconds the test fails.
+			t.Run("IMAP", func(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()
 
-				comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 6})
-				issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: comment.IssueID})
-
-				handler := &incoming.ReplyHandler{}
-				content := &incoming.MailContent{
-					Content: "code reply by mail",
-					Attachments: []*incoming.Attachment{
-						{
-							Name:    "attachment.txt",
-							Content: []byte("test"),
-						},
-					},
-				}
-
-				payload, err := incoming_payload.CreateReferencePayload(comment)
+				payload, err := incoming_payload.CreateReferencePayload(issue)
+				assert.NoError(t, err)
+				token, err := token_service.CreateToken(token_service.ReplyHandlerType, user, payload)
 				assert.NoError(t, err)
 
-				assert.NoError(t, handler.Handle(db.DefaultContext, content, user, payload))
-
-				comments, err := issues_model.FindComments(db.DefaultContext, &issues_model.FindCommentsOptions{
-					IssueID: issue.ID,
-					Type:    issues_model.CommentTypeCode,
-				})
+				msg := gomail.NewMessage()
+				msg.SetHeader("To", strings.Replace(setting.IncomingEmail.ReplyToAddress, setting.IncomingEmail.TokenPlaceholder, token, 1))
+				msg.SetHeader("From", user.Email)
+				msg.SetBody("text/plain", token)
+				err = gomail.Send(&smtpTestSender{}, msg)
 				assert.NoError(t, err)
-				assert.NotEmpty(t, comments)
-				comment = comments[len(comments)-1]
-				assert.Equal(t, user.ID, comment.PosterID)
-				assert.Equal(t, content.Content, comment.Content)
-				assert.NoError(t, comment.LoadAttachments(db.DefaultContext))
-				assert.Empty(t, comment.Attachments)
+
+				assert.Eventually(t, func() bool {
+					comments, err := issues_model.FindComments(db.DefaultContext, &issues_model.FindCommentsOptions{
+						IssueID: issue.ID,
+						Type:    issues_model.CommentTypeComment,
+					})
+					assert.NoError(t, err)
+					assert.NotEmpty(t, comments)
+
+					comment := comments[len(comments)-1]
+
+					return comment.PosterID == user.ID && comment.Content == token
+				}, 10*time.Second, 1*time.Second)
 			})
-		})
-
-		t.Run("Unsubscribe", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-
-			watching, err := issues_model.CheckIssueWatch(db.DefaultContext, user, issue)
-			assert.NoError(t, err)
-			assert.True(t, watching)
-
-			handler := &incoming.UnsubscribeHandler{}
-
-			content := &incoming.MailContent{
-				Content: "unsub me",
-			}
-
-			payload, err := incoming_payload.CreateReferencePayload(issue)
-			assert.NoError(t, err)
-
-			assert.NoError(t, handler.Handle(db.DefaultContext, content, user, payload))
-
-			watching, err = issues_model.CheckIssueWatch(db.DefaultContext, user, issue)
-			assert.NoError(t, err)
-			assert.False(t, watching)
-		})
+		}
 	})
-
-	if setting.IncomingEmail.Enabled {
-		// This test connects to the configured email server and is currently only enabled for MySql integration tests.
-		// It sends a reply to create a comment. If the comment is not detected after 10 seconds the test fails.
-		t.Run("IMAP", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-
-			payload, err := incoming_payload.CreateReferencePayload(issue)
-			assert.NoError(t, err)
-			token, err := token_service.CreateToken(token_service.ReplyHandlerType, user, payload)
-			assert.NoError(t, err)
-
-			msg := gomail.NewMessage()
-			msg.SetHeader("To", strings.Replace(setting.IncomingEmail.ReplyToAddress, setting.IncomingEmail.TokenPlaceholder, token, 1))
-			msg.SetHeader("From", user.Email)
-			msg.SetBody("text/plain", token)
-			err = gomail.Send(&smtpTestSender{}, msg)
-			assert.NoError(t, err)
-
-			assert.Eventually(t, func() bool {
-				comments, err := issues_model.FindComments(db.DefaultContext, &issues_model.FindCommentsOptions{
-					IssueID: issue.ID,
-					Type:    issues_model.CommentTypeComment,
-				})
-				assert.NoError(t, err)
-				assert.NotEmpty(t, comments)
-
-				comment := comments[len(comments)-1]
-
-				return comment.PosterID == user.ID && comment.Content == token
-			}, 10*time.Second, 1*time.Second)
-		})
-	}
 }
 
 // A simple SMTP mail sender used for integration tests.

From 1fede04b83288d8a91304a83b7601699bb5cba04 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 18 Sep 2024 15:17:25 +0800
Subject: [PATCH 086/129] Refactor CSRF protector (#32057)

Remove unused CSRF options, decouple "new csrf protector" and "prepare"
logic, do not redirect to home page if CSRF validation falis (it
shouldn't happen in daily usage, if it happens, redirecting to home
doesn't help either but just makes the problem more complex for "fetch")
---
 options/locale/locale_en-US.ini       |   2 -
 routers/web/web.go                    |   2 +
 services/context/context.go           |   6 +-
 services/context/csrf.go              | 192 ++++++++------------------
 tests/integration/attachment_test.go  |   3 +-
 tests/integration/csrf_test.go        |  26 +---
 tests/integration/repo_branch_test.go |  12 +-
 7 files changed, 71 insertions(+), 172 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 951994253ac..dc85d7c97ca 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -222,8 +222,6 @@ string.desc = Z - A
 [error]
 occurred = An error occurred
 report_message = If you believe that this is a Gitea bug, please search for issues on <a href="%s" target="_blank">GitHub</a> or open a new issue if necessary.
-missing_csrf = Bad Request: no CSRF token present
-invalid_csrf = Bad Request: invalid CSRF token
 not_found = The target couldn't be found.
 network_error = Network error
 
diff --git a/routers/web/web.go b/routers/web/web.go
index 41b019e4b59..f1e941a84ef 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -129,6 +129,8 @@ func webAuth(authMethod auth_service.Method) func(*context.Context) {
 			// ensure the session uid is deleted
 			_ = ctx.Session.Delete("uid")
 		}
+
+		ctx.Csrf.PrepareForSessionUser(ctx)
 	}
 }
 
diff --git a/services/context/context.go b/services/context/context.go
index 69b65cbddbc..42f7c3d9d1d 100644
--- a/services/context/context.go
+++ b/services/context/context.go
@@ -138,10 +138,8 @@ func Contexter() func(next http.Handler) http.Handler {
 	csrfOpts := CsrfOptions{
 		Secret:         hex.EncodeToString(setting.GetGeneralTokenSigningSecret()),
 		Cookie:         setting.CSRFCookieName,
-		SetCookie:      true,
 		Secure:         setting.SessionConfig.Secure,
 		CookieHTTPOnly: setting.CSRFCookieHTTPOnly,
-		Header:         "X-Csrf-Token",
 		CookieDomain:   setting.SessionConfig.Domain,
 		CookiePath:     setting.SessionConfig.CookiePath,
 		SameSite:       setting.SessionConfig.SameSite,
@@ -167,7 +165,7 @@ func Contexter() func(next http.Handler) http.Handler {
 			ctx.Base.AppendContextValue(WebContextKey, ctx)
 			ctx.Base.AppendContextValueFunc(gitrepo.RepositoryContextKey, func() any { return ctx.Repo.GitRepo })
 
-			ctx.Csrf = PrepareCSRFProtector(csrfOpts, ctx)
+			ctx.Csrf = NewCSRFProtector(csrfOpts)
 
 			// Get the last flash message from cookie
 			lastFlashCookie := middleware.GetSiteCookie(ctx.Req, CookieNameFlash)
@@ -204,8 +202,6 @@ func Contexter() func(next http.Handler) http.Handler {
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 
 			ctx.Data["SystemConfig"] = setting.Config()
-			ctx.Data["CsrfToken"] = ctx.Csrf.GetToken()
-			ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)
 
 			// FIXME: do we really always need these setting? There should be someway to have to avoid having to always set these
 			ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
diff --git a/services/context/csrf.go b/services/context/csrf.go
index 9b0dc2923b5..9b66d613e3b 100644
--- a/services/context/csrf.go
+++ b/services/context/csrf.go
@@ -20,64 +20,42 @@
 package context
 
 import (
-	"encoding/base32"
-	"fmt"
+	"html/template"
 	"net/http"
 	"strconv"
 	"time"
 
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/modules/web/middleware"
+)
+
+const (
+	CsrfHeaderName = "X-Csrf-Token"
+	CsrfFormName   = "_csrf"
 )
 
 // CSRFProtector represents a CSRF protector and is used to get the current token and validate the token.
 type CSRFProtector interface {
-	// GetHeaderName returns HTTP header to search for token.
-	GetHeaderName() string
-	// GetFormName returns form value to search for token.
-	GetFormName() string
-	// GetToken returns the token.
-	GetToken() string
-	// Validate validates the token in http context.
+	// PrepareForSessionUser prepares the csrf protector for the current session user.
+	PrepareForSessionUser(ctx *Context)
+	// Validate validates the csrf token in http context.
 	Validate(ctx *Context)
-	// DeleteCookie deletes the cookie
+	// DeleteCookie deletes the csrf cookie
 	DeleteCookie(ctx *Context)
 }
 
 type csrfProtector struct {
 	opt CsrfOptions
-	// Token generated to pass via header, cookie, or hidden form value.
-	Token string
-	// This value must be unique per user.
-	ID string
-}
-
-// GetHeaderName returns the name of the HTTP header for csrf token.
-func (c *csrfProtector) GetHeaderName() string {
-	return c.opt.Header
-}
-
-// GetFormName returns the name of the form value for csrf token.
-func (c *csrfProtector) GetFormName() string {
-	return c.opt.Form
-}
-
-// GetToken returns the current token. This is typically used
-// to populate a hidden form in an HTML template.
-func (c *csrfProtector) GetToken() string {
-	return c.Token
+	// id must be unique per user.
+	id string
+	// token is the valid one which wil be used by end user and passed via header, cookie, or hidden form value.
+	token string
 }
 
 // CsrfOptions maintains options to manage behavior of Generate.
 type CsrfOptions struct {
 	// The global secret value used to generate Tokens.
 	Secret string
-	// HTTP header used to set and get token.
-	Header string
-	// Form value used to set and get token.
-	Form string
 	// Cookie value used to set and get token.
 	Cookie string
 	// Cookie domain.
@@ -87,103 +65,64 @@ type CsrfOptions struct {
 	CookieHTTPOnly bool
 	// SameSite set the cookie SameSite type
 	SameSite http.SameSite
-	// Key used for getting the unique ID per user.
-	SessionKey string
-	// oldSessionKey saves old value corresponding to SessionKey.
-	oldSessionKey string
-	// If true, send token via X-Csrf-Token header.
-	SetHeader bool
-	// If true, send token via _csrf cookie.
-	SetCookie bool
 	// Set the Secure flag to true on the cookie.
 	Secure bool
-	// Disallow Origin appear in request header.
-	Origin bool
-	// Cookie lifetime. Default is 0
-	CookieLifeTime int
+	// sessionKey is the key used for getting the unique ID per user.
+	sessionKey string
+	// oldSessionKey saves old value corresponding to sessionKey.
+	oldSessionKey string
 }
 
-func prepareDefaultCsrfOptions(opt CsrfOptions) CsrfOptions {
-	if opt.Secret == "" {
-		randBytes, err := util.CryptoRandomBytes(8)
-		if err != nil {
-			// this panic can be handled by the recover() in http handlers
-			panic(fmt.Errorf("failed to generate random bytes: %w", err))
-		}
-		opt.Secret = base32.StdEncoding.EncodeToString(randBytes)
-	}
-	if opt.Header == "" {
-		opt.Header = "X-Csrf-Token"
-	}
-	if opt.Form == "" {
-		opt.Form = "_csrf"
-	}
-	if opt.Cookie == "" {
-		opt.Cookie = "_csrf"
-	}
-	if opt.CookiePath == "" {
-		opt.CookiePath = "/"
-	}
-	if opt.SessionKey == "" {
-		opt.SessionKey = "uid"
-	}
-	if opt.CookieLifeTime == 0 {
-		opt.CookieLifeTime = int(CsrfTokenTimeout.Seconds())
-	}
-
-	opt.oldSessionKey = "_old_" + opt.SessionKey
-	return opt
-}
-
-func newCsrfCookie(c *csrfProtector, value string) *http.Cookie {
+func newCsrfCookie(opt *CsrfOptions, value string) *http.Cookie {
 	return &http.Cookie{
-		Name:     c.opt.Cookie,
+		Name:     opt.Cookie,
 		Value:    value,
-		Path:     c.opt.CookiePath,
-		Domain:   c.opt.CookieDomain,
-		MaxAge:   c.opt.CookieLifeTime,
-		Secure:   c.opt.Secure,
-		HttpOnly: c.opt.CookieHTTPOnly,
-		SameSite: c.opt.SameSite,
+		Path:     opt.CookiePath,
+		Domain:   opt.CookieDomain,
+		MaxAge:   int(CsrfTokenTimeout.Seconds()),
+		Secure:   opt.Secure,
+		HttpOnly: opt.CookieHTTPOnly,
+		SameSite: opt.SameSite,
 	}
 }
 
-// PrepareCSRFProtector returns a CSRFProtector to be used for every request.
-// Additionally, depending on options set, generated tokens will be sent via Header and/or Cookie.
-func PrepareCSRFProtector(opt CsrfOptions, ctx *Context) CSRFProtector {
-	opt = prepareDefaultCsrfOptions(opt)
-	x := &csrfProtector{opt: opt}
-
-	if opt.Origin && len(ctx.Req.Header.Get("Origin")) > 0 {
-		return x
+func NewCSRFProtector(opt CsrfOptions) CSRFProtector {
+	if opt.Secret == "" {
+		panic("CSRF secret is empty but it must be set") // it shouldn't happen because it is always set in code
 	}
+	opt.Cookie = util.IfZero(opt.Cookie, "_csrf")
+	opt.CookiePath = util.IfZero(opt.CookiePath, "/")
+	opt.sessionKey = "uid"
+	opt.oldSessionKey = "_old_" + opt.sessionKey
+	return &csrfProtector{opt: opt}
+}
 
-	x.ID = "0"
-	uidAny := ctx.Session.Get(opt.SessionKey)
-	if uidAny != nil {
+func (c *csrfProtector) PrepareForSessionUser(ctx *Context) {
+	c.id = "0"
+	if uidAny := ctx.Session.Get(c.opt.sessionKey); uidAny != nil {
 		switch uidVal := uidAny.(type) {
 		case string:
-			x.ID = uidVal
+			c.id = uidVal
 		case int64:
-			x.ID = strconv.FormatInt(uidVal, 10)
+			c.id = strconv.FormatInt(uidVal, 10)
 		default:
 			log.Error("invalid uid type in session: %T", uidAny)
 		}
 	}
 
-	oldUID := ctx.Session.Get(opt.oldSessionKey)
-	uidChanged := oldUID == nil || oldUID.(string) != x.ID
-	cookieToken := ctx.GetSiteCookie(opt.Cookie)
+	oldUID := ctx.Session.Get(c.opt.oldSessionKey)
+	uidChanged := oldUID == nil || oldUID.(string) != c.id
+	cookieToken := ctx.GetSiteCookie(c.opt.Cookie)
 
 	needsNew := true
 	if uidChanged {
-		_ = ctx.Session.Set(opt.oldSessionKey, x.ID)
+		_ = ctx.Session.Set(c.opt.oldSessionKey, c.id)
 	} else if cookieToken != "" {
 		// If cookie token presents, re-use existing unexpired token, else generate a new one.
 		if issueTime, ok := ParseCsrfToken(cookieToken); ok {
 			dur := time.Since(issueTime) // issueTime is not a monotonic-clock, the server time may change a lot to an early time.
 			if dur >= -CsrfTokenRegenerationInterval && dur <= CsrfTokenRegenerationInterval {
-				x.Token = cookieToken
+				c.token = cookieToken
 				needsNew = false
 			}
 		}
@@ -191,42 +130,33 @@ func PrepareCSRFProtector(opt CsrfOptions, ctx *Context) CSRFProtector {
 
 	if needsNew {
 		// FIXME: actionId.
-		x.Token = GenerateCsrfToken(x.opt.Secret, x.ID, "POST", time.Now())
-		if opt.SetCookie {
-			cookie := newCsrfCookie(x, x.Token)
-			ctx.Resp.Header().Add("Set-Cookie", cookie.String())
-		}
+		c.token = GenerateCsrfToken(c.opt.Secret, c.id, "POST", time.Now())
+		cookie := newCsrfCookie(&c.opt, c.token)
+		ctx.Resp.Header().Add("Set-Cookie", cookie.String())
 	}
 
-	if opt.SetHeader {
-		ctx.Resp.Header().Add(opt.Header, x.Token)
-	}
-	return x
+	ctx.Data["CsrfToken"] = c.token
+	ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + template.HTMLEscapeString(c.token) + `">`)
 }
 
 func (c *csrfProtector) validateToken(ctx *Context, token string) {
-	if !ValidCsrfToken(token, c.opt.Secret, c.ID, "POST", time.Now()) {
+	if !ValidCsrfToken(token, c.opt.Secret, c.id, "POST", time.Now()) {
 		c.DeleteCookie(ctx)
-		if middleware.IsAPIPath(ctx.Req) {
-			// currently, there should be no access to the APIPath with CSRF token. because templates shouldn't use the `/api/` endpoints.
-			http.Error(ctx.Resp, "Invalid CSRF token.", http.StatusBadRequest)
-		} else {
-			ctx.Flash.Error(ctx.Tr("error.invalid_csrf"))
-			ctx.Redirect(setting.AppSubURL + "/")
-		}
+		// currently, there should be no access to the APIPath with CSRF token. because templates shouldn't use the `/api/` endpoints.
+		// FIXME: distinguish what the response is for: HTML (web page) or JSON (fetch)
+		http.Error(ctx.Resp, "Invalid CSRF token.", http.StatusBadRequest)
 	}
 }
 
 // Validate should be used as a per route middleware. It attempts to get a token from an "X-Csrf-Token"
 // HTTP header and then a "_csrf" form value. If one of these is found, the token will be validated.
-// If this validation fails, custom Error is sent in the reply.
-// If neither a header nor form value is found, http.StatusBadRequest is sent.
+// If this validation fails, http.StatusBadRequest is sent.
 func (c *csrfProtector) Validate(ctx *Context) {
-	if token := ctx.Req.Header.Get(c.GetHeaderName()); token != "" {
+	if token := ctx.Req.Header.Get(CsrfHeaderName); token != "" {
 		c.validateToken(ctx, token)
 		return
 	}
-	if token := ctx.Req.FormValue(c.GetFormName()); token != "" {
+	if token := ctx.Req.FormValue(CsrfFormName); token != "" {
 		c.validateToken(ctx, token)
 		return
 	}
@@ -234,9 +164,7 @@ func (c *csrfProtector) Validate(ctx *Context) {
 }
 
 func (c *csrfProtector) DeleteCookie(ctx *Context) {
-	if c.opt.SetCookie {
-		cookie := newCsrfCookie(c, "")
-		cookie.MaxAge = -1
-		ctx.Resp.Header().Add("Set-Cookie", cookie.String())
-	}
+	cookie := newCsrfCookie(&c.opt, "")
+	cookie.MaxAge = -1
+	ctx.Resp.Header().Add("Set-Cookie", cookie.String())
 }
diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go
index 8206d8f4dc0..40969d26f2a 100644
--- a/tests/integration/attachment_test.go
+++ b/tests/integration/attachment_test.go
@@ -59,7 +59,8 @@ func createAttachment(t *testing.T, session *TestSession, repoURL, filename stri
 func TestCreateAnonymousAttachment(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	session := emptyTestSession(t)
-	createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusSeeOther)
+	// this test is not right because it just doesn't pass the CSRF validation
+	createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusBadRequest)
 }
 
 func TestCreateIssueAttachment(t *testing.T) {
diff --git a/tests/integration/csrf_test.go b/tests/integration/csrf_test.go
index a789859889b..fcb9661b8a8 100644
--- a/tests/integration/csrf_test.go
+++ b/tests/integration/csrf_test.go
@@ -5,12 +5,10 @@ package integration
 
 import (
 	"net/http"
-	"strings"
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -25,28 +23,12 @@ func TestCsrfProtection(t *testing.T) {
 	req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
 		"_csrf": "fake_csrf",
 	})
-	session.MakeRequest(t, req, http.StatusSeeOther)
-
-	resp := session.MakeRequest(t, req, http.StatusSeeOther)
-	loc := resp.Header().Get("Location")
-	assert.Equal(t, setting.AppSubURL+"/", loc)
-	resp = session.MakeRequest(t, NewRequest(t, "GET", loc), http.StatusOK)
-	htmlDoc := NewHTMLParser(t, resp.Body)
-	assert.Equal(t, "Bad Request: invalid CSRF token",
-		strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()),
-	)
+	resp := session.MakeRequest(t, req, http.StatusBadRequest)
+	assert.Contains(t, resp.Body.String(), "Invalid CSRF token")
 
 	// test web form csrf via header. TODO: should use an UI api to test
 	req = NewRequest(t, "POST", "/user/settings")
 	req.Header.Add("X-Csrf-Token", "fake_csrf")
-	session.MakeRequest(t, req, http.StatusSeeOther)
-
-	resp = session.MakeRequest(t, req, http.StatusSeeOther)
-	loc = resp.Header().Get("Location")
-	assert.Equal(t, setting.AppSubURL+"/", loc)
-	resp = session.MakeRequest(t, NewRequest(t, "GET", loc), http.StatusOK)
-	htmlDoc = NewHTMLParser(t, resp.Body)
-	assert.Equal(t, "Bad Request: invalid CSRF token",
-		strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()),
-	)
+	resp = session.MakeRequest(t, req, http.StatusBadRequest)
+	assert.Contains(t, resp.Body.String(), "Invalid CSRF token")
 }
diff --git a/tests/integration/repo_branch_test.go b/tests/integration/repo_branch_test.go
index d1bc9198c32..f5217374b00 100644
--- a/tests/integration/repo_branch_test.go
+++ b/tests/integration/repo_branch_test.go
@@ -17,7 +17,6 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/modules/translation"
@@ -146,15 +145,8 @@ func TestCreateBranchInvalidCSRF(t *testing.T) {
 		"_csrf":           "fake_csrf",
 		"new_branch_name": "test",
 	})
-	resp := session.MakeRequest(t, req, http.StatusSeeOther)
-	loc := resp.Header().Get("Location")
-	assert.Equal(t, setting.AppSubURL+"/", loc)
-	resp = session.MakeRequest(t, NewRequest(t, "GET", loc), http.StatusOK)
-	htmlDoc := NewHTMLParser(t, resp.Body)
-	assert.Equal(t,
-		"Bad Request: invalid CSRF token",
-		strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()),
-	)
+	resp := session.MakeRequest(t, req, http.StatusBadRequest)
+	assert.Contains(t, resp.Body.String(), "Invalid CSRF token")
 }
 
 func prepareBranch(t *testing.T, session *TestSession, repo *repo_model.Repository) {

From adea500aa07eb05e4456b516b4d9ca5f41adb937 Mon Sep 17 00:00:00 2001
From: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
Date: Wed, 18 Sep 2024 12:46:41 -0700
Subject: [PATCH 087/129] Resolve duplicate local string key related to PR
 comments (#32073)

A regression in #31924 caused there to be two `issues.review.comment`
keys in the English language locale file, leading to a problem when
reading PR review histories that contain comments.

This snapshot addresses this by making the newer key unique.
---
 models/issues/review.go         | 2 +-
 options/locale/locale_en-US.ini | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/models/issues/review.go b/models/issues/review.go
index 9a08e265ff3..9fb6d7573a8 100644
--- a/models/issues/review.go
+++ b/models/issues/review.go
@@ -247,7 +247,7 @@ func (r *Review) TooltipContent() string {
 		}
 		return "repo.issues.review.official"
 	case ReviewTypeComment:
-		return "repo.issues.review.comment"
+		return "repo.issues.review.commented"
 	case ReviewTypeReject:
 		return "repo.issues.review.rejected"
 	case ReviewTypeRequest:
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index dc85d7c97ca..957e73b171d 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1757,7 +1757,7 @@ issues.review.hide_resolved = Hide resolved
 issues.review.resolve_conversation = Resolve conversation
 issues.review.un_resolve_conversation = Unresolve conversation
 issues.review.resolved_by = marked this conversation as resolved
-issues.review.comment = Comment
+issues.review.commented = Comment
 issues.review.official = Approved
 issues.review.requested = Review pending
 issues.review.rejected = Changes requested

From 269c63092369322df8e4c6864acc9a433e5477a8 Mon Sep 17 00:00:00 2001
From: Exploding Dragon <explodingfkl@gmail.com>
Date: Thu, 19 Sep 2024 04:15:03 +0800
Subject: [PATCH 088/129] Fix: database not update release when using `git push
 --tags --force` (#32040)

link: https://codeberg.org/forgejo/forgejo/issues/4274

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
---
 services/repository/push.go        | 18 ++++++++-------
 tests/integration/repo_tag_test.go | 36 ++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 8 deletions(-)

diff --git a/services/repository/push.go b/services/repository/push.go
index f27e6a58dd6..8b81588c072 100644
--- a/services/repository/push.go
+++ b/services/repository/push.go
@@ -320,8 +320,9 @@ func pushUpdateAddTags(ctx context.Context, repo *repo_model.Repository, gitRepo
 	}
 
 	releases, err := db.Find[repo_model.Release](ctx, repo_model.FindReleasesOptions{
-		RepoID:   repo.ID,
-		TagNames: tags,
+		RepoID:      repo.ID,
+		TagNames:    tags,
+		IncludeTags: true,
 	})
 	if err != nil {
 		return fmt.Errorf("db.Find[repo_model.Release]: %w", err)
@@ -382,12 +383,12 @@ func pushUpdateAddTags(ctx context.Context, repo *repo_model.Repository, gitRepo
 
 		rel, has := relMap[lowerTag]
 
+		parts := strings.SplitN(tag.Message, "\n", 2)
+		note := ""
+		if len(parts) > 1 {
+			note = parts[1]
+		}
 		if !has {
-			parts := strings.SplitN(tag.Message, "\n", 2)
-			note := ""
-			if len(parts) > 1 {
-				note = parts[1]
-			}
 			rel = &repo_model.Release{
 				RepoID:       repo.ID,
 				Title:        parts[0],
@@ -408,10 +409,11 @@ func pushUpdateAddTags(ctx context.Context, repo *repo_model.Repository, gitRepo
 
 			newReleases = append(newReleases, rel)
 		} else {
+			rel.Title = parts[0]
+			rel.Note = note
 			rel.Sha1 = commit.ID.String()
 			rel.CreatedUnix = timeutil.TimeStamp(createdAt.Unix())
 			rel.NumCommits = commitsCount
-			rel.IsDraft = false
 			if rel.IsTag && author != nil {
 				rel.PublisherID = author.ID
 			}
diff --git a/tests/integration/repo_tag_test.go b/tests/integration/repo_tag_test.go
index 6d3d85532cc..d649f041ccf 100644
--- a/tests/integration/repo_tag_test.go
+++ b/tests/integration/repo_tag_test.go
@@ -4,6 +4,7 @@
 package integration
 
 import (
+	"net/http"
 	"net/url"
 	"testing"
 
@@ -18,6 +19,7 @@ import (
 	"code.gitea.io/gitea/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestCreateNewTagProtected(t *testing.T) {
@@ -60,6 +62,40 @@ func TestCreateNewTagProtected(t *testing.T) {
 		})
 	})
 
+	t.Run("GitTagForce", func(t *testing.T) {
+		onGiteaRun(t, func(t *testing.T, u *url.URL) {
+			httpContext := NewAPITestContext(t, owner.Name, repo.Name)
+
+			dstPath := t.TempDir()
+
+			u.Path = httpContext.GitPath()
+			u.User = url.UserPassword(owner.Name, userPassword)
+
+			doGitClone(dstPath, u)(t)
+
+			_, _, err := git.NewCommand(git.DefaultContext, "tag", "v-1.1", "-m", "force update", "--force").RunStdString(&git.RunOpts{Dir: dstPath})
+			require.NoError(t, err)
+
+			_, _, err = git.NewCommand(git.DefaultContext, "push", "--tags").RunStdString(&git.RunOpts{Dir: dstPath})
+			require.NoError(t, err)
+
+			_, _, err = git.NewCommand(git.DefaultContext, "tag", "v-1.1", "-m", "force update v2", "--force").RunStdString(&git.RunOpts{Dir: dstPath})
+			require.NoError(t, err)
+
+			_, _, err = git.NewCommand(git.DefaultContext, "push", "--tags").RunStdString(&git.RunOpts{Dir: dstPath})
+			require.Error(t, err)
+			assert.Contains(t, err.Error(), "the tag already exists in the remote")
+
+			_, _, err = git.NewCommand(git.DefaultContext, "push", "--tags", "--force").RunStdString(&git.RunOpts{Dir: dstPath})
+			require.NoError(t, err)
+			req := NewRequestf(t, "GET", "/%s/releases/tag/v-1.1", repo.FullName())
+			resp := MakeRequest(t, req, http.StatusOK)
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			tagsTab := htmlDoc.Find(".release-list-title")
+			assert.Contains(t, tagsTab.Text(), "force update v2")
+		})
+	})
+
 	// Cleanup
 	releases, err := db.Find[repo_model.Release](db.DefaultContext, repo_model.FindReleasesOptions{
 		IncludeTags: true,

From 2fc347bcb362af533d0e99b3a34788128ac97010 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Thu, 19 Sep 2024 00:30:35 +0000
Subject: [PATCH 089/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_cs-CZ.ini | 4 +---
 options/locale/locale_de-DE.ini | 4 +---
 options/locale/locale_el-GR.ini | 4 +---
 options/locale/locale_es-ES.ini | 4 +---
 options/locale/locale_fa-IR.ini | 3 +--
 options/locale/locale_fi-FI.ini | 3 +--
 options/locale/locale_fr-FR.ini | 4 +---
 options/locale/locale_hu-HU.ini | 2 +-
 options/locale/locale_is-IS.ini | 4 +---
 options/locale/locale_it-IT.ini | 4 +---
 options/locale/locale_ja-JP.ini | 4 +---
 options/locale/locale_ko-KR.ini | 2 +-
 options/locale/locale_lv-LV.ini | 4 +---
 options/locale/locale_nl-NL.ini | 4 +---
 options/locale/locale_pl-PL.ini | 4 +---
 options/locale/locale_pt-BR.ini | 4 +---
 options/locale/locale_pt-PT.ini | 6 +++---
 options/locale/locale_ru-RU.ini | 4 +---
 options/locale/locale_si-LK.ini | 3 +--
 options/locale/locale_sk-SK.ini | 2 --
 options/locale/locale_sv-SE.ini | 2 +-
 options/locale/locale_tr-TR.ini | 4 +---
 options/locale/locale_uk-UA.ini | 3 +--
 options/locale/locale_zh-CN.ini | 4 +---
 options/locale/locale_zh-TW.ini | 4 +---
 25 files changed, 26 insertions(+), 64 deletions(-)

diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 271bf114020..07cbfe2c8f9 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -218,8 +218,6 @@ string.desc=Z – A
 
 [error]
 occurred=Došlo k chybě
-missing_csrf=Špatný požadavek: Neexistuje CSRF token
-invalid_csrf=Špatný požadavek: Neplatný CSRF token
 not_found=Cíl nebyl nalezen.
 network_error=Chyba sítě
 
@@ -1701,7 +1699,6 @@ issues.dependency.add_error_dep_not_same_repo=Oba úkoly musí být ve stejném
 issues.review.self.approval=Nemůžete schválit svůj pull request.
 issues.review.self.rejection=Nemůžete požadovat změny ve svém vlastním pull requestu.
 issues.review.approve=schválil tyto změny %s
-issues.review.comment=Okomentovat
 issues.review.dismissed=zamítl/a posouzení od %s %s
 issues.review.dismissed_label=Zamítnuto
 issues.review.left_comment=zanechal komentář
@@ -1726,6 +1723,7 @@ issues.review.hide_resolved=Skrýt vyřešené
 issues.review.resolve_conversation=Vyřešit konverzaci
 issues.review.un_resolve_conversation=Nevyřešit konverzaci
 issues.review.resolved_by=označil tuto konverzaci jako vyřešenou
+issues.review.commented=Okomentovat
 issues.assignee.error=Ne všichni zpracovatelé byli přidáni z důvodu neočekávané chyby.
 issues.reference_issue.body=Tělo zprávy
 issues.content_history.deleted=vymazáno
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 78c9f0b41d6..7512c541015 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -213,8 +213,6 @@ string.desc=Z–A
 
 [error]
 occurred=Ein Fehler ist aufgetreten
-missing_csrf=Fehlerhafte Anfrage: Kein CSRF Token verfügbar
-invalid_csrf=Fehlerhafte Anfrage: Ungültiger CSRF Token
 not_found=Das Ziel konnte nicht gefunden werden.
 network_error=Netzwerkfehler
 
@@ -1681,7 +1679,6 @@ issues.dependency.add_error_dep_not_same_repo=Beide Issues müssen sich im selbe
 issues.review.self.approval=Du kannst nicht dein eigenen Pull-Request genehmigen.
 issues.review.self.rejection=Du kannst keine Änderungen an deinem eigenen Pull-Request anfragen.
 issues.review.approve=hat die Änderungen %s genehmigt
-issues.review.comment=Kommentieren
 issues.review.dismissed=verwarf %ss Review %s
 issues.review.dismissed_label=Verworfen
 issues.review.left_comment=hat einen Kommentar hinterlassen
@@ -1706,6 +1703,7 @@ issues.review.hide_resolved=Gelöste ausblenden
 issues.review.resolve_conversation=Diskussion als "erledigt" markieren
 issues.review.un_resolve_conversation=Diskussion als "nicht-erledigt" markieren
 issues.review.resolved_by=markierte diese Unterhaltung als gelöst
+issues.review.commented=Kommentieren
 issues.assignee.error=Aufgrund eines unerwarteten Fehlers konnten nicht alle Beauftragten hinzugefügt werden.
 issues.reference_issue.body=Beschreibung
 issues.content_history.deleted=gelöscht
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index ef314b13922..48610abb34e 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -184,8 +184,6 @@ string.desc=Z - A
 
 [error]
 occurred=Παρουσιάστηκε ένα σφάλμα
-missing_csrf=Bad Request: δεν υπάρχει διακριτικό CSRF
-invalid_csrf=Λάθος Αίτημα: μη έγκυρο διακριτικό CSRF
 not_found=Ο προορισμός δεν βρέθηκε.
 network_error=Σφάλμα δικτύου
 
@@ -1603,7 +1601,6 @@ issues.dependency.add_error_dep_not_same_repo=Και τα δύο ζητήματ
 issues.review.self.approval=Δεν μπορείτε να εγκρίνετε το δικό σας pull request.
 issues.review.self.rejection=Δεν μπορείτε να ζητήσετε αλλαγές στο δικό σας pull request.
 issues.review.approve=ενέκρινε αυτές τις αλλαγές %s
-issues.review.comment=Σχόλιο
 issues.review.dismissed=απέρριψε την αξιολόγηση %s %s
 issues.review.dismissed_label=Απορρίφθηκε
 issues.review.left_comment=άφησε ένα σχόλιο
@@ -1628,6 +1625,7 @@ issues.review.hide_resolved=Απόκρυψη επιλυμένων
 issues.review.resolve_conversation=Επίλυση συνομιλίας
 issues.review.un_resolve_conversation=Ανεπίλυτη συνομιλία
 issues.review.resolved_by=σημείωση αυτή την συνομιλία ως επιλυμένη
+issues.review.commented=Σχόλιο
 issues.assignee.error=Δεν προστέθηκαν όλοι οι παραλήπτες λόγω απροσδόκητου σφάλματος.
 issues.reference_issue.body=Σώμα
 issues.content_history.deleted=διαγράφηκε
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 5c0384b4477..7d637f3d3ab 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -182,8 +182,6 @@ string.desc=Z - A
 
 [error]
 occurred=Ha ocurrido un error
-missing_csrf=Solicitud incorrecta: sin token CSRF
-invalid_csrf=Solicitud incorrecta: el token CSRF no es válido
 not_found=El objetivo no pudo ser encontrado.
 network_error=Error de red
 
@@ -1593,7 +1591,6 @@ issues.dependency.add_error_dep_not_same_repo=Ambas incidencias deben estar en e
 issues.review.self.approval=No puede aprobar su propio pull request.
 issues.review.self.rejection=No puede sugerir cambios en su propio pull request.
 issues.review.approve=aprobado estos cambios %s
-issues.review.comment=Comentario
 issues.review.dismissed=descartó la revisión de %s %s
 issues.review.dismissed_label=Descartado
 issues.review.left_comment=dejó un comentario
@@ -1618,6 +1615,7 @@ issues.review.hide_resolved=Ocultar resueltos
 issues.review.resolve_conversation=Resolver conversación
 issues.review.un_resolve_conversation=Marcar conversación sin resolver
 issues.review.resolved_by=ha marcado esta conversación como resuelta
+issues.review.commented=Comentario
 issues.assignee.error=No todos los asignados fueron añadidos debido a un error inesperado.
 issues.reference_issue.body=Cuerpo
 issues.content_history.deleted=borrado
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index b141c7959e4..38fb70dae02 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -118,7 +118,6 @@ filter.private=خصوصی
 [filter]
 
 [error]
-missing_csrf=درخواست بد: بلیط CSRF ندارد
 
 [startpage]
 app_desc=یک سرویس گیت بی‌درد سر و راحت
@@ -1235,7 +1234,6 @@ issues.dependency.add_error_dep_not_same_repo=هر دو موضوع باید از
 issues.review.self.approval=شما نمی‌توانید تقاضای واکشی خود را تایید کنید.
 issues.review.self.rejection=شما نمی‌توانید تقاضا تغییرات تقاضای واکشی خود را تغییر دهید.
 issues.review.approve=این تغییرات را تایید شدند %s
-issues.review.comment=دیدگاه
 issues.review.dismissed=بررسی %s %s را رد شده
 issues.review.dismissed_label=رها شده
 issues.review.left_comment=یک نظر ثبت کرد
@@ -1256,6 +1254,7 @@ issues.review.hide_resolved=مخفی کردن حل شده ها
 issues.review.resolve_conversation=مکالمه را بعنوان حل شده علامت گذاری کردن
 issues.review.un_resolve_conversation=مکالمه را بعنوان حل نشده علامت گذاری کردن
 issues.review.resolved_by=علامت گذاری این مکالمه بعنوان حل شده
+issues.review.commented=دیدگاه
 issues.assignee.error=به دلیل خطای غیرمنتظره همه تکالیف اضافه نشد.
 issues.reference_issue.body=Body
 issues.content_history.deleted=حذف شده
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 1f8143ad846..200e104f46b 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -133,8 +133,6 @@ filter.private=Yksityinen
 
 [error]
 occurred=Virhe tapahtui
-missing_csrf=Virheellinen pyyntö: CSRF-tunnusta ei ole olemassa
-invalid_csrf=Virheellinen pyyntö: Virheellinen CSRF-tunniste
 not_found=Kohdetta ei löytynyt.
 network_error=Verkkovirhe
 
@@ -955,6 +953,7 @@ issues.review.left_comment=jätti kommentin
 issues.review.pending=Odottaa
 issues.review.show_resolved=Näytä ratkaisu
 issues.review.hide_resolved=Piilota ratkaisu
+issues.review.commented=Kommentoi
 issues.reference_issue.body=Kuvaus
 issues.content_history.deleted=poistettu
 issues.content_history.edited=muokattu
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 8491e9b6074..a61a7f7ebcc 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -217,8 +217,6 @@ string.desc=Z - A
 
 [error]
 occurred=Une erreur s’est produite
-missing_csrf=Requête incorrecte: aucun jeton CSRF présent
-invalid_csrf=Requête incorrecte : jeton CSRF invalide
 not_found=La cible n'a pu être trouvée.
 network_error=Erreur réseau
 
@@ -1704,7 +1702,6 @@ issues.dependency.add_error_dep_not_same_repo=Les deux tickets doivent être dan
 issues.review.self.approval=Vous ne pouvez approuver vos propres demandes d'ajout.
 issues.review.self.rejection=Vous ne pouvez demander de changements sur vos propres demandes de changement.
 issues.review.approve=a approuvé ces modifications %s.
-issues.review.comment=Commenter
 issues.review.dismissed=a révoqué l’évaluation de %s %s.
 issues.review.dismissed_label=Révoquée
 issues.review.left_comment=laisser un commentaire
@@ -1729,6 +1726,7 @@ issues.review.hide_resolved=Réduire
 issues.review.resolve_conversation=Clore la conversation
 issues.review.un_resolve_conversation=Rouvrir la conversation
 issues.review.resolved_by=a marqué cette conversation comme résolue.
+issues.review.commented=Commenter
 issues.assignee.error=Tous les assignés n'ont pas été ajoutés en raison d'une erreur inattendue.
 issues.reference_issue.body=Corps
 issues.content_history.deleted=a supprimé
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 6f057dc4c81..28605d48cf6 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -901,13 +901,13 @@ issues.dependency.add_error_dep_issue_not_exist=Függő hibajegy nem létezik.
 issues.dependency.add_error_dep_not_exist=A függőség nem létezik.
 issues.dependency.add_error_dep_exists=A függőség már létezik.
 issues.dependency.add_error_dep_not_same_repo=Mindkét hibajegynek ugyanabban a tárolóban kell lennie.
-issues.review.comment=Hozzászólás
 issues.review.reject=%s változtatások kérése
 issues.review.pending=Függőben
 issues.review.review=Értékelés
 issues.review.reviewers=Véleményezők
 issues.review.show_outdated=Elavultak mutatása
 issues.review.hide_outdated=Elavultak elrejtése
+issues.review.commented=Hozzászólás
 issues.assignee.error=Nem minden megbízott lett hozzáadva egy nem várt hiba miatt.
 
 
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index 01219b16c4c..656b5e1c565 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -129,8 +129,6 @@ filter.public=Opinbert
 
 [error]
 occurred=Villa kom upp
-missing_csrf=Slæm beiðni: enginn CSRF lykill
-invalid_csrf=Slæm beiðni: ógildur CSRF lykill
 not_found=Markmiðið fannst ekki.
 network_error=Netkerfisvilla
 
@@ -850,13 +848,13 @@ issues.dependency.remove_header=Fjarlægja Kröfu
 issues.dependency.add_error_dep_not_exist=Krafa er ekki til.
 issues.dependency.add_error_dep_exists=Krafa er nú þegar til.
 issues.review.approve=samþykkti þessar breytingar %s
-issues.review.comment=Senda Ummæli
 issues.review.dismissed_label=Hunsað
 issues.review.left_comment=gerði ummæli
 issues.review.pending=Í bið
 issues.review.outdated=Úrelt
 issues.review.show_outdated=Sýna úrelt
 issues.review.hide_outdated=Fela úreld
+issues.review.commented=Senda Ummæli
 issues.reference_issue.body=Meginmál
 issues.content_history.deleted=eytt
 issues.content_history.edited=breytt
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 1f7fe7939c2..3ddd2bbddfe 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -135,8 +135,6 @@ filter.private=Privati
 
 [error]
 occurred=Si è verificato un errore
-missing_csrf=Richiesta errata: nessun token CSRF presente
-invalid_csrf=Richiesta errata: token CSRF non valido
 not_found=Il bersaglio non è stato trovato.
 network_error=Errore di rete
 
@@ -1331,7 +1329,6 @@ issues.dependency.add_error_dep_not_same_repo=Entrambi i problemi devono essere
 issues.review.self.approval=Non puoi approvare la tua pull request.
 issues.review.self.rejection=Non puoi richiedere modifiche sulla tua pull request.
 issues.review.approve=hanno approvato queste modifiche %s
-issues.review.comment=Commentare
 issues.review.dismissed=recensione %s di %s respinta
 issues.review.dismissed_label=Respinta
 issues.review.left_comment=lascia un commento
@@ -1352,6 +1349,7 @@ issues.review.hide_resolved=Nascondi risolte
 issues.review.resolve_conversation=Risolvi la conversazione
 issues.review.un_resolve_conversation=Segnala la conversazione come non risolta
 issues.review.resolved_by=ha contrassegnato questa conversazione come risolta
+issues.review.commented=Commentare
 issues.assignee.error=Non tutte le assegnazioni sono state aggiunte a causa di un errore imprevisto.
 issues.reference_issue.body=Corpo
 issues.content_history.deleted=eliminato
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 92d040541aa..3edf68e9437 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -218,8 +218,6 @@ string.desc=Z - A
 
 [error]
 occurred=エラーが発生しました
-missing_csrf=不正なリクエスト: CSRFトークンがありません
-invalid_csrf=不正なリクエスト: CSRFトークンが無効です
 not_found=ターゲットが見つかりませんでした。
 network_error=ネットワークエラー
 
@@ -1714,7 +1712,6 @@ issues.dependency.add_error_dep_not_same_repo=両方とも同じリポジトリ
 issues.review.self.approval=自分のプルリクエストを承認することはできません。
 issues.review.self.rejection=自分のプルリクエストに対して修正を要求することはできません。
 issues.review.approve=が変更を承認 %s
-issues.review.comment=コメント
 issues.review.dismissed=が %s のレビューを棄却 %s
 issues.review.dismissed_label=棄却
 issues.review.left_comment=がコメント
@@ -1739,6 +1736,7 @@ issues.review.hide_resolved=解決済みを隠す
 issues.review.resolve_conversation=解決済みにする
 issues.review.un_resolve_conversation=未解決にする
 issues.review.resolved_by=がこの会話を解決済みにしました
+issues.review.commented=コメント
 issues.assignee.error=予期しないエラーにより、一部の担当者を追加できませんでした。
 issues.reference_issue.body=内容
 issues.content_history.deleted=削除しました
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index ef11284b08f..dc122ec4c35 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -818,12 +818,12 @@ issues.dependency.add_error_dep_not_same_repo=두 이슈는 같은 레포지토
 issues.review.self.approval=자신의 풀 리퀘스트를 승인할 수 없습니다.
 issues.review.self.rejection=자신의 풀 리퀘스트에 대한 변경을 요청할 수 없습니다.
 issues.review.approve="이 변경사항을 승인하였습니다. %s"
-issues.review.comment=댓글
 issues.review.pending=보류
 issues.review.review=검토
 issues.review.reviewers=리뷰어
 issues.review.show_outdated=오래된 내역 보기
 issues.review.hide_outdated=오래된 내역 숨기기
+issues.review.commented=댓글
 
 
 pulls.new=새 풀 리퀘스트
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index ee7ab1192c9..d8ab21e1703 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -187,8 +187,6 @@ string.desc=Z - A
 
 [error]
 occurred=Radusies kļūda
-missing_csrf=Kļūdains pieprasījums: netika iesūtīta drošības pilnvara
-invalid_csrf=Kļūdains pieprasījums: iesūtīta kļūdaina drošības pilnvara
 not_found=Pieprasītie dati netika atrasti.
 network_error=Tīkla kļūda
 
@@ -1609,7 +1607,6 @@ issues.dependency.add_error_dep_not_same_repo=Abām problēmām ir jābūt no vi
 issues.review.self.approval=Nevar apstiprināt savu izmaiņu pieprasījumi.
 issues.review.self.rejection=Nevar pieprasīt izmaiņas savam izmaiņu pieprasījumam.
 issues.review.approve=apstiprināja izmaiņas %s
-issues.review.comment=Komentēt
 issues.review.dismissed=atmeta %s recenziju %s
 issues.review.dismissed_label=Atmesta
 issues.review.left_comment=atstāja komentāru
@@ -1634,6 +1631,7 @@ issues.review.hide_resolved=Paslēpt atrisināto
 issues.review.resolve_conversation=Atrisināt sarunu
 issues.review.un_resolve_conversation=Atcelt sarunas atrisinājumu
 issues.review.resolved_by=atzīmēja sarunu kā atrisinātu
+issues.review.commented=Komentēt
 issues.assignee.error=Ne visi atbildīgie tika pievienoti, jo radās neparedzēta kļūda.
 issues.reference_issue.body=Saturs
 issues.content_history.deleted=dzēsts
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index 5de274da2bd..5ed3417b4a7 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -134,8 +134,6 @@ filter.private=Prive
 
 [error]
 occurred=Er is een fout opgetreden
-missing_csrf=Foutief verzoek: geen CSRF-token aanwezig
-invalid_csrf=Verkeerd verzoek: ongeldig CSRF-token
 not_found=Het doel kon niet worden gevonden.
 network_error=Netwerk fout
 
@@ -1328,7 +1326,6 @@ issues.dependency.add_error_dep_not_same_repo=Beide kwesties moeten in dezelfde
 issues.review.self.approval=Je kan je eigen pull-aanvraag niet goedkeuren.
 issues.review.self.rejection=Je kan geen wijzigingen aanvragen op je eigen pull-aanvraag.
 issues.review.approve=heeft deze veranderingen %s goedgekeurd
-issues.review.comment=Opmerking
 issues.review.dismissed=%s's beoordeling afgewezen %s
 issues.review.dismissed_label=Afgewezen
 issues.review.left_comment=heeft een reactie achtergelaten
@@ -1349,6 +1346,7 @@ issues.review.hide_resolved=Verbergen afgehandeld
 issues.review.resolve_conversation=Gesprek oplossen
 issues.review.un_resolve_conversation=Gesprek niet oplossen
 issues.review.resolved_by=markeerde dit gesprek als opgelost
+issues.review.commented=Opmerking
 issues.assignee.error=Niet alle aangewezen personen zijn toegevoegd vanwege een onverwachte fout.
 issues.reference_issue.body=Inhoud
 issues.content_history.deleted=verwijderd
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index 88e54fc3be0..911a4b9e0ef 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -131,8 +131,6 @@ filter.private=Prywatne
 
 [error]
 occurred=Wystąpił błąd
-missing_csrf=Błędne żądanie: brak tokenu CSRF
-invalid_csrf=Błędne żądanie: nieprawidłowy token CSRF
 not_found=Nie można odnaleźć celu.
 network_error=Błąd sieci
 
@@ -1220,7 +1218,6 @@ issues.dependency.add_error_dep_not_same_repo=Oba zgłoszenia muszą być w tym
 issues.review.self.approval=Nie możesz zatwierdzić swojego własnego Pull Requesta.
 issues.review.self.rejection=Nie możesz zażądać zmian w swoim własnym Pull Requeście.
 issues.review.approve=zatwierdza te zmiany %s
-issues.review.comment=Skomentuj
 issues.review.dismissed_label=Odrzucony
 issues.review.left_comment=zostawił komentarz
 issues.review.content.empty=Musisz pozostawić komentarz o pożądanej zmianie/zmianach.
@@ -1240,6 +1237,7 @@ issues.review.hide_resolved=Ukryj rozwiązane
 issues.review.resolve_conversation=Rozwiąż dyskusję
 issues.review.un_resolve_conversation=Oznacz dyskusję jako nierozstrzygniętą
 issues.review.resolved_by=oznaczył(-a) tę rozmowę jako rozwiązaną
+issues.review.commented=Skomentuj
 issues.assignee.error=Nie udało się dodać wszystkich wybranych osób do przypisanych przez nieoczekiwany błąd.
 issues.reference_issue.body=Treść
 issues.content_history.edited=edytowano
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index e172aa0a01e..6f4f710d7f0 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -184,8 +184,6 @@ string.desc=Z - A
 
 [error]
 occurred=Ocorreu um erro
-missing_csrf=Pedido inválido: não tem token CSRF presente
-invalid_csrf=Requisição Inválida: token CSRF inválido
 not_found=Não foi possível encontrar o destino.
 network_error=Erro de rede
 
@@ -1599,7 +1597,6 @@ issues.dependency.add_error_dep_not_same_repo=Ambas as issues devem estar no mes
 issues.review.self.approval=Você não pode aprovar o seu próprio pull request.
 issues.review.self.rejection=Você não pode solicitar alterações em seu próprio pull request.
 issues.review.approve=aprovou estas alterações %s
-issues.review.comment=Comentar
 issues.review.dismissed=rejeitou a revisão de %s %s
 issues.review.dismissed_label=Rejeitada
 issues.review.left_comment=deixou um comentário
@@ -1624,6 +1621,7 @@ issues.review.hide_resolved=Ocultar resolvidas
 issues.review.resolve_conversation=Resolver conversa
 issues.review.un_resolve_conversation=Conversa não resolvida
 issues.review.resolved_by=marcou esta conversa como resolvida
+issues.review.commented=Comentar
 issues.assignee.error=Nem todos os responsáveis foram adicionados devido a um erro inesperado.
 issues.reference_issue.body=Conteúdo
 issues.content_history.deleted=excluído
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index d33cddeaf76..4ddd54e3bff 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -178,6 +178,8 @@ code_search_by_git_grep=Os resultados da pesquisa no código-fonte neste momento
 package_kind=Pesquisar pacotes...
 project_kind=Pesquisar planeamentos...
 branch_kind=Pesquisar ramos...
+tag_kind=Pesquisar etiquetas...
+tag_tooltip=Pesquisar etiquetas correspondentes. Use '%' para corresponder a qualquer sequência de números.
 commit_kind=Pesquisar cometimentos...
 runner_kind=Pesquisar executores...
 no_results=Não foram encontrados resultados correspondentes.
@@ -220,8 +222,6 @@ string.desc=Z - A
 [error]
 occurred=Ocorreu um erro
 report_message=Se acredita tratar-se de um erro do Gitea, procure questões relacionadas no <a href="%s">GitHub</a> ou abra uma nova questão, se necessário.
-missing_csrf=Pedido inválido: não há código CSRF
-invalid_csrf=Pedido inválido: código CSRF inválido
 not_found=Não foi possível encontrar o destino.
 network_error=Erro de rede
 
@@ -1731,7 +1731,6 @@ issues.dependency.add_error_dep_not_same_repo=Ambas as questões têm que estar
 issues.review.self.approval=Não pode aprovar o seu próprio pedido de integração.
 issues.review.self.rejection=Não pode solicitar modificações sobre o seu próprio pedido de integração.
 issues.review.approve=aprovou estas modificações %s
-issues.review.comment=Comentar
 issues.review.dismissed=descartou a revisão de %s %s
 issues.review.dismissed_label=Descartada
 issues.review.left_comment=deixou um comentário
@@ -1756,6 +1755,7 @@ issues.review.hide_resolved=Ocultar os concluídos
 issues.review.resolve_conversation=Passar diálogo ao estado de resolvido
 issues.review.un_resolve_conversation=Passar diálogo ao estado de não resolvido
 issues.review.resolved_by=marcou este diálogo como estando concluído
+issues.review.commented=Comentar
 issues.review.official=Aprovada
 issues.review.requested=Revisão pendente
 issues.review.rejected=Modificações solicitadas
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 20e82273cb5..03c6e2d073f 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -182,8 +182,6 @@ string.desc=Я - А
 
 [error]
 occurred=Произошла ошибка
-missing_csrf=Некорректный запрос: отсутствует токен CSRF
-invalid_csrf=Некорректный запрос: неверный токен CSRF
 not_found=Цель не найдена.
 network_error=Ошибка сети
 
@@ -1578,7 +1576,6 @@ issues.dependency.add_error_dep_not_same_repo=Обе задачи должны 
 issues.review.self.approval=Вы не можете одобрить собственный запрос на слияние.
 issues.review.self.rejection=Невозможно запрашивать изменения своего запроса на слияние.
 issues.review.approve=одобрил(а) эти изменения %s
-issues.review.comment=Комментировать
 issues.review.dismissed=отклонен отзыв %s %s
 issues.review.dismissed_label=Отклонено
 issues.review.left_comment=оставил комментарий
@@ -1602,6 +1599,7 @@ issues.review.hide_resolved=Скрыть разрешенные
 issues.review.resolve_conversation=Покинуть диалог
 issues.review.un_resolve_conversation=Незавершённый разговор
 issues.review.resolved_by=пометить этот разговор как разрешённый
+issues.review.commented=Комментировать
 issues.assignee.error=Не все назначения были добавлены из-за непредвиденной ошибки.
 issues.reference_issue.body=Тело
 issues.content_history.deleted=удалено
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index 077a4014e80..c9521d80f88 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -118,7 +118,6 @@ filter.private=පෞද්ගලික
 [filter]
 
 [error]
-missing_csrf=නරක ඉල්ලීම: CSRF ටෝකන් නොමැත
 
 [startpage]
 app_desc=වේදනාකාරී, ස්වයං-සත්කාරක Git සේවාවක්
@@ -1200,7 +1199,6 @@ issues.dependency.add_error_dep_not_same_repo=මෙම ගැටළු දෙ
 issues.review.self.approval=ඔබ ඔබේ ම අදින්න ඉල්ලීම අනුමත කළ නොහැක.
 issues.review.self.rejection=ඔබ ඔබේ ම අදින්න ඉල්ලීම මත වෙනස්කම් ඉල්ලා සිටිය නොහැක.
 issues.review.approve=මෙම වෙනස්කම් අනුමත %s
-issues.review.comment=අදහස
 issues.review.dismissed=%sහි සමාලෝචනය %sප්රතික්ෂේප කරන ලද
 issues.review.dismissed_label=බැහැර
 issues.review.left_comment=අදහසක් හැරගියා
@@ -1221,6 +1219,7 @@ issues.review.hide_resolved=විසඳා සඟවන්න
 issues.review.resolve_conversation=සංවාදය විසඳන්න
 issues.review.un_resolve_conversation=නොවිසඳිය හැකි සංවාදය
 issues.review.resolved_by=මෙම සංවාදය විසඳා ඇති පරිදි සලකුණු කර ඇත
+issues.review.commented=අදහස
 issues.assignee.error=අනපේක්ෂිත දෝෂයක් හේතුවෙන් සියලුම ඇසිග්නස් එකතු නොකළේය.
 issues.reference_issue.body=ශරීරය
 issues.content_history.deleted=මකා දැමූ
diff --git a/options/locale/locale_sk-SK.ini b/options/locale/locale_sk-SK.ini
index d27dfa83bc3..484fa320fa9 100644
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@@ -181,8 +181,6 @@ string.desc=Z - A
 
 [error]
 occurred=Vyskytla sa chyba
-missing_csrf=Nesprávna žiadosť: neprítomný CSFR token
-invalid_csrf=Nesprávna žiadosť: nesprávny CSFR token
 not_found=Nebolo možné nájsť cieľ.
 network_error=Chyba siete
 
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 34c70ab422a..459b7045067 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -1039,7 +1039,6 @@ issues.dependency.add_error_dep_not_same_repo=Båda ärendena måste vara i samm
 issues.review.self.approval=Du kan inte godkänna din egen pull-begäran.
 issues.review.self.rejection=Du kan inte begära ändringar för din egna pull-förfrågan.
 issues.review.approve=godkände dessa ändringar %s
-issues.review.comment=Kommentar
 issues.review.left_comment=lämnade en kommentar
 issues.review.content.empty=Du måste skriva en kommentar som anger de önskade ändringarna.
 issues.review.reject=begärda ändringar %s
@@ -1056,6 +1055,7 @@ issues.review.show_resolved=Visa löst
 issues.review.hide_resolved=Dölj löst
 issues.review.resolve_conversation=Lös konversation
 issues.review.resolved_by=markerade denna konversation som löst
+issues.review.commented=Kommentar
 issues.assignee.error=Inte alla tilldelade har lagts till på grund av ett oväntat fel.
 issues.content_history.options=Alternativ
 
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index d388e79c27e..7ef6c1d35e1 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -218,8 +218,6 @@ string.desc=Z - A
 
 [error]
 occurred=Bir hata oluştu
-missing_csrf=Hatalı İstek: CSRF anahtarı yok
-invalid_csrf=Hatalı İstek: geçersiz CSRF erişim anahtarı
 not_found=Hedef bulunamadı.
 network_error=Ağ hatası
 
@@ -1704,7 +1702,6 @@ issues.dependency.add_error_dep_not_same_repo=Her iki konu da aynı depoda olmal
 issues.review.self.approval=Kendi değişiklik isteğinizi onaylayamazsınız.
 issues.review.self.rejection=Kendi değişiklik isteğinizde değişiklik isteyemezsiniz.
 issues.review.approve=%s bu değişiklikleri onayladı
-issues.review.comment=Yorum Yap
 issues.review.dismissed=%s incelemesini %s reddetti
 issues.review.dismissed_label=Reddedildi
 issues.review.left_comment=bir yorum yaptı
@@ -1729,6 +1726,7 @@ issues.review.hide_resolved=Çözülenleri gizle
 issues.review.resolve_conversation=Konuşmayı çöz
 issues.review.un_resolve_conversation=Konuşmayı çözme
 issues.review.resolved_by=bu konuşmayı çözümlenmiş olarak işaretledi
+issues.review.commented=Yorum Yap
 issues.assignee.error=Beklenmeyen bir hata nedeniyle tüm atananlar eklenmedi.
 issues.reference_issue.body=Gövde
 issues.content_history.deleted=silindi
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index b8b7a290379..129ab1b7f5c 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -120,7 +120,6 @@ filter.private=Приватний
 
 [error]
 occurred=Сталася помилка
-missing_csrf=Некоректний запит: токен CSRF не задано
 network_error=Помилка мережі
 
 [startpage]
@@ -1245,7 +1244,6 @@ issues.dependency.add_error_dep_not_same_repo=Обидві задачі пови
 issues.review.self.approval=Ви не можете схвалити власний пулл-реквест.
 issues.review.self.rejection=Ви не можете надіслати запит на зміну на власний пулл-реквест.
 issues.review.approve=зміни затверджено %s
-issues.review.comment=Коментар
 issues.review.dismissed=відхилено відгук %s %s
 issues.review.dismissed_label=Відхилено
 issues.review.left_comment=додав коментар
@@ -1266,6 +1264,7 @@ issues.review.hide_resolved=Приховати вирішене
 issues.review.resolve_conversation=Завершити обговорення
 issues.review.un_resolve_conversation=Поновити обговорення
 issues.review.resolved_by=позначив обговорення завершеним
+issues.review.commented=Коментар
 issues.assignee.error=Додано не всіх виконавців через непередбачену помилку.
 issues.reference_issue.body=Тіло
 issues.content_history.deleted=видалено
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 8fe44e6009f..2827a8cd35b 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -217,8 +217,6 @@ string.desc=Z - A
 
 [error]
 occurred=发生了一个错误
-missing_csrf=错误的请求：没有 CSRF 令牌
-invalid_csrf=错误的请求：无效的 CSRF 令牌
 not_found=找不到目标。
 network_error=网络错误
 
@@ -1692,7 +1690,6 @@ issues.dependency.add_error_dep_not_same_repo=这两个工单必须在同一仓
 issues.review.self.approval=您不能批准您自己的合并请求。
 issues.review.self.rejection=您不能请求对您自己的合并请求进行更改。
 issues.review.approve=于 %s 批准此合并请求
-issues.review.comment=评论
 issues.review.dismissed=于 %[2]s 取消了 %[1]s 的评审
 issues.review.dismissed_label=已取消
 issues.review.left_comment=留下了一条评论
@@ -1717,6 +1714,7 @@ issues.review.hide_resolved=隐藏已解决的
 issues.review.resolve_conversation=已解决问题
 issues.review.un_resolve_conversation=未解决问题
 issues.review.resolved_by=标记问题为已解决
+issues.review.commented=评论
 issues.assignee.error=因为未知原因，并非所有的指派都成功。
 issues.reference_issue.body=内容
 issues.content_history.deleted=删除于
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index 2eb03fa84c7..9406419e6bb 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -167,8 +167,6 @@ string.desc=Z - A
 
 [error]
 occurred=發生錯誤
-missing_csrf=錯誤的請求：未提供 CSRF token
-invalid_csrf=錯誤的請求：無效的 CSRF token
 not_found=找不到目標。
 network_error=網路錯誤
 
@@ -1467,7 +1465,6 @@ issues.dependency.add_error_dep_not_same_repo=這兩個問題必須在同一個
 issues.review.self.approval=您不能核可自己的合併請求。
 issues.review.self.rejection=您不能對自己的合併請求提出請求變更。
 issues.review.approve=核可了這些變更 %s
-issues.review.comment=留言
 issues.review.dismissed=取消 %s 的審核 %s
 issues.review.dismissed_label=已取消
 issues.review.left_comment=留下了回應
@@ -1488,6 +1485,7 @@ issues.review.hide_resolved=隱藏已解決
 issues.review.resolve_conversation=解決對話
 issues.review.un_resolve_conversation=取消解決對話
 issues.review.resolved_by=標記了此對話為已解決
+issues.review.commented=留言
 issues.assignee.error=因為未預期的錯誤，未能成功加入所有負責人。
 issues.reference_issue.body=內容
 issues.content_history.deleted=刪除

From 55d5a74bb3a992dd56152e2f5266c7fd883c1948 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Fri, 20 Sep 2024 00:29:58 +0000
Subject: [PATCH 090/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_pt-PT.ini | 1 +
 1 file changed, 1 insertion(+)

diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 4ddd54e3bff..199c4add084 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1731,6 +1731,7 @@ issues.dependency.add_error_dep_not_same_repo=Ambas as questões têm que estar
 issues.review.self.approval=Não pode aprovar o seu próprio pedido de integração.
 issues.review.self.rejection=Não pode solicitar modificações sobre o seu próprio pedido de integração.
 issues.review.approve=aprovou estas modificações %s
+issues.review.comment=reviu %s
 issues.review.dismissed=descartou a revisão de %s %s
 issues.review.dismissed_label=Descartada
 issues.review.left_comment=deixou um comentário

From 3b10fd9b3452d548ef116b27161b17f57a8e180c Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Fri, 20 Sep 2024 22:57:55 +0800
Subject: [PATCH 091/129] Only use Host header from reverse proxy (#32060)

X-Forwarded-Host has many problems: non-standard, not well-defined
(X-Forwarded-Port or not), conflicts with Host header, it already caused
problems like #31907. So do not use X-Forwarded-Host, just use Host
header directly.

Official document also only uses `Host` header and never mentioned
others.
---
 .github/workflows/pull-db-tests.yml |  3 ++-
 modules/httplib/url.go              | 13 +++----------
 modules/httplib/url_test.go         |  5 +++--
 3 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/pull-db-tests.yml b/.github/workflows/pull-db-tests.yml
index 246884f24b1..90804c0f0a3 100644
--- a/.github/workflows/pull-db-tests.yml
+++ b/.github/workflows/pull-db-tests.yml
@@ -201,7 +201,8 @@ jobs:
     runs-on: ubuntu-latest
     services:
       mssql:
-        image: mcr.microsoft.com/mssql/server:2017-latest
+        # some images before 2024-04 can't run on new kernels
+        image: mcr.microsoft.com/mssql/server:2019-latest
         env:
           ACCEPT_EULA: Y
           MSSQL_PID: Standard
diff --git a/modules/httplib/url.go b/modules/httplib/url.go
index 219dfe695c4..e3bad1e5fba 100644
--- a/modules/httplib/url.go
+++ b/modules/httplib/url.go
@@ -52,11 +52,6 @@ func getRequestScheme(req *http.Request) string {
 	return ""
 }
 
-func getForwardedHost(req *http.Request) string {
-	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
-	return req.Header.Get("X-Forwarded-Host")
-}
-
 // GuessCurrentAppURL tries to guess the current full app URL (with sub-path) by http headers. It always has a '/' suffix, exactly the same as setting.AppURL
 func GuessCurrentAppURL(ctx context.Context) string {
 	return GuessCurrentHostURL(ctx) + setting.AppSubURL + "/"
@@ -81,11 +76,9 @@ func GuessCurrentHostURL(ctx context.Context) string {
 	if reqScheme == "" {
 		return strings.TrimSuffix(setting.AppURL, setting.AppSubURL+"/")
 	}
-	reqHost := getForwardedHost(req)
-	if reqHost == "" {
-		reqHost = req.Host
-	}
-	return reqScheme + "://" + reqHost
+	// X-Forwarded-Host has many problems: non-standard, not well-defined (X-Forwarded-Port or not), conflicts with Host header.
+	// So do not use X-Forwarded-Host, just use Host header directly.
+	return reqScheme + "://" + req.Host
 }
 
 // MakeAbsoluteURL tries to make a link to an absolute URL:
diff --git a/modules/httplib/url_test.go b/modules/httplib/url_test.go
index 28aaee6e129..fc6c91cd3a3 100644
--- a/modules/httplib/url_test.go
+++ b/modules/httplib/url_test.go
@@ -70,7 +70,7 @@ func TestMakeAbsoluteURL(t *testing.T) {
 			"X-Forwarded-Proto": {"https"},
 		},
 	})
-	assert.Equal(t, "https://forwarded-host/foo", MakeAbsoluteURL(ctx, "/foo"))
+	assert.Equal(t, "https://user-host/foo", MakeAbsoluteURL(ctx, "/foo"))
 }
 
 func TestIsCurrentGiteaSiteURL(t *testing.T) {
@@ -119,5 +119,6 @@ func TestIsCurrentGiteaSiteURL(t *testing.T) {
 		},
 	})
 	assert.True(t, IsCurrentGiteaSiteURL(ctx, "http://localhost:3000"))
-	assert.True(t, IsCurrentGiteaSiteURL(ctx, "https://forwarded-host"))
+	assert.True(t, IsCurrentGiteaSiteURL(ctx, "https://user-host"))
+	assert.False(t, IsCurrentGiteaSiteURL(ctx, "https://forwarded-host"))
 }

From aa9faf825074110d31fc2c75a31880c98a48feb2 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Fri, 20 Sep 2024 17:27:19 +0200
Subject: [PATCH 092/129] Set manual `tabindex`es on login page (#31689)

Fixes https://github.com/go-gitea/gitea/issues/31686.

A more elborate manual tabindex numbering could be done, but I think
it's not really worth the extra effort and such stuff could easily break
during refactors.

Includes another small tweak to un-stretch the`<a>` element so it's only
as large as it needs to be and this change also made the margin
unneeded.
---
 templates/user/auth/signin_inner.tmpl | 12 +++++++-----
 web_src/css/form.css                  |  1 -
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/templates/user/auth/signin_inner.tmpl b/templates/user/auth/signin_inner.tmpl
index b0a52d2c64e..ec61e56f4db 100644
--- a/templates/user/auth/signin_inner.tmpl
+++ b/templates/user/auth/signin_inner.tmpl
@@ -14,20 +14,22 @@
 			{{.CsrfTokenHtml}}
 			<div class="required field {{if and (.Err_UserName) (or (not .LinkAccountMode) (and .LinkAccountMode .LinkAccountModeSignIn))}}error{{end}}">
 				<label for="user_name">{{ctx.Locale.Tr "home.uname_holder"}}</label>
-				<input id="user_name" type="text" name="user_name" value="{{.user_name}}" autofocus required>
+				<input id="user_name" type="text" name="user_name" value="{{.user_name}}" autofocus required tabindex="1">
 			</div>
 			{{if or (not .DisablePassword) .LinkAccountMode}}
 			<div class="required field {{if and (.Err_Password) (or (not .LinkAccountMode) (and .LinkAccountMode .LinkAccountModeSignIn))}}error{{end}} form-field-content-aside-label">
 				<label for="password">{{ctx.Locale.Tr "password"}}</label>
-				<a href="{{AppSubUrl}}/user/forgot_password">{{ctx.Locale.Tr "auth.forgot_password"}}</a>
-				<input id="password" name="password" type="password" value="{{.password}}" autocomplete="current-password" required>
+				<div>
+					<a href="{{AppSubUrl}}/user/forgot_password" tabindex="4">{{ctx.Locale.Tr "auth.forgot_password"}}</a>
+				</div>
+				<input id="password" name="password" type="password" value="{{.password}}" autocomplete="current-password" required tabindex="2">
 			</div>
 			{{end}}
 			{{if not .LinkAccountMode}}
 			<div class="inline field">
 				<div class="ui checkbox">
 					<label>{{ctx.Locale.Tr "auth.remember_me"}}</label>
-					<input name="remember" type="checkbox">
+					<input name="remember" type="checkbox" tabindex="5">
 				</div>
 			</div>
 			{{end}}
@@ -35,7 +37,7 @@
 			{{template "user/auth/captcha" .}}
 
 			<div class="field">
-				<button class="ui primary button tw-w-full">
+				<button class="ui primary button tw-w-full" tabindex="3">
 					{{if .LinkAccountMode}}
 						{{ctx.Locale.Tr "auth.oauth_signin_submit"}}
 					{{else}}
diff --git a/web_src/css/form.css b/web_src/css/form.css
index d2655d62b8b..5dd5e05bec7 100644
--- a/web_src/css/form.css
+++ b/web_src/css/form.css
@@ -456,7 +456,6 @@ textarea:focus,
 }
 .form-field-content-aside-label > *:nth-child(2) {
   text-align: right;
-  margin-bottom: 4px;
 }
 .form-field-content-aside-label input {
   grid-column: span 2;

From 08adbc468f8875fd4763c3656b334203c11adc0a Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Fri, 20 Sep 2024 21:00:39 +0200
Subject: [PATCH 093/129] Fix incorrect `/tokens` api (#32085)

Fixes #32078

- Add missing scopes output.
- Disallow empty scope.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
---
 routers/api/v1/user/app.go          |  5 +++++
 tests/integration/api_token_test.go | 31 ++++++++++-------------------
 2 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index 5c28dd878d2..9583bb548c7 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -118,6 +118,10 @@ func CreateAccessToken(ctx *context.APIContext) {
 		ctx.Error(http.StatusBadRequest, "AccessTokenScope.Normalize", fmt.Errorf("invalid access token scope provided: %w", err))
 		return
 	}
+	if scope == "" {
+		ctx.Error(http.StatusBadRequest, "AccessTokenScope", "access token must have a scope")
+		return
+	}
 	t.Scope = scope
 
 	if err := auth_model.NewAccessToken(ctx, t); err != nil {
@@ -129,6 +133,7 @@ func CreateAccessToken(ctx *context.APIContext) {
 		Token:          t.Token,
 		ID:             t.ID,
 		TokenLastEight: t.TokenLastEight,
+		Scopes:         t.Scope.StringSlice(),
 	})
 }
 
diff --git a/tests/integration/api_token_test.go b/tests/integration/api_token_test.go
index 9c7bf37330d..01d18ef6f16 100644
--- a/tests/integration/api_token_test.go
+++ b/tests/integration/api_token_test.go
@@ -23,10 +23,10 @@ func TestAPICreateAndDeleteToken(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 
-	newAccessToken := createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user, nil)
+	newAccessToken := createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll})
 	deleteAPIAccessToken(t, newAccessToken, user)
 
-	newAccessToken = createAPIAccessTokenWithoutCleanUp(t, "test-key-2", user, nil)
+	newAccessToken = createAPIAccessTokenWithoutCleanUp(t, "test-key-2", user, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll})
 	deleteAPIAccessToken(t, newAccessToken, user)
 }
 
@@ -72,19 +72,19 @@ func TestAPIDeleteTokensPermission(t *testing.T) {
 	user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
 
 	// admin can delete tokens for other users
-	createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user2, nil)
+	createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user2, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll})
 	req := NewRequest(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-1").
 		AddBasicAuth(admin.Name)
 	MakeRequest(t, req, http.StatusNoContent)
 
 	// non-admin can delete tokens for himself
-	createAPIAccessTokenWithoutCleanUp(t, "test-key-2", user2, nil)
+	createAPIAccessTokenWithoutCleanUp(t, "test-key-2", user2, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll})
 	req = NewRequest(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-2").
 		AddBasicAuth(user2.Name)
 	MakeRequest(t, req, http.StatusNoContent)
 
 	// non-admin can't delete tokens for other users
-	createAPIAccessTokenWithoutCleanUp(t, "test-key-3", user2, nil)
+	createAPIAccessTokenWithoutCleanUp(t, "test-key-3", user2, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll})
 	req = NewRequest(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-3").
 		AddBasicAuth(user4.Name)
 	MakeRequest(t, req, http.StatusForbidden)
@@ -520,7 +520,7 @@ func runTestCase(t *testing.T, testCase *requiredScopeTestCase, user *user_model
 			unauthorizedScopes = append(unauthorizedScopes, cateogoryUnauthorizedScopes...)
 		}
 
-		accessToken := createAPIAccessTokenWithoutCleanUp(t, "test-token", user, &unauthorizedScopes)
+		accessToken := createAPIAccessTokenWithoutCleanUp(t, "test-token", user, unauthorizedScopes)
 		defer deleteAPIAccessToken(t, accessToken, user)
 
 		// Request the endpoint.  Verify that permission is denied.
@@ -532,20 +532,12 @@ func runTestCase(t *testing.T, testCase *requiredScopeTestCase, user *user_model
 
 // createAPIAccessTokenWithoutCleanUp Create an API access token and assert that
 // creation succeeded.  The caller is responsible for deleting the token.
-func createAPIAccessTokenWithoutCleanUp(t *testing.T, tokenName string, user *user_model.User, scopes *[]auth_model.AccessTokenScope) api.AccessToken {
+func createAPIAccessTokenWithoutCleanUp(t *testing.T, tokenName string, user *user_model.User, scopes []auth_model.AccessTokenScope) api.AccessToken {
 	payload := map[string]any{
-		"name": tokenName,
-	}
-	if scopes != nil {
-		for _, scope := range *scopes {
-			scopes, scopesExists := payload["scopes"].([]string)
-			if !scopesExists {
-				scopes = make([]string, 0)
-			}
-			scopes = append(scopes, string(scope))
-			payload["scopes"] = scopes
-		}
+		"name":   tokenName,
+		"scopes": scopes,
 	}
+
 	log.Debug("Requesting creation of token with scopes: %v", scopes)
 	req := NewRequestWithJSON(t, "POST", "/api/v1/users/"+user.LoginName+"/tokens", payload).
 		AddBasicAuth(user.Name)
@@ -563,8 +555,7 @@ func createAPIAccessTokenWithoutCleanUp(t *testing.T, tokenName string, user *us
 	return newAccessToken
 }
 
-// createAPIAccessTokenWithoutCleanUp Delete an API access token and assert that
-// deletion succeeded.
+// deleteAPIAccessToken deletes an API access token and assert that deletion succeeded.
 func deleteAPIAccessToken(t *testing.T, accessToken api.AccessToken, user *user_model.User) {
 	req := NewRequestf(t, "DELETE", "/api/v1/users/"+user.LoginName+"/tokens/%d", accessToken.ID).
 		AddBasicAuth(user.Name)

From 8e2dd5d3ddfb442937c79f05df88d18b856952cb Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Sat, 21 Sep 2024 17:50:54 +0800
Subject: [PATCH 094/129] Use camo.Always instead of camo.Allways (#32097)

Fix #31575

https://gitea.com/gitea/docs/pulls/73
---
 custom/conf/app.example.ini |  3 ++-
 modules/markup/camo.go      |  2 +-
 modules/markup/camo_test.go |  2 +-
 modules/setting/camo.go     | 14 ++++++++++++--
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index a2dd92b1051..ad5d3e1abae 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -526,7 +526,8 @@ INTERNAL_TOKEN =
 ;; HMAC to encode urls with, it **is required** if camo is enabled.
 ;HMAC_KEY =
 ;; Set to true to use camo for https too lese only non https urls are proxyed
-;ALLWAYS = false
+;; ALLWAYS is deprecated and will be removed in the future
+;ALWAYS = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/modules/markup/camo.go b/modules/markup/camo.go
index e93797de2ba..7e2583469d3 100644
--- a/modules/markup/camo.go
+++ b/modules/markup/camo.go
@@ -38,7 +38,7 @@ func camoHandleLink(link string) string {
 	if setting.Camo.Enabled {
 		lnkURL, err := url.Parse(link)
 		if err == nil && lnkURL.IsAbs() && !strings.HasPrefix(link, setting.AppURL) &&
-			(setting.Camo.Allways || lnkURL.Scheme != "https") {
+			(setting.Camo.Always || lnkURL.Scheme != "https") {
 			return CamoEncode(link)
 		}
 	}
diff --git a/modules/markup/camo_test.go b/modules/markup/camo_test.go
index ba58835221b..3c5d40afa07 100644
--- a/modules/markup/camo_test.go
+++ b/modules/markup/camo_test.go
@@ -28,7 +28,7 @@ func TestCamoHandleLink(t *testing.T) {
 		"https://image.proxy/eivin43gJwGVIjR9MiYYtFIk0mw/aHR0cDovL3Rlc3RpbWFnZXMub3JnL2ltZy5qcGc",
 		camoHandleLink("http://testimages.org/img.jpg"))
 
-	setting.Camo.Allways = true
+	setting.Camo.Always = true
 	assert.Equal(t,
 		"https://gitea.com/img.jpg",
 		camoHandleLink("https://gitea.com/img.jpg"))
diff --git a/modules/setting/camo.go b/modules/setting/camo.go
index 366e9a116cd..608ecf8363c 100644
--- a/modules/setting/camo.go
+++ b/modules/setting/camo.go
@@ -3,18 +3,28 @@
 
 package setting
 
-import "code.gitea.io/gitea/modules/log"
+import (
+	"strconv"
+
+	"code.gitea.io/gitea/modules/log"
+)
 
 var Camo = struct {
 	Enabled   bool
 	ServerURL string `ini:"SERVER_URL"`
 	HMACKey   string `ini:"HMAC_KEY"`
-	Allways   bool
+	Always    bool
 }{}
 
 func loadCamoFrom(rootCfg ConfigProvider) {
 	mustMapSetting(rootCfg, "camo", &Camo)
 	if Camo.Enabled {
+		oldValue := rootCfg.Section("camo").Key("ALLWAYS").MustString("")
+		if oldValue != "" {
+			log.Warn("camo.ALLWAYS is deprecated, use camo.ALWAYS instead")
+			Camo.Always, _ = strconv.ParseBool(oldValue)
+		}
+
 		if Camo.ServerURL == "" || Camo.HMACKey == "" {
 			log.Fatal(`Camo settings require "SERVER_URL" and HMAC_KEY`)
 		}

From f58a43f60a623c5d45942b92efa25cad7f4040bb Mon Sep 17 00:00:00 2001
From: Anbraten <6918444+anbraten@users.noreply.github.com>
Date: Sat, 21 Sep 2024 20:26:36 +0200
Subject: [PATCH 095/129] Count typescript files as frontend for labeling
 (#32088)

---
 .github/labeler.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/labeler.yml b/.github/labeler.yml
index 265616baed4..46efbcb1949 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -70,10 +70,11 @@ modifies/go:
       - any-glob-to-any-file:
           - "**/*.go"
 
-modifies/js:
+modifies/frontend:
   - changed-files:
       - any-glob-to-any-file:
           - "**/*.js"
+          - "**/*.ts"
           - "**/*.vue"
 
 docs-update-needed:

From ebfde845294cc681de6b1fe1adcf27e35f61b89b Mon Sep 17 00:00:00 2001
From: Timon van der Berg <tmnvanderberg@gmail.com>
Date: Sat, 21 Sep 2024 20:57:01 +0200
Subject: [PATCH 096/129] Repo Activity: count new issues that were closed
 (#31776)

I'm new to go and contributing to gitea, your guidance is much
appreciated.

This is meant to solve https://github.com/go-gitea/gitea/issues/13309

Previously, closed issues would not be shown under new issues in the
activity tab, even if they were newly created.

changes:
* Split out newlyCreatedIssues from issuesForActivityStatement to count
  both currently open and closed issues.
* Use a seperate function to count active issues to prevent
double-counting issues after the above change.

Result is that new issues that have been closed are shown both under
"new" and "closed".

Signed-off-by: Timon van der Berg <tmnvanderberg@gmail.com>
---
 models/activities/repo_activity.go | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/models/activities/repo_activity.go b/models/activities/repo_activity.go
index ba5e4959f0d..3ffad035b7a 100644
--- a/models/activities/repo_activity.go
+++ b/models/activities/repo_activity.go
@@ -34,6 +34,7 @@ type ActivityStats struct {
 	OpenedPRAuthorCount         int64
 	MergedPRs                   issues_model.PullRequestList
 	MergedPRAuthorCount         int64
+	ActiveIssues                issues_model.IssueList
 	OpenedIssues                issues_model.IssueList
 	OpenedIssueAuthorCount      int64
 	ClosedIssues                issues_model.IssueList
@@ -172,7 +173,7 @@ func (stats *ActivityStats) MergedPRPerc() int {
 
 // ActiveIssueCount returns total active issue count
 func (stats *ActivityStats) ActiveIssueCount() int {
-	return stats.OpenedIssueCount() + stats.ClosedIssueCount()
+	return len(stats.ActiveIssues)
 }
 
 // OpenedIssueCount returns open issue count
@@ -285,13 +286,21 @@ func (stats *ActivityStats) FillIssues(ctx context.Context, repoID int64, fromTi
 	stats.ClosedIssueAuthorCount = count
 
 	// New issues
-	sess = issuesForActivityStatement(ctx, repoID, fromTime, false, false)
+	sess = newlyCreatedIssues(ctx, repoID, fromTime)
 	sess.OrderBy("issue.created_unix ASC")
 	stats.OpenedIssues = make(issues_model.IssueList, 0)
 	if err = sess.Find(&stats.OpenedIssues); err != nil {
 		return err
 	}
 
+	// Active issues
+	sess = activeIssues(ctx, repoID, fromTime)
+	sess.OrderBy("issue.created_unix ASC")
+	stats.ActiveIssues = make(issues_model.IssueList, 0)
+	if err = sess.Find(&stats.ActiveIssues); err != nil {
+		return err
+	}
+
 	// Opened issue authors
 	sess = issuesForActivityStatement(ctx, repoID, fromTime, false, false)
 	if _, err = sess.Select("count(distinct issue.poster_id) as `count`").Table("issue").Get(&count); err != nil {
@@ -317,6 +326,23 @@ func (stats *ActivityStats) FillUnresolvedIssues(ctx context.Context, repoID int
 	return sess.Find(&stats.UnresolvedIssues)
 }
 
+func newlyCreatedIssues(ctx context.Context, repoID int64, fromTime time.Time) *xorm.Session {
+	sess := db.GetEngine(ctx).Where("issue.repo_id = ?", repoID).
+		And("issue.is_pull = ?", false).                // Retain the is_pull check to exclude pull requests
+		And("issue.created_unix >= ?", fromTime.Unix()) // Include all issues created after fromTime
+
+	return sess
+}
+
+func activeIssues(ctx context.Context, repoID int64, fromTime time.Time) *xorm.Session {
+	sess := db.GetEngine(ctx).Where("issue.repo_id = ?", repoID).
+		And("issue.is_pull = ?", false).
+		And("issue.created_unix >= ?", fromTime.Unix()).
+		Or("issue.closed_unix >= ?", fromTime.Unix())
+
+	return sess
+}
+
 func issuesForActivityStatement(ctx context.Context, repoID int64, fromTime time.Time, closed, unresolved bool) *xorm.Session {
 	sess := db.GetEngine(ctx).Where("issue.repo_id = ?", repoID).
 		And("issue.is_closed = ?", closed)

From 5de41737a5d9337cc5b8416b63b2972366c62102 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Sun, 22 Sep 2024 03:26:45 +0800
Subject: [PATCH 097/129] Fix upload maven pacakge parallelly (#31851)

Use globallock for maven package uploads.

Thanks @tlusser for the test code.

Depends on ~#31813~
---
 routers/api/packages/maven/maven.go          | 13 ++++++++
 tests/integration/api_packages_maven_test.go | 33 ++++++++++++++++++++
 2 files changed, 46 insertions(+)

diff --git a/routers/api/packages/maven/maven.go b/routers/api/packages/maven/maven.go
index 1486e83c57d..07e34da8e2d 100644
--- a/routers/api/packages/maven/maven.go
+++ b/routers/api/packages/maven/maven.go
@@ -20,6 +20,7 @@ import (
 	"strings"
 
 	packages_model "code.gitea.io/gitea/models/packages"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	packages_module "code.gitea.io/gitea/modules/packages"
@@ -223,6 +224,10 @@ func servePackageFile(ctx *context.Context, params parameters, serveContent bool
 	helper.ServePackageFile(ctx, s, u, pf, opts)
 }
 
+func mavenPkgNameKey(packageName string) string {
+	return "pkg_maven_" + packageName
+}
+
 // UploadPackageFile adds a file to the package. If the package does not exist, it gets created.
 func UploadPackageFile(ctx *context.Context) {
 	params, err := extractPathParameters(ctx)
@@ -241,6 +246,14 @@ func UploadPackageFile(ctx *context.Context) {
 
 	packageName := params.GroupID + "-" + params.ArtifactID
 
+	// for the same package, only one upload at a time
+	releaser, err := globallock.Lock(ctx, mavenPkgNameKey(packageName))
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+	defer releaser()
+
 	buf, err := packages_module.CreateHashedBufferFromReader(ctx.Req.Body)
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
diff --git a/tests/integration/api_packages_maven_test.go b/tests/integration/api_packages_maven_test.go
index 0466a727b25..e54238858c2 100644
--- a/tests/integration/api_packages_maven_test.go
+++ b/tests/integration/api_packages_maven_test.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"strconv"
 	"strings"
+	"sync"
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
@@ -252,3 +253,35 @@ func TestPackageMaven(t *testing.T) {
 		assert.True(t, test.IsNormalPageCompleted(resp.Body.String()))
 	})
 }
+
+func TestPackageMavenConcurrent(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	groupID := "com.gitea"
+	artifactID := "test-project"
+	packageVersion := "1.0.1"
+
+	root := fmt.Sprintf("/api/packages/%s/maven/%s/%s", user.Name, strings.ReplaceAll(groupID, ".", "/"), artifactID)
+
+	putFile := func(t *testing.T, path, content string, expectedStatus int) {
+		req := NewRequestWithBody(t, "PUT", root+path, strings.NewReader(content)).
+			AddBasicAuth(user.Name)
+		MakeRequest(t, req, expectedStatus)
+	}
+
+	t.Run("Concurrent Upload", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		var wg sync.WaitGroup
+		for i := 0; i < 10; i++ {
+			wg.Add(1)
+			go func(i int) {
+				putFile(t, fmt.Sprintf("/%s/%s.jar", packageVersion, strconv.Itoa(i)), "test", http.StatusCreated)
+				wg.Done()
+			}(i)
+		}
+		wg.Wait()
+	})
+}

From a802508f88e546bf18990559e44bf27a09c869ee Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Sun, 22 Sep 2024 05:56:25 +0800
Subject: [PATCH 098/129] Fix wrong last modify time (#32102)

---
 modules/httpcache/httpcache.go      | 3 ++-
 modules/httplib/serve.go            | 1 +
 routers/api/packages/maven/maven.go | 4 +++-
 routers/web/repo/githttp.go         | 3 ++-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/modules/httpcache/httpcache.go b/modules/httpcache/httpcache.go
index 40458dfc336..2c9af944055 100644
--- a/modules/httpcache/httpcache.go
+++ b/modules/httpcache/httpcache.go
@@ -75,7 +75,8 @@ func HandleGenericETagTimeCache(req *http.Request, w http.ResponseWriter, etag s
 		w.Header().Set("Etag", etag)
 	}
 	if lastModified != nil && !lastModified.IsZero() {
-		w.Header().Set("Last-Modified", lastModified.Format(http.TimeFormat))
+		// http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat
+		w.Header().Set("Last-Modified", lastModified.UTC().Format(http.TimeFormat))
 	}
 
 	if len(etag) > 0 {
diff --git a/modules/httplib/serve.go b/modules/httplib/serve.go
index 6e147d76f51..2e3e6a7c423 100644
--- a/modules/httplib/serve.go
+++ b/modules/httplib/serve.go
@@ -79,6 +79,7 @@ func ServeSetHeaders(w http.ResponseWriter, opts *ServeHeaderOptions) {
 	httpcache.SetCacheControlInHeader(header, duration)
 
 	if !opts.LastModified.IsZero() {
+		// http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat
 		header.Set("Last-Modified", opts.LastModified.UTC().Format(http.TimeFormat))
 	}
 }
diff --git a/routers/api/packages/maven/maven.go b/routers/api/packages/maven/maven.go
index 07e34da8e2d..343705990a0 100644
--- a/routers/api/packages/maven/maven.go
+++ b/routers/api/packages/maven/maven.go
@@ -115,7 +115,9 @@ func serveMavenMetadata(ctx *context.Context, params parameters) {
 	xmlMetadataWithHeader := append([]byte(xml.Header), xmlMetadata...)
 
 	latest := pds[len(pds)-1]
-	ctx.Resp.Header().Set("Last-Modified", latest.Version.CreatedUnix.Format(http.TimeFormat))
+	// http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat
+	lastModifed := latest.Version.CreatedUnix.AsTime().UTC().Format(http.TimeFormat)
+	ctx.Resp.Header().Set("Last-Modified", lastModifed)
 
 	ext := strings.ToLower(filepath.Ext(params.Filename))
 	if isChecksumExtension(ext) {
diff --git a/routers/web/repo/githttp.go b/routers/web/repo/githttp.go
index bb85df1a868..ee1ec1fd0c7 100644
--- a/routers/web/repo/githttp.go
+++ b/routers/web/repo/githttp.go
@@ -395,7 +395,8 @@ func (h *serviceHandler) sendFile(ctx *context.Context, contentType, file string
 
 	ctx.Resp.Header().Set("Content-Type", contentType)
 	ctx.Resp.Header().Set("Content-Length", fmt.Sprintf("%d", fi.Size()))
-	ctx.Resp.Header().Set("Last-Modified", fi.ModTime().Format(http.TimeFormat))
+	// http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat
+	ctx.Resp.Header().Set("Last-Modified", fi.ModTime().UTC().Format(http.TimeFormat))
 	http.ServeFile(ctx.Resp, ctx.Req, reqFile)
 }
 

From d351a42494e71b5e2da63302c2f9b46c78e6dbde Mon Sep 17 00:00:00 2001
From: Jamie Schouten <j4mie@hey.com>
Date: Sun, 22 Sep 2024 00:42:17 +0200
Subject: [PATCH 099/129] Add bin to Composer Metadata (#32099)

This PR addresses the missing `bin` field in Composer metadata, which
currently causes vendor-provided binaries to not be symlinked to
`vendor/bin` during installation.

In the current implementation, running `composer install` does not
publish the binaries, leading to issues where expected binaries are not
available.

By properly declaring the `bin` field, this PR ensures that binaries are
correctly symlinked upon installation, as described in the [Composer
documentation](https://getcomposer.org/doc/articles/vendor-binaries.md).
---
 modules/packages/composer/metadata.go           | 1 +
 tests/integration/api_packages_composer_test.go | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/packages/composer/metadata.go b/modules/packages/composer/metadata.go
index 2c2e9ebf27c..6035eae8ca4 100644
--- a/modules/packages/composer/metadata.go
+++ b/modules/packages/composer/metadata.go
@@ -48,6 +48,7 @@ type Metadata struct {
 	Homepage    string            `json:"homepage,omitempty"`
 	License     Licenses          `json:"license,omitempty"`
 	Authors     []Author          `json:"authors,omitempty"`
+	Bin         []string          `json:"bin,omitempty"`
 	Autoload    map[string]any    `json:"autoload,omitempty"`
 	AutoloadDev map[string]any    `json:"autoload-dev,omitempty"`
 	Extra       map[string]any    `json:"extra,omitempty"`
diff --git a/tests/integration/api_packages_composer_test.go b/tests/integration/api_packages_composer_test.go
index 6e0d2eee1b3..51b047ab41a 100644
--- a/tests/integration/api_packages_composer_test.go
+++ b/tests/integration/api_packages_composer_test.go
@@ -36,6 +36,7 @@ func TestPackageComposer(t *testing.T) {
 	packageType := "composer-plugin"
 	packageAuthor := "Gitea Authors"
 	packageLicense := "MIT"
+	packageBin := "./bin/script"
 
 	var buf bytes.Buffer
 	archive := zip.NewWriter(&buf)
@@ -49,6 +50,9 @@ func TestPackageComposer(t *testing.T) {
 			{
 				"name": "` + packageAuthor + `"
 			}
+		],
+		"bin": [
+			"` + packageBin + `"
 		]
 	}`))
 	archive.Close()
@@ -210,6 +214,8 @@ func TestPackageComposer(t *testing.T) {
 		assert.Len(t, pkgs[0].Authors, 1)
 		assert.Equal(t, packageAuthor, pkgs[0].Authors[0].Name)
 		assert.Equal(t, "zip", pkgs[0].Dist.Type)
-		assert.Equal(t, "7b40bfd6da811b2b78deec1e944f156dbb2c747b", pkgs[0].Dist.Checksum)
+		assert.Equal(t, "4f5fa464c3cb808a1df191dbf6cb75363f8b7072", pkgs[0].Dist.Checksum)
+		assert.Len(t, pkgs[0].Bin, 1)
+		assert.Equal(t, packageBin, pkgs[0].Bin[0])
 	})
 }

From 74f2ee31248ccdd66218c89fafa7f91a1e1dc58a Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Sun, 22 Sep 2024 00:33:39 +0000
Subject: [PATCH 100/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_ja-JP.ini | 45 +++++++++++++++++++++++++++++++--
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 3edf68e9437..48f241f7b85 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -218,16 +218,20 @@ string.desc=Z - A
 
 [error]
 occurred=エラーが発生しました
+report_message=Gitea のバグが疑われる場合は、<a href="%s" target="_blank">GitHub</a>でIssueを検索して、見つからなければ新しいIssueを作成してください。
 not_found=ターゲットが見つかりませんでした。
 network_error=ネットワークエラー
 
 [startpage]
 app_desc=自分で立てる、超簡単 Git サービス
 install=簡単インストール
+install_desc=シンプルに、プラットフォームに応じて<a target="_blank" rel="noopener noreferrer" href="%[1]s">バイナリを実行</a>したり、<a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>で動かしたり、<a target="_blank" rel="noopener noreferrer" href="%[3]s">パッケージ</a>を使うだけ。
 platform=クロスプラットフォーム
+platform_desc=Giteaは<a target="_blank" rel="noopener noreferrer" href="%s">Go</a>がコンパイル可能なあらゆる環境で動きます: Windows、macOS、Linux、ARMなど。 あなたの好きなものを選んでください!
 lightweight=軽量
 lightweight_desc=Gitea の最小動作要件は小さいため、安価な Raspberry Pi でも動きます。エネルギーを節約しましょう!
 license=オープンソース
+license_desc=Go get <a target="_blank" rel="noopener noreferrer" href="%[1]s">%[2]s</a>! このプロジェクトをさらに向上させるため、ぜひ<a target="_blank" rel="noopener noreferrer" href="%[3]s">貢献</a>して参加してください。 貢献者になることを恥ずかしがらないで!
 
 [install]
 install=インストール
@@ -450,6 +454,7 @@ authorize_title=`"%s"にあなたのアカウントへのアクセスを許可
 authorization_failed=認可失敗
 authorization_failed_desc=無効なリクエストを検出したため認可が失敗しました。 認可しようとしたアプリの開発者に連絡してください。
 sspi_auth_failed=SSPI認証に失敗しました
+password_pwned=あなたが選択したパスワードは、過去の情報漏洩事件で流出した<a target="_blank" rel="noopener noreferrer" href="%s">盗まれたパスワードのリスト</a>に含まれています。 別のパスワードでもう一度試してください。 また他の登録でもこのパスワードからの変更を検討してください。
 password_pwned_err=HaveIBeenPwnedへのリクエストを完了できませんでした
 last_admin=最後の管理者は削除できません。少なくとも一人の管理者が必要です。
 signin_passkey=パスキーでサインイン
@@ -919,6 +924,7 @@ oauth2_client_secret_hint=このページから移動したりページを更新
 oauth2_application_edit=編集
 oauth2_application_create_description=OAuth2アプリケーションで、サードパーティアプリケーションがこのインスタンス上のユーザーアカウントにアクセスできるようになります。
 oauth2_application_remove_description=OAuth2アプリケーションを削除すると、このインスタンス上の許可されたユーザーアカウントへのアクセスができなくなります。 続行しますか？
+oauth2_application_locked=設定で有効にされた場合、Giteaは起動時にいくつかのOAuth2アプリケーションを事前登録します。 想定されていない動作を防ぐため、これらは編集も削除もできません。 詳細についてはOAuth2のドキュメントを参照してください。
 
 authorized_oauth2_applications=許可済みOAuth2アプリケーション
 authorized_oauth2_applications_description=これらのサードパーティ アプリケーションに、あなたのGiteaアカウントへのアクセスを許可しています。 不要になったアプリケーションはアクセス権を取り消すようにしてください。
@@ -946,6 +952,7 @@ passcode_invalid=パスコードが間違っています。 再度お試しく
 twofa_enrolled=あなたのアカウントは正常に登録されました。 一回限りのリカバリキー (%s) は安全な場所に保存してください。 これは二度と表示されません。
 twofa_failed_get_secret=シークレットが取得できません。
 
+webauthn_desc=セキュリティキーは暗号化キーを内蔵するハードウェア ・ デバイスです。 2要素認証に使用できます。 セキュリティキーは<a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a>規格をサポートしている必要があります。
 webauthn_register_key=セキュリティキーを追加
 webauthn_nickname=ニックネーム
 webauthn_delete_key=セキュリティキーの登録解除
@@ -967,7 +974,7 @@ orgs_none=あなたはどの組織のメンバーでもありません。
 repos_none=あなたはリポジトリを所有していません。
 
 delete_account=アカウントを削除
-delete_prompt=この操作により、あなたのユーザーアカウントは恒久的に抹消されます。 取り消すことは<strong>できません</strong>。
+delete_prompt=この操作により、あなたのユーザーアカウントは恒久的に抹消されます。 元に戻すことは<strong>できません</strong>。
 delete_with_all_comments=あなたのアカウントは作成からまだ %s 経過していません。 幽霊コメント回避のため、イシューやPRのすべてのコメントは一緒に削除されます。
 confirm_delete_account=削除の続行
 delete_account_title=ユーザーアカウントの削除
@@ -1090,7 +1097,9 @@ tree_path_not_found_branch=パス %[1]s はブランチ %[2]s に存在しませ
 tree_path_not_found_tag=パス %[1]s はタグ %[2]s に存在しません
 
 transfer.accept=移転を承認
+transfer.accept_desc=`"%s" に移転`
 transfer.reject=移転を拒否
+transfer.reject_desc=`"%s" への移転をキャンセル`
 transfer.no_permission_to_accept=この移転を承認する権限がありません。
 transfer.no_permission_to_reject=この移転を拒否する権限がありません。
 
@@ -1225,6 +1234,7 @@ releases=リリース
 tag=タグ
 released_this=がこれをリリース
 tagged_this=がタグ付け
+file.title=%s at %s
 file_raw=Raw
 file_history=履歴
 file_view_source=ソースを表示
@@ -1712,6 +1722,7 @@ issues.dependency.add_error_dep_not_same_repo=両方とも同じリポジトリ
 issues.review.self.approval=自分のプルリクエストを承認することはできません。
 issues.review.self.rejection=自分のプルリクエストに対して修正を要求することはできません。
 issues.review.approve=が変更を承認 %s
+issues.review.comment=がレビュー %s
 issues.review.dismissed=が %s のレビューを棄却 %s
 issues.review.dismissed_label=棄却
 issues.review.left_comment=がコメント
@@ -1851,7 +1862,9 @@ pulls.unrelated_histories=マージ失敗: マージHEADとベースには共通
 pulls.merge_out_of_date=マージ失敗: マージの生成中にベースが更新されました。 ヒント: もう一度試してみてください
 pulls.head_out_of_date=マージ失敗: マージの生成中に head が更新されました。 ヒント: もう一度試してみてください
 pulls.has_merged=失敗: プルリクエストはマージされていました。再度マージしたり、ターゲットブランチを変更することはできません。
+pulls.push_rejected=プッシュ失敗: プッシュは拒否されました。 このリポジトリのGitフックを見直してください。
 pulls.push_rejected_summary=拒否メッセージ全体:
+pulls.push_rejected_no_message=プッシュ失敗: プッシュは拒否されましたが、リモートからのメッセージがありません。このリポジトリのGitフックを見直してください
 pulls.open_unmerged_pull_exists=`同じ条件のプルリクエスト (#%d) が未処理のため、再オープンはできません。`
 pulls.status_checking=いくつかのステータスチェックが待機中です
 pulls.status_checks_success=ステータスチェックはすべて成功しました
@@ -1907,6 +1920,7 @@ milestones.no_due_date=期日なし
 milestones.open=オープン
 milestones.close=クローズ
 milestones.new_subheader=マイルストーンを使うとイシューの整理や進捗確認がしやすくなります。
+milestones.completeness=<strong>%d%%</strong>消化
 milestones.create=マイルストーンを作成
 milestones.title=タイトル
 milestones.desc=説明
@@ -2306,6 +2320,7 @@ settings.event_pull_request_merge=プルリクエストのマージ
 settings.event_package=パッケージ
 settings.event_package_desc=リポジトリにパッケージが作成または削除されたとき。
 settings.branch_filter=ブランチ フィルター
+settings.branch_filter_desc=プッシュ、ブランチ作成、ブランチ削除のイベントを通知するブランチを、globパターンで指定するホワイトリストです。 空か<code>*</code>のときは、すべてのブランチのイベントを通知します。 文法については <a href="%[1]s">%[2]s</a> を参照してください。 例: <code>master</code> 、 <code>{master,release*}</code>
 settings.authorization_header=Authorizationヘッダー
 settings.authorization_header_desc=入力した場合、リクエストにAuthorizationヘッダーとして付加します。 例: %s
 settings.active=有効
@@ -2356,6 +2371,7 @@ settings.protected_branch.save_rule=ルールを保存
 settings.protected_branch.delete_rule=ルールを削除
 settings.protected_branch_can_push=プッシュを許可する
 settings.protected_branch_can_push_yes=プッシュできます
+settings.protected_branch_can_push_no=プッシュできません
 settings.branch_protection=ブランチ '<b>%s</b>' の保護ルール
 settings.protect_this_branch=ブランチの保護を有効にする
 settings.protect_this_branch_desc=ブランチの削除を防ぎ、ブランチへのプッシュやマージを制限します。
@@ -2392,6 +2408,7 @@ settings.protect_status_check_matched=マッチ
 settings.protect_invalid_status_check_pattern=`不正なステータスチェックパターン: "%s"`
 settings.protect_no_valid_status_check_patterns=有効なステータスチェックパターンがありません。
 settings.protect_required_approvals=必要な承認数:
+settings.protect_required_approvals_desc=必要な承認数を満たしたプルリクエストしかマージできないようにします。 必要となる承認とは、許可リストにあるユーザーやチーム、もしくは書き込み権限を持つ誰かからのものです。
 settings.protect_approvals_whitelist_enabled=許可リストに登録したユーザーやチームに承認を制限
 settings.protect_approvals_whitelist_enabled_desc=許可リストに登録したユーザーまたはチームによるレビューのみを、必要な承認数にカウントします。 承認の許可リストが無い場合は、書き込み権限を持つ人によるレビューを必要な承認数にカウントします。
 settings.protect_approvals_whitelist_users=許可リストに含めるレビューア:
@@ -2403,9 +2420,12 @@ settings.ignore_stale_approvals_desc=古いコミットに対して行われた
 settings.require_signed_commits=コミット署名必須
 settings.require_signed_commits_desc=署名されていない場合、または署名が検証できなかった場合は、このブランチへのプッシュを拒否します。
 settings.protect_branch_name_pattern=保護ブランチ名のパターン
+settings.protect_branch_name_pattern_desc=保護ブランチ名のパターン。書き方については <a href="%s">ドキュメント</a> を参照してください。例: main, release/**
 settings.protect_patterns=パターン
 settings.protect_protected_file_patterns=保護されるファイルのパターン (セミコロン';'で区切る):
+settings.protect_protected_file_patterns_desc=保護されたファイルは、このブランチにファイルを追加・編集・削除する権限を持つユーザーであっても、直接変更することができなくなります。 セミコロン(';')で区切って複数のパターンを指定できます。 パターンの文法については <a href='%[1]s'>%[2]s</a> を参照してください。 例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
 settings.protect_unprotected_file_patterns=保護しないファイルのパターン (セミコロン';'で区切る):
+settings.protect_unprotected_file_patterns_desc=保護しないファイルは、ユーザーに書き込み権限があればプッシュ制限をバイパスして直接変更できます。 セミコロン(';')で区切って複数のパターンを指定できます。 パターンの文法については <a href='%[1]s'>%[2]s</a> を参照してください。 例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
 settings.add_protected_branch=保護を有効にする
 settings.delete_protected_branch=保護を無効にする
 settings.update_protect_branch_success=ルール "%s" に対するブランチ保護を更新しました。
@@ -2437,6 +2457,7 @@ settings.tags.protection.allowed.teams=許可するチーム
 settings.tags.protection.allowed.noone=なし
 settings.tags.protection.create=タグを保護
 settings.tags.protection.none=タグは保護されていません。
+settings.tags.protection.pattern.description=ひとつのタグ名か、複数のタグにマッチするglobパターンまたは正規表現を使用できます。 詳しくは<a target="_blank" rel="noopener" href="%s">タグの保護ガイド</a> をご覧ください。
 settings.bot_token=Botトークン
 settings.chat_id=チャットID
 settings.thread_id=スレッドID
@@ -2651,6 +2672,7 @@ tag.create_success=タグ "%s" を作成しました。
 
 topic.manage_topics=トピックの管理
 topic.done=完了
+topic.count_prompt=選択できるのは25トピックまでです。
 topic.format_prompt=トピック名は英字または数字で始め、ダッシュ('-')やドット('.')を含めることができます。最大35文字までです。文字は小文字でなければなりません。
 
 find_file.go_to_file=ファイルへ移動
@@ -2719,7 +2741,7 @@ settings.change_orgname_redirect_prompt=古い名前は、再使用されてい
 settings.update_avatar_success=組織のアバターを更新しました。
 settings.delete=組織を削除
 settings.delete_account=この組織を削除
-settings.delete_prompt=組織は恒久的に削除され、元に戻すことは<strong>できません</strong>。 続行しますか？
+settings.delete_prompt=組織は恒久的に削除されます。 元に戻すことは<strong>できません</strong>！
 settings.confirm_delete_account=削除を確認
 settings.delete_org_title=組織の削除
 settings.delete_org_desc=組織を恒久的に削除します。 続行しますか？
@@ -2748,6 +2770,7 @@ teams.leave.detail=%s から脱退しますか？
 teams.can_create_org_repo=リポジトリを作成
 teams.can_create_org_repo_helper=メンバーは組織のリポジトリを新たに作成できます。作成者には新しいリポジトリの管理者権限が与えられます。
 teams.none_access=アクセスなし
+teams.none_access_helper=メンバーは、このユニットを表示したり他の操作を行うことはできません。 公開リポジトリには適用されません。
 teams.general_access=一般的なアクセス
 teams.general_access_helper=メンバーの権限は下記の権限テーブルで決定されます。
 teams.read_access=読み取り
@@ -2816,6 +2839,7 @@ last_page=最後
 total=合計: %d
 settings=管理設定
 
+dashboard.new_version_hint=Gitea %s が入手可能になりました。 現在実行しているのは %s です。 詳細は <a target="_blank" rel="noreferrer" href="%s">ブログ</a> を確認してください。
 dashboard.statistic=サマリー
 dashboard.maintenance_operations=メンテナンス操作
 dashboard.system_status=システム状況
@@ -3007,10 +3031,12 @@ packages.size=サイズ
 packages.published=配布
 
 defaulthooks=デフォルトWebhook
+defaulthooks.desc=Webhookは、特定のGiteaイベントが発生したときに、サーバーにHTTP POSTリクエストを自動的に送信するものです。 ここで定義したWebhookはデフォルトとなり、全ての新規リポジトリにコピーされます。 詳しくは<a target="_blank" rel="noopener" href="%s">Webhooksガイド</a>をご覧下さい。
 defaulthooks.add_webhook=デフォルトWebhookの追加
 defaulthooks.update_webhook=デフォルトWebhookの更新
 
 systemhooks=システムWebhook
+systemhooks.desc=Webhookは、特定のGiteaイベントが発生したときに、サーバーにHTTP POSTリクエストを自動的に送信するものです。 ここで定義したWebhookは、システム内のすべてのリポジトリで呼び出されます。 そのため、パフォーマンスに及ぼす影響を考慮したうえで設定してください。 詳しくは<a target="_blank" rel="noopener" href="%s">Webhooksガイド</a>をご覧下さい。
 systemhooks.add_webhook=システムWebhookを追加
 systemhooks.update_webhook=システムWebhookを更新
 
@@ -3105,8 +3131,18 @@ auths.tips=ヒント
 auths.tips.oauth2.general=OAuth2認証
 auths.tips.oauth2.general.tip=新しいOAuth2認証を登録するときは、コールバック/リダイレクトURLは以下になります:
 auths.tip.oauth2_provider=OAuth2プロバイダー
+auths.tip.bitbucket=新しいOAuthコンシューマーを %s から登録し、"アカウント" に "読み取り" 権限を追加してください。
 auths.tip.nextcloud=新しいOAuthコンシューマーを、インスタンスのメニュー "Settings -> Security -> OAuth 2.0 client" から登録してください。
+auths.tip.dropbox=新しいアプリケーションを %s から登録してください。
+auths.tip.facebook=新しいアプリケーションを %s で登録し、"Facebook Login"を追加してください。
+auths.tip.github=新しいOAuthアプリケーションを %s から登録してください。
+auths.tip.gitlab_new=新しいアプリケーションを %s から登録してください。
+auths.tip.google_plus=OAuth2クライアント資格情報を、Google APIコンソール %s から取得してください。
 auths.tip.openid_connect=OpenID Connect DiscoveryのURL "https://{server}/.well-known/openid-configuration" をエンドポイントとして指定してください
+auths.tip.twitter=%s へアクセスしてアプリケーションを作成し、“Allow this application to be used to Sign in with Twitter”オプションを有効にしてください。
+auths.tip.discord=新しいアプリケーションを %s から登録してください。
+auths.tip.gitea=新しいOAuthアプリケーションを登録してください。 利用ガイドは %s にあります
+auths.tip.yandex=`%s で新しいアプリケーションを作成してください。 "Yandex.Passport API" セクションで次の項目を許可します: "Access to email address"、"Access to user avatar"、"Access to username, first name and surname, gender"`
 auths.tip.mastodon=認証したいMastodonインスタンスのカスタムURLを入力してください (入力しない場合はデフォルトのURLを使用します)
 auths.edit=認証ソースの編集
 auths.activated=認証ソースはアクティベート済み
@@ -3272,6 +3308,7 @@ monitor.next=次回
 monitor.previous=前回
 monitor.execute_times=実行回数
 monitor.process=実行中のプロセス
+monitor.stacktrace=スタックトレース
 monitor.processes_count=%d プロセス
 monitor.download_diagnosis_report=診断レポートをダウンロード
 monitor.desc=説明
@@ -3279,6 +3316,8 @@ monitor.start=開始日時
 monitor.execute_time=実行時間
 monitor.last_execution_result=結果
 monitor.process.cancel=処理をキャンセル
+monitor.process.cancel_desc=処理をキャンセルするとデータが失われる可能性があります
+monitor.process.cancel_notices=キャンセル: <strong>%s</strong>?
 monitor.process.children=子プロセス
 
 monitor.queues=キュー
@@ -3380,6 +3419,7 @@ raw_minutes=分
 
 [dropzone]
 default_message=ファイルをここにドロップ、またはここをクリックしてアップロード
+invalid_input_type=この種類のファイルはアップロードできません。
 file_too_big=アップロードされたファイルのサイズ ({{filesize}} MB) は、最大サイズ ({{maxFilesize}} MB) を超えています。
 remove_file=ファイル削除
 
@@ -3527,6 +3567,7 @@ settings.link=このパッケージをリポジトリにリンク
 settings.link.description=パッケージをリポジトリにリンクすると、リポジトリのパッケージリストに表示されるようになります。
 settings.link.select=リポジトリを選択
 settings.link.button=リポジトリのリンクを更新
+settings.link.success=リポジトリのリンクが正常に更新されました。
 settings.link.error=リポジトリのリンクの更新に失敗しました。
 settings.delete=パッケージ削除
 settings.delete.description=パッケージの削除は恒久的で元に戻すことはできません。

From b594cec2bda6f861effedb2e8e0a7ebba191c0e9 Mon Sep 17 00:00:00 2001
From: ChristopherHX <christopher.homberger@web.de>
Date: Sun, 22 Sep 2024 13:01:09 +0200
Subject: [PATCH 101/129] Fix artifact v4 upload above 8MB (#31664)

Multiple chunks are uploaded with type "block" without using
"appendBlock" and eventually out of order for bigger uploads.
8MB seems to be the chunk size

This change parses the blockList uploaded after all blocks to get the
final artifact size and order them correctly before calculating the
sha256 checksum over all blocks

Fixes #31354
---
 routers/api/actions/artifacts_chunks.go       |  50 +++++-
 routers/api/actions/artifactsv4.go            | 144 +++++++++++++-----
 .../api_actions_artifact_v4_test.go           | 130 ++++++++++++++++
 3 files changed, 285 insertions(+), 39 deletions(-)

diff --git a/routers/api/actions/artifacts_chunks.go b/routers/api/actions/artifacts_chunks.go
index 3d1a3891d9e..cf48da12aa8 100644
--- a/routers/api/actions/artifacts_chunks.go
+++ b/routers/api/actions/artifacts_chunks.go
@@ -123,6 +123,54 @@ func listChunksByRunID(st storage.ObjectStorage, runID int64) (map[int64][]*chun
 	return chunksMap, nil
 }
 
+func listChunksByRunIDV4(st storage.ObjectStorage, runID, artifactID int64, blist *BlockList) ([]*chunkFileItem, error) {
+	storageDir := fmt.Sprintf("tmpv4%d", runID)
+	var chunks []*chunkFileItem
+	chunkMap := map[string]*chunkFileItem{}
+	dummy := &chunkFileItem{}
+	for _, name := range blist.Latest {
+		chunkMap[name] = dummy
+	}
+	if err := st.IterateObjects(storageDir, func(fpath string, obj storage.Object) error {
+		baseName := filepath.Base(fpath)
+		if !strings.HasPrefix(baseName, "block-") {
+			return nil
+		}
+		// when read chunks from storage, it only contains storage dir and basename,
+		// no matter the subdirectory setting in storage config
+		item := chunkFileItem{Path: storageDir + "/" + baseName, ArtifactID: artifactID}
+		var size int64
+		var b64chunkName string
+		if _, err := fmt.Sscanf(baseName, "block-%d-%d-%s", &item.RunID, &size, &b64chunkName); err != nil {
+			return fmt.Errorf("parse content range error: %v", err)
+		}
+		rchunkName, err := base64.URLEncoding.DecodeString(b64chunkName)
+		if err != nil {
+			return fmt.Errorf("failed to parse chunkName: %v", err)
+		}
+		chunkName := string(rchunkName)
+		item.End = item.Start + size - 1
+		if _, ok := chunkMap[chunkName]; ok {
+			chunkMap[chunkName] = &item
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+	for i, name := range blist.Latest {
+		chunk, ok := chunkMap[name]
+		if !ok || chunk.Path == "" {
+			return nil, fmt.Errorf("missing Chunk (%d/%d): %s", i, len(blist.Latest), name)
+		}
+		chunks = append(chunks, chunk)
+		if i > 0 {
+			chunk.Start = chunkMap[blist.Latest[i-1]].End + 1
+			chunk.End += chunk.Start
+		}
+	}
+	return chunks, nil
+}
+
 func mergeChunksForRun(ctx *ArtifactContext, st storage.ObjectStorage, runID int64, artifactName string) error {
 	// read all db artifacts by name
 	artifacts, err := db.Find[actions.ActionArtifact](ctx, actions.FindArtifactsOptions{
@@ -230,7 +278,7 @@ func mergeChunksForArtifact(ctx *ArtifactContext, chunks []*chunkFileItem, st st
 		rawChecksum := hash.Sum(nil)
 		actualChecksum := hex.EncodeToString(rawChecksum)
 		if !strings.HasSuffix(checksum, actualChecksum) {
-			return fmt.Errorf("update artifact error checksum is invalid")
+			return fmt.Errorf("update artifact error checksum is invalid %v vs %v", checksum, actualChecksum)
 		}
 	}
 
diff --git a/routers/api/actions/artifactsv4.go b/routers/api/actions/artifactsv4.go
index e78ed7a0c25..9e463cceebc 100644
--- a/routers/api/actions/artifactsv4.go
+++ b/routers/api/actions/artifactsv4.go
@@ -24,8 +24,15 @@ package actions
 // PUT: http://localhost:3000/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact?sig=mO7y35r4GyjN7fwg0DTv3-Fv1NDXD84KLEgLpoPOtDI=&expires=2024-01-23+21%3A48%3A37.20833956+%2B0100+CET&artifactName=test&taskID=75&comp=block
 // 1.3. Continue Upload Zip Content to Blobstorage (unauthenticated request), repeat until everything is uploaded
 // PUT: http://localhost:3000/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact?sig=mO7y35r4GyjN7fwg0DTv3-Fv1NDXD84KLEgLpoPOtDI=&expires=2024-01-23+21%3A48%3A37.20833956+%2B0100+CET&artifactName=test&taskID=75&comp=appendBlock
-// 1.4. Unknown xml payload to Blobstorage (unauthenticated request), ignored for now
+// 1.4. BlockList xml payload to Blobstorage (unauthenticated request)
+// Files of about 800MB are parallel in parallel and / or out of order, this file is needed to enshure the correct order
 // PUT: http://localhost:3000/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact?sig=mO7y35r4GyjN7fwg0DTv3-Fv1NDXD84KLEgLpoPOtDI=&expires=2024-01-23+21%3A48%3A37.20833956+%2B0100+CET&artifactName=test&taskID=75&comp=blockList
+// Request
+// <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+// <BlockList>
+// 	<Latest>blockId1</Latest>
+// 	<Latest>blockId2</Latest>
+// </BlockList>
 // 1.5. FinalizeArtifact
 // Post: /twirp/github.actions.results.api.v1.ArtifactService/FinalizeArtifact
 // Request
@@ -82,6 +89,7 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/base64"
+	"encoding/xml"
 	"fmt"
 	"io"
 	"net/http"
@@ -152,31 +160,34 @@ func ArtifactsV4Routes(prefix string) *web.Router {
 	return m
 }
 
-func (r artifactV4Routes) buildSignature(endp, expires, artifactName string, taskID int64) []byte {
+func (r artifactV4Routes) buildSignature(endp, expires, artifactName string, taskID, artifactID int64) []byte {
 	mac := hmac.New(sha256.New, setting.GetGeneralTokenSigningSecret())
 	mac.Write([]byte(endp))
 	mac.Write([]byte(expires))
 	mac.Write([]byte(artifactName))
 	mac.Write([]byte(fmt.Sprint(taskID)))
+	mac.Write([]byte(fmt.Sprint(artifactID)))
 	return mac.Sum(nil)
 }
 
-func (r artifactV4Routes) buildArtifactURL(ctx *ArtifactContext, endp, artifactName string, taskID int64) string {
+func (r artifactV4Routes) buildArtifactURL(ctx *ArtifactContext, endp, artifactName string, taskID, artifactID int64) string {
 	expires := time.Now().Add(60 * time.Minute).Format("2006-01-02 15:04:05.999999999 -0700 MST")
 	uploadURL := strings.TrimSuffix(httplib.GuessCurrentAppURL(ctx), "/") + strings.TrimSuffix(r.prefix, "/") +
-		"/" + endp + "?sig=" + base64.URLEncoding.EncodeToString(r.buildSignature(endp, expires, artifactName, taskID)) + "&expires=" + url.QueryEscape(expires) + "&artifactName=" + url.QueryEscape(artifactName) + "&taskID=" + fmt.Sprint(taskID)
+		"/" + endp + "?sig=" + base64.URLEncoding.EncodeToString(r.buildSignature(endp, expires, artifactName, taskID, artifactID)) + "&expires=" + url.QueryEscape(expires) + "&artifactName=" + url.QueryEscape(artifactName) + "&taskID=" + fmt.Sprint(taskID) + "&artifactID=" + fmt.Sprint(artifactID)
 	return uploadURL
 }
 
 func (r artifactV4Routes) verifySignature(ctx *ArtifactContext, endp string) (*actions.ActionTask, string, bool) {
 	rawTaskID := ctx.Req.URL.Query().Get("taskID")
+	rawArtifactID := ctx.Req.URL.Query().Get("artifactID")
 	sig := ctx.Req.URL.Query().Get("sig")
 	expires := ctx.Req.URL.Query().Get("expires")
 	artifactName := ctx.Req.URL.Query().Get("artifactName")
 	dsig, _ := base64.URLEncoding.DecodeString(sig)
 	taskID, _ := strconv.ParseInt(rawTaskID, 10, 64)
+	artifactID, _ := strconv.ParseInt(rawArtifactID, 10, 64)
 
-	expecedsig := r.buildSignature(endp, expires, artifactName, taskID)
+	expecedsig := r.buildSignature(endp, expires, artifactName, taskID, artifactID)
 	if !hmac.Equal(dsig, expecedsig) {
 		log.Error("Error unauthorized")
 		ctx.Error(http.StatusUnauthorized, "Error unauthorized")
@@ -271,6 +282,8 @@ func (r *artifactV4Routes) createArtifact(ctx *ArtifactContext) {
 		return
 	}
 	artifact.ContentEncoding = ArtifactV4ContentEncoding
+	artifact.FileSize = 0
+	artifact.FileCompressedSize = 0
 	if err := actions.UpdateArtifactByID(ctx, artifact.ID, artifact); err != nil {
 		log.Error("Error UpdateArtifactByID: %v", err)
 		ctx.Error(http.StatusInternalServerError, "Error UpdateArtifactByID")
@@ -279,7 +292,7 @@ func (r *artifactV4Routes) createArtifact(ctx *ArtifactContext) {
 
 	respData := CreateArtifactResponse{
 		Ok:              true,
-		SignedUploadUrl: r.buildArtifactURL(ctx, "UploadArtifact", artifactName, ctx.ActionTask.ID),
+		SignedUploadUrl: r.buildArtifactURL(ctx, "UploadArtifact", artifactName, ctx.ActionTask.ID, artifact.ID),
 	}
 	r.sendProtbufBody(ctx, &respData)
 }
@@ -293,38 +306,77 @@ func (r *artifactV4Routes) uploadArtifact(ctx *ArtifactContext) {
 	comp := ctx.Req.URL.Query().Get("comp")
 	switch comp {
 	case "block", "appendBlock":
-		// get artifact by name
-		artifact, err := r.getArtifactByName(ctx, task.Job.RunID, artifactName)
-		if err != nil {
-			log.Error("Error artifact not found: %v", err)
-			ctx.Error(http.StatusNotFound, "Error artifact not found")
-			return
-		}
+		blockid := ctx.Req.URL.Query().Get("blockid")
+		if blockid == "" {
+			// get artifact by name
+			artifact, err := r.getArtifactByName(ctx, task.Job.RunID, artifactName)
+			if err != nil {
+				log.Error("Error artifact not found: %v", err)
+				ctx.Error(http.StatusNotFound, "Error artifact not found")
+				return
+			}
 
-		if comp == "block" {
-			artifact.FileSize = 0
-			artifact.FileCompressedSize = 0
+			_, err = appendUploadChunk(r.fs, ctx, artifact, artifact.FileSize, ctx.Req.ContentLength, artifact.RunID)
+			if err != nil {
+				log.Error("Error runner api getting task: task is not running")
+				ctx.Error(http.StatusInternalServerError, "Error runner api getting task: task is not running")
+				return
+			}
+			artifact.FileCompressedSize += ctx.Req.ContentLength
+			artifact.FileSize += ctx.Req.ContentLength
+			if err := actions.UpdateArtifactByID(ctx, artifact.ID, artifact); err != nil {
+				log.Error("Error UpdateArtifactByID: %v", err)
+				ctx.Error(http.StatusInternalServerError, "Error UpdateArtifactByID")
+				return
+			}
+		} else {
+			_, err := r.fs.Save(fmt.Sprintf("tmpv4%d/block-%d-%d-%s", task.Job.RunID, task.Job.RunID, ctx.Req.ContentLength, base64.URLEncoding.EncodeToString([]byte(blockid))), ctx.Req.Body, -1)
+			if err != nil {
+				log.Error("Error runner api getting task: task is not running")
+				ctx.Error(http.StatusInternalServerError, "Error runner api getting task: task is not running")
+				return
+			}
 		}
-
-		_, err = appendUploadChunk(r.fs, ctx, artifact, artifact.FileSize, ctx.Req.ContentLength, artifact.RunID)
+		ctx.JSON(http.StatusCreated, "appended")
+	case "blocklist":
+		rawArtifactID := ctx.Req.URL.Query().Get("artifactID")
+		artifactID, _ := strconv.ParseInt(rawArtifactID, 10, 64)
+		_, err := r.fs.Save(fmt.Sprintf("tmpv4%d/%d-%d-blocklist", task.Job.RunID, task.Job.RunID, artifactID), ctx.Req.Body, -1)
 		if err != nil {
 			log.Error("Error runner api getting task: task is not running")
 			ctx.Error(http.StatusInternalServerError, "Error runner api getting task: task is not running")
 			return
 		}
-		artifact.FileCompressedSize += ctx.Req.ContentLength
-		artifact.FileSize += ctx.Req.ContentLength
-		if err := actions.UpdateArtifactByID(ctx, artifact.ID, artifact); err != nil {
-			log.Error("Error UpdateArtifactByID: %v", err)
-			ctx.Error(http.StatusInternalServerError, "Error UpdateArtifactByID")
-			return
-		}
-		ctx.JSON(http.StatusCreated, "appended")
-	case "blocklist":
 		ctx.JSON(http.StatusCreated, "created")
 	}
 }
 
+type BlockList struct {
+	Latest []string `xml:"Latest"`
+}
+
+type Latest struct {
+	Value string `xml:",chardata"`
+}
+
+func (r *artifactV4Routes) readBlockList(runID, artifactID int64) (*BlockList, error) {
+	blockListName := fmt.Sprintf("tmpv4%d/%d-%d-blocklist", runID, runID, artifactID)
+	s, err := r.fs.Open(blockListName)
+	if err != nil {
+		return nil, err
+	}
+
+	xdec := xml.NewDecoder(s)
+	blockList := &BlockList{}
+	err = xdec.Decode(blockList)
+
+	delerr := r.fs.Delete(blockListName)
+	if delerr != nil {
+		log.Warn("Failed to delete blockList %s: %v", blockListName, delerr)
+	}
+	return blockList, err
+}
+
 func (r *artifactV4Routes) finalizeArtifact(ctx *ArtifactContext) {
 	var req FinalizeArtifactRequest
 
@@ -343,18 +395,34 @@ func (r *artifactV4Routes) finalizeArtifact(ctx *ArtifactContext) {
 		ctx.Error(http.StatusNotFound, "Error artifact not found")
 		return
 	}
-	chunkMap, err := listChunksByRunID(r.fs, runID)
+
+	var chunks []*chunkFileItem
+	blockList, err := r.readBlockList(runID, artifact.ID)
 	if err != nil {
-		log.Error("Error merge chunks: %v", err)
-		ctx.Error(http.StatusInternalServerError, "Error merge chunks")
-		return
-	}
-	chunks, ok := chunkMap[artifact.ID]
-	if !ok {
-		log.Error("Error merge chunks")
-		ctx.Error(http.StatusInternalServerError, "Error merge chunks")
-		return
+		log.Warn("Failed to read BlockList, fallback to old behavior: %v", err)
+		chunkMap, err := listChunksByRunID(r.fs, runID)
+		if err != nil {
+			log.Error("Error merge chunks: %v", err)
+			ctx.Error(http.StatusInternalServerError, "Error merge chunks")
+			return
+		}
+		chunks, ok = chunkMap[artifact.ID]
+		if !ok {
+			log.Error("Error merge chunks")
+			ctx.Error(http.StatusInternalServerError, "Error merge chunks")
+			return
+		}
+	} else {
+		chunks, err = listChunksByRunIDV4(r.fs, runID, artifact.ID, blockList)
+		if err != nil {
+			log.Error("Error merge chunks: %v", err)
+			ctx.Error(http.StatusInternalServerError, "Error merge chunks")
+			return
+		}
+		artifact.FileSize = chunks[len(chunks)-1].End + 1
+		artifact.FileCompressedSize = chunks[len(chunks)-1].End + 1
 	}
+
 	checksum := ""
 	if req.Hash != nil {
 		checksum = req.Hash.Value
@@ -455,7 +523,7 @@ func (r *artifactV4Routes) getSignedArtifactURL(ctx *ArtifactContext) {
 		}
 	}
 	if respData.SignedUrl == "" {
-		respData.SignedUrl = r.buildArtifactURL(ctx, "DownloadArtifact", artifactName, ctx.ActionTask.ID)
+		respData.SignedUrl = r.buildArtifactURL(ctx, "DownloadArtifact", artifactName, ctx.ActionTask.ID, artifact.ID)
 	}
 	r.sendProtbufBody(ctx, &respData)
 }
diff --git a/tests/integration/api_actions_artifact_v4_test.go b/tests/integration/api_actions_artifact_v4_test.go
index f58f876849b..ec0fbbfa60a 100644
--- a/tests/integration/api_actions_artifact_v4_test.go
+++ b/tests/integration/api_actions_artifact_v4_test.go
@@ -7,12 +7,14 @@ import (
 	"bytes"
 	"crypto/sha256"
 	"encoding/hex"
+	"encoding/xml"
 	"io"
 	"net/http"
 	"strings"
 	"testing"
 	"time"
 
+	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/routers/api/actions"
 	actions_service "code.gitea.io/gitea/services/actions"
 	"code.gitea.io/gitea/tests"
@@ -170,6 +172,134 @@ func TestActionsArtifactV4UploadSingleFileWithRetentionDays(t *testing.T) {
 	assert.True(t, finalizeResp.Ok)
 }
 
+func TestActionsArtifactV4UploadSingleFileWithPotentialHarmfulBlockID(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	assert.NoError(t, err)
+
+	// acquire artifact upload url
+	req := NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/CreateArtifact", toProtoJSON(&actions.CreateArtifactRequest{
+		Version:                 4,
+		Name:                    "artifactWithPotentialHarmfulBlockID",
+		WorkflowRunBackendId:    "792",
+		WorkflowJobRunBackendId: "193",
+	})).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var uploadResp actions.CreateArtifactResponse
+	protojson.Unmarshal(resp.Body.Bytes(), &uploadResp)
+	assert.True(t, uploadResp.Ok)
+	assert.Contains(t, uploadResp.SignedUploadUrl, "/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact")
+
+	// get upload urls
+	idx := strings.Index(uploadResp.SignedUploadUrl, "/twirp/")
+	url := uploadResp.SignedUploadUrl[idx:] + "&comp=block&blockid=%2f..%2fmyfile"
+	blockListURL := uploadResp.SignedUploadUrl[idx:] + "&comp=blocklist"
+
+	// upload artifact chunk
+	body := strings.Repeat("A", 1024)
+	req = NewRequestWithBody(t, "PUT", url, strings.NewReader(body))
+	MakeRequest(t, req, http.StatusCreated)
+
+	// verify that the exploit didn't work
+	_, err = storage.Actions.Stat("myfile")
+	assert.Error(t, err)
+
+	// upload artifact blockList
+	blockList := &actions.BlockList{
+		Latest: []string{
+			"/../myfile",
+		},
+	}
+	rawBlockList, err := xml.Marshal(blockList)
+	assert.NoError(t, err)
+	req = NewRequestWithBody(t, "PUT", blockListURL, bytes.NewReader(rawBlockList))
+	MakeRequest(t, req, http.StatusCreated)
+
+	t.Logf("Create artifact confirm")
+
+	sha := sha256.Sum256([]byte(body))
+
+	// confirm artifact upload
+	req = NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/FinalizeArtifact", toProtoJSON(&actions.FinalizeArtifactRequest{
+		Name:                    "artifactWithPotentialHarmfulBlockID",
+		Size:                    1024,
+		Hash:                    wrapperspb.String("sha256:" + hex.EncodeToString(sha[:])),
+		WorkflowRunBackendId:    "792",
+		WorkflowJobRunBackendId: "193",
+	})).
+		AddTokenAuth(token)
+	resp = MakeRequest(t, req, http.StatusOK)
+	var finalizeResp actions.FinalizeArtifactResponse
+	protojson.Unmarshal(resp.Body.Bytes(), &finalizeResp)
+	assert.True(t, finalizeResp.Ok)
+}
+
+func TestActionsArtifactV4UploadSingleFileWithChunksOutOfOrder(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	assert.NoError(t, err)
+
+	// acquire artifact upload url
+	req := NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/CreateArtifact", toProtoJSON(&actions.CreateArtifactRequest{
+		Version:                 4,
+		Name:                    "artifactWithChunksOutOfOrder",
+		WorkflowRunBackendId:    "792",
+		WorkflowJobRunBackendId: "193",
+	})).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var uploadResp actions.CreateArtifactResponse
+	protojson.Unmarshal(resp.Body.Bytes(), &uploadResp)
+	assert.True(t, uploadResp.Ok)
+	assert.Contains(t, uploadResp.SignedUploadUrl, "/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact")
+
+	// get upload urls
+	idx := strings.Index(uploadResp.SignedUploadUrl, "/twirp/")
+	block1URL := uploadResp.SignedUploadUrl[idx:] + "&comp=block&blockid=block1"
+	block2URL := uploadResp.SignedUploadUrl[idx:] + "&comp=block&blockid=block2"
+	blockListURL := uploadResp.SignedUploadUrl[idx:] + "&comp=blocklist"
+
+	// upload artifact chunks
+	bodyb := strings.Repeat("B", 1024)
+	req = NewRequestWithBody(t, "PUT", block2URL, strings.NewReader(bodyb))
+	MakeRequest(t, req, http.StatusCreated)
+
+	bodya := strings.Repeat("A", 1024)
+	req = NewRequestWithBody(t, "PUT", block1URL, strings.NewReader(bodya))
+	MakeRequest(t, req, http.StatusCreated)
+
+	// upload artifact blockList
+	blockList := &actions.BlockList{
+		Latest: []string{
+			"block1",
+			"block2",
+		},
+	}
+	rawBlockList, err := xml.Marshal(blockList)
+	assert.NoError(t, err)
+	req = NewRequestWithBody(t, "PUT", blockListURL, bytes.NewReader(rawBlockList))
+	MakeRequest(t, req, http.StatusCreated)
+
+	t.Logf("Create artifact confirm")
+
+	sha := sha256.Sum256([]byte(bodya + bodyb))
+
+	// confirm artifact upload
+	req = NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/FinalizeArtifact", toProtoJSON(&actions.FinalizeArtifactRequest{
+		Name:                    "artifactWithChunksOutOfOrder",
+		Size:                    2048,
+		Hash:                    wrapperspb.String("sha256:" + hex.EncodeToString(sha[:])),
+		WorkflowRunBackendId:    "792",
+		WorkflowJobRunBackendId: "193",
+	})).
+		AddTokenAuth(token)
+	resp = MakeRequest(t, req, http.StatusOK)
+	var finalizeResp actions.FinalizeArtifactResponse
+	protojson.Unmarshal(resp.Body.Bytes(), &finalizeResp)
+	assert.True(t, finalizeResp.Ok)
+}
+
 func TestActionsArtifactV4DownloadSingle(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From 9e0db1b6469079b18cfc4a416cdd6396d42f9816 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 23 Sep 2024 02:08:27 +0800
Subject: [PATCH 102/129] Fix rename branch permission bug (#32066)

The previous implementation requires admin permission to rename branches
which should be write permission.

Fix #31993
---
 routers/web/web.go                      | 3 +--
 templates/repo/branch/list.tmpl         | 2 +-
 tests/integration/rename_branch_test.go | 8 ++++----
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/routers/web/web.go b/routers/web/web.go
index f1e941a84ef..5129bd4bda3 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1071,8 +1071,6 @@ func registerRoutes(m *web.Router) {
 			m.Post("/{id}/delete", repo_setting.DeleteProtectedBranchRulePost)
 		}, repo.MustBeNotEmpty)
 
-		m.Post("/rename_branch", web.Bind(forms.RenameBranchForm{}), context.RepoMustNotBeArchived(), repo_setting.RenameBranchPost)
-
 		m.Group("/tags", func() {
 			m.Get("", repo_setting.ProtectedTags)
 			m.Post("", web.Bind(forms.ProtectTagForm{}), context.RepoMustNotBeArchived(), repo_setting.NewProtectedTagPost)
@@ -1304,6 +1302,7 @@ func registerRoutes(m *web.Router) {
 			}, web.Bind(forms.NewBranchForm{}))
 			m.Post("/delete", repo.DeleteBranchPost)
 			m.Post("/restore", repo.RestoreBranchPost)
+			m.Post("/rename", web.Bind(forms.RenameBranchForm{}), repo_setting.RenameBranchPost)
 		}, context.RepoMustNotBeArchived(), reqRepoCodeWriter, repo.MustBeNotEmpty)
 
 		m.Combo("/fork").Get(repo.Fork).Post(web.Bind(forms.CreateRepoForm{}), repo.ForkPost)
diff --git a/templates/repo/branch/list.tmpl b/templates/repo/branch/list.tmpl
index 3c8e5846d70..f5d709bb16b 100644
--- a/templates/repo/branch/list.tmpl
+++ b/templates/repo/branch/list.tmpl
@@ -240,7 +240,7 @@
 	<div class="header">
 		{{ctx.Locale.Tr "repo.settings.rename_branch"}}
 	</div>
-	<form class="ui form" action="{{$.Repository.Link}}/settings/rename_branch" method="post">
+	<form class="ui form" action="{{$.Repository.Link}}/branches/rename" method="post">
 		<div class="content">
 			{{.CsrfTokenHtml}}
 			<div class="field default-branch-warning">
diff --git a/tests/integration/rename_branch_test.go b/tests/integration/rename_branch_test.go
index 13f6cf204b5..71bfb6b6cb2 100644
--- a/tests/integration/rename_branch_test.go
+++ b/tests/integration/rename_branch_test.go
@@ -28,11 +28,11 @@ func testRenameBranch(t *testing.T, u *url.URL) {
 
 	// get branch setting page
 	session := loginUser(t, "user2")
-	req := NewRequest(t, "GET", "/user2/repo1/settings/branches")
+	req := NewRequest(t, "GET", "/user2/repo1/branches")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc := NewHTMLParser(t, resp.Body)
 
-	req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/rename_branch", map[string]string{
+	req = NewRequestWithValues(t, "POST", "/user2/repo1/branches/rename", map[string]string{
 		"_csrf": htmlDoc.GetCSRF(),
 		"from":  "master",
 		"to":    "main",
@@ -76,7 +76,7 @@ func testRenameBranch(t *testing.T, u *url.URL) {
 	assert.Equal(t, "branch2", branch2.Name)
 
 	// rename branch2 to branch1
-	req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/rename_branch", map[string]string{
+	req = NewRequestWithValues(t, "POST", "/user2/repo1/branches/rename", map[string]string{
 		"_csrf": htmlDoc.GetCSRF(),
 		"from":  "branch2",
 		"to":    "branch1",
@@ -103,7 +103,7 @@ func testRenameBranch(t *testing.T, u *url.URL) {
 	assert.True(t, branch1.IsDeleted) // virtual deletion
 
 	// rename branch2 to branch1 again
-	req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/rename_branch", map[string]string{
+	req = NewRequestWithValues(t, "POST", "/user2/repo1/branches/rename", map[string]string{
 		"_csrf": htmlDoc.GetCSRF(),
 		"from":  "branch2",
 		"to":    "branch1",

From 48cdde98bb0c2e7aad3e5227b992f8017c247854 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Mon, 23 Sep 2024 00:31:34 +0000
Subject: [PATCH 103/129] [skip ci] Updated licenses and gitignores

---
 options/gitignore/Zig                |  2 ++
 options/license/Boehm-GC-without-fee | 14 ++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 options/gitignore/Zig
 create mode 100644 options/license/Boehm-GC-without-fee

diff --git a/options/gitignore/Zig b/options/gitignore/Zig
new file mode 100644
index 00000000000..3389c86c994
--- /dev/null
+++ b/options/gitignore/Zig
@@ -0,0 +1,2 @@
+.zig-cache/
+zig-out/
diff --git a/options/license/Boehm-GC-without-fee b/options/license/Boehm-GC-without-fee
new file mode 100644
index 00000000000..354d47017e2
--- /dev/null
+++ b/options/license/Boehm-GC-without-fee
@@ -0,0 +1,14 @@
+Copyright (c)  2000
+SWsoft  company
+
+Modifications copyright (c) 2001, 2013. Oracle and/or its affiliates.
+All rights reserved.
+
+This material is provided "as is", with absolutely no warranty expressed
+or implied. Any use is at your own risk.
+
+Permission to use or copy this software for any purpose is hereby granted
+without fee, provided the above notices are retained on all copies.
+Permission to modify the code and to distribute modified code is granted,
+provided the above notices are retained, and a notice that the code was
+modified is included with the above copyright notice.

From e1f0598c8f5af5ac95f5e13b74fbab99506762db Mon Sep 17 00:00:00 2001
From: cloudchamb3r <jizon0123@protonmail.com>
Date: Tue, 24 Sep 2024 02:09:57 +0900
Subject: [PATCH 104/129] Fix Bug in Issue/pulls list (#32081)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

fix #32080

## After
### for opened issues
<img width="1199" alt="Screenshot 2024-09-19 at 6 29 31 PM"
src="https://github.com/user-attachments/assets/86cf48ad-5e4b-4dcb-8abe-4d7fd74e0aec">

### for closed issues
<img width="1208" alt="Screenshot 2024-09-19 at 6 29 37 PM"
src="https://github.com/user-attachments/assets/a16bc545-bfcf-49a4-be52-3e7334910482">

### for all issues
<img width="1340" alt="Screenshot 2024-09-20 at 12 07 12 PM"
src="https://github.com/user-attachments/assets/b2309c8f-e59d-44e9-ae3b-bf54e1196169">
---
 routers/web/repo/issue.go                | 1 +
 templates/repo/issue/filter_actions.tmpl | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 596abb4b9ca..507b5af9d90 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -467,6 +467,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
 	ctx.Data["AssigneeID"] = assigneeID
 	ctx.Data["PosterID"] = posterID
 	ctx.Data["Keyword"] = keyword
+	ctx.Data["IsShowClosed"] = isShowClosed
 	switch {
 	case isShowClosed.Value():
 		ctx.Data["State"] = "closed"
diff --git a/templates/repo/issue/filter_actions.tmpl b/templates/repo/issue/filter_actions.tmpl
index 88d0653f7db..831ab17bea2 100644
--- a/templates/repo/issue/filter_actions.tmpl
+++ b/templates/repo/issue/filter_actions.tmpl
@@ -1,9 +1,9 @@
 <div class="ui secondary filter menu">
 	{{if not .Repository.IsArchived}}
 		<!-- Action Button -->
-		{{if .IsShowClosed}}
+		{{if and .IsShowClosed.Has .IsShowClosed.Value}}
 			<button class="ui primary basic button issue-action" data-action="open" data-url="{{$.RepoLink}}/issues/status">{{ctx.Locale.Tr "repo.issues.action_open"}}</button>
-		{{else}}
+		{{else if and .IsShowClosed.Has (not .IsShowClosed.Value)}}
 			<button class="ui red basic button issue-action" data-action="close" data-url="{{$.RepoLink}}/issues/status">{{ctx.Locale.Tr "repo.issues.action_close"}}</button>
 		{{end}}
 		{{if $.IsRepoAdmin}}

From 38e3d8b4e65d49c2efc6ab1d3c012e5a75cab07b Mon Sep 17 00:00:00 2001
From: techknowlogick <techknowlogick@gitea.com>
Date: Mon, 23 Sep 2024 16:54:20 -0400
Subject: [PATCH 105/129] use rebuilt mssql-2017 image (#32109)

---
 .github/workflows/pull-db-tests.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pull-db-tests.yml b/.github/workflows/pull-db-tests.yml
index 90804c0f0a3..22cb784245c 100644
--- a/.github/workflows/pull-db-tests.yml
+++ b/.github/workflows/pull-db-tests.yml
@@ -198,11 +198,12 @@ jobs:
   test-mssql:
     if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
     needs: files-changed
-    runs-on: ubuntu-latest
+    # specifying the version of ubuntu in use as mssql fails on newer kernels
+    # pending resolution from vendor
+    runs-on: ubuntu-20.04
     services:
       mssql:
-        # some images before 2024-04 can't run on new kernels
-        image: mcr.microsoft.com/mssql/server:2019-latest
+        image: mcr.microsoft.com/mssql/server:2017-latest
         env:
           ACCEPT_EULA: Y
           MSSQL_PID: Standard

From 6afb22448b7845fb8f570d64ce2ad6c4c81b9d2f Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Tue, 24 Sep 2024 00:30:57 +0000
Subject: [PATCH 106/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_ja-JP.ini | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 48f241f7b85..3a80c741db4 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -159,6 +159,7 @@ filter.public=公開
 filter.private=プライベート
 
 no_results_found=見つかりません。
+internal_error_skipped=内部エラーが発生しましたがスキップされました: %s
 
 [search]
 search=検索…
@@ -177,6 +178,8 @@ code_search_by_git_grep=現在のコード検索は "git grep" によって行
 package_kind=パッケージを検索...
 project_kind=プロジェクトを検索...
 branch_kind=ブランチを検索...
+tag_kind=タグを検索...
+tag_tooltip=一致するタグを検索します。任意のシーケンスに一致させるには '%' を使用してください。
 commit_kind=コミットを検索...
 runner_kind=ランナーを検索...
 no_results=一致する結果が見つかりませんでした
@@ -1174,6 +1177,11 @@ migrate.gogs.description=notabug.org  やその他の Gogs インスタンスか
 migrate.onedev.description=code.onedev.io やその他の OneDev インスタンスからデータを移行します。
 migrate.codebase.description=codebasehq.com からデータを移行します。
 migrate.gitbucket.description=GitBucket インスタンスからデータを移行します。
+migrate.codecommit.description=AWS CodeCommitからデータを移行します。
+migrate.codecommit.aws_access_key_id=AWS アクセスキー ID
+migrate.codecommit.aws_secret_access_key=AWSシークレットアクセスキー
+migrate.codecommit.https_git_credentials_username=HTTPS Git 認証情報 ユーザー名
+migrate.codecommit.https_git_credentials_password=HTTPS Git 認証情報 パスワード
 migrate.migrating_git=Gitデータ移行中
 migrate.migrating_topics=トピック移行中
 migrate.migrating_milestones=マイルストーン移行中
@@ -1251,6 +1259,7 @@ ambiguous_runes_header=このファイルには曖昧(ambiguous)なUnicode文字
 ambiguous_runes_description=このファイルには、他の文字と見間違える可能性があるUnicode文字が含まれています。 それが意図的なものと考えられる場合は、この警告を無視して構いません。 それらの文字を表示するにはエスケープボタンを使用します。
 invisible_runes_line=`この行には不可視のUnicode文字があります`
 ambiguous_runes_line=`この行には曖昧(ambiguous)なUnicode文字があります`
+ambiguous_character=`%[1]c [U+%04[1]X] は %[2]c [U+%04[2]X] と混同するおそれがあります`
 
 escape_control_characters=エスケープ
 unescape_control_characters=エスケープ解除
@@ -1748,6 +1757,11 @@ issues.review.resolve_conversation=解決済みにする
 issues.review.un_resolve_conversation=未解決にする
 issues.review.resolved_by=がこの会話を解決済みにしました
 issues.review.commented=コメント
+issues.review.official=承認済み
+issues.review.requested=レビュー待ち
+issues.review.rejected=変更要請済み
+issues.review.stale=承認後に更新されました
+issues.review.unofficial=カウントされない承認
 issues.assignee.error=予期しないエラーにより、一部の担当者を追加できませんでした。
 issues.reference_issue.body=内容
 issues.content_history.deleted=削除しました
@@ -1821,6 +1835,8 @@ pulls.is_empty=このブランチの変更は既にターゲットブランチ
 pulls.required_status_check_failed=いくつかの必要なステータスチェックが成功していません。
 pulls.required_status_check_missing=必要なチェックがいくつか抜けています。
 pulls.required_status_check_administrator=管理者であるため、このプルリクエストをマージすることは可能です。
+pulls.blocked_by_approvals=このプルリクエストはまだ必要な承認数を満たしていません。 公式の承認を %[1]d / %[2]d 得ています。
+pulls.blocked_by_approvals_whitelisted=このプルリクエストはまだ必要な承認数を満たしていません。 許可リストのユーザーまたはチームからの承認を %[1]d / %[2]d 得ています。
 pulls.blocked_by_rejection=このプルリクエストは公式レビューアにより変更要請されています。
 pulls.blocked_by_official_review_requests=このプルリクエストには公式レビュー依頼があります。
 pulls.blocked_by_outdated_branch=このプルリクエストは遅れのためブロックされています。

From fcedf634d5864a9e4ec3f866b99076872aafd07d Mon Sep 17 00:00:00 2001
From: Zettat123 <zettat123@gmail.com>
Date: Tue, 24 Sep 2024 09:00:09 +0800
Subject: [PATCH 107/129] Fix bug in getting merged pull request by commit
 (#32079)

---
 routers/api/v1/api.go              |  2 ++
 routers/api/v1/repo/commits.go     |  6 +++---
 templates/swagger/v1_json.tmpl     |  2 +-
 tests/integration/api_pull_test.go | 16 ++++++++++++++++
 4 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index be67ec1695b..1244676508e 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1286,6 +1286,8 @@ func Routes() *web.Router {
 					m.Group("/{ref}", func() {
 						m.Get("/status", repo.GetCombinedCommitStatusByRef)
 						m.Get("/statuses", repo.GetCommitStatusesByRef)
+					}, context.ReferencesGitRepo())
+					m.Group("/{sha}", func() {
 						m.Get("/pull", repo.GetCommitPullRequest)
 					}, context.ReferencesGitRepo())
 				}, reqRepoReader(unit.TypeCode))
diff --git a/routers/api/v1/repo/commits.go b/routers/api/v1/repo/commits.go
index cec7c3d534c..788c75fab2f 100644
--- a/routers/api/v1/repo/commits.go
+++ b/routers/api/v1/repo/commits.go
@@ -325,11 +325,11 @@ func DownloadCommitDiffOrPatch(ctx *context.APIContext) {
 	}
 }
 
-// GetCommitPullRequest returns the pull request of the commit
+// GetCommitPullRequest returns the merged pull request of the commit
 func GetCommitPullRequest(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/commits/{sha}/pull repository repoGetCommitPullRequest
 	// ---
-	// summary: Get the pull request of the commit
+	// summary: Get the merged pull request of the commit
 	// produces:
 	// - application/json
 	// parameters:
@@ -354,7 +354,7 @@ func GetCommitPullRequest(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	pr, err := issues_model.GetPullRequestByMergedCommit(ctx, ctx.Repo.Repository.ID, ctx.PathParam(":sha"))
+	pr, err := issues_model.GetPullRequestByMergedCommit(ctx, ctx.Repo.Repository.ID, ctx.PathParam("sha"))
 	if err != nil {
 		if issues_model.IsErrPullRequestNotExist(err) {
 			ctx.Error(http.StatusNotFound, "GetPullRequestByMergedCommit", err)
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index d9f1a8f5e93..59835055027 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -5446,7 +5446,7 @@
         "tags": [
           "repository"
         ],
-        "summary": "Get the pull request of the commit",
+        "summary": "Get the merged pull request of the commit",
         "operationId": "repoGetCommitPullRequest",
         "parameters": [
           {
diff --git a/tests/integration/api_pull_test.go b/tests/integration/api_pull_test.go
index 8239878d2b7..b7e01d4a20c 100644
--- a/tests/integration/api_pull_test.go
+++ b/tests/integration/api_pull_test.go
@@ -334,3 +334,19 @@ func doAPIGetPullFiles(ctx APITestContext, pr *api.PullRequest, callback func(*t
 		}
 	}
 }
+
+func TestAPICommitPullRequest(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+	ctx := NewAPITestContext(t, "user2", repo.Name, auth_model.AccessTokenScopeReadRepository)
+
+	mergedCommitSHA := "1a8823cd1a9549fde083f992f6b9b87a7ab74fb3"
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/commits/%s/pull", owner.Name, repo.Name, mergedCommitSHA).AddTokenAuth(ctx.Token)
+	ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+	invalidCommitSHA := "abcd1234abcd1234abcd1234abcd1234abcd1234"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/commits/%s/pull", owner.Name, repo.Name, invalidCommitSHA).AddTokenAuth(ctx.Token)
+	ctx.Session.MakeRequest(t, req, http.StatusNotFound)
+}

From 3f2d8f873035b614b4cdb447d8e16f5af82cefe8 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 24 Sep 2024 09:30:05 +0800
Subject: [PATCH 108/129] Fix panic when cloning with wrong ssh format.
 (#32076)

---
 cmd/serv.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/cmd/serv.go b/cmd/serv.go
index 2bfd1110617..f74a8fd3d07 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -143,6 +143,12 @@ func runServ(c *cli.Context) error {
 		return nil
 	}
 
+	defer func() {
+		if err := recover(); err != nil {
+			_ = fail(ctx, "Internal Server Error", "Panic: %v\n%s", err, log.Stack(2))
+		}
+	}()
+
 	keys := strings.Split(c.Args().First(), "-")
 	if len(keys) != 2 || keys[0] != "key" {
 		return fail(ctx, "Key ID format error", "Invalid key argument: %s", c.Args().First())
@@ -189,10 +195,7 @@ func runServ(c *cli.Context) error {
 	}
 
 	verb := words[0]
-	repoPath := words[1]
-	if repoPath[0] == '/' {
-		repoPath = repoPath[1:]
-	}
+	repoPath := strings.TrimPrefix(words[1], "/")
 
 	var lfsVerb string
 	if verb == lfsAuthenticateVerb {

From 6eb5950835dd8e0eef2ef6d343af4acfce40a2fc Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 24 Sep 2024 10:06:28 +0800
Subject: [PATCH 109/129] Allow set branch protection in an empty repository
 (#32095)

---
 routers/web/web.go                    |  2 +-
 templates/repo/settings/branches.tmpl | 22 ++++++++++------------
 templates/repo/settings/navbar.tmpl   |  8 +++-----
 3 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/routers/web/web.go b/routers/web/web.go
index 5129bd4bda3..af46c36fe7d 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1069,7 +1069,7 @@ func registerRoutes(m *web.Router) {
 			m.Combo("/edit").Get(repo_setting.SettingsProtectedBranch).
 				Post(web.Bind(forms.ProtectBranchForm{}), context.RepoMustNotBeArchived(), repo_setting.SettingsProtectedBranchPost)
 			m.Post("/{id}/delete", repo_setting.DeleteProtectedBranchRulePost)
-		}, repo.MustBeNotEmpty)
+		})
 
 		m.Group("/tags", func() {
 			m.Get("", repo_setting.ProtectedTags)
diff --git a/templates/repo/settings/branches.tmpl b/templates/repo/settings/branches.tmpl
index 52c0c2c800b..6f070ba61cd 100644
--- a/templates/repo/settings/branches.tmpl
+++ b/templates/repo/settings/branches.tmpl
@@ -15,19 +15,17 @@
 				<form class="tw-flex" action="{{.Link}}" method="post">
 					{{.CsrfTokenHtml}}
 					<input type="hidden" name="action" value="default_branch">
-					{{if not .Repository.IsEmpty}}
-						<div class="ui dropdown selection search tw-flex-1 tw-mr-2 tw-max-w-96">
-							{{svg "octicon-triangle-down" 14 "dropdown icon"}}
-							<input type="hidden" name="branch" value="{{.Repository.DefaultBranch}}">
-							<div class="default text">{{.Repository.DefaultBranch}}</div>
-							<div class="menu">
-								{{range .Branches}}
-									<div class="item" data-value="{{.}}">{{.}}</div>
-								{{end}}
-							</div>
+					<div class="ui dropdown selection search tw-flex-1 tw-mr-2 tw-max-w-96">
+						{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+						<input type="hidden" name="branch" value="{{.Repository.DefaultBranch}}">
+						<div class="default text">{{.Repository.DefaultBranch}}</div>
+						<div class="menu">
+							{{range .Branches}}
+								<div class="item" data-value="{{.}}">{{.}}</div>
+							{{end}}
 						</div>
-						<button class="ui primary button">{{ctx.Locale.Tr "repo.settings.branches.update_default_branch"}}</button>
-					{{end}}
+					</div>
+					<button class="ui primary button"{{if .Repository.IsEmpty}} disabled{{end}}>{{ctx.Locale.Tr "repo.settings.branches.update_default_branch"}}</button>
 				</form>
 			</div>
 
diff --git a/templates/repo/settings/navbar.tmpl b/templates/repo/settings/navbar.tmpl
index b9105bb8ed8..e46273aff05 100644
--- a/templates/repo/settings/navbar.tmpl
+++ b/templates/repo/settings/navbar.tmpl
@@ -13,11 +13,9 @@
 			</a>
 		{{end}}
 		{{if .Repository.UnitEnabled $.Context ctx.Consts.RepoUnitTypeCode}}
-			{{if not .Repository.IsEmpty}}
-				<a class="{{if .PageIsSettingsBranches}}active {{end}}item" href="{{.RepoLink}}/settings/branches">
-					{{ctx.Locale.Tr "repo.settings.branches"}}
-				</a>
-			{{end}}
+			<a class="{{if .PageIsSettingsBranches}}active {{end}}item" href="{{.RepoLink}}/settings/branches">
+				{{ctx.Locale.Tr "repo.settings.branches"}}
+			</a>
 			<a class="{{if .PageIsSettingsTags}}active {{end}}item" href="{{.RepoLink}}/settings/tags">
 				{{ctx.Locale.Tr "repo.settings.tags"}}
 			</a>

From 2c6fa6c1e05437b5515c7be4f516ac4e4a59bf3c Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 24 Sep 2024 11:02:42 +0800
Subject: [PATCH 110/129] Fix template bug of pull request view (#32072)

Caused by #31924
---
 templates/repo/issue/view_content/sidebar.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/repo/issue/view_content/sidebar.tmpl b/templates/repo/issue/view_content/sidebar.tmpl
index 49c40be5a94..e49e90df56c 100644
--- a/templates/repo/issue/view_content/sidebar.tmpl
+++ b/templates/repo/issue/view_content/sidebar.tmpl
@@ -109,7 +109,7 @@
 							</a>
 						</div>
 						<div class="tw-flex tw-items-center tw-gap-2">
-							<span {{if .Review.TooltipContent}}data-tooltip-content="{{ctx.Locale.Tr .Review.TooltipContent}}"{{end}}>
+							<span {{if .TooltipContent}}data-tooltip-content="{{ctx.Locale.Tr .TooltipContent}}"{{end}}>
 								{{svg (printf "octicon-%s" .Type.Icon) 16 (printf "text %s" (.HTMLTypeColorName))}}
 							</span>
 						</div>

From aadbe0488f454b9f7f5a56765f4530f9d1e2c6ec Mon Sep 17 00:00:00 2001
From: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
Date: Mon, 23 Sep 2024 20:38:08 -0700
Subject: [PATCH 111/129] Truncate commit message during Discord webhook push
 events (#31970)

Resolves #31668.
---
 services/webhook/discord.go      | 11 +++++++++--
 services/webhook/discord_test.go | 14 ++++++++++++++
 services/webhook/general_test.go | 10 +++++++++-
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/services/webhook/discord.go b/services/webhook/discord.go
index f27b39dac37..59e87a7e1fb 100644
--- a/services/webhook/discord.go
+++ b/services/webhook/discord.go
@@ -11,6 +11,7 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"unicode/utf8"
 
 	webhook_model "code.gitea.io/gitea/models/webhook"
 	"code.gitea.io/gitea/modules/git"
@@ -154,8 +155,14 @@ func (d discordConvertor) Push(p *api.PushPayload) (DiscordPayload, error) {
 	var text string
 	// for each commit, generate attachment text
 	for i, commit := range p.Commits {
-		text += fmt.Sprintf("[%s](%s) %s - %s", commit.ID[:7], commit.URL,
-			strings.TrimRight(commit.Message, "\r\n"), commit.Author.Name)
+		// limit the commit message display to just the summary, otherwise it would be hard to read
+		message := strings.TrimRight(strings.SplitN(commit.Message, "\n", 1)[0], "\r")
+
+		// a limit of 50 is set because GitHub does the same
+		if utf8.RuneCountInString(message) > 50 {
+			message = fmt.Sprintf("%.47s...", message)
+		}
+		text += fmt.Sprintf("[%s](%s) %s - %s", commit.ID[:7], commit.URL, message, commit.Author.Name)
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
 			text += "\n"
diff --git a/services/webhook/discord_test.go b/services/webhook/discord_test.go
index c04b95383bf..fbb4b24ef12 100644
--- a/services/webhook/discord_test.go
+++ b/services/webhook/discord_test.go
@@ -80,6 +80,20 @@ func TestDiscordPayload(t *testing.T) {
 		assert.Equal(t, p.Sender.AvatarURL, pl.Embeds[0].Author.IconURL)
 	})
 
+	t.Run("PushWithLongCommitMessage", func(t *testing.T) {
+		p := pushTestMultilineCommitMessagePayload()
+
+		pl, err := dc.Push(p)
+		require.NoError(t, err)
+
+		assert.Len(t, pl.Embeds, 1)
+		assert.Equal(t, "[test/repo:test] 2 new commits", pl.Embeds[0].Title)
+		assert.Equal(t, "[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好... - user1\n[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好... - user1", pl.Embeds[0].Description)
+		assert.Equal(t, p.Sender.UserName, pl.Embeds[0].Author.Name)
+		assert.Equal(t, setting.AppURL+p.Sender.UserName, pl.Embeds[0].Author.URL)
+		assert.Equal(t, p.Sender.AvatarURL, pl.Embeds[0].Author.IconURL)
+	})
+
 	t.Run("Issue", func(t *testing.T) {
 		p := issueTestPayload()
 
diff --git a/services/webhook/general_test.go b/services/webhook/general_test.go
index fc6e7140e7b..d6a77c94425 100644
--- a/services/webhook/general_test.go
+++ b/services/webhook/general_test.go
@@ -64,9 +64,17 @@ func forkTestPayload() *api.ForkPayload {
 }
 
 func pushTestPayload() *api.PushPayload {
+	return pushTestPayloadWithCommitMessage("commit message")
+}
+
+func pushTestMultilineCommitMessagePayload() *api.PushPayload {
+	return pushTestPayloadWithCommitMessage("This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好 ⚠️⚠️️\n\nThis is the message body.")
+}
+
+func pushTestPayloadWithCommitMessage(message string) *api.PushPayload {
 	commit := &api.PayloadCommit{
 		ID:      "2020558fe2e34debb818a514715839cabd25e778",
-		Message: "commit message",
+		Message: message,
 		URL:     "http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778",
 		Author: &api.PayloadUser{
 			Name:     "user1",

From e2f365b55cca7cf986a1f04e4d9e43d7e7aef7ad Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 24 Sep 2024 12:14:57 +0800
Subject: [PATCH 112/129] Display head branch more comfortable on pull request
 view (#32000)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR do some minor improvements for head branch display on pull
request view UI.

- [x] Remove the link if the head branch has been deleted with a
tooltip, so that users will not result in a 404 page
- [x] Display a label if this pull request is an agit based one.

![图片](https://github.com/user-attachments/assets/872f26b6-f1cf-4427-9e41-e3a5b176dfa4)
---
 models/issues/pull.go                |  4 ++++
 options/locale/locale_en-US.ini      |  1 +
 routers/web/repo/pull.go             | 14 +++++++++++++-
 templates/repo/issue/view_title.tmpl |  9 +++++++--
 4 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/models/issues/pull.go b/models/issues/pull.go
index 5fe95d56cc2..4a5782f836c 100644
--- a/models/issues/pull.go
+++ b/models/issues/pull.go
@@ -268,6 +268,10 @@ func (pr *PullRequest) LoadAttributes(ctx context.Context) (err error) {
 	return nil
 }
 
+func (pr *PullRequest) IsAgitFlow() bool {
+	return pr.Flow == PullRequestFlowAGit
+}
+
 // LoadHeadRepo loads the head repository, pr.HeadRepo will remain nil if it does not exist
 // and thus ErrRepoNotExist will never be returned
 func (pr *PullRequest) LoadHeadRepo(ctx context.Context) (err error) {
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 957e73b171d..f77fd203a2d 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1927,6 +1927,7 @@ pulls.delete.text = Do you really want to delete this pull request? (This will p
 pulls.recently_pushed_new_branches = You pushed on branch <strong>%[1]s</strong> %[2]s
 
 pull.deleted_branch = (deleted):%s
+pull.agit_documentation = Review documentation about AGit
 
 comments.edit.already_changed = Unable to save changes to the comment. It appears the content has already been changed by another user. Please refresh the page and try editing again to avoid overwriting their changes
 
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 95299b44d5a..ced0bbc15a0 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -164,7 +164,19 @@ func setMergeTarget(ctx *context.Context, pull *issues_model.PullRequest) {
 		ctx.Data["HeadTarget"] = pull.MustHeadUserName(ctx) + "/" + pull.HeadRepo.Name + ":" + pull.HeadBranch
 	}
 	ctx.Data["BaseTarget"] = pull.BaseBranch
-	ctx.Data["HeadBranchLink"] = pull.GetHeadBranchLink(ctx)
+	headBranchLink := ""
+	if pull.Flow == issues_model.PullRequestFlowGithub {
+		b, err := git_model.GetBranch(ctx, ctx.Repo.Repository.ID, pull.HeadBranch)
+		switch {
+		case err == nil:
+			if !b.IsDeleted {
+				headBranchLink = pull.GetHeadBranchLink(ctx)
+			}
+		case !git_model.IsErrBranchNotExist(err):
+			log.Error("GetBranch: %v", err)
+		}
+	}
+	ctx.Data["HeadBranchLink"] = headBranchLink
 	ctx.Data["BaseBranchLink"] = pull.GetBaseBranchLink(ctx)
 }
 
diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl
index 1243681f3a2..7fa77b3f1cf 100644
--- a/templates/repo/issue/view_title.tmpl
+++ b/templates/repo/issue/view_title.tmpl
@@ -50,9 +50,14 @@
 			{{if .Issue.IsPull}}
 				{{$headHref := .HeadTarget}}
 				{{if .HeadBranchLink}}
-					{{$headHref = HTMLFormat `<a href="%s">%s</a>` .HeadBranchLink $headHref}}
+					{{$headHref = HTMLFormat `<a href="%s">%s</a> <button class="btn interact-fg" data-tooltip-content="%s" data-clipboard-text="%s">%s</button>` .HeadBranchLink $headHref (ctx.Locale.Tr "copy_branch") .HeadTarget (svg "octicon-copy" 14)}}
+				{{else}}
+					{{if .Issue.PullRequest.IsAgitFlow}}
+						{{$headHref = HTMLFormat `%s <a href="%s" target="_blank"><span class="ui label basic tiny" data-tooltip-content="%s">AGit</span></a>` $headHref "https://docs.gitea.com/usage/agit" (ctx.Locale.Tr "repo.pull.agit_documentation")}}
+					{{else}}
+						{{$headHref = HTMLFormat `<span data-tooltip-content="%s">%s</span>` (ctx.Locale.Tr "form.target_branch_not_exist") $headHref}}
+					{{end}}
 				{{end}}
-				{{$headHref = HTMLFormat `%s <button class="btn interact-fg" data-tooltip-content="%s" data-clipboard-text="%s">%s</button>` $headHref (ctx.Locale.Tr "copy_branch") .HeadTarget (svg "octicon-copy" 14)}}
 				{{$baseHref := .BaseTarget}}
 				{{if .BaseBranchLink}}
 					{{$baseHref = HTMLFormat `<a href="%s">%s</a>` .BaseBranchLink $baseHref}}

From 4947bec8360c152daca23e120eae1732d3848492 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 24 Sep 2024 15:12:06 +0800
Subject: [PATCH 113/129] Include collaboration repositories on dashboard
 source/forks/mirrors list (#31946)

Fix #13489

In the original implementation, only `All` will display your owned and
collaborated repositories. For other filters like `Source`, `Mirrors`
and etc. will only display your owned repositories.

This PR removed the limitations. Now except `collbrations`, other
filters will always display your owned and collaborated repositories.
---
 web_src/js/components/DashboardRepoList.vue | 1 -
 1 file changed, 1 deletion(-)

diff --git a/web_src/js/components/DashboardRepoList.vue b/web_src/js/components/DashboardRepoList.vue
index afc58d36892..ce165b1b3df 100644
--- a/web_src/js/components/DashboardRepoList.vue
+++ b/web_src/js/components/DashboardRepoList.vue
@@ -78,7 +78,6 @@ const sfc = {
     searchURL() {
       return `${this.subUrl}/repo/search?sort=updated&order=desc&uid=${this.uid}&team_id=${this.teamId}&q=${this.searchQuery
       }&page=${this.page}&limit=${this.searchLimit}&mode=${this.repoTypes[this.reposFilter].searchMode
-      }${this.reposFilter !== 'all' ? '&exclusive=1' : ''
       }${this.archivedFilter === 'archived' ? '&archived=true' : ''}${this.archivedFilter === 'unarchived' ? '&archived=false' : ''
       }${this.privateFilter === 'private' ? '&is_private=true' : ''}${this.privateFilter === 'public' ? '&is_private=false' : ''
       }`;

From 5a8568459d22e57cac506465463660526ca6a08f Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Tue, 24 Sep 2024 15:42:08 +0800
Subject: [PATCH 114/129] Fix bug when deleting a migrated branch (#32075)

After migrating a repository with pull request, the branch is missed and
after the pull request merged, the branch cannot be deleted.
---
 services/repository/branch.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/services/repository/branch.go b/services/repository/branch.go
index 7fc99930776..f5cdb72a7bb 100644
--- a/services/repository/branch.go
+++ b/services/repository/branch.go
@@ -483,13 +483,12 @@ func DeleteBranch(ctx context.Context, doer *user_model.User, repo *repo_model.R
 	}
 
 	rawBranch, err := git_model.GetBranch(ctx, repo.ID, branchName)
-	if err != nil {
+	if err != nil && !git_model.IsErrBranchNotExist(err) {
 		return fmt.Errorf("GetBranch: %vc", err)
 	}
 
-	if rawBranch.IsDeleted {
-		return nil
-	}
+	// database branch record not exist or it's a deleted branch
+	notExist := git_model.IsErrBranchNotExist(err) || rawBranch.IsDeleted
 
 	commit, err := gitRepo.GetBranchCommit(branchName)
 	if err != nil {
@@ -497,8 +496,10 @@ func DeleteBranch(ctx context.Context, doer *user_model.User, repo *repo_model.R
 	}
 
 	if err := db.WithTx(ctx, func(ctx context.Context) error {
-		if err := git_model.AddDeletedBranch(ctx, repo.ID, branchName, doer.ID); err != nil {
-			return err
+		if !notExist {
+			if err := git_model.AddDeletedBranch(ctx, repo.ID, branchName, doer.ID); err != nil {
+				return err
+			}
 		}
 
 		return gitRepo.DeleteBranch(branchName, git.DeleteBranchOptions{

From 6fa962f409c84477a7a4cf35b4a38a4a93fc3224 Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Wed, 25 Sep 2024 03:34:08 +0900
Subject: [PATCH 115/129] Fix wrong status of `Set up Job` when first step is
 skipped (#32120)

Fix #32089
---
 modules/actions/task_state.go      | 51 ++++++++++++++++++------------
 modules/actions/task_state_test.go | 19 +++++++++++
 2 files changed, 49 insertions(+), 21 deletions(-)

diff --git a/modules/actions/task_state.go b/modules/actions/task_state.go
index 31a74be3fd3..1f36e021a59 100644
--- a/modules/actions/task_state.go
+++ b/modules/actions/task_state.go
@@ -18,8 +18,32 @@ func FullSteps(task *actions_model.ActionTask) []*actions_model.ActionTaskStep {
 		return fullStepsOfEmptySteps(task)
 	}
 
-	firstStep := task.Steps[0]
+	// firstStep is the first step that has run or running, not include preStep.
+	// For example,
+	// 1. preStep(Success) -> step1(Success) -> step2(Running) -> step3(Waiting) -> postStep(Waiting): firstStep is step1.
+	// 2. preStep(Success) -> step1(Skipped) -> step2(Success) -> postStep(Success): firstStep is step2.
+	// 3. preStep(Success) -> step1(Running) -> step2(Waiting) -> postStep(Waiting): firstStep is step1.
+	// 4. preStep(Success) -> step1(Skipped) -> step2(Skipped) -> postStep(Skipped): firstStep is nil.
+	// 5. preStep(Success) -> step1(Cancelled) -> step2(Cancelled) -> postStep(Cancelled): firstStep is nil.
+	var firstStep *actions_model.ActionTaskStep
+	// lastHasRunStep is the last step that has run.
+	// For example,
+	// 1. preStep(Success) -> step1(Success) -> step2(Running) -> step3(Waiting) -> postStep(Waiting): lastHasRunStep is step1.
+	// 2. preStep(Success) -> step1(Success) -> step2(Success) -> step3(Success) -> postStep(Success): lastHasRunStep is step3.
+	// 3. preStep(Success) -> step1(Success) -> step2(Failure) -> step3 -> postStep(Waiting): lastHasRunStep is step2.
+	// So its Stopped is the Started of postStep when there are no more steps to run.
+	var lastHasRunStep *actions_model.ActionTaskStep
+
 	var logIndex int64
+	for _, step := range task.Steps {
+		if firstStep == nil && (step.Status.HasRun() || step.Status.IsRunning()) {
+			firstStep = step
+		}
+		if step.Status.HasRun() {
+			lastHasRunStep = step
+		}
+		logIndex += step.LogLength
+	}
 
 	preStep := &actions_model.ActionTaskStep{
 		Name:      preStepName,
@@ -28,32 +52,17 @@ func FullSteps(task *actions_model.ActionTask) []*actions_model.ActionTaskStep {
 		Status:    actions_model.StatusRunning,
 	}
 
-	if firstStep.Status.HasRun() || firstStep.Status.IsRunning() {
+	// No step has run or is running, so preStep is equal to the task
+	if firstStep == nil {
+		preStep.Stopped = task.Stopped
+		preStep.Status = task.Status
+	} else {
 		preStep.LogLength = firstStep.LogIndex
 		preStep.Stopped = firstStep.Started
 		preStep.Status = actions_model.StatusSuccess
-	} else if task.Status.IsDone() {
-		preStep.Stopped = task.Stopped
-		preStep.Status = actions_model.StatusFailure
-		if task.Status.IsSkipped() {
-			preStep.Status = actions_model.StatusSkipped
-		}
 	}
 	logIndex += preStep.LogLength
 
-	// lastHasRunStep is the last step that has run.
-	// For example,
-	// 1. preStep(Success) -> step1(Success) -> step2(Running) -> step3(Waiting) -> postStep(Waiting): lastHasRunStep is step1.
-	// 2. preStep(Success) -> step1(Success) -> step2(Success) -> step3(Success) -> postStep(Success): lastHasRunStep is step3.
-	// 3. preStep(Success) -> step1(Success) -> step2(Failure) -> step3 -> postStep(Waiting): lastHasRunStep is step2.
-	// So its Stopped is the Started of postStep when there are no more steps to run.
-	var lastHasRunStep *actions_model.ActionTaskStep
-	for _, step := range task.Steps {
-		if step.Status.HasRun() {
-			lastHasRunStep = step
-		}
-		logIndex += step.LogLength
-	}
 	if lastHasRunStep == nil {
 		lastHasRunStep = preStep
 	}
diff --git a/modules/actions/task_state_test.go b/modules/actions/task_state_test.go
index 28213d781be..ff0fd571951 100644
--- a/modules/actions/task_state_test.go
+++ b/modules/actions/task_state_test.go
@@ -137,6 +137,25 @@ func TestFullSteps(t *testing.T) {
 				{Name: postStepName, Status: actions_model.StatusSkipped, LogIndex: 0, LogLength: 0, Started: 0, Stopped: 0},
 			},
 		},
+		{
+			name: "first step is skipped",
+			task: &actions_model.ActionTask{
+				Steps: []*actions_model.ActionTaskStep{
+					{Status: actions_model.StatusSkipped, LogIndex: 0, LogLength: 0, Started: 0, Stopped: 0},
+					{Status: actions_model.StatusSuccess, LogIndex: 10, LogLength: 80, Started: 10010, Stopped: 10090},
+				},
+				Status:    actions_model.StatusSuccess,
+				Started:   10000,
+				Stopped:   10100,
+				LogLength: 100,
+			},
+			want: []*actions_model.ActionTaskStep{
+				{Name: preStepName, Status: actions_model.StatusSuccess, LogIndex: 0, LogLength: 10, Started: 10000, Stopped: 10010},
+				{Status: actions_model.StatusSkipped, LogIndex: 0, LogLength: 0, Started: 0, Stopped: 0},
+				{Status: actions_model.StatusSuccess, LogIndex: 10, LogLength: 80, Started: 10010, Stopped: 10090},
+				{Name: postStepName, Status: actions_model.StatusSuccess, LogIndex: 90, LogLength: 10, Started: 10090, Stopped: 10100},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

From 3269b04d61ffe6a7ce462cd05ee150e4491124e8 Mon Sep 17 00:00:00 2001
From: charles <30816317+charles7668@users.noreply.github.com>
Date: Wed, 25 Sep 2024 03:06:52 +0800
Subject: [PATCH 116/129] Notify the user when the file path contains leading
 or trailing spaces and fix the error message for invalid file names. (#31507)

close #31478
---
 routers/web/repo/editor.go         |  2 +-
 web_src/js/features/repo-editor.ts | 49 +++++++++++++++++++++++++++---
 2 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/routers/web/repo/editor.go b/routers/web/repo/editor.go
index 4ff86b5a664..9396115b0d2 100644
--- a/routers/web/repo/editor.go
+++ b/routers/web/repo/editor.go
@@ -317,7 +317,7 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
 				case git.EntryModeBlob:
 					ctx.RenderWithErr(ctx.Tr("repo.editor.directory_is_a_file", fileErr.Path), tplEditFile, &form)
 				default:
-					ctx.Error(http.StatusInternalServerError, err.Error())
+					ctx.RenderWithErr(ctx.Tr("repo.editor.filename_is_invalid", fileErr.Path), tplEditFile, &form)
 				}
 			} else {
 				ctx.Error(http.StatusInternalServerError, err.Error())
diff --git a/web_src/js/features/repo-editor.ts b/web_src/js/features/repo-editor.ts
index dadbd802bc7..e4d179d3aea 100644
--- a/web_src/js/features/repo-editor.ts
+++ b/web_src/js/features/repo-editor.ts
@@ -75,24 +75,63 @@ export function initRepoEditor() {
   }
   filenameInput.addEventListener('input', function () {
     const parts = filenameInput.value.split('/');
+    const links = Array.from(document.querySelectorAll('.breadcrumb span.section'));
+    const dividers = Array.from(document.querySelectorAll('.breadcrumb .breadcrumb-divider'));
+    let warningDiv = document.querySelector('.ui.warning.message.flash-message.flash-warning.space-related');
+    let containSpace = false;
     if (parts.length > 1) {
       for (let i = 0; i < parts.length; ++i) {
         const value = parts[i];
+        const trimValue = value.trim();
+        if (trimValue === '..') {
+          // remove previous tree path
+          if (links.length > 0) {
+            const link = links.pop();
+            const divider = dividers.pop();
+            link.remove();
+            divider.remove();
+          }
+          continue;
+        }
         if (i < parts.length - 1) {
-          if (value.length) {
-            filenameInput.before(createElementFromHTML(
+          if (trimValue.length) {
+            const linkElement = createElementFromHTML(
               `<span class="section"><a href="#">${htmlEscape(value)}</a></span>`,
-            ));
-            filenameInput.before(createElementFromHTML(
+            );
+            const dividerElement = createElementFromHTML(
               `<div class="breadcrumb-divider">/</div>`,
-            ));
+            );
+            links.push(linkElement);
+            dividers.push(dividerElement);
+            filenameInput.before(linkElement);
+            filenameInput.before(dividerElement);
           }
         } else {
           filenameInput.value = value;
         }
         this.setSelectionRange(0, 0);
+        containSpace |= (trimValue !== value && trimValue !== '');
       }
     }
+    containSpace |= Array.from(links).some((link) => {
+      const value = link.querySelector('a').textContent;
+      return value.trim() !== value;
+    });
+    containSpace |= parts[parts.length - 1].trim() !== parts[parts.length - 1];
+    if (containSpace) {
+      if (!warningDiv) {
+        warningDiv = document.createElement('div');
+        warningDiv.classList.add('ui', 'warning', 'message', 'flash-message', 'flash-warning', 'space-related');
+        warningDiv.innerHTML = '<p>File path contains leading or trailing whitespace.</p>';
+        // Add display 'block' because display is set to 'none' in formantic\build\semantic.css
+        warningDiv.style.display = 'block';
+        const inputContainer = document.querySelector('.repo-editor-header');
+        inputContainer.insertAdjacentElement('beforebegin', warningDiv);
+      }
+      showElem(warningDiv);
+    } else if (warningDiv) {
+      hideElem(warningDiv);
+    }
     joinTreePath();
   });
   filenameInput.addEventListener('keydown', function (e) {

From 3f9e3601425c31b4c601de6724662936fdd3f12d Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 26 Sep 2024 12:50:30 +0800
Subject: [PATCH 117/129] Don't join repository when loading action table data
 (#32127)

---
 models/activities/action.go      | 16 ++++------------
 models/activities/action_test.go |  6 ++++--
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/models/activities/action.go b/models/activities/action.go
index 532667d4957..9b4ffd7725c 100644
--- a/models/activities/action.go
+++ b/models/activities/action.go
@@ -452,13 +452,10 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 
 	actions := make([]*Action, 0, opts.PageSize)
 	var count int64
+	opts.SetDefaultValues()
 
 	if opts.Page < 10 { // TODO: why it's 10 but other values? It's an experience value.
-		sess := db.GetEngine(ctx).Where(cond).
-			Select("`action`.*"). // this line will avoid select other joined table's columns
-			Join("INNER", "repository", "`repository`.id = `action`.repo_id")
-
-		opts.SetDefaultValues()
+		sess := db.GetEngine(ctx).Where(cond)
 		sess = db.SetSessionPagination(sess, &opts)
 
 		count, err = sess.Desc("`action`.created_unix").FindAndCount(&actions)
@@ -467,11 +464,7 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 		}
 	} else {
 		// First, only query which IDs are necessary, and only then query all actions to speed up the overall query
-		sess := db.GetEngine(ctx).Where(cond).
-			Select("`action`.id").
-			Join("INNER", "repository", "`repository`.id = `action`.repo_id")
-
-		opts.SetDefaultValues()
+		sess := db.GetEngine(ctx).Where(cond).Select("`action`.id")
 		sess = db.SetSessionPagination(sess, &opts)
 
 		actionIDs := make([]int64, 0, opts.PageSize)
@@ -481,8 +474,7 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 
 		count, err = db.GetEngine(ctx).Where(cond).
 			Table("action").
-			Cols("`action`.id").
-			Join("INNER", "repository", "`repository`.id = `action`.repo_id").Count()
+			Cols("`action`.id").Count()
 		if err != nil {
 			return nil, 0, fmt.Errorf("Count: %w", err)
 		}
diff --git a/models/activities/action_test.go b/models/activities/action_test.go
index 36a38c78639..e5dee33ae02 100644
--- a/models/activities/action_test.go
+++ b/models/activities/action_test.go
@@ -228,6 +228,8 @@ func TestNotifyWatchers(t *testing.T) {
 }
 
 func TestGetFeedsCorrupted(t *testing.T) {
+	// Now we will not check for corrupted data in the feeds
+	// users should run doctor to fix their data
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 	unittest.AssertExistsAndLoadBean(t, &activities_model.Action{
@@ -241,8 +243,8 @@ func TestGetFeedsCorrupted(t *testing.T) {
 		IncludePrivate: true,
 	})
 	assert.NoError(t, err)
-	assert.Len(t, actions, 0)
-	assert.Equal(t, int64(0), count)
+	assert.Len(t, actions, 1)
+	assert.Equal(t, int64(1), count)
 }
 
 func TestConsistencyUpdateAction(t *testing.T) {

From fdb1df9eca2f7adabf08883042325af26c3fd509 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Fri, 27 Sep 2024 00:31:00 +0000
Subject: [PATCH 118/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_pt-PT.ini | 1 +
 1 file changed, 1 insertion(+)

diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 199c4add084..e423832e9ee 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1926,6 +1926,7 @@ pulls.delete.text=Tem a certeza que quer eliminar este pedido de integração? I
 pulls.recently_pushed_new_branches=Enviou para o ramo <strong>%[1]s</strong> %[2]s
 
 pull.deleted_branch=(eliminado):%s
+pull.agit_documentation=Rever a documentação sobre o AGit
 
 comments.edit.already_changed=Não foi possível guardar as modificações do comentário. O conteúdo parece ter sido modificado por outro utilizador, entretanto. Refresque a página e tente editar de novo para evitar sobrepor as modificações dele.
 

From 8a9fd7f771f4f694594a0652e95ddda2b7479b3e Mon Sep 17 00:00:00 2001
From: ConcurrentCrab <102517200+ConcurrentCrab@users.noreply.github.com>
Date: Fri, 27 Sep 2024 19:57:37 +0530
Subject: [PATCH 119/129] Add pure SSH LFS support (#31516)

Fixes #17554
/claim #17554

Docs PR https://gitea.com/gitea/docs/pulls/49

To test, run pushes like: `GIT_TRACE=1` git push. The trace output
should mention "pure SSH connection".
---
 assets/go-licenses.json                |  10 +
 cmd/serv.go                            | 129 +++++++----
 custom/conf/app.example.ini            |   2 +
 go.mod                                 |   4 +
 go.sum                                 |   4 +
 modules/lfstransfer/backend/backend.go | 301 +++++++++++++++++++++++++
 modules/lfstransfer/backend/lock.go    | 296 ++++++++++++++++++++++++
 modules/lfstransfer/backend/util.go    | 141 ++++++++++++
 modules/lfstransfer/logger.go          |  21 ++
 modules/lfstransfer/main.go            |  42 ++++
 modules/setting/lfs.go                 |   1 +
 routers/private/internal.go            |  30 +++
 routers/private/serv.go                |  17 +-
 13 files changed, 945 insertions(+), 53 deletions(-)
 create mode 100644 modules/lfstransfer/backend/backend.go
 create mode 100644 modules/lfstransfer/backend/lock.go
 create mode 100644 modules/lfstransfer/backend/util.go
 create mode 100644 modules/lfstransfer/logger.go
 create mode 100644 modules/lfstransfer/main.go

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 0181fd68ae7..62e63f271a8 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -344,6 +344,11 @@
     "path": "github.com/cespare/xxhash/v2/LICENSE.txt",
     "licenseText": "Copyright (c) 2016 Caleb Spare\n\nMIT License\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE\nLIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\nOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\nWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
   },
+  {
+    "name": "github.com/charmbracelet/git-lfs-transfer/transfer",
+    "path": "github.com/charmbracelet/git-lfs-transfer/transfer/LICENSE",
+    "licenseText": "MIT License\n\nCopyright (c) 2022-2023 Charmbracelet, Inc\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
+  },
   {
     "name": "github.com/chi-middleware/proxy",
     "path": "github.com/chi-middleware/proxy/LICENSE",
@@ -464,6 +469,11 @@
     "path": "github.com/fxamacker/cbor/v2/LICENSE",
     "licenseText": "MIT License\n\nCopyright (c) 2019-present Faye Amacker\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE."
   },
+  {
+    "name": "github.com/git-lfs/pktline",
+    "path": "github.com/git-lfs/pktline/LICENSE.md",
+    "licenseText": "MIT License\n\nCopyright (c) 2014- GitHub, Inc. and Git LFS contributors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\nNote that Git LFS uses components from other Go modules (included in `vendor/`)\nwhich are under different licenses.  See those LICENSE files for details.\n"
+  },
   {
     "name": "github.com/gliderlabs/ssh",
     "path": "github.com/gliderlabs/ssh/LICENSE",
diff --git a/cmd/serv.go b/cmd/serv.go
index f74a8fd3d07..2d2df8aa23b 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -20,8 +20,10 @@ import (
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/perm"
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/lfstransfer"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/pprof"
 	"code.gitea.io/gitea/modules/private"
@@ -36,7 +38,11 @@ import (
 )
 
 const (
-	lfsAuthenticateVerb = "git-lfs-authenticate"
+	verbUploadPack      = "git-upload-pack"
+	verbUploadArchive   = "git-upload-archive"
+	verbReceivePack     = "git-receive-pack"
+	verbLfsAuthenticate = "git-lfs-authenticate"
+	verbLfsTransfer     = "git-lfs-transfer"
 )
 
 // CmdServ represents the available serv sub-command.
@@ -73,12 +79,18 @@ func setup(ctx context.Context, debug bool) {
 }
 
 var (
-	allowedCommands = map[string]perm.AccessMode{
-		"git-upload-pack":    perm.AccessModeRead,
-		"git-upload-archive": perm.AccessModeRead,
-		"git-receive-pack":   perm.AccessModeWrite,
-		lfsAuthenticateVerb:  perm.AccessModeNone,
-	}
+	// keep getAccessMode() in sync
+	allowedCommands = container.SetOf(
+		verbUploadPack,
+		verbUploadArchive,
+		verbReceivePack,
+		verbLfsAuthenticate,
+		verbLfsTransfer,
+	)
+	allowedCommandsLfs = container.SetOf(
+		verbLfsAuthenticate,
+		verbLfsTransfer,
+	)
 	alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
 )
 
@@ -124,6 +136,45 @@ func handleCliResponseExtra(extra private.ResponseExtra) error {
 	return nil
 }
 
+func getAccessMode(verb, lfsVerb string) perm.AccessMode {
+	switch verb {
+	case verbUploadPack, verbUploadArchive:
+		return perm.AccessModeRead
+	case verbReceivePack:
+		return perm.AccessModeWrite
+	case verbLfsAuthenticate, verbLfsTransfer:
+		switch lfsVerb {
+		case "upload":
+			return perm.AccessModeWrite
+		case "download":
+			return perm.AccessModeRead
+		}
+	}
+	// should be unreachable
+	return perm.AccessModeNone
+}
+
+func getLFSAuthToken(ctx context.Context, lfsVerb string, results *private.ServCommandResults) (string, error) {
+	now := time.Now()
+	claims := lfs.Claims{
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(now.Add(setting.LFS.HTTPAuthExpiry)),
+			NotBefore: jwt.NewNumericDate(now),
+		},
+		RepoID: results.RepoID,
+		Op:     lfsVerb,
+		UserID: results.UserID,
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+
+	// Sign and get the complete encoded token as a string using the secret
+	tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
+	if err != nil {
+		return "", fail(ctx, "Failed to sign JWT Token", "Failed to sign JWT token: %v", err)
+	}
+	return fmt.Sprintf("Bearer %s", tokenString), nil
+}
+
 func runServ(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@@ -198,15 +249,6 @@ func runServ(c *cli.Context) error {
 	repoPath := strings.TrimPrefix(words[1], "/")
 
 	var lfsVerb string
-	if verb == lfsAuthenticateVerb {
-		if !setting.LFS.StartServer {
-			return fail(ctx, "Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
-		}
-
-		if len(words) > 2 {
-			lfsVerb = words[2]
-		}
-	}
 
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
@@ -243,53 +285,52 @@ func runServ(c *cli.Context) error {
 		}()
 	}
 
-	requestedMode, has := allowedCommands[verb]
-	if !has {
+	if allowedCommands.Contains(verb) {
+		if allowedCommandsLfs.Contains(verb) {
+			if !setting.LFS.StartServer {
+				return fail(ctx, "Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
+			}
+			if verb == verbLfsTransfer && !setting.LFS.AllowPureSSH {
+				return fail(ctx, "Unknown git command", "LFS SSH transfer connection denied, pure SSH protocol is disabled")
+			}
+			if len(words) > 2 {
+				lfsVerb = words[2]
+			}
+		}
+	} else {
 		return fail(ctx, "Unknown git command", "Unknown git command %s", verb)
 	}
 
-	if verb == lfsAuthenticateVerb {
-		if lfsVerb == "upload" {
-			requestedMode = perm.AccessModeWrite
-		} else if lfsVerb == "download" {
-			requestedMode = perm.AccessModeRead
-		} else {
-			return fail(ctx, "Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
-		}
-	}
+	requestedMode := getAccessMode(verb, lfsVerb)
 
 	results, extra := private.ServCommand(ctx, keyID, username, reponame, requestedMode, verb, lfsVerb)
 	if extra.HasError() {
 		return fail(ctx, extra.UserMsg, "ServCommand failed: %s", extra.Error)
 	}
 
+	// LFS SSH protocol
+	if verb == verbLfsTransfer {
+		token, err := getLFSAuthToken(ctx, lfsVerb, results)
+		if err != nil {
+			return err
+		}
+		return lfstransfer.Main(ctx, repoPath, lfsVerb, token)
+	}
+
 	// LFS token authentication
-	if verb == lfsAuthenticateVerb {
+	if verb == verbLfsAuthenticate {
 		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, url.PathEscape(results.OwnerName), url.PathEscape(results.RepoName))
 
-		now := time.Now()
-		claims := lfs.Claims{
-			RegisteredClaims: jwt.RegisteredClaims{
-				ExpiresAt: jwt.NewNumericDate(now.Add(setting.LFS.HTTPAuthExpiry)),
-				NotBefore: jwt.NewNumericDate(now),
-			},
-			RepoID: results.RepoID,
-			Op:     lfsVerb,
-			UserID: results.UserID,
-		}
-		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-
-		// Sign and get the complete encoded token as a string using the secret
-		tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
+		token, err := getLFSAuthToken(ctx, lfsVerb, results)
 		if err != nil {
-			return fail(ctx, "Failed to sign JWT Token", "Failed to sign JWT token: %v", err)
+			return err
 		}
 
 		tokenAuthentication := &git_model.LFSTokenResponse{
 			Header: make(map[string]string),
 			Href:   url,
 		}
-		tokenAuthentication.Header["Authorization"] = fmt.Sprintf("Bearer %s", tokenString)
+		tokenAuthentication.Header["Authorization"] = token
 
 		enc := json.NewEncoder(os.Stdout)
 		err = enc.Encode(tokenAuthentication)
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index ad5d3e1abae..69d541ff8d4 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -306,6 +306,8 @@ RUN_USER = ; git
 ;; Enables git-lfs support. true or false, default is false.
 ;LFS_START_SERVER = false
 ;;
+;; Enables git-lfs SSH protocol support. true or false, default is false.
+;LFS_ALLOW_PURE_SSH = false
 ;;
 ;; LFS authentication secret, change this yourself
 ;LFS_JWT_SECRET =
diff --git a/go.mod b/go.mod
index dd36f639860..3b89e5cee8b 100644
--- a/go.mod
+++ b/go.mod
@@ -35,6 +35,7 @@ require (
 	github.com/blevesearch/bleve/v2 v2.4.2
 	github.com/buildkite/terminal-to-html/v3 v3.12.1
 	github.com/caddyserver/certmagic v0.21.3
+	github.com/charmbracelet/git-lfs-transfer v0.2.0
 	github.com/chi-middleware/proxy v1.1.1
 	github.com/dimiro1/reply v0.0.0-20200315094148-d0136a4c9e21
 	github.com/djherbis/buffer v1.2.0
@@ -197,6 +198,7 @@ require (
 	github.com/fatih/color v1.17.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
+	github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1 // indirect
 	github.com/go-ap/errors v0.0.0-20240304112515-6077fa9c17b0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
@@ -329,6 +331,8 @@ replace github.com/shurcooL/vfsgen => github.com/lunny/vfsgen v0.0.0-20220105142
 
 replace github.com/nektos/act => gitea.com/gitea/act v0.259.1
 
+replace github.com/charmbracelet/git-lfs-transfer => gitea.com/gitea/git-lfs-transfer v0.2.0
+
 // TODO: This could be removed after https://github.com/mholt/archiver/pull/396 merged
 replace github.com/mholt/archiver/v3 => github.com/anchore/archiver/v3 v3.5.2
 
diff --git a/go.sum b/go.sum
index 690e1301b76..9a089e0f74e 100644
--- a/go.sum
+++ b/go.sum
@@ -18,6 +18,8 @@ git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 h1:cliQ4H
 git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078/go.mod h1:g/V2Hjas6Z1UHUp4yIx6bATpNzJ7DYtD0FG3+xARWxs=
 gitea.com/gitea/act v0.259.1 h1:8GG1o/xtUHl3qjn5f0h/2FXrT5ubBn05TJOM5ry+FBw=
 gitea.com/gitea/act v0.259.1/go.mod h1:UxZWRYqQG2Yj4+4OqfGWW5a3HELwejyWFQyU7F1jUD8=
+gitea.com/gitea/git-lfs-transfer v0.2.0 h1:baHaNoBSRaeq/xKayEXwiDQtlIjps4Ac/Ll4KqLMB40=
+gitea.com/gitea/git-lfs-transfer v0.2.0/go.mod h1:UrXUCm3xLQkq15fu7qlXHUMlrhdlXHoi13KH2Dfiits=
 gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed h1:EZZBtilMLSZNWtHHcgq2mt6NSGhJSZBuduAlinMEmso=
 gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed/go.mod h1:E3i3cgB04dDx0v3CytCgRTTn9Z/9x891aet3r456RVw=
 gitea.com/go-chi/cache v0.2.1 h1:bfAPkvXlbcZxPCpcmDVCWoHgiBSBmZN/QosnZvEC0+g=
@@ -291,6 +293,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fxamacker/cbor/v2 v2.6.0 h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=
 github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1 h1:mtDjlmloH7ytdblogrMz1/8Hqua1y8B4ID+bh3rvod0=
+github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1/go.mod h1:fenKRzpXDjNpsIBhuhUzvjCKlDjKam0boRAenTE0Q6A=
 github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
 github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 github.com/glycerine/go-unsnap-stream v0.0.0-20181221182339-f9677308dec2/go.mod h1:/20jfyN9Y5QPEAprSgKAUr+glWDY39ZiUEAYOEv5dsE=
diff --git a/modules/lfstransfer/backend/backend.go b/modules/lfstransfer/backend/backend.go
new file mode 100644
index 00000000000..d4523e1abfa
--- /dev/null
+++ b/modules/lfstransfer/backend/backend.go
@@ -0,0 +1,301 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package backend
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/lfs"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/charmbracelet/git-lfs-transfer/transfer"
+)
+
+// Version is the git-lfs-transfer protocol version number.
+const Version = "1"
+
+// Capabilities is a list of Git LFS capabilities supported by this package.
+var Capabilities = []string{
+	"version=" + Version,
+	"locking",
+}
+
+var _ transfer.Backend = &GiteaBackend{}
+
+// GiteaBackend is an adapter between git-lfs-transfer library and Gitea's internal LFS API
+type GiteaBackend struct {
+	ctx    context.Context
+	server *url.URL
+	op     string
+	token  string
+	itoken string
+	logger transfer.Logger
+}
+
+func New(ctx context.Context, repo, op, token string, logger transfer.Logger) (transfer.Backend, error) {
+	// runServ guarantees repo will be in form [owner]/[name].git
+	server, err := url.Parse(setting.LocalURL)
+	if err != nil {
+		return nil, err
+	}
+	server = server.JoinPath("api/internal/repo", repo, "info/lfs")
+	return &GiteaBackend{ctx: ctx, server: server, op: op, token: token, itoken: fmt.Sprintf("Bearer %s", setting.InternalToken), logger: logger}, nil
+}
+
+// Batch implements transfer.Backend
+func (g *GiteaBackend) Batch(_ string, pointers []transfer.BatchItem, args transfer.Args) ([]transfer.BatchItem, error) {
+	reqBody := lfs.BatchRequest{Operation: g.op}
+	if transfer, ok := args[argTransfer]; ok {
+		reqBody.Transfers = []string{transfer}
+	}
+	if ref, ok := args[argRefname]; ok {
+		reqBody.Ref = &lfs.Reference{Name: ref}
+	}
+	reqBody.Objects = make([]lfs.Pointer, len(pointers))
+	for i := range pointers {
+		reqBody.Objects[i].Oid = pointers[i].Oid
+		reqBody.Objects[i].Size = pointers[i].Size
+	}
+
+	bodyBytes, err := json.Marshal(reqBody)
+	if err != nil {
+		g.logger.Log("json marshal error", err)
+		return nil, err
+	}
+	url := g.server.JoinPath("objects/batch").String()
+	headers := map[string]string{
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
+		headerAccept:        mimeGitLFS,
+		headerContentType:   mimeGitLFS,
+	}
+	req := newInternalRequest(g.ctx, url, http.MethodPost, headers, bodyBytes)
+	resp, err := req.Response()
+	if err != nil {
+		g.logger.Log("http request error", err)
+		return nil, err
+	}
+	if resp.StatusCode != http.StatusOK {
+		g.logger.Log("http statuscode error", resp.StatusCode, statusCodeToErr(resp.StatusCode))
+		return nil, statusCodeToErr(resp.StatusCode)
+	}
+	defer resp.Body.Close()
+	respBytes, err := io.ReadAll(resp.Body)
+	if err != nil {
+		g.logger.Log("http read error", err)
+		return nil, err
+	}
+	var respBody lfs.BatchResponse
+	err = json.Unmarshal(respBytes, &respBody)
+	if err != nil {
+		g.logger.Log("json umarshal error", err)
+		return nil, err
+	}
+
+	// rebuild slice, we can't rely on order in resp being the same as req
+	pointers = pointers[:0]
+	opNum := opMap[g.op]
+	for _, obj := range respBody.Objects {
+		pointer := transfer.Pointer{Oid: obj.Pointer.Oid, Size: obj.Pointer.Size}
+		item := transfer.BatchItem{Pointer: pointer, Args: map[string]string{}}
+		switch opNum {
+		case opDownload:
+			if action, ok := obj.Actions[actionDownload]; ok {
+				item.Present = true
+				idMap := obj.Actions
+				idMapBytes, err := json.Marshal(idMap)
+				if err != nil {
+					g.logger.Log("json marshal error", err)
+					return nil, err
+				}
+				idMapStr := base64.StdEncoding.EncodeToString(idMapBytes)
+				item.Args[argID] = idMapStr
+				if authHeader, ok := action.Header[headerAuthorisation]; ok {
+					authHeaderB64 := base64.StdEncoding.EncodeToString([]byte(authHeader))
+					item.Args[argToken] = authHeaderB64
+				}
+				if action.ExpiresAt != nil {
+					item.Args[argExpiresAt] = action.ExpiresAt.String()
+				}
+			} else {
+				// must be an error, but the SSH protocol can't propagate individual errors
+				g.logger.Log("object not found", obj.Pointer.Oid, obj.Pointer.Size)
+				item.Present = false
+			}
+		case opUpload:
+			if action, ok := obj.Actions[actionUpload]; ok {
+				item.Present = false
+				idMap := obj.Actions
+				idMapBytes, err := json.Marshal(idMap)
+				if err != nil {
+					g.logger.Log("json marshal error", err)
+					return nil, err
+				}
+				idMapStr := base64.StdEncoding.EncodeToString(idMapBytes)
+				item.Args[argID] = idMapStr
+				if authHeader, ok := action.Header[headerAuthorisation]; ok {
+					authHeaderB64 := base64.StdEncoding.EncodeToString([]byte(authHeader))
+					item.Args[argToken] = authHeaderB64
+				}
+				if action.ExpiresAt != nil {
+					item.Args[argExpiresAt] = action.ExpiresAt.String()
+				}
+			} else {
+				item.Present = true
+			}
+		}
+		pointers = append(pointers, item)
+	}
+	return pointers, nil
+}
+
+// Download implements transfer.Backend. The returned reader must be closed by the
+// caller.
+func (g *GiteaBackend) Download(oid string, args transfer.Args) (io.ReadCloser, int64, error) {
+	idMapStr, exists := args[argID]
+	if !exists {
+		return nil, 0, ErrMissingID
+	}
+	idMapBytes, err := base64.StdEncoding.DecodeString(idMapStr)
+	if err != nil {
+		g.logger.Log("base64 decode error", err)
+		return nil, 0, transfer.ErrCorruptData
+	}
+	idMap := map[string]*lfs.Link{}
+	err = json.Unmarshal(idMapBytes, &idMap)
+	if err != nil {
+		g.logger.Log("json unmarshal error", err)
+		return nil, 0, transfer.ErrCorruptData
+	}
+	action, exists := idMap[actionDownload]
+	if !exists {
+		g.logger.Log("argument id incorrect")
+		return nil, 0, transfer.ErrCorruptData
+	}
+	url := action.Href
+	headers := map[string]string{
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
+		headerAccept:        mimeOctetStream,
+	}
+	req := newInternalRequest(g.ctx, url, http.MethodGet, headers, nil)
+	resp, err := req.Response()
+	if err != nil {
+		return nil, 0, err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return nil, 0, statusCodeToErr(resp.StatusCode)
+	}
+	defer resp.Body.Close()
+	respBytes, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, 0, err
+	}
+	respSize := int64(len(respBytes))
+	respBuf := io.NopCloser(bytes.NewBuffer(respBytes))
+	return respBuf, respSize, nil
+}
+
+// StartUpload implements transfer.Backend.
+func (g *GiteaBackend) Upload(oid string, size int64, r io.Reader, args transfer.Args) error {
+	idMapStr, exists := args[argID]
+	if !exists {
+		return ErrMissingID
+	}
+	idMapBytes, err := base64.StdEncoding.DecodeString(idMapStr)
+	if err != nil {
+		g.logger.Log("base64 decode error", err)
+		return transfer.ErrCorruptData
+	}
+	idMap := map[string]*lfs.Link{}
+	err = json.Unmarshal(idMapBytes, &idMap)
+	if err != nil {
+		g.logger.Log("json unmarshal error", err)
+		return transfer.ErrCorruptData
+	}
+	action, exists := idMap[actionUpload]
+	if !exists {
+		g.logger.Log("argument id incorrect")
+		return transfer.ErrCorruptData
+	}
+	url := action.Href
+	headers := map[string]string{
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
+		headerContentType:   mimeOctetStream,
+		headerContentLength: strconv.FormatInt(size, 10),
+	}
+	reqBytes, err := io.ReadAll(r)
+	if err != nil {
+		return err
+	}
+	req := newInternalRequest(g.ctx, url, http.MethodPut, headers, reqBytes)
+	resp, err := req.Response()
+	if err != nil {
+		return err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return statusCodeToErr(resp.StatusCode)
+	}
+	return nil
+}
+
+// Verify implements transfer.Backend.
+func (g *GiteaBackend) Verify(oid string, size int64, args transfer.Args) (transfer.Status, error) {
+	reqBody := lfs.Pointer{Oid: oid, Size: size}
+
+	bodyBytes, err := json.Marshal(reqBody)
+	if err != nil {
+		return transfer.NewStatus(transfer.StatusInternalServerError), err
+	}
+	idMapStr, exists := args[argID]
+	if !exists {
+		return transfer.NewStatus(transfer.StatusBadRequest, "missing argument: id"), ErrMissingID
+	}
+	idMapBytes, err := base64.StdEncoding.DecodeString(idMapStr)
+	if err != nil {
+		g.logger.Log("base64 decode error", err)
+		return transfer.NewStatus(transfer.StatusBadRequest, "corrupt argument: id"), transfer.ErrCorruptData
+	}
+	idMap := map[string]*lfs.Link{}
+	err = json.Unmarshal(idMapBytes, &idMap)
+	if err != nil {
+		g.logger.Log("json unmarshal error", err)
+		return transfer.NewStatus(transfer.StatusBadRequest, "corrupt argument: id"), transfer.ErrCorruptData
+	}
+	action, exists := idMap[actionVerify]
+	if !exists {
+		// the server sent no verify action
+		return transfer.SuccessStatus(), nil
+	}
+	url := action.Href
+	headers := map[string]string{
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
+		headerAccept:        mimeGitLFS,
+		headerContentType:   mimeGitLFS,
+	}
+	req := newInternalRequest(g.ctx, url, http.MethodPost, headers, bodyBytes)
+	resp, err := req.Response()
+	if err != nil {
+		return transfer.NewStatus(transfer.StatusInternalServerError), err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return transfer.NewStatus(uint32(resp.StatusCode), http.StatusText(resp.StatusCode)), statusCodeToErr(resp.StatusCode)
+	}
+	return transfer.SuccessStatus(), nil
+}
+
+// LockBackend implements transfer.Backend.
+func (g *GiteaBackend) LockBackend(_ transfer.Args) transfer.LockBackend {
+	return newGiteaLockBackend(g)
+}
diff --git a/modules/lfstransfer/backend/lock.go b/modules/lfstransfer/backend/lock.go
new file mode 100644
index 00000000000..f72ffd5b6f9
--- /dev/null
+++ b/modules/lfstransfer/backend/lock.go
@@ -0,0 +1,296 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package backend
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+
+	"code.gitea.io/gitea/modules/json"
+	lfslock "code.gitea.io/gitea/modules/structs"
+
+	"github.com/charmbracelet/git-lfs-transfer/transfer"
+)
+
+var _ transfer.LockBackend = &giteaLockBackend{}
+
+type giteaLockBackend struct {
+	ctx    context.Context
+	g      *GiteaBackend
+	server *url.URL
+	token  string
+	itoken string
+	logger transfer.Logger
+}
+
+func newGiteaLockBackend(g *GiteaBackend) transfer.LockBackend {
+	server := g.server.JoinPath("locks")
+	return &giteaLockBackend{ctx: g.ctx, g: g, server: server, token: g.token, itoken: g.itoken, logger: g.logger}
+}
+
+// Create implements transfer.LockBackend
+func (g *giteaLockBackend) Create(path, refname string) (transfer.Lock, error) {
+	reqBody := lfslock.LFSLockRequest{Path: path}
+
+	bodyBytes, err := json.Marshal(reqBody)
+	if err != nil {
+		g.logger.Log("json marshal error", err)
+		return nil, err
+	}
+	url := g.server.String()
+	headers := map[string]string{
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
+		headerAccept:        mimeGitLFS,
+		headerContentType:   mimeGitLFS,
+	}
+	req := newInternalRequest(g.ctx, url, http.MethodPost, headers, bodyBytes)
+	resp, err := req.Response()
+	if err != nil {
+		g.logger.Log("http request error", err)
+		return nil, err
+	}
+	defer resp.Body.Close()
+	respBytes, err := io.ReadAll(resp.Body)
+	if err != nil {
+		g.logger.Log("http read error", err)
+		return nil, err
+	}
+	if resp.StatusCode != http.StatusCreated {
+		g.logger.Log("http statuscode error", resp.StatusCode, statusCodeToErr(resp.StatusCode))
+		return nil, statusCodeToErr(resp.StatusCode)
+	}
+	var respBody lfslock.LFSLockResponse
+	err = json.Unmarshal(respBytes, &respBody)
+	if err != nil {
+		g.logger.Log("json umarshal error", err)
+		return nil, err
+	}
+
+	if respBody.Lock == nil {
+		g.logger.Log("api returned nil lock")
+		return nil, fmt.Errorf("api returned nil lock")
+	}
+	respLock := respBody.Lock
+	owner := userUnknown
+	if respLock.Owner != nil {
+		owner = respLock.Owner.Name
+	}
+	lock := newGiteaLock(g, respLock.ID, respLock.Path, respLock.LockedAt, owner)
+	return lock, nil
+}
+
+// Unlock implements transfer.LockBackend
+func (g *giteaLockBackend) Unlock(lock transfer.Lock) error {
+	reqBody := lfslock.LFSLockDeleteRequest{}
+
+	bodyBytes, err := json.Marshal(reqBody)
+	if err != nil {
+		g.logger.Log("json marshal error", err)
+		return err
+	}
+	url := g.server.JoinPath(lock.ID(), "unlock").String()
+	headers := map[string]string{
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
+		headerAccept:        mimeGitLFS,
+		headerContentType:   mimeGitLFS,
+	}
+	req := newInternalRequest(g.ctx, url, http.MethodPost, headers, bodyBytes)
+	resp, err := req.Response()
+	if err != nil {
+		g.logger.Log("http request error", err)
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		g.logger.Log("http statuscode error", resp.StatusCode, statusCodeToErr(resp.StatusCode))
+		return statusCodeToErr(resp.StatusCode)
+	}
+	// no need to read response
+
+	return nil
+}
+
+// FromPath implements transfer.LockBackend
+func (g *giteaLockBackend) FromPath(path string) (transfer.Lock, error) {
+	v := url.Values{
+		argPath: []string{path},
+	}
+
+	respLocks, _, err := g.queryLocks(v)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(respLocks) == 0 {
+		return nil, transfer.ErrNotFound
+	}
+	return respLocks[0], nil
+}
+
+// FromID implements transfer.LockBackend
+func (g *giteaLockBackend) FromID(id string) (transfer.Lock, error) {
+	v := url.Values{
+		argID: []string{id},
+	}
+
+	respLocks, _, err := g.queryLocks(v)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(respLocks) == 0 {
+		return nil, transfer.ErrNotFound
+	}
+	return respLocks[0], nil
+}
+
+// Range implements transfer.LockBackend
+func (g *giteaLockBackend) Range(cursor string, limit int, iter func(transfer.Lock) error) (string, error) {
+	v := url.Values{
+		argLimit: []string{strconv.FormatInt(int64(limit), 10)},
+	}
+	if cursor != "" {
+		v[argCursor] = []string{cursor}
+	}
+
+	respLocks, cursor, err := g.queryLocks(v)
+	if err != nil {
+		return "", err
+	}
+
+	for _, lock := range respLocks {
+		err := iter(lock)
+		if err != nil {
+			return "", err
+		}
+	}
+	return cursor, nil
+}
+
+func (g *giteaLockBackend) queryLocks(v url.Values) ([]transfer.Lock, string, error) {
+	urlq := g.server.JoinPath() // get a copy
+	urlq.RawQuery = v.Encode()
+	url := urlq.String()
+	headers := map[string]string{
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
+		headerAccept:        mimeGitLFS,
+		headerContentType:   mimeGitLFS,
+	}
+	req := newInternalRequest(g.ctx, url, http.MethodGet, headers, nil)
+	resp, err := req.Response()
+	if err != nil {
+		g.logger.Log("http request error", err)
+		return nil, "", err
+	}
+	defer resp.Body.Close()
+	respBytes, err := io.ReadAll(resp.Body)
+	if err != nil {
+		g.logger.Log("http read error", err)
+		return nil, "", err
+	}
+	if resp.StatusCode != http.StatusOK {
+		g.logger.Log("http statuscode error", resp.StatusCode, statusCodeToErr(resp.StatusCode))
+		return nil, "", statusCodeToErr(resp.StatusCode)
+	}
+	var respBody lfslock.LFSLockList
+	err = json.Unmarshal(respBytes, &respBody)
+	if err != nil {
+		g.logger.Log("json umarshal error", err)
+		return nil, "", err
+	}
+
+	respLocks := make([]transfer.Lock, 0, len(respBody.Locks))
+	for _, respLock := range respBody.Locks {
+		owner := userUnknown
+		if respLock.Owner != nil {
+			owner = respLock.Owner.Name
+		}
+		lock := newGiteaLock(g, respLock.ID, respLock.Path, respLock.LockedAt, owner)
+		respLocks = append(respLocks, lock)
+	}
+	return respLocks, respBody.Next, nil
+}
+
+var _ transfer.Lock = &giteaLock{}
+
+type giteaLock struct {
+	g        *giteaLockBackend
+	id       string
+	path     string
+	lockedAt time.Time
+	owner    string
+}
+
+func newGiteaLock(g *giteaLockBackend, id, path string, lockedAt time.Time, owner string) transfer.Lock {
+	return &giteaLock{g: g, id: id, path: path, lockedAt: lockedAt, owner: owner}
+}
+
+// Unlock implements transfer.Lock
+func (g *giteaLock) Unlock() error {
+	return g.g.Unlock(g)
+}
+
+// ID implements transfer.Lock
+func (g *giteaLock) ID() string {
+	return g.id
+}
+
+// Path implements transfer.Lock
+func (g *giteaLock) Path() string {
+	return g.path
+}
+
+// FormattedTimestamp implements transfer.Lock
+func (g *giteaLock) FormattedTimestamp() string {
+	return g.lockedAt.UTC().Format(time.RFC3339)
+}
+
+// OwnerName implements transfer.Lock
+func (g *giteaLock) OwnerName() string {
+	return g.owner
+}
+
+func (g *giteaLock) CurrentUser() (string, error) {
+	return userSelf, nil
+}
+
+// AsLockSpec implements transfer.Lock
+func (g *giteaLock) AsLockSpec(ownerID bool) ([]string, error) {
+	msgs := []string{
+		fmt.Sprintf("lock %s", g.ID()),
+		fmt.Sprintf("path %s %s", g.ID(), g.Path()),
+		fmt.Sprintf("locked-at %s %s", g.ID(), g.FormattedTimestamp()),
+		fmt.Sprintf("ownername %s %s", g.ID(), g.OwnerName()),
+	}
+	if ownerID {
+		user, err := g.CurrentUser()
+		if err != nil {
+			return nil, fmt.Errorf("error getting current user: %w", err)
+		}
+		who := "theirs"
+		if user == g.OwnerName() {
+			who = "ours"
+		}
+		msgs = append(msgs, fmt.Sprintf("owner %s %s", g.ID(), who))
+	}
+	return msgs, nil
+}
+
+// AsArguments implements transfer.Lock
+func (g *giteaLock) AsArguments() []string {
+	return []string{
+		fmt.Sprintf("id=%s", g.ID()),
+		fmt.Sprintf("path=%s", g.Path()),
+		fmt.Sprintf("locked-at=%s", g.FormattedTimestamp()),
+		fmt.Sprintf("ownername=%s", g.OwnerName()),
+	}
+}
diff --git a/modules/lfstransfer/backend/util.go b/modules/lfstransfer/backend/util.go
new file mode 100644
index 00000000000..126ac001753
--- /dev/null
+++ b/modules/lfstransfer/backend/util.go
@@ -0,0 +1,141 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package backend
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net"
+	"net/http"
+	"time"
+
+	"code.gitea.io/gitea/modules/httplib"
+	"code.gitea.io/gitea/modules/proxyprotocol"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/charmbracelet/git-lfs-transfer/transfer"
+)
+
+// HTTP headers
+const (
+	headerAccept        = "Accept"
+	headerAuthorisation = "Authorization"
+	headerAuthX         = "X-Auth"
+	headerContentType   = "Content-Type"
+	headerContentLength = "Content-Length"
+)
+
+// MIME types
+const (
+	mimeGitLFS      = "application/vnd.git-lfs+json"
+	mimeOctetStream = "application/octet-stream"
+)
+
+// SSH protocol action keys
+const (
+	actionDownload = "download"
+	actionUpload   = "upload"
+	actionVerify   = "verify"
+)
+
+// SSH protocol argument keys
+const (
+	argCursor    = "cursor"
+	argExpiresAt = "expires-at"
+	argID        = "id"
+	argLimit     = "limit"
+	argPath      = "path"
+	argRefname   = "refname"
+	argToken     = "token"
+	argTransfer  = "transfer"
+)
+
+// Default username constants
+const (
+	userSelf    = "(self)"
+	userUnknown = "(unknown)"
+)
+
+// Operations enum
+const (
+	opNone = iota
+	opDownload
+	opUpload
+)
+
+var opMap = map[string]int{
+	"download": opDownload,
+	"upload":   opUpload,
+}
+
+var ErrMissingID = fmt.Errorf("%w: missing id arg", transfer.ErrMissingData)
+
+func statusCodeToErr(code int) error {
+	switch code {
+	case http.StatusBadRequest:
+		return transfer.ErrParseError
+	case http.StatusConflict:
+		return transfer.ErrConflict
+	case http.StatusForbidden:
+		return transfer.ErrForbidden
+	case http.StatusNotFound:
+		return transfer.ErrNotFound
+	case http.StatusUnauthorized:
+		return transfer.ErrUnauthorized
+	default:
+		return fmt.Errorf("server returned status %v: %v", code, http.StatusText(code))
+	}
+}
+
+func newInternalRequest(ctx context.Context, url, method string, headers map[string]string, body []byte) *httplib.Request {
+	req := httplib.NewRequest(url, method).
+		SetContext(ctx).
+		SetTimeout(10*time.Second, 60*time.Second).
+		SetTLSClientConfig(&tls.Config{
+			InsecureSkipVerify: true,
+		})
+
+	if setting.Protocol == setting.HTTPUnix {
+		req.SetTransport(&http.Transport{
+			DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
+				var d net.Dialer
+				conn, err := d.DialContext(ctx, "unix", setting.HTTPAddr)
+				if err != nil {
+					return conn, err
+				}
+				if setting.LocalUseProxyProtocol {
+					if err = proxyprotocol.WriteLocalHeader(conn); err != nil {
+						_ = conn.Close()
+						return nil, err
+					}
+				}
+				return conn, err
+			},
+		})
+	} else if setting.LocalUseProxyProtocol {
+		req.SetTransport(&http.Transport{
+			DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
+				var d net.Dialer
+				conn, err := d.DialContext(ctx, network, address)
+				if err != nil {
+					return conn, err
+				}
+				if err = proxyprotocol.WriteLocalHeader(conn); err != nil {
+					_ = conn.Close()
+					return nil, err
+				}
+				return conn, err
+			},
+		})
+	}
+
+	for k, v := range headers {
+		req.Header(k, v)
+	}
+
+	req.Body(body)
+
+	return req
+}
diff --git a/modules/lfstransfer/logger.go b/modules/lfstransfer/logger.go
new file mode 100644
index 00000000000..517c2d9ba13
--- /dev/null
+++ b/modules/lfstransfer/logger.go
@@ -0,0 +1,21 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package lfstransfer
+
+import (
+	"github.com/charmbracelet/git-lfs-transfer/transfer"
+)
+
+var _ transfer.Logger = (*GiteaLogger)(nil)
+
+// noop logger for passing into transfer
+type GiteaLogger struct{}
+
+func newLogger() transfer.Logger {
+	return &GiteaLogger{}
+}
+
+// Log implements transfer.Logger
+func (g *GiteaLogger) Log(msg string, itms ...any) {
+}
diff --git a/modules/lfstransfer/main.go b/modules/lfstransfer/main.go
new file mode 100644
index 00000000000..a134f50b864
--- /dev/null
+++ b/modules/lfstransfer/main.go
@@ -0,0 +1,42 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package lfstransfer
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"code.gitea.io/gitea/modules/lfstransfer/backend"
+
+	"github.com/charmbracelet/git-lfs-transfer/transfer"
+)
+
+func Main(ctx context.Context, repo, verb, token string) error {
+	logger := newLogger()
+	pktline := transfer.NewPktline(os.Stdin, os.Stdout, logger)
+	giteaBackend, err := backend.New(ctx, repo, verb, token, logger)
+	if err != nil {
+		return err
+	}
+
+	for _, cap := range backend.Capabilities {
+		if err := pktline.WritePacketText(cap); err != nil {
+			logger.Log("error sending capability due to error:", err)
+		}
+	}
+	if err := pktline.WriteFlush(); err != nil {
+		logger.Log("error flushing capabilities:", err)
+	}
+	p := transfer.NewProcessor(pktline, giteaBackend, logger)
+	defer logger.Log("done processing commands")
+	switch verb {
+	case "upload":
+		return p.ProcessCommands(transfer.UploadOperation)
+	case "download":
+		return p.ProcessCommands(transfer.DownloadOperation)
+	default:
+		return fmt.Errorf("unknown operation %q", verb)
+	}
+}
diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go
index 2034ef782c2..6bdcbed91d9 100644
--- a/modules/setting/lfs.go
+++ b/modules/setting/lfs.go
@@ -13,6 +13,7 @@ import (
 // LFS represents the configuration for Git LFS
 var LFS = struct {
 	StartServer    bool          `ini:"LFS_START_SERVER"`
+	AllowPureSSH   bool          `ini:"LFS_ALLOW_PURE_SSH"`
 	JWTSecretBytes []byte        `ini:"-"`
 	HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"`
 	MaxFileSize    int64         `ini:"LFS_MAX_FILE_SIZE"`
diff --git a/routers/private/internal.go b/routers/private/internal.go
index 61e604b7a93..f9adff388cf 100644
--- a/routers/private/internal.go
+++ b/routers/private/internal.go
@@ -12,7 +12,9 @@ import (
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/routers/common"
 	"code.gitea.io/gitea/services/context"
+	"code.gitea.io/gitea/services/lfs"
 
 	"gitea.com/go-chi/binding"
 	chi_middleware "github.com/go-chi/chi/v5/middleware"
@@ -46,6 +48,14 @@ func bind[T any](_ T) any {
 	}
 }
 
+// SwapAuthToken swaps Authorization header with X-Auth header
+func swapAuthToken(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		req.Header.Set("Authorization", req.Header.Get("X-Auth"))
+		next.ServeHTTP(w, req)
+	})
+}
+
 // Routes registers all internal APIs routes to web application.
 // These APIs will be invoked by internal commands for example `gitea serv` and etc.
 func Routes() *web.Router {
@@ -80,5 +90,25 @@ func Routes() *web.Router {
 	r.Post("/restore_repo", RestoreRepo)
 	r.Post("/actions/generate_actions_runner_token", GenerateActionsRunnerToken)
 
+	r.Group("/repo/{username}/{reponame}", func() {
+		r.Group("/info/lfs", func() {
+			r.Post("/objects/batch", lfs.CheckAcceptMediaType, lfs.BatchHandler)
+			r.Put("/objects/{oid}/{size}", lfs.UploadHandler)
+			r.Get("/objects/{oid}/{filename}", lfs.DownloadHandler)
+			r.Get("/objects/{oid}", lfs.DownloadHandler)
+			r.Post("/verify", lfs.CheckAcceptMediaType, lfs.VerifyHandler)
+			r.Group("/locks", func() {
+				r.Get("/", lfs.GetListLockHandler)
+				r.Post("/", lfs.PostLockHandler)
+				r.Post("/verify", lfs.VerifyLockHandler)
+				r.Post("/{lid}/unlock", lfs.UnLockHandler)
+			}, lfs.CheckAcceptMediaType)
+			r.Any("/*", func(ctx *context.Context) {
+				ctx.NotFound("", nil)
+			})
+		}, swapAuthToken)
+	}, common.Sessioner(), context.Contexter())
+	// end "/repo/{username}/{reponame}": git (LFS) API mirror
+
 	return r
 }
diff --git a/routers/private/serv.go b/routers/private/serv.go
index dbb28cc2bb0..4dd7d06fb36 100644
--- a/routers/private/serv.go
+++ b/routers/private/serv.go
@@ -136,16 +136,15 @@ func ServCommand(ctx *context.PrivateContext) {
 	if err != nil {
 		if repo_model.IsErrRepoNotExist(err) {
 			repoExist = false
-			for _, verb := range ctx.FormStrings("verb") {
-				if verb == "git-upload-pack" {
-					// User is fetching/cloning a non-existent repository
-					log.Warn("Failed authentication attempt (cannot find repository: %s/%s) from %s", results.OwnerName, results.RepoName, ctx.RemoteAddr())
-					ctx.JSON(http.StatusNotFound, private.Response{
-						UserMsg: fmt.Sprintf("Cannot find repository: %s/%s", results.OwnerName, results.RepoName),
-					})
-					return
-				}
+			if mode == perm.AccessModeRead {
+				// User is fetching/cloning a non-existent repository
+				log.Warn("Failed authentication attempt (cannot find repository: %s/%s) from %s", results.OwnerName, results.RepoName, ctx.RemoteAddr())
+				ctx.JSON(http.StatusNotFound, private.Response{
+					UserMsg: fmt.Sprintf("Cannot find repository: %s/%s", results.OwnerName, results.RepoName),
+				})
+				return
 			}
+			// else fallthrough (push-to-create may kick in below)
 		} else {
 			log.Error("Unable to get repository: %s/%s Error: %v", results.OwnerName, results.RepoName, err)
 			ctx.JSON(http.StatusInternalServerError, private.Response{

From ad749fbf259fe66e11359e78e859ee305cc59465 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Sat, 28 Sep 2024 00:30:56 +0000
Subject: [PATCH 120/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_fr-FR.ini | 104 +++++++++++++++++++++++++++++++-
 1 file changed, 101 insertions(+), 3 deletions(-)

diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index a61a7f7ebcc..1ce04640e34 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -31,6 +31,7 @@ username=Nom d'utilisateur
 email=Courriel
 password=Mot de passe
 access_token=Jeton d’accès
+re_type=Confirmez le mot de passe
 captcha=CAPTCHA
 twofa=Authentification à deux facteurs
 twofa_scratch=Code de secours pour l'authentification à deux facteurs
@@ -158,6 +159,7 @@ filter.public=Public
 filter.private=Privé
 
 no_results_found=Aucun résultat trouvé.
+internal_error_skipped=Une erreur interne est survenue, mais ignorée : %s
 
 [search]
 search=Rechercher…
@@ -176,6 +178,8 @@ code_search_by_git_grep=Les résultats de recherche de code actuels sont fournis
 package_kind=Chercher des paquets…
 project_kind=Chercher des projets…
 branch_kind=Chercher des branches…
+tag_kind=Chercher des étiquettes…
+tag_tooltip=Cherchez des étiquettes correspondantes. Utilisez « % » pour rechercher n’importe quelle suite de nombres.
 commit_kind=Chercher des révisions…
 runner_kind=Chercher des exécuteurs…
 no_results=Aucun résultat correspondant trouvé.
@@ -217,16 +221,20 @@ string.desc=Z - A
 
 [error]
 occurred=Une erreur s’est produite
+report_message=Si vous pensez qu’il s’agit d’un bug Gitea, veuillez consulter notre board <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> ou ouvrir un nouveau ticket si nécessaire.
 not_found=La cible n'a pu être trouvée.
 network_error=Erreur réseau
 
 [startpage]
 app_desc=Un service Git auto-hébergé sans prise de tête
 install=Facile à installer
+install_desc=Il suffit de <a target="_blank" rel="noopener noreferrer" href="%[1]s">lancer l’exécutable</a> adapté à votre plateforme, le déployer avec <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a> ou de l’installer depuis un <a target="_blank" rel="noopener noreferrer" href="%[3]s">gestionnaire de paquet</a>.
 platform=Multi-plateforme
+platform_desc=Gitea tourne partout où <a target="_blank" rel="noopener noreferrer" href="%s">Go</a> peut être compilé : Windows, macOS, Linux, ARM, etc. Choisissez votre préféré !
 lightweight=Léger
 lightweight_desc=Gitea utilise peu de ressources. Il peut même tourner sur un Raspberry Pi très bon marché. Économisez l'énergie de vos serveurs !
 license=Open Source
+license_desc=Venez récupérer <a target="_blank" rel="noopener noreferrer" href="%[1]s">%[2]s</a> ! Rejoignez-nous en <a target="_blank" rel="noopener noreferrer" href="%[3]s">contribuant</a> à rendre ce projet encore meilleur !
 
 [install]
 install=Installation
@@ -310,6 +318,7 @@ admin_setting_desc=La création d'un compte administrateur est facultative. Le p
 admin_title=Paramètres de compte administrateur
 admin_name=Nom d’utilisateur administrateur
 admin_password=Mot de passe
+confirm_password=Confirmez le mot de passe
 admin_email=Courriel
 install_btn_confirm=Installer Gitea
 test_git_failed=Le test de la commande "git" a échoué : %v
@@ -448,6 +457,7 @@ authorize_title=Autoriser "%s" à accéder à votre compte ?
 authorization_failed=L’autorisation a échoué
 authorization_failed_desc=L'autorisation a échoué car nous avons détecté une demande incorrecte. Veuillez contacter le responsable de l'application que vous avez essayé d'autoriser.
 sspi_auth_failed=Échec de l'authentification SSPI
+password_pwned=Le mot de passe que vous avez choisi <a target="_blank" rel="noopener noreferrer" href="%s">fait partit des mots de passe ayant fuité</a> sur internet. Veuillez réessayer avec un mot de passe différent et considérez remplacer ce mot de passe si vous l’utilisez ailleurs.
 password_pwned_err=Impossible d'envoyer la demande à HaveIBeenPwned
 last_admin=Vous ne pouvez pas supprimer ce compte car au moins un administrateur est requis.
 signin_passkey=Se connecter avec une clé d’identification (passkey)
@@ -531,6 +541,7 @@ UserName=Nom d'utilisateur
 RepoName=Nom du dépôt
 Email=Courriel
 Password=Mot de passe
+Retype=Confirmez le mot de passe
 SSHTitle=Nom de la clé SSH
 HttpsUrl=URL HTTPS
 PayloadUrl=URL des données utiles
@@ -684,9 +695,11 @@ applications=Applications
 orgs=Gérer les organisations
 repos=Dépôts
 delete=Supprimer le compte
+twofa=Authentification à deux facteurs (TOTP)
 account_link=Comptes liés
 organization=Organisations
 uid=UID
+webauthn=Authentification à deux facteurs (Clés de sécurité)
 
 public_profile=Profil public
 biography_placeholder=Parlez-nous un peu de vous ! (Vous pouvez utiliser Markdown)
@@ -784,6 +797,7 @@ add_email_success=La nouvelle adresse e-mail a été ajoutée.
 email_preference_set_success=L'e-mail de préférence a été défini avec succès.
 add_openid_success=La nouvelle adresse OpenID a été ajoutée.
 keep_email_private=Cacher l'adresse e-mail
+keep_email_private_popup=Ceci masquera votre adresse e-mail de votre profil, de vos demandes d’ajout et des fichiers modifiés depuis l'interface Web. Les révisions déjà soumises ne seront pas modifiés. Utilisez %s dans les révisions pour les associer à votre compte.
 openid_desc=OpenID vous permet de confier l'authentification à une tierce partie.
 
 manage_ssh_keys=Gérer les clés SSH
@@ -922,20 +936,26 @@ revoke_oauth2_grant=Révoquer l'accès
 revoke_oauth2_grant_description=La révocation de l'accès à cette application tierce l'empêchera d'accéder à vos données. Vous êtes sûr ?
 revoke_oauth2_grant_success=Accès révoqué avec succès.
 
+twofa_desc=Pour protéger votre compte contre les vols de mot de passes, vous pouvez utiliser un smartphone ou autres appareils pour recevoir un code temporaire à usage unique (TOTP).
 twofa_recovery_tip=Si vous perdez votre appareil, vous pourrez utiliser une clé de récupération à usage unique pour obtenir l’accès à votre compte.
 twofa_is_enrolled=Votre compte est <strong>inscrit</strong> à l'authentification à deux facteurs.
 twofa_not_enrolled=Votre compte n'est pas inscrit à l'authentification à deux facteurs.
 twofa_disable=Désactiver l'authentification à deux facteurs
+twofa_scratch_token_regenerate=Régénérer une clé de secours à usage unique
+twofa_scratch_token_regenerated=Votre clé de secours à usage unique est désormais « %s ». Stockez-la dans un endroit sûr, elle ne sera plus jamais affichée.
 twofa_enroll=Activer l'authentification à deux facteurs
 twofa_disable_note=Vous pouvez désactiver l'authentification à deux facteurs si nécessaire.
 twofa_disable_desc=Désactiver l'authentification à deux facteurs rendra votre compte plus vulnérable. Confirmer ?
+regenerate_scratch_token_desc=Si vous avez égaré votre clé de secours ou avez dû l’utiliser pour vous authentifier, vous pouvez la régénérer.
 twofa_disabled=L'authentification à deux facteurs a été désactivée.
 scan_this_image=Scannez cette image avec votre application d'authentification :
 or_enter_secret=Ou saisissez le code %s
 then_enter_passcode=Et entrez le code de passe s'affichant dans l'application :
 passcode_invalid=Le mot de passe est invalide. Réessayez.
+twofa_enrolled=L’authentification à deux facteurs a été activée pour votre compte. Gardez votre clé de secours (%s) en lieu sûr, car il ne vous sera montré qu'une seule fois.
 twofa_failed_get_secret=Impossible d'obtenir le secret.
 
+webauthn_desc=Les clefs de sécurité sont des dispositifs matériels contenant des clefs cryptographiques. Elles peuvent être utilisées pour l’authentification à deux facteurs. La clef de sécurité doit supporter le standard <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a>.
 webauthn_register_key=Ajouter une clé de sécurité
 webauthn_nickname=Pseudonyme
 webauthn_delete_key=Retirer la clé de sécurité
@@ -1080,7 +1100,9 @@ tree_path_not_found_branch=Le chemin %[1]s n’existe pas dans la branche %[2]s.
 tree_path_not_found_tag=Le chemin %[1]s n’existe pas dans l’étiquette %[2]s.
 
 transfer.accept=Accepter le transfert
+transfer.accept_desc=Transférer à « %s »
 transfer.reject=Refuser le transfert
+transfer.reject_desc=Annuler le transfert à « %s »
 transfer.no_permission_to_accept=Vous n’êtes pas autorisé à accepter ce transfert.
 transfer.no_permission_to_reject=Vous n’êtes pas autorisé à rejeter ce transfert.
 
@@ -1155,6 +1177,11 @@ migrate.gogs.description=Migrer les données depuis notabug.org ou d’autres in
 migrate.onedev.description=Migrer les données depuis code.onedev.io ou d’autre instance de OneDev.
 migrate.codebase.description=Migrer les données depuis codebasehq.com.
 migrate.gitbucket.description=Migrer les données depuis des instances GitBucket.
+migrate.codecommit.description=Migrer les données depuis AWS CodeCommit.
+migrate.codecommit.aws_access_key_id=ID de la clé d’accès AWS
+migrate.codecommit.aws_secret_access_key=Clé d’accès secrète AWS
+migrate.codecommit.https_git_credentials_username=Nom d’utilisateur Git HTTPS
+migrate.codecommit.https_git_credentials_password=Mot de passe Git HTTPS
 migrate.migrating_git=Migration des données Git
 migrate.migrating_topics=Migration des sujets
 migrate.migrating_milestones=Migration des jalons
@@ -1215,6 +1242,7 @@ releases=Publications
 tag=Étiquette
 released_this=a publié ceci
 tagged_this=a étiqueté
+file.title=%s sur %s
 file_raw=Brut
 file_history=Historique
 file_view_source=Voir le code source
@@ -1454,6 +1482,7 @@ issues.remove_labels=a supprimé les labels %s %s.
 issues.add_remove_labels=a ajouté le label %s et supprimé %s %s.
 issues.add_milestone_at=`a ajouté ça au jalon <b>%s</b> %s.`
 issues.add_project_at=`a ajouté ça au projet <b>%s</b> %s.`
+issues.move_to_column_of_project=`a déplacé ça vers %s dans %s sur %s`
 issues.change_milestone_at=`a remplacé le jalon <b><strike>%s</strike></b> par <b>%s</b> %s.`
 issues.change_project_at=`a remplacé le projet <b><strike>%s</strike></b> par <b>%s</b> %s.`
 issues.remove_milestone_at=`a supprimé ça du jalon <b>%s</b> %s.`
@@ -1702,9 +1731,10 @@ issues.dependency.add_error_dep_not_same_repo=Les deux tickets doivent être dan
 issues.review.self.approval=Vous ne pouvez approuver vos propres demandes d'ajout.
 issues.review.self.rejection=Vous ne pouvez demander de changements sur vos propres demandes de changement.
 issues.review.approve=a approuvé ces modifications %s.
+issues.review.comment=a évalué %s
 issues.review.dismissed=a révoqué l’évaluation de %s %s.
 issues.review.dismissed_label=Révoquée
-issues.review.left_comment=laisser un commentaire
+issues.review.left_comment=à laissé un commentaire
 issues.review.content.empty=Vous devez laisser un commentaire indiquant le(s) changement(s) demandé(s).
 issues.review.reject=a requis les changements %s
 issues.review.wait=a été sollicité pour évaluer cette demande d’ajout %s.
@@ -1726,7 +1756,12 @@ issues.review.hide_resolved=Réduire
 issues.review.resolve_conversation=Clore la conversation
 issues.review.un_resolve_conversation=Rouvrir la conversation
 issues.review.resolved_by=a marqué cette conversation comme résolue.
-issues.review.commented=Commenter
+issues.review.commented=À commenté
+issues.review.official=Approuvée
+issues.review.requested=Évaluation en attente
+issues.review.rejected=Changements demandées
+issues.review.stale=Modifiée depuis la dernière approbation
+issues.review.unofficial=Approbation non comptabilisée
 issues.assignee.error=Tous les assignés n'ont pas été ajoutés en raison d'une erreur inattendue.
 issues.reference_issue.body=Corps
 issues.content_history.deleted=a supprimé
@@ -1800,6 +1835,8 @@ pulls.is_empty=Les changements sur cette branche sont déjà sur la branche cibl
 pulls.required_status_check_failed=Certains contrôles requis n'ont pas réussi.
 pulls.required_status_check_missing=Certains contrôles requis sont manquants.
 pulls.required_status_check_administrator=En tant qu'administrateur, vous pouvez toujours fusionner cette requête de pull.
+pulls.blocked_by_approvals=Cette demande d'ajout n’est pas suffisamment approuvée. %d approbations obtenues sur %d.
+pulls.blocked_by_approvals_whitelisted=Cette demande d’ajout n’a pas encore assez d’approbations. %d sur %d approbations de la part des utilisateurs ou équipes sur la liste autorisée.
 pulls.blocked_by_rejection=Cette demande d’ajout nécessite des corrections sollicitées par un évaluateur officiel.
 pulls.blocked_by_official_review_requests=Cette demande d’ajout a des sollicitations officielles d’évaluation.
 pulls.blocked_by_outdated_branch=Cette demande d’ajout est bloquée car elle est obsolète.
@@ -1841,7 +1878,9 @@ pulls.unrelated_histories=Échec de la fusion: La tête de fusion et la base ne
 pulls.merge_out_of_date=Échec de la fusion: La base a été mise à jour en cours de fusion. Indice : Réessayez.
 pulls.head_out_of_date=Échec de la fusion : L’en-tête a été mis à jour pendant la fusion. Conseil : réessayez.
 pulls.has_merged=Échec : La demande d’ajout est déjà fusionnée, vous ne pouvez plus la fusionner, ni modifier sa branche cible.
+pulls.push_rejected=Échec de la fusion : la soumission a été rejetée. Revoyez les déclencheurs Git pour ce dépôt.
 pulls.push_rejected_summary=Message de rejet complet
+pulls.push_rejected_no_message=Échec de la fusion : la soumission a été rejetée sans raison. Revoyez les déclencheurs Git pour ce dépôt.
 pulls.open_unmerged_pull_exists=`Vous ne pouvez pas rouvrir ceci car la demande d’ajout #%d, en attente, a des propriétés identiques.`
 pulls.status_checking=Certains contrôles sont en attente
 pulls.status_checks_success=Tous les contrôles ont réussi
@@ -1865,6 +1904,7 @@ pulls.cmd_instruction_checkout_title=Basculer
 pulls.cmd_instruction_checkout_desc=Depuis votre dépôt, basculer sur une nouvelle branche et tester des modifications.
 pulls.cmd_instruction_merge_title=Fusionner
 pulls.cmd_instruction_merge_desc=Fusionner les modifications et mettre à jour sur Gitea.
+pulls.cmd_instruction_merge_warning=Attention : cette opération ne peut pas fusionner la demande d’ajout car la « détection automatique de fusion manuelle » n’a pas été activée
 pulls.clear_merge_message=Effacer le message de fusion
 pulls.clear_merge_message_hint=Effacer le message de fusion ne supprimera que le message de la révision, mais pas les pieds de révision générés tels que "Co-Authored-By:".
 
@@ -1886,6 +1926,7 @@ pulls.delete.text=Voulez-vous vraiment supprimer cet demande d'ajout ? (Cela sup
 pulls.recently_pushed_new_branches=Vous avez soumis sur la branche <strong>%[1]s</strong> %[2]s
 
 pull.deleted_branch=(supprimé) : %s
+pull.agit_documentation=Voir la documentation sur AGit
 
 comments.edit.already_changed=Impossible d’enregistrer ce commentaire. Il semble que le contenu ait été modifié par un autre utilisateur. Veuillez rafraîchir la page et réessayer afin d’éviter d’écraser leurs modifications.
 
@@ -1896,6 +1937,7 @@ milestones.no_due_date=Aucune date d'échéance
 milestones.open=Ouvrir
 milestones.close=Fermer
 milestones.new_subheader=Les jalons peuvent vous aider à organiser vos tickets et à suivre leurs progrès.
+milestones.completeness=<strong>%d%%</strong> complété
 milestones.create=Créer un Jalon
 milestones.title=Titre
 milestones.desc=Description
@@ -2080,7 +2122,8 @@ settings.push_mirror_sync_in_progress=Versement des changements vers le miroir d
 settings.site=Site Web
 settings.update_settings=Appliquer
 settings.update_mirror_settings=Mettre à jour les paramètres du miroir
-settings.branches.update_default_branch=Changer la Branche par Défaut
+settings.branches.switch_default_branch=Changer la branche par défaut
+settings.branches.update_default_branch=Changer la branche par défaut
 settings.branches.add_new_rule=Ajouter une nouvelle règle
 settings.advanced_settings=Paramètres avancés
 settings.wiki_desc=Activer le wiki du dépôt
@@ -2117,6 +2160,7 @@ settings.pulls.default_delete_branch_after_merge=Supprimer la branche après la
 settings.pulls.default_allow_edits_from_maintainers=Autoriser les modifications par les mainteneurs par défaut
 settings.releases_desc=Activer les publications du dépôt
 settings.packages_desc=Activer le registre des paquets du dépôt
+settings.projects_desc=Activer les projets de dépôt
 settings.projects_mode_desc=Mode Projets (type de projets à afficher)
 settings.projects_mode_repo=Projets de dépôt uniquement
 settings.projects_mode_owner=Projets d’utilisateur ou d’organisation uniquement
@@ -2156,6 +2200,7 @@ settings.transfer_in_progress=Il y a actuellement un transfert en cours. Veuille
 settings.transfer_notices_1=- Vous perdrez l'accès à ce dépôt si vous le transférez à un autre utilisateur.
 settings.transfer_notices_2=- Vous conserverez l'accès à ce dépôt si vous le transférez à une organisation dont vous êtes (co-)propriétaire.
 settings.transfer_notices_3=- Si le dépôt est privé et est transféré à un utilisateur individuel, cette action s'assure que l'utilisateur a au moins la permission de lire (et modifie les permissions si nécessaire).
+settings.transfer_notices_4=- Si le dépôt appartient à une organisation et que vous le transférez à une autre organisation ou personne, vous perdrez les liens entre les tickets du dépôt et le tableau de projet de l’organisation.
 settings.transfer_owner=Nouveau propriétaire
 settings.transfer_perform=Effectuer le transfert
 settings.transfer_started=`Ce dépôt a été marqué pour le transfert et attend la confirmation de "%s"`
@@ -2292,6 +2337,7 @@ settings.event_pull_request_merge=Fusion de demande d'ajout
 settings.event_package=Paquet
 settings.event_package_desc=Paquet créé ou supprimé.
 settings.branch_filter=Filtre de branche
+settings.branch_filter_desc=Liste de branches et motifs globs autorisant la soumission, la création et suppression de branches. Laisser vide ou utiliser <code>*</code> englobent toutes les branches. Voir la <a href="%[1]s">%[2]s</a>. Exemples : <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=En-tête « Authorization »
 settings.authorization_header_desc=Si présent, sera ajouté aux requêtes comme en-tête d’authentification. Exemples : %s.
 settings.active=Actif
@@ -2337,9 +2383,13 @@ settings.deploy_key_deletion=Supprimer une clef de déploiement
 settings.deploy_key_deletion_desc=La suppression d'une clef de déploiement révoque son accès à ce dépôt. Continuer ?
 settings.deploy_key_deletion_success=La clé de déploiement a été supprimée.
 settings.branches=Branches
+settings.protected_branch=Protection de branche
 settings.protected_branch.save_rule=Enregistrer la règle
 settings.protected_branch.delete_rule=Supprimer la règle
 settings.protected_branch_can_push=Autoriser la soumission ?
+settings.protected_branch_can_push_yes=Vous pouvez soumettre
+settings.protected_branch_can_push_no=Vous ne pouvez pas soumettre
+settings.branch_protection=Paramètres de protection de branches pour la branche <b>%s</b>
 settings.protect_this_branch=Activer la protection de branche
 settings.protect_this_branch_desc=Empêche les suppressions et limite les poussées et fusions sur cette branche.
 settings.protect_disable_push=Désactiver la soumission
@@ -2369,11 +2419,13 @@ settings.protect_merge_whitelist_teams=Équipes autorisées à fusionner :
 settings.protect_check_status_contexts=Activer le Contrôle Qualité
 settings.protect_status_check_patterns=Motifs de vérification des statuts :
 settings.protect_status_check_patterns_desc=Entrez des motifs pour spécifier quelles vérifications doivent réussir avant que des branches puissent être fusionnées. Un motif par ligne. Un motif ne peut être vide.
+settings.protect_check_status_contexts_desc=Exiger le status « succès » avant de fusionner. Quand activée, une branche protégée ne peux accepter que des soumissions ou des fusions ayant le status « succès ». Lorsqu'il n’y a pas de contexte, la dernière révision fait foi.
 settings.protect_check_status_contexts_list=Contrôles qualité trouvés au cours de la semaine dernière pour ce dépôt
 settings.protect_status_check_matched=Correspondant
 settings.protect_invalid_status_check_pattern=Motif de vérification des statuts incorrect : « %s ».
 settings.protect_no_valid_status_check_patterns=Aucun motif de vérification des statuts valide.
 settings.protect_required_approvals=Minimum d'approbations requis :
+settings.protect_required_approvals_desc=Permet de fusionner les demandes d’ajout lorsque suffisamment d’évaluation sont positives.
 settings.protect_approvals_whitelist_enabled=Restreindre les approbations aux utilisateurs ou aux équipes sur liste d’autorisés
 settings.protect_approvals_whitelist_enabled_desc=Seuls les évaluations des utilisateurs ou des équipes suivantes compteront dans les approbations requises. Si laissé vide, les évaluations de toute personne ayant un accès en écriture seront comptabilisées à la place.
 settings.protect_approvals_whitelist_users=Évaluateurs autorisés :
@@ -2385,12 +2437,18 @@ settings.ignore_stale_approvals_desc=Ignorer les approbations d’anciennes rév
 settings.require_signed_commits=Exiger des révisions signées
 settings.require_signed_commits_desc=Rejeter les soumissions sur cette branche lorsqu'ils ne sont pas signés ou vérifiables.
 settings.protect_branch_name_pattern=Motif de nom de branche protégé
+settings.protect_branch_name_pattern_desc=Motifs de nom de branche protégé. Consultez la <a href="%s">documentation</a> pour la syntaxe du motif. Exemples : <code>main</code>, <code>release/**</code>
 settings.protect_patterns=Motifs
 settings.protect_protected_file_patterns=Liste des fichiers et motifs protégés
+settings.protect_protected_file_patterns_desc=Liste de fichiers et de motifs, séparés par un point-virgule « ; », qui ne pourront pas être modifiés même si les utilisateurs disposent des droits sur la branche. Consultez la <a href='%[1]s'>%[2]s</a>. Exemples : <code>.drone.yml ; /docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Liste des fichiers et motifs exclus
+settings.protect_unprotected_file_patterns_desc=Liste de fichiers et de motifs globs, séparés par un point-virgule « ; », qui pourront être modifiés malgré la protection de branche, par les utilisateurs autorisés. Voir la <a href='%[1]s'>%[2]s</a>. Exemples : <code>.drone.yml ; /docs/**/*.txt</code>.
+settings.add_protected_branch=Activer la protection
+settings.delete_protected_branch=Désactiver la protection
 settings.update_protect_branch_success=La règle de protection de branche "%s" a été mise à jour.
 settings.remove_protected_branch_success=La règle de protection de branche "%s" a été retirée.
 settings.remove_protected_branch_failed=Impossible de retirer la règle de protection de branche "%s".
+settings.protected_branch_deletion=Désactiver la protection de branche
 settings.protected_branch_deletion_desc=Désactiver la protection de branche permet aux utilisateurs ayant accès en écriture de pousser des modifications sur la branche. Continuer ?
 settings.block_rejected_reviews=Bloquer la fusion en cas d’évaluations négatives
 settings.block_rejected_reviews_desc=La fusion ne sera pas possible lorsque des modifications sont demandées par les évaluateurs officiels, même s'il y a suffisamment d’approbations.
@@ -2400,6 +2458,7 @@ settings.block_outdated_branch=Bloquer la fusion si la demande d'ajout est obsol
 settings.block_outdated_branch_desc=La fusion ne sera pas possible lorsque la branche principale est derrière la branche de base.
 settings.default_branch_desc=Sélectionnez une branche par défaut pour les demandes de fusion et les révisions :
 settings.merge_style_desc=Styles de fusion
+settings.default_merge_style_desc=Méthode de fusion par défaut
 settings.choose_branch=Choisissez une branche…
 settings.no_protected_branch=Il n'y a pas de branche protégée.
 settings.edit_protected_branch=Éditer
@@ -2415,12 +2474,25 @@ settings.tags.protection.allowed.teams=Équipes autorisées
 settings.tags.protection.allowed.noone=Personne
 settings.tags.protection.create=Protéger l'étiquette
 settings.tags.protection.none=Il n'y a pas d'étiquettes protégées.
+settings.tags.protection.pattern.description=Vous pouvez utiliser au choix un nom unique, un motif de glob ou une expression régulière qui correspondra à plusieurs étiquettes. Pour plus d’informations, consultez le <a target="_blank" rel="noopener" href="%s">guide sur les étiquettes protégées</a>.
 settings.bot_token=Jeton de Bot
 settings.chat_id=ID de conversation
 settings.thread_id=ID du fil
 settings.matrix.homeserver_url=URL du serveur d'accueil
 settings.matrix.room_id=ID de la salle
 settings.matrix.message_type=Type de message
+settings.visibility.private.button=Rendre privé
+settings.visibility.private.text=Rendre le dépôt privé rendra non seulement le dépôt visible uniquement aux membres autorisés, mais peut également rompre la relation entre lui et ses bifurcations, observateurs, et favoris.
+settings.visibility.private.bullet_title=<strong>Changer la visibilité en privé :</strong>
+settings.visibility.private.bullet_one=Va rendre le dépôt visible uniquement par les membres autorisés
+settings.visibility.private.bullet_two=Peut supprimer la relation avec <strong>ses bifurcations</strong>, <strong>ses observateurs</strong> et <strong>ses favoris</strong>
+settings.visibility.public.button=Rendre public
+settings.visibility.public.text=Rendre le dépôt public rendra le dépôt visible à tout le monde.
+settings.visibility.public.bullet_title=<strong>Changer la visibilité en public va :</strong>
+settings.visibility.public.bullet_one=Rendre le dépôt visible à tout le monde.
+settings.visibility.success=Visibilité du dépôt changée.
+settings.visibility.error=Une erreur s’est produite en essayant de changer la visibilité du dépôt.
+settings.visibility.fork_error=Impossible de changer la visibilité d’un dépôt bifurqué.
 settings.archive.button=Archiver ce dépôt
 settings.archive.header=Archiver ce dépôt
 settings.archive.text=Archiver un dépôt le place en lecture seule et le cache des tableaux de bord. Personne ne pourra faire de nouvelles révisions, d'ouvrir des tickets ou des demandes d'ajouts (pas même vous!).
@@ -2617,6 +2689,7 @@ tag.create_success=L'étiquette "%s" a été créée.
 
 topic.manage_topics=Gérer les sujets
 topic.done=Terminé
+topic.count_prompt=Vous ne pouvez pas sélectionner plus de 25 sujets
 topic.format_prompt=Les sujets doivent commencer par un caractère alphanumérique, peuvent inclure des traits d’union « - » et des points « . », et mesurer jusqu'à 35 caractères. Les lettres doivent être en minuscules.
 
 find_file.go_to_file=Aller au fichier
@@ -2783,6 +2856,7 @@ last_page=Dernière
 total=Total : %d
 settings=Paramètres administrateur
 
+dashboard.new_version_hint=Gitea %s est maintenant disponible, vous utilisez %s. Consultez <a target="_blank" rel="noreferrer" href="%s">le blog</a> pour plus de détails.
 dashboard.statistic=Résumé
 dashboard.maintenance_operations=Opérations de maintenance
 dashboard.system_status=État du système
@@ -2825,6 +2899,7 @@ dashboard.reinit_missing_repos=Réinitialiser tous les dépôts Git manquants po
 dashboard.sync_external_users=Synchroniser les données de l’utilisateur externe
 dashboard.cleanup_hook_task_table=Nettoyer la table hook_task
 dashboard.cleanup_packages=Nettoyer des paquets expirés
+dashboard.cleanup_actions=Nettoyer les reliquats des actions obsolètes
 dashboard.server_uptime=Uptime du serveur
 dashboard.current_goroutine=Goroutines actuelles
 dashboard.current_memory_usage=Utilisation Mémoire actuelle
@@ -2854,9 +2929,15 @@ dashboard.total_gc_time=Pause GC
 dashboard.total_gc_pause=Pause GC
 dashboard.last_gc_pause=Dernière Pause GC
 dashboard.gc_times=Nombres de GC
+dashboard.delete_old_actions=Supprimer toutes les anciennes activités de la base de données
+dashboard.delete_old_actions.started=La suppression des anciennes activités de la base de données a démarré.
 dashboard.update_checker=Vérificateur de mise à jour
 dashboard.delete_old_system_notices=Supprimer toutes les anciennes observations de la base de données
 dashboard.gc_lfs=Épousseter les métaobjets LFS
+dashboard.stop_zombie_tasks=Arrêter les tâches zombies
+dashboard.stop_endless_tasks=Arrêter les tâches interminables
+dashboard.cancel_abandoned_jobs=Annuler les travaux abandonnés
+dashboard.start_schedule_tasks=Démarrer les tâches planifiées
 dashboard.sync_branch.started=Début de la synchronisation des branches
 dashboard.sync_tag.started=Synchronisation des étiquettes
 dashboard.rebuild_issue_indexer=Reconstruire l’indexeur des tickets
@@ -2967,10 +3048,12 @@ packages.size=Taille
 packages.published=Publiés
 
 defaulthooks=Déclencheurs web par défaut
+defaulthooks.desc=Les webhooks font automatiquement des requêtes POST HTTP à un serveur spécifié lorsque certains événements Gitea se déclenchent. Ceux créés ici sont par défaut copiés sur tous les nouveaux dépôts. Pour plus d'information, consultez le <a target="_blank" rel="noopener" href="%s">guide des webhooks</a>.
 defaulthooks.add_webhook=Ajouter un déclencheur web par défaut
 defaulthooks.update_webhook=Mettre à jour le déclencheur web par défaut
 
 systemhooks=Webhooks système
+systemhooks.desc=Les webhooks font automatiquement des requêtes POST HTTP à un serveur spécifié lorsque certains événements Gitea se déclenchent. Ceux créé ici agiront sur tous les dépôts, ce qui peux impacter les performances du système. Pour plus d’information, consultez <a target="_blank" rel="noopener" href="%s">le guide des webhooks</a>.
 systemhooks.add_webhook=Ajouter un rappel système
 systemhooks.update_webhook=Mettre à jour un rappel système
 
@@ -3065,8 +3148,18 @@ auths.tips=Conseils
 auths.tips.oauth2.general=Authentification OAuth2
 auths.tips.oauth2.general.tip=Lors de l'enregistrement d'une nouvelle authentification OAuth2, l'URL de rappel/redirection doit être :
 auths.tip.oauth2_provider=Fournisseur OAuth2
+auths.tip.bitbucket=Créez un nouveau jeton OAuth sur %s et ajoutez la permission « Compte » → « Lecture ».
 auths.tip.nextcloud=`Enregistrez un nouveau consommateur OAuth sur votre instance en utilisant le menu "Paramètres -> Sécurité -> Client OAuth 2.0"`
+auths.tip.dropbox=Créez une nouvelle application sur %s
+auths.tip.facebook=Enregistrez une nouvelle application sur%s et ajoutez le produit « Facebook Login ».
+auths.tip.github=Créez une nouvelle application OAuth sur %s
+auths.tip.gitlab_new=Enregistrez une nouvelle application sur %s
+auths.tip.google_plus=Obtenez des identifiants OAuth2 sur la console API de Google (%s)
 auths.tip.openid_connect=Utilisez l’URL de découverte OpenID « https://{server}/.well-known/openid-configuration » pour spécifier les points d'accès.
+auths.tip.twitter=Rendez-vous sur %s, créez une application et assurez-vous que l’option « Autoriser l’application à être utilisée avec Twitter Connect » est activée.
+auths.tip.discord=Enregistrer une nouvelle application sur %s
+auths.tip.gitea=Enregistrez une nouvelle application OAuth2. Le guide peut être trouvé sur %s.
+auths.tip.yandex=Créez une nouvelle application sur %s. Sélectionnez les autorisations suivantes dans la section « Yandex.Passport API » : « Accès à l’adresse e-mail », « Accès à l’avatar de l’utilisateur » et « Accès au nom d’utilisateur, prénom, surnom et genre ».
 auths.tip.mastodon=Entrez une URL d'instance personnalisée pour l'instance mastodon avec laquelle vous voulez vous authentifier (ou utiliser celle par défaut)
 auths.edit=Mettre à jour la source d'authentification
 auths.activated=Cette source d'authentification est activée
@@ -3240,6 +3333,8 @@ monitor.start=Heure de démarrage
 monitor.execute_time=Heure d'Éxécution
 monitor.last_execution_result=Résultat
 monitor.process.cancel=Annuler le processus
+monitor.process.cancel_desc=L’annulation d’un processus peut entraîner une perte de données.
+monitor.process.cancel_notices=Annuler : <strong>%s</strong> ?
 monitor.process.children=Enfant
 
 monitor.queues=Files d'attente
@@ -3341,6 +3436,7 @@ raw_minutes=minutes
 
 [dropzone]
 default_message=Déposez les fichiers ou cliquez ici pour téléverser.
+invalid_input_type=Vous ne pouvez pas téléverser des fichiers de ce type.
 file_too_big=La taille du fichier ({{filesize}} Mo) dépasse la taille maximale ({{maxFilesize}} Mo).
 remove_file=Supprimer le fichier
 
@@ -3612,6 +3708,7 @@ runs.no_workflows.quick_start=Vous découvrez les Actions Gitea ? Consultez <a t
 runs.no_workflows.documentation=Pour plus d’informations sur les actions Gitea, voir <a target="_blank" rel="noopener noreferrer" href="%s">la documentation</a>.
 runs.no_runs=Le flux de travail n'a pas encore d'exécution.
 runs.empty_commit_message=(message de révision vide)
+runs.expire_log_message=Les journaux ont été supprimés car ils étaient trop anciens.
 
 workflow.disable=Désactiver le flux de travail
 workflow.disable_success=Le flux de travail « %s » a bien été désactivé.
@@ -3643,6 +3740,7 @@ variables.update.failed=Impossible d’éditer la variable.
 variables.update.success=La variable a bien été modifiée.
 
 [projects]
+deleted.display_name=Projet supprimé
 type-1.display_name=Projet personnel
 type-2.display_name=Projet de dépôt
 type-3.display_name=Projet d’organisation

From 99d0510cb69c3c53cee05ef0e83ed02389925a90 Mon Sep 17 00:00:00 2001
From: Bruno Sofiato <bruno.sofiato@gmail.com>
Date: Sat, 28 Sep 2024 17:13:55 -0300
Subject: [PATCH 121/129] Change the code search to sort results by relevance
 (#32134)

Resolves #32129

Signed-off-by: Bruno Sofiato <bruno.sofiato@gmail.com>
---
 modules/indexer/code/bleve/bleve.go                 | 2 ++
 modules/indexer/code/elasticsearch/elasticsearch.go | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/indexer/code/bleve/bleve.go b/modules/indexer/code/bleve/bleve.go
index 542bdfb5014..c17f56d3cff 100644
--- a/modules/indexer/code/bleve/bleve.go
+++ b/modules/indexer/code/bleve/bleve.go
@@ -284,6 +284,8 @@ func (b *Indexer) Search(ctx context.Context, opts *internal.SearchOptions) (int
 		searchRequest.AddFacet("languages", bleve.NewFacetRequest("Language", 10))
 	}
 
+	searchRequest.SortBy([]string{"-_score", "UpdatedAt"})
+
 	result, err := b.inner.Indexer.SearchInContext(ctx, searchRequest)
 	if err != nil {
 		return 0, nil, nil, err
diff --git a/modules/indexer/code/elasticsearch/elasticsearch.go b/modules/indexer/code/elasticsearch/elasticsearch.go
index 0bda180fac9..d64d99433d9 100644
--- a/modules/indexer/code/elasticsearch/elasticsearch.go
+++ b/modules/indexer/code/elasticsearch/elasticsearch.go
@@ -318,7 +318,8 @@ func (b *Indexer) Search(ctx context.Context, opts *internal.SearchOptions) (int
 					NumOfFragments(0). // return all highting content on fragments
 					HighlighterType("fvh"),
 			).
-			Sort("repo_id", true).
+			Sort("_score", false).
+			Sort("updated_at", true).
 			From(start).Size(pageSize).
 			Do(ctx)
 		if err != nil {
@@ -349,7 +350,8 @@ func (b *Indexer) Search(ctx context.Context, opts *internal.SearchOptions) (int
 				NumOfFragments(0). // return all highting content on fragments
 				HighlighterType("fvh"),
 		).
-		Sort("repo_id", true).
+		Sort("_score", false).
+		Sort("updated_at", true).
 		From(start).Size(pageSize).
 		Do(ctx)
 	if err != nil {

From 5015de4d9ae0765e7f79073a638d8da3a931f05b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20Valls=20Fern=C3=A1ndez?= <manuel@valls.dev>
Date: Mon, 30 Sep 2024 03:57:48 +0200
Subject: [PATCH 122/129] Bump minio-go to latest version (#32156)

Current minio-go version has issues with S3 compatible storages like
Backblaze or Wasabi. This was fixed in
https://github.com/minio/minio-go/pull/1980 .
---
 assets/go-licenses.json |  5 +++++
 go.mod                  |  7 ++++---
 go.sum                  | 14 ++++++++------
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 62e63f271a8..1c0711307fc 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -549,6 +549,11 @@
     "path": "github.com/go-git/go-git/v5/LICENSE",
     "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"{}\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2018 Sourced Technologies, S.L.\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
   },
+  {
+    "name": "github.com/go-ini/ini",
+    "path": "github.com/go-ini/ini/LICENSE",
+    "licenseText": "Apache License\nVersion 2.0, January 2004\nhttp://www.apache.org/licenses/\n\nTERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n1. Definitions.\n\n\"License\" shall mean the terms and conditions for use, reproduction, and\ndistribution as defined by Sections 1 through 9 of this document.\n\n\"Licensor\" shall mean the copyright owner or entity authorized by the copyright\nowner that is granting the License.\n\n\"Legal Entity\" shall mean the union of the acting entity and all other entities\nthat control, are controlled by, or are under common control with that entity.\nFor the purposes of this definition, \"control\" means (i) the power, direct or\nindirect, to cause the direction or management of such entity, whether by\ncontract or otherwise, or (ii) ownership of fifty percent (50%) or more of the\noutstanding shares, or (iii) beneficial ownership of such entity.\n\n\"You\" (or \"Your\") shall mean an individual or Legal Entity exercising\npermissions granted by this License.\n\n\"Source\" form shall mean the preferred form for making modifications, including\nbut not limited to software source code, documentation source, and configuration\nfiles.\n\n\"Object\" form shall mean any form resulting from mechanical transformation or\ntranslation of a Source form, including but not limited to compiled object code,\ngenerated documentation, and conversions to other media types.\n\n\"Work\" shall mean the work of authorship, whether in Source or Object form, made\navailable under the License, as indicated by a copyright notice that is included\nin or attached to the work (an example is provided in the Appendix below).\n\n\"Derivative Works\" shall mean any work, whether in Source or Object form, that\nis based on (or derived from) the Work and for which the editorial revisions,\nannotations, elaborations, or other modifications represent, as a whole, an\noriginal work of authorship. For the purposes of this License, Derivative Works\nshall not include works that remain separable from, or merely link (or bind by\nname) to the interfaces of, the Work and Derivative Works thereof.\n\n\"Contribution\" shall mean any work of authorship, including the original version\nof the Work and any modifications or additions to that Work or Derivative Works\nthereof, that is intentionally submitted to Licensor for inclusion in the Work\nby the copyright owner or by an individual or Legal Entity authorized to submit\non behalf of the copyright owner. For the purposes of this definition,\n\"submitted\" means any form of electronic, verbal, or written communication sent\nto the Licensor or its representatives, including but not limited to\ncommunication on electronic mailing lists, source code control systems, and\nissue tracking systems that are managed by, or on behalf of, the Licensor for\nthe purpose of discussing and improving the Work, but excluding communication\nthat is conspicuously marked or otherwise designated in writing by the copyright\nowner as \"Not a Contribution.\"\n\n\"Contributor\" shall mean Licensor and any individual or Legal Entity on behalf\nof whom a Contribution has been received by Licensor and subsequently\nincorporated within the Work.\n\n2. Grant of Copyright License.\n\nSubject to the terms and conditions of this License, each Contributor hereby\ngrants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,\nirrevocable copyright license to reproduce, prepare Derivative Works of,\npublicly display, publicly perform, sublicense, and distribute the Work and such\nDerivative Works in Source or Object form.\n\n3. Grant of Patent License.\n\nSubject to the terms and conditions of this License, each Contributor hereby\ngrants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,\nirrevocable (except as stated in this section) patent license to make, have\nmade, use, offer to sell, sell, import, and otherwise transfer the Work, where\nsuch license applies only to those patent claims licensable by such Contributor\nthat are necessarily infringed by their Contribution(s) alone or by combination\nof their Contribution(s) with the Work to which such Contribution(s) was\nsubmitted. If You institute patent litigation against any entity (including a\ncross-claim or counterclaim in a lawsuit) alleging that the Work or a\nContribution incorporated within the Work constitutes direct or contributory\npatent infringement, then any patent licenses granted to You under this License\nfor that Work shall terminate as of the date such litigation is filed.\n\n4. Redistribution.\n\nYou may reproduce and distribute copies of the Work or Derivative Works thereof\nin any medium, with or without modifications, and in Source or Object form,\nprovided that You meet the following conditions:\n\nYou must give any other recipients of the Work or Derivative Works a copy of\nthis License; and\nYou must cause any modified files to carry prominent notices stating that You\nchanged the files; and\nYou must retain, in the Source form of any Derivative Works that You distribute,\nall copyright, patent, trademark, and attribution notices from the Source form\nof the Work, excluding those notices that do not pertain to any part of the\nDerivative Works; and\nIf the Work includes a \"NOTICE\" text file as part of its distribution, then any\nDerivative Works that You distribute must include a readable copy of the\nattribution notices contained within such NOTICE file, excluding those notices\nthat do not pertain to any part of the Derivative Works, in at least one of the\nfollowing places: within a NOTICE text file distributed as part of the\nDerivative Works; within the Source form or documentation, if provided along\nwith the Derivative Works; or, within a display generated by the Derivative\nWorks, if and wherever such third-party notices normally appear. The contents of\nthe NOTICE file are for informational purposes only and do not modify the\nLicense. You may add Your own attribution notices within Derivative Works that\nYou distribute, alongside or as an addendum to the NOTICE text from the Work,\nprovided that such additional attribution notices cannot be construed as\nmodifying the License.\nYou may add Your own copyright statement to Your modifications and may provide\nadditional or different license terms and conditions for use, reproduction, or\ndistribution of Your modifications, or for any such Derivative Works as a whole,\nprovided Your use, reproduction, and distribution of the Work otherwise complies\nwith the conditions stated in this License.\n\n5. Submission of Contributions.\n\nUnless You explicitly state otherwise, any Contribution intentionally submitted\nfor inclusion in the Work by You to the Licensor shall be under the terms and\nconditions of this License, without any additional terms or conditions.\nNotwithstanding the above, nothing herein shall supersede or modify the terms of\nany separate license agreement you may have executed with Licensor regarding\nsuch Contributions.\n\n6. Trademarks.\n\nThis License does not grant permission to use the trade names, trademarks,\nservice marks, or product names of the Licensor, except as required for\nreasonable and customary use in describing the origin of the Work and\nreproducing the content of the NOTICE file.\n\n7. Disclaimer of Warranty.\n\nUnless required by applicable law or agreed to in writing, Licensor provides the\nWork (and each Contributor provides its Contributions) on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,\nincluding, without limitation, any warranties or conditions of TITLE,\nNON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are\nsolely responsible for determining the appropriateness of using or\nredistributing the Work and assume any risks associated with Your exercise of\npermissions under this License.\n\n8. Limitation of Liability.\n\nIn no event and under no legal theory, whether in tort (including negligence),\ncontract, or otherwise, unless required by applicable law (such as deliberate\nand grossly negligent acts) or agreed to in writing, shall any Contributor be\nliable to You for damages, including any direct, indirect, special, incidental,\nor consequential damages of any character arising as a result of this License or\nout of the use or inability to use the Work (including but not limited to\ndamages for loss of goodwill, work stoppage, computer failure or malfunction, or\nany and all other commercial damages or losses), even if such Contributor has\nbeen advised of the possibility of such damages.\n\n9. Accepting Warranty or Additional Liability.\n\nWhile redistributing the Work or Derivative Works thereof, You may choose to\noffer, and charge a fee for, acceptance of support, warranty, indemnity, or\nother liability obligations and/or rights consistent with this License. However,\nin accepting such obligations, You may act only on Your own behalf and on Your\nsole responsibility, not on behalf of any other Contributor, and only if You\nagree to indemnify, defend, and hold each Contributor harmless for any liability\nincurred by, or claims asserted against, such Contributor by reason of your\naccepting any such warranty or additional liability.\n\nEND OF TERMS AND CONDITIONS\n\nAPPENDIX: How to apply the Apache License to your work\n\nTo apply the Apache License to your work, attach the following boilerplate\nnotice, with the fields enclosed by brackets \"[]\" replaced with your own\nidentifying information. (Don't include the brackets!) The text should be\nenclosed in the appropriate comment syntax for the file format. We also\nrecommend that a file or class name and description of purpose be included on\nthe same \"printed page\" as the copyright notice for easier identification within\nthird-party archives.\n\n   Copyright 2014 Unknwon\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n     http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
   {
     "name": "github.com/go-ldap/ldap/v3",
     "path": "github.com/go-ldap/ldap/v3/LICENSE",
diff --git a/go.mod b/go.mod
index 3b89e5cee8b..e620b8f70fc 100644
--- a/go.mod
+++ b/go.mod
@@ -91,7 +91,7 @@ require (
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/microsoft/go-mssqldb v1.7.2
-	github.com/minio/minio-go/v7 v7.0.71
+	github.com/minio/minio-go/v7 v7.0.77
 	github.com/msteinert/pam v1.2.0
 	github.com/nektos/act v0.2.63
 	github.com/niklasfasching/go-org v1.7.0
@@ -123,7 +123,7 @@ require (
 	golang.org/x/image v0.18.0
 	golang.org/x/net v0.28.0
 	golang.org/x/oauth2 v0.21.0
-	golang.org/x/sys v0.23.0
+	golang.org/x/sys v0.24.0
 	golang.org/x/text v0.17.0
 	golang.org/x/tools v0.24.0
 	google.golang.org/grpc v1.62.1
@@ -206,6 +206,7 @@ require (
 	github.com/go-faster/errors v0.7.1 // indirect
 	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
 	github.com/go-openapi/errors v0.22.0 // indirect
 	github.com/go-openapi/inflect v0.21.0 // indirect
@@ -280,7 +281,7 @@ require (
 	github.com/rhysd/actionlint v1.7.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
-	github.com/rs/xid v1.5.0 // indirect
+	github.com/rs/xid v1.6.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
diff --git a/go.sum b/go.sum
index 9a089e0f74e..ee6e3c33823 100644
--- a/go.sum
+++ b/go.sum
@@ -334,6 +334,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMj
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
 github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY=
+github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
+github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A=
 github.com/go-ldap/ldap/v3 v3.4.6/go.mod h1:IGMQANNtxpsOzj7uUAMjpGBaOVTC4DYyIy8VsTdxmtc=
 github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=
@@ -607,8 +609,8 @@ github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
 github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.71 h1:No9XfOKTYi6i0GnBj+WZwD8WP5GZfL7n7GOjRqCdAjA=
-github.com/minio/minio-go/v7 v7.0.71/go.mod h1:4yBA8v80xGA30cfM3fz0DKYMXunWl/AV/6tWEs9ryzo=
+github.com/minio/minio-go/v7 v7.0.77 h1:GaGghJRg9nwDVlNbwYjSDJT1rqltQkBFDsypWX1v3Bw=
+github.com/minio/minio-go/v7 v7.0.77/go.mod h1:AVM3IUN6WwKzmwBxVdjzhH8xq+f57JSbbvzqvUzR6eg=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
@@ -717,8 +719,8 @@ github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc=
-github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -973,8 +975,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
-golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=

From 13283873e9d523d5a5557f55d64f702c1a9f76ec Mon Sep 17 00:00:00 2001
From: Jason Song <i@wolfogre.com>
Date: Mon, 30 Sep 2024 10:28:09 +0800
Subject: [PATCH 123/129] Ensure `GetCSRF` doesn't return an empty token
 (#32130)

Since page templates keep changing, some pages that contained forms with
CSRF token no longer have them.

It leads to some calls of `GetCSRF` returning an empty string, which
fails the tests. Like

https://github.com/go-gitea/gitea/blob/3269b04d61ffe6a7ce462cd05ee150e4491124e8/tests/integration/attachment_test.go#L62-L63

The test did try to get the CSRF token and provided it, but it was
empty.
---
 tests/integration/attachment_test.go  | 9 +++------
 tests/integration/integration_test.go | 7 ++++++-
 tests/integration/org_test.go         | 4 ----
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go
index 40969d26f2a..11aa03bb7e7 100644
--- a/tests/integration/attachment_test.go
+++ b/tests/integration/attachment_test.go
@@ -29,7 +29,7 @@ func generateImg() bytes.Buffer {
 	return buff
 }
 
-func createAttachment(t *testing.T, session *TestSession, repoURL, filename string, buff bytes.Buffer, expectedStatus int) string {
+func createAttachment(t *testing.T, session *TestSession, csrf, repoURL, filename string, buff bytes.Buffer, expectedStatus int) string {
 	body := &bytes.Buffer{}
 
 	// Setup multi-part
@@ -41,8 +41,6 @@ func createAttachment(t *testing.T, session *TestSession, repoURL, filename stri
 	err = writer.Close()
 	assert.NoError(t, err)
 
-	csrf := GetCSRF(t, session, repoURL)
-
 	req := NewRequestWithBody(t, "POST", repoURL+"/issues/attachments", body)
 	req.Header.Add("X-Csrf-Token", csrf)
 	req.Header.Add("Content-Type", writer.FormDataContentType())
@@ -59,15 +57,14 @@ func createAttachment(t *testing.T, session *TestSession, repoURL, filename stri
 func TestCreateAnonymousAttachment(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	session := emptyTestSession(t)
-	// this test is not right because it just doesn't pass the CSRF validation
-	createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusBadRequest)
+	createAttachment(t, session, GetCSRF(t, session, "/user/login"), "user2/repo1", "image.png", generateImg(), http.StatusSeeOther)
 }
 
 func TestCreateIssueAttachment(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	const repoURL = "user2/repo1"
 	session := loginUser(t, "user2")
-	uuid := createAttachment(t, session, repoURL, "image.png", generateImg(), http.StatusOK)
+	uuid := createAttachment(t, session, GetCSRF(t, session, repoURL), repoURL, "image.png", generateImg(), http.StatusOK)
 
 	req := NewRequest(t, "GET", repoURL+"/issues/new")
 	resp := session.MakeRequest(t, req, http.StatusOK)
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index ae8ff51d436..1f12430fcfb 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -37,6 +37,7 @@ import (
 
 	"github.com/PuerkitoBio/goquery"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/xeipuuv/gojsonschema"
 )
 
@@ -486,12 +487,16 @@ func VerifyJSONSchema(t testing.TB, resp *httptest.ResponseRecorder, schemaFile
 }
 
 // GetCSRF returns CSRF token from body
+// If it fails, it means the CSRF token is not found in the response body returned by the url with the given session.
+// In this case, you should find a better url to get it.
 func GetCSRF(t testing.TB, session *TestSession, urlStr string) string {
 	t.Helper()
 	req := NewRequest(t, "GET", urlStr)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	doc := NewHTMLParser(t, resp.Body)
-	return doc.GetCSRF()
+	csrf := doc.GetCSRF()
+	require.NotEmpty(t, csrf)
+	return csrf
 }
 
 // GetCSRFFrom returns CSRF token from body
diff --git a/tests/integration/org_test.go b/tests/integration/org_test.go
index 94c4e197271..ef4ef2bb9b4 100644
--- a/tests/integration/org_test.go
+++ b/tests/integration/org_test.go
@@ -204,9 +204,7 @@ func TestTeamSearch(t *testing.T) {
 	var results TeamSearchResults
 
 	session := loginUser(t, user.Name)
-	csrf := GetCSRF(t, session, "/"+org.Name)
 	req := NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "_team")
-	req.Header.Add("X-Csrf-Token", csrf)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &results)
 	assert.NotEmpty(t, results.Data)
@@ -217,8 +215,6 @@ func TestTeamSearch(t *testing.T) {
 	// no access if not organization member
 	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
 	session = loginUser(t, user5.Name)
-	csrf = GetCSRF(t, session, "/"+org.Name)
 	req = NewRequestf(t, "GET", "/org/%s/teams/-/search?q=%s", org.Name, "team")
-	req.Header.Add("X-Csrf-Token", csrf)
 	session.MakeRequest(t, req, http.StatusNotFound)
 }

From f4b8f6fc40ce2869135372a5c6ec6418d27ebfba Mon Sep 17 00:00:00 2001
From: Zettat123 <zettat123@gmail.com>
Date: Tue, 1 Oct 2024 09:58:55 +0800
Subject: [PATCH 124/129] Fix the logic of finding the latest pull review
 commit ID (#32139)

Fix #31423
---
 models/fixtures/comment.yml               | 19 +++++++++++++
 models/fixtures/review.yml                | 19 +++++++++++++
 models/issues/pull.go                     |  2 +-
 models/issues/review.go                   |  2 +-
 models/issues/review_list.go              |  6 ++--
 models/issues/review_test.go              |  4 +--
 routers/api/v1/repo/pull_review.go        |  1 -
 services/pull/pull.go                     |  8 +++++-
 services/pull/review.go                   |  2 +-
 tests/integration/api_pull_review_test.go |  2 +-
 tests/integration/pull_commit_test.go     | 34 +++++++++++++++++++++++
 11 files changed, 88 insertions(+), 11 deletions(-)
 create mode 100644 tests/integration/pull_commit_test.go

diff --git a/models/fixtures/comment.yml b/models/fixtures/comment.yml
index 74fc716180d..8fde386e226 100644
--- a/models/fixtures/comment.yml
+++ b/models/fixtures/comment.yml
@@ -83,3 +83,22 @@
   issue_id: 2 # in repo_id 1
   review_id: 20
   created_unix: 946684810
+
+-
+  id: 10
+  type: 22 # review
+  poster_id: 5
+  issue_id: 3 # in repo_id 1
+  content: "reviewed by user5"
+  review_id: 21
+  created_unix: 946684816
+
+-
+  id: 11
+  type: 27 # review request
+  poster_id: 2
+  issue_id: 3 # in repo_id 1
+  content: "review request for user5"
+  review_id: 22
+  assignee_id: 5
+  created_unix: 946684817
diff --git a/models/fixtures/review.yml b/models/fixtures/review.yml
index ac97e24c2be..0438ceadae2 100644
--- a/models/fixtures/review.yml
+++ b/models/fixtures/review.yml
@@ -179,3 +179,22 @@
   content: "Review Comment"
   updated_unix: 946684810
   created_unix: 946684810
+
+-
+  id: 21
+  type: 2
+  reviewer_id: 5
+  issue_id: 3
+  content: "reviewed by user5"
+  commit_id: 4a357436d925b5c974181ff12a994538ddc5a269
+  updated_unix: 946684816
+  created_unix: 946684816
+
+-
+  id: 22
+  type: 4
+  reviewer_id: 5
+  issue_id: 3
+  content: "review request for user5"
+  updated_unix: 946684817
+  created_unix: 946684817
diff --git a/models/issues/pull.go b/models/issues/pull.go
index 4a5782f836c..b327ebc625c 100644
--- a/models/issues/pull.go
+++ b/models/issues/pull.go
@@ -414,7 +414,7 @@ func (pr *PullRequest) getReviewedByLines(ctx context.Context, writer io.Writer)
 
 	// Note: This doesn't page as we only expect a very limited number of reviews
 	reviews, err := FindLatestReviews(ctx, FindReviewOptions{
-		Type:         ReviewTypeApprove,
+		Types:        []ReviewType{ReviewTypeApprove},
 		IssueID:      pr.IssueID,
 		OfficialOnly: setting.Repository.PullRequest.DefaultMergeMessageOfficialApproversOnly,
 	})
diff --git a/models/issues/review.go b/models/issues/review.go
index 9fb6d7573a8..8b345e5fd80 100644
--- a/models/issues/review.go
+++ b/models/issues/review.go
@@ -389,7 +389,7 @@ func GetCurrentReview(ctx context.Context, reviewer *user_model.User, issue *Iss
 		return nil, nil
 	}
 	reviews, err := FindReviews(ctx, FindReviewOptions{
-		Type:       ReviewTypePending,
+		Types:      []ReviewType{ReviewTypePending},
 		IssueID:    issue.ID,
 		ReviewerID: reviewer.ID,
 	})
diff --git a/models/issues/review_list.go b/models/issues/review_list.go
index 0ee28874ec9..a5ceb217911 100644
--- a/models/issues/review_list.go
+++ b/models/issues/review_list.go
@@ -92,7 +92,7 @@ func (reviews ReviewList) LoadIssues(ctx context.Context) error {
 // FindReviewOptions represent possible filters to find reviews
 type FindReviewOptions struct {
 	db.ListOptions
-	Type         ReviewType
+	Types        []ReviewType
 	IssueID      int64
 	ReviewerID   int64
 	OfficialOnly bool
@@ -107,8 +107,8 @@ func (opts *FindReviewOptions) toCond() builder.Cond {
 	if opts.ReviewerID > 0 {
 		cond = cond.And(builder.Eq{"reviewer_id": opts.ReviewerID})
 	}
-	if opts.Type != ReviewTypeUnknown {
-		cond = cond.And(builder.Eq{"type": opts.Type})
+	if len(opts.Types) > 0 {
+		cond = cond.And(builder.In("type", opts.Types))
 	}
 	if opts.OfficialOnly {
 		cond = cond.And(builder.Eq{"official": true})
diff --git a/models/issues/review_test.go b/models/issues/review_test.go
index ac1b84adebc..942121fd8f2 100644
--- a/models/issues/review_test.go
+++ b/models/issues/review_test.go
@@ -63,7 +63,7 @@ func TestReviewType_Icon(t *testing.T) {
 func TestFindReviews(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	reviews, err := issues_model.FindReviews(db.DefaultContext, issues_model.FindReviewOptions{
-		Type:       issues_model.ReviewTypeApprove,
+		Types:      []issues_model.ReviewType{issues_model.ReviewTypeApprove},
 		IssueID:    2,
 		ReviewerID: 1,
 	})
@@ -75,7 +75,7 @@ func TestFindReviews(t *testing.T) {
 func TestFindLatestReviews(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	reviews, err := issues_model.FindLatestReviews(db.DefaultContext, issues_model.FindReviewOptions{
-		Type:    issues_model.ReviewTypeApprove,
+		Types:   []issues_model.ReviewType{issues_model.ReviewTypeApprove},
 		IssueID: 11,
 	})
 	assert.NoError(t, err)
diff --git a/routers/api/v1/repo/pull_review.go b/routers/api/v1/repo/pull_review.go
index c2e49664983..34bbaf56000 100644
--- a/routers/api/v1/repo/pull_review.go
+++ b/routers/api/v1/repo/pull_review.go
@@ -83,7 +83,6 @@ func ListPullReviews(ctx *context.APIContext) {
 
 	opts := issues_model.FindReviewOptions{
 		ListOptions: utils.GetListOptions(ctx),
-		Type:        issues_model.ReviewTypeUnknown,
 		IssueID:     pr.IssueID,
 	}
 
diff --git a/services/pull/pull.go b/services/pull/pull.go
index 154ff6c5c68..bab4e49998e 100644
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@@ -995,6 +995,8 @@ type CommitInfo struct {
 }
 
 // GetPullCommits returns all commits on given pull request and the last review commit sha
+// Attention: The last review commit sha must be from the latest review whose commit id is not empty.
+// So the type of the latest review cannot be "ReviewTypeRequest".
 func GetPullCommits(ctx *gitea_context.Context, issue *issues_model.Issue) ([]CommitInfo, string, error) {
 	pull := issue.PullRequest
 
@@ -1040,7 +1042,11 @@ func GetPullCommits(ctx *gitea_context.Context, issue *issues_model.Issue) ([]Co
 		lastreview, err := issues_model.FindLatestReviews(ctx, issues_model.FindReviewOptions{
 			IssueID:    issue.ID,
 			ReviewerID: ctx.Doer.ID,
-			Type:       issues_model.ReviewTypeUnknown,
+			Types: []issues_model.ReviewType{
+				issues_model.ReviewTypeApprove,
+				issues_model.ReviewTypeComment,
+				issues_model.ReviewTypeReject,
+			},
 		})
 
 		if err != nil && !issues_model.IsErrReviewNotExist(err) {
diff --git a/services/pull/review.go b/services/pull/review.go
index 3d5eca779f8..78723a58ae3 100644
--- a/services/pull/review.go
+++ b/services/pull/review.go
@@ -348,7 +348,7 @@ func DismissApprovalReviews(ctx context.Context, doer *user_model.User, pull *is
 	reviews, err := issues_model.FindReviews(ctx, issues_model.FindReviewOptions{
 		ListOptions: db.ListOptionsAll,
 		IssueID:     pull.IssueID,
-		Type:        issues_model.ReviewTypeApprove,
+		Types:       []issues_model.ReviewType{issues_model.ReviewTypeApprove},
 		Dismissed:   optional.Some(false),
 	})
 	if err != nil {
diff --git a/tests/integration/api_pull_review_test.go b/tests/integration/api_pull_review_test.go
index bc544a30b53..cadb0765c34 100644
--- a/tests/integration/api_pull_review_test.go
+++ b/tests/integration/api_pull_review_test.go
@@ -38,7 +38,7 @@ func TestAPIPullReview(t *testing.T) {
 
 	var reviews []*api.PullReview
 	DecodeJSON(t, resp, &reviews)
-	if !assert.Len(t, reviews, 6) {
+	if !assert.Len(t, reviews, 8) {
 		return
 	}
 	for _, r := range reviews {
diff --git a/tests/integration/pull_commit_test.go b/tests/integration/pull_commit_test.go
new file mode 100644
index 00000000000..477f01725d3
--- /dev/null
+++ b/tests/integration/pull_commit_test.go
@@ -0,0 +1,34 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/http"
+	"net/url"
+	"testing"
+
+	pull_service "code.gitea.io/gitea/services/pull"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListPullCommits(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		session := loginUser(t, "user5")
+		req := NewRequest(t, "GET", "/user2/repo1/pulls/3/commits/list")
+		resp := session.MakeRequest(t, req, http.StatusOK)
+
+		var pullCommitList struct {
+			Commits             []pull_service.CommitInfo `json:"commits"`
+			LastReviewCommitSha string                    `json:"last_review_commit_sha"`
+		}
+		DecodeJSON(t, resp, &pullCommitList)
+
+		if assert.Len(t, pullCommitList.Commits, 2) {
+			assert.Equal(t, "5f22f7d0d95d614d25a5b68592adb345a4b5c7fd", pullCommitList.Commits[0].ID)
+			assert.Equal(t, "4a357436d925b5c974181ff12a994538ddc5a269", pullCommitList.Commits[1].ID)
+		}
+		assert.Equal(t, "4a357436d925b5c974181ff12a994538ddc5a269", pullCommitList.LastReviewCommitSha)
+	})
+}

From 70b7df0e5e5cce5a3561fa5a6a8abd4ebc902e68 Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Wed, 2 Oct 2024 04:25:08 +0900
Subject: [PATCH 125/129] Support repo license (#24872)

Close #278
Close #24076

## Solutions:
- Use
[google/licenseclassifier](https://github.com/google/licenseclassifier/)
Test result between
[google/licensecheck](https://github.com/google/licensecheck) and
[go-license-detector](https://github.com/go-enry/go-license-detector):
https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167
Test result between
[google/licensecheck](https://github.com/google/licensecheck) and
[google/licenseclassifier](https://github.com/google/licenseclassifier/):
https://github.com/go-gitea/gitea/pull/24872#issuecomment-1576092178
- Generate License Convert Name List to avoid import license templates
with same contents
Gitea automatically get latest license data from[
spdx/license-list-data](https://github.com/spdx/license-list-data).
But unfortunately, some license templates have same contents. #20915
[click here to see the
list](https://github.com/go-gitea/gitea/pull/24872#issuecomment-1584141684)
So we will generate a list of these license templates with same contents
and create a new file to save the result when using `make
generate-license`. (Need to decide the save path)
- Save License info into a new table `repo_license`
Can easily support searching repo by license in the future.

## Screen shot
Single License:

![image](https://github.com/go-gitea/gitea/assets/18380374/41260bd7-0b4c-4038-8592-508706cffa9f)

Multiple Licenses:

![image](https://github.com/go-gitea/gitea/assets/18380374/34ce2f73-7e18-446b-9b96-ecc4fb61bd70)

Triggers:
- [x] Push commit to default branch
- [x] Create repo
- [x] Mirror repo
- [x] When Default Branch is changed, licenses should be updated

Todo:
- [x] Save Licenses info in to DB when there's a change to license file
in the commit
- [x] DB Migration
- [x] A nominal test?
- [x] Select which library to
use(https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167)
- [x] API Support
- [x] Add repo license table
- ~Select license in settings if there are several licenses(Not
recommended)~
- License board(later, not in this PR)

![image](https://github.com/go-gitea/gitea/assets/18380374/2c3c3bf8-bcc2-4c6d-8ce0-81d1a9733878)

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <m.huber@kithara.com>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
---
 assets/go-licenses.json                       |   5 +
 build/generate-licenses.go                    |  64 +++++-
 build/license/aliasgenerator.go               |  41 ++++
 build/license/aliasgenerator_test.go          |  39 ++++
 go.mod                                        |   1 +
 go.sum                                        |   3 +
 models/fixtures/repo_license.yml              |   1 +
 models/fixtures/repository.yml                |   2 +-
 models/migrations/migrations.go               |   4 +-
 models/migrations/v1_23/v305.go               |  23 ++
 models/repo/license.go                        | 120 ++++++++++
 modules/repository/license.go                 |   2 +-
 modules/structs/repo.go                       |   1 +
 options/license/etc/license-aliases.json      |   1 +
 options/locale/locale_en-US.ini               |   2 +
 routers/api/v1/api.go                         |   1 +
 routers/api/v1/repo/license.go                |  51 +++++
 routers/api/v1/repo/repo.go                   |  11 +
 routers/api/v1/swagger/repo.go                |   7 +
 routers/init.go                               |   2 +
 routers/private/default_branch.go             |  11 +
 routers/private/hook_post_receive.go          |  17 +-
 routers/web/repo/branch.go                    |   2 +-
 routers/web/repo/commit.go                    |  10 +-
 routers/web/repo/release.go                   |   1 -
 routers/web/repo/view.go                      |   2 +
 services/context/repo.go                      |   7 +
 services/convert/repository.go                |   6 +
 services/cron/tasks_basic.go                  |  11 +
 services/migrations/gitea_uploader_test.go    |   3 +
 services/mirror/mirror_pull.go                |   9 +
 services/repository/branch.go                 |   8 +
 services/repository/create.go                 |  19 ++
 services/repository/delete.go                 |   1 +
 services/repository/fork.go                   |   3 +
 services/repository/license.go                | 205 ++++++++++++++++++
 services/repository/license_test.go           |  73 +++++++
 services/repository/migrate.go                |   5 +
 services/repository/repository.go             |   7 +
 templates/repo/sub_menu.tmpl                  |   7 +-
 templates/swagger/v1_json.tmpl                |  52 +++++
 .../08/51b61d9f8ca0e9e63617e11907988ee88b1ca6 | Bin 0 -> 85 bytes
 .../12/8105ae73669ac2a4cb42751538f0c65c54e28a | Bin 0 -> 643 bytes
 .../90/c1019714259b24fb81711d4416ac0f18667dfa |   2 +
 .../user2/repo1.git/refs/heads/DefaultBranch  |   2 +-
 tests/integration/api_admin_test.go           |   4 +-
 tests/integration/api_repo_license_test.go    |  80 +++++++
 47 files changed, 906 insertions(+), 22 deletions(-)
 create mode 100644 build/license/aliasgenerator.go
 create mode 100644 build/license/aliasgenerator_test.go
 create mode 100644 models/fixtures/repo_license.yml
 create mode 100644 models/migrations/v1_23/v305.go
 create mode 100644 models/repo/license.go
 create mode 100644 options/license/etc/license-aliases.json
 create mode 100644 routers/api/v1/repo/license.go
 create mode 100644 services/repository/license.go
 create mode 100644 services/repository/license_test.go
 create mode 100644 tests/gitea-repositories-meta/user2/repo1.git/objects/08/51b61d9f8ca0e9e63617e11907988ee88b1ca6
 create mode 100644 tests/gitea-repositories-meta/user2/repo1.git/objects/12/8105ae73669ac2a4cb42751538f0c65c54e28a
 create mode 100644 tests/gitea-repositories-meta/user2/repo1.git/objects/90/c1019714259b24fb81711d4416ac0f18667dfa
 create mode 100644 tests/integration/api_repo_license_test.go

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 1c0711307fc..4b78a12030e 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -664,6 +664,11 @@
     "path": "github.com/google/go-tpm/LICENSE",
     "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
   },
+  {
+    "name": "github.com/google/licenseclassifier/v2",
+    "path": "github.com/google/licenseclassifier/v2/LICENSE",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
   {
     "name": "github.com/google/pprof/profile",
     "path": "github.com/google/pprof/profile/LICENSE",
diff --git a/build/generate-licenses.go b/build/generate-licenses.go
index 9a111bc8111..66e1d377551 100644
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@@ -1,3 +1,6 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
 //go:build ignore
 
 package main
@@ -5,6 +8,8 @@ package main
 import (
 	"archive/tar"
 	"compress/gzip"
+	"crypto/md5"
+	"encoding/hex"
 	"flag"
 	"fmt"
 	"io"
@@ -15,6 +20,8 @@ import (
 	"path/filepath"
 	"strings"
 
+	"code.gitea.io/gitea/build/license"
+	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/util"
 )
 
@@ -77,7 +84,7 @@ func main() {
 	}
 
 	tr := tar.NewReader(gz)
-
+	aliasesFiles := make(map[string][]string)
 	for {
 		hdr, err := tr.Next()
 
@@ -97,26 +104,73 @@ func main() {
 			continue
 		}
 
-		if strings.HasPrefix(filepath.Base(hdr.Name), "README") {
+		fileBaseName := filepath.Base(hdr.Name)
+		licenseName := strings.TrimSuffix(fileBaseName, ".txt")
+
+		if strings.HasPrefix(fileBaseName, "README") {
 			continue
 		}
 
-		if strings.HasPrefix(filepath.Base(hdr.Name), "deprecated_") {
+		if strings.HasPrefix(fileBaseName, "deprecated_") {
 			continue
 		}
-		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".txt")))
+		out, err := os.Create(path.Join(destination, licenseName))
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
 
 		defer out.Close()
 
-		if _, err := io.Copy(out, tr); err != nil {
+		// some license files have same content, so we need to detect these files and create a convert map into a json file
+		// Later we use this convert map to avoid adding same license content with different license name
+		h := md5.New()
+		// calculate md5 and write file in the same time
+		r := io.TeeReader(tr, h)
+		if _, err := io.Copy(out, r); err != nil {
 			log.Fatalf("Failed to write new file. %s", err)
 		} else {
 			fmt.Printf("Written %s\n", out.Name())
+
+			md5 := hex.EncodeToString(h.Sum(nil))
+			aliasesFiles[md5] = append(aliasesFiles[md5], licenseName)
 		}
 	}
 
+	// generate convert license name map
+	licenseAliases := make(map[string]string)
+	for _, fileNames := range aliasesFiles {
+		if len(fileNames) > 1 {
+			licenseName := license.GetLicenseNameFromAliases(fileNames)
+			if licenseName == "" {
+				// license name should not be empty as expected
+				// if it is empty, we need to rewrite the logic of GetLicenseNameFromAliases
+				log.Fatalf("GetLicenseNameFromAliases: license name is empty")
+			}
+			for _, fileName := range fileNames {
+				licenseAliases[fileName] = licenseName
+			}
+		}
+	}
+	// save convert license name map to file
+	b, err := json.Marshal(licenseAliases)
+	if err != nil {
+		log.Fatalf("Failed to create json bytes. %s", err)
+	}
+
+	licenseAliasesDestination := filepath.Join(destination, "etc", "license-aliases.json")
+	if err := os.MkdirAll(filepath.Dir(licenseAliasesDestination), 0o755); err != nil {
+		log.Fatalf("Failed to create directory for license aliases json file. %s", err)
+	}
+
+	f, err := os.Create(licenseAliasesDestination)
+	if err != nil {
+		log.Fatalf("Failed to create license aliases json file. %s", err)
+	}
+	defer f.Close()
+
+	if _, err = f.Write(b); err != nil {
+		log.Fatalf("Failed to write license aliases json file. %s", err)
+	}
+
 	fmt.Println("Done")
 }
diff --git a/build/license/aliasgenerator.go b/build/license/aliasgenerator.go
new file mode 100644
index 00000000000..7de1e6fbd6b
--- /dev/null
+++ b/build/license/aliasgenerator.go
@@ -0,0 +1,41 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package license
+
+import "strings"
+
+func GetLicenseNameFromAliases(fnl []string) string {
+	if len(fnl) == 0 {
+		return ""
+	}
+
+	shortestItem := func(list []string) string {
+		s := list[0]
+		for _, l := range list[1:] {
+			if len(l) < len(s) {
+				s = l
+			}
+		}
+		return s
+	}
+	allHasPrefix := func(list []string, s string) bool {
+		for _, l := range list {
+			if !strings.HasPrefix(l, s) {
+				return false
+			}
+		}
+		return true
+	}
+
+	sl := shortestItem(fnl)
+	slv := strings.Split(sl, "-")
+	var result string
+	for i := len(slv); i >= 0; i-- {
+		result = strings.Join(slv[:i], "-")
+		if allHasPrefix(fnl, result) {
+			return result
+		}
+	}
+	return ""
+}
diff --git a/build/license/aliasgenerator_test.go b/build/license/aliasgenerator_test.go
new file mode 100644
index 00000000000..239181b7365
--- /dev/null
+++ b/build/license/aliasgenerator_test.go
@@ -0,0 +1,39 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package license
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetLicenseNameFromAliases(t *testing.T) {
+	tests := []struct {
+		target string
+		inputs []string
+	}{
+		{
+			// real case which you can find in license-aliases.json
+			target: "AGPL-1.0",
+			inputs: []string{
+				"AGPL-1.0-only",
+				"AGPL-1.0-or-late",
+			},
+		},
+		{
+			target: "",
+			inputs: []string{
+				"APSL-1.0",
+				"AGPL-1.0-only",
+				"AGPL-1.0-or-late",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		result := GetLicenseNameFromAliases(tt.inputs)
+		assert.Equal(t, result, tt.target)
+	}
+}
diff --git a/go.mod b/go.mod
index e620b8f70fc..8dd69479252 100644
--- a/go.mod
+++ b/go.mod
@@ -68,6 +68,7 @@ require (
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/go-github/v61 v61.0.0
+	github.com/google/licenseclassifier/v2 v2.0.0
 	github.com/google/pprof v0.0.0-20240618054019-d3b898a103f8
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
diff --git a/go.sum b/go.sum
index ee6e3c33823..aa592053b53 100644
--- a/go.sum
+++ b/go.sum
@@ -441,6 +441,8 @@ github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/licenseclassifier/v2 v2.0.0 h1:1Y57HHILNf4m0ABuMVb6xk4vAJYEUO0gDxNpog0pyeA=
+github.com/google/licenseclassifier/v2 v2.0.0/go.mod h1:cOjbdH0kyC9R22sdQbYsFkto4NGCAc+ZSwbeThazEtM=
 github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/google/pprof v0.0.0-20240618054019-d3b898a103f8 h1:ASJ/LAqdCHOyMYI+dwNxn7Rd8FscNkMyTr1KZU1JI/M=
 github.com/google/pprof v0.0.0-20240618054019-d3b898a103f8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
@@ -735,6 +737,7 @@ github.com/sassoftware/go-rpmutils v0.4.0/go.mod h1:3goNWi7PGAT3/dlql2lv3+MSN5jN
 github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
 github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs=
+github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
diff --git a/models/fixtures/repo_license.yml b/models/fixtures/repo_license.yml
new file mode 100644
index 00000000000..ca780a73aa0
--- /dev/null
+++ b/models/fixtures/repo_license.yml
@@ -0,0 +1 @@
+[] # empty
diff --git a/models/fixtures/repository.yml b/models/fixtures/repository.yml
index 9adc6c855b1..e141593f415 100644
--- a/models/fixtures/repository.yml
+++ b/models/fixtures/repository.yml
@@ -26,7 +26,7 @@
   fork_id: 0
   is_template: false
   template_id: 0
-  size: 7597
+  size: 8478
   is_fsck_enabled: true
   close_issues_via_commit_in_any_branch: false
 
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index 13551423ce4..f99718ead28 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -500,7 +500,7 @@ var migrations = []Migration{
 	// v259 -> v260
 	NewMigration("Convert scoped access tokens", v1_20.ConvertScopedAccessTokens),
 
-	// Gitea 1.20.0 ends at 260
+	// Gitea 1.20.0 ends at v260
 
 	// v260 -> v261
 	NewMigration("Drop custom_labels column of action_runner table", v1_21.DropCustomLabelsColumnOfActionRunner),
@@ -601,6 +601,8 @@ var migrations = []Migration{
 	NewMigration("Add metadata column for comment table", v1_23.AddCommentMetaDataColumn),
 	// v304 -> v305
 	NewMigration("Add index for release sha1", v1_23.AddIndexForReleaseSha1),
+	// v305 -> v306
+	NewMigration("Add Repository Licenses", v1_23.AddRepositoryLicenses),
 }
 
 // GetCurrentDBVersion returns the current db version
diff --git a/models/migrations/v1_23/v305.go b/models/migrations/v1_23/v305.go
new file mode 100644
index 00000000000..4d881192b27
--- /dev/null
+++ b/models/migrations/v1_23/v305.go
@@ -0,0 +1,23 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_23 //nolint
+
+import (
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func AddRepositoryLicenses(x *xorm.Engine) error {
+	type RepoLicense struct {
+		ID          int64 `xorm:"pk autoincr"`
+		RepoID      int64 `xorm:"UNIQUE(s) NOT NULL"`
+		CommitID    string
+		License     string             `xorm:"VARCHAR(255) UNIQUE(s) NOT NULL"`
+		CreatedUnix timeutil.TimeStamp `xorm:"INDEX CREATED"`
+		UpdatedUnix timeutil.TimeStamp `xorm:"INDEX UPDATED"`
+	}
+
+	return x.Sync(new(RepoLicense))
+}
diff --git a/models/repo/license.go b/models/repo/license.go
new file mode 100644
index 00000000000..366b4598cc4
--- /dev/null
+++ b/models/repo/license.go
@@ -0,0 +1,120 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"context"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/timeutil"
+)
+
+func init() {
+	db.RegisterModel(new(RepoLicense))
+}
+
+type RepoLicense struct { //revive:disable-line:exported
+	ID          int64 `xorm:"pk autoincr"`
+	RepoID      int64 `xorm:"UNIQUE(s) NOT NULL"`
+	CommitID    string
+	License     string             `xorm:"VARCHAR(255) UNIQUE(s) NOT NULL"`
+	CreatedUnix timeutil.TimeStamp `xorm:"INDEX CREATED"`
+	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX UPDATED"`
+}
+
+// RepoLicenseList defines a list of repo licenses
+type RepoLicenseList []*RepoLicense //revive:disable-line:exported
+
+func (rll RepoLicenseList) StringList() []string {
+	var licenses []string
+	for _, rl := range rll {
+		licenses = append(licenses, rl.License)
+	}
+	return licenses
+}
+
+// GetRepoLicenses returns the license statistics for a repository
+func GetRepoLicenses(ctx context.Context, repo *Repository) (RepoLicenseList, error) {
+	licenses := make(RepoLicenseList, 0)
+	if err := db.GetEngine(ctx).Where("`repo_id` = ?", repo.ID).Asc("`license`").Find(&licenses); err != nil {
+		return nil, err
+	}
+	return licenses, nil
+}
+
+// UpdateRepoLicenses updates the license statistics for repository
+func UpdateRepoLicenses(ctx context.Context, repo *Repository, commitID string, licenses []string) error {
+	oldLicenses, err := GetRepoLicenses(ctx, repo)
+	if err != nil {
+		return err
+	}
+	for _, license := range licenses {
+		upd := false
+		for _, o := range oldLicenses {
+			// Update already existing license
+			if o.License == license {
+				if _, err := db.GetEngine(ctx).ID(o.ID).Cols("`commit_id`").Update(o); err != nil {
+					return err
+				}
+				upd = true
+				break
+			}
+		}
+		// Insert new license
+		if !upd {
+			if err := db.Insert(ctx, &RepoLicense{
+				RepoID:   repo.ID,
+				CommitID: commitID,
+				License:  license,
+			}); err != nil {
+				return err
+			}
+		}
+	}
+	// Delete old licenses
+	licenseToDelete := make([]int64, 0, len(oldLicenses))
+	for _, o := range oldLicenses {
+		if o.CommitID != commitID {
+			licenseToDelete = append(licenseToDelete, o.ID)
+		}
+	}
+	if len(licenseToDelete) > 0 {
+		if _, err := db.GetEngine(ctx).In("`id`", licenseToDelete).Delete(&RepoLicense{}); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// CopyLicense Copy originalRepo license information to destRepo (use for forked repo)
+func CopyLicense(ctx context.Context, originalRepo, destRepo *Repository) error {
+	repoLicenses, err := GetRepoLicenses(ctx, originalRepo)
+	if err != nil {
+		return err
+	}
+	if len(repoLicenses) > 0 {
+		newRepoLicenses := make(RepoLicenseList, 0, len(repoLicenses))
+
+		for _, rl := range repoLicenses {
+			newRepoLicense := &RepoLicense{
+				RepoID:   destRepo.ID,
+				CommitID: rl.CommitID,
+				License:  rl.License,
+			}
+			newRepoLicenses = append(newRepoLicenses, newRepoLicense)
+		}
+		if err := db.Insert(ctx, &newRepoLicenses); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// CleanRepoLicenses will remove all license record of the repo
+func CleanRepoLicenses(ctx context.Context, repo *Repository) error {
+	return db.DeleteBeans(ctx, &RepoLicense{
+		RepoID: repo.ID,
+	})
+}
diff --git a/modules/repository/license.go b/modules/repository/license.go
index 6ac3547e7b2..9da3af84f85 100644
--- a/modules/repository/license.go
+++ b/modules/repository/license.go
@@ -23,7 +23,7 @@ type LicenseValues struct {
 func GetLicense(name string, values *LicenseValues) ([]byte, error) {
 	data, err := options.License(name)
 	if err != nil {
-		return nil, fmt.Errorf("GetRepoInitFile[%s]: %w", name, err)
+		return nil, fmt.Errorf("GetLicense[%s]: %w", name, err)
 	}
 	return fillLicensePlaceholder(name, values, data), nil
 }
diff --git a/modules/structs/repo.go b/modules/structs/repo.go
index fd27df384da..832ffa8bcc9 100644
--- a/modules/structs/repo.go
+++ b/modules/structs/repo.go
@@ -114,6 +114,7 @@ type Repository struct {
 	MirrorUpdated time.Time     `json:"mirror_updated,omitempty"`
 	RepoTransfer  *RepoTransfer `json:"repo_transfer"`
 	Topics        []string      `json:"topics"`
+	Licenses      []string      `json:"licenses"`
 }
 
 // CreateRepoOption options when creating repository
diff --git a/options/license/etc/license-aliases.json b/options/license/etc/license-aliases.json
new file mode 100644
index 00000000000..fe2cf2d58e4
--- /dev/null
+++ b/options/license/etc/license-aliases.json
@@ -0,0 +1 @@
+{"AGPL-1.0-only":"AGPL-1.0","AGPL-1.0-or-later":"AGPL-1.0","AGPL-3.0-only":"AGPL-3.0","AGPL-3.0-or-later":"AGPL-3.0","CAL-1.0":"CAL-1.0","CAL-1.0-Combined-Work-Exception":"CAL-1.0","GFDL-1.1-invariants-only":"GFDL-1.1","GFDL-1.1-invariants-or-later":"GFDL-1.1","GFDL-1.1-no-invariants-only":"GFDL-1.1","GFDL-1.1-no-invariants-or-later":"GFDL-1.1","GFDL-1.1-only":"GFDL-1.1","GFDL-1.1-or-later":"GFDL-1.1","GFDL-1.2-invariants-only":"GFDL-1.2","GFDL-1.2-invariants-or-later":"GFDL-1.2","GFDL-1.2-no-invariants-only":"GFDL-1.2","GFDL-1.2-no-invariants-or-later":"GFDL-1.2","GFDL-1.2-only":"GFDL-1.2","GFDL-1.2-or-later":"GFDL-1.2","GFDL-1.3-invariants-only":"GFDL-1.3","GFDL-1.3-invariants-or-later":"GFDL-1.3","GFDL-1.3-no-invariants-only":"GFDL-1.3","GFDL-1.3-no-invariants-or-later":"GFDL-1.3","GFDL-1.3-only":"GFDL-1.3","GFDL-1.3-or-later":"GFDL-1.3","GPL-1.0-only":"GPL-1.0","GPL-1.0-or-later":"GPL-1.0","GPL-2.0-only":"GPL-2.0","GPL-2.0-or-later":"GPL-2.0","GPL-3.0-only":"GPL-3.0","GPL-3.0-or-later":"GPL-3.0","LGPL-2.0-only":"LGPL-2.0","LGPL-2.0-or-later":"LGPL-2.0","LGPL-2.1-only":"LGPL-2.1","LGPL-2.1-or-later":"LGPL-2.1","LGPL-3.0-only":"LGPL-3.0","LGPL-3.0-or-later":"LGPL-3.0","MPL-2.0":"MPL-2.0","MPL-2.0-no-copyleft-exception":"MPL-2.0","OFL-1.0":"OFL-1.0","OFL-1.0-RFN":"OFL-1.0","OFL-1.0-no-RFN":"OFL-1.0","OFL-1.1":"OFL-1.1","OFL-1.1-RFN":"OFL-1.1","OFL-1.1-no-RFN":"OFL-1.1"}
\ No newline at end of file
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index f77fd203a2d..e3b17f9a04f 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1040,6 +1040,7 @@ issue_labels_helper = Select an issue label set.
 license = License
 license_helper = Select a license file.
 license_helper_desc = A license governs what others can and can't do with your code. Not sure which one is right for your project? See <a target="_blank" rel="noopener noreferrer" href="%s">Choose a license.</a>
+multiple_licenses = Multiple Licenses
 object_format = Object Format
 object_format_helper = Object format of the repository. Cannot be changed later. SHA1 is most compatible.
 readme = README
@@ -2942,6 +2943,7 @@ dashboard.start_schedule_tasks = Start actions schedule tasks
 dashboard.sync_branch.started = Branches Sync started
 dashboard.sync_tag.started = Tags Sync started
 dashboard.rebuild_issue_indexer = Rebuild issue indexer
+dashboard.sync_repo_licenses = Sync repo licenses
 
 users.user_manage_panel = User Account Management
 users.new_account = Create User Account
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 1244676508e..5aa8ad44e5e 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1327,6 +1327,7 @@ func Routes() *web.Router {
 				m.Get("/issue_config", context.ReferencesGitRepo(), repo.GetIssueConfig)
 				m.Get("/issue_config/validate", context.ReferencesGitRepo(), repo.ValidateIssueConfig)
 				m.Get("/languages", reqRepoReader(unit.TypeCode), repo.GetLanguages)
+				m.Get("/licenses", reqRepoReader(unit.TypeCode), repo.GetLicenses)
 				m.Get("/activities/feeds", repo.ListRepoActivityFeeds)
 				m.Get("/new_pin_allowed", repo.AreNewIssuePinsAllowed)
 				m.Group("/avatar", func() {
diff --git a/routers/api/v1/repo/license.go b/routers/api/v1/repo/license.go
new file mode 100644
index 00000000000..8a6bdfd42fa
--- /dev/null
+++ b/routers/api/v1/repo/license.go
@@ -0,0 +1,51 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/services/context"
+)
+
+// GetLicenses returns licenses
+func GetLicenses(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/licenses repository repoGetLicenses
+	// ---
+	// summary: Get repo licenses
+	// produces:
+	//   - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// responses:
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	//   "200":
+	//     "$ref": "#/responses/LicensesList"
+
+	licenses, err := repo_model.GetRepoLicenses(ctx, ctx.Repo.Repository)
+	if err != nil {
+		log.Error("GetRepoLicenses failed: %v", err)
+		ctx.InternalServerError(err)
+		return
+	}
+
+	resp := make([]string, len(licenses))
+	for i := range licenses {
+		resp[i] = licenses[i].License
+	}
+
+	ctx.JSON(http.StatusOK, resp)
+}
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index 1bcec8fcf7e..6c1a94ee168 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -731,6 +731,7 @@ func updateBasicProperties(ctx *context.APIContext, opts api.EditRepoOption) err
 	}
 
 	// Default branch only updated if changed and exist or the repository is empty
+	updateRepoLicense := false
 	if opts.DefaultBranch != nil && repo.DefaultBranch != *opts.DefaultBranch && (repo.IsEmpty || ctx.Repo.GitRepo.IsBranchExist(*opts.DefaultBranch)) {
 		if !repo.IsEmpty {
 			if err := gitrepo.SetDefaultBranch(ctx, ctx.Repo.Repository, *opts.DefaultBranch); err != nil {
@@ -739,6 +740,7 @@ func updateBasicProperties(ctx *context.APIContext, opts api.EditRepoOption) err
 					return err
 				}
 			}
+			updateRepoLicense = true
 		}
 		repo.DefaultBranch = *opts.DefaultBranch
 	}
@@ -748,6 +750,15 @@ func updateBasicProperties(ctx *context.APIContext, opts api.EditRepoOption) err
 		return err
 	}
 
+	if updateRepoLicense {
+		if err := repo_service.AddRepoToLicenseUpdaterQueue(&repo_service.LicenseUpdaterOptions{
+			RepoID: ctx.Repo.Repository.ID,
+		}); err != nil {
+			ctx.Error(http.StatusInternalServerError, "AddRepoToLicenseUpdaterQueue", err)
+			return err
+		}
+	}
+
 	log.Trace("Repository basic settings updated: %s/%s", owner.Name, repo.Name)
 	return nil
 }
diff --git a/routers/api/v1/swagger/repo.go b/routers/api/v1/swagger/repo.go
index 345835f9a58..b9d2a0217cd 100644
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -359,6 +359,13 @@ type swaggerLanguageStatistics struct {
 	Body map[string]int64 `json:"body"`
 }
 
+// LicensesList
+// swagger:response LicensesList
+type swaggerLicensesList struct {
+	// in: body
+	Body []string `json:"body"`
+}
+
 // CombinedStatus
 // swagger:response CombinedStatus
 type swaggerCombinedStatus struct {
diff --git a/routers/init.go b/routers/init.go
index e21f763c1e5..fe80dfd2cdd 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -172,6 +172,8 @@ func InitWebInstalled(ctx context.Context) {
 
 	actions_service.Init()
 
+	mustInit(repo_service.InitLicenseClassifier)
+
 	// Finally start up the cron
 	cron.NewContext(ctx)
 }
diff --git a/routers/private/default_branch.go b/routers/private/default_branch.go
index 7be909f955d..03c19c8ff40 100644
--- a/routers/private/default_branch.go
+++ b/routers/private/default_branch.go
@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/modules/gitrepo"
 	"code.gitea.io/gitea/modules/private"
 	gitea_context "code.gitea.io/gitea/services/context"
+	repo_service "code.gitea.io/gitea/services/repository"
 )
 
 // SetDefaultBranch updates the default branch
@@ -36,5 +37,15 @@ func SetDefaultBranch(ctx *gitea_context.PrivateContext) {
 		})
 		return
 	}
+
+	if err := repo_service.AddRepoToLicenseUpdaterQueue(&repo_service.LicenseUpdaterOptions{
+		RepoID: ctx.Repo.Repository.ID,
+	}); err != nil {
+		ctx.JSON(http.StatusInternalServerError, private.Response{
+			Err: fmt.Sprintf("Unable to set default branch on repository: %s/%s Error: %v", ownerName, repoName, err),
+		})
+		return
+	}
+
 	ctx.PlainText(http.StatusOK, "success")
 }
diff --git a/routers/private/hook_post_receive.go b/routers/private/hook_post_receive.go
index 2d1688523c4..5c01216356d 100644
--- a/routers/private/hook_post_receive.go
+++ b/routers/private/hook_post_receive.go
@@ -278,10 +278,19 @@ func HookPostReceive(ctx *gitea_context.PrivateContext) {
 
 			branch := refFullName.BranchName()
 
-			// If our branch is the default branch of an unforked repo - there's no PR to create or refer to
-			if !repo.IsFork && branch == baseRepo.DefaultBranch {
-				results = append(results, private.HookPostReceiveBranchResult{})
-				continue
+			if branch == baseRepo.DefaultBranch {
+				if err := repo_service.AddRepoToLicenseUpdaterQueue(&repo_service.LicenseUpdaterOptions{
+					RepoID: repo.ID,
+				}); err != nil {
+					ctx.JSON(http.StatusInternalServerError, private.Response{Err: err.Error()})
+					return
+				}
+
+				// If our branch is the default branch of an unforked repo - there's no PR to create or refer to
+				if !repo.IsFork {
+					results = append(results, private.HookPostReceiveBranchResult{})
+					continue
+				}
 			}
 
 			pr, err := issues_model.GetUnmergedPullRequest(ctx, repo.ID, baseRepo.ID, branch, baseRepo.DefaultBranch, issues_model.PullRequestFlowGithub)
diff --git a/routers/web/repo/branch.go b/routers/web/repo/branch.go
index 4897a5f4fcd..4a62237838a 100644
--- a/routers/web/repo/branch.go
+++ b/routers/web/repo/branch.go
@@ -89,7 +89,7 @@ func Branches(ctx *context.Context) {
 	pager := context.NewPagination(int(branchesCount), pageSize, page, 5)
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
-
+	ctx.Data["LicenseFileName"] = repo_service.LicenseFileName
 	ctx.HTML(http.StatusOK, tplBranch)
 }
 
diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index a433dd228e3..0e4e10bf509 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -29,7 +29,7 @@ import (
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/gitdiff"
-	git_service "code.gitea.io/gitea/services/repository"
+	repo_service "code.gitea.io/gitea/services/repository"
 )
 
 const (
@@ -101,7 +101,7 @@ func Commits(ctx *context.Context) {
 	pager := context.NewPagination(int(commitsCount), pageSize, page, 5)
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
-
+	ctx.Data["LicenseFileName"] = repo_service.LicenseFileName
 	ctx.HTML(http.StatusOK, tplCommits)
 }
 
@@ -218,6 +218,8 @@ func SearchCommits(ctx *context.Context) {
 	}
 	ctx.Data["Username"] = ctx.Repo.Owner.Name
 	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
+	ctx.Data["RefName"] = ctx.Repo.RefName
+	ctx.Data["LicenseFileName"] = repo_service.LicenseFileName
 	ctx.HTML(http.StatusOK, tplCommits)
 }
 
@@ -263,12 +265,12 @@ func FileHistory(ctx *context.Context) {
 	pager := context.NewPagination(int(commitsCount), setting.Git.CommitsRangeSize, page, 5)
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
-
+	ctx.Data["LicenseFileName"] = repo_service.LicenseFileName
 	ctx.HTML(http.StatusOK, tplCommits)
 }
 
 func LoadBranchesAndTags(ctx *context.Context) {
-	response, err := git_service.LoadBranchesAndTags(ctx, ctx.Repo, ctx.PathParam("sha"))
+	response, err := repo_service.LoadBranchesAndTags(ctx, ctx.Repo, ctx.PathParam("sha"))
 	if err == nil {
 		ctx.JSON(http.StatusOK, response)
 		return
diff --git a/routers/web/repo/release.go b/routers/web/repo/release.go
index f551fffe956..566a82316f8 100644
--- a/routers/web/repo/release.go
+++ b/routers/web/repo/release.go
@@ -289,7 +289,6 @@ func releasesOrTagsFeed(ctx *context.Context, isReleasesOnly bool, formatType st
 // SingleRelease renders a single release's page
 func SingleRelease(ctx *context.Context) {
 	ctx.Data["PageIsReleaseList"] = true
-	ctx.Data["DefaultBranch"] = ctx.Repo.Repository.DefaultBranch
 
 	writeAccess := ctx.Repo.CanWrite(unit.TypeReleases)
 	ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 12d202e4a0d..97691176094 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -51,6 +51,7 @@ import (
 	"code.gitea.io/gitea/routers/web/feed"
 	"code.gitea.io/gitea/services/context"
 	issue_service "code.gitea.io/gitea/services/issue"
+	repo_service "code.gitea.io/gitea/services/repository"
 	files_service "code.gitea.io/gitea/services/repository/files"
 
 	"github.com/nektos/act/pkg/model"
@@ -1077,6 +1078,7 @@ func renderHomeCode(ctx *context.Context) {
 	ctx.Data["TreeLink"] = treeLink
 	ctx.Data["TreeNames"] = treeNames
 	ctx.Data["BranchLink"] = branchLink
+	ctx.Data["LicenseFileName"] = repo_service.LicenseFileName
 	ctx.HTML(http.StatusOK, tplRepoHome)
 }
 
diff --git a/services/context/repo.go b/services/context/repo.go
index e0d3a0bfd3e..c001255283a 100644
--- a/services/context/repo.go
+++ b/services/context/repo.go
@@ -404,6 +404,13 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
 	ctx.Data["PushMirrors"] = pushMirrors
 	ctx.Data["RepoName"] = ctx.Repo.Repository.Name
 	ctx.Data["IsEmptyRepo"] = ctx.Repo.Repository.IsEmpty
+
+	repoLicenses, err := repo_model.GetRepoLicenses(ctx, ctx.Repo.Repository)
+	if err != nil {
+		ctx.ServerError("GetRepoLicenses", err)
+		return
+	}
+	ctx.Data["DetectedRepoLicenses"] = repoLicenses.StringList()
 }
 
 // RepoAssignment returns a middleware to handle repository assignment
diff --git a/services/convert/repository.go b/services/convert/repository.go
index 751260a45d3..e026d0f4405 100644
--- a/services/convert/repository.go
+++ b/services/convert/repository.go
@@ -175,6 +175,11 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInR
 		language = repo.PrimaryLanguage.Language
 	}
 
+	repoLicenses, err := repo_model.GetRepoLicenses(ctx, repo)
+	if err != nil {
+		return nil
+	}
+
 	repoAPIURL := repo.APIURL()
 
 	return &api.Repository{
@@ -238,6 +243,7 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInR
 		RepoTransfer:                  transfer,
 		Topics:                        repo.Topics,
 		ObjectFormatName:              repo.ObjectFormatName,
+		Licenses:                      repoLicenses.StringList(),
 	}
 }
 
diff --git a/services/cron/tasks_basic.go b/services/cron/tasks_basic.go
index 2a213ae5152..fb5938745e6 100644
--- a/services/cron/tasks_basic.go
+++ b/services/cron/tasks_basic.go
@@ -156,6 +156,16 @@ func registerCleanupPackages() {
 	})
 }
 
+func registerSyncRepoLicenses() {
+	RegisterTaskFatal("sync_repo_licenses", &BaseConfig{
+		Enabled:    false,
+		RunAtStart: false,
+		Schedule:   "@annually",
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
+		return repo_service.SyncRepoLicenses(ctx)
+	})
+}
+
 func initBasicTasks() {
 	if setting.Mirror.Enabled {
 		registerUpdateMirrorTask()
@@ -172,4 +182,5 @@ func initBasicTasks() {
 	if setting.Packages.Enabled {
 		registerCleanupPackages()
 	}
+	registerSyncRepoLicenses()
 }
diff --git a/services/migrations/gitea_uploader_test.go b/services/migrations/gitea_uploader_test.go
index c9b92480981..f2379dadf8f 100644
--- a/services/migrations/gitea_uploader_test.go
+++ b/services/migrations/gitea_uploader_test.go
@@ -26,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/test"
+	repo_service "code.gitea.io/gitea/services/repository"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -302,6 +303,8 @@ func TestGiteaUploadUpdateGitForPullRequest(t *testing.T) {
 	toRepoName := "migrated"
 	uploader := NewGiteaLocalUploader(context.Background(), fromRepoOwner, fromRepoOwner.Name, toRepoName)
 	uploader.gitServiceType = structs.GiteaService
+
+	assert.NoError(t, repo_service.Init(context.Background()))
 	assert.NoError(t, uploader.CreateRepo(&base.Repository{
 		Description: "description",
 		OriginalURL: fromRepo.RepoPath(),
diff --git a/services/mirror/mirror_pull.go b/services/mirror/mirror_pull.go
index 9f7ffb29c9f..654a50d11ef 100644
--- a/services/mirror/mirror_pull.go
+++ b/services/mirror/mirror_pull.go
@@ -24,6 +24,7 @@ import (
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 	notify_service "code.gitea.io/gitea/services/notify"
+	repo_service "code.gitea.io/gitea/services/repository"
 )
 
 // gitShortEmptySha Git short empty SHA
@@ -559,6 +560,14 @@ func SyncPullMirror(ctx context.Context, repoID int64) bool {
 		}
 	}
 
+	// Update License
+	if err = repo_service.AddRepoToLicenseUpdaterQueue(&repo_service.LicenseUpdaterOptions{
+		RepoID: m.Repo.ID,
+	}); err != nil {
+		log.Error("SyncMirrors [repo: %-v]: unable to add repo to license updater queue: %v", m.Repo, err)
+		return false
+	}
+
 	log.Trace("SyncMirrors [repo: %-v]: Successfully updated", m.Repo)
 
 	return true
diff --git a/services/repository/branch.go b/services/repository/branch.go
index f5cdb72a7bb..67df4363e44 100644
--- a/services/repository/branch.go
+++ b/services/repository/branch.go
@@ -612,6 +612,14 @@ func SetRepoDefaultBranch(ctx context.Context, repo *repo_model.Repository, gitR
 		return err
 	}
 
+	if !repo.IsEmpty {
+		if err := AddRepoToLicenseUpdaterQueue(&LicenseUpdaterOptions{
+			RepoID: repo.ID,
+		}); err != nil {
+			log.Error("AddRepoToLicenseUpdaterQueue: %v", err)
+		}
+	}
+
 	notify_service.ChangeDefaultBranch(ctx, repo)
 
 	return nil
diff --git a/services/repository/create.go b/services/repository/create.go
index 971793bcc6e..282b2d3e58d 100644
--- a/services/repository/create.go
+++ b/services/repository/create.go
@@ -303,6 +303,25 @@ func CreateRepositoryDirectly(ctx context.Context, doer, u *user_model.User, opt
 			rollbackRepo.OwnerID = u.ID
 			return fmt.Errorf("CreateRepository(git update-server-info): %w", err)
 		}
+
+		// update licenses
+		var licenses []string
+		if len(opts.License) > 0 {
+			licenses = append(licenses, ConvertLicenseName(opts.License))
+
+			stdout, _, err := git.NewCommand(ctx, "rev-parse", "HEAD").
+				SetDescription(fmt.Sprintf("CreateRepository(git rev-parse HEAD): %s", repoPath)).
+				RunStdString(&git.RunOpts{Dir: repoPath})
+			if err != nil {
+				log.Error("CreateRepository(git rev-parse HEAD) in %v: Stdout: %s\nError: %v", repo, stdout, err)
+				rollbackRepo = repo
+				rollbackRepo.OwnerID = u.ID
+				return fmt.Errorf("CreateRepository(git rev-parse HEAD): %w", err)
+			}
+			if err := repo_model.UpdateRepoLicenses(ctx, repo, stdout, licenses); err != nil {
+				return err
+			}
+		}
 		return nil
 	}); err != nil {
 		if rollbackRepo != nil {
diff --git a/services/repository/delete.go b/services/repository/delete.go
index cd779b05c35..e5808331408 100644
--- a/services/repository/delete.go
+++ b/services/repository/delete.go
@@ -140,6 +140,7 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 		&git_model.Branch{RepoID: repoID},
 		&git_model.LFSLock{RepoID: repoID},
 		&repo_model.LanguageStat{RepoID: repoID},
+		&repo_model.RepoLicense{RepoID: repoID},
 		&issues_model.Milestone{RepoID: repoID},
 		&repo_model.Mirror{RepoID: repoID},
 		&activities_model.Notification{RepoID: repoID},
diff --git a/services/repository/fork.go b/services/repository/fork.go
index f074fd10821..e1145556791 100644
--- a/services/repository/fork.go
+++ b/services/repository/fork.go
@@ -198,6 +198,9 @@ func ForkRepository(ctx context.Context, doer, owner *user_model.User, opts Fork
 	if err := repo_model.CopyLanguageStat(ctx, opts.BaseRepo, repo); err != nil {
 		log.Error("Copy language stat from oldRepo failed: %v", err)
 	}
+	if err := repo_model.CopyLicense(ctx, opts.BaseRepo, repo); err != nil {
+		return nil, err
+	}
 
 	gitRepo, err := gitrepo.OpenRepository(ctx, repo)
 	if err != nil {
diff --git a/services/repository/license.go b/services/repository/license.go
new file mode 100644
index 00000000000..2453be3c871
--- /dev/null
+++ b/services/repository/license.go
@@ -0,0 +1,205 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repository
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/modules/container"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/gitrepo"
+	"code.gitea.io/gitea/modules/graceful"
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/options"
+	"code.gitea.io/gitea/modules/queue"
+
+	licenseclassifier "github.com/google/licenseclassifier/v2"
+)
+
+var (
+	classifier      *licenseclassifier.Classifier
+	LicenseFileName = "LICENSE"
+	licenseAliases  map[string]string
+
+	// licenseUpdaterQueue represents a queue to handle update repo licenses
+	licenseUpdaterQueue *queue.WorkerPoolQueue[*LicenseUpdaterOptions]
+)
+
+func AddRepoToLicenseUpdaterQueue(opts *LicenseUpdaterOptions) error {
+	if opts == nil {
+		return nil
+	}
+	return licenseUpdaterQueue.Push(opts)
+}
+
+func loadLicenseAliases() error {
+	if licenseAliases != nil {
+		return nil
+	}
+
+	data, err := options.AssetFS().ReadFile("license", "etc", "license-aliases.json")
+	if err != nil {
+		return err
+	}
+	err = json.Unmarshal(data, &licenseAliases)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func ConvertLicenseName(name string) string {
+	if err := loadLicenseAliases(); err != nil {
+		return name
+	}
+
+	v, ok := licenseAliases[name]
+	if ok {
+		return v
+	}
+	return name
+}
+
+func InitLicenseClassifier() error {
+	// threshold should be 0.84~0.86 or the test will be failed
+	classifier = licenseclassifier.NewClassifier(.85)
+	licenseFiles, err := options.AssetFS().ListFiles("license", true)
+	if err != nil {
+		return err
+	}
+
+	existLicense := make(container.Set[string])
+	if len(licenseFiles) > 0 {
+		for _, licenseFile := range licenseFiles {
+			licenseName := ConvertLicenseName(licenseFile)
+			if existLicense.Contains(licenseName) {
+				continue
+			}
+			existLicense.Add(licenseName)
+			data, err := options.License(licenseFile)
+			if err != nil {
+				return err
+			}
+			classifier.AddContent("License", licenseFile, licenseName, data)
+		}
+	}
+	return nil
+}
+
+type LicenseUpdaterOptions struct {
+	RepoID int64
+}
+
+func repoLicenseUpdater(items ...*LicenseUpdaterOptions) []*LicenseUpdaterOptions {
+	ctx := graceful.GetManager().ShutdownContext()
+
+	for _, opts := range items {
+		repo, err := repo_model.GetRepositoryByID(ctx, opts.RepoID)
+		if err != nil {
+			log.Error("repoLicenseUpdater [%d] failed: GetRepositoryByID: %v", opts.RepoID, err)
+			continue
+		}
+		if repo.IsEmpty {
+			continue
+		}
+
+		gitRepo, err := gitrepo.OpenRepository(ctx, repo)
+		if err != nil {
+			log.Error("repoLicenseUpdater [%d] failed: OpenRepository: %v", opts.RepoID, err)
+			continue
+		}
+		defer gitRepo.Close()
+
+		commit, err := gitRepo.GetBranchCommit(repo.DefaultBranch)
+		if err != nil {
+			log.Error("repoLicenseUpdater [%d] failed: GetBranchCommit: %v", opts.RepoID, err)
+			continue
+		}
+		if err = UpdateRepoLicenses(ctx, repo, commit); err != nil {
+			log.Error("repoLicenseUpdater [%d] failed: updateRepoLicenses: %v", opts.RepoID, err)
+		}
+	}
+	return nil
+}
+
+func SyncRepoLicenses(ctx context.Context) error {
+	log.Trace("Doing: SyncRepoLicenses")
+
+	if err := db.Iterate(
+		ctx,
+		nil,
+		func(ctx context.Context, repo *repo_model.Repository) error {
+			select {
+			case <-ctx.Done():
+				return db.ErrCancelledf("before sync repo licenses for %s", repo.FullName())
+			default:
+			}
+			return AddRepoToLicenseUpdaterQueue(&LicenseUpdaterOptions{RepoID: repo.ID})
+		},
+	); err != nil {
+		log.Trace("Error: SyncRepoLicenses: %v", err)
+		return err
+	}
+
+	log.Trace("Finished: SyncReposLicenses")
+	return nil
+}
+
+// UpdateRepoLicenses will update repository licenses col if license file exists
+func UpdateRepoLicenses(ctx context.Context, repo *repo_model.Repository, commit *git.Commit) error {
+	if commit == nil {
+		return nil
+	}
+
+	b, err := commit.GetBlobByPath(LicenseFileName)
+	if err != nil && !git.IsErrNotExist(err) {
+		return fmt.Errorf("GetBlobByPath: %w", err)
+	}
+
+	if git.IsErrNotExist(err) {
+		return repo_model.CleanRepoLicenses(ctx, repo)
+	}
+
+	licenses := make([]string, 0)
+	if b != nil {
+		r, err := b.DataAsync()
+		if err != nil {
+			return err
+		}
+		defer r.Close()
+
+		licenses, err = detectLicense(r)
+		if err != nil {
+			return fmt.Errorf("detectLicense: %w", err)
+		}
+	}
+	return repo_model.UpdateRepoLicenses(ctx, repo, commit.ID.String(), licenses)
+}
+
+// detectLicense returns the licenses detected by the given content buff
+func detectLicense(r io.Reader) ([]string, error) {
+	if r == nil {
+		return nil, nil
+	}
+
+	matches, err := classifier.MatchFrom(r)
+	if err != nil {
+		return nil, err
+	}
+	if len(matches.Matches) > 0 {
+		results := make(container.Set[string], len(matches.Matches))
+		for _, r := range matches.Matches {
+			if r.MatchType == "License" && !results.Contains(r.Variant) {
+				results.Add(r.Variant)
+			}
+		}
+		return results.Values(), nil
+	}
+	return nil, nil
+}
diff --git a/services/repository/license_test.go b/services/repository/license_test.go
new file mode 100644
index 00000000000..39e9738145c
--- /dev/null
+++ b/services/repository/license_test.go
@@ -0,0 +1,73 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repository
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	repo_module "code.gitea.io/gitea/modules/repository"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_detectLicense(t *testing.T) {
+	type DetectLicenseTest struct {
+		name string
+		arg  string
+		want []string
+	}
+
+	tests := []DetectLicenseTest{
+		{
+			name: "empty",
+			arg:  "",
+			want: nil,
+		},
+		{
+			name: "no detected license",
+			arg:  "Copyright (c) 2023 Gitea",
+			want: nil,
+		},
+	}
+
+	repo_module.LoadRepoConfig()
+	err := loadLicenseAliases()
+	assert.NoError(t, err)
+	for _, licenseName := range repo_module.Licenses {
+		license, err := repo_module.GetLicense(licenseName, &repo_module.LicenseValues{
+			Owner: "Gitea",
+			Email: "teabot@gitea.io",
+			Repo:  "gitea",
+			Year:  "2024",
+		})
+		assert.NoError(t, err)
+
+		tests = append(tests, DetectLicenseTest{
+			name: fmt.Sprintf("single license test: %s", licenseName),
+			arg:  string(license),
+			want: []string{ConvertLicenseName(licenseName)},
+		})
+	}
+
+	err = InitLicenseClassifier()
+	assert.NoError(t, err)
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			license, err := detectLicense(strings.NewReader(tt.arg))
+			assert.NoError(t, err)
+			assert.Equal(t, tt.want, license)
+		})
+	}
+
+	result, err := detectLicense(strings.NewReader(tests[2].arg + tests[3].arg + tests[4].arg))
+	assert.NoError(t, err)
+	t.Run("multiple licenses test", func(t *testing.T) {
+		assert.Equal(t, 3, len(result))
+		assert.Contains(t, result, tests[2].want[0])
+		assert.Contains(t, result, tests[3].want[0])
+		assert.Contains(t, result, tests[4].want[0])
+	})
+}
diff --git a/services/repository/migrate.go b/services/repository/migrate.go
index 2e901791b4a..c627b46fab5 100644
--- a/services/repository/migrate.go
+++ b/services/repository/migrate.go
@@ -172,6 +172,11 @@ func MigrateRepositoryGitData(ctx context.Context, u *user_model.User,
 				return repo, fmt.Errorf("StoreMissingLfsObjectsInRepository: %w", err)
 			}
 		}
+
+		// Update repo license
+		if err := AddRepoToLicenseUpdaterQueue(&LicenseUpdaterOptions{RepoID: repo.ID}); err != nil {
+			log.Error("Failed to add repo to license updater queue: %v", err)
+		}
 	}
 
 	ctx, committer, err := db.TxContext(ctx)
diff --git a/services/repository/repository.go b/services/repository/repository.go
index 5306e7d45cc..59b4491132d 100644
--- a/services/repository/repository.go
+++ b/services/repository/repository.go
@@ -18,6 +18,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/queue"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
@@ -96,6 +97,12 @@ func PushCreateRepo(ctx context.Context, authUser, owner *user_model.User, repoN
 
 // Init start repository service
 func Init(ctx context.Context) error {
+	licenseUpdaterQueue = queue.CreateUniqueQueue(graceful.GetManager().ShutdownContext(), "repo_license_updater", repoLicenseUpdater)
+	if licenseUpdaterQueue == nil {
+		return fmt.Errorf("unable to create repo_license_updater queue")
+	}
+	go graceful.GetManager().RunWithCancel(licenseUpdaterQueue)
+
 	if err := repo_module.LoadRepoConfig(); err != nil {
 		return err
 	}
diff --git a/templates/repo/sub_menu.tmpl b/templates/repo/sub_menu.tmpl
index 87d21103149..6f53acd31ec 100644
--- a/templates/repo/sub_menu.tmpl
+++ b/templates/repo/sub_menu.tmpl
@@ -13,7 +13,12 @@
 					{{svg "octicon-tag"}} <b>{{ctx.Locale.PrettyNumber .NumTags}}</b> {{ctx.Locale.TrN .NumTags "repo.tag" "repo.tags"}}
 				</a>
 			{{end}}
-			<span class="item not-mobile" {{if not (eq .Repository.Size 0)}}data-tooltip-content="{{.Repository.SizeDetailsString}}"{{end}}>
+			{{if .DetectedRepoLicenses}}
+				<a class="item muted" href="{{.RepoLink}}/src/{{.Repository.DefaultBranch}}/{{PathEscapeSegments .LicenseFileName}}" data-tooltip-placement="top" data-tooltip-content="{{StringUtils.Join .DetectedRepoLicenses ", "}}">
+					{{svg "octicon-law"}} <b>{{if eq (len .DetectedRepoLicenses) 1}}{{index .DetectedRepoLicenses 0}}{{else}}{{ctx.Locale.Tr "repo.multiple_licenses"}}{{end}}</b>
+				</a>
+			{{end}}
+			<span class="item not-mobile" {{if not (eq .Repository.Size 0)}}data-tooltip-placement="top" data-tooltip-content="{{.Repository.SizeDetailsString}}"{{end}}>
 				{{$fileSizeFormatted := FileSize .Repository.Size}}{{/* the formatted string is always "{val} {unit}" */}}
 				{{$fileSizeFields := StringUtils.Split $fileSizeFormatted " "}}
 				{{svg "octicon-database"}} <b>{{ctx.Locale.PrettyNumber (index $fileSizeFields 0)}}</b> {{index $fileSizeFields 1}}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 59835055027..bac918ac389 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -10640,6 +10640,42 @@
         }
       }
     },
+    "/repos/{owner}/{repo}/licenses": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Get repo licenses",
+        "operationId": "repoGetLicenses",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/LicensesList"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/repos/{owner}/{repo}/media/{filepath}": {
       "get": {
         "produces": [
@@ -24142,6 +24178,13 @@
           "type": "string",
           "x-go-name": "LanguagesURL"
         },
+        "licenses": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "x-go-name": "Licenses"
+        },
         "link": {
           "type": "string",
           "x-go-name": "Link"
@@ -25717,6 +25760,15 @@
         }
       }
     },
+    "LicensesList": {
+      "description": "LicensesList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "type": "string"
+        }
+      }
+    },
     "MarkdownRender": {
       "description": "MarkdownRender is a rendered markdown document",
       "schema": {
diff --git a/tests/gitea-repositories-meta/user2/repo1.git/objects/08/51b61d9f8ca0e9e63617e11907988ee88b1ca6 b/tests/gitea-repositories-meta/user2/repo1.git/objects/08/51b61d9f8ca0e9e63617e11907988ee88b1ca6
new file mode 100644
index 0000000000000000000000000000000000000000..69b1e0310be8cdcb0d9b0608094280c7da799277
GIT binary patch
literal 85
zcmV-b0IL6Z0V^p=O;s>AVlXr?Ff%bx@bPqZ^$T`o5Nc#ySDZHM(2~<mrJ@!ej>UvL
r>Vhf>a&>g^b=AvFVes|{TpM^lt9HKX$x4&R%2%(WP38jt9giIU<jE#<

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo1.git/objects/12/8105ae73669ac2a4cb42751538f0c65c54e28a b/tests/gitea-repositories-meta/user2/repo1.git/objects/12/8105ae73669ac2a4cb42751538f0c65c54e28a
new file mode 100644
index 0000000000000000000000000000000000000000..4c925560cb41eb801c87d12111567b880c67dff7
GIT binary patch
literal 643
zcmV-}0(|{=0bNqvYuhjo-?RUUBTp@ut}A5^V+<5qPQ)D9$V#(3`a_8|94lDzLjU`n
zl(eG*gVE{k_jPIp)4-R<ug{-0OhT?(HCh!#i8;Sc`q(?TYwzLv)8o_g4_IlZ>L@DJ
zbkf#pGlI6zt4TGlaGdJVsV;`Yq!gF~w0%7tRSeERJ-)(OO%?}C<7z$X@d!1v$l*I(
zk1*C8+@+orHg`~4Yg%0+9(1OiPil0v^Lz(AC<}M4SFosV6N~#m(y4j?JtCTdw=1}4
z*PGeFq^z5C>oH<%YKOV=8s4r4ebP4uKOT%*uY9)X!0U|RWIBEDe-&(<=Vs8hkD=2Z
zx|tnzT3-wa#@@$gGl5mZ;1M+H4qpGM3q76%vqAn_M1l9xo6|=p7|~&#Mx?}0aHcaD
zSz!FFTIVZX`N0f>xp-@>89VL$+HX-L@v3gj9~Hb@_c|JfQbXKf0YSudtG6rL*QmWw
zx4@7W<MpLCJLqn1ti#1?%>Hbq!1uq+2jpK<sESPPh@ikKC`IwYQkueoRCr#*uw!yv
zY$afaAYAUD$bj%Y{A4_hf&MB5ttu!4uuYjWiZ#ZQe48@9f+f!J0v|8KCyb!708e;>
zVie~x*iezI5t%Gm&g4FZj7jb>GXy125+PZ#&53|=E6SpxNS`7sXFL<gLN}Dl2V}(>
z&=)*FwI+EUsK^%8i=Zzl%DrH#wS;w%rxc4zipt0`r&lU8mE?qNVo1q`th_n_1qv3S
z?WS(GrlEv<1iwVGf_ocD!KJ`sj4p+IAKkHv#y|wCd?1-95Z=d$6FxKU=QzEh_^5;G
d_l;nS4{VF3-?gNa<cNjq;UAhGqQ4edRoWgaJ|F-9

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo1.git/objects/90/c1019714259b24fb81711d4416ac0f18667dfa b/tests/gitea-repositories-meta/user2/repo1.git/objects/90/c1019714259b24fb81711d4416ac0f18667dfa
new file mode 100644
index 00000000000..bbd3bf7f30f
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo1.git/objects/90/c1019714259b24fb81711d4416ac0f18667dfa
@@ -0,0 +1,2 @@
+x
��M
+�0F]��2�d&�*��`���ƅ��W�[>ރ���<
�НƮj!�&=�*ʞ1*�@��TS*X3�W�u��c�.��K��90E�Ğ�$h+��f�g<��~_@�E{=,!��m��u�Y� ��B�g8fz|�_erk�9U]�j~2]<�
\ No newline at end of file
diff --git a/tests/gitea-repositories-meta/user2/repo1.git/refs/heads/DefaultBranch b/tests/gitea-repositories-meta/user2/repo1.git/refs/heads/DefaultBranch
index f98a263be62..5abf667b61e 100644
--- a/tests/gitea-repositories-meta/user2/repo1.git/refs/heads/DefaultBranch
+++ b/tests/gitea-repositories-meta/user2/repo1.git/refs/heads/DefaultBranch
@@ -1 +1 @@
-65f1bf27bc3bf70f64657658635e66094edbcb4d
+90c1019714259b24fb81711d4416ac0f18667dfa
diff --git a/tests/integration/api_admin_test.go b/tests/integration/api_admin_test.go
index 92da7ce041c..66209ee4e0c 100644
--- a/tests/integration/api_admin_test.go
+++ b/tests/integration/api_admin_test.go
@@ -304,11 +304,11 @@ func TestAPICron(t *testing.T) {
 			AddTokenAuth(token)
 		resp := MakeRequest(t, req, http.StatusOK)
 
-		assert.Equal(t, "28", resp.Header().Get("X-Total-Count"))
+		assert.Equal(t, "29", resp.Header().Get("X-Total-Count"))
 
 		var crons []api.Cron
 		DecodeJSON(t, resp, &crons)
-		assert.Len(t, crons, 28)
+		assert.Len(t, crons, 29)
 	})
 
 	t.Run("Execute", func(t *testing.T) {
diff --git a/tests/integration/api_repo_license_test.go b/tests/integration/api_repo_license_test.go
new file mode 100644
index 00000000000..52d30856944
--- /dev/null
+++ b/tests/integration/api_repo_license_test.go
@@ -0,0 +1,80 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+	"time"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var testLicenseContent = `
+Copyright (c) 2024 Gitea 
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+`
+
+func TestAPIRepoLicense(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		session := loginUser(t, "user2")
+
+		// Request editor page
+		req := NewRequest(t, "GET", "/user2/repo1/_new/master/")
+		resp := session.MakeRequest(t, req, http.StatusOK)
+
+		doc := NewHTMLParser(t, resp.Body)
+		lastCommit := doc.GetInputValueByName("last_commit")
+		assert.NotEmpty(t, lastCommit)
+
+		// Save new file to master branch
+		req = NewRequestWithValues(t, "POST", "/user2/repo1/_new/master/", map[string]string{
+			"_csrf":         doc.GetCSRF(),
+			"last_commit":   lastCommit,
+			"tree_path":     "LICENSE",
+			"content":       testLicenseContent,
+			"commit_choice": "direct",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		// let gitea update repo license
+		time.Sleep(time.Second)
+		checkRepoLicense(t, "user2", "repo1", []string{"BSD-2-Clause"})
+
+		// Change default branch
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+		branchName := "DefaultBranch"
+		req = NewRequestWithJSON(t, "PATCH", "/api/v1/repos/user2/repo1", api.EditRepoOption{
+			DefaultBranch: &branchName,
+		}).AddTokenAuth(token)
+		session.MakeRequest(t, req, http.StatusOK)
+
+		// let gitea update repo license
+		time.Sleep(time.Second)
+		checkRepoLicense(t, "user2", "repo1", []string{"MIT"})
+	})
+}
+
+func checkRepoLicense(t *testing.T, owner, repo string, expected []string) {
+	reqURL := fmt.Sprintf("/api/v1/repos/%s/%s/licenses", owner, repo)
+	req := NewRequest(t, "GET", reqURL)
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	var licenses []string
+	DecodeJSON(t, resp, &licenses)
+
+	assert.ElementsMatch(t, expected, licenses, 0)
+}

From 3a4a1bffbebd8a6f024a7fc4849cebbd7f0274d4 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 2 Oct 2024 08:03:19 +0800
Subject: [PATCH 126/129] Make oauth2 code clear. Move oauth2 provider code to
 their own packages/files (#32148)

Fix #30266
Replace #31533
---
 routers/init.go                               |   3 +-
 routers/web/auth/oauth.go                     | 844 ------------------
 routers/web/auth/oauth2_provider.go           | 666 ++++++++++++++
 routers/web/auth/oauth_test.go                |  12 +-
 services/auth/oauth2.go                       |   6 +-
 services/auth/source/oauth2/init.go           |   4 -
 services/oauth2_provider/access_token.go      | 214 +++++
 services/oauth2_provider/init.go              |  19 +
 .../jwtsigningkey.go                          |   2 +-
 .../oauth2 => oauth2_provider}/token.go       |  23 +-
 tests/integration/oauth_test.go               |  28 +-
 11 files changed, 933 insertions(+), 888 deletions(-)
 create mode 100644 routers/web/auth/oauth2_provider.go
 create mode 100644 services/oauth2_provider/access_token.go
 create mode 100644 services/oauth2_provider/init.go
 rename services/{auth/source/oauth2 => oauth2_provider}/jwtsigningkey.go (99%)
 rename services/{auth/source/oauth2 => oauth2_provider}/token.go (83%)

diff --git a/routers/init.go b/routers/init.go
index fe80dfd2cdd..2091f5967ac 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -47,6 +47,7 @@ import (
 	markup_service "code.gitea.io/gitea/services/markup"
 	repo_migrations "code.gitea.io/gitea/services/migrations"
 	mirror_service "code.gitea.io/gitea/services/mirror"
+	"code.gitea.io/gitea/services/oauth2_provider"
 	pull_service "code.gitea.io/gitea/services/pull"
 	release_service "code.gitea.io/gitea/services/release"
 	repo_service "code.gitea.io/gitea/services/repository"
@@ -144,7 +145,7 @@ func InitWebInstalled(ctx context.Context) {
 	log.Info("ORM engine initialization successful!")
 	mustInit(system.Init)
 	mustInitCtx(ctx, oauth2.Init)
-
+	mustInitCtx(ctx, oauth2_provider.Init)
 	mustInit(release_service.Init)
 
 	mustInitCtx(ctx, models.Init)
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index c61a0a62404..ccbb3bebf1f 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -4,878 +4,34 @@
 package auth
 
 import (
-	go_context "context"
 	"errors"
 	"fmt"
 	"html"
-	"html/template"
 	"io"
 	"net/http"
-	"net/url"
 	"sort"
 	"strings"
 
 	"code.gitea.io/gitea/models/auth"
-	org_model "code.gitea.io/gitea/models/organization"
 	user_model "code.gitea.io/gitea/models/user"
 	auth_module "code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/container"
-	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/timeutil"
-	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/modules/web/middleware"
-	auth_service "code.gitea.io/gitea/services/auth"
 	source_service "code.gitea.io/gitea/services/auth/source"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/externalaccount"
-	"code.gitea.io/gitea/services/forms"
 	user_service "code.gitea.io/gitea/services/user"
 
-	"gitea.com/go-chi/binding"
-	"github.com/golang-jwt/jwt/v5"
 	"github.com/markbates/goth"
 	"github.com/markbates/goth/gothic"
 	go_oauth2 "golang.org/x/oauth2"
 )
 
-const (
-	tplGrantAccess base.TplName = "user/auth/grant"
-	tplGrantError  base.TplName = "user/auth/grant_error"
-)
-
-// TODO move error and responses to SDK or models
-
-// AuthorizeErrorCode represents an error code specified in RFC 6749
-// https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2.1
-type AuthorizeErrorCode string
-
-const (
-	// ErrorCodeInvalidRequest represents the according error in RFC 6749
-	ErrorCodeInvalidRequest AuthorizeErrorCode = "invalid_request"
-	// ErrorCodeUnauthorizedClient represents the according error in RFC 6749
-	ErrorCodeUnauthorizedClient AuthorizeErrorCode = "unauthorized_client"
-	// ErrorCodeAccessDenied represents the according error in RFC 6749
-	ErrorCodeAccessDenied AuthorizeErrorCode = "access_denied"
-	// ErrorCodeUnsupportedResponseType represents the according error in RFC 6749
-	ErrorCodeUnsupportedResponseType AuthorizeErrorCode = "unsupported_response_type"
-	// ErrorCodeInvalidScope represents the according error in RFC 6749
-	ErrorCodeInvalidScope AuthorizeErrorCode = "invalid_scope"
-	// ErrorCodeServerError represents the according error in RFC 6749
-	ErrorCodeServerError AuthorizeErrorCode = "server_error"
-	// ErrorCodeTemporaryUnavailable represents the according error in RFC 6749
-	ErrorCodeTemporaryUnavailable AuthorizeErrorCode = "temporarily_unavailable"
-)
-
-// AuthorizeError represents an error type specified in RFC 6749
-// https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2.1
-type AuthorizeError struct {
-	ErrorCode        AuthorizeErrorCode `json:"error" form:"error"`
-	ErrorDescription string
-	State            string
-}
-
-// Error returns the error message
-func (err AuthorizeError) Error() string {
-	return fmt.Sprintf("%s: %s", err.ErrorCode, err.ErrorDescription)
-}
-
-// AccessTokenErrorCode represents an error code specified in RFC 6749
-// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
-type AccessTokenErrorCode string
-
-const (
-	// AccessTokenErrorCodeInvalidRequest represents an error code specified in RFC 6749
-	AccessTokenErrorCodeInvalidRequest AccessTokenErrorCode = "invalid_request"
-	// AccessTokenErrorCodeInvalidClient represents an error code specified in RFC 6749
-	AccessTokenErrorCodeInvalidClient = "invalid_client"
-	// AccessTokenErrorCodeInvalidGrant represents an error code specified in RFC 6749
-	AccessTokenErrorCodeInvalidGrant = "invalid_grant"
-	// AccessTokenErrorCodeUnauthorizedClient represents an error code specified in RFC 6749
-	AccessTokenErrorCodeUnauthorizedClient = "unauthorized_client"
-	// AccessTokenErrorCodeUnsupportedGrantType represents an error code specified in RFC 6749
-	AccessTokenErrorCodeUnsupportedGrantType = "unsupported_grant_type"
-	// AccessTokenErrorCodeInvalidScope represents an error code specified in RFC 6749
-	AccessTokenErrorCodeInvalidScope = "invalid_scope"
-)
-
-// AccessTokenError represents an error response specified in RFC 6749
-// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
-type AccessTokenError struct {
-	ErrorCode        AccessTokenErrorCode `json:"error" form:"error"`
-	ErrorDescription string               `json:"error_description"`
-}
-
-// Error returns the error message
-func (err AccessTokenError) Error() string {
-	return fmt.Sprintf("%s: %s", err.ErrorCode, err.ErrorDescription)
-}
-
-// errCallback represents a oauth2 callback error
-type errCallback struct {
-	Code        string
-	Description string
-}
-
-func (err errCallback) Error() string {
-	return err.Description
-}
-
-// TokenType specifies the kind of token
-type TokenType string
-
-const (
-	// TokenTypeBearer represents a token type specified in RFC 6749
-	TokenTypeBearer TokenType = "bearer"
-	// TokenTypeMAC represents a token type specified in RFC 6749
-	TokenTypeMAC = "mac"
-)
-
-// AccessTokenResponse represents a successful access token response
-// https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2
-type AccessTokenResponse struct {
-	AccessToken  string    `json:"access_token"`
-	TokenType    TokenType `json:"token_type"`
-	ExpiresIn    int64     `json:"expires_in"`
-	RefreshToken string    `json:"refresh_token"`
-	IDToken      string    `json:"id_token,omitempty"`
-}
-
-func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, serverKey, clientKey oauth2.JWTSigningKey) (*AccessTokenResponse, *AccessTokenError) {
-	if setting.OAuth2.InvalidateRefreshTokens {
-		if err := grant.IncreaseCounter(ctx); err != nil {
-			return nil, &AccessTokenError{
-				ErrorCode:        AccessTokenErrorCodeInvalidGrant,
-				ErrorDescription: "cannot increase the grant counter",
-			}
-		}
-	}
-	// generate access token to access the API
-	expirationDate := timeutil.TimeStampNow().Add(setting.OAuth2.AccessTokenExpirationTime)
-	accessToken := &oauth2.Token{
-		GrantID: grant.ID,
-		Type:    oauth2.TypeAccessToken,
-		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: jwt.NewNumericDate(expirationDate.AsTime()),
-		},
-	}
-	signedAccessToken, err := accessToken.SignToken(serverKey)
-	if err != nil {
-		return nil, &AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-			ErrorDescription: "cannot sign token",
-		}
-	}
-
-	// generate refresh token to request an access token after it expired later
-	refreshExpirationDate := timeutil.TimeStampNow().Add(setting.OAuth2.RefreshTokenExpirationTime * 60 * 60).AsTime()
-	refreshToken := &oauth2.Token{
-		GrantID: grant.ID,
-		Counter: grant.Counter,
-		Type:    oauth2.TypeRefreshToken,
-		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: jwt.NewNumericDate(refreshExpirationDate),
-		},
-	}
-	signedRefreshToken, err := refreshToken.SignToken(serverKey)
-	if err != nil {
-		return nil, &AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-			ErrorDescription: "cannot sign token",
-		}
-	}
-
-	// generate OpenID Connect id_token
-	signedIDToken := ""
-	if grant.ScopeContains("openid") {
-		app, err := auth.GetOAuth2ApplicationByID(ctx, grant.ApplicationID)
-		if err != nil {
-			return nil, &AccessTokenError{
-				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-				ErrorDescription: "cannot find application",
-			}
-		}
-		user, err := user_model.GetUserByID(ctx, grant.UserID)
-		if err != nil {
-			if user_model.IsErrUserNotExist(err) {
-				return nil, &AccessTokenError{
-					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-					ErrorDescription: "cannot find user",
-				}
-			}
-			log.Error("Error loading user: %v", err)
-			return nil, &AccessTokenError{
-				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-				ErrorDescription: "server error",
-			}
-		}
-
-		idToken := &oauth2.OIDCToken{
-			RegisteredClaims: jwt.RegisteredClaims{
-				ExpiresAt: jwt.NewNumericDate(expirationDate.AsTime()),
-				Issuer:    setting.AppURL,
-				Audience:  []string{app.ClientID},
-				Subject:   fmt.Sprint(grant.UserID),
-			},
-			Nonce: grant.Nonce,
-		}
-		if grant.ScopeContains("profile") {
-			idToken.Name = user.GetDisplayName()
-			idToken.PreferredUsername = user.Name
-			idToken.Profile = user.HTMLURL()
-			idToken.Picture = user.AvatarLink(ctx)
-			idToken.Website = user.Website
-			idToken.Locale = user.Language
-			idToken.UpdatedAt = user.UpdatedUnix
-		}
-		if grant.ScopeContains("email") {
-			idToken.Email = user.Email
-			idToken.EmailVerified = user.IsActive
-		}
-		if grant.ScopeContains("groups") {
-			groups, err := getOAuthGroupsForUser(ctx, user)
-			if err != nil {
-				log.Error("Error getting groups: %v", err)
-				return nil, &AccessTokenError{
-					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-					ErrorDescription: "server error",
-				}
-			}
-			idToken.Groups = groups
-		}
-
-		signedIDToken, err = idToken.SignToken(clientKey)
-		if err != nil {
-			return nil, &AccessTokenError{
-				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-				ErrorDescription: "cannot sign token",
-			}
-		}
-	}
-
-	return &AccessTokenResponse{
-		AccessToken:  signedAccessToken,
-		TokenType:    TokenTypeBearer,
-		ExpiresIn:    setting.OAuth2.AccessTokenExpirationTime,
-		RefreshToken: signedRefreshToken,
-		IDToken:      signedIDToken,
-	}, nil
-}
-
-type userInfoResponse struct {
-	Sub      string   `json:"sub"`
-	Name     string   `json:"name"`
-	Username string   `json:"preferred_username"`
-	Email    string   `json:"email"`
-	Picture  string   `json:"picture"`
-	Groups   []string `json:"groups"`
-}
-
-// InfoOAuth manages request for userinfo endpoint
-func InfoOAuth(ctx *context.Context) {
-	if ctx.Doer == nil || ctx.Data["AuthedMethod"] != (&auth_service.OAuth2{}).Name() {
-		ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm=""`)
-		ctx.PlainText(http.StatusUnauthorized, "no valid authorization")
-		return
-	}
-
-	response := &userInfoResponse{
-		Sub:      fmt.Sprint(ctx.Doer.ID),
-		Name:     ctx.Doer.FullName,
-		Username: ctx.Doer.Name,
-		Email:    ctx.Doer.Email,
-		Picture:  ctx.Doer.AvatarLink(ctx),
-	}
-
-	groups, err := getOAuthGroupsForUser(ctx, ctx.Doer)
-	if err != nil {
-		ctx.ServerError("Oauth groups for user", err)
-		return
-	}
-	response.Groups = groups
-
-	ctx.JSON(http.StatusOK, response)
-}
-
-// returns a list of "org" and "org:team" strings,
-// that the given user is a part of.
-func getOAuthGroupsForUser(ctx go_context.Context, user *user_model.User) ([]string, error) {
-	orgs, err := org_model.GetUserOrgsList(ctx, user)
-	if err != nil {
-		return nil, fmt.Errorf("GetUserOrgList: %w", err)
-	}
-
-	var groups []string
-	for _, org := range orgs {
-		groups = append(groups, org.Name)
-		teams, err := org.LoadTeams(ctx)
-		if err != nil {
-			return nil, fmt.Errorf("LoadTeams: %w", err)
-		}
-		for _, team := range teams {
-			if team.IsMember(ctx, user.ID) {
-				groups = append(groups, org.Name+":"+team.LowerName)
-			}
-		}
-	}
-	return groups, nil
-}
-
-func parseBasicAuth(ctx *context.Context) (username, password string, err error) {
-	authHeader := ctx.Req.Header.Get("Authorization")
-	if authType, authData, ok := strings.Cut(authHeader, " "); ok && strings.EqualFold(authType, "Basic") {
-		return base.BasicAuthDecode(authData)
-	}
-	return "", "", errors.New("invalid basic authentication")
-}
-
-// IntrospectOAuth introspects an oauth token
-func IntrospectOAuth(ctx *context.Context) {
-	clientIDValid := false
-	if clientID, clientSecret, err := parseBasicAuth(ctx); err == nil {
-		app, err := auth.GetOAuth2ApplicationByClientID(ctx, clientID)
-		if err != nil && !auth.IsErrOauthClientIDInvalid(err) {
-			// this is likely a database error; log it and respond without details
-			log.Error("Error retrieving client_id: %v", err)
-			ctx.Error(http.StatusInternalServerError)
-			return
-		}
-		clientIDValid = err == nil && app.ValidateClientSecret([]byte(clientSecret))
-	}
-	if !clientIDValid {
-		ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm=""`)
-		ctx.PlainText(http.StatusUnauthorized, "no valid authorization")
-		return
-	}
-
-	var response struct {
-		Active   bool   `json:"active"`
-		Scope    string `json:"scope,omitempty"`
-		Username string `json:"username,omitempty"`
-		jwt.RegisteredClaims
-	}
-
-	form := web.GetForm(ctx).(*forms.IntrospectTokenForm)
-	token, err := oauth2.ParseToken(form.Token, oauth2.DefaultSigningKey)
-	if err == nil {
-		grant, err := auth.GetOAuth2GrantByID(ctx, token.GrantID)
-		if err == nil && grant != nil {
-			app, err := auth.GetOAuth2ApplicationByID(ctx, grant.ApplicationID)
-			if err == nil && app != nil {
-				response.Active = true
-				response.Scope = grant.Scope
-				response.Issuer = setting.AppURL
-				response.Audience = []string{app.ClientID}
-				response.Subject = fmt.Sprint(grant.UserID)
-			}
-			if user, err := user_model.GetUserByID(ctx, grant.UserID); err == nil {
-				response.Username = user.Name
-			}
-		}
-	}
-
-	ctx.JSON(http.StatusOK, response)
-}
-
-// AuthorizeOAuth manages authorize requests
-func AuthorizeOAuth(ctx *context.Context) {
-	form := web.GetForm(ctx).(*forms.AuthorizationForm)
-	errs := binding.Errors{}
-	errs = form.Validate(ctx.Req, errs)
-	if len(errs) > 0 {
-		errstring := ""
-		for _, e := range errs {
-			errstring += e.Error() + "\n"
-		}
-		ctx.ServerError("AuthorizeOAuth: Validate: ", fmt.Errorf("errors occurred during validation: %s", errstring))
-		return
-	}
-
-	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
-	if err != nil {
-		if auth.IsErrOauthClientIDInvalid(err) {
-			handleAuthorizeError(ctx, AuthorizeError{
-				ErrorCode:        ErrorCodeUnauthorizedClient,
-				ErrorDescription: "Client ID not registered",
-				State:            form.State,
-			}, "")
-			return
-		}
-		ctx.ServerError("GetOAuth2ApplicationByClientID", err)
-		return
-	}
-
-	var user *user_model.User
-	if app.UID != 0 {
-		user, err = user_model.GetUserByID(ctx, app.UID)
-		if err != nil {
-			ctx.ServerError("GetUserByID", err)
-			return
-		}
-	}
-
-	if !app.ContainsRedirectURI(form.RedirectURI) {
-		handleAuthorizeError(ctx, AuthorizeError{
-			ErrorCode:        ErrorCodeInvalidRequest,
-			ErrorDescription: "Unregistered Redirect URI",
-			State:            form.State,
-		}, "")
-		return
-	}
-
-	if form.ResponseType != "code" {
-		handleAuthorizeError(ctx, AuthorizeError{
-			ErrorCode:        ErrorCodeUnsupportedResponseType,
-			ErrorDescription: "Only code response type is supported.",
-			State:            form.State,
-		}, form.RedirectURI)
-		return
-	}
-
-	// pkce support
-	switch form.CodeChallengeMethod {
-	case "S256":
-	case "plain":
-		if err := ctx.Session.Set("CodeChallengeMethod", form.CodeChallengeMethod); err != nil {
-			handleAuthorizeError(ctx, AuthorizeError{
-				ErrorCode:        ErrorCodeServerError,
-				ErrorDescription: "cannot set code challenge method",
-				State:            form.State,
-			}, form.RedirectURI)
-			return
-		}
-		if err := ctx.Session.Set("CodeChallengeMethod", form.CodeChallenge); err != nil {
-			handleAuthorizeError(ctx, AuthorizeError{
-				ErrorCode:        ErrorCodeServerError,
-				ErrorDescription: "cannot set code challenge",
-				State:            form.State,
-			}, form.RedirectURI)
-			return
-		}
-		// Here we're just going to try to release the session early
-		if err := ctx.Session.Release(); err != nil {
-			// we'll tolerate errors here as they *should* get saved elsewhere
-			log.Error("Unable to save changes to the session: %v", err)
-		}
-	case "":
-		// "Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message"
-		// https://datatracker.ietf.org/doc/html/rfc8252#section-8.1
-		if !app.ConfidentialClient {
-			// "the authorization endpoint MUST return the authorization error response with the "error" value set to "invalid_request""
-			// https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1
-			handleAuthorizeError(ctx, AuthorizeError{
-				ErrorCode:        ErrorCodeInvalidRequest,
-				ErrorDescription: "PKCE is required for public clients",
-				State:            form.State,
-			}, form.RedirectURI)
-			return
-		}
-	default:
-		// "If the server supporting PKCE does not support the requested transformation, the authorization endpoint MUST return the authorization error response with "error" value set to "invalid_request"."
-		// https://www.rfc-editor.org/rfc/rfc7636#section-4.4.1
-		handleAuthorizeError(ctx, AuthorizeError{
-			ErrorCode:        ErrorCodeInvalidRequest,
-			ErrorDescription: "unsupported code challenge method",
-			State:            form.State,
-		}, form.RedirectURI)
-		return
-	}
-
-	grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID)
-	if err != nil {
-		handleServerError(ctx, form.State, form.RedirectURI)
-		return
-	}
-
-	// Redirect if user already granted access and the application is confidential or trusted otherwise
-	// I.e. always require authorization for untrusted public clients as recommended by RFC 6749 Section 10.2
-	if (app.ConfidentialClient || app.SkipSecondaryAuthorization) && grant != nil {
-		code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
-		if err != nil {
-			handleServerError(ctx, form.State, form.RedirectURI)
-			return
-		}
-		redirect, err := code.GenerateRedirectURI(form.State)
-		if err != nil {
-			handleServerError(ctx, form.State, form.RedirectURI)
-			return
-		}
-		// Update nonce to reflect the new session
-		if len(form.Nonce) > 0 {
-			err := grant.SetNonce(ctx, form.Nonce)
-			if err != nil {
-				log.Error("Unable to update nonce: %v", err)
-			}
-		}
-		ctx.Redirect(redirect.String())
-		return
-	}
-
-	// show authorize page to grant access
-	ctx.Data["Application"] = app
-	ctx.Data["RedirectURI"] = form.RedirectURI
-	ctx.Data["State"] = form.State
-	ctx.Data["Scope"] = form.Scope
-	ctx.Data["Nonce"] = form.Nonce
-	if user != nil {
-		ctx.Data["ApplicationCreatorLinkHTML"] = template.HTML(fmt.Sprintf(`<a href="%s">@%s</a>`, html.EscapeString(user.HomeLink()), html.EscapeString(user.Name)))
-	} else {
-		ctx.Data["ApplicationCreatorLinkHTML"] = template.HTML(fmt.Sprintf(`<a href="%s">%s</a>`, html.EscapeString(setting.AppSubURL+"/"), html.EscapeString(setting.AppName)))
-	}
-	ctx.Data["ApplicationRedirectDomainHTML"] = template.HTML("<strong>" + html.EscapeString(form.RedirectURI) + "</strong>")
-	// TODO document SESSION <=> FORM
-	err = ctx.Session.Set("client_id", app.ClientID)
-	if err != nil {
-		handleServerError(ctx, form.State, form.RedirectURI)
-		log.Error(err.Error())
-		return
-	}
-	err = ctx.Session.Set("redirect_uri", form.RedirectURI)
-	if err != nil {
-		handleServerError(ctx, form.State, form.RedirectURI)
-		log.Error(err.Error())
-		return
-	}
-	err = ctx.Session.Set("state", form.State)
-	if err != nil {
-		handleServerError(ctx, form.State, form.RedirectURI)
-		log.Error(err.Error())
-		return
-	}
-	// Here we're just going to try to release the session early
-	if err := ctx.Session.Release(); err != nil {
-		// we'll tolerate errors here as they *should* get saved elsewhere
-		log.Error("Unable to save changes to the session: %v", err)
-	}
-	ctx.HTML(http.StatusOK, tplGrantAccess)
-}
-
-// GrantApplicationOAuth manages the post request submitted when a user grants access to an application
-func GrantApplicationOAuth(ctx *context.Context) {
-	form := web.GetForm(ctx).(*forms.GrantApplicationForm)
-	if ctx.Session.Get("client_id") != form.ClientID || ctx.Session.Get("state") != form.State ||
-		ctx.Session.Get("redirect_uri") != form.RedirectURI {
-		ctx.Error(http.StatusBadRequest)
-		return
-	}
-
-	if !form.Granted {
-		handleAuthorizeError(ctx, AuthorizeError{
-			State:            form.State,
-			ErrorDescription: "the request is denied",
-			ErrorCode:        ErrorCodeAccessDenied,
-		}, form.RedirectURI)
-		return
-	}
-
-	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
-	if err != nil {
-		ctx.ServerError("GetOAuth2ApplicationByClientID", err)
-		return
-	}
-	grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID)
-	if err != nil {
-		handleServerError(ctx, form.State, form.RedirectURI)
-		return
-	}
-	if grant == nil {
-		grant, err = app.CreateGrant(ctx, ctx.Doer.ID, form.Scope)
-		if err != nil {
-			handleAuthorizeError(ctx, AuthorizeError{
-				State:            form.State,
-				ErrorDescription: "cannot create grant for user",
-				ErrorCode:        ErrorCodeServerError,
-			}, form.RedirectURI)
-			return
-		}
-	} else if grant.Scope != form.Scope {
-		handleAuthorizeError(ctx, AuthorizeError{
-			State:            form.State,
-			ErrorDescription: "a grant exists with different scope",
-			ErrorCode:        ErrorCodeServerError,
-		}, form.RedirectURI)
-		return
-	}
-
-	if len(form.Nonce) > 0 {
-		err := grant.SetNonce(ctx, form.Nonce)
-		if err != nil {
-			log.Error("Unable to update nonce: %v", err)
-		}
-	}
-
-	var codeChallenge, codeChallengeMethod string
-	codeChallenge, _ = ctx.Session.Get("CodeChallenge").(string)
-	codeChallengeMethod, _ = ctx.Session.Get("CodeChallengeMethod").(string)
-
-	code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, codeChallenge, codeChallengeMethod)
-	if err != nil {
-		handleServerError(ctx, form.State, form.RedirectURI)
-		return
-	}
-	redirect, err := code.GenerateRedirectURI(form.State)
-	if err != nil {
-		handleServerError(ctx, form.State, form.RedirectURI)
-		return
-	}
-	ctx.Redirect(redirect.String(), http.StatusSeeOther)
-}
-
-// OIDCWellKnown generates JSON so OIDC clients know Gitea's capabilities
-func OIDCWellKnown(ctx *context.Context) {
-	ctx.Data["SigningKey"] = oauth2.DefaultSigningKey
-	ctx.JSONTemplate("user/auth/oidc_wellknown")
-}
-
-// OIDCKeys generates the JSON Web Key Set
-func OIDCKeys(ctx *context.Context) {
-	jwk, err := oauth2.DefaultSigningKey.ToJWK()
-	if err != nil {
-		log.Error("Error converting signing key to JWK: %v", err)
-		ctx.Error(http.StatusInternalServerError)
-		return
-	}
-
-	jwk["use"] = "sig"
-
-	jwks := map[string][]map[string]string{
-		"keys": {
-			jwk,
-		},
-	}
-
-	ctx.Resp.Header().Set("Content-Type", "application/json")
-	enc := json.NewEncoder(ctx.Resp)
-	if err := enc.Encode(jwks); err != nil {
-		log.Error("Failed to encode representation as json. Error: %v", err)
-	}
-}
-
-// AccessTokenOAuth manages all access token requests by the client
-func AccessTokenOAuth(ctx *context.Context) {
-	form := *web.GetForm(ctx).(*forms.AccessTokenForm)
-	// if there is no ClientID or ClientSecret in the request body, fill these fields by the Authorization header and ensure the provided field matches the Authorization header
-	if form.ClientID == "" || form.ClientSecret == "" {
-		authHeader := ctx.Req.Header.Get("Authorization")
-		if authType, authData, ok := strings.Cut(authHeader, " "); ok && strings.EqualFold(authType, "Basic") {
-			clientID, clientSecret, err := base.BasicAuthDecode(authData)
-			if err != nil {
-				handleAccessTokenError(ctx, AccessTokenError{
-					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-					ErrorDescription: "cannot parse basic auth header",
-				})
-				return
-			}
-			// validate that any fields present in the form match the Basic auth header
-			if form.ClientID != "" && form.ClientID != clientID {
-				handleAccessTokenError(ctx, AccessTokenError{
-					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-					ErrorDescription: "client_id in request body inconsistent with Authorization header",
-				})
-				return
-			}
-			form.ClientID = clientID
-			if form.ClientSecret != "" && form.ClientSecret != clientSecret {
-				handleAccessTokenError(ctx, AccessTokenError{
-					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-					ErrorDescription: "client_secret in request body inconsistent with Authorization header",
-				})
-				return
-			}
-			form.ClientSecret = clientSecret
-		}
-	}
-
-	serverKey := oauth2.DefaultSigningKey
-	clientKey := serverKey
-	if serverKey.IsSymmetric() {
-		var err error
-		clientKey, err = oauth2.CreateJWTSigningKey(serverKey.SigningMethod().Alg(), []byte(form.ClientSecret))
-		if err != nil {
-			handleAccessTokenError(ctx, AccessTokenError{
-				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-				ErrorDescription: "Error creating signing key",
-			})
-			return
-		}
-	}
-
-	switch form.GrantType {
-	case "refresh_token":
-		handleRefreshToken(ctx, form, serverKey, clientKey)
-	case "authorization_code":
-		handleAuthorizationCode(ctx, form, serverKey, clientKey)
-	default:
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeUnsupportedGrantType,
-			ErrorDescription: "Only refresh_token or authorization_code grant type is supported",
-		})
-	}
-}
-
-func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey oauth2.JWTSigningKey) {
-	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
-	if err != nil {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeInvalidClient,
-			ErrorDescription: fmt.Sprintf("cannot load client with client id: %q", form.ClientID),
-		})
-		return
-	}
-	// "The authorization server MUST ... require client authentication for confidential clients"
-	// https://datatracker.ietf.org/doc/html/rfc6749#section-6
-	if app.ConfidentialClient && !app.ValidateClientSecret([]byte(form.ClientSecret)) {
-		errorDescription := "invalid client secret"
-		if form.ClientSecret == "" {
-			errorDescription = "invalid empty client secret"
-		}
-		// "invalid_client ... Client authentication failed"
-		// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeInvalidClient,
-			ErrorDescription: errorDescription,
-		})
-		return
-	}
-
-	token, err := oauth2.ParseToken(form.RefreshToken, serverKey)
-	if err != nil {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
-			ErrorDescription: "unable to parse refresh token",
-		})
-		return
-	}
-	// get grant before increasing counter
-	grant, err := auth.GetOAuth2GrantByID(ctx, token.GrantID)
-	if err != nil || grant == nil {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeInvalidGrant,
-			ErrorDescription: "grant does not exist",
-		})
-		return
-	}
-
-	// check if token got already used
-	if setting.OAuth2.InvalidateRefreshTokens && (grant.Counter != token.Counter || token.Counter == 0) {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
-			ErrorDescription: "token was already used",
-		})
-		log.Warn("A client tried to use a refresh token for grant_id = %d was used twice!", grant.ID)
-		return
-	}
-	accessToken, tokenErr := newAccessTokenResponse(ctx, grant, serverKey, clientKey)
-	if tokenErr != nil {
-		handleAccessTokenError(ctx, *tokenErr)
-		return
-	}
-	ctx.JSON(http.StatusOK, accessToken)
-}
-
-func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey oauth2.JWTSigningKey) {
-	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
-	if err != nil {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeInvalidClient,
-			ErrorDescription: fmt.Sprintf("cannot load client with client id: '%s'", form.ClientID),
-		})
-		return
-	}
-	if app.ConfidentialClient && !app.ValidateClientSecret([]byte(form.ClientSecret)) {
-		errorDescription := "invalid client secret"
-		if form.ClientSecret == "" {
-			errorDescription = "invalid empty client secret"
-		}
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
-			ErrorDescription: errorDescription,
-		})
-		return
-	}
-	if form.RedirectURI != "" && !app.ContainsRedirectURI(form.RedirectURI) {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
-			ErrorDescription: "unexpected redirect URI",
-		})
-		return
-	}
-	authorizationCode, err := auth.GetOAuth2AuthorizationByCode(ctx, form.Code)
-	if err != nil || authorizationCode == nil {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
-			ErrorDescription: "client is not authorized",
-		})
-		return
-	}
-	// check if code verifier authorizes the client, PKCE support
-	if !authorizationCode.ValidateCodeChallenge(form.CodeVerifier) {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
-			ErrorDescription: "failed PKCE code challenge",
-		})
-		return
-	}
-	// check if granted for this application
-	if authorizationCode.Grant.ApplicationID != app.ID {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeInvalidGrant,
-			ErrorDescription: "invalid grant",
-		})
-		return
-	}
-	// remove token from database to deny duplicate usage
-	if err := authorizationCode.Invalidate(ctx); err != nil {
-		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
-			ErrorDescription: "cannot proceed your request",
-		})
-	}
-	resp, tokenErr := newAccessTokenResponse(ctx, authorizationCode.Grant, serverKey, clientKey)
-	if tokenErr != nil {
-		handleAccessTokenError(ctx, *tokenErr)
-		return
-	}
-	// send successful response
-	ctx.JSON(http.StatusOK, resp)
-}
-
-func handleAccessTokenError(ctx *context.Context, acErr AccessTokenError) {
-	ctx.JSON(http.StatusBadRequest, acErr)
-}
-
-func handleServerError(ctx *context.Context, state, redirectURI string) {
-	handleAuthorizeError(ctx, AuthorizeError{
-		ErrorCode:        ErrorCodeServerError,
-		ErrorDescription: "A server error occurred",
-		State:            state,
-	}, redirectURI)
-}
-
-func handleAuthorizeError(ctx *context.Context, authErr AuthorizeError, redirectURI string) {
-	if redirectURI == "" {
-		log.Warn("Authorization failed: %v", authErr.ErrorDescription)
-		ctx.Data["Error"] = authErr
-		ctx.HTML(http.StatusBadRequest, tplGrantError)
-		return
-	}
-	redirect, err := url.Parse(redirectURI)
-	if err != nil {
-		ctx.ServerError("url.Parse", err)
-		return
-	}
-	q := redirect.Query()
-	q.Set("error", string(authErr.ErrorCode))
-	q.Set("error_description", authErr.ErrorDescription)
-	q.Set("state", authErr.State)
-	redirect.RawQuery = q.Encode()
-	ctx.Redirect(redirect.String(), http.StatusSeeOther)
-}
-
 // SignInOAuth handles the OAuth2 login buttons
 func SignInOAuth(ctx *context.Context) {
 	provider := ctx.PathParam(":provider")
diff --git a/routers/web/auth/oauth2_provider.go b/routers/web/auth/oauth2_provider.go
new file mode 100644
index 00000000000..29827b062de
--- /dev/null
+++ b/routers/web/auth/oauth2_provider.go
@@ -0,0 +1,666 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package auth
+
+import (
+	"errors"
+	"fmt"
+	"html"
+	"html/template"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"code.gitea.io/gitea/models/auth"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web"
+	auth_service "code.gitea.io/gitea/services/auth"
+	"code.gitea.io/gitea/services/context"
+	"code.gitea.io/gitea/services/forms"
+	"code.gitea.io/gitea/services/oauth2_provider"
+
+	"gitea.com/go-chi/binding"
+	jwt "github.com/golang-jwt/jwt/v5"
+)
+
+const (
+	tplGrantAccess base.TplName = "user/auth/grant"
+	tplGrantError  base.TplName = "user/auth/grant_error"
+)
+
+// TODO move error and responses to SDK or models
+
+// AuthorizeErrorCode represents an error code specified in RFC 6749
+// https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2.1
+type AuthorizeErrorCode string
+
+const (
+	// ErrorCodeInvalidRequest represents the according error in RFC 6749
+	ErrorCodeInvalidRequest AuthorizeErrorCode = "invalid_request"
+	// ErrorCodeUnauthorizedClient represents the according error in RFC 6749
+	ErrorCodeUnauthorizedClient AuthorizeErrorCode = "unauthorized_client"
+	// ErrorCodeAccessDenied represents the according error in RFC 6749
+	ErrorCodeAccessDenied AuthorizeErrorCode = "access_denied"
+	// ErrorCodeUnsupportedResponseType represents the according error in RFC 6749
+	ErrorCodeUnsupportedResponseType AuthorizeErrorCode = "unsupported_response_type"
+	// ErrorCodeInvalidScope represents the according error in RFC 6749
+	ErrorCodeInvalidScope AuthorizeErrorCode = "invalid_scope"
+	// ErrorCodeServerError represents the according error in RFC 6749
+	ErrorCodeServerError AuthorizeErrorCode = "server_error"
+	// ErrorCodeTemporaryUnavailable represents the according error in RFC 6749
+	ErrorCodeTemporaryUnavailable AuthorizeErrorCode = "temporarily_unavailable"
+)
+
+// AuthorizeError represents an error type specified in RFC 6749
+// https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2.1
+type AuthorizeError struct {
+	ErrorCode        AuthorizeErrorCode `json:"error" form:"error"`
+	ErrorDescription string
+	State            string
+}
+
+// Error returns the error message
+func (err AuthorizeError) Error() string {
+	return fmt.Sprintf("%s: %s", err.ErrorCode, err.ErrorDescription)
+}
+
+// errCallback represents a oauth2 callback error
+type errCallback struct {
+	Code        string
+	Description string
+}
+
+func (err errCallback) Error() string {
+	return err.Description
+}
+
+type userInfoResponse struct {
+	Sub      string   `json:"sub"`
+	Name     string   `json:"name"`
+	Username string   `json:"preferred_username"`
+	Email    string   `json:"email"`
+	Picture  string   `json:"picture"`
+	Groups   []string `json:"groups"`
+}
+
+// InfoOAuth manages request for userinfo endpoint
+func InfoOAuth(ctx *context.Context) {
+	if ctx.Doer == nil || ctx.Data["AuthedMethod"] != (&auth_service.OAuth2{}).Name() {
+		ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm=""`)
+		ctx.PlainText(http.StatusUnauthorized, "no valid authorization")
+		return
+	}
+
+	response := &userInfoResponse{
+		Sub:      fmt.Sprint(ctx.Doer.ID),
+		Name:     ctx.Doer.FullName,
+		Username: ctx.Doer.Name,
+		Email:    ctx.Doer.Email,
+		Picture:  ctx.Doer.AvatarLink(ctx),
+	}
+
+	groups, err := oauth2_provider.GetOAuthGroupsForUser(ctx, ctx.Doer)
+	if err != nil {
+		ctx.ServerError("Oauth groups for user", err)
+		return
+	}
+	response.Groups = groups
+
+	ctx.JSON(http.StatusOK, response)
+}
+
+func parseBasicAuth(ctx *context.Context) (username, password string, err error) {
+	authHeader := ctx.Req.Header.Get("Authorization")
+	if authType, authData, ok := strings.Cut(authHeader, " "); ok && strings.EqualFold(authType, "Basic") {
+		return base.BasicAuthDecode(authData)
+	}
+	return "", "", errors.New("invalid basic authentication")
+}
+
+// IntrospectOAuth introspects an oauth token
+func IntrospectOAuth(ctx *context.Context) {
+	clientIDValid := false
+	if clientID, clientSecret, err := parseBasicAuth(ctx); err == nil {
+		app, err := auth.GetOAuth2ApplicationByClientID(ctx, clientID)
+		if err != nil && !auth.IsErrOauthClientIDInvalid(err) {
+			// this is likely a database error; log it and respond without details
+			log.Error("Error retrieving client_id: %v", err)
+			ctx.Error(http.StatusInternalServerError)
+			return
+		}
+		clientIDValid = err == nil && app.ValidateClientSecret([]byte(clientSecret))
+	}
+	if !clientIDValid {
+		ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm=""`)
+		ctx.PlainText(http.StatusUnauthorized, "no valid authorization")
+		return
+	}
+
+	var response struct {
+		Active   bool   `json:"active"`
+		Scope    string `json:"scope,omitempty"`
+		Username string `json:"username,omitempty"`
+		jwt.RegisteredClaims
+	}
+
+	form := web.GetForm(ctx).(*forms.IntrospectTokenForm)
+	token, err := oauth2_provider.ParseToken(form.Token, oauth2_provider.DefaultSigningKey)
+	if err == nil {
+		grant, err := auth.GetOAuth2GrantByID(ctx, token.GrantID)
+		if err == nil && grant != nil {
+			app, err := auth.GetOAuth2ApplicationByID(ctx, grant.ApplicationID)
+			if err == nil && app != nil {
+				response.Active = true
+				response.Scope = grant.Scope
+				response.Issuer = setting.AppURL
+				response.Audience = []string{app.ClientID}
+				response.Subject = fmt.Sprint(grant.UserID)
+			}
+			if user, err := user_model.GetUserByID(ctx, grant.UserID); err == nil {
+				response.Username = user.Name
+			}
+		}
+	}
+
+	ctx.JSON(http.StatusOK, response)
+}
+
+// AuthorizeOAuth manages authorize requests
+func AuthorizeOAuth(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.AuthorizationForm)
+	errs := binding.Errors{}
+	errs = form.Validate(ctx.Req, errs)
+	if len(errs) > 0 {
+		errstring := ""
+		for _, e := range errs {
+			errstring += e.Error() + "\n"
+		}
+		ctx.ServerError("AuthorizeOAuth: Validate: ", fmt.Errorf("errors occurred during validation: %s", errstring))
+		return
+	}
+
+	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
+	if err != nil {
+		if auth.IsErrOauthClientIDInvalid(err) {
+			handleAuthorizeError(ctx, AuthorizeError{
+				ErrorCode:        ErrorCodeUnauthorizedClient,
+				ErrorDescription: "Client ID not registered",
+				State:            form.State,
+			}, "")
+			return
+		}
+		ctx.ServerError("GetOAuth2ApplicationByClientID", err)
+		return
+	}
+
+	var user *user_model.User
+	if app.UID != 0 {
+		user, err = user_model.GetUserByID(ctx, app.UID)
+		if err != nil {
+			ctx.ServerError("GetUserByID", err)
+			return
+		}
+	}
+
+	if !app.ContainsRedirectURI(form.RedirectURI) {
+		handleAuthorizeError(ctx, AuthorizeError{
+			ErrorCode:        ErrorCodeInvalidRequest,
+			ErrorDescription: "Unregistered Redirect URI",
+			State:            form.State,
+		}, "")
+		return
+	}
+
+	if form.ResponseType != "code" {
+		handleAuthorizeError(ctx, AuthorizeError{
+			ErrorCode:        ErrorCodeUnsupportedResponseType,
+			ErrorDescription: "Only code response type is supported.",
+			State:            form.State,
+		}, form.RedirectURI)
+		return
+	}
+
+	// pkce support
+	switch form.CodeChallengeMethod {
+	case "S256":
+	case "plain":
+		if err := ctx.Session.Set("CodeChallengeMethod", form.CodeChallengeMethod); err != nil {
+			handleAuthorizeError(ctx, AuthorizeError{
+				ErrorCode:        ErrorCodeServerError,
+				ErrorDescription: "cannot set code challenge method",
+				State:            form.State,
+			}, form.RedirectURI)
+			return
+		}
+		if err := ctx.Session.Set("CodeChallengeMethod", form.CodeChallenge); err != nil {
+			handleAuthorizeError(ctx, AuthorizeError{
+				ErrorCode:        ErrorCodeServerError,
+				ErrorDescription: "cannot set code challenge",
+				State:            form.State,
+			}, form.RedirectURI)
+			return
+		}
+		// Here we're just going to try to release the session early
+		if err := ctx.Session.Release(); err != nil {
+			// we'll tolerate errors here as they *should* get saved elsewhere
+			log.Error("Unable to save changes to the session: %v", err)
+		}
+	case "":
+		// "Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message"
+		// https://datatracker.ietf.org/doc/html/rfc8252#section-8.1
+		if !app.ConfidentialClient {
+			// "the authorization endpoint MUST return the authorization error response with the "error" value set to "invalid_request""
+			// https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1
+			handleAuthorizeError(ctx, AuthorizeError{
+				ErrorCode:        ErrorCodeInvalidRequest,
+				ErrorDescription: "PKCE is required for public clients",
+				State:            form.State,
+			}, form.RedirectURI)
+			return
+		}
+	default:
+		// "If the server supporting PKCE does not support the requested transformation, the authorization endpoint MUST return the authorization error response with "error" value set to "invalid_request"."
+		// https://www.rfc-editor.org/rfc/rfc7636#section-4.4.1
+		handleAuthorizeError(ctx, AuthorizeError{
+			ErrorCode:        ErrorCodeInvalidRequest,
+			ErrorDescription: "unsupported code challenge method",
+			State:            form.State,
+		}, form.RedirectURI)
+		return
+	}
+
+	grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID)
+	if err != nil {
+		handleServerError(ctx, form.State, form.RedirectURI)
+		return
+	}
+
+	// Redirect if user already granted access and the application is confidential or trusted otherwise
+	// I.e. always require authorization for untrusted public clients as recommended by RFC 6749 Section 10.2
+	if (app.ConfidentialClient || app.SkipSecondaryAuthorization) && grant != nil {
+		code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, form.CodeChallenge, form.CodeChallengeMethod)
+		if err != nil {
+			handleServerError(ctx, form.State, form.RedirectURI)
+			return
+		}
+		redirect, err := code.GenerateRedirectURI(form.State)
+		if err != nil {
+			handleServerError(ctx, form.State, form.RedirectURI)
+			return
+		}
+		// Update nonce to reflect the new session
+		if len(form.Nonce) > 0 {
+			err := grant.SetNonce(ctx, form.Nonce)
+			if err != nil {
+				log.Error("Unable to update nonce: %v", err)
+			}
+		}
+		ctx.Redirect(redirect.String())
+		return
+	}
+
+	// show authorize page to grant access
+	ctx.Data["Application"] = app
+	ctx.Data["RedirectURI"] = form.RedirectURI
+	ctx.Data["State"] = form.State
+	ctx.Data["Scope"] = form.Scope
+	ctx.Data["Nonce"] = form.Nonce
+	if user != nil {
+		ctx.Data["ApplicationCreatorLinkHTML"] = template.HTML(fmt.Sprintf(`<a href="%s">@%s</a>`, html.EscapeString(user.HomeLink()), html.EscapeString(user.Name)))
+	} else {
+		ctx.Data["ApplicationCreatorLinkHTML"] = template.HTML(fmt.Sprintf(`<a href="%s">%s</a>`, html.EscapeString(setting.AppSubURL+"/"), html.EscapeString(setting.AppName)))
+	}
+	ctx.Data["ApplicationRedirectDomainHTML"] = template.HTML("<strong>" + html.EscapeString(form.RedirectURI) + "</strong>")
+	// TODO document SESSION <=> FORM
+	err = ctx.Session.Set("client_id", app.ClientID)
+	if err != nil {
+		handleServerError(ctx, form.State, form.RedirectURI)
+		log.Error(err.Error())
+		return
+	}
+	err = ctx.Session.Set("redirect_uri", form.RedirectURI)
+	if err != nil {
+		handleServerError(ctx, form.State, form.RedirectURI)
+		log.Error(err.Error())
+		return
+	}
+	err = ctx.Session.Set("state", form.State)
+	if err != nil {
+		handleServerError(ctx, form.State, form.RedirectURI)
+		log.Error(err.Error())
+		return
+	}
+	// Here we're just going to try to release the session early
+	if err := ctx.Session.Release(); err != nil {
+		// we'll tolerate errors here as they *should* get saved elsewhere
+		log.Error("Unable to save changes to the session: %v", err)
+	}
+	ctx.HTML(http.StatusOK, tplGrantAccess)
+}
+
+// GrantApplicationOAuth manages the post request submitted when a user grants access to an application
+func GrantApplicationOAuth(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.GrantApplicationForm)
+	if ctx.Session.Get("client_id") != form.ClientID || ctx.Session.Get("state") != form.State ||
+		ctx.Session.Get("redirect_uri") != form.RedirectURI {
+		ctx.Error(http.StatusBadRequest)
+		return
+	}
+
+	if !form.Granted {
+		handleAuthorizeError(ctx, AuthorizeError{
+			State:            form.State,
+			ErrorDescription: "the request is denied",
+			ErrorCode:        ErrorCodeAccessDenied,
+		}, form.RedirectURI)
+		return
+	}
+
+	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
+	if err != nil {
+		ctx.ServerError("GetOAuth2ApplicationByClientID", err)
+		return
+	}
+	grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID)
+	if err != nil {
+		handleServerError(ctx, form.State, form.RedirectURI)
+		return
+	}
+	if grant == nil {
+		grant, err = app.CreateGrant(ctx, ctx.Doer.ID, form.Scope)
+		if err != nil {
+			handleAuthorizeError(ctx, AuthorizeError{
+				State:            form.State,
+				ErrorDescription: "cannot create grant for user",
+				ErrorCode:        ErrorCodeServerError,
+			}, form.RedirectURI)
+			return
+		}
+	} else if grant.Scope != form.Scope {
+		handleAuthorizeError(ctx, AuthorizeError{
+			State:            form.State,
+			ErrorDescription: "a grant exists with different scope",
+			ErrorCode:        ErrorCodeServerError,
+		}, form.RedirectURI)
+		return
+	}
+
+	if len(form.Nonce) > 0 {
+		err := grant.SetNonce(ctx, form.Nonce)
+		if err != nil {
+			log.Error("Unable to update nonce: %v", err)
+		}
+	}
+
+	var codeChallenge, codeChallengeMethod string
+	codeChallenge, _ = ctx.Session.Get("CodeChallenge").(string)
+	codeChallengeMethod, _ = ctx.Session.Get("CodeChallengeMethod").(string)
+
+	code, err := grant.GenerateNewAuthorizationCode(ctx, form.RedirectURI, codeChallenge, codeChallengeMethod)
+	if err != nil {
+		handleServerError(ctx, form.State, form.RedirectURI)
+		return
+	}
+	redirect, err := code.GenerateRedirectURI(form.State)
+	if err != nil {
+		handleServerError(ctx, form.State, form.RedirectURI)
+		return
+	}
+	ctx.Redirect(redirect.String(), http.StatusSeeOther)
+}
+
+// OIDCWellKnown generates JSON so OIDC clients know Gitea's capabilities
+func OIDCWellKnown(ctx *context.Context) {
+	ctx.Data["SigningKey"] = oauth2_provider.DefaultSigningKey
+	ctx.JSONTemplate("user/auth/oidc_wellknown")
+}
+
+// OIDCKeys generates the JSON Web Key Set
+func OIDCKeys(ctx *context.Context) {
+	jwk, err := oauth2_provider.DefaultSigningKey.ToJWK()
+	if err != nil {
+		log.Error("Error converting signing key to JWK: %v", err)
+		ctx.Error(http.StatusInternalServerError)
+		return
+	}
+
+	jwk["use"] = "sig"
+
+	jwks := map[string][]map[string]string{
+		"keys": {
+			jwk,
+		},
+	}
+
+	ctx.Resp.Header().Set("Content-Type", "application/json")
+	enc := json.NewEncoder(ctx.Resp)
+	if err := enc.Encode(jwks); err != nil {
+		log.Error("Failed to encode representation as json. Error: %v", err)
+	}
+}
+
+// AccessTokenOAuth manages all access token requests by the client
+func AccessTokenOAuth(ctx *context.Context) {
+	form := *web.GetForm(ctx).(*forms.AccessTokenForm)
+	// if there is no ClientID or ClientSecret in the request body, fill these fields by the Authorization header and ensure the provided field matches the Authorization header
+	if form.ClientID == "" || form.ClientSecret == "" {
+		authHeader := ctx.Req.Header.Get("Authorization")
+		if authType, authData, ok := strings.Cut(authHeader, " "); ok && strings.EqualFold(authType, "Basic") {
+			clientID, clientSecret, err := base.BasicAuthDecode(authData)
+			if err != nil {
+				handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+					ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidRequest,
+					ErrorDescription: "cannot parse basic auth header",
+				})
+				return
+			}
+			// validate that any fields present in the form match the Basic auth header
+			if form.ClientID != "" && form.ClientID != clientID {
+				handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+					ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidRequest,
+					ErrorDescription: "client_id in request body inconsistent with Authorization header",
+				})
+				return
+			}
+			form.ClientID = clientID
+			if form.ClientSecret != "" && form.ClientSecret != clientSecret {
+				handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+					ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidRequest,
+					ErrorDescription: "client_secret in request body inconsistent with Authorization header",
+				})
+				return
+			}
+			form.ClientSecret = clientSecret
+		}
+	}
+
+	serverKey := oauth2_provider.DefaultSigningKey
+	clientKey := serverKey
+	if serverKey.IsSymmetric() {
+		var err error
+		clientKey, err = oauth2_provider.CreateJWTSigningKey(serverKey.SigningMethod().Alg(), []byte(form.ClientSecret))
+		if err != nil {
+			handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+				ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidRequest,
+				ErrorDescription: "Error creating signing key",
+			})
+			return
+		}
+	}
+
+	switch form.GrantType {
+	case "refresh_token":
+		handleRefreshToken(ctx, form, serverKey, clientKey)
+	case "authorization_code":
+		handleAuthorizationCode(ctx, form, serverKey, clientKey)
+	default:
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeUnsupportedGrantType,
+			ErrorDescription: "Only refresh_token or authorization_code grant type is supported",
+		})
+	}
+}
+
+func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey oauth2_provider.JWTSigningKey) {
+	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
+	if err != nil {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidClient,
+			ErrorDescription: fmt.Sprintf("cannot load client with client id: %q", form.ClientID),
+		})
+		return
+	}
+	// "The authorization server MUST ... require client authentication for confidential clients"
+	// https://datatracker.ietf.org/doc/html/rfc6749#section-6
+	if app.ConfidentialClient && !app.ValidateClientSecret([]byte(form.ClientSecret)) {
+		errorDescription := "invalid client secret"
+		if form.ClientSecret == "" {
+			errorDescription = "invalid empty client secret"
+		}
+		// "invalid_client ... Client authentication failed"
+		// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidClient,
+			ErrorDescription: errorDescription,
+		})
+		return
+	}
+
+	token, err := oauth2_provider.ParseToken(form.RefreshToken, serverKey)
+	if err != nil {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeUnauthorizedClient,
+			ErrorDescription: "unable to parse refresh token",
+		})
+		return
+	}
+	// get grant before increasing counter
+	grant, err := auth.GetOAuth2GrantByID(ctx, token.GrantID)
+	if err != nil || grant == nil {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidGrant,
+			ErrorDescription: "grant does not exist",
+		})
+		return
+	}
+
+	// check if token got already used
+	if setting.OAuth2.InvalidateRefreshTokens && (grant.Counter != token.Counter || token.Counter == 0) {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeUnauthorizedClient,
+			ErrorDescription: "token was already used",
+		})
+		log.Warn("A client tried to use a refresh token for grant_id = %d was used twice!", grant.ID)
+		return
+	}
+	accessToken, tokenErr := oauth2_provider.NewAccessTokenResponse(ctx, grant, serverKey, clientKey)
+	if tokenErr != nil {
+		handleAccessTokenError(ctx, *tokenErr)
+		return
+	}
+	ctx.JSON(http.StatusOK, accessToken)
+}
+
+func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey oauth2_provider.JWTSigningKey) {
+	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
+	if err != nil {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidClient,
+			ErrorDescription: fmt.Sprintf("cannot load client with client id: '%s'", form.ClientID),
+		})
+		return
+	}
+	if app.ConfidentialClient && !app.ValidateClientSecret([]byte(form.ClientSecret)) {
+		errorDescription := "invalid client secret"
+		if form.ClientSecret == "" {
+			errorDescription = "invalid empty client secret"
+		}
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeUnauthorizedClient,
+			ErrorDescription: errorDescription,
+		})
+		return
+	}
+	if form.RedirectURI != "" && !app.ContainsRedirectURI(form.RedirectURI) {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeUnauthorizedClient,
+			ErrorDescription: "unexpected redirect URI",
+		})
+		return
+	}
+	authorizationCode, err := auth.GetOAuth2AuthorizationByCode(ctx, form.Code)
+	if err != nil || authorizationCode == nil {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeUnauthorizedClient,
+			ErrorDescription: "client is not authorized",
+		})
+		return
+	}
+	// check if code verifier authorizes the client, PKCE support
+	if !authorizationCode.ValidateCodeChallenge(form.CodeVerifier) {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeUnauthorizedClient,
+			ErrorDescription: "failed PKCE code challenge",
+		})
+		return
+	}
+	// check if granted for this application
+	if authorizationCode.Grant.ApplicationID != app.ID {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidGrant,
+			ErrorDescription: "invalid grant",
+		})
+		return
+	}
+	// remove token from database to deny duplicate usage
+	if err := authorizationCode.Invalidate(ctx); err != nil {
+		handleAccessTokenError(ctx, oauth2_provider.AccessTokenError{
+			ErrorCode:        oauth2_provider.AccessTokenErrorCodeInvalidRequest,
+			ErrorDescription: "cannot proceed your request",
+		})
+	}
+	resp, tokenErr := oauth2_provider.NewAccessTokenResponse(ctx, authorizationCode.Grant, serverKey, clientKey)
+	if tokenErr != nil {
+		handleAccessTokenError(ctx, *tokenErr)
+		return
+	}
+	// send successful response
+	ctx.JSON(http.StatusOK, resp)
+}
+
+func handleAccessTokenError(ctx *context.Context, acErr oauth2_provider.AccessTokenError) {
+	ctx.JSON(http.StatusBadRequest, acErr)
+}
+
+func handleServerError(ctx *context.Context, state, redirectURI string) {
+	handleAuthorizeError(ctx, AuthorizeError{
+		ErrorCode:        ErrorCodeServerError,
+		ErrorDescription: "A server error occurred",
+		State:            state,
+	}, redirectURI)
+}
+
+func handleAuthorizeError(ctx *context.Context, authErr AuthorizeError, redirectURI string) {
+	if redirectURI == "" {
+		log.Warn("Authorization failed: %v", authErr.ErrorDescription)
+		ctx.Data["Error"] = authErr
+		ctx.HTML(http.StatusBadRequest, tplGrantError)
+		return
+	}
+	redirect, err := url.Parse(redirectURI)
+	if err != nil {
+		ctx.ServerError("url.Parse", err)
+		return
+	}
+	q := redirect.Query()
+	q.Set("error", string(authErr.ErrorCode))
+	q.Set("error_description", authErr.ErrorDescription)
+	q.Set("state", authErr.State)
+	redirect.RawQuery = q.Encode()
+	ctx.Redirect(redirect.String(), http.StatusSeeOther)
+}
diff --git a/routers/web/auth/oauth_test.go b/routers/web/auth/oauth_test.go
index 4339d9d1eba..78af97fa9c6 100644
--- a/routers/web/auth/oauth_test.go
+++ b/routers/web/auth/oauth_test.go
@@ -11,22 +11,22 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/services/auth/source/oauth2"
+	"code.gitea.io/gitea/services/oauth2_provider"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/stretchr/testify/assert"
 )
 
-func createAndParseToken(t *testing.T, grant *auth.OAuth2Grant) *oauth2.OIDCToken {
-	signingKey, err := oauth2.CreateJWTSigningKey("HS256", make([]byte, 32))
+func createAndParseToken(t *testing.T, grant *auth.OAuth2Grant) *oauth2_provider.OIDCToken {
+	signingKey, err := oauth2_provider.CreateJWTSigningKey("HS256", make([]byte, 32))
 	assert.NoError(t, err)
 	assert.NotNil(t, signingKey)
 
-	response, terr := newAccessTokenResponse(db.DefaultContext, grant, signingKey, signingKey)
+	response, terr := oauth2_provider.NewAccessTokenResponse(db.DefaultContext, grant, signingKey, signingKey)
 	assert.Nil(t, terr)
 	assert.NotNil(t, response)
 
-	parsedToken, err := jwt.ParseWithClaims(response.IDToken, &oauth2.OIDCToken{}, func(token *jwt.Token) (any, error) {
+	parsedToken, err := jwt.ParseWithClaims(response.IDToken, &oauth2_provider.OIDCToken{}, func(token *jwt.Token) (any, error) {
 		assert.NotNil(t, token.Method)
 		assert.Equal(t, signingKey.SigningMethod().Alg(), token.Method.Alg())
 		return signingKey.VerifyKey(), nil
@@ -34,7 +34,7 @@ func createAndParseToken(t *testing.T, grant *auth.OAuth2Grant) *oauth2.OIDCToke
 	assert.NoError(t, err)
 	assert.True(t, parsedToken.Valid)
 
-	oidcToken, ok := parsedToken.Claims.(*oauth2.OIDCToken)
+	oidcToken, ok := parsedToken.Claims.(*oauth2_provider.OIDCToken)
 	assert.True(t, ok)
 	assert.NotNil(t, oidcToken)
 
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
index 46d85101436..523998a6345 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@@ -17,7 +17,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/web/middleware"
-	"code.gitea.io/gitea/services/auth/source/oauth2"
+	"code.gitea.io/gitea/services/oauth2_provider"
 )
 
 // Ensure the struct implements the interface.
@@ -31,7 +31,7 @@ func CheckOAuthAccessToken(ctx context.Context, accessToken string) int64 {
 	if !strings.Contains(accessToken, ".") {
 		return 0
 	}
-	token, err := oauth2.ParseToken(accessToken, oauth2.DefaultSigningKey)
+	token, err := oauth2_provider.ParseToken(accessToken, oauth2_provider.DefaultSigningKey)
 	if err != nil {
 		log.Trace("oauth2.ParseToken: %v", err)
 		return 0
@@ -40,7 +40,7 @@ func CheckOAuthAccessToken(ctx context.Context, accessToken string) int64 {
 	if grant, err = auth_model.GetOAuth2GrantByID(ctx, token.GrantID); err != nil || grant == nil {
 		return 0
 	}
-	if token.Type != oauth2.TypeAccessToken {
+	if token.Kind != oauth2_provider.KindAccessToken {
 		return 0
 	}
 	if token.ExpiresAt.Before(time.Now()) || token.IssuedAt.After(time.Now()) {
diff --git a/services/auth/source/oauth2/init.go b/services/auth/source/oauth2/init.go
index 5c256815486..313f375281b 100644
--- a/services/auth/source/oauth2/init.go
+++ b/services/auth/source/oauth2/init.go
@@ -30,10 +30,6 @@ const ProviderHeaderKey = "gitea-oauth2-provider"
 
 // Init initializes the oauth source
 func Init(ctx context.Context) error {
-	if err := InitSigningKey(); err != nil {
-		return err
-	}
-
 	// Lock our mutex
 	gothRWMutex.Lock()
 
diff --git a/services/oauth2_provider/access_token.go b/services/oauth2_provider/access_token.go
new file mode 100644
index 00000000000..00c960caf2e
--- /dev/null
+++ b/services/oauth2_provider/access_token.go
@@ -0,0 +1,214 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package oauth2_provider //nolint
+
+import (
+	"context"
+	"fmt"
+
+	auth "code.gitea.io/gitea/models/auth"
+	org_model "code.gitea.io/gitea/models/organization"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+// AccessTokenErrorCode represents an error code specified in RFC 6749
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
+type AccessTokenErrorCode string
+
+const (
+	// AccessTokenErrorCodeInvalidRequest represents an error code specified in RFC 6749
+	AccessTokenErrorCodeInvalidRequest AccessTokenErrorCode = "invalid_request"
+	// AccessTokenErrorCodeInvalidClient represents an error code specified in RFC 6749
+	AccessTokenErrorCodeInvalidClient = "invalid_client"
+	// AccessTokenErrorCodeInvalidGrant represents an error code specified in RFC 6749
+	AccessTokenErrorCodeInvalidGrant = "invalid_grant"
+	// AccessTokenErrorCodeUnauthorizedClient represents an error code specified in RFC 6749
+	AccessTokenErrorCodeUnauthorizedClient = "unauthorized_client"
+	// AccessTokenErrorCodeUnsupportedGrantType represents an error code specified in RFC 6749
+	AccessTokenErrorCodeUnsupportedGrantType = "unsupported_grant_type"
+	// AccessTokenErrorCodeInvalidScope represents an error code specified in RFC 6749
+	AccessTokenErrorCodeInvalidScope = "invalid_scope"
+)
+
+// AccessTokenError represents an error response specified in RFC 6749
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
+type AccessTokenError struct {
+	ErrorCode        AccessTokenErrorCode `json:"error" form:"error"`
+	ErrorDescription string               `json:"error_description"`
+}
+
+// Error returns the error message
+func (err AccessTokenError) Error() string {
+	return fmt.Sprintf("%s: %s", err.ErrorCode, err.ErrorDescription)
+}
+
+// TokenType specifies the kind of token
+type TokenType string
+
+const (
+	// TokenTypeBearer represents a token type specified in RFC 6749
+	TokenTypeBearer TokenType = "bearer"
+	// TokenTypeMAC represents a token type specified in RFC 6749
+	TokenTypeMAC = "mac"
+)
+
+// AccessTokenResponse represents a successful access token response
+// https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2
+type AccessTokenResponse struct {
+	AccessToken  string    `json:"access_token"`
+	TokenType    TokenType `json:"token_type"`
+	ExpiresIn    int64     `json:"expires_in"`
+	RefreshToken string    `json:"refresh_token"`
+	IDToken      string    `json:"id_token,omitempty"`
+}
+
+func NewAccessTokenResponse(ctx context.Context, grant *auth.OAuth2Grant, serverKey, clientKey JWTSigningKey) (*AccessTokenResponse, *AccessTokenError) {
+	if setting.OAuth2.InvalidateRefreshTokens {
+		if err := grant.IncreaseCounter(ctx); err != nil {
+			return nil, &AccessTokenError{
+				ErrorCode:        AccessTokenErrorCodeInvalidGrant,
+				ErrorDescription: "cannot increase the grant counter",
+			}
+		}
+	}
+	// generate access token to access the API
+	expirationDate := timeutil.TimeStampNow().Add(setting.OAuth2.AccessTokenExpirationTime)
+	accessToken := &Token{
+		GrantID: grant.ID,
+		Kind:    KindAccessToken,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(expirationDate.AsTime()),
+		},
+	}
+	signedAccessToken, err := accessToken.SignToken(serverKey)
+	if err != nil {
+		return nil, &AccessTokenError{
+			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
+			ErrorDescription: "cannot sign token",
+		}
+	}
+
+	// generate refresh token to request an access token after it expired later
+	refreshExpirationDate := timeutil.TimeStampNow().Add(setting.OAuth2.RefreshTokenExpirationTime * 60 * 60).AsTime()
+	refreshToken := &Token{
+		GrantID: grant.ID,
+		Counter: grant.Counter,
+		Kind:    KindRefreshToken,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(refreshExpirationDate),
+		},
+	}
+	signedRefreshToken, err := refreshToken.SignToken(serverKey)
+	if err != nil {
+		return nil, &AccessTokenError{
+			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
+			ErrorDescription: "cannot sign token",
+		}
+	}
+
+	// generate OpenID Connect id_token
+	signedIDToken := ""
+	if grant.ScopeContains("openid") {
+		app, err := auth.GetOAuth2ApplicationByID(ctx, grant.ApplicationID)
+		if err != nil {
+			return nil, &AccessTokenError{
+				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
+				ErrorDescription: "cannot find application",
+			}
+		}
+		user, err := user_model.GetUserByID(ctx, grant.UserID)
+		if err != nil {
+			if user_model.IsErrUserNotExist(err) {
+				return nil, &AccessTokenError{
+					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
+					ErrorDescription: "cannot find user",
+				}
+			}
+			log.Error("Error loading user: %v", err)
+			return nil, &AccessTokenError{
+				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
+				ErrorDescription: "server error",
+			}
+		}
+
+		idToken := &OIDCToken{
+			RegisteredClaims: jwt.RegisteredClaims{
+				ExpiresAt: jwt.NewNumericDate(expirationDate.AsTime()),
+				Issuer:    setting.AppURL,
+				Audience:  []string{app.ClientID},
+				Subject:   fmt.Sprint(grant.UserID),
+			},
+			Nonce: grant.Nonce,
+		}
+		if grant.ScopeContains("profile") {
+			idToken.Name = user.GetDisplayName()
+			idToken.PreferredUsername = user.Name
+			idToken.Profile = user.HTMLURL()
+			idToken.Picture = user.AvatarLink(ctx)
+			idToken.Website = user.Website
+			idToken.Locale = user.Language
+			idToken.UpdatedAt = user.UpdatedUnix
+		}
+		if grant.ScopeContains("email") {
+			idToken.Email = user.Email
+			idToken.EmailVerified = user.IsActive
+		}
+		if grant.ScopeContains("groups") {
+			groups, err := GetOAuthGroupsForUser(ctx, user)
+			if err != nil {
+				log.Error("Error getting groups: %v", err)
+				return nil, &AccessTokenError{
+					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
+					ErrorDescription: "server error",
+				}
+			}
+			idToken.Groups = groups
+		}
+
+		signedIDToken, err = idToken.SignToken(clientKey)
+		if err != nil {
+			return nil, &AccessTokenError{
+				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
+				ErrorDescription: "cannot sign token",
+			}
+		}
+	}
+
+	return &AccessTokenResponse{
+		AccessToken:  signedAccessToken,
+		TokenType:    TokenTypeBearer,
+		ExpiresIn:    setting.OAuth2.AccessTokenExpirationTime,
+		RefreshToken: signedRefreshToken,
+		IDToken:      signedIDToken,
+	}, nil
+}
+
+// returns a list of "org" and "org:team" strings,
+// that the given user is a part of.
+func GetOAuthGroupsForUser(ctx context.Context, user *user_model.User) ([]string, error) {
+	orgs, err := org_model.GetUserOrgsList(ctx, user)
+	if err != nil {
+		return nil, fmt.Errorf("GetUserOrgList: %w", err)
+	}
+
+	var groups []string
+	for _, org := range orgs {
+		groups = append(groups, org.Name)
+		teams, err := org.LoadTeams(ctx)
+		if err != nil {
+			return nil, fmt.Errorf("LoadTeams: %w", err)
+		}
+		for _, team := range teams {
+			if team.IsMember(ctx, user.ID) {
+				groups = append(groups, org.Name+":"+team.LowerName)
+			}
+		}
+	}
+	return groups, nil
+}
diff --git a/services/oauth2_provider/init.go b/services/oauth2_provider/init.go
new file mode 100644
index 00000000000..e5958099a6b
--- /dev/null
+++ b/services/oauth2_provider/init.go
@@ -0,0 +1,19 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package oauth2_provider //nolint
+
+import (
+	"context"
+
+	"code.gitea.io/gitea/modules/setting"
+)
+
+// Init initializes the oauth source
+func Init(ctx context.Context) error {
+	if !setting.OAuth2.Enabled {
+		return nil
+	}
+
+	return InitSigningKey()
+}
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/oauth2_provider/jwtsigningkey.go
similarity index 99%
rename from services/auth/source/oauth2/jwtsigningkey.go
rename to services/oauth2_provider/jwtsigningkey.go
index 070fffe60f7..6c668db4635 100644
--- a/services/auth/source/oauth2/jwtsigningkey.go
+++ b/services/oauth2_provider/jwtsigningkey.go
@@ -1,7 +1,7 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package oauth2
+package oauth2_provider //nolint
 
 import (
 	"crypto/ecdsa"
diff --git a/services/auth/source/oauth2/token.go b/services/oauth2_provider/token.go
similarity index 83%
rename from services/auth/source/oauth2/token.go
rename to services/oauth2_provider/token.go
index 3405619d3fa..b71b11906e5 100644
--- a/services/auth/source/oauth2/token.go
+++ b/services/oauth2_provider/token.go
@@ -1,7 +1,7 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package oauth2
+package oauth2_provider //nolint
 
 import (
 	"fmt"
@@ -12,29 +12,22 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )
 
-// ___________     __
-// \__    ___/___ |  | __ ____   ____
-//   |    | /  _ \|  |/ // __ \ /    \
-//   |    |(  <_> )    <\  ___/|   |  \
-//   |____| \____/|__|_ \\___  >___|  /
-//                     \/    \/     \/
-
 // Token represents an Oauth grant
 
-// TokenType represents the type of token for an oauth application
-type TokenType int
+// TokenKind represents the type of token for an oauth application
+type TokenKind int
 
 const (
-	// TypeAccessToken is a token with short lifetime to access the api
-	TypeAccessToken TokenType = 0
-	// TypeRefreshToken is token with long lifetime to refresh access tokens obtained by the client
-	TypeRefreshToken = iota
+	// KindAccessToken is a token with short lifetime to access the api
+	KindAccessToken TokenKind = 0
+	// KindRefreshToken is token with long lifetime to refresh access tokens obtained by the client
+	KindRefreshToken = iota
 )
 
 // Token represents a JWT token used to authenticate a client
 type Token struct {
 	GrantID int64     `json:"gnt"`
-	Type    TokenType `json:"tt"`
+	Kind    TokenKind `json:"tt"`
 	Counter int64     `json:"cnt,omitempty"`
 	jwt.RegisteredClaims
 }
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index b1acf90d147..b32d365b04d 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -11,7 +11,7 @@ import (
 
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/routers/web/auth"
+	oauth2_provider "code.gitea.io/gitea/services/oauth2_provider"
 	"code.gitea.io/gitea/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -177,7 +177,7 @@ func TestAccessTokenExchangeWithoutPKCE(t *testing.T) {
 		"code":          "authcode",
 	})
 	resp := MakeRequest(t, req, http.StatusBadRequest)
-	parsedError := new(auth.AccessTokenError)
+	parsedError := new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "failed PKCE code challenge", parsedError.ErrorDescription)
@@ -195,7 +195,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp := MakeRequest(t, req, http.StatusBadRequest)
-	parsedError := new(auth.AccessTokenError)
+	parsedError := new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "invalid_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "cannot load client with client id: '???'", parsedError.ErrorDescription)
@@ -210,7 +210,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
+	parsedError = new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "invalid client secret", parsedError.ErrorDescription)
@@ -225,7 +225,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
+	parsedError = new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "unexpected redirect URI", parsedError.ErrorDescription)
@@ -240,7 +240,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
+	parsedError = new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "client is not authorized", parsedError.ErrorDescription)
@@ -255,7 +255,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
+	parsedError = new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "unsupported_grant_type", string(parsedError.ErrorCode))
 	assert.Equal(t, "Only refresh_token or authorization_code grant type is supported", parsedError.ErrorDescription)
@@ -292,7 +292,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {
 	})
 	req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OmJsYWJsYQ==")
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError := new(auth.AccessTokenError)
+	parsedError := new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "invalid client secret", parsedError.ErrorDescription)
@@ -305,7 +305,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
+	parsedError = new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "invalid_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "cannot load client with client id: ''", parsedError.ErrorDescription)
@@ -319,7 +319,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {
 	})
 	req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9")
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
+	parsedError = new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "invalid_request", string(parsedError.ErrorCode))
 	assert.Equal(t, "client_id in request body inconsistent with Authorization header", parsedError.ErrorDescription)
@@ -333,7 +333,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {
 	})
 	req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9")
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
+	parsedError = new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "invalid_request", string(parsedError.ErrorCode))
 	assert.Equal(t, "client_secret in request body inconsistent with Authorization header", parsedError.ErrorDescription)
@@ -371,7 +371,7 @@ func TestRefreshTokenInvalidation(t *testing.T) {
 		"refresh_token": parsed.RefreshToken,
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError := new(auth.AccessTokenError)
+	parsedError := new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "invalid_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "invalid empty client secret", parsedError.ErrorDescription)
@@ -384,7 +384,7 @@ func TestRefreshTokenInvalidation(t *testing.T) {
 		"refresh_token": "UNEXPECTED",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
+	parsedError = new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "unable to parse refresh token", parsedError.ErrorDescription)
@@ -414,7 +414,7 @@ func TestRefreshTokenInvalidation(t *testing.T) {
 	// repeat request should fail
 	req.Body = io.NopCloser(bytes.NewReader(bs))
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
+	parsedError = new(oauth2_provider.AccessTokenError)
 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "token was already used", parsedError.ErrorDescription)

From a989404e23f736e7ce1c71e7105506e3bc6cdd76 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 2 Oct 2024 12:37:16 +0800
Subject: [PATCH 127/129] Fix javascript error when an anonymous user visiting
 migration page (#32144)

This PR fixes javascript errors when an anonymous user visits the
migration page.
It also makes task view checking more restrictive.

The router moved from `/user/task/{id}/status` to
`/username/reponame/-/migrate/status` because it's a migrate status.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
---
 models/admin/task.go                  | 21 -----------
 routers/web/repo/migrate.go           | 38 +++++++++++++++++++
 routers/web/user/task.go              | 53 ---------------------------
 routers/web/web.go                    |  8 +++-
 services/context/repo.go              |  5 ++-
 templates/repo/migrate/migrating.tmpl |  2 +-
 web_src/js/features/repo-migrate.ts   |  8 ++--
 7 files changed, 53 insertions(+), 82 deletions(-)
 delete mode 100644 routers/web/user/task.go

diff --git a/models/admin/task.go b/models/admin/task.go
index c8bc95f9814..10f8e6d5704 100644
--- a/models/admin/task.go
+++ b/models/admin/task.go
@@ -179,27 +179,6 @@ func GetMigratingTask(ctx context.Context, repoID int64) (*Task, error) {
 	return &task, nil
 }
 
-// GetMigratingTaskByID returns the migrating task by repo's id
-func GetMigratingTaskByID(ctx context.Context, id, doerID int64) (*Task, *migration.MigrateOptions, error) {
-	task := Task{
-		ID:     id,
-		DoerID: doerID,
-		Type:   structs.TaskTypeMigrateRepo,
-	}
-	has, err := db.GetEngine(ctx).Get(&task)
-	if err != nil {
-		return nil, nil, err
-	} else if !has {
-		return nil, nil, ErrTaskDoesNotExist{id, 0, task.Type}
-	}
-
-	var opts migration.MigrateOptions
-	if err := json.Unmarshal([]byte(task.PayloadContent), &opts); err != nil {
-		return nil, nil, err
-	}
-	return &task, &opts, nil
-}
-
 // CreateTask creates a task on database
 func CreateTask(ctx context.Context, task *Task) error {
 	return db.Insert(ctx, task)
diff --git a/routers/web/repo/migrate.go b/routers/web/repo/migrate.go
index 31a65c65ea2..3eaf05f3833 100644
--- a/routers/web/repo/migrate.go
+++ b/routers/web/repo/migrate.go
@@ -15,6 +15,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/lfs"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -288,3 +289,40 @@ func MigrateCancelPost(ctx *context.Context) {
 	}
 	ctx.Redirect(ctx.Repo.Repository.Link())
 }
+
+// MigrateStatus returns migrate task's status
+func MigrateStatus(ctx *context.Context) {
+	task, err := admin_model.GetMigratingTask(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		if admin_model.IsErrTaskDoesNotExist(err) {
+			ctx.JSON(http.StatusNotFound, map[string]any{
+				"err": "task does not exist or you do not have access to this task",
+			})
+			return
+		}
+		log.Error("GetMigratingTask: %v", err)
+		ctx.JSON(http.StatusInternalServerError, map[string]any{
+			"err": http.StatusText(http.StatusInternalServerError),
+		})
+		return
+	}
+
+	message := task.Message
+
+	if task.Message != "" && task.Message[0] == '{' {
+		// assume message is actually a translatable string
+		var translatableMessage admin_model.TranslatableMessage
+		if err := json.Unmarshal([]byte(message), &translatableMessage); err != nil {
+			translatableMessage = admin_model.TranslatableMessage{
+				Format: "migrate.migrating_failed.error",
+				Args:   []any{task.Message},
+			}
+		}
+		message = ctx.Locale.TrString(translatableMessage.Format, translatableMessage.Args...)
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"status":  task.Status,
+		"message": message,
+	})
+}
diff --git a/routers/web/user/task.go b/routers/web/user/task.go
deleted file mode 100644
index 475ef16212f..00000000000
--- a/routers/web/user/task.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package user
-
-import (
-	"net/http"
-	"strconv"
-
-	admin_model "code.gitea.io/gitea/models/admin"
-	"code.gitea.io/gitea/modules/json"
-	"code.gitea.io/gitea/services/context"
-)
-
-// TaskStatus returns task's status
-func TaskStatus(ctx *context.Context) {
-	task, opts, err := admin_model.GetMigratingTaskByID(ctx, ctx.PathParamInt64("task"), ctx.Doer.ID)
-	if err != nil {
-		if admin_model.IsErrTaskDoesNotExist(err) {
-			ctx.JSON(http.StatusNotFound, map[string]any{
-				"error": "task `" + strconv.FormatInt(ctx.PathParamInt64("task"), 10) + "` does not exist",
-			})
-			return
-		}
-		ctx.JSON(http.StatusInternalServerError, map[string]any{
-			"err": err,
-		})
-		return
-	}
-
-	message := task.Message
-
-	if task.Message != "" && task.Message[0] == '{' {
-		// assume message is actually a translatable string
-		var translatableMessage admin_model.TranslatableMessage
-		if err := json.Unmarshal([]byte(message), &translatableMessage); err != nil {
-			translatableMessage = admin_model.TranslatableMessage{
-				Format: "migrate.migrating_failed.error",
-				Args:   []any{task.Message},
-			}
-		}
-		message = ctx.Locale.TrString(translatableMessage.Format, translatableMessage.Args...)
-	}
-
-	ctx.JSON(http.StatusOK, map[string]any{
-		"status":    task.Status,
-		"message":   message,
-		"repo-id":   task.RepoID,
-		"repo-name": opts.RepoName,
-		"start":     task.StartTime,
-		"end":       task.EndTime,
-	})
-}
diff --git a/routers/web/web.go b/routers/web/web.go
index af46c36fe7d..69258bca181 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -669,7 +669,6 @@ func registerRoutes(m *web.Router) {
 		m.Get("/forgot_password", auth.ForgotPasswd)
 		m.Post("/forgot_password", auth.ForgotPasswdPost)
 		m.Post("/logout", auth.SignOut)
-		m.Get("/task/{task}", reqSignIn, user.TaskStatus)
 		m.Get("/stopwatches", reqSignIn, user.GetStopwatches)
 		m.Get("/search", ignExploreSignIn, user.Search)
 		m.Group("/oauth2", func() {
@@ -1042,6 +1041,13 @@ func registerRoutes(m *web.Router) {
 	}, ignSignIn, context.UserAssignmentWeb(), context.OrgAssignment())
 	// end "/{username}/-": packages, projects, code
 
+	m.Group("/{username}/{reponame}/-", func() {
+		m.Group("/migrate", func() {
+			m.Get("/status", repo.MigrateStatus)
+		})
+	}, ignSignIn, context.RepoAssignment, reqRepoCodeReader)
+	// end "/{username}/{reponame}/-": migrate
+
 	m.Group("/{username}/{reponame}/settings", func() {
 		m.Group("", func() {
 			m.Combo("").Get(repo_setting.Settings).
diff --git a/services/context/repo.go b/services/context/repo.go
index c001255283a..0072b63b7c9 100644
--- a/services/context/repo.go
+++ b/services/context/repo.go
@@ -614,7 +614,10 @@ func RepoAssignment(ctx *Context) context.CancelFunc {
 		}
 	}
 
-	isHomeOrSettings := ctx.Link == ctx.Repo.RepoLink || ctx.Link == ctx.Repo.RepoLink+"/settings" || strings.HasPrefix(ctx.Link, ctx.Repo.RepoLink+"/settings/")
+	isHomeOrSettings := ctx.Link == ctx.Repo.RepoLink ||
+		ctx.Link == ctx.Repo.RepoLink+"/settings" ||
+		strings.HasPrefix(ctx.Link, ctx.Repo.RepoLink+"/settings/") ||
+		ctx.Link == ctx.Repo.RepoLink+"/-/migrate/status"
 
 	// Disable everything when the repo is being created
 	if ctx.Repo.Repository.IsBeingCreated() || ctx.Repo.Repository.IsBroken() {
diff --git a/templates/repo/migrate/migrating.tmpl b/templates/repo/migrate/migrating.tmpl
index ed03db2ebd7..bc07b488f24 100644
--- a/templates/repo/migrate/migrating.tmpl
+++ b/templates/repo/migrate/migrating.tmpl
@@ -7,7 +7,7 @@
 				{{template "base/alert" .}}
 				<div class="home">
 					<div class="ui stackable middle very relaxed page grid">
-						<div id="repo_migrating" class="sixteen wide center aligned centered column" data-migrating-task-id="{{.MigrateTask.ID}}">
+						<div id="repo_migrating" class="sixteen wide center aligned centered column" data-migrating-repo-link="{{.Link}}">
 							<div>
 								<img src="{{AssetUrlPrefix}}/img/loading.png">
 							</div>
diff --git a/web_src/js/features/repo-migrate.ts b/web_src/js/features/repo-migrate.ts
index dc361779409..b75289feec9 100644
--- a/web_src/js/features/repo-migrate.ts
+++ b/web_src/js/features/repo-migrate.ts
@@ -1,19 +1,17 @@
 import {hideElem, showElem} from '../utils/dom.ts';
 import {GET, POST} from '../modules/fetch.ts';
 
-const {appSubUrl} = window.config;
-
 export function initRepoMigrationStatusChecker() {
   const repoMigrating = document.querySelector('#repo_migrating');
   if (!repoMigrating) return;
 
-  document.querySelector('#repo_migrating_retry').addEventListener('click', doMigrationRetry);
+  document.querySelector('#repo_migrating_retry')?.addEventListener('click', doMigrationRetry);
 
-  const task = repoMigrating.getAttribute('data-migrating-task-id');
+  const repoLink = repoMigrating.getAttribute('data-migrating-repo-link');
 
   // returns true if the refresh still needs to be called after a while
   const refresh = async () => {
-    const res = await GET(`${appSubUrl}/user/task/${task}`);
+    const res = await GET(`${repoLink}/-/migrate/status`);
     if (res.status !== 200) return true; // continue to refresh if network error occurs
 
     const data = await res.json();

From 4416a4199b3e6a1181c73893345be4ca8343d9b8 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Thu, 3 Oct 2024 00:30:51 +0000
Subject: [PATCH 128/129] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_ja-JP.ini | 1 +
 options/locale/locale_pt-PT.ini | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 3a80c741db4..2e861df207b 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -1926,6 +1926,7 @@ pulls.delete.text=本当にこのプルリクエストを削除しますか? (
 pulls.recently_pushed_new_branches=%[2]s 、あなたはブランチ <strong>%[1]s</strong> にプッシュしました
 
 pull.deleted_branch=(削除済み):%s
+pull.agit_documentation=AGitに関するドキュメントを確認する
 
 comments.edit.already_changed=コメントの変更を保存できません。 他のユーザーによって内容がすでに変更されているようです。 変更を上書きしないようにするため、ページを更新してからもう一度編集してください
 
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index e423832e9ee..cb521fe58c9 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1040,6 +1040,7 @@ issue_labels_helper=Escolha um conjunto de rótulos para as questões.
 license=Licença
 license_helper=Escolha um ficheiro de licença.
 license_helper_desc=Uma licença rege o que os outros podem, ou não, fazer com o seu código fonte. Não tem a certeza sobre qual a mais indicada para o seu trabalho? Veja: <a target="_blank" rel="noopener noreferrer" href="%s">Escolher uma licença.</a>
+multiple_licenses=Múltiplas licenças
 object_format=Formato dos elementos
 object_format_helper=Formato dos elementos do repositório. Não poderá ser alterado mais tarde. SHA1 é o mais compatível.
 readme=README
@@ -2941,6 +2942,7 @@ dashboard.start_schedule_tasks=Iniciar tarefas de agendamento das operações
 dashboard.sync_branch.started=Sincronização de ramos iniciada
 dashboard.sync_tag.started=Sincronização de etiquetas iniciada
 dashboard.rebuild_issue_indexer=Reconstruir indexador de questões
+dashboard.sync_repo_licenses=Sincronizar licenças do repositório
 
 users.user_manage_panel=Gestão das contas de utilizadores
 users.new_account=Criar conta de utilizador

From 0b1b4030e66b1312fc9c0270f128bcf368f14178 Mon Sep 17 00:00:00 2001
From: sommerf-lf <159693954+sommerf-lf@users.noreply.github.com>
Date: Thu, 3 Oct 2024 03:00:56 +0200
Subject: [PATCH 129/129] add {{TEST_MINIO_ENDPOINT}} for local testing
 "with/without" docker + fix pgsql testing doc (#32105)

while testing i found out that testing locally as documented in the
changed README.md for pgsql isn't working because of the minio
dependency. reworked this to by default be still docker, but allow for
for local with only minio in docker and testing on bare metal.
also depending on this: fixed docs for running pgsql test

Closes: #32168 (by changing documentation for pgsql tests)
Closes: #32169 (by changing documentation, Makefile & pgsql.ini.tmpl:
adding {{TEST_MINIO_ENDPOINT}})

sry for the combined pr, but when testing I ran into this issue and
first thought they were related and now finally address the same
problem: not beeing able to run pgsql integration tests as described in
the according README.md
---
 Makefile                       |  2 ++
 tests/integration/README.md    |  8 ++++++--
 tests/integration/README_ZH.md | 12 ++++++++----
 tests/pgsql.ini.tmpl           |  2 +-
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 065b66d28c6..b9e940b2485 100644
--- a/Makefile
+++ b/Makefile
@@ -179,6 +179,7 @@ TEST_PGSQL_DBNAME ?= testgitea
 TEST_PGSQL_USERNAME ?= postgres
 TEST_PGSQL_PASSWORD ?= postgres
 TEST_PGSQL_SCHEMA ?= gtestschema
+TEST_MINIO_ENDPOINT ?= minio:9000
 TEST_MSSQL_HOST ?= mssql:1433
 TEST_MSSQL_DBNAME ?= gitea
 TEST_MSSQL_USERNAME ?= sa
@@ -574,6 +575,7 @@ generate-ini-pgsql:
 		-e 's|{{TEST_PGSQL_USERNAME}}|${TEST_PGSQL_USERNAME}|g' \
 		-e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \
 		-e 's|{{TEST_PGSQL_SCHEMA}}|${TEST_PGSQL_SCHEMA}|g' \
+		-e 's|{{TEST_MINIO_ENDPOINT}}|${TEST_MINIO_ENDPOINT}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
 		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
diff --git a/tests/integration/README.md b/tests/integration/README.md
index f6f74ca21ff..e673bca228e 100644
--- a/tests/integration/README.md
+++ b/tests/integration/README.md
@@ -56,11 +56,15 @@ TEST_MYSQL_HOST=localhost:3306 TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root T
 ## Run pgsql integration tests
 Setup a pgsql database inside docker
 ```
-docker run -e "POSTGRES_DB=test" -p 5432:5432 --rm --name pgsql postgres:latest #(just ctrl-c to stop db and clean the container)
+docker run -e "POSTGRES_DB=test" -e "POSTGRES_USER=postgres" -e "POSTGRES_PASSWORD=postgres" -p 5432:5432 --rm --name pgsql postgres:latest #(just ctrl-c to stop db and clean the container)
+```
+Setup minio inside docker
+```
+docker run --rm -p 9000:9000 -e MINIO_ROOT_USER=123456 -e MINIO_ROOT_PASSWORD=12345678 --name minio bitnami/minio:2023.8.31
 ```
 Start tests based on the database container
 ```
-TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql
+TEST_MINIO_ENDPOINT=localhost:9000 TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=postgres TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql
 ```
 
 ## Run mssql integration tests
diff --git a/tests/integration/README_ZH.md b/tests/integration/README_ZH.md
index 6aea4ab212b..a6768fd0f3c 100644
--- a/tests/integration/README_ZH.md
+++ b/tests/integration/README_ZH.md
@@ -42,7 +42,7 @@ make test-sqlite
 ## 如何使用 mysql 数据库进行集成测试
 首先在docker容器里部署一个 mysql 数据库
 ```
-docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" -p 3306:3306 --rm --name mysql mysql:8 #(just ctrl-c to stop db and clean the container) 
+docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" -p 3306:3306 --rm --name mysql mysql:8 #(just ctrl-c to stop db and clean the container)
 ```
 之后便可以基于这个数据库进行集成测试
 ```
@@ -52,17 +52,21 @@ TEST_MYSQL_HOST=localhost:3306 TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root T
 ## 如何使用 pgsql 数据库进行集成测试
 同上，首先在 docker 容器里部署一个 pgsql 数据库
 ```
-docker run -e "POSTGRES_DB=test" -p 5432:5432 --rm --name pgsql postgres:14 #(just ctrl-c to stop db and clean the container) 
+docker run -e "POSTGRES_DB=test" -e "POSTGRES_USER=postgres" -e "POSTGRES_PASSWORD=postgres" -p 5432:5432 --rm --name pgsql postgres:latest #(just ctrl-c to stop db and clean the container)
+```
+在docker内设置minio
+```
+docker run --rm -p 9000:9000 -e MINIO_ROOT_USER=123456 -e MINIO_ROOT_PASSWORD=12345678 --name minio bitnami/minio:2023.8.31
 ```
 之后便可以基于这个数据库进行集成测试
 ```
-TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql
+TEST_MINIO_ENDPOINT=localhost:9000 TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=postgres TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql
 ```
 
 ## Run mssql integration tests
 同上，首先在 docker 容器里部署一个 mssql 数据库
 ```
-docker run -e "ACCEPT_EULA=Y" -e "MSSQL_PID=Standard" -e "SA_PASSWORD=MwantsaSecurePassword1" -p 1433:1433 --rm --name mssql microsoft/mssql-server-linux:latest #(just ctrl-c to stop db and clean the container) 
+docker run -e "ACCEPT_EULA=Y" -e "MSSQL_PID=Standard" -e "SA_PASSWORD=MwantsaSecurePassword1" -p 1433:1433 --rm --name mssql microsoft/mssql-server-linux:latest #(just ctrl-c to stop db and clean the container)
 ```
 之后便可以基于这个数据库进行集成测试
 ```
diff --git a/tests/pgsql.ini.tmpl b/tests/pgsql.ini.tmpl
index 6b54f790c52..695662c2e9d 100644
--- a/tests/pgsql.ini.tmpl
+++ b/tests/pgsql.ini.tmpl
@@ -115,7 +115,7 @@ MINIO_BASE_PATH = repo-avatars/
 [storage]
 STORAGE_TYPE = minio
 SERVE_DIRECT = false
-MINIO_ENDPOINT = minio:9000
+MINIO_ENDPOINT = {{TEST_MINIO_ENDPOINT}}
 MINIO_ACCESS_KEY_ID = 123456
 MINIO_SECRET_ACCESS_KEY = 12345678
 MINIO_BUCKET = gitea