diff --git a/.github/workflows/files-changed.yml b/.github/workflows/files-changed.yml
index f0c34df86d..e209be8e8d 100644
--- a/.github/workflows/files-changed.yml
+++ b/.github/workflows/files-changed.yml
@@ -58,3 +58,4 @@ jobs:
 
             templates:
               - "templates/**/*.tmpl"
+              - "poetry.lock"
diff --git a/modules/setting/mirror.go b/modules/setting/mirror.go
index cd6b8d4562..3aa530a1f4 100644
--- a/modules/setting/mirror.go
+++ b/modules/setting/mirror.go
@@ -30,7 +30,7 @@ func loadMirrorFrom(rootCfg ConfigProvider) {
 	// DEPRECATED should not be removed because users maybe upgrade from lower version to the latest version
 	// if these are removed, the warning will not be shown
 	deprecatedSetting(rootCfg, "repository", "DISABLE_MIRRORS", "mirror", "ENABLED", "v1.19.0")
-	if rootCfg.Section("repository").Key("DISABLE_MIRRORS").MustBool(false) {
+	if ConfigSectionKeyBool(rootCfg.Section("repository"), "DISABLE_MIRRORS") {
 		Mirror.DisableNewPull = true
 	}
 
diff --git a/modules/setting/oauth2.go b/modules/setting/oauth2.go
index 4dab468c10..836a2bb25f 100644
--- a/modules/setting/oauth2.go
+++ b/modules/setting/oauth2.go
@@ -120,18 +120,20 @@ func loadOAuth2From(rootCfg ConfigProvider) {
 		OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile)
 	}
 
-	key := make([]byte, 32)
-	n, err := base64.RawURLEncoding.Decode(key, []byte(OAuth2.JWTSecretBase64))
-	if err != nil || n != 32 {
-		key, err = generate.NewJwtSecret()
-		if err != nil {
-			log.Fatal("error generating JWT secret: %v", err)
-		}
+	if InstallLock {
+		key := make([]byte, 32)
+		n, err := base64.RawURLEncoding.Decode(key, []byte(OAuth2.JWTSecretBase64))
+		if err != nil || n != 32 {
+			key, err = generate.NewJwtSecret()
+			if err != nil {
+				log.Fatal("error generating JWT secret: %v", err)
+			}
 
-		secretBase64 := base64.RawURLEncoding.EncodeToString(key)
-		rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64)
-		if err := rootCfg.Save(); err != nil {
-			log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
+			secretBase64 := base64.RawURLEncoding.EncodeToString(key)
+			rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64)
+			if err := rootCfg.Save(); err != nil {
+				log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
+			}
 		}
 	}
 }
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 293333a95b..539eb4b197 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -262,7 +262,7 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
 	RunUser = rootSec.Key("RUN_USER").MustString(user.CurrentUsername())
 	// The following is a purposefully undocumented option. Please do not run Gitea as root. It will only cause future headaches.
 	// Please don't use root as a bandaid to "fix" something that is broken, instead the broken thing should instead be fixed properly.
-	unsafeAllowRunAsRoot := rootSec.Key("I_AM_BEING_UNSAFE_RUNNING_AS_ROOT").MustBool(false)
+	unsafeAllowRunAsRoot := ConfigSectionKeyBool(rootSec, "I_AM_BEING_UNSAFE_RUNNING_AS_ROOT")
 	RunMode = os.Getenv("GITEA_RUN_MODE")
 	if RunMode == "" {
 		RunMode = rootSec.Key("RUN_MODE").MustString("prod")
diff --git a/package-lock.json b/package-lock.json
index bffa0ad3f1..e808ccf2a8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4,8 +4,6 @@
   "requires": true,
   "packages": {
     "": {
-      "name": "gitea",
-      "license": "MIT",
       "dependencies": {
         "@citation-js/core": "0.6.8",
         "@citation-js/plugin-bibtex": "0.6.8",
diff --git a/package.json b/package.json
index 0a05bd3a55..0701862cc2 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,4 @@
 {
-  "name": "gitea",
-  "license": "MIT",
-  "private": true,
   "type": "module",
   "engines": {
     "node": ">= 16.0.0"
diff --git a/poetry.toml b/poetry.toml
index 57e0ba893f..0299355b5d 100644
--- a/poetry.toml
+++ b/poetry.toml
@@ -1,4 +1,4 @@
 [virtualenvs]
 in-project = true
-no-pip = true
-no-setuptools = true
+options.no-pip = true
+options.no-setuptools = true
diff --git a/pyproject.toml b/pyproject.toml
index d5151bd480..ce5f475b27 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -13,7 +13,3 @@ djlint = "1.31.0"
 [tool.djlint]
 profile="golang"
 ignore="H005,H006,H008,H013,H014,H016,H020,H021,H023,H026,H030,H031,T027"
-
-[build-system]
-requires = ["poetry-core"]
-build-backend = "poetry.core.masonry.api"
diff --git a/templates/repo/issue/list.tmpl b/templates/repo/issue/list.tmpl
index 313f7d6e98..5c9a5937a1 100644
--- a/templates/repo/issue/list.tmpl
+++ b/templates/repo/issue/list.tmpl
@@ -102,12 +102,13 @@
 								<input type="text" placeholder="{{.locale.Tr "repo.issues.filter_label"}}">
 							</div>
 							<span class="info">{{.locale.Tr "repo.issues.filter_label_exclude" | Safe}}</span>
+							<div class="ui divider"></div>
 							<a class="item" href="{{$.Link}}?q={{$.Keyword}}&type={{$.ViewType}}&sort={{$.SortType}}&state={{$.State}}&labels=0&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}">{{.locale.Tr "repo.issues.filter_label_select_no_label"}}</a>
 							<a class="item" href="{{$.Link}}?q={{$.Keyword}}&type={{$.ViewType}}&sort={{$.SortType}}&state={{$.State}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}">{{.locale.Tr "repo.issues.filter_label_no_select"}}</a>
 							{{$previousExclusiveScope := "_no_scope"}}
 							{{range .Labels}}
 								{{$exclusiveScope := .ExclusiveScope}}
-								{{if and (ne $previousExclusiveScope "_no_scope") (ne $previousExclusiveScope $exclusiveScope)}}
+								{{if and (ne $previousExclusiveScope $exclusiveScope)}}
 									<div class="ui divider"></div>
 								{{end}}
 								{{$previousExclusiveScope = $exclusiveScope}}
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 3896265dda..c476fab1b5 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -149,7 +149,6 @@
 .repository .filter.menu.labels .label-filter .menu .info {
   display: inline-block;
   padding: 0.5rem 0.25rem;
-  border-bottom: 1px solid var(--color-secondary);
   font-size: 12px;
   width: 100%;
   white-space: nowrap;
diff --git a/web_src/js/features/common-global.js b/web_src/js/features/common-global.js
index c5f973f31c..b6e1790a90 100644
--- a/web_src/js/features/common-global.js
+++ b/web_src/js/features/common-global.js
@@ -268,10 +268,10 @@ function linkAction(e) {
   e.preventDefault();
 
   // A "link-action" can post AJAX request to its "data-url"
-  // Then the browser is redirect to: the "redirect" in response, or "data-redirect" attribute, or current URL by reloading.
-  // If the "link-action" has "data-modal-confirm(-html)" attribute, a confirm modal dialog will be shown before taking action.
+  // Then the browser is redirected to: the "redirect" in response, or "data-redirect" attribute, or current URL by reloading.
+  // If the "link-action" has "data-modal-confirm" attribute, a confirm modal dialog will be shown before taking action.
 
-  const $this = $(e.target);
+  const $this = $(this);
   const redirect = $this.attr('data-redirect');
 
   const doRequest = () => {
diff --git a/web_src/js/features/repo-issue.js b/web_src/js/features/repo-issue.js
index d271d2b84e..979ee89723 100644
--- a/web_src/js/features/repo-issue.js
+++ b/web_src/js/features/repo-issue.js
@@ -149,6 +149,7 @@ export function initRepoIssueSidebarList() {
       }
     }
   });
+  $('.ui.dropdown.label-filter').dropdown('setting', {'hideDividers': 'empty'}).dropdown('refreshItems');
 }
 
 export function initRepoIssueCommentDelete() {