diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index f3d30963c7..ebc5d59909 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -4,12 +4,12 @@
   "features": {
     // installs nodejs into container
     "ghcr.io/devcontainers/features/node:1": {
-      "version": "20"
+      "version": "22"
     },
     "ghcr.io/devcontainers/features/git-lfs:1.2.3": {},
     "ghcr.io/devcontainers-contrib/features/poetry:2": {},
     "ghcr.io/devcontainers/features/python:1": {
-      "version": "3.12"
+      "version": "3.13"
     },
     "ghcr.io/warrenbuckley/codespace-features/sqlite:1": {}
   },
diff --git a/.forgejo/workflows/backport.yml b/.forgejo/workflows/backport.yml
index 31c5c0cc3a..573c33f93b 100644
--- a/.forgejo/workflows/backport.yml
+++ b/.forgejo/workflows/backport.yml
@@ -47,7 +47,7 @@ jobs:
           cat <<'EOF'
           ${{ toJSON(github) }}
           EOF
-      - uses: https://data.forgejo.org/actions/git-backporting@v4.8.4
+      - uses: https://data.forgejo.org/actions/git-backporting@v4.8.5
         with:
           target-branch-pattern: "^backport/(?<target>(v.*))$"
           strategy: ort
diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 2d6da0c63e..82c318d834 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:39.222.1
+      image: data.forgejo.org/renovate/renovate:39.252.0
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index 4f7aa3b707..22194ff0c7 100644
--- a/Makefile
+++ b/Makefile
@@ -39,17 +39,17 @@ XGO_VERSION := go-1.21.x
 AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.2.1 # renovate: datasource=go
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.7.0 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.0.2 # renovate: datasource=go
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.2 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11 # renovate: datasource=go
 MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.6.0 # renovate: datasource=go
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.31.0 # renovate: datasource=go
-GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.4.0 # renovate: datasource=go
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.32.0 # renovate: datasource=go
+GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.5.1 # renovate: datasource=go
 GOPLS_PACKAGE ?= golang.org/x/tools/gopls@v0.18.1 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@39.222.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@39.252.0 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...
@@ -1017,8 +1017,7 @@ generate-gomock:
 
 .PHONY: generate-images
 generate-images: | node_modules
-	npm install --no-save fabric@6 imagemin-zopfli@7
-	node tools/generate-images.js $(TAGS)
+	node tools/generate-images.js
 
 .PHONY: generate-manpage
 generate-manpage:
diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index af9c0ce8e0..681304c092 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -110,8 +110,8 @@
     "licenseText": "Copyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
-    "name": "github.com/RoaringBitmap/roaring",
-    "path": "github.com/RoaringBitmap/roaring/LICENSE",
+    "name": "github.com/RoaringBitmap/roaring/v2",
+    "path": "github.com/RoaringBitmap/roaring/v2/LICENSE",
     "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2016 by the authors\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n\n================================================================================\n\nPortions of runcontainer.go are from the Go standard library, which is licensed\nunder:\n\nCopyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\n     notice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\n     copyright notice, this list of conditions and the following disclaimer\n     in the documentation and/or other materials provided with the\n     distribution.\n   * Neither the name of Google Inc. nor the names of its\n     contributors may be used to endorse or promote products derived from\n     this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
diff --git a/cmd/admin_user_create.go b/cmd/admin_user_create.go
index 33e61c0753..81a2a828de 100644
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -6,6 +6,7 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"strings"
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
@@ -61,6 +62,16 @@ var microcmdUserCreate = &cli.Command{
 			Name:  "access-token",
 			Usage: "Generate access token for the user",
 		},
+		&cli.StringFlag{
+			Name:  "access-token-name",
+			Usage: `Name of the generated access token`,
+			Value: "gitea-admin",
+		},
+		&cli.StringFlag{
+			Name:  "access-token-scopes",
+			Usage: `Scopes of the generated access token, comma separated. Examples: "all", "public-only,read:issue", "write:repository,write:user"`,
+			Value: "all",
+		},
 		&cli.BoolFlag{
 			Name:  "restricted",
 			Usage: "Make a restricted user account",
@@ -157,23 +168,40 @@ func runCreateUser(c *cli.Context) error {
 		IsRestricted: restricted,
 	}
 
+	var accessTokenName string
+	var accessTokenScope auth_model.AccessTokenScope
+	if c.IsSet("access-token") {
+		accessTokenName = strings.TrimSpace(c.String("access-token-name"))
+		if accessTokenName == "" {
+			return errors.New("access-token-name cannot be empty")
+		}
+		var err error
+		accessTokenScope, err = auth_model.AccessTokenScope(c.String("access-token-scopes")).Normalize()
+		if err != nil {
+			return fmt.Errorf("invalid access token scope provided: %w", err)
+		}
+		if !accessTokenScope.HasPermissionScope() {
+			return errors.New("access token does not have any permission")
+		}
+	} else if c.IsSet("access-token-name") || c.IsSet("access-token-scopes") {
+		return errors.New("access-token-name and access-token-scopes flags are only valid when access-token flag is set")
+	}
+
+	// arguments should be prepared before creating the user & access token, in case there is anything wrong
+
+	// create the user
 	if err := user_model.CreateUser(ctx, u, overwriteDefault); err != nil {
 		return fmt.Errorf("CreateUser: %w", err)
 	}
+	fmt.Printf("New user '%s' has been successfully created!\n", username)
 
-	if c.Bool("access-token") {
-		t := &auth_model.AccessToken{
-			Name: "gitea-admin",
-			UID:  u.ID,
-		}
-
+	// create the access token
+	if accessTokenScope != "" {
+		t := &auth_model.AccessToken{Name: accessTokenName, UID: u.ID, Scope: accessTokenScope}
 		if err := auth_model.NewAccessToken(ctx, t); err != nil {
 			return err
 		}
-
 		fmt.Printf("Access token was successfully created... %s\n", t.Token)
 	}
-
-	fmt.Printf("New user '%s' has been successfully created!\n", username)
 	return nil
 }
diff --git a/cmd/admin_user_generate_access_token.go b/cmd/admin_user_generate_access_token.go
index abb874bd5f..1a6c003171 100644
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@@ -34,8 +34,8 @@ var microcmdUserGenerateAccessToken = &cli.Command{
 		},
 		&cli.StringFlag{
 			Name:  "scopes",
-			Value: "",
-			Usage: "Comma separated list of scopes to apply to access token",
+			Value: "all",
+			Usage: `Comma separated list of scopes to apply to access token, examples: "all", "public-only,read:issue", "write:repository,write:user"`,
 		},
 	},
 	Action: runGenerateAccessToken,
@@ -43,7 +43,7 @@ var microcmdUserGenerateAccessToken = &cli.Command{
 
 func runGenerateAccessToken(c *cli.Context) error {
 	if !c.IsSet("username") {
-		return errors.New("You must provide a username to generate a token for")
+		return errors.New("you must provide a username to generate a token for")
 	}
 
 	ctx, cancel := installSignals()
@@ -77,6 +77,9 @@ func runGenerateAccessToken(c *cli.Context) error {
 	if err != nil {
 		return fmt.Errorf("invalid access token scope provided: %w", err)
 	}
+	if !accessTokenScope.HasPermissionScope() {
+		return errors.New("access token does not have any permission")
+	}
 	t.Scope = accessTokenScope
 
 	// create the token
diff --git a/cmd/web_acme.go b/cmd/web_acme.go
index b2d7435be2..03b3b9f0da 100644
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@@ -54,8 +54,8 @@ func runACME(listenAddr string, m http.Handler) error {
 		altTLSALPNPort = p
 	}
 
-	magic := certmagic.NewDefault()
-	magic.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
+	certmagic.Default.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
+
 	// Try to use private CA root if provided, otherwise defaults to system's trust
 	var certPool *x509.CertPool
 	if setting.AcmeCARoot != "" {
@@ -65,7 +65,8 @@ func runACME(listenAddr string, m http.Handler) error {
 			log.Warn("Failed to parse CA Root certificate, using default CA trust: %v", err)
 		}
 	}
-	myACME := certmagic.NewACMEIssuer(magic, certmagic.ACMEIssuer{
+
+	certmagic.DefaultACME = certmagic.ACMEIssuer{
 		CA:                      setting.AcmeURL,
 		TrustedRoots:            certPool,
 		Email:                   setting.AcmeEmail,
@@ -75,7 +76,11 @@ func runACME(listenAddr string, m http.Handler) error {
 		ListenHost:              setting.HTTPAddr,
 		AltTLSALPNPort:          altTLSALPNPort,
 		AltHTTPPort:             altHTTPPort,
-	})
+	}
+
+	magic := certmagic.NewDefault()
+
+	myACME := certmagic.NewACMEIssuer(magic, certmagic.DefaultACME)
 
 	magic.Issuers = []certmagic.Issuer{myACME}
 
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 79793ad47f..d609d0a0ec 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1163,9 +1163,13 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
+;; Signing format that Forgejo should use, openpgp uses GPG and ssh uses OpenSSH.
+;FORMAT = openpgp
+;;
 ;; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
 ;; run in the context of the RUN_USER
-;; Switch to none to stop signing completely
+;; Switch to none to stop signing completely.
+;; If `FORMAT` is set to **ssh** this should be set to an absolute path to an public OpenSSH key.
 ;SIGNING_KEY = default
 ;;
 ;; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
@@ -2408,7 +2412,7 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
 ;LANGS = en-US,zh-CN,zh-HK,zh-TW,da,de-DE,nds,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg,it-IT,fi-FI,fil,eo,tr-TR,cs-CZ,sl,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID
-;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Danish,Deutsch,Plattdüütsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Filipino,Esperanto,Türkçe,Čeština,Slovenščina,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia
+;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Dansk,Deutsch,Plattdüütsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Filipino,Esperanto,Türkçe,Čeština,Slovenščina,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2440,7 +2444,7 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits)
-;MERMAID_MAX_SOURCE_CHARACTERS = 5000
+;MERMAID_MAX_SOURCE_CHARACTERS = 50000
 ;; Set the maximum number of lines allowed for a filepreview. (Set to -1 to disable limits; set to 0 to disable the feature)
 ;FILEPREVIEW_MAX_LINES = 50
 
diff --git a/docker/root/etc/s6/openssh/setup b/docker/root/etc/s6/openssh/setup
index dbb3bafd35..48e7d4b211 100755
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -31,6 +31,21 @@ if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
   SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
 fi
 
+# In case someone wants to sign the `{keyname}.pub` key by `ssh-keygen -s ca -I identity ...` to
+# make use of the ssh-key certificate authority feature (see ssh-keygen CERTIFICATES section),
+# the generated key file name is `{keyname}-cert.pub`
+if [ -e /data/ssh/ssh_host_ed25519_key-cert.pub ]; then
+  SSH_ED25519_CERT=${SSH_ED25519_CERT:-"/data/ssh/ssh_host_ed25519_key-cert.pub"}
+fi
+
+if [ -e /data/ssh/ssh_host_rsa_key-cert.pub ]; then
+  SSH_RSA_CERT=${SSH_RSA_CERT:-"/data/ssh/ssh_host_rsa_key-cert.pub"}
+fi
+
+if [ -e /data/ssh/ssh_host_ecdsa_key-cert.pub ]; then
+  SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_key-cert.pub"}
+fi
+
 if [ -d /etc/ssh ]; then
     SSH_PORT=${SSH_PORT:-"22"} \
     SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
diff --git a/go.mod b/go.mod
index 12caf738bb..e69f7b01a9 100644
--- a/go.mod
+++ b/go.mod
@@ -25,9 +25,9 @@ require (
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
 	github.com/alecthomas/chroma/v2 v2.16.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
-	github.com/blevesearch/bleve/v2 v2.4.4
+	github.com/blevesearch/bleve/v2 v2.5.0
 	github.com/buildkite/terminal-to-html/v3 v3.16.8
-	github.com/caddyserver/certmagic v0.22.2
+	github.com/caddyserver/certmagic v0.23.0
 	github.com/chi-middleware/proxy v1.1.1
 	github.com/djherbis/buffer v1.2.0
 	github.com/djherbis/nio/v3 v3.0.1
@@ -36,7 +36,7 @@ require (
 	github.com/editorconfig/editorconfig-core-go/v2 v2.6.3
 	github.com/emersion/go-imap v1.2.1
 	github.com/felixge/fgprof v0.9.5
-	github.com/fsnotify/fsnotify v1.8.0
+	github.com/fsnotify/fsnotify v1.9.0
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
 	github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73
@@ -67,16 +67,16 @@ require (
 	github.com/jhillyerd/enmime/v2 v2.1.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/klauspost/compress v1.17.11
+	github.com/klauspost/compress v1.18.0
 	github.com/klauspost/cpuid/v2 v2.2.10
 	github.com/lib/pq v1.10.9
 	github.com/markbates/goth v1.80.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.27
+	github.com/mattn/go-sqlite3 v1.14.28
 	github.com/meilisearch/meilisearch-go v0.31.0
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/minio/minio-go/v7 v7.0.88
+	github.com/minio/minio-go/v7 v7.0.90
 	github.com/msteinert/pam/v2 v2.0.0
 	github.com/nektos/act v0.2.52
 	github.com/niklasfasching/go-org v1.7.0
@@ -100,14 +100,14 @@ require (
 	github.com/yuin/goldmark v1.7.8
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.126.0
-	go.uber.org/mock v0.5.0
-	golang.org/x/crypto v0.36.0
-	golang.org/x/image v0.25.0
-	golang.org/x/net v0.38.0
-	golang.org/x/oauth2 v0.28.0
-	golang.org/x/sync v0.12.0
-	golang.org/x/sys v0.31.0
-	golang.org/x/text v0.23.0
+	go.uber.org/mock v0.5.1
+	golang.org/x/crypto v0.37.0
+	golang.org/x/image v0.26.0
+	golang.org/x/net v0.39.0
+	golang.org/x/oauth2 v0.29.0
+	golang.org/x/sync v0.13.0
+	golang.org/x/sys v0.32.0
+	golang.org/x/text v0.24.0
 	google.golang.org/protobuf v1.36.4
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
@@ -134,30 +134,30 @@ require (
 	github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/RoaringBitmap/roaring v1.9.3 // indirect
+	github.com/RoaringBitmap/roaring/v2 v2.4.5 // indirect
 	github.com/andybalholm/brotli v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.3 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bits-and-blooms/bitset v1.13.0 // indirect
-	github.com/blevesearch/bleve_index_api v1.1.12 // indirect
+	github.com/bits-and-blooms/bitset v1.22.0 // indirect
+	github.com/blevesearch/bleve_index_api v1.2.7 // indirect
 	github.com/blevesearch/geo v0.1.20 // indirect
-	github.com/blevesearch/go-faiss v1.0.24 // indirect
+	github.com/blevesearch/go-faiss v1.0.25 // indirect
 	github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
 	github.com/blevesearch/gtreap v0.1.1 // indirect
 	github.com/blevesearch/mmap-go v1.0.4 // indirect
-	github.com/blevesearch/scorch_segment_api/v2 v2.2.16 // indirect
+	github.com/blevesearch/scorch_segment_api/v2 v2.3.9 // indirect
 	github.com/blevesearch/segment v0.9.1 // indirect
 	github.com/blevesearch/snowballstem v0.9.0 // indirect
 	github.com/blevesearch/upsidedown_store_api v1.0.2 // indirect
-	github.com/blevesearch/vellum v1.0.10 // indirect
-	github.com/blevesearch/zapx/v11 v11.3.10 // indirect
-	github.com/blevesearch/zapx/v12 v12.3.10 // indirect
-	github.com/blevesearch/zapx/v13 v13.3.10 // indirect
-	github.com/blevesearch/zapx/v14 v14.3.10 // indirect
-	github.com/blevesearch/zapx/v15 v15.3.16 // indirect
-	github.com/blevesearch/zapx/v16 v16.1.9-0.20241217210638-a0519e7caf3b // indirect
+	github.com/blevesearch/vellum v1.1.0 // indirect
+	github.com/blevesearch/zapx/v11 v11.4.1 // indirect
+	github.com/blevesearch/zapx/v12 v12.4.1 // indirect
+	github.com/blevesearch/zapx/v13 v13.4.1 // indirect
+	github.com/blevesearch/zapx/v14 v14.4.1 // indirect
+	github.com/blevesearch/zapx/v15 v15.4.1 // indirect
+	github.com/blevesearch/zapx/v16 v16.2.2 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
 	github.com/caddyserver/zerossl v0.1.3 // indirect
@@ -214,12 +214,12 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
-	github.com/libdns/libdns v0.2.3 // indirect
+	github.com/libdns/libdns v1.0.0-beta.1 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/markbates/going v1.0.3 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
-	github.com/mholt/acmez/v3 v3.1.1 // indirect
+	github.com/mholt/acmez/v3 v3.1.2 // indirect
 	github.com/miekg/dns v1.1.63 // indirect
 	github.com/minio/crc64nvme v1.0.1 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
@@ -253,7 +253,7 @@ require (
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
-	go.etcd.io/bbolt v1.3.9 // indirect
+	go.etcd.io/bbolt v1.4.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
diff --git a/go.sum b/go.sum
index 61de25c8ea..89cac69123 100644
--- a/go.sum
+++ b/go.sum
@@ -680,8 +680,8 @@ github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNx
 github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/PuerkitoBio/goquery v1.10.2 h1:7fh2BdHcG6VFZsK7toXBT/Bh1z5Wmy8Q9MV9HqT2AM8=
 github.com/PuerkitoBio/goquery v1.10.2/go.mod h1:0guWGjcLu9AYC7C1GHnpysHy056u9aEkUHwhdnePMCU=
-github.com/RoaringBitmap/roaring v1.9.3 h1:t4EbC5qQwnisr5PrP9nt0IRhRTb9gMUgQF4t4S2OByM=
-github.com/RoaringBitmap/roaring v1.9.3/go.mod h1:6AXUsoIEzDTFFQCe1RbGA6uFONMhvejWj5rqITANK90=
+github.com/RoaringBitmap/roaring/v2 v2.4.5 h1:uGrrMreGjvAtTBobc0g5IrW1D5ldxDQYe2JW2gggRdg=
+github.com/RoaringBitmap/roaring/v2 v2.4.5/go.mod h1:FiJcsfkGje/nZBZgCu0ZxCPOKD/hVXDS2dXi7/eUFE0=
 github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2 h1:cSXom2MoKJ9KPPw29RoZtHvUETY4F4n/kXl8m9btnQ0=
 github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2/go.mod h1:JitQWJ8JuV4Y87l8VsHiiwhb3cgdyn68mX40s7NT6PA=
 github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY=
@@ -717,46 +717,46 @@ github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd3
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bits-and-blooms/bitset v1.12.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
-github.com/bits-and-blooms/bitset v1.13.0 h1:bAQ9OPNFYbGHV6Nez0tmNI0RiEu7/hxlYJRUA0wFAVE=
-github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/bits-and-blooms/bitset v1.22.0 h1:Tquv9S8+SGaS3EhyA+up3FXzmkhxPGjQQCkcs2uw7w4=
+github.com/bits-and-blooms/bitset v1.22.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb h1:m935MPodAbYS46DG4pJSv7WO+VECIWUQ7OJYSoTrMh4=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
-github.com/blevesearch/bleve/v2 v2.4.4 h1:RwwLGjUm54SwyyykbrZs4vc1qjzYic4ZnAnY9TwNl60=
-github.com/blevesearch/bleve/v2 v2.4.4/go.mod h1:fa2Eo6DP7JR+dMFpQe+WiZXINKSunh7WBtlDGbolKXk=
-github.com/blevesearch/bleve_index_api v1.1.12 h1:P4bw9/G/5rulOF7SJ9l4FsDoo7UFJ+5kexNy1RXfegY=
-github.com/blevesearch/bleve_index_api v1.1.12/go.mod h1:PbcwjIcRmjhGbkS/lJCpfgVSMROV6TRubGGAODaK1W8=
+github.com/blevesearch/bleve/v2 v2.5.0 h1:HzYqBy/5/M9Ul9ESEmXzN/3Jl7YpmWBdHM/+zzv/3k4=
+github.com/blevesearch/bleve/v2 v2.5.0/go.mod h1:PcJzTPnEynO15dCf9isxOga7YFRa/cMSsbnRwnszXUk=
+github.com/blevesearch/bleve_index_api v1.2.7 h1:c8r9vmbaYQroAMSGag7zq5gEVPiuXrUQDqfnj7uYZSY=
+github.com/blevesearch/bleve_index_api v1.2.7/go.mod h1:rKQDl4u51uwafZxFrPD1R7xFOwKnzZW7s/LSeK4lgo0=
 github.com/blevesearch/geo v0.1.20 h1:paaSpu2Ewh/tn5DKn/FB5SzvH0EWupxHEIwbCk/QPqM=
 github.com/blevesearch/geo v0.1.20/go.mod h1:DVG2QjwHNMFmjo+ZgzrIq2sfCh6rIHzy9d9d0B59I6w=
-github.com/blevesearch/go-faiss v1.0.24 h1:K79IvKjoKHdi7FdiXEsAhxpMuns0x4fM0BO93bW5jLI=
-github.com/blevesearch/go-faiss v1.0.24/go.mod h1:OMGQwOaRRYxrmeNdMrXJPvVx8gBnvE5RYrr0BahNnkk=
+github.com/blevesearch/go-faiss v1.0.25 h1:lel1rkOUGbT1CJ0YgzKwC7k+XH0XVBHnCVWahdCXk4U=
+github.com/blevesearch/go-faiss v1.0.25/go.mod h1:OMGQwOaRRYxrmeNdMrXJPvVx8gBnvE5RYrr0BahNnkk=
 github.com/blevesearch/go-porterstemmer v1.0.3 h1:GtmsqID0aZdCSNiY8SkuPJ12pD4jI+DdXTAn4YRcHCo=
 github.com/blevesearch/go-porterstemmer v1.0.3/go.mod h1:angGc5Ht+k2xhJdZi511LtmxuEf0OVpvUUNrwmM1P7M=
 github.com/blevesearch/gtreap v0.1.1 h1:2JWigFrzDMR+42WGIN/V2p0cUvn4UP3C4Q5nmaZGW8Y=
 github.com/blevesearch/gtreap v0.1.1/go.mod h1:QaQyDRAT51sotthUWAH4Sj08awFSSWzgYICSZ3w0tYk=
 github.com/blevesearch/mmap-go v1.0.4 h1:OVhDhT5B/M1HNPpYPBKIEJaD0F3Si+CrEKULGCDPWmc=
 github.com/blevesearch/mmap-go v1.0.4/go.mod h1:EWmEAOmdAS9z/pi/+Toxu99DnsbhG1TIxUoRmJw/pSs=
-github.com/blevesearch/scorch_segment_api/v2 v2.2.16 h1:uGvKVvG7zvSxCwcm4/ehBa9cCEuZVE+/zvrSl57QUVY=
-github.com/blevesearch/scorch_segment_api/v2 v2.2.16/go.mod h1:VF5oHVbIFTu+znY1v30GjSpT5+9YFs9dV2hjvuh34F0=
+github.com/blevesearch/scorch_segment_api/v2 v2.3.9 h1:X6nJXnNHl7nasXW+U6y2Ns2Aw8F9STszkYkyBfQ+p0o=
+github.com/blevesearch/scorch_segment_api/v2 v2.3.9/go.mod h1:IrzspZlVjhf4X29oJiEhBxEteTqOY9RlYlk1lCmYHr4=
 github.com/blevesearch/segment v0.9.1 h1:+dThDy+Lvgj5JMxhmOVlgFfkUtZV2kw49xax4+jTfSU=
 github.com/blevesearch/segment v0.9.1/go.mod h1:zN21iLm7+GnBHWTao9I+Au/7MBiL8pPFtJBJTsk6kQw=
 github.com/blevesearch/snowballstem v0.9.0 h1:lMQ189YspGP6sXvZQ4WZ+MLawfV8wOmPoD/iWeNXm8s=
 github.com/blevesearch/snowballstem v0.9.0/go.mod h1:PivSj3JMc8WuaFkTSRDW2SlrulNWPl4ABg1tC/hlgLs=
 github.com/blevesearch/upsidedown_store_api v1.0.2 h1:U53Q6YoWEARVLd1OYNc9kvhBMGZzVrdmaozG2MfoB+A=
 github.com/blevesearch/upsidedown_store_api v1.0.2/go.mod h1:M01mh3Gpfy56Ps/UXHjEO/knbqyQ1Oamg8If49gRwrQ=
-github.com/blevesearch/vellum v1.0.10 h1:HGPJDT2bTva12hrHepVT3rOyIKFFF4t7Gf6yMxyMIPI=
-github.com/blevesearch/vellum v1.0.10/go.mod h1:ul1oT0FhSMDIExNjIxHqJoGpVrBpKCdgDQNxfqgJt7k=
-github.com/blevesearch/zapx/v11 v11.3.10 h1:hvjgj9tZ9DeIqBCxKhi70TtSZYMdcFn7gDb71Xo/fvk=
-github.com/blevesearch/zapx/v11 v11.3.10/go.mod h1:0+gW+FaE48fNxoVtMY5ugtNHHof/PxCqh7CnhYdnMzQ=
-github.com/blevesearch/zapx/v12 v12.3.10 h1:yHfj3vXLSYmmsBleJFROXuO08mS3L1qDCdDK81jDl8s=
-github.com/blevesearch/zapx/v12 v12.3.10/go.mod h1:0yeZg6JhaGxITlsS5co73aqPtM04+ycnI6D1v0mhbCs=
-github.com/blevesearch/zapx/v13 v13.3.10 h1:0KY9tuxg06rXxOZHg3DwPJBjniSlqEgVpxIqMGahDE8=
-github.com/blevesearch/zapx/v13 v13.3.10/go.mod h1:w2wjSDQ/WBVeEIvP0fvMJZAzDwqwIEzVPnCPrz93yAk=
-github.com/blevesearch/zapx/v14 v14.3.10 h1:SG6xlsL+W6YjhX5N3aEiL/2tcWh3DO75Bnz77pSwwKU=
-github.com/blevesearch/zapx/v14 v14.3.10/go.mod h1:qqyuR0u230jN1yMmE4FIAuCxmahRQEOehF78m6oTgns=
-github.com/blevesearch/zapx/v15 v15.3.16 h1:Ct3rv7FUJPfPk99TI/OofdC+Kpb4IdyfdMH48sb+FmE=
-github.com/blevesearch/zapx/v15 v15.3.16/go.mod h1:Turk/TNRKj9es7ZpKK95PS7f6D44Y7fAFy8F4LXQtGg=
-github.com/blevesearch/zapx/v16 v16.1.9-0.20241217210638-a0519e7caf3b h1:ju9Az5YgrzCeK3M1QwvZIpxYhChkXp7/L0RhDYsxXoE=
-github.com/blevesearch/zapx/v16 v16.1.9-0.20241217210638-a0519e7caf3b/go.mod h1:BlrYNpOu4BvVRslmIG+rLtKhmjIaRhIbG8sb9scGTwI=
+github.com/blevesearch/vellum v1.1.0 h1:CinkGyIsgVlYf8Y2LUQHvdelgXr6PYuvoDIajq6yR9w=
+github.com/blevesearch/vellum v1.1.0/go.mod h1:QgwWryE8ThtNPxtgWJof5ndPfx0/YMBh+W2weHKPw8Y=
+github.com/blevesearch/zapx/v11 v11.4.1 h1:qFCPlFbsEdwbbckJkysptSQOsHn4s6ZOHL5GMAIAVHA=
+github.com/blevesearch/zapx/v11 v11.4.1/go.mod h1:qNOGxIqdPC1MXauJCD9HBG487PxviTUUbmChFOAosGs=
+github.com/blevesearch/zapx/v12 v12.4.1 h1:K77bhypII60a4v8mwvav7r4IxWA8qxhNjgF9xGdb9eQ=
+github.com/blevesearch/zapx/v12 v12.4.1/go.mod h1:QRPrlPOzAxBNMI0MkgdD+xsTqx65zbuPr3Ko4Re49II=
+github.com/blevesearch/zapx/v13 v13.4.1 h1:EnkEMZFUK0lsW/jOJJF2xOcp+W8TjEsyeN5BeAZEYYE=
+github.com/blevesearch/zapx/v13 v13.4.1/go.mod h1:e6duBMlCvgbH9rkzNMnUa9hRI9F7ri2BRcHfphcmGn8=
+github.com/blevesearch/zapx/v14 v14.4.1 h1:G47kGCshknBZzZAtjcnIAMn3oNx8XBLxp8DMq18ogyE=
+github.com/blevesearch/zapx/v14 v14.4.1/go.mod h1:O7sDxiaL2r2PnCXbhh1Bvm7b4sP+jp4unE9DDPWGoms=
+github.com/blevesearch/zapx/v15 v15.4.1 h1:B5IoTMUCEzFdc9FSQbhVOxAY+BO17c05866fNruiI7g=
+github.com/blevesearch/zapx/v15 v15.4.1/go.mod h1:b/MreHjYeQoLjyY2+UaM0hGZZUajEbE0xhnr1A2/Q6Y=
+github.com/blevesearch/zapx/v16 v16.2.2 h1:MifKJVRTEhMTgSlle2bDRTb39BGc9jXFRLPZc6r0Rzk=
+github.com/blevesearch/zapx/v16 v16.2.2/go.mod h1:B9Pk4G1CqtErgQV9DyCSA9Lb7WZe4olYfGw7fVDZ4sk=
 github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
@@ -769,8 +769,8 @@ github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/buildkite/terminal-to-html/v3 v3.16.8 h1:QN/daUob6cmK8GcdKnwn9+YTlPr1vNj+oeAIiJK6fPc=
 github.com/buildkite/terminal-to-html/v3 v3.16.8/go.mod h1:+k1KVKROZocrTLsEQ9PEf9A+8+X8uaVV5iO1ZIOwKYM=
-github.com/caddyserver/certmagic v0.22.2 h1:qzZURXlrxwR5m25/jpvVeEyJHeJJMvAwe5zlMufOTQk=
-github.com/caddyserver/certmagic v0.22.2/go.mod h1:hbqE7BnkjhX5IJiFslPmrSeobSeZvI6ux8tyxhsd6qs=
+github.com/caddyserver/certmagic v0.23.0 h1:CfpZ/50jMfG4+1J/u2LV6piJq4HOfO6ppOnOf7DkFEU=
+github.com/caddyserver/certmagic v0.23.0/go.mod h1:9mEZIWqqWoI+Gf+4Trh04MOVPD0tGSxtqsxg87hAIH4=
 github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+YTAyA=
 github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -893,8 +893,8 @@ github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
-github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
+github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
 github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@@ -1203,8 +1203,8 @@ github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
@@ -1228,8 +1228,8 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/libdns/libdns v0.2.3 h1:ba30K4ObwMGB/QTmqUxf3H4/GmUrCAIkMWejeGl12v8=
-github.com/libdns/libdns v0.2.3/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
+github.com/libdns/libdns v1.0.0-beta.1 h1:KIf4wLfsrEpXpZ3vmc/poM8zCATXT2klbdPe6hyOBjQ=
+github.com/libdns/libdns v1.0.0-beta.1/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
 github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0 h1:F/3FfGmKdiKFa8kL3YrpZ7pe9H4l4AzA1pbaOUnRvPI=
 github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0/go.mod h1:JEfTc3+2DF9Z4PXhLLvXL42zexJyh8rIq3OzUj/0rAk=
 github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA=
@@ -1252,12 +1252,12 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
 github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.27 h1:drZCnuvf37yPfs95E5jd9s3XhdVWLal+6BOK6qrv6IU=
-github.com/mattn/go-sqlite3 v1.14.27/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEum7A=
+github.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/meilisearch/meilisearch-go v0.31.0 h1:yZRhY1qJqdH8h6GFZALGtkDLyj8f9v5aJpsNMyrUmnY=
 github.com/meilisearch/meilisearch-go v0.31.0/go.mod h1:aNtyuwurDg/ggxQIcKqWH6G9g2ptc8GyY7PLY4zMn/g=
-github.com/mholt/acmez/v3 v3.1.1 h1:Jh+9uKHkPxUJdxM16q5mOr+G2V0aqkuFtNA28ihCxhQ=
-github.com/mholt/acmez/v3 v3.1.1/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
+github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=
+github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
 github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=
 github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=
 github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY=
@@ -1268,8 +1268,8 @@ github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY
 github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.88 h1:v8MoIJjwYxOkehp+eiLIuvXk87P2raUtoU5klrAAshs=
-github.com/minio/minio-go/v7 v7.0.88/go.mod h1:33+O8h0tO7pCeCWwBVa07RhVVfB/3vS4kEX7rwYKmIg=
+github.com/minio/minio-go/v7 v7.0.90 h1:TmSj1083wtAD0kEYTx7a5pFsv3iRYMsOJ6A4crjA1lE=
+github.com/minio/minio-go/v7 v7.0.90/go.mod h1:uvMUcGrpgeSAAI6+sD3818508nUyMULw94j2Nxku/Go=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -1454,8 +1454,8 @@ github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l
 github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
 gitlab.com/gitlab-org/api/client-go v0.126.0 h1:VV5TdkF6pMbEdFGvbR2CwEgJwg6qdg1u3bj5eD2tiWk=
 gitlab.com/gitlab-org/api/client-go v0.126.0/go.mod h1:bYC6fPORKSmtuPRyD9Z2rtbAjE7UeNatu2VWHRf4/LE=
-go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
-go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
+go.etcd.io/bbolt v1.4.0 h1:TU77id3TnN/zKr7CO/uk+fBCwF2jGcMuw2B/FMAzYIk=
+go.etcd.io/bbolt v1.4.0/go.mod h1:AsD+OCi/qPN1giOX1aiLAha3o1U8rAz65bvN4j0sRuk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1491,8 +1491,8 @@ go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
-go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
+go.uber.org/mock v0.5.1 h1:ASgazW/qBmR+A32MYFDB6E2POoTgOwT509VP0CT/fjs=
+go.uber.org/mock v0.5.1/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
@@ -1514,8 +1514,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1546,8 +1546,8 @@ golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeap
 golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
 golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
 golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
-golang.org/x/image v0.25.0 h1:Y6uW6rH1y5y/LK1J8BPWZtr6yZ7hrsy6hFrXjgsc2fQ=
-golang.org/x/image v0.25.0/go.mod h1:tCAmOEGthTtkalusGp1g3xa2gke8J6c2N565dTyl9Rs=
+golang.org/x/image v0.26.0 h1:4XjIFEZWQmCZi6Wv8BoxsDhRU3RVnLX04dToTDAEPlY=
+golang.org/x/image v0.26.0/go.mod h1:lcxbMFAovzpnJxzXS3nyL83K27tmqtKzIJpctK8YO5c=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1647,8 +1647,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1678,8 +1678,8 @@ golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec
 golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
 golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
 golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
-golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
-golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98=
+golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1700,8 +1700,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1793,8 +1793,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1809,8 +1809,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1831,8 +1831,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2215,6 +2215,7 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/models/actions/run.go b/models/actions/run.go
index 671177a892..c1e04071a8 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -185,75 +185,6 @@ func updateRepoRunsNumbers(ctx context.Context, repo *repo_model.Repository) err
 	return err
 }
 
-// CancelPreviousJobs cancels all previous jobs of the same repository, reference, workflow, and event.
-// It's useful when a new run is triggered, and all previous runs needn't be continued anymore.
-func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID string, event webhook_module.HookEventType) error {
-	// Find all runs in the specified repository, reference, and workflow with non-final status
-	runs, total, err := db.FindAndCount[ActionRun](ctx, FindRunOptions{
-		RepoID:       repoID,
-		Ref:          ref,
-		WorkflowID:   workflowID,
-		TriggerEvent: event,
-		Status:       []Status{StatusRunning, StatusWaiting, StatusBlocked},
-	})
-	if err != nil {
-		return err
-	}
-
-	// If there are no runs found, there's no need to proceed with cancellation, so return nil.
-	if total == 0 {
-		return nil
-	}
-
-	// Iterate over each found run and cancel its associated jobs.
-	for _, run := range runs {
-		// Find all jobs associated with the current run.
-		jobs, err := db.Find[ActionRunJob](ctx, FindRunJobOptions{
-			RunID: run.ID,
-		})
-		if err != nil {
-			return err
-		}
-
-		// Iterate over each job and attempt to cancel it.
-		for _, job := range jobs {
-			// Skip jobs that are already in a terminal state (completed, cancelled, etc.).
-			status := job.Status
-			if status.IsDone() {
-				continue
-			}
-
-			// If the job has no associated task (probably an error), set its status to 'Cancelled' and stop it.
-			if job.TaskID == 0 {
-				job.Status = StatusCancelled
-				job.Stopped = timeutil.TimeStampNow()
-
-				// Update the job's status and stopped time in the database.
-				n, err := UpdateRunJob(ctx, job, builder.Eq{"task_id": 0}, "status", "stopped")
-				if err != nil {
-					return err
-				}
-
-				// If the update affected 0 rows, it means the job has changed in the meantime, so we need to try again.
-				if n == 0 {
-					return fmt.Errorf("job has changed, try again")
-				}
-
-				// Continue with the next job.
-				continue
-			}
-
-			// If the job has an associated task, try to stop the task, effectively cancelling the job.
-			if err := StopTask(ctx, job.TaskID, StatusCancelled); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Return nil to indicate successful cancellation of all running and waiting jobs.
-	return nil
-}
-
 // InsertRun inserts a run
 // The title will be cut off at 255 characters if it's longer than 255 characters.
 func InsertRun(ctx context.Context, run *ActionRun, jobs []*jobparser.SingleWorkflow) error {
diff --git a/models/actions/schedule.go b/models/actions/schedule.go
index 633582e017..cc68e9eafc 100644
--- a/models/actions/schedule.go
+++ b/models/actions/schedule.go
@@ -5,7 +5,6 @@ package actions
 
 import (
 	"context"
-	"fmt"
 	"time"
 
 	"forgejo.org/models/db"
@@ -119,27 +118,6 @@ func DeleteScheduleTaskByRepo(ctx context.Context, id int64) error {
 	return committer.Commit()
 }
 
-func CleanRepoScheduleTasks(ctx context.Context, repo *repo_model.Repository, cancelPreviousJobs bool) error {
-	// If actions disabled when there is schedule task, this will remove the outdated schedule tasks
-	// There is no other place we can do this because the app.ini will be changed manually
-	if err := DeleteScheduleTaskByRepo(ctx, repo.ID); err != nil {
-		return fmt.Errorf("DeleteCronTaskByRepo: %v", err)
-	}
-	if cancelPreviousJobs {
-		// cancel running cron jobs of this repository and delete old schedules
-		if err := CancelPreviousJobs(
-			ctx,
-			repo.ID,
-			repo.DefaultBranch,
-			"",
-			webhook_module.HookEventSchedule,
-		); err != nil {
-			return fmt.Errorf("CancelPreviousJobs: %v", err)
-		}
-	}
-	return nil
-}
-
 type FindScheduleOptions struct {
 	db.ListOptions
 	RepoID  int64
diff --git a/models/actions/task.go b/models/actions/task.go
index 63cbc6e586..c68b5b97ff 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -17,10 +17,8 @@ import (
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
-	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
 	lru "github.com/hashicorp/golang-lru/v2"
 	"github.com/nektos/act/pkg/jobparser"
-	"google.golang.org/protobuf/types/known/timestamppb"
 	"xorm.io/builder"
 )
 
@@ -337,140 +335,6 @@ func UpdateTask(ctx context.Context, task *ActionTask, cols ...string) error {
 	return err
 }
 
-// UpdateTaskByState updates the task by the state.
-// It will always update the task if the state is not final, even there is no change.
-// So it will update ActionTask.Updated to avoid the task being judged as a zombie task.
-func UpdateTaskByState(ctx context.Context, runnerID int64, state *runnerv1.TaskState) (*ActionTask, error) {
-	stepStates := map[int64]*runnerv1.StepState{}
-	for _, v := range state.Steps {
-		stepStates[v.Id] = v
-	}
-
-	ctx, commiter, err := db.TxContext(ctx)
-	if err != nil {
-		return nil, err
-	}
-	defer commiter.Close()
-
-	e := db.GetEngine(ctx)
-
-	task := &ActionTask{}
-	if has, err := e.ID(state.Id).Get(task); err != nil {
-		return nil, err
-	} else if !has {
-		return nil, util.ErrNotExist
-	} else if runnerID != task.RunnerID {
-		return nil, fmt.Errorf("invalid runner for task")
-	}
-
-	if task.Status.IsDone() {
-		// the state is final, do nothing
-		return task, nil
-	}
-
-	// state.Result is not unspecified means the task is finished
-	if state.Result != runnerv1.Result_RESULT_UNSPECIFIED {
-		task.Status = Status(state.Result)
-		task.Stopped = timeutil.TimeStamp(state.StoppedAt.AsTime().Unix())
-		if err := UpdateTask(ctx, task, "status", "stopped"); err != nil {
-			return nil, err
-		}
-		if _, err := UpdateRunJob(ctx, &ActionRunJob{
-			ID:      task.JobID,
-			Status:  task.Status,
-			Stopped: task.Stopped,
-		}, nil); err != nil {
-			return nil, err
-		}
-	} else {
-		// Force update ActionTask.Updated to avoid the task being judged as a zombie task
-		task.Updated = timeutil.TimeStampNow()
-		if err := UpdateTask(ctx, task, "updated"); err != nil {
-			return nil, err
-		}
-	}
-
-	if err := task.LoadAttributes(ctx); err != nil {
-		return nil, err
-	}
-
-	for _, step := range task.Steps {
-		var result runnerv1.Result
-		if v, ok := stepStates[step.Index]; ok {
-			result = v.Result
-			step.LogIndex = v.LogIndex
-			step.LogLength = v.LogLength
-			step.Started = convertTimestamp(v.StartedAt)
-			step.Stopped = convertTimestamp(v.StoppedAt)
-		}
-		if result != runnerv1.Result_RESULT_UNSPECIFIED {
-			step.Status = Status(result)
-		} else if step.Started != 0 {
-			step.Status = StatusRunning
-		}
-		if _, err := e.ID(step.ID).Update(step); err != nil {
-			return nil, err
-		}
-	}
-
-	if err := commiter.Commit(); err != nil {
-		return nil, err
-	}
-
-	return task, nil
-}
-
-func StopTask(ctx context.Context, taskID int64, status Status) error {
-	if !status.IsDone() {
-		return fmt.Errorf("cannot stop task with status %v", status)
-	}
-	e := db.GetEngine(ctx)
-
-	task := &ActionTask{}
-	if has, err := e.ID(taskID).Get(task); err != nil {
-		return err
-	} else if !has {
-		return util.ErrNotExist
-	}
-	if task.Status.IsDone() {
-		return nil
-	}
-
-	now := timeutil.TimeStampNow()
-	task.Status = status
-	task.Stopped = now
-	if _, err := UpdateRunJob(ctx, &ActionRunJob{
-		ID:      task.JobID,
-		Status:  task.Status,
-		Stopped: task.Stopped,
-	}, nil); err != nil {
-		return err
-	}
-
-	if err := UpdateTask(ctx, task, "status", "stopped"); err != nil {
-		return err
-	}
-
-	if err := task.LoadAttributes(ctx); err != nil {
-		return err
-	}
-
-	for _, step := range task.Steps {
-		if !step.Status.IsDone() {
-			step.Status = status
-			if step.Started == 0 {
-				step.Started = now
-			}
-			step.Stopped = now
-		}
-		if _, err := e.ID(step.ID).Update(step); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
 func FindOldTasksToExpire(ctx context.Context, olderThan timeutil.TimeStamp, limit int) ([]*ActionTask, error) {
 	e := db.GetEngine(ctx)
 
@@ -481,13 +345,6 @@ func FindOldTasksToExpire(ctx context.Context, olderThan timeutil.TimeStamp, lim
 		Find(&tasks)
 }
 
-func convertTimestamp(timestamp *timestamppb.Timestamp) timeutil.TimeStamp {
-	if timestamp.GetSeconds() == 0 && timestamp.GetNanos() == 0 {
-		return timeutil.TimeStamp(0)
-	}
-	return timeutil.TimeStamp(timestamp.AsTime().Unix())
-}
-
 func logFileName(repoFullName string, taskID int64) string {
 	ret := fmt.Sprintf("%s/%02x/%d.log", repoFullName, taskID%256, taskID)
 
diff --git a/models/asymkey/gpg_key_object_verification.go b/models/asymkey/gpg_key_object_verification.go
index 407a29c221..ae2ee3661d 100644
--- a/models/asymkey/gpg_key_object_verification.go
+++ b/models/asymkey/gpg_key_object_verification.go
@@ -201,7 +201,7 @@ func ParseObjectWithSignature(ctx context.Context, c *GitObject) *ObjectVerifica
 		}
 	}
 
-	if setting.Repository.Signing.SigningKey != "" && setting.Repository.Signing.SigningKey != "default" && setting.Repository.Signing.SigningKey != "none" {
+	if setting.Repository.Signing.Format == "openpgp" && setting.Repository.Signing.SigningKey != "" && setting.Repository.Signing.SigningKey != "default" && setting.Repository.Signing.SigningKey != "none" {
 		// OK we should try the default key
 		gpgSettings := git.GPGSettings{
 			Sign:  true,
diff --git a/models/asymkey/ssh_key_object_verification.go b/models/asymkey/ssh_key_object_verification.go
index e0476fe5a8..5d933d35f9 100644
--- a/models/asymkey/ssh_key_object_verification.go
+++ b/models/asymkey/ssh_key_object_verification.go
@@ -12,8 +12,10 @@ import (
 	"forgejo.org/models/db"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/setting"
 
 	"github.com/42wim/sshsig"
+	"golang.org/x/crypto/ssh"
 )
 
 // ParseObjectWithSSHSignature check if signature is good against keystore.
@@ -62,6 +64,22 @@ func ParseObjectWithSSHSignature(ctx context.Context, c *GitObject, committer *u
 		}
 	}
 
+	// If the SSH instance key is set, try to verify it with that key.
+	if setting.SSHInstanceKey != nil {
+		instanceSSHKey := &PublicKey{
+			Content:     string(ssh.MarshalAuthorizedKey(setting.SSHInstanceKey)),
+			Fingerprint: ssh.FingerprintSHA256(setting.SSHInstanceKey),
+		}
+		instanceUser := &user_model.User{
+			Name:  setting.Repository.Signing.SigningName,
+			Email: setting.Repository.Signing.SigningEmail,
+		}
+		commitVerification := verifySSHObjectVerification(c.Signature.Signature, c.Signature.Payload, instanceSSHKey, committer, instanceUser, setting.Repository.Signing.SigningEmail)
+		if commitVerification != nil {
+			return commitVerification
+		}
+	}
+
 	return &ObjectVerification{
 		CommittingUser: committer,
 		Verified:       false,
diff --git a/models/asymkey/ssh_key_object_verification_test.go b/models/asymkey/ssh_key_object_verification_test.go
index 5d1b7edc27..4bfd79d56e 100644
--- a/models/asymkey/ssh_key_object_verification_test.go
+++ b/models/asymkey/ssh_key_object_verification_test.go
@@ -4,6 +4,7 @@
 package asymkey
 
 import (
+	"os"
 	"testing"
 
 	"forgejo.org/models/db"
@@ -15,6 +16,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/crypto/ssh"
 )
 
 func TestParseCommitWithSSHSignature(t *testing.T) {
@@ -150,4 +152,43 @@ muPLbvEduU+Ze/1Ol1pgk=
 		assert.Equal(t, "user2 / SHA256:TKfwbZMR7e9OnlV2l1prfah1TXH8CmqR0PvFEXVCXA4", commitVerification.Reason)
 		assert.Equal(t, sshKey, commitVerification.SigningSSHKey)
 	})
+
+	t.Run("Instance key", func(t *testing.T) {
+		pubKeyContent, err := os.ReadFile("../../tests/integration/ssh-signing-key.pub")
+		require.NoError(t, err)
+		pubKey, _, _, _, err := ssh.ParseAuthorizedKey(pubKeyContent)
+		require.NoError(t, err)
+
+		defer test.MockVariableValue(&setting.Repository.Signing.SigningName, "UwU")()
+		defer test.MockVariableValue(&setting.Repository.Signing.SigningEmail, "fox@example.com")()
+		defer test.MockVariableValue(&setting.SSHInstanceKey, pubKey)()
+
+		gitCommit := &git.Commit{
+			Committer: &git.Signature{
+				Email: "fox@example.com",
+			},
+			Signature: &git.ObjectSignature{
+				Payload: `tree f96f1a4f1a51dc42e2983592f503980b60b8849c
+parent 93f84db542dd8c6e952c8130bc2fcbe2e299b8b4
+author OwO <instance@example.com> 1738961379 +0100
+committer UwU <fox@example.com> 1738961379 +0100
+
+Fox
+`,
+				Signature: `-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgV5ELwZ8XJe2LLR/UTuEu/vsFdb
+t7ry0W8hyzz/b1iocAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
+AAAAQCnyMRkWVVNoZxZkvi/ZoknUhs4LNBmEwZs9e9214WIt+mhKfc6BiHoE2qeluR2McD
+Y5RzHnA8Ke9wXddEePCQE=
+-----END SSH SIGNATURE-----
+`,
+			},
+		}
+
+		o := commitToGitObject(gitCommit)
+		commitVerification := ParseObjectWithSSHSignature(db.DefaultContext, &o, user2)
+		assert.True(t, commitVerification.Verified)
+		assert.Equal(t, "UwU / SHA256:QttK41r/zMUeAW71b5UgVSb8xGFF/DlZJ6TyADW+uoI", commitVerification.Reason)
+		assert.Equal(t, "SHA256:QttK41r/zMUeAW71b5UgVSb8xGFF/DlZJ6TyADW+uoI", commitVerification.SigningSSHKey.Fingerprint)
+	})
 }
diff --git a/models/auth/access_token_scope.go b/models/auth/access_token_scope.go
index 802ad5aa07..d14838cf02 100644
--- a/models/auth/access_token_scope.go
+++ b/models/auth/access_token_scope.go
@@ -283,6 +283,10 @@ func (s AccessTokenScope) Normalize() (AccessTokenScope, error) {
 	return bitmap.toScope(), nil
 }
 
+func (s AccessTokenScope) HasPermissionScope() bool {
+	return s != "" && s != AccessTokenScopePublicOnly
+}
+
 // PublicOnly checks if this token scope is limited to public resources
 func (s AccessTokenScope) PublicOnly() (bool, error) {
 	bitmap, err := s.parse()
diff --git a/models/fixtures/TestPackagesGetOrInsertBlob/package_blob.yml b/models/fixtures/TestPackagesGetOrInsertBlob/package_blob.yml
new file mode 100644
index 0000000000..ec90787c43
--- /dev/null
+++ b/models/fixtures/TestPackagesGetOrInsertBlob/package_blob.yml
@@ -0,0 +1,17 @@
+-
+  id: 1
+  size: 10
+  hash_md5: HASHMD5_1
+  hash_sha1: HASHSHA1_1
+  hash_sha256: HASHSHA256_1
+  hash_sha512: HASHSHA512_1
+  hash_blake2b: HASHBLAKE2B_1
+  created_unix: 946687980
+-
+  id: 2
+  size: 20
+  hash_md5: HASHMD5_2
+  hash_sha1: HASHSHA1_2
+  hash_sha256: HASHSHA256_2
+  hash_sha512: HASHSHA512_2
+  created_unix: 946687980
diff --git a/models/forgefed/federationhost.go b/models/forgefed/federationhost.go
index 7db49e58e8..29f1b7d28e 100644
--- a/models/forgefed/federationhost.go
+++ b/models/forgefed/federationhost.go
@@ -1,4 +1,4 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
+// Copyright 2024, 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package forgefed
@@ -19,18 +19,22 @@ type FederationHost struct {
 	ID             int64                  `xorm:"pk autoincr"`
 	HostFqdn       string                 `xorm:"host_fqdn UNIQUE INDEX VARCHAR(255) NOT NULL"`
 	NodeInfo       NodeInfo               `xorm:"extends NOT NULL"`
+	HostPort       uint16                 `xorm:"NOT NULL DEFAULT 443"`
+	HostSchema     string                 `xorm:"NOT NULL DEFAULT 'https'"`
 	LatestActivity time.Time              `xorm:"NOT NULL"`
-	Created        timeutil.TimeStamp     `xorm:"created"`
-	Updated        timeutil.TimeStamp     `xorm:"updated"`
 	KeyID          sql.NullString         `xorm:"key_id UNIQUE"`
 	PublicKey      sql.Null[sql.RawBytes] `xorm:"BLOB"`
+	Created        timeutil.TimeStamp     `xorm:"created"`
+	Updated        timeutil.TimeStamp     `xorm:"updated"`
 }
 
 // Factory function for FederationHost. Created struct is asserted to be valid.
-func NewFederationHost(nodeInfo NodeInfo, hostFqdn string) (FederationHost, error) {
+func NewFederationHost(hostFqdn string, nodeInfo NodeInfo, port uint16, schema string) (FederationHost, error) {
 	result := FederationHost{
-		HostFqdn: strings.ToLower(hostFqdn),
-		NodeInfo: nodeInfo,
+		HostFqdn:   strings.ToLower(hostFqdn),
+		NodeInfo:   nodeInfo,
+		HostPort:   port,
+		HostSchema: schema,
 	}
 	if valid, err := validation.IsValid(result); !valid {
 		return FederationHost{}, err
@@ -43,6 +47,8 @@ func (host FederationHost) Validate() []string {
 	var result []string
 	result = append(result, validation.ValidateNotEmpty(host.HostFqdn, "HostFqdn")...)
 	result = append(result, validation.ValidateMaxLen(host.HostFqdn, 255, "HostFqdn")...)
+	result = append(result, validation.ValidateNotEmpty(host.HostPort, "HostPort")...)
+	result = append(result, validation.ValidateNotEmpty(host.HostSchema, "HostSchema")...)
 	result = append(result, host.NodeInfo.Validate()...)
 	if host.HostFqdn != strings.ToLower(host.HostFqdn) {
 		result = append(result, fmt.Sprintf("HostFqdn has to be lower case but was: %v", host.HostFqdn))
diff --git a/models/forgefed/federationhost_repository.go b/models/forgefed/federationhost_repository.go
index fa1f906824..687966605f 100644
--- a/models/forgefed/federationhost_repository.go
+++ b/models/forgefed/federationhost_repository.go
@@ -6,7 +6,6 @@ package forgefed
 import (
 	"context"
 	"fmt"
-	"strings"
 
 	"forgejo.org/models/db"
 	"forgejo.org/modules/validation"
@@ -44,8 +43,18 @@ func findFederationHostFromDB(ctx context.Context, searchKey, searchValue string
 	return host, nil
 }
 
-func FindFederationHostByFqdn(ctx context.Context, fqdn string) (*FederationHost, error) {
-	return findFederationHostFromDB(ctx, "host_fqdn=?", strings.ToLower(fqdn))
+func FindFederationHostByFqdnAndPort(ctx context.Context, fqdn string, port uint16) (*FederationHost, error) {
+	host := new(FederationHost)
+	has, err := db.GetEngine(ctx).Where("host_fqdn=? AND host_port=?", fqdn, port).Get(host)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, nil
+	}
+	if res, err := validation.IsValid(host); !res {
+		return nil, err
+	}
+	return host, nil
 }
 
 func FindFederationHostByKeyID(ctx context.Context, keyID string) (*FederationHost, error) {
diff --git a/models/forgefed/federationhost_test.go b/models/forgefed/federationhost_test.go
index 7e48a41d3b..824495c9cb 100644
--- a/models/forgefed/federationhost_test.go
+++ b/models/forgefed/federationhost_test.go
@@ -18,6 +18,8 @@ func Test_FederationHostValidation(t *testing.T) {
 			SoftwareName: "forgejo",
 		},
 		LatestActivity: time.Now(),
+		HostPort:       443,
+		HostSchema:     "https",
 	}
 	if res, err := validation.IsValid(sut); !res {
 		t.Errorf("sut should be valid but was %q", err)
@@ -29,6 +31,8 @@ func Test_FederationHostValidation(t *testing.T) {
 			SoftwareName: "forgejo",
 		},
 		LatestActivity: time.Now(),
+		HostPort:       443,
+		HostSchema:     "https",
 	}
 	if res, _ := validation.IsValid(sut); res {
 		t.Errorf("sut should be invalid: HostFqdn empty")
@@ -40,6 +44,8 @@ func Test_FederationHostValidation(t *testing.T) {
 			SoftwareName: "forgejo",
 		},
 		LatestActivity: time.Now(),
+		HostPort:       443,
+		HostSchema:     "https",
 	}
 	if res, _ := validation.IsValid(sut); res {
 		t.Errorf("sut should be invalid: HostFqdn too long (len=256)")
@@ -49,6 +55,8 @@ func Test_FederationHostValidation(t *testing.T) {
 		HostFqdn:       "host.do.main",
 		NodeInfo:       NodeInfo{},
 		LatestActivity: time.Now(),
+		HostPort:       443,
+		HostSchema:     "https",
 	}
 	if res, _ := validation.IsValid(sut); res {
 		t.Errorf("sut should be invalid: NodeInfo invalid")
@@ -60,6 +68,8 @@ func Test_FederationHostValidation(t *testing.T) {
 			SoftwareName: "forgejo",
 		},
 		LatestActivity: time.Now().Add(1 * time.Hour),
+		HostPort:       443,
+		HostSchema:     "https",
 	}
 	if res, _ := validation.IsValid(sut); res {
 		t.Errorf("sut should be invalid: Future timestamp")
@@ -71,6 +81,8 @@ func Test_FederationHostValidation(t *testing.T) {
 			SoftwareName: "forgejo",
 		},
 		LatestActivity: time.Now(),
+		HostPort:       443,
+		HostSchema:     "https",
 	}
 	if res, _ := validation.IsValid(sut); res {
 		t.Errorf("sut should be invalid: HostFqdn lower case")
diff --git a/models/forgejo_migrations/migrate.go b/models/forgejo_migrations/migrate.go
index ef446add4e..73226c525f 100644
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@@ -96,6 +96,8 @@ var migrations = []*Migration{
 	NewMigration("Add pronoun privacy settings to user", AddHidePronounsOptionToUser),
 	// v28 -> v29
 	NewMigration("Add public key information to `FederatedUser` and `FederationHost`", AddPublicKeyInformationForFederation),
+	// v29 -> v30
+	NewMigration("Migrate `User.NormalizedFederatedURI` column to extract port & schema into FederatedHost", MigrateNormalizedFederatedURI),
 }
 
 // GetCurrentDBVersion returns the current Forgejo database version.
diff --git a/models/forgejo_migrations/v26.go b/models/forgejo_migrations/v26.go
index 5efe48a302..3292d93ffd 100644
--- a/models/forgejo_migrations/v26.go
+++ b/models/forgejo_migrations/v26.go
@@ -7,8 +7,8 @@ import "xorm.io/xorm"
 
 func AddHashBlake2bToPackageBlob(x *xorm.Engine) error {
 	type PackageBlob struct {
-		ID          int64 `xorm:"pk autoincr"`
-		HashBlake2b string
+		ID          int64  `xorm:"pk autoincr"`
+		HashBlake2b string `xorm:"hash_blake2b char(128) UNIQUE(blake2b) INDEX"`
 	}
 	return x.Sync(&PackageBlob{})
 }
diff --git a/models/forgejo_migrations/v30.go b/models/forgejo_migrations/v30.go
new file mode 100644
index 0000000000..6c41a55316
--- /dev/null
+++ b/models/forgejo_migrations/v30.go
@@ -0,0 +1,106 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgejo_migrations //nolint:revive
+
+import (
+	"time"
+
+	"forgejo.org/models/migrations/base"
+	"forgejo.org/modules/forgefed"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func MigrateNormalizedFederatedURI(x *xorm.Engine) error {
+	// Update schema
+	type FederatedUser struct {
+		ID                    int64  `xorm:"pk autoincr"`
+		UserID                int64  `xorm:"NOT NULL"`
+		ExternalID            string `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
+		FederationHostID      int64  `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
+		NormalizedOriginalURL string
+	}
+	type User struct {
+		ID                     int64 `xorm:"pk autoincr"`
+		NormalizedFederatedURI string
+	}
+	type FederationHost struct {
+		ID             int64              `xorm:"pk autoincr"`
+		HostFqdn       string             `xorm:"host_fqdn UNIQUE INDEX VARCHAR(255) NOT NULL"`
+		NodeInfo       NodeInfo           `xorm:"extends NOT NULL"`
+		HostPort       uint16             `xorm:"NOT NULL DEFAULT 443"`
+		HostSchema     string             `xorm:"NOT NULL DEFAULT 'https'"`
+		LatestActivity time.Time          `xorm:"NOT NULL"`
+		Created        timeutil.TimeStamp `xorm:"created"`
+		Updated        timeutil.TimeStamp `xorm:"updated"`
+	}
+	if err := x.Sync(new(User), new(FederatedUser), new(FederationHost)); err != nil {
+		return err
+	}
+
+	// Migrate
+	sessMigration := x.NewSession()
+	defer sessMigration.Close()
+	if err := sessMigration.Begin(); err != nil {
+		return err
+	}
+	federatedUsers := make([]*FederatedUser, 0)
+	err := sessMigration.OrderBy("id").Find(&federatedUsers)
+	if err != nil {
+		return err
+	}
+
+	for _, federatedUser := range federatedUsers {
+		if federatedUser.NormalizedOriginalURL != "" {
+			log.Trace("migration[30]: FederatedUser was already migrated %v", federatedUser)
+		} else {
+			user := &User{}
+			has, err := sessMigration.Where("id=?", federatedUser.UserID).Get(user)
+			if err != nil {
+				return err
+			}
+
+			if !has {
+				log.Debug("migration[30]: User missing for federated user: %v", federatedUser)
+				_, err := sessMigration.Delete(federatedUser)
+				if err != nil {
+					return err
+				}
+			} else {
+				// Migrate User.NormalizedFederatedURI -> FederatedUser.NormalizedOriginalUrl
+				sql := "UPDATE `federated_user` SET `normalized_original_url` = ? WHERE `id` = ?"
+				if _, err := sessMigration.Exec(sql, user.NormalizedFederatedURI, federatedUser.FederationHostID); err != nil {
+					return err
+				}
+
+				// Migrate (Port, Schema) FederatedUser.NormalizedOriginalUrl -> FederationHost.(Port, Schema)
+				actorID, err := forgefed.NewActorID(user.NormalizedFederatedURI)
+				if err != nil {
+					return err
+				}
+				sql = "UPDATE `federation_host` SET `host_port` = ?, `host_schema` = ? WHERE `id` = ?"
+				if _, err := sessMigration.Exec(sql, actorID.HostPort, actorID.HostSchema, federatedUser.FederationHostID); err != nil {
+					return err
+				}
+			}
+		}
+	}
+
+	if err := sessMigration.Commit(); err != nil {
+		return err
+	}
+
+	// Drop User.NormalizedFederatedURI field in extra transaction
+	sessSchema := x.NewSession()
+	defer sessSchema.Close()
+	if err := sessSchema.Begin(); err != nil {
+		return err
+	}
+	if err := base.DropTableColumns(sessSchema, "user", "normalized_federated_uri"); err != nil {
+		return err
+	}
+	return sessSchema.Commit()
+}
diff --git a/models/forgejo_migrations/v30_test.go b/models/forgejo_migrations/v30_test.go
new file mode 100644
index 0000000000..f826dab815
--- /dev/null
+++ b/models/forgejo_migrations/v30_test.go
@@ -0,0 +1,81 @@
+// Copyright 2025 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations //nolint:revive
+
+import (
+	"testing"
+	"time"
+
+	migration_tests "forgejo.org/models/migrations/test"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/require"
+	"xorm.io/xorm/schemas"
+)
+
+func Test_MigrateNormalizedFederatedURI(t *testing.T) {
+	// Old structs
+	type User struct {
+		ID                     int64 `xorm:"pk autoincr"`
+		NormalizedFederatedURI string
+	}
+	type FederatedUser struct {
+		ID               int64  `xorm:"pk autoincr"`
+		UserID           int64  `xorm:"NOT NULL"`
+		ExternalID       string `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
+		FederationHostID int64  `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
+	}
+	type FederationHost struct {
+		ID             int64              `xorm:"pk autoincr"`
+		HostFqdn       string             `xorm:"host_fqdn UNIQUE INDEX VARCHAR(255) NOT NULL"`
+		SoftwareName   string             `xorm:"NOT NULL"`
+		LatestActivity time.Time          `xorm:"NOT NULL"`
+		Created        timeutil.TimeStamp `xorm:"created"`
+		Updated        timeutil.TimeStamp `xorm:"updated"`
+	}
+
+	// Prepare TestEnv
+	x, deferable := migration_tests.PrepareTestEnv(t, 0,
+		new(User),
+		new(FederatedUser),
+		new(FederationHost),
+	)
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	// test for expected results
+	getColumn := func(tn, co string) *schemas.Column {
+		tables, err := x.DBMetas()
+		require.NoError(t, err)
+		var table *schemas.Table
+		for _, elem := range tables {
+			if elem.Name == tn {
+				table = elem
+				break
+			}
+		}
+		return table.GetColumn(co)
+	}
+
+	require.NotNil(t, getColumn("user", "normalized_federated_uri"))
+	require.Nil(t, getColumn("federation_host", "host_port"))
+	require.Nil(t, getColumn("federation_host", "host_schema"))
+	cnt1, err := x.Table("federated_user").Count()
+	require.NoError(t, err)
+	require.Equal(t, int64(2), cnt1)
+
+	require.NoError(t, MigrateNormalizedFederatedURI(x))
+
+	require.Nil(t, getColumn("user", "normalized_federated_uri"))
+	require.NotNil(t, getColumn("federation_host", "host_port"))
+	require.NotNil(t, getColumn("federation_host", "host_schema"))
+	cnt2, err := x.Table("federated_user").Count()
+	require.NoError(t, err)
+	require.Equal(t, int64(1), cnt2)
+
+	// idempotent
+	require.NoError(t, MigrateNormalizedFederatedURI(x))
+}
diff --git a/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federated_user.yaml b/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federated_user.yaml
new file mode 100644
index 0000000000..dd2c347ae7
--- /dev/null
+++ b/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federated_user.yaml
@@ -0,0 +1,10 @@
+- 
+  id: 1
+  user_id: 3
+  federation_host_id: 1
+  external_id: "18"
+-   
+  id: 2
+  user_id: 999
+  federation_host_id: 1
+  external_id: "19"
diff --git a/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federation_host.yaml b/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federation_host.yaml
new file mode 100644
index 0000000000..46eeba9c69
--- /dev/null
+++ b/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/federation_host.yaml
@@ -0,0 +1,5 @@
+-
+  id: 1
+  host_fqdn: "my.host.x"
+  software_name: forgejo
+  latest_activity: 2024-04-26 14:14:50
\ No newline at end of file
diff --git a/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/user.yaml b/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/user.yaml
new file mode 100644
index 0000000000..f6d8a182b3
--- /dev/null
+++ b/models/migrations/fixtures/Test_MigrateNormalizedFederatedURI/user.yaml
@@ -0,0 +1,3 @@
+-
+  id: 3
+  normalized_federated_uri: "https://my.host.x/api/activitypub/user-id/18"
\ No newline at end of file
diff --git a/models/packages/main_test.go b/models/packages/main_test.go
new file mode 100644
index 0000000000..8114461502
--- /dev/null
+++ b/models/packages/main_test.go
@@ -0,0 +1,31 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package packages
+
+import (
+	"path/filepath"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/setting"
+
+	_ "forgejo.org/models"
+	_ "forgejo.org/models/actions"
+	_ "forgejo.org/models/activities"
+	_ "forgejo.org/models/forgefed"
+)
+
+func AddFixtures(dirs ...string) func() {
+	return unittest.OverrideFixtures(
+		unittest.FixturesOptions{
+			Dir:  filepath.Join(setting.AppWorkPath, "models/fixtures/"),
+			Base: setting.AppWorkPath,
+			Dirs: dirs,
+		},
+	)
+}
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}
diff --git a/models/packages/package_blob.go b/models/packages/package_blob.go
index e86f652540..0de4434ef8 100644
--- a/models/packages/package_blob.go
+++ b/models/packages/package_blob.go
@@ -44,14 +44,19 @@ func GetOrInsertBlob(ctx context.Context, pb *PackageBlob) (*PackageBlob, bool,
 
 	existing := &PackageBlob{}
 
-	has, err := e.Where(builder.Eq{
-		"size":         pb.Size,
-		"hash_md5":     pb.HashMD5,
-		"hash_sha1":    pb.HashSHA1,
-		"hash_sha256":  pb.HashSHA256,
-		"hash_sha512":  pb.HashSHA512,
-		"hash_blake2b": pb.HashBlake2b,
-	}).Get(existing)
+	has, err := e.Where(builder.And(
+		builder.Eq{
+			"size":        pb.Size,
+			"hash_md5":    pb.HashMD5,
+			"hash_sha1":   pb.HashSHA1,
+			"hash_sha256": pb.HashSHA256,
+			"hash_sha512": pb.HashSHA512,
+		},
+		builder.Or(
+			builder.Eq{"hash_blake2b": pb.HashBlake2b},
+			builder.IsNull{"hash_blake2b"},
+		),
+	)).Get(existing)
 	if err != nil {
 		return nil, false, err
 	}
diff --git a/models/packages/package_blob_test.go b/models/packages/package_blob_test.go
new file mode 100644
index 0000000000..3ad45a56f9
--- /dev/null
+++ b/models/packages/package_blob_test.go
@@ -0,0 +1,65 @@
+// Copyright 2025 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package packages
+
+import (
+	"testing"
+
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPackagesGetOrInsertBlob(t *testing.T) {
+	defer AddFixtures("models/fixtures/TestPackagesGetOrInsertBlob/")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	blake2bIsSet := unittest.AssertExistsAndLoadBean(t, &PackageBlob{ID: 1})
+	blake2bNotSet := unittest.AssertExistsAndLoadBean(t, &PackageBlob{ID: 2})
+
+	var blake2bSetToRandom PackageBlob
+	blake2bSetToRandom = *blake2bNotSet
+	blake2bSetToRandom.HashBlake2b = "SOMETHING RANDOM"
+
+	for _, testCase := range []struct {
+		name        string
+		exists      bool
+		packageBlob *PackageBlob
+	}{
+		{
+			name:        "exists and blake2b is not null in the database",
+			exists:      true,
+			packageBlob: blake2bIsSet,
+		},
+		{
+			name:        "exists and blake2b is null in the database",
+			exists:      true,
+			packageBlob: &blake2bSetToRandom,
+		},
+		{
+			name:   "does not exists",
+			exists: false,
+			packageBlob: &PackageBlob{
+				Size:        30,
+				HashMD5:     "HASHMD5_3",
+				HashSHA1:    "HASHSHA1_3",
+				HashSHA256:  "HASHSHA256_3",
+				HashSHA512:  "HASHSHA512_3",
+				HashBlake2b: "HASHBLAKE2B_3",
+			},
+		},
+	} {
+		t.Run(testCase.name, func(t *testing.T) {
+			found, has, _ := GetOrInsertBlob(t.Context(), testCase.packageBlob)
+			assert.Equal(t, testCase.exists, has)
+			require.NotNil(t, found)
+			if testCase.exists {
+				assert.Equal(t, found.ID, testCase.packageBlob.ID)
+			} else {
+				unittest.BeanExists(t, &PackageBlob{ID: found.ID})
+			}
+		})
+	}
+}
diff --git a/models/packages/package_test.go b/models/packages/package_test.go
index ab2d49c94c..3c1ec413fd 100644
--- a/models/packages/package_test.go
+++ b/models/packages/package_test.go
@@ -13,18 +13,9 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/require"
 )
 
-func TestMain(m *testing.M) {
-	unittest.MainTest(m)
-}
-
 func prepareExamplePackage(t *testing.T) *packages_model.Package {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
diff --git a/models/user/activitypub.go b/models/user/activitypub.go
index 490615239c..816fd8a098 100644
--- a/models/user/activitypub.go
+++ b/models/user/activitypub.go
@@ -4,13 +4,10 @@
 package user
 
 import (
-	"context"
 	"fmt"
 	"net/url"
 
-	"forgejo.org/models/db"
 	"forgejo.org/modules/setting"
-	"forgejo.org/modules/validation"
 )
 
 // APActorID returns the IRI to the api endpoint of the user
@@ -26,19 +23,3 @@ func (u *User) APActorID() string {
 func (u *User) APActorKeyID() string {
 	return u.APActorID() + "#main-key"
 }
-
-func GetUserByFederatedURI(ctx context.Context, federatedURI string) (*User, error) {
-	user := new(User)
-	has, err := db.GetEngine(ctx).Where("normalized_federated_uri=?", federatedURI).Get(user)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, nil
-	}
-
-	if res, err := validation.IsValid(*user); !res {
-		return nil, err
-	}
-
-	return user, nil
-}
diff --git a/models/user/avatar.go b/models/user/avatar.go
index 27af7f774d..d534bd7bea 100644
--- a/models/user/avatar.go
+++ b/models/user/avatar.go
@@ -62,7 +62,7 @@ func GenerateRandomAvatar(ctx context.Context, u *User) error {
 
 // AvatarLinkWithSize returns a link to the user's avatar with size. size <= 0 means default size
 func (u *User) AvatarLinkWithSize(ctx context.Context, size int) string {
-	if u.IsGhost() {
+	if u.IsGhost() || u.ID <= 0 {
 		return avatars.DefaultAvatarLink()
 	}
 
diff --git a/models/user/federated_user.go b/models/user/federated_user.go
index d32f42867d..a53e6e4bb8 100644
--- a/models/user/federated_user.go
+++ b/models/user/federated_user.go
@@ -1,30 +1,30 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
+// Copyright 2024, 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package user
 
 import (
-	"context"
 	"database/sql"
 
-	"forgejo.org/models/db"
 	"forgejo.org/modules/validation"
 )
 
 type FederatedUser struct {
-	ID               int64                  `xorm:"pk autoincr"`
-	UserID           int64                  `xorm:"NOT NULL"`
-	ExternalID       string                 `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
-	FederationHostID int64                  `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
-	KeyID            sql.NullString         `xorm:"key_id UNIQUE"`
-	PublicKey        sql.Null[sql.RawBytes] `xorm:"BLOB"`
+	ID                    int64                  `xorm:"pk autoincr"`
+	UserID                int64                  `xorm:"NOT NULL"`
+	ExternalID            string                 `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
+	FederationHostID      int64                  `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
+	KeyID                 sql.NullString         `xorm:"key_id UNIQUE"`
+	PublicKey             sql.Null[sql.RawBytes] `xorm:"BLOB"`
+	NormalizedOriginalURL string                 // This field ist just to keep original information. Pls. do not use for search or as ID!
 }
 
-func NewFederatedUser(userID int64, externalID string, federationHostID int64) (FederatedUser, error) {
+func NewFederatedUser(userID int64, externalID string, federationHostID int64, normalizedOriginalURL string) (FederatedUser, error) {
 	result := FederatedUser{
-		UserID:           userID,
-		ExternalID:       externalID,
-		FederationHostID: federationHostID,
+		UserID:                userID,
+		ExternalID:            externalID,
+		FederationHostID:      federationHostID,
+		NormalizedOriginalURL: normalizedOriginalURL,
 	}
 	if valid, err := validation.IsValid(result); !valid {
 		return FederatedUser{}, err
@@ -32,30 +32,6 @@ func NewFederatedUser(userID int64, externalID string, federationHostID int64) (
 	return result, nil
 }
 
-func getFederatedUserFromDB(ctx context.Context, searchKey, searchValue any) (*FederatedUser, error) {
-	federatedUser := new(FederatedUser)
-	has, err := db.GetEngine(ctx).Where(searchKey, searchValue).Get(federatedUser)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, nil
-	}
-
-	if res, err := validation.IsValid(*federatedUser); !res {
-		return nil, err
-	}
-
-	return federatedUser, nil
-}
-
-func GetFederatedUserByKeyID(ctx context.Context, keyID string) (*FederatedUser, error) {
-	return getFederatedUserFromDB(ctx, "key_id=?", keyID)
-}
-
-func GetFederatedUserByUserID(ctx context.Context, userID int64) (*FederatedUser, error) {
-	return getFederatedUserFromDB(ctx, "user_id=?", userID)
-}
-
 func (user FederatedUser) Validate() []string {
 	var result []string
 	result = append(result, validation.ValidateNotEmpty(user.UserID, "UserID")...)
diff --git a/models/user/user.go b/models/user/user.go
index 26074a0998..5a8c1e9d73 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -1,6 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// Copyright 2024 The Forgejo Authors. All rights reserved.
+// Copyright 2024, 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package user
@@ -135,9 +135,6 @@ type User struct {
 	AvatarEmail     string `xorm:"NOT NULL"`
 	UseCustomAvatar bool
 
-	// For federation
-	NormalizedFederatedURI string
-
 	// Counters
 	NumFollowers int
 	NumFollowing int `xorm:"NOT NULL DEFAULT 0"`
diff --git a/models/user/user_repository.go b/models/user/user_repository.go
index 172bf7c8b4..299d3af64a 100644
--- a/models/user/user_repository.go
+++ b/models/user/user_repository.go
@@ -50,9 +50,7 @@ func CreateFederatedUser(ctx context.Context, user *User, federatedUser *Federat
 	return committer.Commit()
 }
 
-func FindFederatedUser(ctx context.Context, externalID string,
-	federationHostID int64,
-) (*User, *FederatedUser, error) {
+func FindFederatedUser(ctx context.Context, externalID string, federationHostID int64) (*User, *FederatedUser, error) {
 	federatedUser := new(FederatedUser)
 	user := new(User)
 	has, err := db.GetEngine(ctx).Where("external_id=? and federation_host_id=?", externalID, federationHostID).Get(federatedUser)
@@ -77,6 +75,32 @@ func FindFederatedUser(ctx context.Context, externalID string,
 	return user, federatedUser, nil
 }
 
+func FindFederatedUserByKeyID(ctx context.Context, keyID string) (*User, *FederatedUser, error) {
+	federatedUser := new(FederatedUser)
+	user := new(User)
+	has, err := db.GetEngine(ctx).Where("key_id=?", keyID).Get(federatedUser)
+	if err != nil {
+		return nil, nil, err
+	} else if !has {
+		return nil, nil, nil
+	}
+	has, err = db.GetEngine(ctx).ID(federatedUser.UserID).Get(user)
+	if err != nil {
+		return nil, nil, err
+	} else if !has {
+		return nil, nil, fmt.Errorf("User %v for federated user is missing", federatedUser.UserID)
+	}
+
+	if res, err := validation.IsValid(*user); !res {
+		return nil, nil, err
+	}
+	if res, err := validation.IsValid(*federatedUser); !res {
+		return nil, nil, err
+	}
+
+	return user, federatedUser, nil
+}
+
 func DeleteFederatedUser(ctx context.Context, userID int64) error {
 	_, err := db.GetEngine(ctx).Delete(&FederatedUser{UserID: userID})
 	return err
diff --git a/models/webhook/webhook_test.go b/models/webhook/webhook_test.go
index 7f0abbd8bb..e70c3b2557 100644
--- a/models/webhook/webhook_test.go
+++ b/models/webhook/webhook_test.go
@@ -91,7 +91,7 @@ func TestWebhook_EventsArray(t *testing.T) {
 func TestCreateWebhook(t *testing.T) {
 	hook := &Webhook{
 		RepoID:      3,
-		URL:         "www.example.com/unit_test",
+		URL:         "https://www.example.com/unit_test",
 		ContentType: ContentTypeJSON,
 		Events:      `{"push_only":false,"send_everything":false,"choose_events":false,"events":{"create":false,"push":true,"pull_request":true}}`,
 	}
diff --git a/modules/forgefed/actor.go b/modules/forgefed/actor.go
index c01175f0f6..6fde2babde 100644
--- a/modules/forgefed/actor.go
+++ b/modules/forgefed/actor.go
@@ -1,4 +1,4 @@
-// Copyright 2023, 2024 The Forgejo Authors. All rights reserved.
+// Copyright 2023, 2024, 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package forgefed
@@ -6,6 +6,7 @@ package forgefed
 import (
 	"fmt"
 	"net/url"
+	"strconv"
 	"strings"
 
 	"forgejo.org/modules/validation"
@@ -15,13 +16,14 @@ import (
 
 // ----------------------------- ActorID --------------------------------------------
 type ActorID struct {
-	ID               string
-	Source           string
-	Schema           string
-	Path             string
-	Host             string
-	Port             string
-	UnvalidatedInput string
+	ID                 string
+	Source             string
+	HostSchema         string
+	Path               string
+	Host               string
+	HostPort           uint16
+	UnvalidatedInput   string
+	IsPortSupplemented bool
 }
 
 // Factory function for ActorID. Created struct is asserted to be valid
@@ -40,20 +42,23 @@ func NewActorID(uri string) (ActorID, error) {
 
 func (id ActorID) AsURI() string {
 	var result string
-	if id.Port == "" {
-		result = fmt.Sprintf("%s://%s/%s/%s", id.Schema, id.Host, id.Path, id.ID)
+
+	if id.IsPortSupplemented {
+		result = fmt.Sprintf("%s://%s/%s/%s", id.HostSchema, id.Host, id.Path, id.ID)
 	} else {
-		result = fmt.Sprintf("%s://%s:%s/%s/%s", id.Schema, id.Host, id.Port, id.Path, id.ID)
+		result = fmt.Sprintf("%s://%s:%d/%s/%s", id.HostSchema, id.Host, id.HostPort, id.Path, id.ID)
 	}
+
 	return result
 }
 
 func (id ActorID) Validate() []string {
 	var result []string
 	result = append(result, validation.ValidateNotEmpty(id.ID, "userId")...)
-	result = append(result, validation.ValidateNotEmpty(id.Schema, "schema")...)
 	result = append(result, validation.ValidateNotEmpty(id.Path, "path")...)
 	result = append(result, validation.ValidateNotEmpty(id.Host, "host")...)
+	result = append(result, validation.ValidateNotEmpty(id.HostPort, "hostPort")...)
+	result = append(result, validation.ValidateNotEmpty(id.HostSchema, "hostSchema")...)
 	result = append(result, validation.ValidateNotEmpty(id.UnvalidatedInput, "unvalidatedInput")...)
 
 	if id.UnvalidatedInput != id.AsURI() {
@@ -104,12 +109,14 @@ func (id PersonID) Validate() []string {
 	result := id.ActorID.Validate()
 	result = append(result, validation.ValidateNotEmpty(id.Source, "source")...)
 	result = append(result, validation.ValidateOneOf(id.Source, []any{"forgejo", "gitea"}, "Source")...)
+
 	switch id.Source {
 	case "forgejo", "gitea":
 		if strings.ToLower(id.Path) != "api/v1/activitypub/user-id" && strings.ToLower(id.Path) != "api/activitypub/user-id" {
 			result = append(result, fmt.Sprintf("path: %q has to be a person specific api path", id.Path))
 		}
 	}
+
 	return result
 }
 
@@ -168,6 +175,8 @@ func removeEmptyStrings(ls []string) []string {
 	return rs
 }
 
+// ----------------------------- newActorID --------------------------------------------
+
 func newActorID(uri string) (ActorID, error) {
 	validatedURI, err := url.ParseRequestURI(uri)
 	if err != nil {
@@ -179,15 +188,27 @@ func newActorID(uri string) (ActorID, error) {
 	}
 	length := len(pathWithActorID)
 	pathWithoutActorID := strings.Join(pathWithActorID[0:length-1], "/")
-	id := pathWithActorID[length-1]
+	id := strings.ToLower(pathWithActorID[length-1])
 
 	result := ActorID{}
 	result.ID = id
-	result.Schema = validatedURI.Scheme
-	result.Host = validatedURI.Hostname()
-	result.Path = pathWithoutActorID
-	result.Port = validatedURI.Port()
-	result.UnvalidatedInput = uri
+	result.HostSchema = strings.ToLower(validatedURI.Scheme)
+	result.Host = strings.ToLower(validatedURI.Hostname())
+	result.Path = strings.ToLower(pathWithoutActorID)
+
+	if validatedURI.Port() == "" && result.HostSchema == "https" {
+		result.IsPortSupplemented = true
+		result.HostPort = 443
+	} else if validatedURI.Port() == "" && result.HostSchema == "http" {
+		result.IsPortSupplemented = true
+		result.HostPort = 80
+	} else {
+		numPort, _ := strconv.ParseUint(validatedURI.Port(), 10, 16)
+		result.HostPort = uint16(numPort)
+	}
+
+	result.UnvalidatedInput = strings.ToLower(uri)
+
 	return result, nil
 }
 
diff --git a/modules/forgefed/actor_test.go b/modules/forgefed/actor_test.go
index e2157a96e4..5315d0b4de 100644
--- a/modules/forgefed/actor_test.go
+++ b/modules/forgefed/actor_test.go
@@ -1,4 +1,4 @@
-// Copyright 2023, 2024 The Forgejo Authors. All rights reserved.
+// Copyright 2023, 2024, 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package forgefed
@@ -18,11 +18,13 @@ func TestNewPersonId(t *testing.T) {
 	expected := PersonID{}
 	expected.ID = "1"
 	expected.Source = "forgejo"
-	expected.Schema = "https"
+	expected.HostSchema = "https"
 	expected.Path = "api/v1/activitypub/user-id"
 	expected.Host = "an.other.host"
-	expected.Port = ""
+	expected.HostPort = 443
+	expected.IsPortSupplemented = true
 	expected.UnvalidatedInput = "https://an.other.host/api/v1/activitypub/user-id/1"
+
 	sut, _ := NewPersonID("https://an.other.host/api/v1/activitypub/user-id/1", "forgejo")
 	if sut != expected {
 		t.Errorf("expected: %v\n but was: %v\n", expected, sut)
@@ -31,15 +33,47 @@ func TestNewPersonId(t *testing.T) {
 	expected = PersonID{}
 	expected.ID = "1"
 	expected.Source = "forgejo"
-	expected.Schema = "https"
+	expected.HostSchema = "https"
 	expected.Path = "api/v1/activitypub/user-id"
 	expected.Host = "an.other.host"
-	expected.Port = "443"
+	expected.HostPort = 443
+	expected.IsPortSupplemented = false
 	expected.UnvalidatedInput = "https://an.other.host:443/api/v1/activitypub/user-id/1"
+
 	sut, _ = NewPersonID("https://an.other.host:443/api/v1/activitypub/user-id/1", "forgejo")
 	if sut != expected {
 		t.Errorf("expected: %v\n but was: %v\n", expected, sut)
 	}
+
+	expected = PersonID{}
+	expected.ID = "1"
+	expected.Source = "forgejo"
+	expected.HostSchema = "http"
+	expected.Path = "api/v1/activitypub/user-id"
+	expected.Host = "an.other.host"
+	expected.HostPort = 80
+	expected.IsPortSupplemented = false
+	expected.UnvalidatedInput = "http://an.other.host:80/api/v1/activitypub/user-id/1"
+
+	sut, _ = NewPersonID("http://an.other.host:80/api/v1/activitypub/user-id/1", "forgejo")
+	if sut != expected {
+		t.Errorf("expected: %v\n but was: %v\n", expected, sut)
+	}
+
+	expected = PersonID{}
+	expected.ID = "1"
+	expected.Source = "forgejo"
+	expected.HostSchema = "https"
+	expected.Path = "api/v1/activitypub/user-id"
+	expected.Host = "an.other.host"
+	expected.HostPort = 443
+	expected.IsPortSupplemented = false
+	expected.UnvalidatedInput = "https://an.other.host:443/api/v1/activitypub/user-id/1"
+
+	sut, _ = NewPersonID("HTTPS://an.other.host:443/api/v1/activitypub/user-id/1", "forgejo")
+	if sut != expected {
+		t.Errorf("expected: %v\n but was: %v\n", expected, sut)
+	}
 }
 
 func TestNewRepositoryId(t *testing.T) {
@@ -47,10 +81,11 @@ func TestNewRepositoryId(t *testing.T) {
 	expected := RepositoryID{}
 	expected.ID = "1"
 	expected.Source = "forgejo"
-	expected.Schema = "http"
+	expected.HostSchema = "http"
 	expected.Path = "api/activitypub/repository-id"
 	expected.Host = "localhost"
-	expected.Port = "3000"
+	expected.HostPort = 3000
+	expected.IsPortSupplemented = false
 	expected.UnvalidatedInput = "http://localhost:3000/api/activitypub/repository-id/1"
 	sut, _ := NewRepositoryID("http://localhost:3000/api/activitypub/repository-id/1", "forgejo")
 	if sut != expected {
@@ -61,10 +96,11 @@ func TestNewRepositoryId(t *testing.T) {
 func TestActorIdValidation(t *testing.T) {
 	sut := ActorID{}
 	sut.Source = "forgejo"
-	sut.Schema = "https"
+	sut.HostSchema = "https"
 	sut.Path = "api/v1/activitypub/user-id"
 	sut.Host = "an.other.host"
-	sut.Port = ""
+	sut.HostPort = 443
+	sut.IsPortSupplemented = true
 	sut.UnvalidatedInput = "https://an.other.host/api/v1/activitypub/user-id/"
 	if sut.Validate()[0] != "userId should not be empty" {
 		t.Errorf("validation error expected but was: %v\n", sut.Validate())
@@ -73,10 +109,11 @@ func TestActorIdValidation(t *testing.T) {
 	sut = ActorID{}
 	sut.ID = "1"
 	sut.Source = "forgejo"
-	sut.Schema = "https"
+	sut.HostSchema = "https"
 	sut.Path = "api/v1/activitypub/user-id"
 	sut.Host = "an.other.host"
-	sut.Port = ""
+	sut.HostPort = 443
+	sut.IsPortSupplemented = true
 	sut.UnvalidatedInput = "https://an.other.host/api/v1/activitypub/user-id/1?illegal=action"
 	if sut.Validate()[0] != "not all input was parsed, \nUnvalidated Input:\"https://an.other.host/api/v1/activitypub/user-id/1?illegal=action\" \nParsed URI: \"https://an.other.host/api/v1/activitypub/user-id/1\"" {
 		t.Errorf("validation error expected but was: %v\n", sut.Validate()[0])
@@ -87,10 +124,11 @@ func TestPersonIdValidation(t *testing.T) {
 	sut := PersonID{}
 	sut.ID = "1"
 	sut.Source = "forgejo"
-	sut.Schema = "https"
+	sut.HostSchema = "https"
 	sut.Path = "path"
 	sut.Host = "an.other.host"
-	sut.Port = ""
+	sut.HostPort = 443
+	sut.IsPortSupplemented = true
 	sut.UnvalidatedInput = "https://an.other.host/path/1"
 
 	_, err := validation.IsValid(sut)
@@ -101,10 +139,11 @@ func TestPersonIdValidation(t *testing.T) {
 	sut = PersonID{}
 	sut.ID = "1"
 	sut.Source = "forgejox"
-	sut.Schema = "https"
+	sut.HostSchema = "https"
 	sut.Path = "api/v1/activitypub/user-id"
 	sut.Host = "an.other.host"
-	sut.Port = ""
+	sut.HostPort = 443
+	sut.IsPortSupplemented = true
 	sut.UnvalidatedInput = "https://an.other.host/api/v1/activitypub/user-id/1"
 	if sut.Validate()[0] != "Value forgejox is not contained in allowed values [forgejo gitea]" {
 		t.Errorf("validation error expected but was: %v\n", sut.Validate()[0])
@@ -125,12 +164,10 @@ func TestWebfingerId(t *testing.T) {
 
 func TestShouldThrowErrorOnInvalidInput(t *testing.T) {
 	var err any
-	// TODO: remove after test
-	//_, err = NewPersonId("", "forgejo")
-	//if err == nil {
-	//	t.Errorf("empty input should be invalid.")
-	//}
-
+	_, err = NewPersonID("", "forgejo")
+	if err == nil {
+		t.Errorf("empty input should be invalid.")
+	}
 	_, err = NewPersonID("http://localhost:3000/api/v1/something", "forgejo")
 	if err == nil {
 		t.Errorf("localhost uris are not external")
@@ -155,7 +192,6 @@ func TestShouldThrowErrorOnInvalidInput(t *testing.T) {
 	if err == nil {
 		t.Errorf("uri may not contain unparsed elements")
 	}
-
 	_, err = NewPersonID("https://an.other.host/api/v1/activitypub/user-id/1", "forgejo")
 	if err != nil {
 		t.Errorf("this uri should be valid but was: %v", err)
diff --git a/modules/forgefed/nodeinfo.go b/modules/forgefed/nodeinfo.go
index b22d2959d4..f9ddaa512f 100644
--- a/modules/forgefed/nodeinfo.go
+++ b/modules/forgefed/nodeinfo.go
@@ -1,4 +1,4 @@
-// Copyright 2023 The Forgejo Authors. All rights reserved.
+// Copyright 2023, 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package forgefed
@@ -10,10 +10,10 @@ import (
 func (id ActorID) AsWellKnownNodeInfoURI() string {
 	wellKnownPath := ".well-known/nodeinfo"
 	var result string
-	if id.Port == "" {
-		result = fmt.Sprintf("%s://%s/%s", id.Schema, id.Host, wellKnownPath)
+	if id.HostPort == 0 {
+		result = fmt.Sprintf("%s://%s/%s", id.HostSchema, id.Host, wellKnownPath)
 	} else {
-		result = fmt.Sprintf("%s://%s:%s/%s", id.Schema, id.Host, id.Port, wellKnownPath)
+		result = fmt.Sprintf("%s://%s:%d/%s", id.HostSchema, id.Host, id.HostPort, wellKnownPath)
 	}
 	return result
 }
diff --git a/modules/git/commit.go b/modules/git/commit.go
index 816bd051f6..a8ebed4968 100644
--- a/modules/git/commit.go
+++ b/modules/git/commit.go
@@ -432,6 +432,11 @@ func (c *Commit) GetBranchName() (string, error) {
 	return strings.SplitN(strings.TrimSpace(data), "~", 2)[0], nil
 }
 
+// GetAllBranches returns a slice with all branches that contains this commit
+func (c *Commit) GetAllBranches() ([]string, error) {
+	return c.repo.getBranches(c, -1)
+}
+
 // CommitFileStatus represents status of files in a commit.
 type CommitFileStatus struct {
 	Added    []string
diff --git a/modules/git/commit_test.go b/modules/git/commit_test.go
index 0acd5ac446..bc7d99658e 100644
--- a/modules/git/commit_test.go
+++ b/modules/git/commit_test.go
@@ -5,6 +5,7 @@ package git
 
 import (
 	"path/filepath"
+	"slices"
 	"strings"
 	"testing"
 
@@ -370,6 +371,23 @@ func TestParseCommitRenames(t *testing.T) {
 	}
 }
 
+func TestGetAllBranches(t *testing.T) {
+	bareRepo1Path := filepath.Join(testReposDir, "repo1_bare")
+
+	bareRepo1, err := openRepositoryWithDefaultContext(bareRepo1Path)
+	require.NoError(t, err)
+
+	commit, err := bareRepo1.GetCommit("95bb4d39648ee7e325106df01a621c530863a653")
+	require.NoError(t, err)
+
+	branches, err := commit.GetAllBranches()
+	require.NoError(t, err)
+
+	slices.Sort(branches)
+
+	assert.Equal(t, []string{"branch1", "branch2", "master"}, branches)
+}
+
 func Test_parseSubmoduleContent(t *testing.T) {
 	submoduleFiles := []struct {
 		fileContent  string
diff --git a/modules/git/git.go b/modules/git/git.go
index c7d5a31b31..30d41933b2 100644
--- a/modules/git/git.go
+++ b/modules/git/git.go
@@ -278,6 +278,49 @@ func syncGitConfig() (err error) {
 		return err
 	}
 
+	switch setting.Repository.Signing.Format {
+	case "ssh":
+		// First do a git version check.
+		if CheckGitVersionAtLeast("2.34.0") != nil {
+			return errors.New("ssh signing requires Git >= 2.34.0")
+		}
+
+		// Get the ssh-keygen binary that Git will use.
+		// This can be overriden in app.ini in [git.config] section, so we must
+		// query this information.
+		sshKeygenPath, err := configGet("gpg.ssh.program")
+		if err != nil {
+			return err
+		}
+		// git is very stubborn and does not give a default value, so we must do
+		// this ourselves.
+		if len(sshKeygenPath) == 0 {
+			// Default value of git, very unlikely to change.
+			// https://github.com/git/git/blob/5b97a56fa0e7d580dc8865b73107407c9b3f0eff/gpg-interface.c#L116
+			sshKeygenPath = "ssh-keygen"
+		}
+
+		// Although there's a version requirement of 8.2p1, there's no cross-version
+		// method to get the version of ssh-keygen. Therefore we do a simple binary
+		// presence check and hope for the best.
+		if _, err := exec.LookPath(sshKeygenPath); err != nil {
+			if errors.Is(err, exec.ErrNotFound) {
+				return errors.New("git signing requires a ssh-keygen binary")
+			}
+			return err
+		}
+
+		if err := configSet("gpg.format", "ssh"); err != nil {
+			return err
+		}
+		// openpgp is already the default value, so in the case of a non SSH format
+		// set the value to openpgp.
+	default:
+		if err := configSet("gpg.format", "openpgp"); err != nil {
+			return err
+		}
+	}
+
 	// By default partial clones are disabled, enable them from git v2.22
 	if !setting.Git.DisablePartialClone && CheckGitVersionAtLeast("2.22") == nil {
 		if err = configSet("uploadpack.allowfilter", "true"); err != nil {
@@ -324,6 +367,15 @@ func CheckGitVersionEqual(equal string) error {
 	return nil
 }
 
+func configGet(key string) (string, error) {
+	stdout, _, err := NewCommand(DefaultContext, "config", "--global", "--get").AddDynamicArguments(key).RunStdString(nil)
+	if err != nil && !IsErrorExitCode(err, 1) {
+		return "", fmt.Errorf("failed to get git config %s, err: %w", key, err)
+	}
+
+	return strings.TrimSpace(stdout), nil
+}
+
 func configSet(key, value string) error {
 	stdout, _, err := NewCommand(DefaultContext, "config", "--global", "--get").AddDynamicArguments(key).RunStdString(nil)
 	if err != nil && !IsErrorExitCode(err, 1) {
diff --git a/modules/git/git_test.go b/modules/git/git_test.go
index bb07367e3b..a3faf85f16 100644
--- a/modules/git/git_test.go
+++ b/modules/git/git_test.go
@@ -11,8 +11,10 @@ import (
 	"testing"
 
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
 	"forgejo.org/modules/util"
 
+	"github.com/hashicorp/go-version"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -94,3 +96,57 @@ func TestSyncConfig(t *testing.T) {
 	assert.True(t, gitConfigContains("[sync-test]"))
 	assert.True(t, gitConfigContains("cfg-key-a = CfgValA"))
 }
+
+func TestSyncConfigGPGFormat(t *testing.T) {
+	defer test.MockProtect(&setting.GitConfig)()
+
+	t.Run("No format", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.Repository.Signing.Format, "")()
+		require.NoError(t, syncGitConfig())
+		assert.True(t, gitConfigContains("[gpg]"))
+		assert.True(t, gitConfigContains("format = openpgp"))
+	})
+
+	t.Run("SSH format", func(t *testing.T) {
+		r, err := os.OpenRoot(t.TempDir())
+		require.NoError(t, err)
+		f, err := r.OpenFile("ssh-keygen", os.O_CREATE|os.O_TRUNC, 0o700)
+		require.NoError(t, f.Close())
+		require.NoError(t, err)
+		t.Setenv("PATH", r.Name())
+		defer test.MockVariableValue(&setting.Repository.Signing.Format, "ssh")()
+
+		require.NoError(t, syncGitConfig())
+		assert.True(t, gitConfigContains("[gpg]"))
+		assert.True(t, gitConfigContains("format = ssh"))
+
+		t.Run("Old version", func(t *testing.T) {
+			oldVersion, err := version.NewVersion("2.33.0")
+			require.NoError(t, err)
+			defer test.MockVariableValue(&gitVersion, oldVersion)()
+			require.ErrorContains(t, syncGitConfig(), "ssh signing requires Git >= 2.34.0")
+		})
+
+		t.Run("No ssh-keygen binary", func(t *testing.T) {
+			require.NoError(t, r.Remove("ssh-keygen"))
+			require.ErrorContains(t, syncGitConfig(), "git signing requires a ssh-keygen binary")
+		})
+
+		t.Run("Dynamic ssh-keygen binary location", func(t *testing.T) {
+			f, err := r.OpenFile("ssh-keygen-2", os.O_CREATE|os.O_TRUNC, 0o700)
+			require.NoError(t, f.Close())
+			require.NoError(t, err)
+			defer test.MockVariableValue(&setting.GitConfig.Options, map[string]string{
+				"gpg.ssh.program": "ssh-keygen-2",
+			})()
+			require.NoError(t, syncGitConfig())
+		})
+	})
+
+	t.Run("OpenPGP format", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.Repository.Signing.Format, "openpgp")()
+		require.NoError(t, syncGitConfig())
+		assert.True(t, gitConfigContains("[gpg]"))
+		assert.True(t, gitConfigContains("format = openpgp"))
+	})
+}
diff --git a/modules/git/repo_commit.go b/modules/git/repo_commit.go
index 65ab6fd3fd..4c8516f828 100644
--- a/modules/git/repo_commit.go
+++ b/modules/git/repo_commit.go
@@ -444,10 +444,13 @@ func (repo *Repository) getCommitsBeforeLimit(id ObjectID, num int) ([]*Commit,
 
 func (repo *Repository) getBranches(commit *Commit, limit int) ([]string, error) {
 	if CheckGitVersionAtLeast("2.7.0") == nil {
-		stdout, _, err := NewCommand(repo.Ctx, "for-each-ref", "--format=%(refname:strip=2)").
-			AddOptionFormat("--count=%d", limit).
-			AddOptionValues("--contains", commit.ID.String(), BranchPrefix).
-			RunStdString(&RunOpts{Dir: repo.Path})
+		command := NewCommand(repo.Ctx, "for-each-ref", "--format=%(refname:strip=2)").AddOptionValues("--contains", commit.ID.String(), BranchPrefix)
+
+		if limit != -1 {
+			command = command.AddOptionFormat("--count=%d", limit)
+		}
+
+		stdout, _, err := command.RunStdString(&RunOpts{Dir: repo.Path})
 		if err != nil {
 			return nil, err
 		}
diff --git a/modules/indexer/code/bleve/bleve.go b/modules/indexer/code/bleve/bleve.go
index 6adee68a0d..eb003baec7 100644
--- a/modules/indexer/code/bleve/bleve.go
+++ b/modules/indexer/code/bleve/bleve.go
@@ -260,11 +260,11 @@ func (b *Indexer) Search(ctx context.Context, opts *internal.SearchOptions) (int
 	if opts.Mode == internal.CodeSearchModeUnion {
 		query := bleve.NewDisjunctionQuery()
 		for _, field := range strings.Fields(opts.Keyword) {
-			query.AddQuery(inner_bleve.MatchPhraseQuery(field, "Content", repoIndexerAnalyzer, 0))
+			query.AddQuery(inner_bleve.MatchPhraseQuery(field, "Content", repoIndexerAnalyzer, false))
 		}
 		keywordQuery = query
 	} else {
-		keywordQuery = inner_bleve.MatchPhraseQuery(opts.Keyword, "Content", repoIndexerAnalyzer, 0)
+		keywordQuery = inner_bleve.MatchPhraseQuery(opts.Keyword, "Content", repoIndexerAnalyzer, false)
 	}
 
 	if len(opts.RepoIDs) > 0 {
diff --git a/modules/indexer/code/bleve/tokenizer/hierarchy/hierarchy.go b/modules/indexer/code/bleve/tokenizer/hierarchy/hierarchy.go
index 83d53b58b1..c44aa78c46 100644
--- a/modules/indexer/code/bleve/tokenizer/hierarchy/hierarchy.go
+++ b/modules/indexer/code/bleve/tokenizer/hierarchy/hierarchy.go
@@ -65,5 +65,7 @@ func TokenizerConstructor(config map[string]any, cache *registry.Cache) (analysi
 }
 
 func init() {
-	registry.RegisterTokenizer(Name, TokenizerConstructor)
+	if err := registry.RegisterTokenizer(Name, TokenizerConstructor); err != nil {
+		panic(err)
+	}
 }
diff --git a/modules/indexer/internal/bleve/query.go b/modules/indexer/internal/bleve/query.go
index 9f08290172..7f411b516b 100644
--- a/modules/indexer/internal/bleve/query.go
+++ b/modules/indexer/internal/bleve/query.go
@@ -29,11 +29,11 @@ func MatchQuery(matchTerm, field, analyzer string, fuzziness int) *query.MatchQu
 }
 
 // MatchPhraseQuery generates a match phrase query for the given phrase, field and analyzer
-func MatchPhraseQuery(matchPhrase, field, analyzer string, fuzziness int) *query.MatchPhraseQuery {
+func MatchPhraseQuery(matchPhrase, field, analyzer string, autoFuzzy bool) *query.MatchPhraseQuery {
 	q := bleve.NewMatchPhraseQuery(matchPhrase)
 	q.FieldVal = field
 	q.Analyzer = analyzer
-	q.Fuzziness = fuzziness
+	q.SetAutoFuzziness(autoFuzzy)
 	return q
 }
 
diff --git a/modules/indexer/issues/bleve/bleve.go b/modules/indexer/issues/bleve/bleve.go
index 5d6099bd2a..64d3c8122e 100644
--- a/modules/indexer/issues/bleve/bleve.go
+++ b/modules/indexer/issues/bleve/bleve.go
@@ -162,15 +162,10 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 		}
 		q := bleve.NewBooleanQuery()
 		for _, token := range tokens {
-			fuzziness := 0
-			if token.Fuzzy {
-				// TODO: replace with "auto" after bleve update
-				fuzziness = min(len(token.Term)/4, 2)
-			}
 			innerQ := bleve.NewDisjunctionQuery(
-				inner_bleve.MatchPhraseQuery(token.Term, "title", issueIndexerAnalyzer, fuzziness),
-				inner_bleve.MatchPhraseQuery(token.Term, "content", issueIndexerAnalyzer, fuzziness),
-				inner_bleve.MatchPhraseQuery(token.Term, "comments", issueIndexerAnalyzer, fuzziness))
+				inner_bleve.MatchPhraseQuery(token.Term, "title", issueIndexerAnalyzer, token.Fuzzy),
+				inner_bleve.MatchPhraseQuery(token.Term, "content", issueIndexerAnalyzer, token.Fuzzy),
+				inner_bleve.MatchPhraseQuery(token.Term, "comments", issueIndexerAnalyzer, token.Fuzzy))
 
 			switch token.Kind {
 			case internal.BoolOptMust:
diff --git a/modules/queue/mock/redisuniversalclient.go b/modules/queue/mock/redisuniversalclient.go
index 65bac755d1..a19e639ac1 100644
--- a/modules/queue/mock/redisuniversalclient.go
+++ b/modules/queue/mock/redisuniversalclient.go
@@ -22,6 +22,7 @@ import (
 type MockRedisClient struct {
 	ctrl     *gomock.Controller
 	recorder *MockRedisClientMockRecorder
+	isgomock struct{}
 }
 
 // MockRedisClientMockRecorder is the mock recorder for MockRedisClient.
@@ -56,38 +57,38 @@ func (mr *MockRedisClientMockRecorder) Close() *gomock.Call {
 }
 
 // DBSize mocks base method.
-func (m *MockRedisClient) DBSize(arg0 context.Context) *redis.IntCmd {
+func (m *MockRedisClient) DBSize(ctx context.Context) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "DBSize", arg0)
+	ret := m.ctrl.Call(m, "DBSize", ctx)
 	ret0, _ := ret[0].(*redis.IntCmd)
 	return ret0
 }
 
 // DBSize indicates an expected call of DBSize.
-func (mr *MockRedisClientMockRecorder) DBSize(arg0 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) DBSize(ctx any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DBSize", reflect.TypeOf((*MockRedisClient)(nil).DBSize), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DBSize", reflect.TypeOf((*MockRedisClient)(nil).DBSize), ctx)
 }
 
 // Decr mocks base method.
-func (m *MockRedisClient) Decr(arg0 context.Context, arg1 string) *redis.IntCmd {
+func (m *MockRedisClient) Decr(ctx context.Context, key string) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Decr", arg0, arg1)
+	ret := m.ctrl.Call(m, "Decr", ctx, key)
 	ret0, _ := ret[0].(*redis.IntCmd)
 	return ret0
 }
 
 // Decr indicates an expected call of Decr.
-func (mr *MockRedisClientMockRecorder) Decr(arg0, arg1 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) Decr(ctx, key any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Decr", reflect.TypeOf((*MockRedisClient)(nil).Decr), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Decr", reflect.TypeOf((*MockRedisClient)(nil).Decr), ctx, key)
 }
 
 // Del mocks base method.
-func (m *MockRedisClient) Del(arg0 context.Context, arg1 ...string) *redis.IntCmd {
+func (m *MockRedisClient) Del(ctx context.Context, keys ...string) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	varargs := []any{arg0}
-	for _, a := range arg1 {
+	varargs := []any{ctx}
+	for _, a := range keys {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "Del", varargs...)
@@ -96,17 +97,17 @@ func (m *MockRedisClient) Del(arg0 context.Context, arg1 ...string) *redis.IntCm
 }
 
 // Del indicates an expected call of Del.
-func (mr *MockRedisClientMockRecorder) Del(arg0 any, arg1 ...any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) Del(ctx any, keys ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{arg0}, arg1...)
+	varargs := append([]any{ctx}, keys...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Del", reflect.TypeOf((*MockRedisClient)(nil).Del), varargs...)
 }
 
 // Exists mocks base method.
-func (m *MockRedisClient) Exists(arg0 context.Context, arg1 ...string) *redis.IntCmd {
+func (m *MockRedisClient) Exists(ctx context.Context, keys ...string) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	varargs := []any{arg0}
-	for _, a := range arg1 {
+	varargs := []any{ctx}
+	for _, a := range keys {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "Exists", varargs...)
@@ -115,45 +116,45 @@ func (m *MockRedisClient) Exists(arg0 context.Context, arg1 ...string) *redis.In
 }
 
 // Exists indicates an expected call of Exists.
-func (mr *MockRedisClientMockRecorder) Exists(arg0 any, arg1 ...any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) Exists(ctx any, keys ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{arg0}, arg1...)
+	varargs := append([]any{ctx}, keys...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Exists", reflect.TypeOf((*MockRedisClient)(nil).Exists), varargs...)
 }
 
 // FlushDB mocks base method.
-func (m *MockRedisClient) FlushDB(arg0 context.Context) *redis.StatusCmd {
+func (m *MockRedisClient) FlushDB(ctx context.Context) *redis.StatusCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "FlushDB", arg0)
+	ret := m.ctrl.Call(m, "FlushDB", ctx)
 	ret0, _ := ret[0].(*redis.StatusCmd)
 	return ret0
 }
 
 // FlushDB indicates an expected call of FlushDB.
-func (mr *MockRedisClientMockRecorder) FlushDB(arg0 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) FlushDB(ctx any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FlushDB", reflect.TypeOf((*MockRedisClient)(nil).FlushDB), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FlushDB", reflect.TypeOf((*MockRedisClient)(nil).FlushDB), ctx)
 }
 
 // Get mocks base method.
-func (m *MockRedisClient) Get(arg0 context.Context, arg1 string) *redis.StringCmd {
+func (m *MockRedisClient) Get(ctx context.Context, key string) *redis.StringCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Get", arg0, arg1)
+	ret := m.ctrl.Call(m, "Get", ctx, key)
 	ret0, _ := ret[0].(*redis.StringCmd)
 	return ret0
 }
 
 // Get indicates an expected call of Get.
-func (mr *MockRedisClientMockRecorder) Get(arg0, arg1 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) Get(ctx, key any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Get", reflect.TypeOf((*MockRedisClient)(nil).Get), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Get", reflect.TypeOf((*MockRedisClient)(nil).Get), ctx, key)
 }
 
 // HDel mocks base method.
-func (m *MockRedisClient) HDel(arg0 context.Context, arg1 string, arg2 ...string) *redis.IntCmd {
+func (m *MockRedisClient) HDel(ctx context.Context, key string, fields ...string) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	varargs := []any{arg0, arg1}
-	for _, a := range arg2 {
+	varargs := []any{ctx, key}
+	for _, a := range fields {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "HDel", varargs...)
@@ -162,31 +163,31 @@ func (m *MockRedisClient) HDel(arg0 context.Context, arg1 string, arg2 ...string
 }
 
 // HDel indicates an expected call of HDel.
-func (mr *MockRedisClientMockRecorder) HDel(arg0, arg1 any, arg2 ...any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) HDel(ctx, key any, fields ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{arg0, arg1}, arg2...)
+	varargs := append([]any{ctx, key}, fields...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HDel", reflect.TypeOf((*MockRedisClient)(nil).HDel), varargs...)
 }
 
 // HKeys mocks base method.
-func (m *MockRedisClient) HKeys(arg0 context.Context, arg1 string) *redis.StringSliceCmd {
+func (m *MockRedisClient) HKeys(ctx context.Context, key string) *redis.StringSliceCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "HKeys", arg0, arg1)
+	ret := m.ctrl.Call(m, "HKeys", ctx, key)
 	ret0, _ := ret[0].(*redis.StringSliceCmd)
 	return ret0
 }
 
 // HKeys indicates an expected call of HKeys.
-func (mr *MockRedisClientMockRecorder) HKeys(arg0, arg1 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) HKeys(ctx, key any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HKeys", reflect.TypeOf((*MockRedisClient)(nil).HKeys), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HKeys", reflect.TypeOf((*MockRedisClient)(nil).HKeys), ctx, key)
 }
 
 // HSet mocks base method.
-func (m *MockRedisClient) HSet(arg0 context.Context, arg1 string, arg2 ...any) *redis.IntCmd {
+func (m *MockRedisClient) HSet(ctx context.Context, key string, values ...any) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	varargs := []any{arg0, arg1}
-	for _, a := range arg2 {
+	varargs := []any{ctx, key}
+	for _, a := range values {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "HSet", varargs...)
@@ -195,73 +196,73 @@ func (m *MockRedisClient) HSet(arg0 context.Context, arg1 string, arg2 ...any) *
 }
 
 // HSet indicates an expected call of HSet.
-func (mr *MockRedisClientMockRecorder) HSet(arg0, arg1 any, arg2 ...any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) HSet(ctx, key any, values ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{arg0, arg1}, arg2...)
+	varargs := append([]any{ctx, key}, values...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HSet", reflect.TypeOf((*MockRedisClient)(nil).HSet), varargs...)
 }
 
 // Incr mocks base method.
-func (m *MockRedisClient) Incr(arg0 context.Context, arg1 string) *redis.IntCmd {
+func (m *MockRedisClient) Incr(ctx context.Context, key string) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Incr", arg0, arg1)
+	ret := m.ctrl.Call(m, "Incr", ctx, key)
 	ret0, _ := ret[0].(*redis.IntCmd)
 	return ret0
 }
 
 // Incr indicates an expected call of Incr.
-func (mr *MockRedisClientMockRecorder) Incr(arg0, arg1 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) Incr(ctx, key any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Incr", reflect.TypeOf((*MockRedisClient)(nil).Incr), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Incr", reflect.TypeOf((*MockRedisClient)(nil).Incr), ctx, key)
 }
 
 // LLen mocks base method.
-func (m *MockRedisClient) LLen(arg0 context.Context, arg1 string) *redis.IntCmd {
+func (m *MockRedisClient) LLen(ctx context.Context, key string) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "LLen", arg0, arg1)
+	ret := m.ctrl.Call(m, "LLen", ctx, key)
 	ret0, _ := ret[0].(*redis.IntCmd)
 	return ret0
 }
 
 // LLen indicates an expected call of LLen.
-func (mr *MockRedisClientMockRecorder) LLen(arg0, arg1 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) LLen(ctx, key any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "LLen", reflect.TypeOf((*MockRedisClient)(nil).LLen), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "LLen", reflect.TypeOf((*MockRedisClient)(nil).LLen), ctx, key)
 }
 
 // LPop mocks base method.
-func (m *MockRedisClient) LPop(arg0 context.Context, arg1 string) *redis.StringCmd {
+func (m *MockRedisClient) LPop(ctx context.Context, key string) *redis.StringCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "LPop", arg0, arg1)
+	ret := m.ctrl.Call(m, "LPop", ctx, key)
 	ret0, _ := ret[0].(*redis.StringCmd)
 	return ret0
 }
 
 // LPop indicates an expected call of LPop.
-func (mr *MockRedisClientMockRecorder) LPop(arg0, arg1 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) LPop(ctx, key any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "LPop", reflect.TypeOf((*MockRedisClient)(nil).LPop), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "LPop", reflect.TypeOf((*MockRedisClient)(nil).LPop), ctx, key)
 }
 
 // Ping mocks base method.
-func (m *MockRedisClient) Ping(arg0 context.Context) *redis.StatusCmd {
+func (m *MockRedisClient) Ping(ctx context.Context) *redis.StatusCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Ping", arg0)
+	ret := m.ctrl.Call(m, "Ping", ctx)
 	ret0, _ := ret[0].(*redis.StatusCmd)
 	return ret0
 }
 
 // Ping indicates an expected call of Ping.
-func (mr *MockRedisClientMockRecorder) Ping(arg0 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) Ping(ctx any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Ping", reflect.TypeOf((*MockRedisClient)(nil).Ping), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Ping", reflect.TypeOf((*MockRedisClient)(nil).Ping), ctx)
 }
 
 // RPush mocks base method.
-func (m *MockRedisClient) RPush(arg0 context.Context, arg1 string, arg2 ...any) *redis.IntCmd {
+func (m *MockRedisClient) RPush(ctx context.Context, key string, values ...any) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	varargs := []any{arg0, arg1}
-	for _, a := range arg2 {
+	varargs := []any{ctx, key}
+	for _, a := range values {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "RPush", varargs...)
@@ -270,17 +271,17 @@ func (m *MockRedisClient) RPush(arg0 context.Context, arg1 string, arg2 ...any)
 }
 
 // RPush indicates an expected call of RPush.
-func (mr *MockRedisClientMockRecorder) RPush(arg0, arg1 any, arg2 ...any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) RPush(ctx, key any, values ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{arg0, arg1}, arg2...)
+	varargs := append([]any{ctx, key}, values...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RPush", reflect.TypeOf((*MockRedisClient)(nil).RPush), varargs...)
 }
 
 // SAdd mocks base method.
-func (m *MockRedisClient) SAdd(arg0 context.Context, arg1 string, arg2 ...any) *redis.IntCmd {
+func (m *MockRedisClient) SAdd(ctx context.Context, key string, members ...any) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	varargs := []any{arg0, arg1}
-	for _, a := range arg2 {
+	varargs := []any{ctx, key}
+	for _, a := range members {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "SAdd", varargs...)
@@ -289,31 +290,31 @@ func (m *MockRedisClient) SAdd(arg0 context.Context, arg1 string, arg2 ...any) *
 }
 
 // SAdd indicates an expected call of SAdd.
-func (mr *MockRedisClientMockRecorder) SAdd(arg0, arg1 any, arg2 ...any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) SAdd(ctx, key any, members ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{arg0, arg1}, arg2...)
+	varargs := append([]any{ctx, key}, members...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SAdd", reflect.TypeOf((*MockRedisClient)(nil).SAdd), varargs...)
 }
 
 // SIsMember mocks base method.
-func (m *MockRedisClient) SIsMember(arg0 context.Context, arg1 string, arg2 any) *redis.BoolCmd {
+func (m *MockRedisClient) SIsMember(ctx context.Context, key string, member any) *redis.BoolCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SIsMember", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "SIsMember", ctx, key, member)
 	ret0, _ := ret[0].(*redis.BoolCmd)
 	return ret0
 }
 
 // SIsMember indicates an expected call of SIsMember.
-func (mr *MockRedisClientMockRecorder) SIsMember(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) SIsMember(ctx, key, member any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SIsMember", reflect.TypeOf((*MockRedisClient)(nil).SIsMember), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SIsMember", reflect.TypeOf((*MockRedisClient)(nil).SIsMember), ctx, key, member)
 }
 
 // SRem mocks base method.
-func (m *MockRedisClient) SRem(arg0 context.Context, arg1 string, arg2 ...any) *redis.IntCmd {
+func (m *MockRedisClient) SRem(ctx context.Context, key string, members ...any) *redis.IntCmd {
 	m.ctrl.T.Helper()
-	varargs := []any{arg0, arg1}
-	for _, a := range arg2 {
+	varargs := []any{ctx, key}
+	for _, a := range members {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "SRem", varargs...)
@@ -322,22 +323,22 @@ func (m *MockRedisClient) SRem(arg0 context.Context, arg1 string, arg2 ...any) *
 }
 
 // SRem indicates an expected call of SRem.
-func (mr *MockRedisClientMockRecorder) SRem(arg0, arg1 any, arg2 ...any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) SRem(ctx, key any, members ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{arg0, arg1}, arg2...)
+	varargs := append([]any{ctx, key}, members...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SRem", reflect.TypeOf((*MockRedisClient)(nil).SRem), varargs...)
 }
 
 // Set mocks base method.
-func (m *MockRedisClient) Set(arg0 context.Context, arg1 string, arg2 any, arg3 time.Duration) *redis.StatusCmd {
+func (m *MockRedisClient) Set(ctx context.Context, key string, value any, expiration time.Duration) *redis.StatusCmd {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Set", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "Set", ctx, key, value, expiration)
 	ret0, _ := ret[0].(*redis.StatusCmd)
 	return ret0
 }
 
 // Set indicates an expected call of Set.
-func (mr *MockRedisClientMockRecorder) Set(arg0, arg1, arg2, arg3 any) *gomock.Call {
+func (mr *MockRedisClientMockRecorder) Set(ctx, key, value, expiration any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Set", reflect.TypeOf((*MockRedisClient)(nil).Set), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Set", reflect.TypeOf((*MockRedisClient)(nil).Set), ctx, key, value, expiration)
 }
diff --git a/modules/setting/i18n.go b/modules/setting/i18n.go
index c2e5822cf0..a400cf844c 100644
--- a/modules/setting/i18n.go
+++ b/modules/setting/i18n.go
@@ -9,7 +9,7 @@ var defaultI18nLangNames = []string{
 	"zh-CN", "简体中文",
 	"zh-HK", "繁體中文（香港）",
 	"zh-TW", "繁體中文（台灣）",
-	"da", "Danish",
+	"da", "Dansk",
 	"de-DE", "Deutsch",
 	"nds", "Plattdüütsch",
 	"fr-FR", "Français",
diff --git a/modules/setting/markup.go b/modules/setting/markup.go
index 90fc86b131..4ab9e7b2d1 100644
--- a/modules/setting/markup.go
+++ b/modules/setting/markup.go
@@ -62,7 +62,7 @@ type MarkupSanitizerRule struct {
 func loadMarkupFrom(rootCfg ConfigProvider) {
 	mustMapSetting(rootCfg, "markdown", &Markdown)
 
-	MermaidMaxSourceCharacters = rootCfg.Section("markup").Key("MERMAID_MAX_SOURCE_CHARACTERS").MustInt(5000)
+	MermaidMaxSourceCharacters = rootCfg.Section("markup").Key("MERMAID_MAX_SOURCE_CHARACTERS").MustInt(50000)
 	FilePreviewMaxLines = rootCfg.Section("markup").Key("FILEPREVIEW_MAX_LINES").MustInt(50)
 	ExternalMarkupRenderers = make([]*MarkupRenderer, 0, 10)
 	ExternalSanitizerRules = make([]MarkupSanitizerRule, 0, 10)
diff --git a/modules/setting/repository.go b/modules/setting/repository.go
index 9efd674f8b..a770740f86 100644
--- a/modules/setting/repository.go
+++ b/modules/setting/repository.go
@@ -4,12 +4,15 @@
 package setting
 
 import (
+	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
 
 	"forgejo.org/modules/log"
+
+	"golang.org/x/crypto/ssh"
 )
 
 // enumerates all the policy repository creating
@@ -26,6 +29,8 @@ var MaxUserCardsPerPage = 36
 // MaxForksPerPage sets maximum amount of forks shown per page
 var MaxForksPerPage = 40
 
+var SSHInstanceKey ssh.PublicKey
+
 // Repository settings
 var (
 	Repository = struct {
@@ -109,6 +114,7 @@ var (
 			SigningKey        string
 			SigningName       string
 			SigningEmail      string
+			Format            string
 			InitialCommit     []string
 			CRUDActions       []string `ini:"CRUD_ACTIONS"`
 			Merges            []string
@@ -262,6 +268,7 @@ var (
 			SigningKey        string
 			SigningName       string
 			SigningEmail      string
+			Format            string
 			InitialCommit     []string
 			CRUDActions       []string `ini:"CRUD_ACTIONS"`
 			Merges            []string
@@ -271,6 +278,7 @@ var (
 			SigningKey:        "default",
 			SigningName:       "",
 			SigningEmail:      "",
+			Format:            "openpgp",
 			InitialCommit:     []string{"always"},
 			CRUDActions:       []string{"pubkey", "twofa", "parentsigned"},
 			Merges:            []string{"pubkey", "twofa", "basesigned", "commitssigned"},
@@ -376,4 +384,15 @@ func loadRepositoryFrom(rootCfg ConfigProvider) {
 		log.Fatal("loadRepoArchiveFrom: %v", err)
 	}
 	Repository.EnableFlags = sec.Key("ENABLE_FLAGS").MustBool()
+
+	if Repository.Signing.Format == "ssh" && Repository.Signing.SigningKey != "none" && Repository.Signing.SigningKey != "" {
+		sshPublicKey, err := os.ReadFile(Repository.Signing.SigningKey)
+		if err != nil {
+			log.Fatal("Could not read repository signing key in %q: %v", Repository.Signing.SigningKey, err)
+		}
+		SSHInstanceKey, _, _, _, err = ssh.ParseAuthorizedKey(sshPublicKey)
+		if err != nil {
+			log.Fatal("Could not parse the SSH signing key %q: %v", sshPublicKey, err)
+		}
+	}
 }
diff --git a/modules/setting/repository_test.go b/modules/setting/repository_test.go
new file mode 100644
index 0000000000..d36e739f6b
--- /dev/null
+++ b/modules/setting/repository_test.go
@@ -0,0 +1,59 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package setting
+
+import (
+	"fmt"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/crypto/ssh"
+)
+
+func TestSSHInstanceKey(t *testing.T) {
+	sshSigningKeyPath, err := filepath.Abs("../../tests/integration/ssh-signing-key.pub")
+	require.NoError(t, err)
+
+	t.Run("None value", func(t *testing.T) {
+		cfg, err := NewConfigProviderFromData(`
+[repository.signing]
+FORMAT = ssh
+SIGNING_KEY = none
+`)
+		require.NoError(t, err)
+
+		loadRepositoryFrom(cfg)
+
+		assert.Nil(t, SSHInstanceKey)
+	})
+
+	t.Run("No value", func(t *testing.T) {
+		cfg, err := NewConfigProviderFromData(`
+[repository.signing]
+FORMAT = ssh
+`)
+		require.NoError(t, err)
+
+		loadRepositoryFrom(cfg)
+
+		assert.Nil(t, SSHInstanceKey)
+	})
+	t.Run("Normal", func(t *testing.T) {
+		iniStr := fmt.Sprintf(`
+[repository.signing]
+FORMAT = ssh
+SIGNING_KEY = %s
+`, sshSigningKeyPath)
+		cfg, err := NewConfigProviderFromData(iniStr)
+		require.NoError(t, err)
+
+		loadRepositoryFrom(cfg)
+
+		assert.NotNil(t, SSHInstanceKey)
+		assert.Equal(t, "ssh-ed25519", SSHInstanceKey.Type())
+		assert.EqualValues(t, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeRC8GfFyXtiy0f1E7hLv77BXW7e68tFvIcs8/29YqH\n", ssh.MarshalAuthorizedKey(SSHInstanceKey))
+	})
+}
diff --git a/modules/structs/fork.go b/modules/structs/fork.go
index eb7774afbc..8fc73647bd 100644
--- a/modules/structs/fork.go
+++ b/modules/structs/fork.go
@@ -10,3 +10,11 @@ type CreateForkOption struct {
 	// name of the forked repository
 	Name *string `json:"name"`
 }
+
+// SyncForkInfo information about syncing a fork
+type SyncForkInfo struct {
+	Allowed       bool   `json:"allowed"`
+	ForkCommit    string `json:"fork_commit"`
+	BaseCommit    string `json:"base_commit"`
+	CommitsBehind int    `json:"commits_behind"`
+}
diff --git a/modules/structs/repo_file.go b/modules/structs/repo_file.go
index 65d9a2d490..242343493b 100644
--- a/modules/structs/repo_file.go
+++ b/modules/structs/repo_file.go
@@ -4,6 +4,8 @@
 
 package structs
 
+import "time"
+
 // FileOptions options for all file APIs
 type FileOptions struct {
 	// message (optional) for the commit of this file. if not supplied, a default message will be used
@@ -121,6 +123,8 @@ type ContentsResponse struct {
 	Path          string `json:"path"`
 	SHA           string `json:"sha"`
 	LastCommitSHA string `json:"last_commit_sha"`
+	// swagger:strfmt date-time
+	LastCommitWhen time.Time `json:"last_commit_when"`
 	// `type` will be `file`, `dir`, `symlink`, or `submodule`
 	Type string `json:"type"`
 	Size int64  `json:"size"`
diff --git a/modules/translation/i18n/localestore.go b/modules/translation/i18n/localestore.go
index bf98b7b5da..8484a10386 100644
--- a/modules/translation/i18n/localestore.go
+++ b/modules/translation/i18n/localestore.go
@@ -1,4 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package i18n
@@ -205,6 +206,7 @@ func (l *locale) TrString(trKey string, trArgs ...any) string {
 			if defaultLang, ok := l.store.localeMap[l.store.defaultLang]; ok {
 				if msg := defaultLang.LookupNewStyleMessage(trKey); msg != "" {
 					format = msg
+					found = true
 				} else if foundIndex {
 					// Third fallback: old-style default language
 					if msg, ok := defaultLang.idxToMsgMap[idx]; ok {
diff --git a/modules/validation/validatable.go b/modules/validation/validatable.go
index bc565bd194..d2c5553259 100644
--- a/modules/validation/validatable.go
+++ b/modules/validation/validatable.go
@@ -1,5 +1,4 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// Copyright 2023 The Forgejo Authors. All rights reserved.
+// Copyright 2023, 2024, 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package validation
@@ -33,9 +32,9 @@ type Validateable interface {
 }
 
 func IsValid(v Validateable) (bool, error) {
-	if err := v.Validate(); len(err) > 0 {
+	if valdationErrors := v.Validate(); len(valdationErrors) > 0 {
 		typeof := reflect.TypeOf(v)
-		errString := strings.Join(err, "\n")
+		errString := strings.Join(valdationErrors, "\n")
 		return false, ErrNotValid{fmt.Sprint(typeof, ": ", errString)}
 	}
 
@@ -53,6 +52,10 @@ func ValidateNotEmpty(value any, name string) []string {
 		if v.IsZero() {
 			isValid = false
 		}
+	case uint16:
+		if v == 0 {
+			isValid = false
+		}
 	case int64:
 		if v == 0 {
 			isValid = false
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index caa3db3af9..ea464e3c91 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -1414,7 +1414,7 @@ editor.file_is_a_symlink=`„%s“ je symbolický odkaz. Symbolické odkazy nemo
 editor.filename_is_a_directory=Jméno souboru „%s“ je již použito jako jméno adresáře v tomto repozitáři.
 editor.file_editing_no_longer_exists=Upravovaný soubor „%s“ již není součástí tohoto repozitáře.
 editor.file_deleting_no_longer_exists=Odstraňovaný soubor „%s“ již není součástí tohoto repozitáře.
-editor.file_changed_while_editing=Obsah souboru se od zahájení úprav změnil. <a target="_blank" rel="noopener noreferrer" href="%s">Klikněte sem</a> pro jeho zobrazení nebo <strong>odešlete změny ještě jednou</strong> pro jeho přepsání.
+editor.file_changed_while_editing=Obsah souboru se od doby, kdy jste ho otevřeli, změnil. <a target="_blank" rel="noopener noreferrer" href="%s">Klikněte sem</a> pro jeho zobrazení nebo <strong>odešlete změny ještě jednou</strong> pro jeho přepsání.
 editor.file_already_exists=Soubor „%s“ již existuje v tomto repozitáři.
 editor.commit_empty_file_header=Odeslat prázdný soubor
 editor.commit_empty_file_text=Soubor, který se chystáte odeslat, je prázdný. Pokračovat?
@@ -2912,6 +2912,9 @@ issues.filter_no_results = Žádné výsledky
 migrate.repo_desc_helper = Ponechte prázdné pro importování existujícího popisu
 archive.nocomment = Komentování není možné, protože je repozitář archivován.
 comment.blocked_by_user = Komentování není možné, protože jste byli zablokováni majitelem repozitáře nebo autorem.
+sync_fork.branch_behind_few = Tato větev je %d revizí pozadu za %s
+sync_fork.button = Synchronizovat
+sync_fork.branch_behind_one = Tato větev je %d revizi pozadu za %s
 
 [graphs]
 component_loading_info = Tohle může chvíli trvat…
@@ -3930,7 +3933,7 @@ runners.delete_runner=Odstranit tento runner
 runners.delete_runner_success=Runner byl úspěšně odstraněn
 runners.delete_runner_failed=Odstranění runneru selhalo
 runners.delete_runner_header=Potvrdit odstranění tohoto runneru
-runners.delete_runner_notice=Pokud na tomto runneru běží úloha, bude ukončena a označena jako neúspěšná. Může dojít k přerušení vytváření pracovního postupu.
+runners.delete_runner_notice=Pokud na tomto runneru běží úloha, bude ukončena a označena jako neúspěšná. Může dojít k přerušení vytváření workflow.
 runners.status.unspecified=Neznámý
 runners.status.idle=Nečinný
 runners.status.active=Aktivní
diff --git a/options/locale/locale_da.ini b/options/locale/locale_da.ini
index 3de53b2ebf..e63280e845 100644
--- a/options/locale/locale_da.ini
+++ b/options/locale/locale_da.ini
@@ -2725,6 +2725,9 @@ branch.rename_branch_to = Omdøb "%s" til:
 migrate.repo_desc_helper = Lad være tom for at importere eksisterende beskrivelse
 archive.nocomment = Det er ikke muligt at kommentere, fordi depotet er arkiveret.
 comment.blocked_by_user = Det er ikke muligt at kommentere, fordi du er blokeret af depots ejer eller forfatteren.
+sync_fork.branch_behind_few = Denne gren er %d commits bag %s
+sync_fork.button = Sync
+sync_fork.branch_behind_one = Denne gren er %d commit bag %s
 
 [notification]
 watching = Overvåger
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 77c011677b..b2054d301a 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -1412,7 +1412,7 @@ editor.file_is_a_symlink=`„%s“ ist ein symbolischer Link. Symbolische Links
 editor.filename_is_a_directory=Der Dateiname „%s“ wird bereits als Verzeichnisname in diesem Repository verwendet.
 editor.file_editing_no_longer_exists=Die bearbeitete Datei „%s“ existiert nicht mehr in diesem Repository.
 editor.file_deleting_no_longer_exists=Die zu löschende Datei „%s“ existiert nicht mehr in diesem Repository.
-editor.file_changed_while_editing=Der Inhalt der Datei hat sich seit dem Beginn der Bearbeitung geändert. <a target="_blank" rel="noopener noreferrer" href="%s">Hier klicken</a>, um die Änderungen anzusehen, oder <strong>Änderungen erneut comitten</strong>, um sie zu überschreiben.
+editor.file_changed_while_editing=Der Inhalt der Datei hat sich nach dem Öffnen geändert. <a target="_blank" rel="noopener noreferrer" href="%s">Hier klicken</a>, um die Änderungen anzusehen, oder <strong>Änderungen erneut committen</strong>, um sie zu überschreiben.
 editor.file_already_exists=Eine Datei mit dem Namen „%s“ existiert bereits in diesem Repository.
 editor.commit_empty_file_header=Leere Datei committen
 editor.commit_empty_file_text=Die Datei, die du commiten willst, ist leer. Fortfahren?
@@ -2914,6 +2914,9 @@ issues.filter_no_results_placeholder = Versuche, deine Suchfilter anzupassen.
 migrate.repo_desc_helper = Leer lassen, um vorhandene Beschreibung zu importieren
 archive.nocomment = Kommentieren ist nicht möglich, da das Repository archiviert ist.
 comment.blocked_by_user = Kommentieren ist nicht möglich, da du vom Repository-Besitzer oder vom Autor blockiert wurdest.
+sync_fork.branch_behind_one = Dieser Branch ist %d Commit hinter %s
+sync_fork.branch_behind_few = Dieser Branch ist %d Commits hinter %s
+sync_fork.button = Sync
 
 [graphs]
 component_loading_failed = Konnte %s nicht laden
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index d97f90ec9c..03420dbb53 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1220,6 +1220,10 @@ archive.title_date = This repository has been archived on %s. You can view files
 archive.nocomment = Commenting is not possible because the repository is archived.
 archive.pull.noreview = This repository is archived. You cannot review pull requests.
 
+sync_fork.branch_behind_one = This branch is %[1]d commit behind %[2]s
+sync_fork.branch_behind_few = This branch is %[1]d commits behind %[2]s
+sync_fork.button = Sync
+
 form.reach_limit_of_creation_1 = The owner has already reached the limit of %d repository.
 form.reach_limit_of_creation_n = The owner has already reached the limit of %d repositories.
 form.name_reserved = The repository name "%s" is reserved.
@@ -3814,7 +3818,7 @@ owner.settings.cleanuprules.success.update = Cleanup rule has been updated.
 owner.settings.cleanuprules.success.delete = Cleanup rule has been deleted.
 owner.settings.chef.title = Chef registry
 owner.settings.chef.keypair = Generate key pair
-owner.settings.chef.keypair.description = A key pair is necessary to authenticate to the Chef registry. If you have generated a key pair before, generating a new key pair will discard the old key pair.
+owner.settings.chef.keypair.description = Requests sent to the Chef registry must be cryptographically signed as a means of authentication. When generating a keypair, only the public key is stored on Forgejo. The private key is provided to you to be used with knife. Generating a new keypair will overwrite the previous one.
 
 [secrets]
 secrets = Secrets
@@ -3871,7 +3875,7 @@ runners.delete_runner = Delete this runner
 runners.delete_runner_success = Runner deleted successfully
 runners.delete_runner_failed = Failed to delete runner
 runners.delete_runner_header = Confirm to delete this runner
-runners.delete_runner_notice = If a task is running on this runner, it will be terminated and mark as failed. It may break building workflow.
+runners.delete_runner_notice = If a task is running on this runner, it will be terminated and marked as failed. It may break building workflow.
 runners.none = No runners available
 runners.status.unspecified = Unknown
 runners.status.idle = Idle
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 57e3369d67..f9b0bb30cf 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -38,12 +38,12 @@ passcode=Código de acceso
 
 webauthn_insert_key=Introduzca su clave de seguridad
 webauthn_sign_in=Presione el botón en su clave de seguridad. Si su clave de seguridad no tiene ningún botón, vuelva a insertarla.
-webauthn_press_button=Por favor, presione el botón de su llave de seguridad…
+webauthn_press_button=Por favor, presione el botón en su clave de seguridad…
 webauthn_use_twofa=Utilice un código de doble factor desde su teléfono móvil
 webauthn_error=No se pudo leer su llave de seguridad.
 webauthn_unsupported_browser=Su navegador no soporta actualmente WebAuthn.
 webauthn_error_unknown=Ha ocurrido un error desconocido. Por favor, inténtelo de nuevo.
-webauthn_error_insecure=`WebAuthn sólo soporta conexiones seguras. Para probar sobre HTTP, puede utilizar el origen "localhost" o "127.0.0.1"`
+webauthn_error_insecure=WebAuthn sólo soporta conexiones seguras. Para probar sobre HTTP, puede utilizar el origen "localhost" o "127.0.0.1"
 webauthn_error_unable_to_process=El servidor no pudo procesar su solicitud.
 webauthn_error_duplicated=La clave de seguridad no está permitida para esta solicitud. Por favor, asegúrese de que la clave no está ya registrada.
 webauthn_error_empty=Debe establecer un nombre para esta clave.
@@ -72,7 +72,7 @@ all=Todos
 sources=Propios
 mirrors=Réplica
 collaborative=Colaborativo
-forks=Forks
+forks=Bifurcaciones
 
 activities=Actividades
 pull_requests=Solicitudes de incorporación de cambios
@@ -300,7 +300,7 @@ offline_mode.description=Deshabilitar redes de distribución de contenido de ter
 disable_gravatar=Desactivar Gravatar
 disable_gravatar.description=Desactivar el Gravatar y otros fuentes de avatares de terceros. Se utilizará un avatar por defecto a menos que un usuario suba un avatar localmente.
 federated_avatar_lookup=Habilitar avatares federados
-federated_avatar_lookup.description=Buscar de avatares con Libravatar.
+federated_avatar_lookup.description=Busca avatares con Libravatar.
 disable_registration=Deshabilitar auto-registro
 disable_registration.description=Sólo los administradores de la instancia podrán crear nuevas cuentas. Es muy recomendable mantener deshabilitado el registro a menos que pretenda alojar una instancia pública para todo el mundo y esté preparado para lidiar con grandes cantidades de cuentas de spam.
 allow_only_external_registration.description=Los usuarios sólo podrán crear nuevas cuentas utilizando servicios externos configurados.
@@ -668,7 +668,7 @@ still_own_packages=Tu cuenta posee uno o más paquetes, elimínalos primero.
 org_still_own_repo=Esta organización todavía posee uno o más repositorios, elimínalos o transfiérelos primero.
 org_still_own_packages=Esta organización todavía posee uno o más paquetes, elimínalos primero.
 
-target_branch_not_exist=La rama de destino no existe
+target_branch_not_exist=La rama de destino no existe.
 admin_cannot_delete_self = No puedes eliminarte a ti mismo cuando eres un admin (administrador). Por favor, elimina primero tus privilegios de administrador.
 username_error_no_dots = ` solo puede contener carácteres alfanuméricos ("0-9","a-z","A-Z"), guiones ("-"), y guiones bajos ("_"). No puede empezar o terminar con carácteres no alfanuméricos y también están prohibidos los carácteres no alfanuméricos consecutivos.`
 unsupported_login_type = No se admite el tipo de inicio de sesión para eliminar la cuenta.
@@ -843,7 +843,7 @@ add_email_success=La nueva dirección de correo electrónico ha sido añadida.
 email_preference_set_success=La preferencia de correo electrónico se ha establecido correctamente.
 add_openid_success=La nueva dirección OpenID ha sido añadida.
 keep_email_private=Ocultar dirección de correo electrónico
-keep_email_private_popup=Esto ocultará tu dirección de correo electrónico de tu perfil. Ya no será la dirección predeterminada para los confirmaciones realizadas a través de la interfaz web, como las subidas y ediciones de archivos, y no se utilizará para las confirmaciones de fusión. En su lugar, se utilizará una dirección especial %s para asociar las confirmaciones a tu cuenta. Ten en cuenta que cambiar esta opción no afectará a las confirmaciones existentes.
+keep_email_private_popup=Su dirección de correo electrónico no se mostrará en su perfil y no será la predeterminada para las confirmaciones realizadas a través de la interfaz web, como las subidas de archivos, las ediciones y las confirmaciones de fusión. En su lugar, se utilizará una dirección especial %s para vincular las confirmaciones a tu cuenta. Esta opción no afectará a las confirmaciones existentes.
 openid_desc=OpenID le permite delegar la autenticación a un proveedor externo.
 
 manage_ssh_keys=Gestionar claves SSH
@@ -1075,6 +1075,14 @@ keep_pronouns_private = Mostrar pronombres solo a personas autenticadas
 storage_overview = Resumen del almacenamiento
 quota.sizes.assets.artifacts = Artefactos
 quota.sizes.assets.attachments.releases = Archivos adjuntos del lanzamiento
+change_username_redirect_prompt.with_cooldown.few = El antiguo nombre de usuario estará disponible para todos después un periodo de tiempo de espera de %[1]d días, aún puedes reclamar el antiguo nombre de usuario durante el periodo de tiempo de espera.
+change_username_redirect_prompt.with_cooldown.one = El antiguo nombre de usuario estará disponible para todos después un periodo de tiempo de espera de %[1]d día, aún puedes reclamar el antiguo nombre de usuario durante el periodo de tiempo de espera.
+quota.rule.exceeded = Excedido
+quota.rule.no_limit = Ilimitado
+quota.sizes.assets.all = Activos
+quota.sizes.git.lfs = Git LFS
+quota.sizes.assets.attachments.issues = Archivos adjuntos de incidencia
+access_token_regeneration = Regenerar token de acceso
 
 [repo]
 owner=Propietario
@@ -1237,7 +1245,7 @@ migrate.migrate_items_options=Se necesita un token de acceso para migrar element
 migrated_from=Migrado desde <a href="%[1]s">%[2]s</a>
 migrated_from_fake=Migrado desde %[1]s
 migrate.migrate=Migrar desde %s
-migrate.migrating=Migrando desde <b>%s</b>...
+migrate.migrating=Migrando desde <b>%s</b>…
 migrate.migrating_failed=La migración desde <b>%s</b> ha fallado.
 migrate.migrating_failed.error=Error al migrar: %s
 migrate.migrating_failed_no_addr=Migración fallida.
@@ -1510,7 +1518,7 @@ issues.new.no_projects=Ningún proyecto
 issues.new.open_projects=Proyectos abiertos
 issues.new.closed_projects=Proyectos cerrados
 issues.new.no_items=No hay elementos
-issues.new.milestone=Milestone
+issues.new.milestone=Hito
 issues.new.no_milestone=Sin hito
 issues.new.clear_milestone=Limpiar Milestone
 issues.new.open_milestone=Hitos abiertos
@@ -1558,12 +1566,12 @@ issues.change_title_at=`cambió el título de <b><strike>%s</strike></b> a <b>%s
 issues.change_ref_at=`cambió referencia de <b><strike>%s</strike></b> a <b>%s</b> %s`
 issues.remove_ref_at=`eliminó la referencia <b>%s</b> %s`
 issues.add_ref_at=`añadió la referencia <b>%s</b> %s`
-issues.delete_branch_at=`rama eliminada <b>%s</b> %s`
+issues.delete_branch_at=`eliminó la rama <b>%s</b> %s`
 issues.filter_label=Etiqueta
 issues.filter_label_exclude=`Usa <code>alt</code> + <code>clic/enter</code> para excluir etiquetas`
 issues.filter_label_no_select=Todas las etiquetas
 issues.filter_label_select_no_label=Sin etiqueta
-issues.filter_milestone=Milestone
+issues.filter_milestone=Hito
 issues.filter_milestone_all=Todos los hitos
 issues.filter_milestone_none=Sin hitos
 issues.filter_milestone_open=Abrir hitos
@@ -1965,7 +1973,7 @@ pulls.auto_merge_canceled_schedule_comment=`canceló la fusión automática de e
 pulls.delete.title=¿Borrar este pull request?
 pulls.delete.text=¿Realmente quieres eliminar esta pull request? (Esto eliminará permanentemente todo el contenido. Considera cerrarlo si simplemente deseas archivarlo)
 
-pulls.recently_pushed_new_branches=Has realizado push en la rama <strong>%[1]s</strong> %[2]s
+pulls.recently_pushed_new_branches=Empujaste en la rama <a href="%[3]s"><strong>%[1]s</strong></a> %[2]s
 
 pull.deleted_branch=(eliminado):%s
 
@@ -1976,7 +1984,7 @@ milestones.no_due_date=Sin fecha límite
 milestones.open=Abrir
 milestones.close=Cerrar
 milestones.new_subheader=Los hitos pueden ayudarle a organizar los problemas y monitorizar su progreso.
-milestones.completeness=%d%% Completado
+milestones.completeness=<strong>%d%%</strong> Completado
 milestones.create=Crear hito
 milestones.title=Título
 milestones.desc=Descripción
@@ -2017,7 +2025,7 @@ ext_wiki=Wiki externa
 ext_wiki.desc=Enlace a una wiki externa.
 
 wiki=Wiki
-wiki.welcome=¡Bienvenidos a la Wiki!
+wiki.welcome=Bienvenido a la Wiki.
 wiki.welcome_desc=Esta wiki le permite escribir y compartir documentación con otros colaboradores.
 wiki.desc=Escriba y comparta documentación con colaboradores.
 wiki.create_first_page=Crear la primera página
@@ -2326,7 +2334,7 @@ settings.event_create=Crear
 settings.event_create_desc=Rama o etiqueta creada.
 settings.event_delete=Eliminar
 settings.event_delete_desc=Rama o etiqueta eliminada.
-settings.event_fork=Fork
+settings.event_fork=Bifurcación
 settings.event_fork_desc=Repositorio forkeado.
 settings.event_wiki=Wiki
 settings.event_wiki_desc=Página de la Wiki creada, renombrada, editada o eliminada.
@@ -2514,7 +2522,7 @@ settings.archive.branchsettings_unavailable=Los ajustes de rama no están dispon
 settings.archive.tagsettings_unavailable=Los ajustes de las etiquetas no están disponibles si el repositorio está archivado.
 settings.unarchive.button=Desarchivar repositorio
 settings.unarchive.header=Desarchivar este repositorio
-settings.unarchive.text=La desarchivación del repositorio restablecerá su capacidad de recibir confirmaciones y subidos, así como nuevas incidencias y solicitudes de incorporación de cambios.
+settings.unarchive.text=La desarchivación del repositorio restablecerá su capacidad de recibir confirmaciones y empujes, así como nuevas incidencias y solicitudes de incorporación de cambios.
 settings.unarchive.success=El repositorio se ha desarchivado correctamente.
 settings.unarchive.error=Ocurrió un error mientras se trataba de des-archivar el repositorio. Revisa el registro para más detalles.
 settings.update_avatar_success=El avatar del repositorio ha sido actualizado.
@@ -2532,7 +2540,7 @@ settings.lfs_invalid_locking_path=Ruta no válida: %s
 settings.lfs_invalid_lock_directory=No se puede bloquear el directorio: %s
 settings.lfs_lock_already_exists=El bloqueo ya existe: %s
 settings.lfs_lock=Bloquear
-settings.lfs_lock_path=Ruta del archivo a bloquear...
+settings.lfs_lock_path=Ruta del archivo a bloquear…
 settings.lfs_locks_no_locks=Sin bloqueos
 settings.lfs_lock_file_no_exist=El archivo bloqueado no existe en la rama por defecto
 settings.lfs_force_unlock=Forzar desbloqueo
@@ -2637,7 +2645,7 @@ release.cancel=Cancelar
 release.publish=Publicar lanzamiento
 release.save_draft=Guardar borrador
 release.edit_release=Actualizar Lanzamiento
-release.delete_release=Eliminar Lanzamiento
+release.delete_release=Eliminar lanzamiento
 release.delete_tag=Eliminar tag
 release.deletion=Eliminar lanzamiento
 release.deletion_desc=Eliminar un lanzamiento sólo lo elimina de Forgejo. No afectará la etiqueta Git, el contenido de su repositorio o su historial. ¿Continuar?
@@ -2862,9 +2870,15 @@ release.add_external_asset = Añadir un recurso externo
 settings.enforce_on_admins_desc = Los administradores del repositorio no pueden saltarse esta regla.
 pulls.editable = Editable
 issues.filter_no_results = No hay resultados
+release.type_attachment = Archivo adjunto
+sync_fork.button = Sincronizar
+settings.sourcehut_builds.visibility = Visibilidad de trabajo
+settings.ignore_stale_approvals = Ignorar las aprobaciones obsoletas
+settings.event_pull_request_enforcement = Aplicación
+issues.reaction.alt_few = %[1]s reaccionado con %[2]s.
 
 [graphs]
-component_loading = Cargando %s...
+component_loading = Cargando %s…
 component_loading_failed = No se pudo cargar %s
 contributors.what = contribuciones
 recent_commits.what = commits recientes
@@ -2929,11 +2943,11 @@ settings.hooks_desc=Añadir webhooks que serán ejecutados para <strong>todos lo
 
 settings.labels_desc=Añadir etiquetas que pueden ser utilizadas en problemas para <strong>todos los repositorios</strong> bajo esta organización.
 
-members.membership_visibility=Visibilidad de Membresía:
+members.membership_visibility=Visibilidad de membresía:
 members.public=Público
-members.public_helper=hacer oculto
+members.public_helper=Hacer oculto
 members.private=Oculto
-members.private_helper=hacer público
+members.private_helper=Hacer público
 members.member_role=Rol del miembro:
 members.owner=Propietario
 members.member=Miembro
@@ -2942,7 +2956,7 @@ members.remove.detail=¿Destituir a %[1]s de %[2]s?
 members.leave=Abandonar
 members.leave.detail=¿Irse de %s?
 members.invite_desc=Añadir un miembro nuevo a %s:
-members.invite_now=Invitar
+members.invite_now=Invitar ahora
 
 teams.join=Unirse
 teams.leave=Abandonar
@@ -2951,7 +2965,7 @@ teams.can_create_org_repo=Crear repositorios
 teams.can_create_org_repo_helper=Los miembros pueden crear nuevos repositorios en la organización. El creador obtendrá acceso al administrador del nuevo repositorio.
 teams.none_access=Sin acceso
 teams.none_access_helper=Los miembros no pueden ver o hacer ninguna otra acción en esta unidad.
-teams.general_access=Acceso general
+teams.general_access=Acceso personalizado
 teams.general_access_helper=Los permisos de los miembros se decidirán por debajo de la tabla de permisos.
 teams.read_access=Leer
 teams.read_access_helper=Los miembros pueden ver y clonar los repositorios del equipo.
@@ -2997,7 +3011,7 @@ teams.invite.by=Invitado por %s
 teams.invite.description=Por favor, haga clic en el botón de abajo para unirse al equipo.
 follow_blocked_user = No puedes seguir a esta organización porque esta organización te ha bloqueado.
 open_dashboard = Abrir panel de control
-settings.change_orgname_redirect_prompt.with_cooldown.few = El antiguo nombre de usuario estará disponible para cualquiera después un periodo de tiempo de espera de %[1]d días, aún puedes reclamar el antiguo nombre de usuario durante el periodo de tiempo de espera.
+settings.change_orgname_redirect_prompt.with_cooldown.few = El antiguo nombre de la organización estará disponible para todos después un periodo de tiempo de espera de %[1]d días, aún puedes reclamar el antiguo nombre durante el periodo de tiempo de espera.
 settings.change_orgname_redirect_prompt.with_cooldown.one = El antiguo nombre de usuario estará disponible para cualquiera después un periodo de tiempo de espera de %[1]d día, aún puedes reclamar el antiguo nombre de usuario durante el periodo de tiempo de espera.
 
 [admin]
@@ -3539,6 +3553,9 @@ emails.delete_primary_email_error = No puedes eliminar el correo electrónico pr
 config.cache_test =Caché de prueba
 emails.delete_desc = ¿Estás seguro que quieres eliminar esta dirección de correo electrónico?
 monitor.duration = Duración (es)
+self_check = Autocomprobación
+config.app_slogan = Eslogan de la instancia
+dashboard.sync_tag.started = Sincronización de etiquetas iniciada
 
 
 [action]
@@ -3799,6 +3816,12 @@ alt.install = Instalar paquete
 alt.repository = Información del repositorio
 alt.repository.architectures = Arquitecturas
 alt.repository.multiple_groups = Este paquete está disponible en múltiples grupos.
+arch.version.description = Descripción
+arch.version.provides = Proveedores
+npm.dependencies.bundle = Empaquetar dependencias
+arch.version.checkdepends = Comprobar dependencias
+arch.version.optdepends = Dependencias opcionales
+arch.version.makedepends = Construir dependencias
 
 [secrets]
 secrets=Secretos
@@ -3904,6 +3927,8 @@ variables.id_not_exist = Variable con id %d no existe.
 runs.empty_commit_message = (mensaje de commit vacío)
 runs.expire_log_message = Los registros han sido eliminados porque eran demasiado antiguos.
 runs.workflow = Flujo de trabajo
+workflow.dispatch.run = Correr flujo de trabajo
+workflow.dispatch.use_from = Usar el flujo de trabajo de
 
 [projects]
 type-1.display_name=Proyecto individual
@@ -3946,7 +3971,7 @@ exact = Exacto
 exact_tooltip = Incluir sólo los resultados que corresponden al término de búsqueda exacto
 issue_kind = Buscar incidencias…
 fuzzy = Difusa
-runner_kind = Buscar ejecutores…
+runner_kind = Buscar corredores…
 regexp_tooltip = Interpretar los términos de búsqueda como una expresión regular
 regexp = Expresión Regular
 
diff --git a/options/locale/locale_eu.ini b/options/locale/locale_eu.ini
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/options/locale/locale_eu.ini
@@ -0,0 +1 @@
+
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 11b2b3eb0c..0cc2cc9b1f 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -545,6 +545,7 @@ issue_assigned.issue = @%[1]s osoitti sinulle ongelman %[2]s repossa %[3]s.
 register_notify.text_1 = tämä on %s:n rekistöröitymisen vahvistussähköposti!
 reset_password.text = jos tämä oli sinun toimestasi, ole hyvä ja klikkaa oheista linkkiä palauttaaksesi tilisi <b>%s</b> sisällä:
 totp_disabled.no_2fa = Muita kaksivaiheisen tunnistautumisen menetelmiä ei ole konfiguroituna, joten et tarvitse kaksivaiheista tunnistautumista kirjautuaaksesi tilillesi.
+totp_enrolled.subject = Olet aktivoinut TOTP:in kaksivaiheisen todennuksen menetelmäksi
 
 
 
@@ -666,6 +667,8 @@ follow_blocked_user = Et voi seurata tätä käyttäjää, koska olet estänyt k
 disabled_public_activity = Käyttäjä on poistanut käytöstä toiminnan julkisen näkyvyyden.
 form.name_reserved = Käyttäjätunnus "%s" on varattu.
 form.name_pattern_not_allowed = Kaava "%s" ei ole sallittu käyttäjätunnuksessa.
+public_activity.visibility_hint.admin_private = Aktiivisuus on näkyvissä sinulle, koska olet ylläpitäjä, mutta käyttäjä haluaa pitää aktiivisuutensa yksityisenä.
+public_activity.visibility_hint.self_private_profile = Aktiivisuutesi on näkyvissä vain sinulle ja instanssin ylläpitäjille, koska profiilisi on yksityinen. <a href="%s">Määritä</a>.
 
 
 [settings]
@@ -994,12 +997,12 @@ download_tar=Lataa TAR.GZ
 repo_desc=Kuvaus
 repo_lang=Kieli
 repo_gitignore_helper=Valitse .gitignore-mallit
-issue_labels=Ongelmien tunnisteet
+issue_labels=Tunnisteet
 issue_labels_helper=Valitse nimiöjoukko
 license=Lisenssi
 license_helper=Valitse lisenssitiedosto
 readme=README
-auto_init=Alusta repo (Luo .gitignore, License ja README)
+auto_init=Alusta repo
 create_repo=Luo repo
 default_branch=Oletushaara
 mirror_prune=Karsi
@@ -1168,7 +1171,7 @@ issues.new_label=Uusi tunniste
 issues.new_label_placeholder=Tunnisteen nimi
 issues.new_label_desc_placeholder=Kuvaus
 issues.create_label=Luo tunniste
-issues.label_templates.helper=Valitse tunnistejoukko
+issues.label_templates.helper=Valitse tunnisteen esiasetus
 issues.add_milestone_at=`lisäsi tämän merkkipaaluun <b>%s</b> %s`
 issues.change_milestone_at=`vaihtoi merkkipaalun <b>%s</b> merkkipaaluun <b>%s</b> %s`
 issues.remove_milestone_at=`poisti tämän <b>%s</b> merkkipaalusta %s`
@@ -1244,7 +1247,7 @@ issues.label_count=%d tunnistetta
 issues.label_open_issues=%d avointa ongelmaa
 issues.label_edit=Muokkaa
 issues.label_delete=Poista
-issues.label_modify=Muokkaa tunniste
+issues.label_modify=Muokkaa tunnistetta
 issues.label_deletion=Poista tunniste
 issues.label.filter_sort.alphabetically=Aakkosjärjestyksessä
 issues.label.filter_sort.reverse_alphabetically=Käänteisessä aakkosjärjestyksessä
@@ -1272,7 +1275,7 @@ issues.start_tracking_history=`aloitti työskentelyn %s`
 issues.tracker_auto_close=Ajan seuranta pysähtyy automaattisesti kun tämä ongelma on suljettu
 issues.stop_tracking=Pysäytä ajanotto
 issues.stop_tracking_history=`lopetti työskentelyn %s`
-issues.add_time=Lisää aika käsin
+issues.add_time=Lisää aika manuaalisesti
 issues.add_time_short=Lisää aika
 issues.add_time_cancel=Peruuta
 issues.add_time_history=`lisäsi käytetyn ajan %s`
@@ -2129,13 +2132,62 @@ archive.pull.noreview = Tämä repo on arkistoitu. Et voi katselmoida vetopyynt
 tree_path_not_found_tag = Polkua %[1]s ei ole olemassa tagissa %[2]s
 transfer.no_permission_to_accept = Sinulla ei ole oikeutta hyväksyä tätä siirtoa.
 settings.web_hook_name_feishu = Feishu / Lark Suite
+issues.review.reviewers = Katselmoijat
+issues.new.no_reviewers = Ei katselmoijia
+issues.add_label = lisäsi tunnisteen %s %s
+issues.due_date_added = lisäsi määräpäivän %s %s
+issues.review.add_review_request = pyysi katselmointia käyttäjältä %[1]s %[2]s
+issues.ref_pull_from = `<a href="%[3]s">viittasi tähän vetopyyntöön %[4]s</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
+pulls.commit_ref_at = `viittasi tähän vetopyyntöön kommitista <a id="%[1]s" href="#%[1]s">%[2]s</a>`
+issues.review.comment = katselmoi %s
+issues.add_labels = lisäsi tunnisteet %s %s
+issues.review.add_review_requests = pyysi katselmointeja käyttäjiltä %[1]s %[2]s
+pulls.blocked_by_official_review_requests = Tämä vetopyyntö on estetty, koska siltä puuttuu hyväksyntä yhdeltä tai useammalta viralliselta katselmoijalta.
+issues.author.tooltip.issue = Tämä käyttäjä on tämän ongelman tekijä.
+issues.author.tooltip.pr = Tämä käyttäjä on tämän vetopyynnön tekijä.
+issues.role.contributor_helper = Tämä käyttäjä on aiemmin kommitoinut tähän repoon.
+settings.event_pull_request_label = Tunnisteet
+issues.due_date_remove = poisti määräpäivän %s %s
+settings.event_issue_label = Tunnisteet
+settings.authorization_header = Authorization-otsake
+diff.has_escaped = Tällä rivillä on piilotettuja Unicode-merkkejä
+issues.max_pinned = Et voi kiinnittää enempää ongelmia
+settings.external_tracker_url_error = Ulkoisen ongelmienseurannan URL-osoite ei ole kelvollinen.
+settings.event_pull_request_review = Katselmoinnit
+settings.event_pull_request_review_request = Katselmointipyynnöt
+issues.num_reviews_one = %d katselmointi
+issues.num_reviews_few = %d katselmointia
+issues.filter_no_results = Ei tuloksia
+issues.filter_no_results_placeholder = Kokeile määrittää eri hakusuodattimet.
+projects.edit_subheader = Projektit organisoivat ongelmia ja seuraavat edistymistä.
+issues.label_templates.title = Lataa tunnisteen esiasetus
+issues.label_deletion_desc = Tunnisteen poistaminen poistaa sen kaikista ongelmista. Jatketaanko?
+issues.attachment.download = `Napsauta ladataksesi "%s"`
+issues.review.option.hide_outdated_comments = Piilota vanhentuneet kommentit
+issues.review.show_outdated = Näytä vanhentuneet
+issues.review.hide_outdated = Piilota vanhentuneet
+settings.external_wiki_url_error = Ulkoisen wikin URL-osoite ei ole kelvollinen.
+issues.attachment.open_tab = `Napsauta nähdäksesi "%s" uudessa välilehdessä`
+issues.unpin_issue = Poista ongelman kiinnitys
+issues.review.outdated_description = Sisältö on muuttunut siitä ajanhetkestä, kun tämä kommentti luotiin
+issues.review.option.show_outdated_comments = Näytä vanhentuneet kommentit
+issues.review.outdated = Vanhentunut
+issues.label_templates.use = Käytä tunnisteen esiasetusta
+issues.label_deletion_success = Tunniste on poistettu.
+issues.cancel_tracking = Hylkää
+issues.choose.get_started = Aloitetaan
+settings.event_fork = Forkkaus
+pulls.no_merge_access = Sinulla ei ole valtuutta yhdistää tätä vetopyyntöä.
+pulls.sign_in_require = <a href="%s">Kirjaudu sisään</a> luodaksesi uuden vetopyynnön.
+delete_preexisting = Poista olemassa olevat tiedostot
+issues.reaction.add = Lisää reaktio
 
 
 
 [graphs]
 component_loading_info = Tämä saattaa kestää hetken…
 component_failed_to_load = Odottamaton virhe.
-component_loading = Ladataan %s...
+component_loading = Ladataan %s…
 contributors.what = kontribuutiot
 recent_commits.what = viimeisimmät kommitit
 code_frequency.what = koodifrekvenssi
@@ -2319,7 +2371,7 @@ users.password_helper=Jätä salasanakenttä tyhjäksi jos haluat pitää sen mu
 users.update_profile_success=Käyttäjän tili on päivitetty.
 users.edit_account=Muokkaa käyttäjätiliä
 users.max_repo_creation_desc=(Aseta -1 käyttääksesi globaalia oletusrajaa.)
-users.is_activated=Käyttäjätili on aktivoitu
+users.is_activated=Aktivoitu tili
 users.prohibit_login=Ota sisäänkirjautuminen pois käytöstä
 users.is_admin=Ylläpitäjätili
 users.is_restricted=Rajoitettu tili
@@ -2406,7 +2458,7 @@ auths.edit=Muokkaa todennuslähdettä
 auths.update_success=Todennuslähde on päivitetty.
 auths.update=Päivitä todennuslähde
 auths.delete=Poista todennuslähde
-auths.delete_auth_title=Todennuslähteen poisto
+auths.delete_auth_title=Poista todennuslähde
 auths.delete_auth_desc=Todennuslähteen poisto estää käyttäjiä käyttämästä sitä kirjautumiseen. Jatketaanko?
 auths.deletion_success=Todennuslähde on poistettu.
 
@@ -2445,7 +2497,7 @@ config.show_registration_button=Näytä rekisteröitymispainike
 config.enable_captcha=Ota CAPTCHA käyttöön
 config.active_code_lives=Aktivointikoodin vanhenemisaika
 config.default_keep_email_private=Piilota sähköpostiosoitteet oletuksena
-config.default_visibility_organization=Uuden organisaation oletusnäkyvyys
+config.default_visibility_organization=Uusien organisaatioiden oletusnäkyvyys
 
 config.webhook_config=Webkoukkujen asetukset
 config.queue_length=Jonon pituus
@@ -2468,7 +2520,7 @@ config.cache_conn=Välimuistin yhteys merkkijono
 config.session_config=Istunnon asetukset
 config.session_provider=Istunnon toimittaja
 config.provider_config=Toimittajan asetukset
-config.cookie_name=Evästenimi
+config.cookie_name=Evästeen nimi
 config.gc_interval_time=GC aikaväli aika
 config.session_life_time=Istunnon elinikä
 config.https_only=Vain HTTPS
@@ -2602,6 +2654,12 @@ config.default_allow_only_contributors_to_track_time = Salli vain avustajien seu
 monitor.download_diagnosis_report = Lataa diagnostiikkaraportti
 monitor.duration = Kesto (s)
 monitor.last_execution_result = Tulos
+users.bot = Botti
+auths.syncenabled = Käytä käyttäjäsynkronointia
+auths.enable_ldap_groups = Käytä LDAP-ryhmiä
+dashboard.sync_branch.started = Haarasynkronointi aloitettu
+dashboard.sync_tag.started = Tagisynkronointi aloitettu
+auths.login_source_exist = Todennuslähde "%s" on jo olemassa.
 
 
 [action]
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index efa93f5d2c..f8237caab2 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -1536,7 +1536,7 @@ pulls.merged_by =ni/ng <a href="%[2]s">%[3]s</a> ay naisama %[1]s
 commitstatus.pending = Nakabinbin
 issues.review.pending = Nakabinbin
 pulls.status_checking = Nakabinbin ang ilang mga pagsusuri
-editor.file_changed_while_editing = Ang nilalaman ng file ay nagbago mula noong nagsimula kang mag-edit. <a target="_blank" rel="noopener noreferrer" href="%s">Mag-click dito</a> upang makita ang mga pagbabago o <strong>Mag-commit ng mga pagbabago muli</strong> para i-overwrite sila.
+editor.file_changed_while_editing = Ang nilalaman ng file ay nagbago mula noong binuksan mo ang file. <a target="_blank" rel="noopener noreferrer" href="%s">Mag-click dito</a> upang makita ang mga pagbabago o <strong>Mag-commit ng mga pagbabago muli</strong> para i-overwrite sila.
 editor.file_already_exists = Umiiral na ang file na may pangalang "%s" sa repositoryong ito.
 issues.review.review = Suriin
 activity.git_stats_push_to_branch = sa %s at
@@ -2770,6 +2770,9 @@ issues.filter_no_results_placeholder = Subukang ayusin ang iyong mga filter sa p
 migrate.repo_desc_helper = Iwanang walang laman para i-import ang umiiral na paglalarawan
 archive.nocomment = Hindi posible ang pagkomento dahil naka-archive ang repositoryo.
 comment.blocked_by_user = Hindi posible ang pagkomento dahil hinarang ka ng may-ari ng repositoryo o ng may-akda.
+sync_fork.button = I-sync
+sync_fork.branch_behind_one = Ang branch na ito ay %d commit sa likod ng %s
+sync_fork.branch_behind_few = Ang branch na ito ay %d mga commit sa likod ng %s
 
 [search]
 commit_kind = Maghanap ng mga commit…
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 218c9af843..037fd5c767 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -1064,6 +1064,32 @@ user_block_yourself = Vous ne pouvez pas vous bloquer vous même.
 pronouns_custom_label = Pronoms personnalisés
 change_username_redirect_prompt.with_cooldown.one = L'ancien pseudonyme sera disponible pour n'importe qui après une période d'%[1]d jour, vous pouvez toujours réclamer votre ancien pseudonyme pendant cette période.
 change_username_redirect_prompt.with_cooldown.few = L'ancien pseudonyme sera disponible pour n'importe qui après une période de %[1]d jours, vous pouvez toujours réclamer votre ancien pseudonyme pendant cette période.
+quota.rule.exceeded = Dépassé
+regenerate_token = Régénérer
+access_token_regeneration = Régénérer le token d'accès
+access_token_regeneration_desc = La régénération d'un token révoquera l'accès à votre compte pour les applications qui l'utilisaient. Cela n'est pas reversible. Continuer ?
+regenerate_token_success = Le token a été régénéré. Les applications qui l'utilisent n'ont plus accès à votre compte et doivent être mises à jour avec le nouveau token.
+quota.applies_to_org = Les quotas suivants s'applique à cette organisation
+quota.rule.no_limit = Sans limite
+quota.sizes.all = Tout
+quota.sizes.repos.all = Dépôts
+quota.sizes.repos.public = Dépôts publics
+quota.sizes.repos.private = Dépôts privés
+quota.sizes.git.all = Contenu dans Git
+quota.sizes.git.lfs = Git LFS
+quota.sizes.assets.all = Contenus
+quota.sizes.assets.attachments.all = Attachements
+quota.sizes.assets.attachments.issues = Attachements de tickets
+quota.sizes.assets.attachments.releases = Attachements de version
+quota.sizes.assets.artifacts = Artefacts
+quota.sizes.assets.packages.all = Paquets
+quota.sizes.wiki = Wiki
+quota.applies_to_user = Les quotas suivants s'appliquent à votre compte
+quota.rule.exceeded.helper = La taille totale des objets pour cette règle ont dépassé le quota.
+keep_pronouns_private = Ne montrer les pronoms qu'aux utilisateurs authentifiés
+keep_pronouns_private.description = Cela masquera votre pronoms aux visiteurs qui ne sont pas authentifiés.
+storage_overview = Vue d'ensemble du stockage
+quota = Quota
 
 [repo]
 new_repo_helper=Un dépôt contient tous les fichiers d’un projet, ainsi que l’historique de leurs modifications. Vous avez déjà ça ailleurs ? <a href="%s">Migrez-le ici.</a>.
@@ -1228,7 +1254,7 @@ migrate.migrate_items_options=Un jeton d'accès est requis pour migrer des élé
 migrated_from=Migré de <a href="%[1]s">%[2]s</a>
 migrated_from_fake=Migré de %[1]s
 migrate.migrate=Migrer depuis %s
-migrate.migrating=Migration de <b>%s</b> ...
+migrate.migrating=Migration de <b>%s</b> …
 migrate.migrating_failed=La migration de <b>%s</b> a échoué.
 migrate.migrating_failed.error=Échec de la migration : %s
 migrate.migrating_failed_no_addr=Échec de la migration.
@@ -1388,7 +1414,7 @@ editor.file_is_a_symlink=`« %s » est un lien symbolique. Ce type de fichiers
 editor.filename_is_a_directory=« %s » est déjà utilisé comme nom de dossier dans ce dépôt.
 editor.file_editing_no_longer_exists=Impossible de modifier le fichier « %s » car il n’existe plus dans ce dépôt.
 editor.file_deleting_no_longer_exists=Impossible de supprimer le fichier « %s » car il n’existe plus dans ce dépôt.
-editor.file_changed_while_editing=Le contenu du fichier a changé depuis que vous avez commencé à éditer. <a target="_blank" rel="noopener noreferrer" href="%s">Cliquez ici</a> pour voir les changements ou <strong>soumettez de nouveau</strong> pour les écraser.
+editor.file_changed_while_editing=Le contenu du fichier a changé depuis que vous avez ouvert le fichier. <a target="_blank" rel="noopener noreferrer" href="%s">Cliquez ici</a> pour voir les changements ou <strong>soumettez de nouveau</strong> pour les écraser.
 editor.file_already_exists=Un fichier nommé "%s" existe déjà dans ce dépôt.
 editor.commit_empty_file_header=Réviser un fichier vide
 editor.commit_empty_file_text=Le fichier que vous allez réviser est vide. Continuer ?
@@ -2540,7 +2566,7 @@ settings.lfs_invalid_locking_path=Chemin invalide : %s
 settings.lfs_invalid_lock_directory=Impossible de verrouiller le répertoire : %s
 settings.lfs_lock_already_exists=Verrou déjà existant : %s
 settings.lfs_lock=Verrou
-settings.lfs_lock_path=Chemin de fichier à verrouiller...
+settings.lfs_lock_path=Chemin de fichier à verrouiller…
 settings.lfs_locks_no_locks=Pas de verrous
 settings.lfs_lock_file_no_exist=Le fichier verrouillé n'existe pas dans la branche par défaut
 settings.lfs_force_unlock=Forcer le déverrouillage
@@ -2732,7 +2758,7 @@ editor.invalid_commit_mail = Courriel invalide pour la création d'un commit.
 commits.browse_further = Continuer la navigation
 commits.renamed_from = Renommé depuis %s
 pulls.nothing_to_compare_have_tag = La branche ou le tag sélectionné sont identiques.
-issues.blocked_by_user = Vous ne pouvez pas créer un ticket sur ce dépôt car vous avez été bloqué par son propriétaire.
+issues.blocked_by_user = Vous ne pouvez pas créer de tickets sur ce dépôt car vous avez été bloqué par son propriétaire.
 pulls.blocked_by_user = Vous ne pouvez pas créer une pull request sur ce dépôt car vous êtes bloqué par son propriétaire.
 wiki.cancel = Annuler
 settings.wiki_globally_editable = Permettre l'édition du wiki a tout le monde
@@ -2876,9 +2902,20 @@ summary_card_alt = Carte résumé du dépôt %s
 archive.pull.noreview = Ce dépôt est archivé. Vous ne pouvez pas faire de revue de demandes d'ajout.
 editor.commit_email = Courriel de commit
 commits.view_single_diff = Voir les changements dans ce fichier introduit par ce commit
+issues.reopen.blocked_by_user = Vous ne pouvez pas ré-ouvrir ce ticket care vous êtes bloqués par le propriétaire du dépôt ou le créateur de ce ticket.
+migrate.repo_desc_helper = Laisser vide afin d'importer une description existante
+issues.filter_no_results = Pas de résultats
+issues.filter_no_results_placeholder = Essayez d'ajuster vos critères de recherche.
+archive.nocomment = Il n'est pas possible de commenter car le dépôt est archivé.
+comment.blocked_by_user = Il n'est pas possible de commenter car vous avez été bloqué par le propriétaire du dépôt ou l'auteur.
+pulls.editable = Editable
+pulls.editable_explanation = Cette pull request peut être éditée par les mainteneurs. Vous pouvez y contribuer directement.
+sync_fork.branch_behind_one = Cette branche a %d commits de retard sur %s
+sync_fork.branch_behind_few = Cettte branche a %d commits de retard sur %s
+sync_fork.button = Sync
 
 [graphs]
-component_loading = Chargement %s...
+component_loading = Chargement %s…
 component_loading_failed = Échec de chargement de %s
 
 component_loading_info = Cela peut prendre du temps…
@@ -3013,8 +3050,8 @@ teams.invite.by=Invité par %s
 teams.invite.description=Veuillez cliquer sur le bouton ci-dessous pour rejoindre l’équipe.
 follow_blocked_user = Vous ne pouvez pas suivre cette organisation car elle vous a bloqué.
 open_dashboard = Ouvrir le tableau de bord
-settings.change_orgname_redirect_prompt.with_cooldown.few = L'ancien pseudonyme sera disponible pour n'importe qui après une période de %[1]d jours, vous pouvez toujours réclamer votre ancien pseudonyme pendant cette période.
-settings.change_orgname_redirect_prompt.with_cooldown.one = L'ancien pseudonyme sera disponible pour n'importe qui après une période d'%[1]d jour, vous pouvez toujours réclamer votre ancien pseudonyme pendant cette période.
+settings.change_orgname_redirect_prompt.with_cooldown.few = L'ancien nom d'organisation sera disponible pour n'importe qui après une période de %[1]d jours, vous pouvez toujours réclamer votre ancien nom d'organisation pendant cette période.
+settings.change_orgname_redirect_prompt.with_cooldown.one = L'ancien nom d'organisation sera disponible pour n'importe qui après une période d'%[1]d jour, vous pouvez toujours réclamer votre ancien nom d'organisation pendant cette période.
 
 [admin]
 dashboard=Tableau de bord
@@ -3840,7 +3877,7 @@ alt.registry = Configurez ce registre à partir d'un terminal :
 alt.registry.install = Pour installer le paquet, exécutez la commande suivante :
 alt.install = Installer le paquet
 alt.repository.multiple_groups = Ce paquet est disponible dans plusieurs groupes.
-alt.setup = Ajouter un dépôt à la liste des dépôts connecté (choisissez l'architecture nécessaire à la place de '_arch') :
+alt.setup = Ajouter un dépôt à la liste des dépôts connecté (choisissez l'architecture nécessaire à la place de "_arch") :
 
 [secrets]
 secrets=Secrets
@@ -4005,7 +4042,7 @@ exact_tooltip = Inclure uniquement les résultats qui correspondent exactement a
 issue_kind = Rechercher dans les tickets…
 union = Union
 union_tooltip = Inclus les résultats contenant au moins un des mots clé séparés par des espaces
-pull_kind = Rechercher dans les demande d'ajout
+pull_kind = Rechercher dans les demande d'ajout…
 milestone_kind = Recherche dans les jalons...
 regexp_tooltip = Interpréter le terme de recherche comme une expression régulière
 regexp = RegExp
@@ -4046,4 +4083,4 @@ issues.write = <b>Écrire :</b> Fermer des tickets et gérer les métadonnées t
 pulls.read = <b>Lire :</b> Lire et créer des demandes de tirage.
 
 [translation_meta]
-test = Ceci est une chaîne de test. Elle n'est pas affichée dans l'interface de Forgejo mais est utilisée à des fins de test. N'hésitez pas à entrer 'ok' pour gagner du temps (ou un fait amusant de votre choix) pour atteindre ce doux 100 % de complétion :)
+test = Ceci est une chaîne de test. Elle n'est pas affichée dans l'interface de Forgejo mais est utilisée à des fins de test. N'hésitez pas à entrer 'ok' pour gagner du temps (ou un fait amusant de votre choix) pour atteindre ce doux 100 % de complétion. :-)
diff --git a/options/locale/locale_gl.ini b/options/locale/locale_gl.ini
index 75763775eb..7730782a0a 100644
--- a/options/locale/locale_gl.ini
+++ b/options/locale/locale_gl.ini
@@ -290,4 +290,9 @@ db_type = Tipo de base de datos
 app_slogan = Slogan da instancia
 app_slogan_helper = Escribe o slogan da túa instancia aqui. Ou deixao baleiro para desabilitala.
 domain = Dominio do servidor
-ssh_port = Porto do servidor SSH
\ No newline at end of file
+ssh_port = Porto do servidor SSH
+
+[repo]
+sync_fork.branch_behind_few = Esta rama ten %d achegas por detrás de %s
+sync_fork.button = Sincronizar
+sync_fork.branch_behind_one = Esta rama ten %d achega por detrás de %s
\ No newline at end of file
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index e59ee89f7e..e768ca8c6e 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -228,7 +228,7 @@ server_internal = Iekšēja servera kļūda
 app_desc=Pašmitināms Git pakalpojums bez galvassāpēm
 install=Viegli uzstādīt
 install_desc=Vienkārši <a target="_blank" rel="noopener noreferrer" href="%[1]s">jāpalaiž izpildāmā datne</a> vajadzīgajai sistēmai, jāizmanto <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a> vai jāiegūst <a target="_blank" rel="noopener noreferrer" href="%[3]s">pakotne</a>.
-platform=Pieejama dažādām platformām
+platform=Dažādas platformas
 lightweight=Viegla
 lightweight_desc=Forgejo ir zemas tehniskās prasības, un to var darbināt nedārgā Raspberry Pi datorā. Taupām savas ierīces patērēto enerģiju!
 license=Atvērtā pirmkoda
@@ -1412,7 +1412,7 @@ editor.file_is_a_symlink=`"%s" ir simboliska saite. Simboliskās saites tīmekļ
 editor.filename_is_a_directory=Datnes nosaukums "%s" šajā glabātavā jau tiek izmantos kā mapes nosaukums.
 editor.file_editing_no_longer_exists=Datne, kas tiek labota ("%s"), šajā glabātavā vairs nepastāv.
 editor.file_deleting_no_longer_exists=Datne, kas tiek izdzēsta ("%s"), šajā glabātavā vairs nepastāv.
-editor.file_changed_while_editing=Datnes saturs ir mainījies kopš labošanas uzsākšanas. <a target="_blank" rel="noopener noreferrer" href="%s">Klikšķināt šeit</a>, lai apskatītu vai <strong>atkārtoti iesūtītu izmaiņas</strong>, lai tās pārrakstītu.
+editor.file_changed_while_editing=Datnes saturs ir mainījies kopš tās atvēršanas. <a target="_blank" rel="noopener noreferrer" href="%s">Klikšķināt šeit</a>, lai apskatītu vai <strong>atkārtoti iesūtītu izmaiņas</strong>, lai tās pārrakstītu.
 editor.file_already_exists=Datne ar nosaukumu "%s" jau pastāv šajā glabātavā.
 editor.commit_empty_file_header=Iesūtīt tukšu datni
 editor.commit_empty_file_text=Iesūtāmā datne ir tukša. Turpināt?
@@ -2910,6 +2910,9 @@ issues.filter_no_results_placeholder = Jāmēģina pielāgot meklēšanas atlas
 migrate.repo_desc_helper = Atstāt tukšu, lai ievietotu esošo aprakstu
 archive.nocomment = Piebilžu pievienošana nav iespējama, jo glabātava ir arhivēta.
 comment.blocked_by_user = Piebilžu pievienošana nav iespējama, jo glabātavas īpašnieks vai autors ir nolieguši Tevi.
+sync_fork.branch_behind_one = Šis zars ir %d iesūtījumu aiz %s
+sync_fork.button = Sinhronizēt
+sync_fork.branch_behind_few = Šis zars ir %d iesūtījumus aiz %s
 
 [graphs]
 component_loading=Ielādē %s…
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index c0701cd018..a12a3e2034 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -2611,6 +2611,9 @@ issues.filter_no_results_placeholder = Versöök, diene Söök-Filters antopasse
 migrate.repo_desc_helper = Leeg laten, um de bestahn Beschrieven to importeren
 comment.blocked_by_user = Kommenteren gaht hier nich, denn du büst vun de Repositoriums-Eegner of de Autor blockeert worden.
 archive.nocomment = Kommenteren gaht hier nich, denn dat Repositorium is archiveert.
+sync_fork.button = Vernejen
+sync_fork.branch_behind_one = Deeser Twieg is %d Kommitteren achter %s
+sync_fork.branch_behind_few = Deeser Twieg is %d Kommitterens achter %s
 
 [repo.permissions]
 code.read = <b>Lesen:</b> De Quelltext vun deesem Repositorium ankieken un klonen.
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index f4e046b79b..d761127eca 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -2909,6 +2909,9 @@ issues.filter_no_results = Geen resultaten
 migrate.repo_desc_helper = Leeg laten om bestaande beschrijving te importeren
 archive.nocomment = Commentaar geven is niet mogelijk omdat de repository gearchiveerd is.
 comment.blocked_by_user = Commentaar geven is niet mogelijk omdat u geblokkeerd bent door de eigenaar van de repository of door de auteur.
+sync_fork.button = Synchroniseer
+sync_fork.branch_behind_one = Deze branch is %d commit achter %s
+sync_fork.branch_behind_few = Deze branch is %d commits achter %s
 
 
 
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 66f4a9f51b..987c292b1a 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -1405,7 +1405,7 @@ editor.file_is_a_symlink=`"%s" é um link simbólico. Links simbólicos não pod
 editor.filename_is_a_directory=O nome do arquivo "%s" já é usado como um nome de diretório neste repositório.
 editor.file_editing_no_longer_exists=O arquivo que está sendo editado, "%s", não existe mais neste repositório.
 editor.file_deleting_no_longer_exists=O arquivo a ser excluído, "%s", não existe mais neste repositório.
-editor.file_changed_while_editing=O conteúdo do arquivo mudou desde que você começou a editar. <a target="_blank" rel="noopener noreferrer" href="%s">Clique aqui</a> para ver as diferenças ou <strong>clique em Aplicar commit das alterações novamente</strong> para sobrescrever as alterações com sua versão atual.
+editor.file_changed_while_editing=O conteúdo do arquivo mudou desde que você abriu o arquivo. <a target="_blank" rel="noopener noreferrer" href="%s">Clique aqui</a> para ver as diferenças ou <strong>clique em Aplicar commit das alterações novamente</strong> para sobrescrever as alterações com sua versão atual.
 editor.file_already_exists=Um arquivo com nome "%s" já existe neste repositório.
 editor.commit_empty_file_header=Fazer commit de um arquivo vazio
 editor.commit_empty_file_text=O arquivo que você está prestes fazer commit está vazio. Continuar?
@@ -2910,6 +2910,9 @@ issues.filter_no_results_placeholder = Tente ajustar seus filtros de pesquisa.
 archive.nocomment = Não é possível comentar pois o repositório foi arquivado.
 migrate.repo_desc_helper = Deixe em branco para importar a descrição existente
 comment.blocked_by_user = Não é possível comentar pois você foi bloqueado pelo dono ou autor do repositório.
+sync_fork.branch_behind_few = Esta branch está %d commit(s) atrás de %s
+sync_fork.branch_behind_one = Esta branch está %d commit(s) atrás de %s
+sync_fork.button = Sincronizar
 
 [graphs]
 component_loading = Carregando %s…
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 2b096a894e..0e03d0e408 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1418,7 +1418,7 @@ editor.file_is_a_symlink=`"%s" é uma ligação simbólica. Ligações simbólic
 editor.filename_is_a_directory=O nome de ficheiro "%s" já está a ser usado como um nome de pasta neste repositório.
 editor.file_editing_no_longer_exists=O ficheiro que está a ser editado, "%s", já não existe neste repositório.
 editor.file_deleting_no_longer_exists=O ficheiro que está a ser eliminado, "%s", já não existe neste repositório.
-editor.file_changed_while_editing=O conteúdo do ficheiro mudou desde que começou a editar. <a target="_blank" rel="noopener noreferrer" href="%s">Clique aqui</a> para ver as modificações ou clique em <strong>Cometer modificações novamente</strong> para escrever por cima.
+editor.file_changed_while_editing=O conteúdo do ficheiro mudou desde que abriu o ficheiro. <a target="_blank" rel="noopener noreferrer" href="%s">Clique aqui</a> para ver as modificações ou <strong>Cometer modificações novamente</strong> para escrever por cima.
 editor.file_already_exists=Já existe um ficheiro com o nome "%s" neste repositório.
 editor.commit_empty_file_header=Cometer um ficheiro vazio
 editor.commit_empty_file_text=O ficheiro que está prestes a cometer está vazio. Quer continuar?
@@ -2912,6 +2912,9 @@ issues.filter_no_results_placeholder = Tente ajustar os seus filtros de pesquisa
 migrate.repo_desc_helper = Deixe em branco para importar a descrição existente
 archive.nocomment = Não é possível fazer comentários porque o repositório está arquivado.
 comment.blocked_by_user = Não é possível comentar porque está bloqueado pelo proprietário do repositório ou pelo autor.
+sync_fork.branch_behind_few = Este ramo está %d cometimentos atrás de %s
+sync_fork.button = Sincronizar
+sync_fork.branch_behind_one = Este ramo está %d cometimento atrás de %s
 
 [graphs]
 component_loading=A carregar %s…
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index a11cf4d1f0..0df8796e30 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -1399,7 +1399,7 @@ editor.file_is_a_symlink=`«%s» является символической с
 editor.filename_is_a_directory=Имя файла «%s» уже используется в качестве каталога в этом репозитории.
 editor.file_editing_no_longer_exists=Редактируемый файл «%s» больше не существует в этом репозитории.
 editor.file_deleting_no_longer_exists=Удаляемый файл «%s» больше не существует в этом репозитории.
-editor.file_changed_while_editing=Содержимое файла изменилось с момента начала редактирования. <a target="_blank" rel="noopener noreferrer" href="%s">Нажмите здесь</a>, чтобы увидеть, что было изменено, или <strong>Зафиксировать изменения снова</strong>, чтобы заменить их.
+editor.file_changed_while_editing=Содержимое файла изменилось после того, как он был открыт. <a target="_blank" rel="noopener noreferrer" href="%s">Ознакомьтесь</a> с произошедшими изменениями или <strong>сохраните ещё раз</strong>, чтобы перезаписать их.
 editor.file_already_exists=Файл с названием «%s» уже существует в этом репозитории.
 editor.commit_empty_file_header=Закоммитить пустой файл
 editor.commit_empty_file_text=Файл, который вы собираетесь зафиксировать, пуст. Продолжить?
@@ -2237,11 +2237,11 @@ settings.trust_model.default.desc=Использовать фактор дове
 settings.trust_model.collaborator=Соучастник
 settings.trust_model.collaborator.long=Соучастник: доверять подписям соучастников
 settings.trust_model.collaborator.desc=Действительные подписи соучастников этого репозитория будут помечены как «доверенные» (независимо от того, соответствуют ли они автору коммита). В остальных случаях действительные подписи будут помечены как «недоверенные», если подпись соответствует автору коммита, и «не совпадающие», если нет.
-settings.trust_model.committer=Коммитер
-settings.trust_model.committer.long=Коммитер: доверять подписям, соответствующим коммитерам (соответствует GitHub и требует коммиты, подписанные Forgejo, иметь Forgejo в качестве коммитера)
+settings.trust_model.committer=Автор коммита
+settings.trust_model.committer.long=Автор коммита: доверять подписям, соответствующим авторам коммитов. Это поведение соответствует GitHub и требует, чтобы коммиты, подписанные Forgejo, имели Forgejo в качестве автора
 settings.trust_model.committer.desc=Действительные подписи будут помечены «доверенными», только если они соответствуют автору коммита, в противном случае они будут помечены «не совпадающими». Это заставит Forgejo быть автором подписанных коммитов, а фактический автор будет обозначен в трейлерах Co-Authored-By: и Co-Committed-By: коммита. Ключ Forgejo по умолчанию должен соответствовать пользователю в базе данных.
-settings.trust_model.collaboratorcommitter=Соучастник+Коммитер
-settings.trust_model.collaboratorcommitter.long=Соучастник+Коммитер: доверять подписям соучастников, которые соответствуют автору коммита
+settings.trust_model.collaboratorcommitter=Соучастник и автор коммита
+settings.trust_model.collaboratorcommitter.long=Соучастник и автор коммита: доверять подписям соучастников, которые соответствуют автору коммита
 settings.trust_model.collaboratorcommitter.desc=Действительные подписи соучастников этого репозитория будут помечены «доверенными», если они соответствуют автору коммита. Действительные подписи будут помечены как «недоверенные», если подпись соответствует автору коммита, и «не совпадающие» впротивном случае. Это заставит Forgejo быть отмеченным в качестве автора подписанного коммита, а фактический автор будет указан в трейлерах Co-Authored-By: и Co-Committed-By: коммита. Ключ Forgejo по умолчанию должен соответствовать пользователю в базе данных.
 settings.wiki_delete=Стереть данные вики
 settings.wiki_delete_desc=Будьте внимательны! Как только вы удалите вики — пути назад не будет.
@@ -2913,6 +2913,9 @@ issues.filter_no_results_placeholder = Попробуйте поискать п
 migrate.repo_desc_helper = Оставьте пустым, чтобы скопировать описание из источника
 archive.nocomment = Комментирование невозможно, потому что этот репозиторий архивирован.
 comment.blocked_by_user = Комментирование невозможно, потому что вы заблокированы его владельцем или автором обсуждения.
+sync_fork.branch_behind_few = Эта ветвь отстаёт от %s на %d коммитов
+sync_fork.button = Синхронизировать
+sync_fork.branch_behind_one = Эта ветвь отстаёт от %s на %d коммит
 
 [graphs]
 component_loading_failed = Не удалось загрузить %s
@@ -3697,7 +3700,7 @@ no_subscriptions=Нет подписок
 default_key=Подписано ключом по умолчанию
 error.extract_sign=Не удалось извлечь подпись
 error.generate_hash=Не удалось создать хеш коммита
-error.no_committer_account=Учётная запись с эл. почтой этого коммитера не найдена
+error.no_committer_account=Учётная запись с эл. почтой автора этого коммита не найдена
 error.no_gpg_keys_found=Не найден ключ, соответствующий данной подписи
 error.not_signed_commit=Неподписанный коммит
 error.failed_retrieval_gpg_keys=Не удалось получить ни одного ключа GPG автора коммита
@@ -4054,7 +4057,7 @@ union_tooltip = Включает результаты с совпавшими к
 union = Обычный
 milestone_kind = Найти этапы...
 regexp = Регулярное выражение
-regexp_tooltip = Интерпретировать поисковый запрос как регулярное выражение
+regexp_tooltip = Поисковый запрос будет воспринят как регулярное выражение
 
 
 [markup]
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 7e51b27fc6..37b784ec68 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -231,7 +231,7 @@ platform_desc=Forgejo підтверджено працює на вільних
 lightweight=Невибагливість
 lightweight_desc=Forgejo має низькі вимоги до ресурсів та може працювати на недорогому Raspberry Pi. Заощадьте енергію свого комп'ютера!
 license=Відкритий вихідний код
-license_desc=Відвідайте <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Приєднайтесь до нас та <a target="_blank" rel="noopener noreferrer" href="%[2]s">зробіть свій внесок</a> до проєкту, щоб зробити його ще краще. Не бійтеся долучитися!
+license_desc=Відвідайте <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Приєднуйтесь до нас та <a target="_blank" rel="noopener noreferrer" href="%[2]s">зробіть свій внесок</a>, щоб покращити проєкт ще більше. Не бійтеся долучитися!
 install_desc = Просто <a target="_blank" rel="noopener noreferrer" href="%[1]s">запустіть уже зібрану програму</a> для своєї платформи, розгорніть її за допомогою <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a> або встановіть <a target="_blank" rel="noopener noreferrer" href="%[3]s">пакунок</a>.
 
 [install]
@@ -299,7 +299,7 @@ disable_gravatar.description=Вимкнути Gravatar або інші стор
 federated_avatar_lookup=Увімкнути федеровані аватари
 federated_avatar_lookup.description=Увімкнути зовнішні аватари за допомогою Libravatar.
 disable_registration=Вимкнути самостійну реєстрацію
-disable_registration.description=Тільки адміністратор може створювати нові облікові записи. Наполегливо рекомендуємо залишити реєстрацію вимкненою, якщо ви не збираєтеся розміщувати загальнодоступний екземпляр та сприяти появі величезної кількості спам-акаунтів.
+disable_registration.description=Тільки адміністратор може створювати нові облікові записи. Настійно рекомендуємо залишити реєстрацію вимкненою, якщо ви не збираєтеся розміщувати загальнодоступний екземпляр та сприяти появі величезної кількості спам-акаунтів.
 allow_only_external_registration.description=Користувачам буде дозволено реєструватись лише через налаштовані сторонні сервіси.
 openid_signin=Увімкнути реєстрацію за допомогою OpenID
 openid_signin.description=Увімкнути вхід за допомогою OpenID.
@@ -2659,6 +2659,9 @@ release.asset_name = Назва ресурсу
 release.add_external_asset = Додати зовнішній ресурс
 find_file.no_matching = Не знайдено відповідного файлу
 commits.search.tooltip = До ключових слів можна додавати префікси «author:», «committer:», «after:» або «before:», наприклад, «revert author:Alice before:2019-01-13».
+sync_fork.button = Синхронізувати
+sync_fork.branch_behind_one = Ця гілка на %d коміт позаду %s
+sync_fork.branch_behind_few = Ця гілка на %d комітів позаду %s
 
 [graphs]
 contributors.what = внески
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index fe2bcde489..19f71eeb83 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -285,7 +285,7 @@ log_root_path=日志路径
 log_root_path_helper=日志文件将写入此目录。
 
 optional_title=可选设置
-email_title=电子邮箱设置
+email_title=电子邮件设置
 smtp_addr=SMTP 主机地址
 smtp_port=SMTP 端口
 smtp_from=电子邮件发件人
@@ -322,12 +322,12 @@ install_btn_confirm=立即安装
 test_git_failed=无法识别 “git” 命令：%v
 sqlite3_not_available=当前 Forgejo 版本不支持 SQLite3。请从 %s 下载官方构建版（注：请勿下载标有 “gobuild” 的版本）。
 invalid_db_setting=数据库设置无效：%v
-invalid_db_table=数据库表 '%s' 无效： %v
+invalid_db_table=数据库表 '%s' 无效：%v
 invalid_repo_path=仓库根目录设置无效：%v
-invalid_app_data_path=应用数据路径无效： %v
+invalid_app_data_path=应用数据路径无效：%v
 run_user_not_match=运行用户名不是当前的用户名：%s -> %s
-internal_token_failed=生成内部令牌失败： %v
-secret_key_failed=生成密钥失败： %v
+internal_token_failed=生成内部令牌失败：%v
+secret_key_failed=生成密钥失败：%v
 save_config_failed=应用配置保存失败：%v
 invalid_admin_setting=管理员帐户设置无效：%v
 invalid_log_root_path=日志路径无效：%v
@@ -354,7 +354,7 @@ app_slogan = 实例标语
 app_slogan_helper = 在此处输入您的实例标语。留空则禁用。
 
 [home]
-uname_holder=用户名或电子邮箱
+uname_holder=用户名或电子邮件地址
 password_holder=密码
 switch_dashboard_context=切换控制面板用户
 my_repos=仓库列表
@@ -479,7 +479,7 @@ password_pwned_err=无法完成对 HaveIBeenPwned 的请求
 last_admin=您不能删除最后一个管理员。必须至少保留一个管理员。
 change_unconfirmed_email = 如果您在注册时提供了错误的邮箱地址，您可以在下方修改，激活邮件会发送到修改后的邮箱地址。
 change_unconfirmed_email_summary = 修改用来接收激活邮件的邮箱地址。
-change_unconfirmed_email_error = 无法修改邮箱地址： %v
+change_unconfirmed_email_error = 无法修改邮箱地址：%v
 tab_signin = 登录
 tab_signup = 注册
 hint_login = 已经有账户了吗？<a href="%s">立即登录！</a>
@@ -537,7 +537,7 @@ issue.in_tree_path=在 %s 中：
 
 release.new.subject=%[2]s 中的 %[1]s 发布了
 release.new.text=<b>@%[1]s</b> 于 %[3]s 发布了 %[2]s
-release.title=标题： %s
+release.title=标题：%s
 release.note=注释：
 release.downloads=下载：
 release.download.zip=源代码（ZIP）
@@ -617,7 +617,7 @@ include_error=`必须包含子字符串 "%s"。`
 glob_pattern_error=`匹配模式无效：%s.`
 regex_pattern_error=`正则表达式无效：%s.`
 username_error=` 只允许包含字母数字字符（“0-9”、“a-z”、“A-Z”）、破折号（“-”）、下划线（“_”）和点（“.”）。不能以非字母数字字符开头或结尾，并且不允许连续的非字母数字字符。`
-invalid_group_team_map_error=`映射无效： %s`
+invalid_group_team_map_error=`映射无效：%s`
 unknown_error=未知错误：
 captcha_incorrect=验证码不正确。
 password_not_match=密码不匹配。
@@ -659,7 +659,7 @@ organization_leave_success=您已成功离开组织 %s。
 
 invalid_ssh_key=无法验证您的 SSH 密钥：%s
 invalid_gpg_key=无法验证您的 GPG 密钥：%s
-invalid_ssh_principal=无效的规则： %s
+invalid_ssh_principal=无效的规则：%s
 must_use_public_key=您提供的密钥是私钥。不要在任何地方上传您的私钥，请改用您的公钥。
 unable_verify_ssh_key=无法验证 SSH 密钥，请仔细检查是否有错误。
 auth_failed=授权验证失败：%v
@@ -685,7 +685,7 @@ Description = 描述
 Pronouns = 代称
 Biography = 简历
 username_claiming_cooldown = 用户名不能被认领，因为其仍处于保护期。其可以在%[1]s后被认领。
-email_domain_is_not_allowed = 用户电子邮箱的域名<b>%s</b>与EMAIL_DOMAIN_ALLOWLIST或EMAIL_DOMAIN_BLOCKLIST冲突。请确保您正确设置了电子邮件地址。
+email_domain_is_not_allowed = 用户电子邮件地址的域名<b>%s</b>与EMAIL_DOMAIN_ALLOWLIST或EMAIL_DOMAIN_BLOCKLIST冲突。请确保您正确设置了电子邮件地址。
 
 [user]
 change_avatar=修改头像…
@@ -794,7 +794,7 @@ privacy=隐私设置
 keep_activity_private=隐藏个人资料页面中的活动
 keep_activity_private_popup=您的活动将只对您自己和本实例的管理员可见
 
-lookup_avatar_by_mail=使用电子邮箱地址查找头像
+lookup_avatar_by_mail=使用电子邮件地址查找头像
 federated_avatar_lookup=查找联合头像
 enable_custom_avatar=使用自定义头像
 choose_new_avatar=选择新的头像
@@ -828,8 +828,8 @@ activations_pending=等待激活
 can_not_add_email_activations_pending=有一个待处理的激活请求，请稍等几分钟后再尝试添加新的电子邮件地址。
 delete_email=移除
 email_deletion=移除电子邮件地址
-email_deletion_desc=电子邮箱地址和相关信息将会被删除。使用此电子邮箱地址发送的Git提交将会保留，继续？
-email_deletion_success=您的电子邮箱地址已被移除。
+email_deletion_desc=电子邮件地址和相关信息将会被删除。使用此电子邮件地址发送的Git提交将会保留，继续？
+email_deletion_success=您的电子邮件地址已被移除。
 theme_update_success=您的主题已更新。
 theme_update_error=所选主题不存在。
 openid_deletion=移除 OpenID 地址
@@ -1459,7 +1459,7 @@ commits.view_path=在历史记录中的此处查看
 
 commit.operations=操作
 commit.revert=还原
-commit.revert-header=还原： %s
+commit.revert-header=还原：%s
 commit.revert-content=选择要还原的分支：
 commit.cherry-pick=拣选
 commit.cherry-pick-header=Cherry-pick：%s
@@ -2279,7 +2279,7 @@ settings.trust_model.collaborator=协作者
 settings.trust_model.collaborator.long=协作者：信任协作者的签名
 settings.trust_model.collaborator.desc=此仓库中协作者的有效签名将被标记为「可信」（无论它们是否是提交者），签名只符合提交者时将标记为「不可信」，都不匹配时标记为「不匹配」。
 settings.trust_model.committer=提交者
-settings.trust_model.committer.long=提交者： 信任与提交者相符的签名（此特性类似 GitHub，这会强制采用 Forgejo 作为提交者和签名者）
+settings.trust_model.committer.long=提交者：信任与提交者相符的签名（此特性类似 GitHub，这会强制采用 Forgejo 作为提交者和签名者）
 settings.trust_model.committer.desc=有效签名只有和提交者相匹配才会被标记为“受信任”，否则它们将被标记为“不匹配”。这强制 Forgejo 成为签名提交的提交者，而实际提交者被加上 Co-authored-by：和 Co-committed-by：的标记。 默认的 Forgejo 密钥必须匹配数据库中的一名用户。
 settings.trust_model.collaboratorcommitter=协作者+提交者
 settings.trust_model.collaboratorcommitter.long=协作者+提交者：信任协作者同时是提交者的签名
@@ -2500,9 +2500,9 @@ settings.protect_branch_name_pattern=受保护的分支名称正则
 settings.protect_branch_name_pattern_desc=受保护的分支名称正则。语法请参阅<a href="%s">文档</a> 。如：main, release/**
 settings.protect_patterns=规则
 settings.protect_protected_file_patterns=受保护的文件模式（使用半角分号“;”分隔）
-settings.protect_protected_file_patterns_desc=即使用户有权添加、编辑或删除此分支中的文件，也不允许直接更改受保护的文件。 可以使用半角分号（“;”）分隔多个模式。 见<a href="%[1]s">%[2]s</a>文档了解模式语法。例如： <code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
+settings.protect_protected_file_patterns_desc=即使用户有权添加、编辑或删除此分支中的文件，也不允许直接更改受保护的文件。 可以使用半角分号（“;”）分隔多个模式。 见<a href="%[1]s">%[2]s</a>文档了解模式语法。例如：<code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
 settings.protect_unprotected_file_patterns=不受保护的文件模式（使用半角分号“;”分隔）
-settings.protect_unprotected_file_patterns_desc=在用户有写权限的情况下允许绕过限制，直接修改设为不保护的文件。如有多个匹配模式，则可用半角分号（“;”）分隔开。见 <a href="%[1]s">%[2]s</a> 的文档以了解匹配模式的格式。例子： <code>.drone.yml</code>、<code>/docs/**/*.txt</code>。
+settings.protect_unprotected_file_patterns_desc=在用户有写权限的情况下允许绕过限制，直接修改设为不保护的文件。如有多个匹配模式，则可用半角分号（“;”）分隔开。见 <a href="%[1]s">%[2]s</a> 的文档以了解匹配模式的格式。例子：<code>.drone.yml</code>、<code>/docs/**/*.txt</code>。
 settings.add_protected_branch=启用保护
 settings.delete_protected_branch=禁用保护
 settings.update_protect_branch_success=分支保护规则 %s 更新成功。
@@ -2912,6 +2912,9 @@ issues.filter_no_results_placeholder = 尝试调整搜索筛选条件。
 migrate.repo_desc_helper = 留空以导入现有描述
 archive.nocomment = 您无法评论，因为此仓库已存档。
 comment.blocked_by_user = 您无法评论，因为您已被仓库所有者或作者屏蔽。
+sync_fork.button = 同步
+sync_fork.branch_behind_one = 此分支落后于 %s %d 个提交
+sync_fork.branch_behind_few = 此分支落后于 %s %d 个提交
 
 [graphs]
 component_loading=正在加载 %s…
@@ -3084,11 +3087,11 @@ dashboard.task.process=任务：%[1]s
 dashboard.task.cancelled=任务：%[1]s 已取消：%[3]s
 dashboard.task.error=任务中的错误：%[1]s：%[3]s
 dashboard.task.finished=任务：%[2]s 启动的 %[1]s 已完成
-dashboard.task.unknown=未知任务： %[1]s
+dashboard.task.unknown=未知任务：%[1]s
 dashboard.cron.started=已开始计划任务：%[1]s
 dashboard.cron.process=计划任务：%[1]s
 dashboard.cron.cancelled=定时任务：%[1]s 已取消：%[3]s
-dashboard.cron.error=任务中的错误： %s：%[3]s
+dashboard.cron.error=任务中的错误：%s：%[3]s
 dashboard.cron.finished=任务：%[1]s 已经完成
 dashboard.delete_inactive_accounts=删除所有未激活的帐户
 dashboard.delete_inactive_accounts.started=删除所有未激活的账户任务已启动。
@@ -3222,7 +3225,7 @@ emails.filter_sort.email_reverse=电子邮件（逆序）
 emails.filter_sort.name=用户名
 emails.filter_sort.name_reverse=用户名（倒序）
 emails.updated=电子邮件已更新
-emails.not_updated=无法更新请求的电子邮件地址： %v
+emails.not_updated=无法更新请求的电子邮件地址：%v
 emails.duplicate_active=此电子邮件地址已被另一个用户激活使用。
 emails.change_email_header=更新电子邮件属性
 emails.change_email_text=您确定要更新该电子邮件地址吗？
@@ -3248,7 +3251,7 @@ repos.lfs_size=LFS 大小
 
 packages.package_manage_panel=软件包管理
 packages.total_size=总大小：%s
-packages.unreferenced_size=未引用大小： %s
+packages.unreferenced_size=未引用大小：%s
 packages.cleanup=清理过期数据
 packages.cleanup.success=清理过期数据成功
 packages.owner=所有者
@@ -3291,7 +3294,7 @@ auths.attribute_username=用户名属性
 auths.attribute_username_placeholder=置空将使用Forgejo的用户名。
 auths.attribute_name=名字属性
 auths.attribute_surname=姓氏属性
-auths.attribute_mail=电子邮箱属性
+auths.attribute_mail=电子邮件地址属性
 auths.attribute_ssh_public_key=SSH公钥属性
 auths.attribute_avatar=头像属性
 auths.attributes_in_bind=从 bind DN 中拉取属性信息
@@ -3345,7 +3348,7 @@ auths.oauth2_group_claim_name=用于提供用户组名称的 Claim 声明名称
 auths.oauth2_admin_group=管理员用户组的 Claim 声明值。（可选 - 需要上面的声明名称）
 auths.oauth2_restricted_group=受限用户组的 Claim 声明值。（可选 - 需要上面的声明名称）
 auths.oauth2_map_group_to_team=映射声明的组到组织团队。（可选 - 要求在上面填写声明的名字）
-auths.oauth2_map_group_to_team_removal=如果用户不属于相应的组，从已同步团队中移除用户
+auths.oauth2_map_group_to_team_removal=如果用户不属于相应的组，则从同步的团队中移除用户。
 auths.enable_auto_register=允许自动注册
 auths.sspi_auto_create_users=自动创建用户
 auths.sspi_auto_create_users_helper=允许 SSPI 认证在用户第一次登录时自动创建新账号
@@ -3362,7 +3365,7 @@ auths.tips.oauth2.general=OAuth2 认证
 auths.tips.oauth2.general.tip=当注册新的 OAuth2 身份验证时，回调/重定向 URL 应该是：
 auths.tip.oauth2_provider=OAuth2 提供程序
 auths.tip.bitbucket=`在 %s
-auths.tip.nextcloud=使用下面的菜单“设置（Settings） -> 安全（Security） -> OAuth 2.0 client”在您的实例上注册一个新的 OAuth 客户端。
+auths.tip.nextcloud=使用菜单“设置->安全->OAuth 2.0客户端”在您的实例上注册一个新的 OAuth 客户端。
 auths.tip.dropbox=在 %s 上创建一个新的应用程序
 auths.tip.facebook=`在 %s 注册一个新的应用，并添加产品"Facebook 登录"`
 auths.tip.github=在 %s 注册一个 OAuth 应用程序
@@ -3386,7 +3389,7 @@ auths.still_in_used=认证源仍在使用。请先解除或者删除使用此认
 auths.deletion_success=认证源已经更新。
 auths.login_source_exist=认证源 '%s' 已经存在。
 auths.login_source_of_type_exist=此类型的认证源已存在。
-auths.unable_to_initialize_openid=无法初始化 OpenID Connect 提供商： %s
+auths.unable_to_initialize_openid=无法初始化 OpenID Connect 提供商：%s
 auths.invalid_openIdConnectAutoDiscoveryURL=无效的 Auto Discovery URL（这必须是一个以 http:// 或 https://开头的有效的 URL）
 
 config.server_config=服务器配置
@@ -3547,7 +3550,7 @@ monitor.process.cancel_notices=中止：<strong>%s</strong> ？
 monitor.process.children=子进程
 
 monitor.queues=队列
-monitor.queue=队列： %s
+monitor.queue=队列：%s
 monitor.queue.name=名称
 monitor.queue.type=类型
 monitor.queue.exemplar=数据类型
@@ -3664,7 +3667,7 @@ raw_minutes=分钟
 [dropzone]
 default_message=拖放文件或点击此处上传。
 invalid_input_type=您不能上传该类型的文件。
-file_too_big=文件体积（{{filesize}} MB）超过了最大允许体积（{{maxFilesize}} MB）
+file_too_big=文件体积（{{filesize}} MB）超过了最大允许体积（{{maxFilesize}} MB）。
 remove_file=移除文件
 
 [notification]
@@ -3695,7 +3698,7 @@ error.probable_bad_default_signature=警告！虽然默认密钥拥有此ID，
 [units]
 unit=单元
 error.no_unit_allowed_repo=您没有被允许访问此仓库的任何单元。
-error.unit_not_allowed=您没有权限访问此仓库单元
+error.unit_not_allowed=您没有权限访问此仓库单元。
 
 [packages]
 title=软件包
@@ -3722,7 +3725,7 @@ details.project_site=项目站点
 details.repository_site=仓库网站
 details.documentation_site=文档站点
 details.license=许可协议
-assets=文件
+assets=资源
 versions=版本
 versions.view_all=查看全部
 dependency.id=ID
@@ -3819,7 +3822,7 @@ settings.delete.error=删除软件包失败。
 owner.settings.cargo.title=Cargo 注册中心索引
 owner.settings.cargo.initialize=初始化索引
 owner.settings.cargo.initialize.description=使用 Cargo 注册中心时需要一个特殊索引的 Git 仓库。使用此选项将（重新）创建仓库并自动配置它。
-owner.settings.cargo.initialize.error=初始化Cargo索引失败： %v
+owner.settings.cargo.initialize.error=初始化Cargo索引失败：%v
 owner.settings.cargo.initialize.success=Cargo索引已经成功创建。
 owner.settings.cargo.rebuild=重建索引
 owner.settings.cargo.rebuild.description=如果索引与存储的 Cargo 包不同步，重建可能会有用。
@@ -3878,11 +3881,11 @@ alt.repository.multiple_groups = 此软件包在多个组中可用。
 
 [secrets]
 secrets=密钥
-description=Secrets 将被传给特定的 Actions，其它情况将不能读取
+description=机密将被传给特定的 Action，其它情况将不能被读取。
 none=还没有密钥。
 creation=添加密钥
 creation.name_placeholder=不区分大小写，只能包含英文字母、数字或下划线，不能以 GITEA_ 或 GITHUB_ 开头
-creation.value_placeholder=输入任何内容，开头和结尾的空白都会被省略
+creation.value_placeholder=输入任何内容。开头和结尾的空格都会被省略。
 creation.success=您的密钥 '%s' 添加成功。
 creation.failed=添加密钥失败。
 deletion=删除密钥
@@ -3917,7 +3920,7 @@ runners.description=组织描述
 runners.labels=标签
 runners.last_online=上次在线时间
 runners.runner_title=运行器
-runners.task_list=最近在此runner上的任务
+runners.task_list=最近在此运行器上的任务
 runners.task_list.no_tasks=还没有任务。
 runners.task_list.run=执行
 runners.task_list.status=状态
@@ -3932,8 +3935,8 @@ runners.delete_runner=删除运行器
 runners.delete_runner_success=运行器删除成功
 runners.delete_runner_failed=删除运行器失败
 runners.delete_runner_header=确认要删除此运行器
-runners.delete_runner_notice=如果一个任务正在运行在此运行器上，它将被终止并标记为失败。它可能会打断正在构建的工作流。
-runners.none=无可用的 Runner
+runners.delete_runner_notice=如果有任务正在此运行器上运行，它将被终止并标记为失败。这可能会中断正在构建的工作流。
+runners.none=无可用的运行器
 runners.status.unspecified=未知
 runners.status.idle=空闲
 runners.status.active=激活
@@ -3946,8 +3949,8 @@ runs.all_workflows=所有工作流
 runs.commit=提交
 runs.scheduled=已计划的
 runs.pushed_by=推送者
-runs.invalid_workflow_helper=工作流配置文件无效。请检查您的配置文件： %s
-runs.no_matching_online_runner_helper=没有匹配标签的在线 runner： %s
+runs.invalid_workflow_helper=工作流配置文件无效。请检查您的配置文件：%s
+runs.no_matching_online_runner_helper=没有匹配标签的在线运行器：%s
 runs.actor=操作者
 runs.status=状态
 runs.actors_no_select=所有操作者
@@ -3973,7 +3976,7 @@ variables.creation=添加变量
 variables.none=目前还没有变量。
 variables.deletion=删除变量
 variables.deletion.description=删除变量是永久性的，无法撤消。继续吗？
-variables.description=变量将被传给特定的 Actions，其它情况将不能读取
+variables.description=变量将被传给特定的 Action，其它情况将不能被读取。
 variables.id_not_exist=ID为 %d 的变量不存在。
 variables.edit=编辑变量
 variables.deletion.failed=删除变量失败。
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index ea8c1bc2b1..71f86ce3ab 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -206,6 +206,7 @@ buttons.new_table.tooltip = 新增表格
 table_modal.header = 新增表格
 buttons.indent.tooltip = 使項目縮排一層
 buttons.unindent.tooltip = 使項目取消縮排一層
+link_modal.header = 新增連結
 
 [filter]
 string.asc=A - Z
@@ -2857,6 +2858,9 @@ settings.units.units = 功能
 diff.git-notes.add = 增加註釋
 diff.git-notes.remove-header = 移除註釋
 settings.event_pull_request_enforcement = 執行
+sync_fork.branch_behind_few = 此分支落後 %s %d 次提交
+sync_fork.button = 同步
+sync_fork.branch_behind_one = 此分支落後 %s %d 次提交
 
 [graphs]
 component_loading = %s載入中…
diff --git a/options/locale/readme.md b/options/locale/readme.md
index f6f198a936..fe8cd579c0 100644
--- a/options/locale/readme.md
+++ b/options/locale/readme.md
@@ -1,21 +1,4 @@
-# Forgejo translations
-
-This directory contains all .INI translations.
-
-## Working on base language
-
-When you work on Forgejo features, you should only modify `locale_en-US.ini`.
-
-* consult https://forgejo.org/docs/next/contributor/localization-english/
-* add strings when your change requires doing so
-* remove strings when your change renders them unused
-
-## Working on other languages
-
-Translations are done on Codeberg Translate and not via individual pull requests.
-
-* consult https://forgejo.org/docs/next/contributor/localization/
-* see the project: https://translate.codeberg.org/projects/forgejo/forgejo/
+See [locale_readme.md](../locale_readme.md) for modification instructions.
 
 ## Attribution
 
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index c297196777..2b03bdef5e 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -20,5 +20,8 @@
     "themes.names.forgejo-light": "Forgejo – světlé",
     "themes.names.forgejo-dark": "Forgejo – tmavé",
     "error.not_found.title": "Stránka nenalezena",
-    "alert.asset_load_failed": "Nepodařilo se načíst soubory příloh z {path}. Ujistěte se, že jsou dané soubory přístupné."
+    "alert.asset_load_failed": "Nepodařilo se načíst soubory příloh z {path}. Ujistěte se, že jsou dané soubory přístupné.",
+    "install.invalid_lfs_path": "Nepodařilo se vytvořit kořen LFS na zvolené cestě: %[1]s",
+    "alert.range_error": " musí být číslo mezi %[1]s a %[2]s.",
+    "meta.last_line": "Díky všem přispěvatelům za pomoc!"
 }
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index 32d44fbf22..0294c31960 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -20,7 +20,6 @@
     "error.not_found.title": "Siden blev ikke fundet",
     "alert.asset_load_failed": "Kunne ikke indlæse aktivfiler fra {path}. Sørg for, at aktivfilerne er tilgængelige.",
     "install.invalid_lfs_path": "Kan ikke oprette LFS-roden på den angivne sti: %[1]s",
-    "install.lfs_jwt_secret_failed": "Kan ikke generere en LFS JWT-hemmelighed: %[1]s",
-    "settings.adopt": "Adoptere",
-    "alert.range_error": " skal være et tal mellem %[1]s og %[2]s."
+    "alert.range_error": " skal være et tal mellem %[1]s og %[2]s.",
+    "meta.last_line": "Livet er det dejligste eventyr. - (H.C. Andersen)"
 }
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 2fdd0b528f..87b18e1ada 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -18,5 +18,8 @@
     "themes.names.forgejo-light": "Forgejo hell",
     "themes.names.forgejo-dark": "Forgejo dunkel",
     "error.not_found.title": "Seite nicht gefunden",
-    "alert.asset_load_failed": "Konnte Asset-Dateien nicht von {path} laden. Bitte stelle sicher, dass auf die Asset-Dateien zugegriffen werden kann."
+    "alert.asset_load_failed": "Konnte Asset-Dateien nicht von {path} laden. Bitte stelle sicher, dass auf die Asset-Dateien zugegriffen werden kann.",
+    "install.invalid_lfs_path": "Der LFS-Root konnte nicht am angegebenen Pfad erstellt werden: %[1]s",
+    "alert.range_error": " muss eine Zahl zwischen %[1]s und %[2]s sein.",
+    "meta.last_line": "Vielen Dank für die Übersetzung von Forgejo! Diese Zeile wird von den Benutzern nicht gesehen, dient aber anderen Zwecken im Übersetzungsmanagement. Du kannst eine lustige Tatsache in der Übersetzung platzieren, anstatt sie zu übersetzen."
 }
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index 51320bfa8c..841dacafe5 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -1,12 +1,16 @@
 {
     "repo.pulls.merged_title_desc": "yhdistetty %[1]d committia lähteestä <code>%[2]s</code> kohteeseen <code>%[3]s</code> %[4]s",
     "repo.pulls.title_desc": "haluaa yhdistää %[1]d committia lähteestä <code>%[2]s</code> kohteeseen <code id=\"%[4]s\">%[3]s</code>",
-    "search.milestone_kind": "Etsi merkkipaaluja...",
+    "search.milestone_kind": "Etsi merkkipaaluja…",
     "home.welcome.no_activity": "Ei toimintaa",
     "incorrect_root_url": "Tämä Forgejo-instanssi on määritetty toimimaan osoitteessa \"%s\". Tarkastelet tällä hetkellä Forgejoa eri URL-osoitteen kautta, mikä saattaa aiheuttaa sovelluksen osien toimimattomuutta. Virallinen URL-osoite on Forgejo-ylläpitäjien hallinnoima ROOT_URL-asetus app.ini -tiedostossa.",
     "themes.names.forgejo-auto": "Forgejo (käyttöjärjestelmän määrittelemä teema)",
     "home.welcome.activity_hint": "Syötteelläsi ei ole vielä mitään. Toimintasi ja toiminta repositorioissa joita seuraat ilmaantuu tälle sivulle.",
     "home.explore_repos": "Tutki repositorioita",
     "home.explore_users": "Tutki käyttäjiä",
-    "home.explore_orgs": "Tutki organisaatioita"
+    "home.explore_orgs": "Tutki organisaatioita",
+    "error.not_found.title": "Sivua ei löytynyt",
+    "themes.names.forgejo-light": "Forgejo, vaalea",
+    "themes.names.forgejo-dark": "Forgejo, tumma",
+    "alert.range_error": " täytyy olla numero välillä %[1]s ja %[2]s."
 }
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 5ee4c3bb7a..dfe00cebc6 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -17,5 +17,9 @@
     "home.explore_repos": "Tuklasin ang mga repositoryo",
     "home.explore_users": "Tuklasin ang mga user",
     "home.explore_orgs": "Tuklasin ang mga organisasyon",
-    "error.not_found.title": "Hindi nahanap ang pahina"
+    "error.not_found.title": "Hindi nahanap ang pahina",
+    "alert.asset_load_failed": "Nabigong i-load ang mga asset file mula sa {path}. Siguraduhin na maa-access ang mga asset file.",
+    "install.invalid_lfs_path": "Nabigong gawin ang LFS root sa tinakdang path: %[1]s",
+    "alert.range_error": " dapat ay numero sa pagitan ng %[1]s at %[2]s.",
+    "meta.last_line": "Sayori... I love you. — MC from Doki Doki Literature Club"
 }
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 6891c84f15..2f767107f1 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -20,5 +20,8 @@
     "themes.names.forgejo-light": "Forgejo gaišais",
     "themes.names.forgejo-dark": "Forgejo tumšais",
     "error.not_found.title": "Lapa nav atrasta",
-    "alert.asset_load_failed": "Neizdevās ielādēt līdzekļu datnes no {path}. Lūgums pārliecināties, ka līdzekļu datnēm var piekļūt."
+    "alert.asset_load_failed": "Neizdevās ielādēt līdzekļu datnes no {path}. Lūgums pārliecināties, ka līdzekļu datnēm var piekļūt.",
+    "install.invalid_lfs_path": "Nav iespējams izveidot LFS pamatmapi norādītajā ceļā: %[1]s",
+    "alert.range_error": " jābūt skaitlin starp %[1]s un %[2]s.",
+    "meta.last_line": "Šis žagaru saišķis nav mans žagaru saišķis."
 }
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index f637cd31c7..5985eb377c 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -19,8 +19,7 @@
     "themes.names.forgejo-auto": "Forgejo (Systeem-Thema nagahn)",
     "error.not_found.title": "Sied nich funnen",
     "alert.asset_load_failed": "Kunn Objekt-Dateien ut {path} nich laden. Bidde wees wiss, dat up de Objekt-Dateien togriepen worden kann.",
-    "install.lfs_jwt_secret_failed": "Kunn dat LFS-JWT-Geheemst nich maken: %[1]s",
-    "settings.adopt": "Övernehmen",
     "install.invalid_lfs_path": "Kunn de LFS-Ruut an de angeven Padd nich maken: %[1]s",
-    "alert.range_error": " mutt eene Tahl tüsken %[1]s un %[2]s wesen."
+    "alert.range_error": " mutt eene Tahl tüsken %[1]s un %[2]s wesen.",
+    "meta.last_line": "Moin!"
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index cb2d250006..a5973bf1e1 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -19,7 +19,7 @@
     "themes.names.forgejo-dark": "Forgejo donker",
     "error.not_found.title": "Pagina niet gevonden",
     "alert.asset_load_failed": "Het laden van asset-bestanden van {path} is mislukt. Controleer of de asset-bestanden toegankelijk zijn.",
-    "settings.adopt": "Adopteer",
     "install.invalid_lfs_path": "Kan de LFS-root niet aanmaken op het opgegeven pad: %[1]s",
-    "install.lfs_jwt_secret_failed": "Kan geen LFS JWT-geheim genereren: %[1]s"
+    "alert.range_error": " moet een getal zijn tussen %[1]s en %[2]s.",
+    "meta.last_line": "Wist je dat de paprika, behalve in de bekende kleuren rood, geel, oranje en groen, ook in de kleuren wit, paars, lila, muntgroen en bruin voorkomt."
 }
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index 1f941d86b4..fc3497c3da 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -20,5 +20,8 @@
     "themes.names.forgejo-light": "Forgejo claro",
     "themes.names.forgejo-dark": "Forgejo escuro",
     "error.not_found.title": "Página não encontrada",
-    "alert.asset_load_failed": "Não foi possível carregar arquivos de assets de {path}. Por favor, certifique-se que os arquivos podem ser acessados."
+    "alert.asset_load_failed": "Não foi possível carregar arquivos de assets de {path}. Por favor, certifique-se que os arquivos podem ser acessados.",
+    "install.invalid_lfs_path": "Não foi possível criar um root LFS no caminho especificado: %[1]s",
+    "alert.range_error": " deve ser um número entre %[1]s e %[2]s.",
+    "meta.last_line": "real hot girl shit"
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 157f48e14b..d1eec129ae 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -19,5 +19,9 @@
     "themes.names.forgejo-auto": "Forgejo (segue o tema do sistema)",
     "themes.names.forgejo-light": "Forgejo claro",
     "themes.names.forgejo-dark": "Forgejo escuro",
-    "error.not_found.title": "Página não encontrada"
+    "error.not_found.title": "Página não encontrada",
+    "alert.asset_load_failed": "Falha ao carregar ficheiros de recurso de {path}. Certifique-se de que os ficheiros de recurso podem ser acedidos.",
+    "install.invalid_lfs_path": "Não foi possível criar a raiz LFS no caminho especificado: %[1]s",
+    "alert.range_error": " deve ser um número entre %[1]s e %[2]s.",
+    "meta.last_line": "Se programarem em Python, por favor usem o uv e Ruff (e estejam atentos ao Red Knot no repositório do Ruff). E vejam também mise-en-place (https://mise.jdx.dev)."
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 0fae237134..06128b0990 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -19,5 +19,9 @@
     "themes.names.forgejo-light": "Forgejo – светлая",
     "themes.names.forgejo-auto": "Forgejo – как в системе",
     "themes.names.forgejo-dark": "Forgejo – тёмная",
-    "error.not_found.title": "Страница не найдена"
+    "error.not_found.title": "Страница не найдена",
+    "alert.asset_load_failed": "Не удалось получить ресурсы из {path}. Убедитесь, что файлы ресурсов доступны.",
+    "install.invalid_lfs_path": "Не удалось расположить корень LFS по указанному пути: %[1]s",
+    "alert.range_error": " - число должно быть в диапазоне от %[1]s-%[2]s.",
+    "meta.last_line": "Спасибо Forgejo за такую возможность :3. Интересный факт: мне не удавалось вставить свой вклад в перевод Forgejo и это первый раз, когда у меня это вышло. ❤️."
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index 54b5b8532f..146f8934f9 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -22,7 +22,6 @@
     "error.not_found.title": "Сторінку не знайдено",
     "alert.asset_load_failed": "Не вдалося завантажити файли ресурсів з {path}. Переконайтеся, що до файлів ресурсів є доступ.",
     "install.invalid_lfs_path": "Не вдалося створити корінь LFS за вказаним шляхом: %[1]s",
-    "settings.adopt": "Прийняти",
-    "install.lfs_jwt_secret_failed": "Не вдалося створити секрет LFS JWT: %[1]s",
-    "alert.range_error": " має бути числом від %[1]s до %[2]s."
+    "alert.range_error": " має бути числом від %[1]s до %[2]s.",
+    "meta.last_line": "Не зливай злий запити на злиття — зіллється зле."
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 77cbd7ab0f..e7c3fc9d24 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -12,8 +12,8 @@
     "themes.names.forgejo-light": "Forgejo 浅色",
     "themes.names.forgejo-dark": "Forgejo 深色",
     "error.not_found.title": "页面不存在",
-    "alert.asset_load_failed": "无法从 {path} 加载资源文件。请确保可以访问资源文件。",
-    "install.lfs_jwt_secret_failed": "无法生成 LFS JWT 密钥：%[1]s",
+    "alert.asset_load_failed": "无法从 {path} 加载资源文件。请确保资源文件可被访问。",
     "install.invalid_lfs_path": "无法在指定路径创建 LFS 根目录：%[1]s",
-    "alert.range_error": " 必须是一个介于 %[1]s 和 %[2]s 之间的数字。"
+    "alert.range_error": " 必须是一个介于 %[1]s 和 %[2]s 之间的数字。",
+    "meta.last_line": "感谢各位对Forgejo翻译的支持和帮助！不需要翻译这个。"
 }
diff --git a/options/locale_readme.md b/options/locale_readme.md
new file mode 100644
index 0000000000..4adbce2123
--- /dev/null
+++ b/options/locale_readme.md
@@ -0,0 +1,50 @@
+# Forgejo translations
+
+All translations are stored in directories `locale` and `locale_next`.
+
+`locale` is a historical directory that contains translations in INI format. Forgejo inherited it from Gitea, and Gitea inherited it from Gogs.
+
+Because the INI format had many issues and prevented good translatability, in early 2025 Forgejo started switching to a new format - `go-i18n`+`json`.
+
+## Working on base language
+
+Here are some tips:
+* when working on non-i18n changes, only change `en-US` files
+  * non-base files are normally modified through Weblate. We appreciate the intention to provide localization for the change you're working on, however, modifying those files leads to merge conflicts with Weblate that aren't easy to resolve. [Learn about translating Forgejo](#working-on-other-languages).
+* when new strings are added, it's preferred that they're added to `locale_en-US.json`
+* when strings are modified in `locale_en-US.ini`, it's preferred that they stay here because moving them around is complicated
+* make sure to remove strings if your change renders them unused
+* consult https://forgejo.org/docs/next/contributor/localization-english/
+
+### JSON translations
+
+It is preferred that all new strings added to Forgejo UI are added to the JSON translations instead of INI.
+
+Even though Forgejo parser supports nested sections, linters and Weblate do not. Because of this, most strings need to have all sections flattened into their keys like so:
+```json
+"some.nested.section.key": "UI text"
+```
+
+However, plural variations of a string, if it has any, are stored in a nested dictionary:
+```json
+"some.nested.section.key": {
+    "one": "%d comment",
+    "other": "%d comments"
+}
+```
+
+> [!IMPORTANT]
+> Please avoid adding unnecessary sections to the keys. Sections like `repo` are vague and represent a large part of the codebase. Keep the sections scoped to where or how the strings are really used, like `user_settings` or `error`.
+
+> [!TIP]
+> Due to the flat sections, you can easily find both JSON strings and their usages in the codebase by grepping an entire key.
+
+> [!TIP]
+> 3rd party software can determine whether string has plural variations or not from type of it's value in `en-US.json`.
+
+## Working on other languages
+
+Translations are done on Codeberg Translate and not via individual pull requests.
+
+* consult https://forgejo.org/docs/next/contributor/localization/
+* see the project: https://translate.codeberg.org/projects/forgejo/
diff --git a/package-lock.json b/package-lock.json
index 1d74808f0c..36a0141c1a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17,10 +17,10 @@
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
         "asciinema-player": "3.8.2",
-        "chart.js": "4.4.5",
+        "chart.js": "4.4.9",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
-        "clippie": "4.1.1",
+        "clippie": "4.1.6",
         "css-loader": "7.0.0",
         "dayjs": "1.11.12",
         "dropzone": "6.0.0-beta.2",
@@ -31,7 +31,7 @@
         "htmx.org": "1.9.12",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
-        "katex": "0.16.21",
+        "katex": "0.16.22",
         "mermaid": "11.6.0",
         "mini-css-extract-plugin": "2.9.2",
         "minimatch": "10.0.1",
@@ -56,7 +56,7 @@
         "vue-chartjs": "5.3.1",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.98.0",
+        "webpack": "5.99.6",
         "webpack-cli": "6.0.1",
         "wrap-ansi": "9.0.0"
       },
@@ -92,6 +92,7 @@
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.44.0",
         "postcss-html": "1.8.0",
+        "sharp": "0.34.1",
         "stylelint": "16.17.0",
         "stylelint-declaration-block-no-ignored-properties": "2.8.0",
         "stylelint-declaration-strict-value": "1.10.11",
@@ -528,9 +529,9 @@
       }
     },
     "node_modules/@emnapi/core": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.4.0.tgz",
-      "integrity": "sha512-H+N/FqT07NmLmt6OFFtDfwe8PNygprzBikrEMyQfgqSmT0vzE515Pz7R8izwB9q/zsH/MA64AKoul3sA6/CzVg==",
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.4.1.tgz",
+      "integrity": "sha512-4JFstCTaToCFrPqrGzgkF8N2NHjtsaY4uRh6brZQ5L9e4wbMieX8oDT8N7qfVFTQecHFEtkj4ve49VIZ3mKVqw==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -540,9 +541,9 @@
       }
     },
     "node_modules/@emnapi/runtime": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.4.0.tgz",
-      "integrity": "sha512-64WYIf4UYcdLnbKn/umDlNjQDSS8AgZrI/R9+x5ilkUVFxXcA1Ebl+gQLc/6mERA4407Xof0R7wEyEuj091CVw==",
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.4.1.tgz",
+      "integrity": "sha512-LMshMVP0ZhACNjQNYXiU1iZJ6QCcv0lUdPDPugqGvCGXt5xtRVBPdtA0qU12pEXZzpWAhWlZYptfdAFq10DOVQ==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -982,9 +983,9 @@
       }
     },
     "node_modules/@eslint-community/eslint-utils": {
-      "version": "4.5.1",
-      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.5.1.tgz",
-      "integrity": "sha512-soEIOALTfTK6EjmKMMoLugwaP0rzkad90iIWd1hMO9ARkSAyjfMfkRRhLvD5qH7vvM0Cg72pieUfR6yh6XxC4w==",
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.6.0.tgz",
+      "integrity": "sha512-WhCn7Z7TauhBtmzhvKpoQs0Wwb/kBcy4CwpuI0/eEIr2Lx2auxmulAzLr91wVZJaz47iUZdkXOK7WlAfxGKCnA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1063,9 +1064,9 @@
       }
     },
     "node_modules/@eslint/config-helpers": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.2.0.tgz",
-      "integrity": "sha512-yJLLmLexii32mGrhW29qvU3QBVTu0GUmEf/J4XsBtVhp4JkIUFN/BjWqTF63yRvGApIDpZm5fa97LtYtINmfeQ==",
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.2.1.tgz",
+      "integrity": "sha512-RI17tsD2frtDu/3dmI7QRrD4bedNKPM08ziRYaC5AhkGrzIAJelm9kJU1TznK+apx6V+cqRz8tfpEeG3oIyjxw==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -1191,19 +1192,32 @@
       }
     },
     "node_modules/@eslint/plugin-kit": {
-      "version": "0.2.7",
-      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.7.tgz",
-      "integrity": "sha512-JubJ5B2pJ4k4yGxaNLdbjrnk9d/iDz6/q8wOilpIowd6PJPgaxCuHBnBszq7Ce2TyMrywm5r4PnKm6V3iiZF+g==",
+      "version": "0.2.8",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.8.tgz",
+      "integrity": "sha512-ZAoA40rNMPwSm+AeHpCq8STiNAwzWLJuP8Xv4CHIc9wv/PSuExjMrmjfYNj682vW0OOiZ1HKxzvjQr9XZIisQA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@eslint/core": "^0.12.0",
+        "@eslint/core": "^0.13.0",
         "levn": "^0.4.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       }
     },
+    "node_modules/@eslint/plugin-kit/node_modules/@eslint/core": {
+      "version": "0.13.0",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.13.0.tgz",
+      "integrity": "sha512-yfkgDw1KR66rkT5A8ci4irzDysN7FRpq3ttJolR88OqQikAWqwA8j5VZyas+vjyBNFIJ7MfybJ9plMILI2UrCw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@types/json-schema": "^7.0.15"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      }
+    },
     "node_modules/@github/combobox-nav": {
       "version": "2.3.1",
       "resolved": "https://registry.npmjs.org/@github/combobox-nav/-/combobox-nav-2.3.1.tgz",
@@ -1338,6 +1352,403 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/@img/sharp-darwin-arm64": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.1.tgz",
+      "integrity": "sha512-pn44xgBtgpEbZsu+lWf2KNb6OAf70X68k+yk69Ic2Xz11zHR/w24/U49XT7AeRwJ0Px+mhALhU5LPci1Aymk7A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-darwin-arm64": "1.1.0"
+      }
+    },
+    "node_modules/@img/sharp-darwin-x64": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.1.tgz",
+      "integrity": "sha512-VfuYgG2r8BpYiOUN+BfYeFo69nP/MIwAtSJ7/Zpxc5QF3KS22z8Pvg3FkrSFJBPNQ7mmcUcYQFBmEQp7eu1F8Q==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-darwin-x64": "1.1.0"
+      }
+    },
+    "node_modules/@img/sharp-libvips-darwin-arm64": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.1.0.tgz",
+      "integrity": "sha512-HZ/JUmPwrJSoM4DIQPv/BfNh9yrOA8tlBbqbLz4JZ5uew2+o22Ik+tHQJcih7QJuSa0zo5coHTfD5J8inqj9DA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-darwin-x64": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.1.0.tgz",
+      "integrity": "sha512-Xzc2ToEmHN+hfvsl9wja0RlnXEgpKNmftriQp6XzY/RaSfwD9th+MSh0WQKzUreLKKINb3afirxW7A0fz2YWuQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-arm": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.1.0.tgz",
+      "integrity": "sha512-s8BAd0lwUIvYCJyRdFqvsj+BJIpDBSxs6ivrOPm/R7piTs5UIwY5OjXrP2bqXC9/moGsyRa37eYWYCOGVXxVrA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-arm64": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.1.0.tgz",
+      "integrity": "sha512-IVfGJa7gjChDET1dK9SekxFFdflarnUB8PwW8aGwEoF3oAsSDuNUTYS+SKDOyOJxQyDC1aPFMuRYLoDInyV9Ew==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-ppc64": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.1.0.tgz",
+      "integrity": "sha512-tiXxFZFbhnkWE2LA8oQj7KYR+bWBkiV2nilRldT7bqoEZ4HiDOcePr9wVDAZPi/Id5fT1oY9iGnDq20cwUz8lQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-s390x": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.1.0.tgz",
+      "integrity": "sha512-xukSwvhguw7COyzvmjydRb3x/09+21HykyapcZchiCUkTThEQEOMtBj9UhkaBRLuBrgLFzQ2wbxdeCCJW/jgJA==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-x64": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.1.0.tgz",
+      "integrity": "sha512-yRj2+reB8iMg9W5sULM3S74jVS7zqSzHG3Ol/twnAAkAhnGQnpjj6e4ayUz7V+FpKypwgs82xbRdYtchTTUB+Q==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linuxmusl-arm64": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.1.0.tgz",
+      "integrity": "sha512-jYZdG+whg0MDK+q2COKbYidaqW/WTz0cc1E+tMAusiDygrM4ypmSCjOJPmFTvHHJ8j/6cAGyeDWZOsK06tP33w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linuxmusl-x64": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.1.0.tgz",
+      "integrity": "sha512-wK7SBdwrAiycjXdkPnGCPLjYb9lD4l6Ze2gSdAGVZrEL05AOUJESWU2lhlC+Ffn5/G+VKuSm6zzbQSzFX/P65A==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-linux-arm": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.1.tgz",
+      "integrity": "sha512-anKiszvACti2sGy9CirTlNyk7BjjZPiML1jt2ZkTdcvpLU1YH6CXwRAZCA2UmRXnhiIftXQ7+Oh62Ji25W72jA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-arm": "1.1.0"
+      }
+    },
+    "node_modules/@img/sharp-linux-arm64": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.1.tgz",
+      "integrity": "sha512-kX2c+vbvaXC6vly1RDf/IWNXxrlxLNpBVWkdpRq5Ka7OOKj6nr66etKy2IENf6FtOgklkg9ZdGpEu9kwdlcwOQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-arm64": "1.1.0"
+      }
+    },
+    "node_modules/@img/sharp-linux-s390x": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.1.tgz",
+      "integrity": "sha512-7s0KX2tI9mZI2buRipKIw2X1ufdTeaRgwmRabt5bi9chYfhur+/C1OXg3TKg/eag1W+6CCWLVmSauV1owmRPxA==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-s390x": "1.1.0"
+      }
+    },
+    "node_modules/@img/sharp-linux-x64": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.1.tgz",
+      "integrity": "sha512-wExv7SH9nmoBW3Wr2gvQopX1k8q2g5V5Iag8Zk6AVENsjwd+3adjwxtp3Dcu2QhOXr8W9NusBU6XcQUohBZ5MA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-x64": "1.1.0"
+      }
+    },
+    "node_modules/@img/sharp-linuxmusl-arm64": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.1.tgz",
+      "integrity": "sha512-DfvyxzHxw4WGdPiTF0SOHnm11Xv4aQexvqhRDAoD00MzHekAj9a/jADXeXYCDFH/DzYruwHbXU7uz+H+nWmSOQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linuxmusl-arm64": "1.1.0"
+      }
+    },
+    "node_modules/@img/sharp-linuxmusl-x64": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.1.tgz",
+      "integrity": "sha512-pax/kTR407vNb9qaSIiWVnQplPcGU8LRIJpDT5o8PdAx5aAA7AS3X9PS8Isw1/WfqgQorPotjrZL3Pqh6C5EBg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linuxmusl-x64": "1.1.0"
+      }
+    },
+    "node_modules/@img/sharp-wasm32": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.1.tgz",
+      "integrity": "sha512-YDybQnYrLQfEpzGOQe7OKcyLUCML4YOXl428gOOzBgN6Gw0rv8dpsJ7PqTHxBnXnwXr8S1mYFSLSa727tpz0xg==",
+      "cpu": [
+        "wasm32"
+      ],
+      "dev": true,
+      "license": "Apache-2.0 AND LGPL-3.0-or-later AND MIT",
+      "optional": true,
+      "dependencies": {
+        "@emnapi/runtime": "^1.4.0"
+      },
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-win32-ia32": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.1.tgz",
+      "integrity": "sha512-WKf/NAZITnonBf3U1LfdjoMgNO5JYRSlhovhRhMxXVdvWYveM4kM3L8m35onYIdh75cOMCo1BexgVQcCDzyoWw==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "Apache-2.0 AND LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-win32-x64": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.1.tgz",
+      "integrity": "sha512-hw1iIAHpNE8q3uMIRCgGOeDoz9KtFNarFLQclLxr/LK1VBkj8nby18RjFvr6aP7USRYAjTZW6yisnBWMX571Tw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0 AND LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
     "node_modules/@isaacs/cliui": {
       "version": "8.0.2",
       "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
@@ -1643,15 +2054,15 @@
       }
     },
     "node_modules/@napi-rs/wasm-runtime": {
-      "version": "0.2.7",
-      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-0.2.7.tgz",
-      "integrity": "sha512-5yximcFK5FNompXfJFoWanu5l8v1hNGqNHh9du1xETp9HWk/B/PzvchX55WYOPaIeNglG8++68AAiauBAtbnzw==",
+      "version": "0.2.8",
+      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-0.2.8.tgz",
+      "integrity": "sha512-OBlgKdX7gin7OIq4fadsjpg+cp2ZphvAIKucHsNfTdJiqdOmOEwQd/bHi0VwNrcw5xpBJyUw6cK/QilCqy1BSg==",
       "dev": true,
       "license": "MIT",
       "optional": true,
       "dependencies": {
-        "@emnapi/core": "^1.3.1",
-        "@emnapi/runtime": "^1.3.1",
+        "@emnapi/core": "^1.4.0",
+        "@emnapi/runtime": "^1.4.0",
         "@tybys/wasm-util": "^0.9.0"
       }
     },
@@ -1803,9 +2214,9 @@
       "license": "MIT"
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.38.0.tgz",
-      "integrity": "sha512-ldomqc4/jDZu/xpYU+aRxo3V4mGCV9HeTgUBANI3oIQMOL+SsxB+S2lxMpkFp5UamSS3XuTMQVbsS24R4J4Qjg==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.40.0.tgz",
+      "integrity": "sha512-+Fbls/diZ0RDerhE8kyC6hjADCXA1K4yVNlH0EYfd2XjyH0UGgzaQ8MlT0pCXAThfxv3QUAczHaL+qSv1E4/Cg==",
       "cpu": [
         "arm"
       ],
@@ -1817,9 +2228,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.38.0.tgz",
-      "integrity": "sha512-VUsgcy4GhhT7rokwzYQP+aV9XnSLkkhlEJ0St8pbasuWO/vwphhZQxYEKUP3ayeCYLhk6gEtacRpYP/cj3GjyQ==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.40.0.tgz",
+      "integrity": "sha512-PPA6aEEsTPRz+/4xxAmaoWDqh67N7wFbgFUJGMnanCFs0TV99M0M8QhhaSCks+n6EbQoFvLQgYOGXxlMGQe/6w==",
       "cpu": [
         "arm64"
       ],
@@ -1831,9 +2242,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.38.0.tgz",
-      "integrity": "sha512-buA17AYXlW9Rn091sWMq1xGUvWQFOH4N1rqUxGJtEQzhChxWjldGCCup7r/wUnaI6Au8sKXpoh0xg58a7cgcpg==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.40.0.tgz",
+      "integrity": "sha512-GwYOcOakYHdfnjjKwqpTGgn5a6cUX7+Ra2HeNj/GdXvO2VJOOXCiYYlRFU4CubFM67EhbmzLOmACKEfvp3J1kQ==",
       "cpu": [
         "arm64"
       ],
@@ -1845,9 +2256,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.38.0.tgz",
-      "integrity": "sha512-Mgcmc78AjunP1SKXl624vVBOF2bzwNWFPMP4fpOu05vS0amnLcX8gHIge7q/lDAHy3T2HeR0TqrriZDQS2Woeg==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.40.0.tgz",
+      "integrity": "sha512-CoLEGJ+2eheqD9KBSxmma6ld01czS52Iw0e2qMZNpPDlf7Z9mj8xmMemxEucinev4LgHalDPczMyxzbq+Q+EtA==",
       "cpu": [
         "x64"
       ],
@@ -1859,9 +2270,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.38.0.tgz",
-      "integrity": "sha512-zzJACgjLbQTsscxWqvrEQAEh28hqhebpRz5q/uUd1T7VTwUNZ4VIXQt5hE7ncs0GrF+s7d3S4on4TiXUY8KoQA==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.40.0.tgz",
+      "integrity": "sha512-r7yGiS4HN/kibvESzmrOB/PxKMhPTlz+FcGvoUIKYoTyGd5toHp48g1uZy1o1xQvybwwpqpe010JrcGG2s5nkg==",
       "cpu": [
         "arm64"
       ],
@@ -1873,9 +2284,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.38.0.tgz",
-      "integrity": "sha512-hCY/KAeYMCyDpEE4pTETam0XZS4/5GXzlLgpi5f0IaPExw9kuB+PDTOTLuPtM10TlRG0U9OSmXJ+Wq9J39LvAg==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.40.0.tgz",
+      "integrity": "sha512-mVDxzlf0oLzV3oZOr0SMJ0lSDd3xC4CmnWJ8Val8isp9jRGl5Dq//LLDSPFrasS7pSm6m5xAcKaw3sHXhBjoRw==",
       "cpu": [
         "x64"
       ],
@@ -1887,9 +2298,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.38.0.tgz",
-      "integrity": "sha512-mimPH43mHl4JdOTD7bUMFhBdrg6f9HzMTOEnzRmXbOZqjijCw8LA5z8uL6LCjxSa67H2xiLFvvO67PT05PRKGg==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.40.0.tgz",
+      "integrity": "sha512-y/qUMOpJxBMy8xCXD++jeu8t7kzjlOCkoxxajL58G62PJGBZVl/Gwpm7JK9+YvlB701rcQTzjUZ1JgUoPTnoQA==",
       "cpu": [
         "arm"
       ],
@@ -1901,9 +2312,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.38.0.tgz",
-      "integrity": "sha512-tPiJtiOoNuIH8XGG8sWoMMkAMm98PUwlriOFCCbZGc9WCax+GLeVRhmaxjJtz6WxrPKACgrwoZ5ia/uapq3ZVg==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.40.0.tgz",
+      "integrity": "sha512-GoCsPibtVdJFPv/BOIvBKO/XmwZLwaNWdyD8TKlXuqp0veo2sHE+A/vpMQ5iSArRUz/uaoj4h5S6Pn0+PdhRjg==",
       "cpu": [
         "arm"
       ],
@@ -1915,9 +2326,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.38.0.tgz",
-      "integrity": "sha512-wZco59rIVuB0tjQS0CSHTTUcEde+pXQWugZVxWaQFdQQ1VYub/sTrNdY76D1MKdN2NB48JDuGABP6o6fqos8mA==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.40.0.tgz",
+      "integrity": "sha512-L5ZLphTjjAD9leJzSLI7rr8fNqJMlGDKlazW2tX4IUF9P7R5TMQPElpH82Q7eNIDQnQlAyiNVfRPfP2vM5Avvg==",
       "cpu": [
         "arm64"
       ],
@@ -1929,9 +2340,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.38.0.tgz",
-      "integrity": "sha512-fQgqwKmW0REM4LomQ+87PP8w8xvU9LZfeLBKybeli+0yHT7VKILINzFEuggvnV9M3x1Ed4gUBmGUzCo/ikmFbQ==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.40.0.tgz",
+      "integrity": "sha512-ATZvCRGCDtv1Y4gpDIXsS+wfFeFuLwVxyUBSLawjgXK2tRE6fnsQEkE4csQQYWlBlsFztRzCnBvWVfcae/1qxQ==",
       "cpu": [
         "arm64"
       ],
@@ -1943,9 +2354,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-loongarch64-gnu": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loongarch64-gnu/-/rollup-linux-loongarch64-gnu-4.38.0.tgz",
-      "integrity": "sha512-hz5oqQLXTB3SbXpfkKHKXLdIp02/w3M+ajp8p4yWOWwQRtHWiEOCKtc9U+YXahrwdk+3qHdFMDWR5k+4dIlddg==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loongarch64-gnu/-/rollup-linux-loongarch64-gnu-4.40.0.tgz",
+      "integrity": "sha512-wG9e2XtIhd++QugU5MD9i7OnpaVb08ji3P1y/hNbxrQ3sYEelKJOq1UJ5dXczeo6Hj2rfDEL5GdtkMSVLa/AOg==",
       "cpu": [
         "loong64"
       ],
@@ -1957,9 +2368,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-powerpc64le-gnu": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.38.0.tgz",
-      "integrity": "sha512-NXqygK/dTSibQ+0pzxsL3r4Xl8oPqVoWbZV9niqOnIHV/J92fe65pOir0xjkUZDRSPyFRvu+4YOpJF9BZHQImw==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.40.0.tgz",
+      "integrity": "sha512-vgXfWmj0f3jAUvC7TZSU/m/cOE558ILWDzS7jBhiCAFpY2WEBn5jqgbqvmzlMjtp8KlLcBlXVD2mkTSEQE6Ixw==",
       "cpu": [
         "ppc64"
       ],
@@ -1971,9 +2382,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.38.0.tgz",
-      "integrity": "sha512-GEAIabR1uFyvf/jW/5jfu8gjM06/4kZ1W+j1nWTSSB3w6moZEBm7iBtzwQ3a1Pxos2F7Gz+58aVEnZHU295QTg==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.40.0.tgz",
+      "integrity": "sha512-uJkYTugqtPZBS3Z136arevt/FsKTF/J9dEMTX/cwR7lsAW4bShzI2R0pJVw+hcBTWF4dxVckYh72Hk3/hWNKvA==",
       "cpu": [
         "riscv64"
       ],
@@ -1985,9 +2396,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.38.0.tgz",
-      "integrity": "sha512-9EYTX+Gus2EGPbfs+fh7l95wVADtSQyYw4DfSBcYdUEAmP2lqSZY0Y17yX/3m5VKGGJ4UmIH5LHLkMJft3bYoA==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.40.0.tgz",
+      "integrity": "sha512-rKmSj6EXQRnhSkE22+WvrqOqRtk733x3p5sWpZilhmjnkHkpeCgWsFFo0dGnUGeA+OZjRl3+VYq+HyCOEuwcxQ==",
       "cpu": [
         "riscv64"
       ],
@@ -1999,9 +2410,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.38.0.tgz",
-      "integrity": "sha512-Mpp6+Z5VhB9VDk7RwZXoG2qMdERm3Jw07RNlXHE0bOnEeX+l7Fy4bg+NxfyN15ruuY3/7Vrbpm75J9QHFqj5+Q==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.40.0.tgz",
+      "integrity": "sha512-SpnYlAfKPOoVsQqmTFJ0usx0z84bzGOS9anAC0AZ3rdSo3snecihbhFTlJZ8XMwzqAcodjFU4+/SM311dqE5Sw==",
       "cpu": [
         "s390x"
       ],
@@ -2013,9 +2424,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.38.0.tgz",
-      "integrity": "sha512-vPvNgFlZRAgO7rwncMeE0+8c4Hmc+qixnp00/Uv3ht2x7KYrJ6ERVd3/R0nUtlE6/hu7/HiiNHJ/rP6knRFt1w==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.40.0.tgz",
+      "integrity": "sha512-RcDGMtqF9EFN8i2RYN2W+64CdHruJ5rPqrlYw+cgM3uOVPSsnAQps7cpjXe9be/yDp8UC7VLoCoKC8J3Kn2FkQ==",
       "cpu": [
         "x64"
       ],
@@ -2027,9 +2438,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.38.0.tgz",
-      "integrity": "sha512-q5Zv+goWvQUGCaL7fU8NuTw8aydIL/C9abAVGCzRReuj5h30TPx4LumBtAidrVOtXnlB+RZkBtExMsfqkMfb8g==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.40.0.tgz",
+      "integrity": "sha512-HZvjpiUmSNx5zFgwtQAV1GaGazT2RWvqeDi0hV+AtC8unqqDSsaFjPxfsO6qPtKRRg25SisACWnJ37Yio8ttaw==",
       "cpu": [
         "x64"
       ],
@@ -2041,9 +2452,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.38.0.tgz",
-      "integrity": "sha512-u/Jbm1BU89Vftqyqbmxdq14nBaQjQX1HhmsdBWqSdGClNaKwhjsg5TpW+5Ibs1mb8Es9wJiMdl86BcmtUVXNZg==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.40.0.tgz",
+      "integrity": "sha512-UtZQQI5k/b8d7d3i9AZmA/t+Q4tk3hOC0tMOMSq2GlMYOfxbesxG4mJSeDp0EHs30N9bsfwUvs3zF4v/RzOeTQ==",
       "cpu": [
         "arm64"
       ],
@@ -2055,9 +2466,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.38.0.tgz",
-      "integrity": "sha512-mqu4PzTrlpNHHbu5qleGvXJoGgHpChBlrBx/mEhTPpnAL1ZAYFlvHD7rLK839LLKQzqEQMFJfGrrOHItN4ZQqA==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.40.0.tgz",
+      "integrity": "sha512-+m03kvI2f5syIqHXCZLPVYplP8pQch9JHyXKZ3AGMKlg8dCyr2PKHjwRLiW53LTrN/Nc3EqHOKxUxzoSPdKddA==",
       "cpu": [
         "ia32"
       ],
@@ -2069,9 +2480,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.38.0.tgz",
-      "integrity": "sha512-jjqy3uWlecfB98Psxb5cD6Fny9Fupv9LrDSPTQZUROqjvZmcCqNu4UMl7qqhlUUGpwiAkotj6GYu4SZdcr/nLw==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.40.0.tgz",
+      "integrity": "sha512-lpPE1cLfP5oPzVjKMx10pgBmKELQnFJXHgvtHCtuJWOv8MxqdEIMNtgHgBFf7Ea2/7EuVwa9fodWUfXAlXZLZQ==",
       "cpu": [
         "x64"
       ],
@@ -3028,12 +3439,12 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "22.13.14",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.14.tgz",
-      "integrity": "sha512-Zs/Ollc1SJ8nKUAgc7ivOEdIBM8JAKgrqqUYi2J997JuKO7/tpQC+WCetQ1sypiKCQWHdvdg9wBNpUPEWZae7w==",
+      "version": "22.14.1",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.14.1.tgz",
+      "integrity": "sha512-u0HuPQwe/dHrItgHHpmw3N2fYCR6x4ivMNbPHRkBVP4CvN+kiRrKHWk3i8tXiO/joPwXLMYvF9TTF0eqgHIuOw==",
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~6.20.0"
+        "undici-types": "~6.21.0"
       }
     },
     "node_modules/@types/normalize-package-data": {
@@ -3277,9 +3688,9 @@
       }
     },
     "node_modules/@unrs/resolver-binding-darwin-arm64": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-darwin-arm64/-/resolver-binding-darwin-arm64-1.3.3.tgz",
-      "integrity": "sha512-EpRILdWr3/xDa/7MoyfO7JuBIJqpBMphtu4+80BK1bRfFcniVT74h3Z7q1+WOc92FuIAYatB1vn9TJR67sORGw==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-darwin-arm64/-/resolver-binding-darwin-arm64-1.5.0.tgz",
+      "integrity": "sha512-YmocNlEcX/AgJv8gI41bhjMOTcKcea4D2nRIbZj+MhRtSH5+vEU8r/pFuTuoF+JjVplLsBueU+CILfBPVISyGQ==",
       "cpu": [
         "arm64"
       ],
@@ -3291,9 +3702,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-darwin-x64": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-darwin-x64/-/resolver-binding-darwin-x64-1.3.3.tgz",
-      "integrity": "sha512-ntj/g7lPyqwinMJWZ+DKHBse8HhVxswGTmNgFKJtdgGub3M3zp5BSZ3bvMP+kBT6dnYJLSVlDqdwOq1P8i0+/g==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-darwin-x64/-/resolver-binding-darwin-x64-1.5.0.tgz",
+      "integrity": "sha512-qpUrXgH4e/0xu1LOhPEdfgSY3vIXOxDQv370NEL8npN8h40HcQDA+Pl2r4HBW6tTXezWIjxUFcP7tj529RZtDw==",
       "cpu": [
         "x64"
       ],
@@ -3305,9 +3716,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-freebsd-x64": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-freebsd-x64/-/resolver-binding-freebsd-x64-1.3.3.tgz",
-      "integrity": "sha512-l6BT8f2CU821EW7U8hSUK8XPq4bmyTlt9Mn4ERrfjJNoCw0/JoHAh9amZZtV3cwC3bwwIat+GUnrcHTG9+qixw==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-freebsd-x64/-/resolver-binding-freebsd-x64-1.5.0.tgz",
+      "integrity": "sha512-3tX8r8vgjvZzaJZB4jvxUaaFCDCb3aWDCpZN3EjhGnnwhztslI05KSG5NY/jNjlcZ5QWZ7dEZZ/rNBFsmTaSPw==",
       "cpu": [
         "x64"
       ],
@@ -3319,9 +3730,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-linux-arm-gnueabihf": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm-gnueabihf/-/resolver-binding-linux-arm-gnueabihf-1.3.3.tgz",
-      "integrity": "sha512-8ScEc5a4y7oE2BonRvzJ+2GSkBaYWyh0/Ko4Q25e/ix6ANpJNhwEPZvCR6GVRmsQAYMIfQvYLdM6YEN+qRjnAQ==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm-gnueabihf/-/resolver-binding-linux-arm-gnueabihf-1.5.0.tgz",
+      "integrity": "sha512-FH+ixzBKaUU9fWOj3TYO+Yn/eO6kYvMLV9eNJlJlkU7OgrxkCmiMS6wUbyT0KA3FOZGxnEQ2z3/BHgYm2jqeLA==",
       "cpu": [
         "arm"
       ],
@@ -3333,9 +3744,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-linux-arm-musleabihf": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm-musleabihf/-/resolver-binding-linux-arm-musleabihf-1.3.3.tgz",
-      "integrity": "sha512-8qQ6l1VTzLNd3xb2IEXISOKwMGXDCzY/UNy/7SovFW2Sp0K3YbL7Ao7R18v6SQkLqQlhhqSBIFRk+u6+qu5R5A==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm-musleabihf/-/resolver-binding-linux-arm-musleabihf-1.5.0.tgz",
+      "integrity": "sha512-pxCgXMgwB/4PfqFQg73lMhmWwcC0j5L+dNXhZoz/0ek0iS/oAWl65fxZeT/OnU7fVs52MgdP2q02EipqJJXHSg==",
       "cpu": [
         "arm"
       ],
@@ -3347,9 +3758,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-linux-arm64-gnu": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm64-gnu/-/resolver-binding-linux-arm64-gnu-1.3.3.tgz",
-      "integrity": "sha512-v81R2wjqcWXJlQY23byqYHt9221h4anQ6wwN64oMD/WAE+FmxPHFZee5bhRkNVtzqO/q7wki33VFWlhiADwUeQ==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm64-gnu/-/resolver-binding-linux-arm64-gnu-1.5.0.tgz",
+      "integrity": "sha512-FX2FV7vpLE/+Z0NZX9/1pwWud5Wocm/2PgpUXbT5aSV3QEB10kBPJAzssOQylvdj8mOHoKl5pVkXpbCwww/T2g==",
       "cpu": [
         "arm64"
       ],
@@ -3361,9 +3772,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-linux-arm64-musl": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm64-musl/-/resolver-binding-linux-arm64-musl-1.3.3.tgz",
-      "integrity": "sha512-cAOx/j0u5coMg4oct/BwMzvWJdVciVauUvsd+GQB/1FZYKQZmqPy0EjJzJGbVzFc6gbnfEcSqvQE6gvbGf2N8Q==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm64-musl/-/resolver-binding-linux-arm64-musl-1.5.0.tgz",
+      "integrity": "sha512-+gF97xst1BZb28T3nwwzEtq2ewCoMDGKsenYsZuvpmNrW0019G1iUAunZN+FG55L21y+uP7zsGX06OXDQ/viKw==",
       "cpu": [
         "arm64"
       ],
@@ -3375,9 +3786,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-linux-ppc64-gnu": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-ppc64-gnu/-/resolver-binding-linux-ppc64-gnu-1.3.3.tgz",
-      "integrity": "sha512-mq2blqwErgDJD4gtFDlTX/HZ7lNP8YCHYFij2gkXPtMzrXxPW1hOtxL6xg4NWxvnj4bppppb0W3s/buvM55yfg==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-ppc64-gnu/-/resolver-binding-linux-ppc64-gnu-1.5.0.tgz",
+      "integrity": "sha512-5bEmVcQw9js8JYM2LkUBw5SeELSIxX+qKf9bFrfFINKAp4noZ//hUxLpbF7u/3gTBN1GsER6xOzIZlw/VTdXtA==",
       "cpu": [
         "ppc64"
       ],
@@ -3388,10 +3799,24 @@
         "linux"
       ]
     },
+    "node_modules/@unrs/resolver-binding-linux-riscv64-gnu": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-riscv64-gnu/-/resolver-binding-linux-riscv64-gnu-1.5.0.tgz",
+      "integrity": "sha512-GGk/8TPUsf1Q99F+lzMdjE6sGL26uJCwQ9TlvBs8zR3cLQNw/MIumPN7zrs3GFGySjnwXc8gA6J3HKbejywmqA==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
     "node_modules/@unrs/resolver-binding-linux-s390x-gnu": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-s390x-gnu/-/resolver-binding-linux-s390x-gnu-1.3.3.tgz",
-      "integrity": "sha512-u0VRzfFYysarYHnztj2k2xr+eu9rmgoTUUgCCIT37Nr+j0A05Xk2c3RY8Mh5+DhCl2aYibihnaAEJHeR0UOFIQ==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-s390x-gnu/-/resolver-binding-linux-s390x-gnu-1.5.0.tgz",
+      "integrity": "sha512-5uRkFYYVNAeVaA4W/CwugjFN3iDOHCPqsBLCCOoJiMfFMMz4evBRsg+498OFa9w6VcTn2bD5aI+RRayaIgk2Sw==",
       "cpu": [
         "s390x"
       ],
@@ -3403,9 +3828,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-linux-x64-gnu": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-x64-gnu/-/resolver-binding-linux-x64-gnu-1.3.3.tgz",
-      "integrity": "sha512-OrVo5ZsG29kBF0Ug95a2KidS16PqAMmQNozM6InbquOfW/udouk063e25JVLqIBhHLB2WyBnixOQ19tmeC/hIg==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-x64-gnu/-/resolver-binding-linux-x64-gnu-1.5.0.tgz",
+      "integrity": "sha512-j905CZH3nehYy6NimNqC2B14pxn4Ltd7guKMyPTzKehbFXTUgihQS/ZfHQTdojkMzbSwBOSgq1dOrY+IpgxDsA==",
       "cpu": [
         "x64"
       ],
@@ -3417,9 +3842,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-linux-x64-musl": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-x64-musl/-/resolver-binding-linux-x64-musl-1.3.3.tgz",
-      "integrity": "sha512-PYnmrwZ4HMp9SkrOhqPghY/aoL+Rtd4CQbr93GlrRTjK6kDzfMfgz3UH3jt6elrQAfupa1qyr1uXzeVmoEAxUA==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-x64-musl/-/resolver-binding-linux-x64-musl-1.5.0.tgz",
+      "integrity": "sha512-dmLevQTuzQRwu5A+mvj54R5aye5I4PVKiWqGxg8tTaYP2k2oTs/3Mo8mgnhPk28VoYCi0fdFYpgzCd4AJndQvQ==",
       "cpu": [
         "x64"
       ],
@@ -3431,9 +3856,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-wasm32-wasi": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-wasm32-wasi/-/resolver-binding-wasm32-wasi-1.3.3.tgz",
-      "integrity": "sha512-81AnQY6fShmktQw4hWDUIilsKSdvr/acdJ5azAreu2IWNlaJOKphJSsUVWE+yCk6kBMoQyG9ZHCb/krb5K0PEA==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-wasm32-wasi/-/resolver-binding-wasm32-wasi-1.5.0.tgz",
+      "integrity": "sha512-LtJMhwu7avhoi+kKfAZOKN773RtzLBVVF90YJbB0wyMpUj9yQPeA+mteVUI9P70OG/opH47FeV5AWeaNWWgqJg==",
       "cpu": [
         "wasm32"
       ],
@@ -3441,16 +3866,16 @@
       "license": "MIT",
       "optional": true,
       "dependencies": {
-        "@napi-rs/wasm-runtime": "^0.2.7"
+        "@napi-rs/wasm-runtime": "^0.2.8"
       },
       "engines": {
         "node": ">=14.0.0"
       }
     },
     "node_modules/@unrs/resolver-binding-win32-arm64-msvc": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-arm64-msvc/-/resolver-binding-win32-arm64-msvc-1.3.3.tgz",
-      "integrity": "sha512-X/42BMNw7cW6xrB9syuP5RusRnWGoq+IqvJO8IDpp/BZg64J1uuIW6qA/1Cl13Y4LyLXbJVYbYNSKwR/FiHEng==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-arm64-msvc/-/resolver-binding-win32-arm64-msvc-1.5.0.tgz",
+      "integrity": "sha512-FTZBxLL4SO1mgIM86KykzJmPeTPisBDHQV6xtfDXbTMrentuZ6SdQKJUV5BWaoUK3p8kIULlrCcucqdCnk8Npg==",
       "cpu": [
         "arm64"
       ],
@@ -3462,9 +3887,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-win32-ia32-msvc": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-ia32-msvc/-/resolver-binding-win32-ia32-msvc-1.3.3.tgz",
-      "integrity": "sha512-EGNnNGQxMU5aTN7js3ETYvuw882zcO+dsVjs+DwO2j/fRVKth87C8e2GzxW1L3+iWAXMyJhvFBKRavk9Og1Z6A==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-ia32-msvc/-/resolver-binding-win32-ia32-msvc-1.5.0.tgz",
+      "integrity": "sha512-i5bB7vJ1waUsFciU/FKLd4Zw0VnAkvhiJ4//jYQXyDUuiLKodmtQZVTcOPU7pp97RrNgCFtXfC1gnvj/DHPJTw==",
       "cpu": [
         "ia32"
       ],
@@ -3476,9 +3901,9 @@
       ]
     },
     "node_modules/@unrs/resolver-binding-win32-x64-msvc": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-x64-msvc/-/resolver-binding-win32-x64-msvc-1.3.3.tgz",
-      "integrity": "sha512-GraLbYqOJcmW1qY3osB+2YIiD62nVf2/bVLHZmrb4t/YSUwE03l7TwcDJl08T/Tm3SVhepX8RQkpzWbag/Sb4w==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-x64-msvc/-/resolver-binding-win32-x64-msvc-1.5.0.tgz",
+      "integrity": "sha512-wAvXp4k7jhioi4SebXW/yfzzYwsUCr9kIX4gCsUFKpCTUf8Mi7vScJXI3S+kupSUf0LbVHudR8qBbe2wFMSNUw==",
       "cpu": [
         "x64"
       ],
@@ -4607,14 +5032,14 @@
       }
     },
     "node_modules/cacheable": {
-      "version": "1.8.9",
-      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-1.8.9.tgz",
-      "integrity": "sha512-FicwAUyWnrtnd4QqYAoRlNs44/a1jTL7XDKqm5gJ90wz1DQPlC7U2Rd1Tydpv+E7WAr4sQHuw8Q8M3nZMAyecQ==",
+      "version": "1.8.10",
+      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-1.8.10.tgz",
+      "integrity": "sha512-0ZnbicB/N2R6uziva8l6O6BieBklArWyiGx4GkwAhLKhSHyQtRfM9T1nx7HHuHDKkYB/efJQhz3QJ6x/YqoZzA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "hookified": "^1.7.1",
-        "keyv": "^5.3.1"
+        "hookified": "^1.8.1",
+        "keyv": "^5.3.2"
       }
     },
     "node_modules/cacheable/node_modules/keyv": {
@@ -4696,9 +5121,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001707",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001707.tgz",
-      "integrity": "sha512-3qtRjw/HQSMlDWf+X79N206fepf4SOOU6SQLMaq/0KkZLmSjPxAkBOQQ+FxbHKfHmYLZFfdWsO3KA90ceHPSnw==",
+      "version": "1.0.30001713",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001713.tgz",
+      "integrity": "sha512-wCIWIg+A4Xr7NfhTuHdX+/FKh3+Op3LBbSp2N5Pfx6T/LhdQy3GTyoTg48BReaW/MyMNZAkTadsBtai3ldWK0Q==",
       "funding": [
         {
           "type": "opencollective",
@@ -4782,9 +5207,9 @@
       }
     },
     "node_modules/chart.js": {
-      "version": "4.4.5",
-      "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.4.5.tgz",
-      "integrity": "sha512-CVVjg1RYTJV9OCC8WeJPMx8gsV8K6WIyIEQUE3ui4AR9Hfgls9URri6Ja3hyMVBbTF8Q2KFa19PE815gWcWhng==",
+      "version": "4.4.9",
+      "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.4.9.tgz",
+      "integrity": "sha512-EyZ9wWKgpAU0fLJ43YAEIF8sr5F2W3LqbS40ZJyHIner2lY14ufqv2VMp69MAiZ2rpwxEUxEhIH/0U3xyRynxg==",
       "license": "MIT",
       "dependencies": {
         "@kurkle/color": "^0.3.0"
@@ -4940,9 +5365,9 @@
       }
     },
     "node_modules/clippie": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.1.tgz",
-      "integrity": "sha512-D9OOW77Kkj9YEiDXTQjZJZLvTjJPEmK2IBx8JbGJIZaqVd8RvSvxwIN4KVSEFQfu9Jh0z5FL6Pdc4SIknllFFA==",
+      "version": "4.1.6",
+      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.6.tgz",
+      "integrity": "sha512-1M3xZRNWcVwRkh3i2XcVYFjVtfC6FCLmIpk5s54uT3+jkBa25KRE3dB0Fgkt/YLoeR7AABWkVTlb0WziQYGgaw==",
       "license": "BSD-2-Clause"
     },
     "node_modules/cliui": {
@@ -5016,6 +5441,20 @@
         "typo-js": "*"
       }
     },
+    "node_modules/color": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/color/-/color-4.2.3.tgz",
+      "integrity": "sha512-1rXeuUUiGGrykh+CeBdu5Ie7OJwinCgQY0bc7GCRxy5xVHy+moaqkpL/jqQq0MtQOeYcrqEz4abc5f0KtU7W4A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1",
+        "color-string": "^1.9.0"
+      },
+      "engines": {
+        "node": ">=12.5.0"
+      }
+    },
     "node_modules/color-convert": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
@@ -5034,6 +5473,17 @@
       "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
       "license": "MIT"
     },
+    "node_modules/color-string": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz",
+      "integrity": "sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "^1.0.0",
+        "simple-swizzle": "^0.2.2"
+      }
+    },
     "node_modules/colord": {
       "version": "2.9.3",
       "resolved": "https://registry.npmjs.org/colord/-/colord-2.9.3.tgz",
@@ -5082,9 +5532,9 @@
       "license": "MIT"
     },
     "node_modules/confbox": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/confbox/-/confbox-0.2.1.tgz",
-      "integrity": "sha512-hkT3yDPFbs95mNCy1+7qNKC6Pro+/ibzYxtM2iqEigpf0sVw+bg4Zh9/snjsBcf990vfIsg5+1U7VyiyBb3etg==",
+      "version": "0.2.2",
+      "resolved": "https://registry.npmjs.org/confbox/-/confbox-0.2.2.tgz",
+      "integrity": "sha512-1NB+BKqhtNipMsov4xI/NnhCKp9XG9NamYp5PVm9klAT0fsrNPjaFICsCFhNhwZJKNh7zB/3q8qXz0E9oaMNtQ==",
       "license": "MIT"
     },
     "node_modules/config-chain": {
@@ -5317,9 +5767,9 @@
       "license": "MIT"
     },
     "node_modules/cytoscape": {
-      "version": "3.31.1",
-      "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.31.1.tgz",
-      "integrity": "sha512-Hx5Mtb1+hnmAKaZZ/7zL1Y5HTFYOjdDswZy/jD+1WINRU8KVi1B7+vlHdsTwY+VCFucTreoyu1RDzQJ9u0d2Hw==",
+      "version": "3.31.2",
+      "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.31.2.tgz",
+      "integrity": "sha512-/eOXg2uGdMdpGlEes5Sf6zE+jUG+05f3htFNQIxLxduOH/SsaUZiPBfAwP1btVIVzsnhiNOdi+hvDRLYfMZjGw==",
       "license": "MIT",
       "engines": {
         "node": ">=0.10"
@@ -6018,6 +6468,16 @@
         "node": ">=6"
       }
     },
+    "node_modules/detect-libc": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.3.tgz",
+      "integrity": "sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/devlop": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/devlop/-/devlop-1.1.0.tgz",
@@ -6124,9 +6584,9 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.2.4",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz",
-      "integrity": "sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==",
+      "version": "3.2.5",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.5.tgz",
+      "integrity": "sha512-mLPd29uoRe9HpvwP2TxClGQBzGXeEC/we/q+bFlmPPmj2p2Ugl3r6ATu/UU1v77DXNcehiBg9zsr1dREyA/dJQ==",
       "license": "(MPL-2.0 OR Apache-2.0)",
       "optionalDependencies": {
         "@types/trusted-types": "^2.0.7"
@@ -6227,9 +6687,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.128",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.128.tgz",
-      "integrity": "sha512-bo1A4HH/NS522Ws0QNFIzyPcyUUNV/yyy70Ho1xqfGYzPUme2F/xr4tlEOuM6/A538U1vDA7a4XfCd1CKRegKQ==",
+      "version": "1.5.136",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.136.tgz",
+      "integrity": "sha512-kL4+wUTD7RSA5FHx5YwWtjDnEEkIIikFgWHR4P6fqjw1PPLlqYkxeOb++wAauAssat0YClCy8Y3C5SxgSkjibQ==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -6631,9 +7091,9 @@
       }
     },
     "node_modules/eslint-compat-utils": {
-      "version": "0.6.4",
-      "resolved": "https://registry.npmjs.org/eslint-compat-utils/-/eslint-compat-utils-0.6.4.tgz",
-      "integrity": "sha512-/u+GQt8NMfXO8w17QendT4gvO5acfxQsAKirAt0LVxDnr2N8YLCVbregaNc/Yhp7NM128DwCaRvr8PLDfeNkQw==",
+      "version": "0.6.5",
+      "resolved": "https://registry.npmjs.org/eslint-compat-utils/-/eslint-compat-utils-0.6.5.tgz",
+      "integrity": "sha512-vAUHYzue4YAa2hNACjB8HvUQj5yehAZgiClyFVVom9cP8z5NSFq3PwB/TtJslN2zAMgRX6FCFCjYBbQh71g5RQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7178,9 +7638,9 @@
       }
     },
     "node_modules/expect-type": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.2.0.tgz",
-      "integrity": "sha512-80F22aiJ3GLyVnS/B3HzgR6RelZVumzj9jkL0Rhz4h0xYbNW9PjlQz5h3J/SShErbXBc295vseR4/MIbVmUbeA==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.2.1.tgz",
+      "integrity": "sha512-/kP8CAwxzLVEeFrMm4kMmy4CCDlpipyA7MYLVrdJIkV0fYF0UaigQHRsxHiuY/GEea+bh4KSv3TIlgr+2UL6bw==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -7947,9 +8407,9 @@
       }
     },
     "node_modules/hookified": {
-      "version": "1.8.1",
-      "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.8.1.tgz",
-      "integrity": "sha512-GrO2l93P8xCWBSTBX9l2BxI78VU/MAAYag+pG8curS3aBGy0++ZlxrQ7PdUOUVMbn5BwkGb6+eRrnf43ipnFEA==",
+      "version": "1.8.2",
+      "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.8.2.tgz",
+      "integrity": "sha512-5nZbBNP44sFCDjSoB//0N7m508APCgbQ4mGGo1KJGBYyCKNHfry1Pvd0JVHZIxjdnqn8nFRBAN/eFB6Rk/4w5w==",
       "dev": true,
       "license": "MIT"
     },
@@ -8152,9 +8612,9 @@
       }
     },
     "node_modules/index-to-position": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/index-to-position/-/index-to-position-1.0.0.tgz",
-      "integrity": "sha512-sCO7uaLVhRJ25vz1o8s9IFM3nVS4DkuQnyjMwiQPKvQuBYBDmb8H7zx8ki7nVh4HJQOdVWebyvLE0qt+clruxA==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/index-to-position/-/index-to-position-1.1.0.tgz",
+      "integrity": "sha512-XPdx9Dq4t9Qk1mTMbWONJqU7boCoumEH7fRET37HX5+khDUl3J2W6PdALxhILYlIYx2amlwYcRPp28p0tSiojg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -9186,9 +9646,9 @@
       "license": "MIT"
     },
     "node_modules/katex": {
-      "version": "0.16.21",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.21.tgz",
-      "integrity": "sha512-XvqR7FgOHtWupfMiigNzmh+MgUVmDGU2kXZm899ZkPfcuoPuFxyHmXsgATDpFZDAXCI8tvinaVcDo8PIIJSo4A==",
+      "version": "0.16.22",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.22.tgz",
+      "integrity": "sha512-XCHRdUw4lf3SKBaJe4EvgqIuWwkPSo9XoeO8GjQW94Bp7TWv9hNhzZjZ+OH9yf1UmLygb7DIT5GSFQiyt16zYg==",
       "funding": [
         "https://opencollective.com/katex",
         "https://github.com/sponsors/katex"
@@ -9768,9 +10228,9 @@
       "license": "MIT"
     },
     "node_modules/mermaid/node_modules/marked": {
-      "version": "15.0.7",
-      "resolved": "https://registry.npmjs.org/marked/-/marked-15.0.7.tgz",
-      "integrity": "sha512-dgLIeKGLx5FwziAnsk4ONoGwHwGPJzselimvlVskE9XLN4Orv9u2VA3GWw/lYUqjfA0rUT/6fqKwfZJapP9BEg==",
+      "version": "15.0.8",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-15.0.8.tgz",
+      "integrity": "sha512-rli4l2LyZqpQuRve5C0rkn6pj3hT8EWPC+zkAxFTAJLxRbENfTAhEQq9itrmf1Y81QtAX5D/MYlGlIomNgj9lA==",
       "license": "MIT",
       "bin": {
         "marked": "bin/marked.js"
@@ -11270,41 +11730,6 @@
         "postcss": "^8.4.21"
       }
     },
-    "node_modules/postcss-load-config": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz",
-      "integrity": "sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==",
-      "funding": [
-        {
-          "type": "opencollective",
-          "url": "https://opencollective.com/postcss/"
-        },
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/ai"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "lilconfig": "^3.0.0",
-        "yaml": "^2.3.4"
-      },
-      "engines": {
-        "node": ">= 14"
-      },
-      "peerDependencies": {
-        "postcss": ">=8.0.9",
-        "ts-node": ">=9.0.0"
-      },
-      "peerDependenciesMeta": {
-        "postcss": {
-          "optional": true
-        },
-        "ts-node": {
-          "optional": true
-        }
-      }
-    },
     "node_modules/postcss-loader": {
       "version": "8.1.1",
       "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-8.1.1.tgz",
@@ -11904,15 +12329,15 @@
       }
     },
     "node_modules/read-pkg/node_modules/parse-json": {
-      "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-8.2.0.tgz",
-      "integrity": "sha512-eONBZy4hm2AgxjNFd8a4nyDJnzUAH0g34xSQAwWEVGCjdZ4ZL7dKZBfq267GWP/JaS9zW62Xs2FeAdDvpHHJGQ==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-8.3.0.tgz",
+      "integrity": "sha512-ybiGyvspI+fAoRQbIPRddCcSTV9/LsJbf0e/S85VLowVGzRmokfneg2kwVW/KU5rOXrPSbF1qAKPMgNTqqROQQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@babel/code-frame": "^7.26.2",
-        "index-to-position": "^1.0.0",
-        "type-fest": "^4.37.0"
+        "index-to-position": "^1.1.0",
+        "type-fest": "^4.39.1"
       },
       "engines": {
         "node": ">=18"
@@ -12476,6 +12901,47 @@
         "node": ">=8"
       }
     },
+    "node_modules/sharp": {
+      "version": "0.34.1",
+      "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.1.tgz",
+      "integrity": "sha512-1j0w61+eVxu7DawFJtnfYcvSv6qPFvfTaqzTQ2BLknVhHTwGS8sc63ZBF4rzkWMBVKybo4S5OBtDdZahh2A1xg==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "color": "^4.2.3",
+        "detect-libc": "^2.0.3",
+        "semver": "^7.7.1"
+      },
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-darwin-arm64": "0.34.1",
+        "@img/sharp-darwin-x64": "0.34.1",
+        "@img/sharp-libvips-darwin-arm64": "1.1.0",
+        "@img/sharp-libvips-darwin-x64": "1.1.0",
+        "@img/sharp-libvips-linux-arm": "1.1.0",
+        "@img/sharp-libvips-linux-arm64": "1.1.0",
+        "@img/sharp-libvips-linux-ppc64": "1.1.0",
+        "@img/sharp-libvips-linux-s390x": "1.1.0",
+        "@img/sharp-libvips-linux-x64": "1.1.0",
+        "@img/sharp-libvips-linuxmusl-arm64": "1.1.0",
+        "@img/sharp-libvips-linuxmusl-x64": "1.1.0",
+        "@img/sharp-linux-arm": "0.34.1",
+        "@img/sharp-linux-arm64": "0.34.1",
+        "@img/sharp-linux-s390x": "0.34.1",
+        "@img/sharp-linux-x64": "0.34.1",
+        "@img/sharp-linuxmusl-arm64": "0.34.1",
+        "@img/sharp-linuxmusl-x64": "0.34.1",
+        "@img/sharp-wasm32": "0.34.1",
+        "@img/sharp-win32-ia32": "0.34.1",
+        "@img/sharp-win32-x64": "0.34.1"
+      }
+    },
     "node_modules/shebang-command": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
@@ -12605,6 +13071,23 @@
         "node": ">=12"
       }
     },
+    "node_modules/simple-swizzle": {
+      "version": "0.2.2",
+      "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz",
+      "integrity": "sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-arrayish": "^0.3.1"
+      }
+    },
+    "node_modules/simple-swizzle/node_modules/is-arrayish": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz",
+      "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/slash": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
@@ -12820,9 +13303,9 @@
       }
     },
     "node_modules/std-env": {
-      "version": "3.8.1",
-      "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.8.1.tgz",
-      "integrity": "sha512-vj5lIj3Mwf9D79hBkltk5qmkFI+biIKWS2IBxEyEU3AX1tUf7AoL8nSazCOiiqQsGKIq01SClsKEzweu34uwvA==",
+      "version": "3.9.0",
+      "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.9.0.tgz",
+      "integrity": "sha512-UGvjygr6F6tpH7o2qyqR6QYpwraIjKSdtzyBdyytFOHmPZY917kwdwLG0RbOjWOnKmnm3PeHjaoLLMie7kPLQw==",
       "dev": true,
       "license": "MIT"
     },
@@ -13136,25 +13619,25 @@
       "license": "MIT"
     },
     "node_modules/stylelint/node_modules/file-entry-cache": {
-      "version": "10.0.7",
-      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-10.0.7.tgz",
-      "integrity": "sha512-txsf5fu3anp2ff3+gOJJzRImtrtm/oa9tYLN0iTuINZ++EyVR/nRrg2fKYwvG/pXDofcrvvb0scEbX3NyW/COw==",
+      "version": "10.0.8",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-10.0.8.tgz",
+      "integrity": "sha512-FGXHpfmI4XyzbLd3HQ8cbUcsFGohJpZtmQRHr8z8FxxtCe2PcpgIlVLwIgunqjvRmXypBETvwhV4ptJizA+Y1Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "flat-cache": "^6.1.7"
+        "flat-cache": "^6.1.8"
       }
     },
     "node_modules/stylelint/node_modules/flat-cache": {
-      "version": "6.1.7",
-      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.7.tgz",
-      "integrity": "sha512-qwZ4xf1v1m7Rc9XiORly31YaChvKt6oNVHuqqZcoED/7O+ToyNVGobKsIAopY9ODcWpEDKEBAbrSOCBHtNQvew==",
+      "version": "6.1.8",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.8.tgz",
+      "integrity": "sha512-R6MaD3nrJAtO7C3QOuS79ficm2pEAy++TgEUD8ii1LVlbcgZ9DtASLkt9B+RZSFCzm7QHDMlXPsqqB6W2Pfr1Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "cacheable": "^1.8.9",
         "flatted": "^3.3.3",
-        "hookified": "^1.7.1"
+        "hookified": "^1.8.1"
       }
     },
     "node_modules/stylelint/node_modules/ignore": {
@@ -13527,6 +14010,41 @@
         "node": ">=14.0.0"
       }
     },
+    "node_modules/tailwindcss/node_modules/postcss-load-config": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz",
+      "integrity": "sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "lilconfig": "^3.0.0",
+        "yaml": "^2.3.4"
+      },
+      "engines": {
+        "node": ">= 14"
+      },
+      "peerDependencies": {
+        "postcss": ">=8.0.9",
+        "ts-node": ">=9.0.0"
+      },
+      "peerDependenciesMeta": {
+        "postcss": {
+          "optional": true
+        },
+        "ts-node": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/tapable": {
       "version": "2.2.1",
       "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
@@ -13904,9 +14422,9 @@
       }
     },
     "node_modules/type-fest": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.38.0.tgz",
-      "integrity": "sha512-2dBz5D5ycHIoliLYLi0Q2V7KRaDlH0uWIvmk7TYlAg5slqwiPv1ezJdZm1QEM0xgk29oYWMCbIG7E6gHpvChlg==",
+      "version": "4.39.1",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.39.1.tgz",
+      "integrity": "sha512-uW9qzd66uyHYxwyVBYiwS4Oi0qZyUqwjU+Oevr6ZogYiXt99EOYtwvzMSLw1c3lYo2HzJsep/NB23iEVEgjG/w==",
       "dev": true,
       "license": "(MIT OR CC0-1.0)",
       "engines": {
@@ -14045,9 +14563,9 @@
       "license": "MIT"
     },
     "node_modules/ufo": {
-      "version": "1.5.4",
-      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.5.4.tgz",
-      "integrity": "sha512-UsUk3byDzKd04EyoZ7U4DOlxQaD14JUKQl6/P7wiX4FNvUfm3XL246n9W5AmqwW5RSFJ27NAuM0iLscAOYUiGQ==",
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.1.tgz",
+      "integrity": "sha512-9a4/uxlTWJ4+a5i0ooc1rU7C7YOw3wT+UGqdeNNHWnOF9qcMBgLRS+4IYUqbczewFx4mLEig6gawh7X6mFlEkA==",
       "license": "MIT"
     },
     "node_modules/uint8-to-base64": {
@@ -14076,9 +14594,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "6.20.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz",
-      "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==",
+      "version": "6.21.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
+      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
       "license": "MIT"
     },
     "node_modules/unicorn-magic": {
@@ -14105,30 +14623,31 @@
       }
     },
     "node_modules/unrs-resolver": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/unrs-resolver/-/unrs-resolver-1.3.3.tgz",
-      "integrity": "sha512-PFLAGQzYlyjniXdbmQ3dnGMZJXX5yrl2YS4DLRfR3BhgUsE1zpRIrccp9XMOGRfIHpdFvCn/nr5N1KMVda4x3A==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/unrs-resolver/-/unrs-resolver-1.5.0.tgz",
+      "integrity": "sha512-6aia3Oy7SEe0MuUGQm2nsyob0L2+g57w178K5SE/3pvSGAIp28BB2O921fKx424Ahc/gQ6v0DXFbhcpyhGZdOA==",
       "dev": true,
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/JounQin"
       },
       "optionalDependencies": {
-        "@unrs/resolver-binding-darwin-arm64": "1.3.3",
-        "@unrs/resolver-binding-darwin-x64": "1.3.3",
-        "@unrs/resolver-binding-freebsd-x64": "1.3.3",
-        "@unrs/resolver-binding-linux-arm-gnueabihf": "1.3.3",
-        "@unrs/resolver-binding-linux-arm-musleabihf": "1.3.3",
-        "@unrs/resolver-binding-linux-arm64-gnu": "1.3.3",
-        "@unrs/resolver-binding-linux-arm64-musl": "1.3.3",
-        "@unrs/resolver-binding-linux-ppc64-gnu": "1.3.3",
-        "@unrs/resolver-binding-linux-s390x-gnu": "1.3.3",
-        "@unrs/resolver-binding-linux-x64-gnu": "1.3.3",
-        "@unrs/resolver-binding-linux-x64-musl": "1.3.3",
-        "@unrs/resolver-binding-wasm32-wasi": "1.3.3",
-        "@unrs/resolver-binding-win32-arm64-msvc": "1.3.3",
-        "@unrs/resolver-binding-win32-ia32-msvc": "1.3.3",
-        "@unrs/resolver-binding-win32-x64-msvc": "1.3.3"
+        "@unrs/resolver-binding-darwin-arm64": "1.5.0",
+        "@unrs/resolver-binding-darwin-x64": "1.5.0",
+        "@unrs/resolver-binding-freebsd-x64": "1.5.0",
+        "@unrs/resolver-binding-linux-arm-gnueabihf": "1.5.0",
+        "@unrs/resolver-binding-linux-arm-musleabihf": "1.5.0",
+        "@unrs/resolver-binding-linux-arm64-gnu": "1.5.0",
+        "@unrs/resolver-binding-linux-arm64-musl": "1.5.0",
+        "@unrs/resolver-binding-linux-ppc64-gnu": "1.5.0",
+        "@unrs/resolver-binding-linux-riscv64-gnu": "1.5.0",
+        "@unrs/resolver-binding-linux-s390x-gnu": "1.5.0",
+        "@unrs/resolver-binding-linux-x64-gnu": "1.5.0",
+        "@unrs/resolver-binding-linux-x64-musl": "1.5.0",
+        "@unrs/resolver-binding-wasm32-wasi": "1.5.0",
+        "@unrs/resolver-binding-win32-arm64-msvc": "1.5.0",
+        "@unrs/resolver-binding-win32-ia32-msvc": "1.5.0",
+        "@unrs/resolver-binding-win32-x64-msvc": "1.5.0"
       }
     },
     "node_modules/update-browserslist-db": {
@@ -14235,9 +14754,9 @@
       "license": "MIT"
     },
     "node_modules/vite": {
-      "version": "6.2.3",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-6.2.3.tgz",
-      "integrity": "sha512-IzwM54g4y9JA/xAeBPNaDXiBF8Jsgl3VBQ2YQ/wOY6fyW3xMdSoltIV3Bo59DErdqdE6RxUfv8W69DvUorE4Eg==",
+      "version": "6.2.6",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-6.2.6.tgz",
+      "integrity": "sha512-9xpjNl3kR4rVDZgPNdTL0/c6ao4km69a/2ihNQbcANz8RuCOK3hQBmLSJf3bRKVQjVMda+YvizNE8AwvogcPbw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -14388,9 +14907,9 @@
       }
     },
     "node_modules/vite/node_modules/rollup": {
-      "version": "4.38.0",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.38.0.tgz",
-      "integrity": "sha512-5SsIRtJy9bf1ErAOiFMFzl64Ex9X5V7bnJ+WlFMb+zmP459OSWCEG7b0ERZ+PEU7xPt4OG3RHbrp1LJlXxYTrw==",
+      "version": "4.40.0",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.40.0.tgz",
+      "integrity": "sha512-Noe455xmA96nnqH5piFtLobsGbCij7Tu+tb3c1vYjNbTkfzGqXqQXG3wJaYXkRZuQ0vEYN4bhwg7QnIrqB5B+w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -14404,26 +14923,26 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.38.0",
-        "@rollup/rollup-android-arm64": "4.38.0",
-        "@rollup/rollup-darwin-arm64": "4.38.0",
-        "@rollup/rollup-darwin-x64": "4.38.0",
-        "@rollup/rollup-freebsd-arm64": "4.38.0",
-        "@rollup/rollup-freebsd-x64": "4.38.0",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.38.0",
-        "@rollup/rollup-linux-arm-musleabihf": "4.38.0",
-        "@rollup/rollup-linux-arm64-gnu": "4.38.0",
-        "@rollup/rollup-linux-arm64-musl": "4.38.0",
-        "@rollup/rollup-linux-loongarch64-gnu": "4.38.0",
-        "@rollup/rollup-linux-powerpc64le-gnu": "4.38.0",
-        "@rollup/rollup-linux-riscv64-gnu": "4.38.0",
-        "@rollup/rollup-linux-riscv64-musl": "4.38.0",
-        "@rollup/rollup-linux-s390x-gnu": "4.38.0",
-        "@rollup/rollup-linux-x64-gnu": "4.38.0",
-        "@rollup/rollup-linux-x64-musl": "4.38.0",
-        "@rollup/rollup-win32-arm64-msvc": "4.38.0",
-        "@rollup/rollup-win32-ia32-msvc": "4.38.0",
-        "@rollup/rollup-win32-x64-msvc": "4.38.0",
+        "@rollup/rollup-android-arm-eabi": "4.40.0",
+        "@rollup/rollup-android-arm64": "4.40.0",
+        "@rollup/rollup-darwin-arm64": "4.40.0",
+        "@rollup/rollup-darwin-x64": "4.40.0",
+        "@rollup/rollup-freebsd-arm64": "4.40.0",
+        "@rollup/rollup-freebsd-x64": "4.40.0",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.40.0",
+        "@rollup/rollup-linux-arm-musleabihf": "4.40.0",
+        "@rollup/rollup-linux-arm64-gnu": "4.40.0",
+        "@rollup/rollup-linux-arm64-musl": "4.40.0",
+        "@rollup/rollup-linux-loongarch64-gnu": "4.40.0",
+        "@rollup/rollup-linux-powerpc64le-gnu": "4.40.0",
+        "@rollup/rollup-linux-riscv64-gnu": "4.40.0",
+        "@rollup/rollup-linux-riscv64-musl": "4.40.0",
+        "@rollup/rollup-linux-s390x-gnu": "4.40.0",
+        "@rollup/rollup-linux-x64-gnu": "4.40.0",
+        "@rollup/rollup-linux-x64-musl": "4.40.0",
+        "@rollup/rollup-win32-arm64-msvc": "4.40.0",
+        "@rollup/rollup-win32-ia32-msvc": "4.40.0",
+        "@rollup/rollup-win32-x64-msvc": "4.40.0",
         "fsevents": "~2.3.2"
       }
     },
@@ -14595,9 +15114,9 @@
       "license": "MIT"
     },
     "node_modules/vue-eslint-parser": {
-      "version": "10.1.1",
-      "resolved": "https://registry.npmjs.org/vue-eslint-parser/-/vue-eslint-parser-10.1.1.tgz",
-      "integrity": "sha512-bh2Z/Au5slro9QJ3neFYLanZtb1jH+W2bKqGHXAoYD4vZgNG3KeotL7JpPv5xzY4UXUXJl7TrIsnzECH63kd3Q==",
+      "version": "10.1.3",
+      "resolved": "https://registry.npmjs.org/vue-eslint-parser/-/vue-eslint-parser-10.1.3.tgz",
+      "integrity": "sha512-dbCBnd2e02dYWsXoqX5yKUZlOt+ExIpq7hmHKPb5ZqKcjf++Eo0hMseFTZMLKThrUk61m+Uv6A2YSBve6ZvuDQ==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -14679,9 +15198,9 @@
       }
     },
     "node_modules/webpack": {
-      "version": "5.98.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.98.0.tgz",
-      "integrity": "sha512-UFynvx+gM44Gv9qFgj0acCQK2VE1CtdfwFdimkapco3hlPCJ/zeq73n2yVKimVbtm+TnApIugGhLJnkU6gjYXA==",
+      "version": "5.99.6",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.99.6.tgz",
+      "integrity": "sha512-TJOLrJ6oeccsGWPl7ujCYuc0pIq2cNsuD6GZDma8i5o5Npvcco/z+NKvZSFsP0/x6SShVb0+X2JK/JHUjKY9dQ==",
       "license": "MIT",
       "dependencies": {
         "@types/eslint-scope": "^3.7.7",
diff --git a/package.json b/package.json
index 8ea547e17c..48e0a12911 100644
--- a/package.json
+++ b/package.json
@@ -16,10 +16,10 @@
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",
     "asciinema-player": "3.8.2",
-    "chart.js": "4.4.5",
+    "chart.js": "4.4.9",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",
-    "clippie": "4.1.1",
+    "clippie": "4.1.6",
     "css-loader": "7.0.0",
     "dayjs": "1.11.12",
     "dropzone": "6.0.0-beta.2",
@@ -30,7 +30,7 @@
     "htmx.org": "1.9.12",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
-    "katex": "0.16.21",
+    "katex": "0.16.22",
     "mermaid": "11.6.0",
     "mini-css-extract-plugin": "2.9.2",
     "minimatch": "10.0.1",
@@ -55,7 +55,7 @@
     "vue-chartjs": "5.3.1",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.98.0",
+    "webpack": "5.99.6",
     "webpack-cli": "6.0.1",
     "wrap-ansi": "9.0.0"
   },
@@ -91,6 +91,7 @@
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.44.0",
     "postcss-html": "1.8.0",
+    "sharp": "0.34.1",
     "stylelint": "16.17.0",
     "stylelint-declaration-block-no-ignored-properties": "2.8.0",
     "stylelint-declaration-strict-value": "1.10.11",
diff --git a/poetry.lock b/poetry.lock
index 4f0a372ef5..c7bb49a92d 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -130,17 +130,17 @@ six = ">=1.13.0"
 
 [[package]]
 name = "json5"
-version = "0.10.0"
+version = "0.12.0"
 description = "A Python implementation of the JSON5 data format."
 optional = false
 python-versions = ">=3.8.0"
 files = [
-    {file = "json5-0.10.0-py3-none-any.whl", hash = "sha256:19b23410220a7271e8377f81ba8aacba2fdd56947fbb137ee5977cbe1f5e8dfa"},
-    {file = "json5-0.10.0.tar.gz", hash = "sha256:e66941c8f0a02026943c52c2eb34ebeb2a6f819a0be05920a6f5243cd30fd559"},
+    {file = "json5-0.12.0-py3-none-any.whl", hash = "sha256:6d37aa6c08b0609f16e1ec5ff94697e2cbbfbad5ac112afa05794da9ab7810db"},
+    {file = "json5-0.12.0.tar.gz", hash = "sha256:0b4b6ff56801a1c7dc817b0241bca4ce474a0e6a163bfef3fc594d3fd263ff3a"},
 ]
 
 [package.extras]
-dev = ["build (==1.2.2.post1)", "coverage (==7.5.3)", "mypy (==1.13.0)", "pip (==24.3.1)", "pylint (==3.2.3)", "ruff (==0.7.3)", "twine (==5.1.1)", "uv (==0.5.1)"]
+dev = ["build (==1.2.2.post1)", "coverage (==7.5.4)", "coverage (==7.8.0)", "mypy (==1.14.1)", "mypy (==1.15.0)", "pip (==25.0.1)", "pylint (==3.2.7)", "pylint (==3.3.6)", "ruff (==0.11.2)", "twine (==6.1.0)", "uv (==0.6.11)"]
 
 [[package]]
 name = "pathspec"
@@ -393,13 +393,13 @@ telegram = ["requests"]
 
 [[package]]
 name = "typing-extensions"
-version = "4.13.0"
+version = "4.13.2"
 description = "Backported and Experimental Type Hints for Python 3.8+"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "typing_extensions-4.13.0-py3-none-any.whl", hash = "sha256:c8dd92cc0d6425a97c18fbb9d1954e5ff92c1ca881a309c45f06ebc0b79058e5"},
-    {file = "typing_extensions-4.13.0.tar.gz", hash = "sha256:0a4ac55a5820789d87e297727d229866c9650f6521b64206413c4fbada24d95b"},
+    {file = "typing_extensions-4.13.2-py3-none-any.whl", hash = "sha256:a439e7c04b49fec3e5d3e2beaa21755cadbbdc391694e28ccdd36ca4a1408f8c"},
+    {file = "typing_extensions-4.13.2.tar.gz", hash = "sha256:e6c81219bd689f51865d9e372991c540bda33a0379d5573cddb9a3a23f7caaef"},
 ]
 
 [[package]]
diff --git a/public/assets/img/apple-touch-icon.png b/public/assets/img/apple-touch-icon.png
index 1f6c1544f8..2b1413bd6c 100644
Binary files a/public/assets/img/apple-touch-icon.png and b/public/assets/img/apple-touch-icon.png differ
diff --git a/public/assets/img/avatar_default.png b/public/assets/img/avatar_default.png
index f335e51dad..09390315f1 100644
Binary files a/public/assets/img/avatar_default.png and b/public/assets/img/avatar_default.png differ
diff --git a/public/assets/img/favicon.png b/public/assets/img/favicon.png
index eda0347eff..209a01fa1f 100644
Binary files a/public/assets/img/favicon.png and b/public/assets/img/favicon.png differ
diff --git a/public/assets/img/gitea.svg b/public/assets/img/gitea.svg
deleted file mode 100644
index 804b05e284..0000000000
--- a/public/assets/img/gitea.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 212 212" width="32" height="32"><style>circle,path{fill:none;stroke:#000;stroke-width:15}path{stroke-width:25}.orange{stroke:#f60}.red{stroke:#d40000}</style><g transform="translate(6 6)"><path d="M58 168V70a50 50 0 0 1 50-50h20" class="orange"/><path d="M58 168v-30a50 50 0 0 1 50-50h20" class="red"/><circle cx="142" cy="20" r="18" class="orange"/><circle cx="142" cy="88" r="18" class="red"/><circle cx="58" cy="180" r="18" class="red"/></g></svg>
\ No newline at end of file
diff --git a/public/assets/img/logo.png b/public/assets/img/logo.png
index 1b2d9b4023..30b06350f6 100644
Binary files a/public/assets/img/logo.png and b/public/assets/img/logo.png differ
diff --git a/public/assets/img/svg/gitea-forgejo.svg b/public/assets/img/svg/gitea-forgejo.svg
index 22ae790357..6bc09fc93b 100644
--- a/public/assets/img/svg/gitea-forgejo.svg
+++ b/public/assets/img/svg/gitea-forgejo.svg
@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" class="gitea-forgejo__forgejo-logo svg gitea-forgejo" viewBox="0 0 256 256" width="16" height="16"><g fill="none" transform="translate(28 28)"><path stroke="#f60" stroke-width="25" d="M58 168V70a50 50 0 0 1 50-50h20"/><path stroke="#d40000" stroke-width="25" d="M58 168v-30a50 50 0 0 1 50-50h20"/><circle cx="142" cy="20" r="18" stroke="#f60" stroke-width="15"/><circle cx="142" cy="88" r="18" stroke="#d40000" stroke-width="15"/><circle cx="58" cy="180" r="18" stroke="#d40000" stroke-width="15"/></g></svg>
\ No newline at end of file
+<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" class="gitea-forgejo__forgejo-logo svg gitea-forgejo" viewBox="0 0 212 212" width="16" height="16"><g fill="none" transform="translate(6 6)"><path stroke="#f60" stroke-width="25" d="M58 168V70a50 50 0 0 1 50-50h20"/><path stroke="#d40000" stroke-width="25" d="M58 168v-30a50 50 0 0 1 50-50h20"/><circle cx="142" cy="20" r="18" stroke="#f60" stroke-width="15"/><circle cx="142" cy="88" r="18" stroke="#d40000" stroke-width="15"/><circle cx="58" cy="180" r="18" stroke="#d40000" stroke-width="15"/></g></svg>
\ No newline at end of file
diff --git a/public/assets/img/svg/gitea-git.svg b/public/assets/img/svg/gitea-git.svg
index 33a98deb16..9629c969b7 100644
--- a/public/assets/img/svg/gitea-git.svg
+++ b/public/assets/img/svg/gitea-git.svg
@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48" class="svg gitea-git" width="16" height="16" aria-hidden="true"><path d="M42.2 22.1 25.9 5.8c-.5-.5-1.2-.8-1.9-.8s-1.4.3-1.9.8l-3.5 3.5 4.1 4.1c.4-.2.8-.3 1.3-.3 1.7 0 3 1.3 3 3 0 .5-.1.9-.3 1.3l4 4c.4-.2.8-.3 1.3-.3 1.7 0 3 1.3 3 3s-1.3 3-3 3-3-1.3-3-3c0-.5.1-.9.3-1.3l-4-4c-.1 0-.2.1-.3.1v10.4c1.2.4 2 1.5 2 2.8 0 1.7-1.3 3-3 3s-3-1.3-3-3c0-1.3.8-2.4 2-2.8V18.8c-1.2-.4-2-1.5-2-2.8 0-.5.1-.9.3-1.3l-4.1-4.1L5.8 22.1c-.5.5-.8 1.2-.8 1.9s.3 1.4.8 1.9l16.3 16.3c.5.5 1.2.8 1.9.8s1.4-.3 1.9-.8l16.3-16.3c.5-.5.8-1.2.8-1.9s-.3-1.4-.8-1.9"/></svg>
\ No newline at end of file
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48" class="svg gitea-git" width="16" height="16" aria-hidden="true"><path d="M46.99 21.6 26.4 1.01A3.45 3.45 0 0 0 24 0c-.884 0-1.768.379-2.4 1.01l-4.421 4.422 5.179 5.179A3.5 3.5 0 0 1 24 10.23c2.147 0 3.79 1.643 3.79 3.79 0 .632-.127 1.137-.38 1.642l5.053 5.053a3.5 3.5 0 0 1 1.642-.38c2.148 0 3.79 1.643 3.79 3.79s-1.642 3.79-3.79 3.79c-2.147 0-3.79-1.642-3.79-3.79 0-.631.127-1.137.38-1.642l-5.053-5.052c-.126 0-.253.126-.379.126v13.137c1.516.505 2.526 1.894 2.526 3.537 0 2.147-1.642 3.79-3.789 3.79s-3.79-1.643-3.79-3.79c0-1.643 1.011-3.032 2.527-3.537V17.432c-1.516-.506-2.526-1.895-2.526-3.537 0-.632.126-1.137.378-1.642l-5.178-5.18L1.01 21.6A3.45 3.45 0 0 0 0 24c0 .884.379 1.768 1.01 2.4L21.6 46.99A3.45 3.45 0 0 0 24 48c.884 0 1.768-.379 2.4-1.01L46.99 26.4A3.45 3.45 0 0 0 48 24c0-.884-.379-1.768-1.01-2.4"/></svg>
\ No newline at end of file
diff --git a/public/assets/img/svg/gitea-gogs.svg b/public/assets/img/svg/gitea-gogs.svg
index 7727542b6f..c89b539a0a 100644
--- a/public/assets/img/svg/gitea-gogs.svg
+++ b/public/assets/img/svg/gitea-gogs.svg
@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 67.733 67.733" class="svg gitea-gogs" width="16" height="16" aria-hidden="true"><g style="display:inline"><path d="M28.764 62.186c-.212-.03-.436-.106-.498-.17-.143-.149-.325-.78-.89-3.087-.248-1.01-.506-1.976-.574-2.146-.149-.372-.48-.586-2.138-1.376-1.849-.882-3.864-2.103-5.63-3.413l-.753-.56-2.322.68c-1.278.372-2.658.75-3.069.839l-.745.161-.352-.536c-.952-1.453-3.563-5.958-4.626-7.978l-.557-1.06.483-.591c.266-.326 1.293-1.418 2.282-2.427l1.8-1.835-.181-1.039c-.161-.925-.18-1.32-.183-3.624-.002-2.082.026-2.778.143-3.58l.146-.994-2.063-2.035c-1.532-1.51-2.104-2.127-2.22-2.393-.154-.353-.154-.361.003-.767.476-1.232 4.42-7.981 5.186-8.876l.257-.3.484.125c.267.07 1.586.437 2.93.818l2.445.691.43-.26c.236-.144.845-.565 1.352-.936 1.305-.955 2.69-1.762 4.708-2.743 1.875-.912 1.839-.883 2.124-1.683.066-.184.337-1.17.602-2.193.265-1.022.573-2.136.685-2.476.176-.534.233-.623.422-.665.484-.106 3.97-.15 7.292-.093l3.52.061.43 1.748c.51 2.069.91 3.48 1.128 3.991.174.407.008.309 2.594 1.536 1.355.643 2.654 1.424 4.307 2.59.702.497 1.338.945 1.413.996.11.075.503-.016 1.995-.464a91 91 0 0 1 3.022-.85l1.163-.295.145.192c.933 1.235 5.325 8.9 5.325 9.293 0 .334-.488.915-2.54 3.027l-1.894 1.948.158.96c.228 1.383.275 3.127.159 5.922l-.102 2.451 1.51 1.495c1.55 1.535 2.471 2.55 2.683 2.959.116.223.104.265-.329 1.131-1.29 2.583-4.51 8.106-4.924 8.445-.23.187-.907.06-3.362-.636-1.264-.358-2.428-.67-2.585-.693-.255-.038-.378.02-1.095.52-2.75 1.915-3.396 2.301-5.615 3.357-.864.41-1.587.808-1.713.941-.28.295-.5 1.01-1.142 3.71l-.508 2.141-1.894.05c-2.516.066-8.338.064-8.822-.004zm7.858-12.12c2.091-.389 5.175-1.724 6.867-2.974 1.797-1.327 4.758-4.883 4.977-5.976.047-.236.02-.268-.545-.647-.9-.603-2.188-1.377-5.078-3.05-4.184-2.421-4.523-2.676-4.524-3.398-.001-1.34-1.22-3.278-2.424-3.858-1.79-.861-3.842-.522-5.214.864-.315.318-.68.79-.821 1.058-1.356 2.595.091 5.559 3.005 6.155.886.181 1.73.074 2.913-.372l.88-.332 2.022 1.158c2.672 1.531 3.619 2.123 4.1 2.561.34.31.392.395.347.573-.077.304-.674 1.002-1.394 1.63-1.608 1.404-3.353 2.267-5.547 2.743-1.178.256-3.523.256-4.7 0-1.21-.262-1.987-.533-3.065-1.07a12.46 12.46 0 0 1-6.83-9.635c-.156-1.255-.067-3.198.201-4.38 1.025-4.512 4.41-7.971 8.972-9.169 1.369-.359 1.99-.43 3.327-.382 1.261.046 1.954.168 3.54.625.566.162 1.095.26 1.455.268.495.012.62-.018 1.01-.236 1.08-.605 1.36-1.855.603-2.693-1.318-1.458-6.683-2.214-10.374-1.462-2.483.506-5.054 1.805-6.994 3.535-2.575 2.295-4.26 4.712-5.127 7.353-.924 2.816-1.025 6.141-.275 9.11.774 3.063 2.55 5.963 4.958 8.095 2.442 2.162 5.767 3.672 8.928 4.055 1.089.132 3.735.05 4.807-.15z" style="display:inline;fill:#d75547;fill-opacity:1;fill-rule:evenodd;stroke:#428f29;stroke-width:.0190672;paint-order:markers fill stroke"/></g></svg>
\ No newline at end of file
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 67.725 67.725" class="svg gitea-gogs" width="16" height="16" aria-hidden="true"><g style="display:inline"><path d="M27.943 67.653c-.253-.035-.52-.127-.595-.205-.17-.176-.389-.932-1.065-3.691-.296-1.21-.605-2.364-.686-2.567-.178-.445-.575-.7-2.558-1.646-2.212-1.055-4.622-2.517-6.734-4.083l-.902-.67-2.778.812c-1.528.447-3.18.899-3.67 1.005l-.892.193-.42-.642c-1.14-1.738-4.263-7.126-5.535-9.544l-.666-1.266.578-.708c.318-.39 1.547-1.696 2.73-2.903l2.152-2.195-.216-1.243c-.192-1.107-.216-1.578-.219-4.335-.002-2.491.031-3.324.172-4.283l.175-1.19-2.47-2.434c-1.831-1.806-2.516-2.544-2.655-2.862-.184-.423-.184-.432.004-.918.57-1.473 5.287-9.547 6.203-10.617l.308-.36.58.15c.319.084 1.896.524 3.505.979l2.924.827.514-.312c.283-.171 1.011-.675 1.618-1.12 1.56-1.142 3.218-2.107 5.631-3.28 2.243-1.091 2.2-1.057 2.542-2.014.079-.22.402-1.4.72-2.623.316-1.222.685-2.555.82-2.961.21-.64.278-.747.504-.796.579-.127 4.75-.18 8.723-.111l4.21.073.515 2.09c.61 2.475 1.087 4.164 1.349 4.774.209.488.01.37 3.103 1.837 1.621.77 3.175 1.704 5.152 3.1.84.593 1.601 1.13 1.691 1.19.132.09.601-.019 2.387-.554 1.222-.367 2.849-.825 3.614-1.018l1.392-.352.173.23c1.116 1.476 6.37 10.647 6.37 11.116 0 .4-.584 1.095-3.04 3.621l-2.264 2.33.19 1.15c.272 1.654.327 3.74.188 7.083l-.121 2.932L63 41.431c1.854 1.836 2.956 3.05 3.21 3.539.139.266.124.317-.393 1.353-1.543 3.09-5.396 9.697-5.891 10.102-.274.224-1.084.07-4.022-.761-1.512-.429-2.904-.802-3.093-.83-.304-.044-.451.026-1.309.623-3.29 2.291-4.062 2.753-6.717 4.015-1.034.492-1.898.967-2.05 1.127-.334.353-.598 1.209-1.365 4.438l-.608 2.561-2.265.06c-3.01.079-9.974.076-10.554-.005zm9.4-14.499c2.502-.465 6.191-2.062 8.215-3.557 2.15-1.588 5.692-5.842 5.953-7.15.057-.28.024-.32-.651-.773-1.076-.722-2.617-1.647-6.075-3.648-5.005-2.897-5.411-3.202-5.412-4.065-.001-1.603-1.458-3.921-2.9-4.615-2.141-1.03-4.595-.624-6.236 1.034-.377.38-.815.944-.983 1.266-1.621 3.103.11 6.649 3.595 7.362 1.06.217 2.07.088 3.485-.445l1.053-.397 2.418 1.386c3.197 1.831 4.33 2.538 4.906 3.063.407.37.468.472.414.685-.092.364-.806 1.199-1.668 1.95-1.924 1.68-4.01 2.711-6.635 3.281-1.41.306-4.215.306-5.622.001-1.449-.315-2.378-.639-3.666-1.28a14.9 14.9 0 0 1-8.17-11.527c-.188-1.501-.081-3.825.24-5.24 1.225-5.397 5.274-9.535 10.732-10.967 1.637-.43 2.38-.515 3.98-.457 1.509.055 2.338.2 4.235.747.677.194 1.31.311 1.74.321.593.014.743-.021 1.208-.282 1.292-.725 1.626-2.22.721-3.221-1.576-1.745-7.993-2.65-12.41-1.75-2.97.606-6.045 2.16-8.365 4.229-3.08 2.746-5.096 5.636-6.133 8.796-1.107 3.368-1.227 7.346-.33 10.896.926 3.665 3.05 7.134 5.931 9.685 2.92 2.586 6.899 4.393 10.68 4.851 1.303.158 4.467.06 5.75-.179z" style="display:inline;fill:#d75547;fill-opacity:1;fill-rule:evenodd;stroke:#428f29;stroke-width:.0190659;paint-order:markers fill stroke"/></g></svg>
\ No newline at end of file
diff --git a/release-notes-published/11.0.0.md b/release-notes-published/11.0.0.md
new file mode 100644
index 0000000000..4037daf265
--- /dev/null
+++ b/release-notes-published/11.0.0.md
@@ -0,0 +1,424 @@
+A [companion blog post](https://forgejo.org/2025-04-release-v11-0/) provides additional context on this major release.
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6963): <!--number 6963 --><!--line 0 --><!--description ZmVhdChhdXRoKTogYWRkIGFiaWxpdHkgdG8gcmVnZW5lcmF0ZSBhY2Nlc3MgdG9rZW5z-->add ability to regenerate access tokens<!--description-->
+- Breaking bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7148): <!--number 7148 --><!--line 0 --><!--description RHJvcCBTU1BJIGF1dGggc3VwcG9ydCBhbmQgbW9yZSBXaW5kb3dzIGZpbGVz-->drop SSPI auth support and more Windows files<!--description-->
+- User Interface features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7168): <!--number 7168 --><!--line 0 --><!--description ZmVhdCh1aSk6IGxvY2FsaXplIHRoZW1lIG5hbWVz-->localize theme names<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7103): <!--number 7103 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgaW5jb3JyZWN0IGBST09UX1VSTGAgd2FybmluZw==-->improve incorrect `ROOT_URL` warning<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7062): <!--number 7062 --><!--line 0 --><!--description ZW5oOiBhZG1pbiB1c2VyIHZpZXc=-->admin user view<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7030): <!--number 7030 --><!--line 0 --><!--description ZmVhdCh1aSk6IHdlbGNvbWUgc2NyZWVuIGZvciB1c2VyIGRhc2hib2FyZA==-->welcome screen for user dashboard<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7006): <!--number 7006 --><!--line 0 --><!--description SW1wcm92ZSAiVVJMIiBoYW5kbGluZyBpbiBtYXJrZG93biBlZGl0b3I=-->improve "URL" handling in markdown editor<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6863): <!--number 6863 --><!--line 0 --><!--description ZmVhdCh1aSk6IERpc3BsYXkgdG8gbWFpbnRhaW5lcnMgaW4gUFIgd2hlbiBpdCBpcyBlZGl0YWJsZQ==-->display to maintainers in pull request when it is editable<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6835): <!--number 6835 --><!--line 0 --><!--description U2ltcGxpZnkgcHJvbm91bnMgaW4gdXNlciBzZXR0aW5ncw==-->simplify pronouns in user settings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6675): <!--number 6675 --><!--line 0 --><!--description U3BsaXQgRm9yZ2VqbyBsYW5kaW5nIHBhZ2UgdGVtcGxhdGUgdG8gYWxsb3cgcGF0Y2hpbmcgb3IgcmVtb3ZpbmcgRm9yZ2VqbyBpbnRyb2R1Y3Rpb24gc2VjdGlvbg==-->split Forgejo landing page template to allow patching or removing Forgejo introduction section<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6645): <!--number 6645 --><!--line 0 --><!--description ZmVhdCh1aSk6IHNldCBkZWZhdWx0IHJlbGVhc2UgdGl0bGUgdG8gdGFnIG5hbWU=-->set default release title to tag name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6602): <!--number 6602 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFkZCBxdW90YSBvdmVydmlldw==-->add quota overview<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6599): <!--number 6599 --><!--line 0 --><!--description QWxsb3cgb3BlbmluZyBhIHNpbmdsZS1maWxlIGRpZmYgZnJvbSBmaWxlIGhpc3Rvcnkgdmlldw==-->allow opening a single-file diff from file history view<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6523): <!--number 6523 --><!--line 0 --><!--description UmVkdWNlIG5vaXNlIGluIHRoZSB0aW1lbGluZSBvZiBpc3N1ZXMgYW5kIHB1bGwgcmVxdWVzdHMuIElmIGNlcnRhaW4gdGltZWxpbmUgZXZlbnRzIGFyZSBwZXJmb3JtZWQgd2l0aGluIGEgY2VydGFpbiB0aW1lZnJhbWUgb2YgZWFjaCBvdGhlciB3aXRoIG5vIG90aGVyIGV2ZW50cyBpbiBiZXR3ZWVuLCB0aGV5IHdpbGwgYmUgY29tYmluZWQgaW50byBhIHNpbmdsZSB0aW1lbGluZSBldmVudCwgYW5kIGFueSBjb250cmFkaWN0b3J5IGFjdGlvbnMgd2lsbCBiZSBjYW5jZWxlZCBhbmQgbm90IGRpc3BsYXllZC4gVGhlIG9sZGVyIHRoZSBldmVudHMsIHRoZSB3aWRlciB0aGUgdGltZWZyYW1lIHdpbGwgYmVjb21lLg==-->reduce noise in the timeline of issues and pull requests. If certain timeline events are performed within a certain timeframe of each other with no other events in between, they will be combined into a single timeline event, and any contradictory actions will be canceled and not displayed. The older the events, the wider the timeframe will become.<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7287): <!--number 7287 --><!--line 0 --><!--description aTE4bjogbWFrZSBEYW5pc2ggYXZhaWxhYmxlIGluIFVJ-->i18n: make Danish available in UI<!--description-->
+  - Updates from Codeberg Translate: [[1]](https://codeberg.org/forgejo/forgejo/pulls/6331), [[2]](https://codeberg.org/forgejo/forgejo/pulls/6378), [[3]](https://codeberg.org/forgejo/forgejo/pulls/6451), [[4]](https://codeberg.org/forgejo/forgejo/pulls/6515), [[5]](https://codeberg.org/forgejo/forgejo/pulls/6565), [[6]](https://codeberg.org/forgejo/forgejo/pulls/6665), [[7]](https://codeberg.org/forgejo/forgejo/pulls/6745), [[8]](https://codeberg.org/forgejo/forgejo/pulls/6814), [[9]](https://codeberg.org/forgejo/forgejo/pulls/6936), [[10]](https://codeberg.org/forgejo/forgejo/pulls/7028), [[11]](https://codeberg.org/forgejo/forgejo/pulls/7066), [[12]](https://codeberg.org/forgejo/forgejo/pulls/7157), [[13]](https://codeberg.org/forgejo/forgejo/pulls/7240), [[14]](https://codeberg.org/forgejo/forgejo/pulls/7529) (Backport of [[1]](https://codeberg.org/forgejo/forgejo/pulls/7275), [[2]](https://codeberg.org/forgejo/forgejo/pulls/7363), [[3]](https://codeberg.org/forgejo/forgejo/pulls/7438))
+- Features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7286): <!--number 7286 --><!--line 0 --><!--description cmV0dXJuIGBydW5fbnVtYmVyYCBpbiB3b3JrZmxvdyBkaXNwYXRjaA==-->return `run_number` in workflow dispatch<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7256): <!--number 7256 --><!--line 0 --><!--description ZmVhdChhcGkpOiBhZGQgbW9yZSBzb3J0aW5nIHRvIG93biByZXBvc2l0b3J5IGxpc3Q=-->add more sorting to own repository list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7211): <!--number 7211 --><!--line 0 --><!--description ZmVhdChhcGkpOiBhZGQgc29ydCBwYXJhbWV0ZXIgdG8gbGlzdCBpc3N1ZXMgQVBJ-->add sort parameter to list issues API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7193): <!--number 7193 --><!--line 0 --><!--description TWFrZSBpdCBwb3NzaWJsZSB0byB0cmFjayB0aGUgcHJvZ3Jlc3Mgb2YgbWFudWFsbHkgdHJpZ2dlcmVkIHdvcmtmbG93cw==-->make it possible to track the progress of manually triggered workflows<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7137): <!--number 7137 --><!--line 0 --><!--description aW50ZXJwcmV0IFByZWNlZGVuY2U6IGF1dG9fcmVwbHkgYXMgYW4gYXV0byByZXBseQ==-->interpret Precedence: auto_reply as an auto reply<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7136): <!--number 7136 --><!--line 0 --><!--description cGFyc2UgbXVsdGlwYXJ0L3JlbGF0ZWQgcGFydHMgYXMgYXR0YWNobWVudHMgJiBndWVzcyBmaWxlbmFtZQ==-->parse multipart/related parts as attachments & guess filename<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7102): <!--number 7102 --><!--line 0 --><!--description QWRkZWQgbWlzc2luZyBudWdldCBWMiBwcm9wZXJ0aWVzIHRvIEFQSQ==-->added missing nuget V2 properties to API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6970): <!--number 6970 --><!--line 0 --><!--description T3JkZXIgdGhlIHVzZXIncyBvcmdhbml6YXRpb24gbGlzdCBhbHBoYWJldGljYWxseQ==-->order the user's organization list alphabetically<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6952): <!--number 6952 --><!--line 0 --><!--description ZmVhdChpc3N1ZSBzZWFyY2gpOiBxdWVyeSBzdHJpbmcgZm9yIGJvb2xlYW4gb3BlcmF0b3JzIGFuZCBwaHJhc2Ugc2VhcmNo-->in code search, add query string for boolean operators and phrase search<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6947): <!--number 6947 --><!--line 0 --><!--description ZmVhdChjb2RlIHNlYXJjaCk6IHJlcGxhY2UgZnV6enkgc2VhcmNoIHdpdGggdW5pb24gc2VhcmNoIGZvciBpbmRleGVy-->in code search, replace fuzzy search with union search for indexer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6820): <!--number 6820 --><!--line 0 --><!--description Y2hvcmUoY29uZmlnKTogc2V0IGRlZmF1bHQgdmFsdWUgb2YgVXNlQ29tcGF0U1NIVVJJIHRvIHRydWU=-->set default value of UseCompatSSHURI to true<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6773): <!--number 6773 --><!--line 0 --><!--description QWRkIHByb25vdW4gcHJpdmFjeSBvcHRpb24=-->add pronoun privacy option<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6763): <!--number 6763 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC82ODlmYjgyYTcwNDNmZGIyZmVlMDIxOTU3MDFiMGJjNzI4ZTk5NzA5KSBBUEkgZW5kcG9pbnQgdG8gcmVuYW1lIGFuIG9yZ2FuaXphdGlvbg==-->[commit](https://codeberg.org/forgejo/forgejo/commit/689fb82a7043fdb2fee02195701b0bc728e99709) API endpoint to rename an organization<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6474): <!--number 6474 --><!--line 0 --><!--description RmlsbCB3ZWJzaXRlIGZpZWxkIHdoZW4gbWlncmF0aW5nIGZyb20gZXh0ZXJuYWw=-->fill website field when migrating from external<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6471): <!--number 6471 --><!--line 0 --><!--description W2NvbW1pdF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2NvbW1pdC83NmE4NWQyNmM4NTc2ZmM0MTBkYzY0OTRmMjkwN2ZmYzJiMzUzYzM5KSBVc2UgYFByb2plY3QtVVJMYCBtZXRhZGF0YSBmaWVsZCB0byBnZXQgYSBQeVBJIHBhY2thZ2UncyBob21lcGFnZSBVUkw=-->[commit](https://codeberg.org/forgejo/forgejo/commit/76a85d26c8576fc410dc6494f2907ffc2b353c39) use `Project-URL` metadata field to get a PyPI package's homepage URL<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6470): <!--number 6470 --><!--line 0 --><!--description aW1wcm92ZSBGb3JnZWpvIGRpYWdub3N0aWNz-->improve Forgejo diagnostics<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6445): <!--number 6445 --><!--line 0 --><!--description d2ViaG9vazogc291cmNlaHV0OiBzdWJtaXQgU1NIIFVSTCBmb3IgcHJpdmF0ZSByZXBvc2l0b3J5IG9yIHdoZW4gcHJlLWZpbGxlZA==-->sourcehut webhook: submit SSH URL for private repository or when pre-filled<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6422): <!--number 6422 --><!--line 0 --><!--description YWRkIGNvbmZpZ3VyYWJsZSBjb29sZG93biB0byBjbGFpbSB1c2VybmFtZXM=-->add configurable cooldown to claim usernames<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6411): <!--number 6411 --><!--line 0 --><!--description ZG9uJ3QgYWxsb3cgYmxvY2tpbmcgdGhlIGRvZXI=-->don't allow blocking the doer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6351): <!--number 6351 --><!--line 0 --><!--description W0FsdCBMaW51eCBBcHQtUnBtXShodHRwczovL2VuLmFsdGxpbnV4Lm9yZy9SUE0pIHJlcG9zaXRvcnkgW3N1cHBvcnQgZm9yIEZvcmdlam8gcGFja2FnZXNdKGh0dHBzOi8vZm9yZ2Vqby5vcmcvZG9jcy9uZXh0L3VzZXIvcGFja2FnZXMvYWx0Lyku-->[Alt Linux Apt-Rpm](https://en.altlinux.org/RPM) repository [support for Forgejo packages](https://forgejo.org/docs/next/user/packages/alt/)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6300): <!--number 6300 --><!--line 0 --><!--description QWRkIHNlYXJjaCBhY3Rpb24gam9icyBmb3IgQVBJIHJvdXRlcywgcmVwbywgb3JnIGFuZCBnbG9iYWwgbGV2ZWw=-->add search action jobs for API routes, repo, org and global level<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6269): <!--number 6269 --><!--line 0 --><!--description QWRkIHN1bW1hcnkgY2FyZCBmb3IgcmVwb3MgYW5kIHJlbGVhc2Vz-->add summary card for repos and releases<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6232): <!--number 6232 --><!--line 0 --><!--description YWRkIHN5bmNocm9uaXphdGlvbiBmb3IgU1NIIGtleXMgZm9yIE9wZW5JRCBDb25uZWN0-->add synchronization for SSH keys for OpenID Connect<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6203): <!--number 6203 --><!--line 0 --><!--description SW5pdGlhbCBzdXBwb3J0IGZvciBsb2NhbGl6YXRpb24gYW5kIHBsdXJhbGl6YXRpb24gd2l0aCBnby1pMThuLUpTT04tdjIgZm9ybWF0-->initial support for localization and pluralization with go-i18n-JSON-v2 format<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5385): <!--number 5385 --><!--line 0 --><!--description UGVybWl0IHRvIGRvd25sb2FkIHBhdGNoIGFuZCBkaWZmICBmaWxlIGJldHdlZW4gdGFncyBhbmQgYnJhbmNoZXM=-->permit to download patch and diff  file between tags and branches<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5303): <!--number 5303 --><!--line 0 --><!--description UmVtb3ZlIFNIQTEgZm9yIHN1cHBvcnQgZm9yIHNzaCByc2Egc2lnbmluZw==-->remove SHA1 for support for ssh rsa signing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4736): <!--number 4736 --><!--line 0 --><!--description U2hvdyBsaW5rIHRvIGRvd25sb2FkIGRpcmVjdG9yeQ==-->show link to download directory<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7395) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7401)): <!--number 7401 --><!--line 0 --><!--description Zml4OiB2YWxpZGF0ZSBpbnB1dCBmb3IgZGVmYXVsdF97bWVyZ2UsdXBkYXRlfV9zdHlsZQ==-->validate input for default_{merge,update}_style<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7257): <!--number 7257 --><!--line 0 --><!--description SW5jbHVkZSBwbGF0Zm9ybSBpbmZvcm1hdGlvbiBvbiBydWJ5Z2VtcyBjb21wYWN0IGluZGV4IEFQSSAjNjUwNw==-->include platform information on rubygems compact index API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7020): <!--number 7020 --><!--line 0 --><!--description TGlzdGVuaW5nIG9uIGFic3RyYWN0IGRvbWFpbiBzb2NrZXRz-->listening on abstract domain sockets<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7010): <!--number 7010 --><!--line 0 --><!--description Zml4KHdlYik6IEZvcmJpZCBibG9ja2VkIHVzZXJzIGZyb20gcmVvcGVuaW5nIGlzc3Vlcw==-->forbid blocked users from reopening issues<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6856): <!--number 6856 --><!--line 0 --><!--description Zml4KGFwaSk6IGFsbG93IGNvbGxhYm9yYXRvcnMgdG8gcmVhZCB0aGVpciBvd24gcGVybWlzc2lvbnM=-->allow collaborators to read their own permissions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6784): <!--number 6784 --><!--line 0 --><!--description bW9yZSBwZXJtaXNzaXZlIG1hcmt1cCBjb21taXQgaGFzaCBkZXRlY3Rpb24=-->more permissive markup commit hash detection<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6766): <!--number 6766 --><!--line 0 --><!--description Zml4KGNvbW1lbnRlciByb2xlcyk6IGRvbid0IGdpdmUgc3lzdGVtIHVzZXJzIHJvbGVz-->don't give system users roles on comments<!--description-->
+- Included for completeness but not worth a release note
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7558) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7559)): <!--number 7559 --><!--line 0 --><!--description Zml4KHVpKTogbWFrZSB0YWcgZHJvcGRvd24gY2xpY2thYmxlIGFnYWlu-->fix(ui): make tag dropdown clickable again<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7543) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7544)): <!--number 7544 --><!--line 0 --><!--description Zml4OiBtYXRjaCBQYWNrYWdlQmxvYi5IYXNoQmxha2UyYiBkZWZpbml0aW9uIGFuZCBtaWdyYXRpb24=-->fix: match PackageBlob.HashBlake2b definition and migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7539) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7542)): <!--number 7542 --><!--line 0 --><!--description Zml4KFVJKTogaTE4bjogaW1wcm92ZSBuYW1pbmc=-->fix(UI): i18n: improve naming<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7520) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7521)): <!--number 7521 --><!--line 0 --><!--description Zml4OiBwYWNrYWdlX2Jsb2IuaGFzX2JsYWtlMmIgbWF5IGJlIG51bGw=-->fix: package_blob.has_blake2b may be null<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7261) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7450)): <!--number 7450 --><!--line 0 --><!--description Zml4OiByZWRpcmVjdCB0byBzdWJtb2R1bGUgaW5zdGVhZCBvZiB0aHJvd2luZyA1MDAgZXJyb3Igd2hlbiB2aWV3aW5nIHN1Ym1vZHVsZSBlbnRyeQ==-->fix: redirect to submodule instead of throwing 500 error when viewing submodule entry<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7421) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7437)): <!--number 7437 --><!--line 0 --><!--description Zml4KG1pZ3JhdGlvbnMpOiB0cmFuc2ZlciBQUiBmbG93IGluZm9ybWF0aW9u-->fix(migrations): transfer PR flow information<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7422) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7430)): <!--number 7430 --><!--line 0 --><!--description OiBmaXgoaTE4bik6IGZpeCBzZXZlcmFsIHVzYWdlcyBvZiBpMThu-->: fix(i18n): fix several usages of i18n<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7370): <!--number 7370 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjM4LjAgKHYxMS4wL2Zvcmdlam8p-->Update module golang.org/x/net to v0.38.0 (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7355) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7365)): <!--number 7365 --><!--line 0 --><!--description NDEwOC1lbXB0eS1zbGljZS1lbmNvZGVkLXRvLW51bGw=-->4108-empty-slice-encoded-to-null<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7337) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7354)): <!--number 7354 --><!--line 0 --><!--description Y2hvcmU6IGJyYW5kaW5nIGltcG9ydCBwYXRo-->chore: branding import path<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7344) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7345)): <!--number 7345 --><!--line 0 --><!--description Zml4KHVpKTogRG8gbm90IGNoZWNrIGZvciBgdmVydGljYWwtYWxpZ25g-->fix(ui): Do not check for `vertical-align`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7340): <!--number 7340 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vYWN0IHRvIHYxLjI1LjEgKGZvcmdlam8p-->Update module code.forgejo.org/forgejo/act to v1.25.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7338): <!--number 7338 --><!--line 0 --><!--description Zml4IGNpIGRhc2hib2FyZCBlMmUgdGVzdA==-->fix ci dashboard e2e test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7333): <!--number 7333 --><!--line 0 --><!--description YnVpbGQ6IHJlcXVpcmUgbm9kZSB2MjA=-->build: require node v20<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7332): <!--number 7332 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjIyIChmb3JnZWpvKQ==-->Update Node.js to v22 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7329): <!--number 7329 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiB1cGRhdGUgc2V0dGluZ3MgZm9yIGxhdGVzdCB2ZXJzaW9u-->chore(renovate): update settings for latest version<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7326): <!--number 7326 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2J1aWxka2l0ZS90ZXJtaW5hbC10by1odG1sL3YzIHRvIHYzLjE2LjggKGZvcmdlam8p-->Update module github.com/buildkite/terminal-to-html/v3 to v3.16.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7323): <!--number 7323 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2NhZGR5c2VydmVyL2NlcnRtYWdpYyB0byB2MC4yMi4yIChmb3JnZWpvKQ==-->Update module github.com/caddyserver/certmagic to v0.22.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7317): <!--number 7317 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7316): <!--number 7316 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4yMTIuMCAoZm9yZ2Vqbyk=-->Update renovate to v39.212.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7313): <!--number 7313 --><!--line 0 --><!--description cmVtb3ZlIGFuIGV4dHJhbmVvdXMgfSBpbiBpc3N1ZSBkZXBlbmRlbmNpZXMgdGVtcGxhdGU=-->remove an extraneous } in issue dependencies template<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7311): <!--number 7311 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEwLjAuMw==-->chore(release-notes): Forgejo v10.0.3<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7296): <!--number 7296 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZy1qd3Qvand0L3Y1IHRvIHY1LjIuMiBbU0VDVVJJVFldIChmb3JnZWpvKQ==-->Update module github.com/golang-jwt/jwt/v5 to v5.2.2 [SECURITY] (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7293): <!--number 7293 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLXNxbC1kcml2ZXIvbXlzcWwgdG8gdjEuOS4xIChmb3JnZWpvKQ==-->Update module github.com/go-sql-driver/mysql to v1.9.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7281): <!--number 7281 --><!--line 0 --><!--description VXBkYXRlIG1jci5taWNyb3NvZnQuY29tL2RldmNvbnRhaW5lcnMvZ28gRG9ja2VyIHRhZyB0byB2MS4yNCAoZm9yZ2Vqbyk=-->Update mcr.microsoft.com/devcontainers/go Docker tag to v1.24 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7280): <!--number 7280 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEwLjAuMg==-->chore(release-notes): Forgejo v10.0.2<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7279): <!--number 7279 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3JlZGlzL2dvLXJlZGlzL3Y5IHRvIHY5LjcuMyAoZm9yZ2Vqbyk=-->Update module github.com/redis/go-redis/v9 to v9.7.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7270): <!--number 7270 --><!--line 0 --><!--description Y29uc2lkZXIgaXNzdWVzIGluIHJlcG9zaXRvcnkgYWNjZXNzaWJsZSB2aWEgYGFjY2Vzc2AgdGFibGU=-->consider issues in repository accessible via `access` table<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7266): <!--number 7266 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjcuMC4xNA==-->chore(release-notes): Forgejo v7.0.14<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7262): <!--number 7262 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBhZGQgYHlhbWxsaW50YCB0byBhdXRvbWVyZ2U=-->chore(renovate): add `yamllint` to automerge<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7260): <!--number 7260 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRsYWIuY29tL2dpdGxhYi1vcmcvYXBpL2NsaWVudC1nbyB0byB2MC4xMjYuMCAoZm9yZ2Vqbyk=-->Update module gitlab.com/gitlab-org/api/client-go to v0.126.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7259): <!--number 7259 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgeWFtbGxpbnQgdG8gdjEuMzYuMiAoZm9yZ2Vqbyk=-->Update dependency yamllint to v1.36.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7258): <!--number 7258 --><!--line 0 --><!--description Y2hvcmUoZGVwZW5kZW5jeSk6IHVwZ3JhZGUgZ29mMyB2My4xMC42-->chore(dependency): upgrade gof3 v3.10.6<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7253): <!--number 7253 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNsaW50LWltcG9ydC1yZXNvbHZlci10eXBlc2NyaXB0IHRvIHY0IChmb3JnZWpvKQ==-->Update dependency eslint-import-resolver-typescript to v4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7252): <!--number 7252 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBgQHZpdGVqcy9wbHVnaW4tdnVlYCB0byByZW5vdmF0ZSBhdXRvbWVyZ2U=-->chore: add `@vitejs/plugin-vue` to renovate automerge<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7248): <!--number 7248 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVqcy9wbHVnaW4tdnVlIHRvIHY1LjIuMyAoZm9yZ2Vqbyk=-->Update dependency @vitejs/plugin-vue to v5.2.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7247): <!--number 7247 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7246): <!--number 7246 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4yMDUuMCAoZm9yZ2Vqbyk=-->Update renovate to v39.205.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7244): <!--number 7244 --><!--line 0 --><!--description YnJhbmRpbmc6IHVwZGF0ZSBBUEkgZGVzY3JpcHRpb25z-->branding: update API descriptions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7237): <!--number 7237 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy1jaGVja2VyL2VkaXRvcmNvbmZpZy1jaGVja2VyL3YzL2NtZC9lZGl0b3Jjb25maWctY2hlY2tlciB0byB2My4yLjEgKGZvcmdlam8p-->Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.2.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7236): <!--number 7236 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgeWFtbGxpbnQgdG8gdjEuMzYuMSAoZm9yZ2Vqbyk=-->Update dependency yamllint to v1.36.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7230): <!--number 7230 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2JpdG5hbWkvcG9zdGdyZXNxbCBEb2NrZXIgdGFnIHRvIHYxNiAoZm9yZ2Vqbyk=-->Update data.forgejo.org/oci/bitnami/postgresql Docker tag to v16 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7229): <!--number 7229 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHBsYXl3cmlnaHQvdGVzdCB0byB2MS41MS4wIChmb3JnZWpvKQ==-->Update dependency @playwright/test to v1.51.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7228): <!--number 7228 --><!--line 0 --><!--description VXBkYXRlIHZpdGVzdCBtb25vcmVwbyB0byB2My4wLjggKGZvcmdlam8p-->Update vitest monorepo to v3.0.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7226): <!--number 7226 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7225): <!--number 7225 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYxNy40LjQgKGZvcmdlam8p-->Update dependency happy-dom to v17.4.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7224): <!--number 7224 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHN0b3BsaWdodC9zcGVjdHJhbC1jbGkgdG8gdjYuMTQuMyAoZm9yZ2Vqbyk=-->Update dependency @stoplight/spectral-cli to v6.14.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7223): <!--number 7223 --><!--line 0 --><!--description cGVyZjogYXZvaWQgc29ydGluZyB0ZWFtIG5hbWVzIGZvciBgQ29tcG9zZU1ldGFzYA==-->perf: avoid sorting team names for `ComposeMetas`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7222): <!--number 7222 --><!--line 0 --><!--description Y2hvcmUocnVubmVyKTogcmV0dXJuIGVycm9ycyBjcmVhdGVkIGJ5IGBjb25uZWN0YA==-->chore(runner): return errors created by `connect`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7221): <!--number 7221 --><!--line 0 --><!--description cGVyZjogb3B0aW1pemUgY29udmVydGluZyByZWxlYXNlcyB0byBmZWVkIGl0ZW1z-->perf: optimize converting releases to feed items<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7220): <!--number 7220 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjUtMTIgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2025-12 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7219): <!--number 7219 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuNS4wIChmb3JnZWpvKQ==-->Update dependency mermaid to v11.5.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7214): <!--number 7214 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy9lZGl0b3Jjb25maWctY29yZS1nby92MiB0byB2Mi42LjMgKGZvcmdlam8p-->Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7213): <!--number 7213 --><!--line 0 --><!--description Y2hvcmUodWkpOiByZW1vdmUgdW51c2VkIHRlbXBsYXRlICJzaGFyZWQvdXNlci9ibG9ja2VkX3VzZXJzIg==-->chore(ui): remove unused template "shared/user/blocked_users"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7210): <!--number 7210 --><!--line 0 --><!--description aGFuZGxlIGRlbGV0ZWQgdXNlciBtb2RpZnlpbmcgZXZlbnQgc3RhdGUgaW4gZ2l0bGFiIG1pZ3JhdGlvbg==-->handle deleted user modifying event state in gitlab migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7208): <!--number 7208 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgeWFtbGxpbnQgdG8gdjEuMzYuMCAoZm9yZ2Vqbyk=-->Update dependency yamllint to v1.36.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7205): <!--number 7205 --><!--line 0 --><!--description aTE4bjogZW5zdXJlIGNvbnNpc3RlbnQgaW5kZW50IHN0eWxlIGZvciBuZXh0IGxvY2FsZXM=-->i18n: ensure consistent indent style for next locales<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7199): <!--number 7199 --><!--line 0 --><!--description Zml4KGFwaSk6IG1pc3Mtc3BlbGxlZCBkZXNjcmlwdGlvbiwgY29ycmVjdGVkIHRvIGBwdWJsaWNg-->fix(api): miss-spelled description, corrected to `public`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7198): <!--number 7198 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLXdlYmF1dGhuL3dlYmF1dGhuIHRvIHYwLjEyLjIgKGZvcmdlam8p-->Update module github.com/go-webauthn/webauthn to v0.12.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7196): <!--number 7196 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21pbmlvL21pbmlvLWdvL3Y3IHRvIHY3LjAuODggKGZvcmdlam8p-->Update module github.com/minio/minio-go/v7 to v7.0.88 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7189): <!--number 7189 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7188): <!--number 7188 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4xOTUuMSAoZm9yZ2Vqbyk=-->Update renovate to v39.195.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7187): <!--number 7187 --><!--line 0 --><!--description dWk6IGltcHJvdmUgYnJhbmNoL3RhZyBkcm9wZG93biBzZWxlY3RvciBjb25zaXN0ZW5jeQ==-->ui: improve branch/tag dropdown selector consistency<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7186): <!--number 7186 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21zdGVpbmVydC9wYW0gdG8gdjIgKGZvcmdlam8p-->Update module github.com/msteinert/pam to v2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7185): <!--number 7185 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7184): <!--number 7184 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYxNy40LjMgKGZvcmdlam8p-->Update dependency happy-dom to v17.4.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7183): <!--number 7183 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTYgKGZvcmdlam8p-->Update dependency globals to v16 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7182): <!--number 7182 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNsaW50LXBsdWdpbi12dWUgdG8gdjEwIChmb3JnZWpvKQ==-->Update dependency eslint-plugin-vue to v10 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7181): <!--number 7181 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNsaW50LXBsdWdpbi11bmljb3JuIHRvIHY1NyAoZm9yZ2Vqbyk=-->Update dependency eslint-plugin-unicorn to v57 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7180): <!--number 7180 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHN0eWxpc3RpYy9lc2xpbnQtcGx1Z2luLWpzIHRvIHY0IChmb3JnZWpvKQ==-->Update dependency @stylistic/eslint-plugin-js to v4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7179): <!--number 7179 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjIyIChmb3JnZWpvKQ==-->Update Node.js to v22 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7176): <!--number 7176 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjUtMTEgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2025-11 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7175): <!--number 7175 --><!--line 0 --><!--description Zml4KHVpKTogdXNlIHVzdWFsIGFuZCBjb25zaXN0ZW50IHNpemUgZm9yIHByb2plY3QgaWNvbnMgb2YgMTY=-->fix(ui): use usual and consistent size for project icons of 16<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7174): <!--number 7174 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBtaWxlc3RvbmUvcHJvamVjdCBoZWFkZXIgY29uc2lzdGVuY3k=-->fix(ui): improve milestone/project header consistency<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7172): <!--number 7172 --><!--line 0 --><!--description Y2hvcmUodWkpOiBpbXByb3ZlIHN2ZyBpY29uIG1hcmdpbiBjb25zaXN0ZW5jeQ==-->chore(ui): improve svg icon margin consistency<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7171): <!--number 7171 --><!--line 0 --><!--description cmV2ZXJ0IGlzc3VlIHJlbmRlcmluZyBmb3IgYDxhPmAgZWxlbWVudA==-->revert issue rendering for `<a>` element<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7170): <!--number 7170 --><!--line 0 --><!--description Y2hvcmU6IG1vZGVybml6ZSBpbXBvcnQ=-->chore: modernize import<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7166): <!--number 7166 --><!--line 0 --><!--description Zml4KGkxOG4pOiBtYWtlIEhhc0tleSBhd2FyZSBvZiBuZXdTdHlsZU1lc3NhZ2Vz-->fix(i18n): make HasKey aware of newStyleMessages<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7163): <!--number 7163 --><!--line 0 --><!--description ZmVhdCh1aSB0aGVtZXMpOiBiZXR0ZXIgcGxhY2UgZm9yIHRoZW1lIGxpc3QgY3R4LCB0ZXN0aW5n-->feat(ui themes): better place for theme list ctx, testing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7161): <!--number 7161 --><!--line 0 --><!--description Y2hvcmUodWkpOiBhbHdheXMgdXNlIHByaW1hcnkgYnV0dG9uIGNvbG9yIGluc2lkZSBtb2RhbHM=-->chore(ui): always use primary button color inside modals<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7159): <!--number 7159 --><!--line 0 --><!--description Zml4KHVpKTogMmZhIHZlcmlmeSBhbGlnbm1lbnQ=-->fix(ui): 2fa verify alignment<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7158): <!--number 7158 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9ncnBjIHRvIHYxLjcxLjAgKGZvcmdlam8p-->Update module google.golang.org/grpc to v1.71.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7154): <!--number 7154 --><!--line 0 --><!--description aTE4bjogdXNlIGVsbGlwc2lzIGNoYXJhY3Rlcg==-->i18n: use ellipsis character<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7150): <!--number 7150 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvdG9vbHMvY21kL2RlYWRjb2RlIHRvIHYwLjMxLjAgKGZvcmdlam8p-->Update module golang.org/x/tools/cmd/deadcode to v0.31.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7149): <!--number 7149 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvb2F1dGgyIHRvIHYwLjI4LjAgKGZvcmdlam8p-->Update module golang.org/x/oauth2 to v0.28.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7146): <!--number 7146 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2NhZGR5c2VydmVyL2NlcnRtYWdpYyB0byB2MC4yMi4wIChmb3JnZWpvKQ==-->Update module github.com/caddyserver/certmagic to v0.22.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7135): <!--number 7135 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMjUuMCAoZm9yZ2Vqbyk=-->Update module golang.org/x/image to v0.25.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7134): <!--number 7134 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjM2LjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.36.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7132): <!--number 7132 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3VyZmF2ZS9jbGkvdjIgdG8gdjIuMjcuNiAoZm9yZ2Vqbyk=-->Update module github.com/urfave/cli/v2 to v2.27.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7130): <!--number 7130 --><!--line 0 --><!--description aW1wcm92ZSBlcnJvciBoYW5kbGluZyBvZiBjb21taXQgcmVuZGVyaW5n-->improve error handling of commit rendering<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7126): <!--number 7126 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjM2LjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.36.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7122): <!--number 7122 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3Byb21ldGhldXMvY2xpZW50X2dvbGFuZyB0byB2MS4yMS4xIChmb3JnZWpvKQ==-->Update module github.com/prometheus/client_golang to v1.21.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7121): <!--number 7121 --><!--line 0 --><!--description Y29ycmVjdCBsb2dnaW5nIGlmIGNhbGxlciBoYXMgZ2VuZXJpY3M=-->correct logging if caller has generics<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7118): <!--number 7118 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjEuNjQuNiAoZm9yZ2Vqbyk=-->Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.64.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7117): <!--number 7117 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjQuMSAoZm9yZ2Vqbyk=-->Update dependency go to v1.24.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7115): <!--number 7115 --><!--line 0 --><!--description aW50cm9kdWNlIGRpc3RhbnQgZmVkZXJhdGlvbiBzZXJ2ZXIgbW9jaw==-->introduce distant federation server mock<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7114): <!--number 7114 --><!--line 0 --><!--description Zml4IHRoZSBtb2R1bGFyaXR5IGZvciBtaWdyYXRpb24gdjE4-->fix the modularity for migration v18<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7112): <!--number 7112 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL29wZW5jb250YWluZXJzL2ltYWdlLXNwZWMgdG8gdjEuMS4xIChmb3JnZWpvKQ==-->Update module github.com/opencontainers/image-spec to v1.1.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7111): <!--number 7111 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjUtMTAgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2025-10 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7109): <!--number 7109 --><!--line 0 --><!--description ZmVhdChidWlsZCk6IGxpbnRlciBmb3IgbWlzc2luZyBtc2dpZCBkZWZpbml0aW9ucw==-->feat(build): linter for missing msgid definitions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7108): <!--number 7108 --><!--line 0 --><!--description Rml4OiBGb3JjZSBhbGwgcmVwbyB0YWIgYnV0dG9ucyB0byBiZSB0aGUgc2FtZSBoZWlnaHQ=-->Fix: Force all repo tab buttons to be the same height<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7106): <!--number 7106 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7105): <!--number 7105 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4xODUuMCAoZm9yZ2Vqbyk=-->Update renovate to v39.185.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7101): <!--number 7101 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIGhlYWRlciB0byBvcmcgc2V0dGluZ3MgL2Jsb2NrZWQgdXNlcnMgcGFnZQ==-->fix(ui): add header to org settings /blocked users page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7099): <!--number 7099 --><!--line 0 --><!--description Zml4KHVpKTogdXNlIGRpc2N1c3Npb25zIGljb24gaW4gaXNzdWUgbGlzdCBlbnRyaWVz-->fix(ui): use discussions icon in issue list entries<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7096): <!--number 7096 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2poaWxseWVyZC9lbm1pbWUvdjIgdG8gdjIuMS4wIChmb3JnZWpvKQ==-->Update module github.com/jhillyerd/enmime/v2 to v2.1.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7089): <!--number 7089 --><!--line 0 --><!--description aTE4bihlbik6IGEgZmV3IHNvdXJjZSBmaXhlcw==-->i18n(en): a few source fixes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7086): <!--number 7086 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL1B1ZXJraXRvQmlvL2dvcXVlcnkgdG8gdjEuMTAuMiAoZm9yZ2Vqbyk=-->Update module github.com/PuerkitoBio/goquery to v1.10.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7085): <!--number 7085 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYxNy4xLjggKGZvcmdlam8p-->Update dependency happy-dom to v17.1.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7083): <!--number 7083 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHN0eWxpc3RpYy9zdHlsZWxpbnQtcGx1Z2luIHRvIHYzLjEuMiAoZm9yZ2Vqbyk=-->Update dependency @stylistic/stylelint-plugin to v3.1.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7080): <!--number 7080 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2YzL2dvZjMvdjMgdG8gdjMuMTAuNCAoZm9yZ2Vqbyk=-->Update module code.forgejo.org/f3/gof3/v3 to v3.10.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7078): <!--number 7078 --><!--line 0 --><!--description Y2hvcmUoY2kpOiBlbnN1cmUgdGhlIG1hbnVhbGx5IGNhY2hlZCBHbyBjYW4gYmUgcnVu-->chore(ci): ensure the manually cached Go can be run<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7074): <!--number 7074 --><!--line 0 --><!--description Y2hvcmUodXBncmFkZSk6IHN3aXRjaCB0byBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vbGV2ZWxxdWV1ZQ==-->chore(upgrade): switch to code.forgejo.org/forgejo/levelqueue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7068): <!--number 7068 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL1Byb3Rvbk1haWwvZ28tY3J5cHRvIHRvIHYxLjEuNiAoZm9yZ2Vqbyk=-->Update module github.com/ProtonMail/go-crypto to v1.1.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7063): <!--number 7063 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvb2F1dGgyIHRvIHYwLjI3LjAgKGZvcmdlam8p-->Update module golang.org/x/oauth2 to v0.27.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7058): <!--number 7058 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjM1LjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.35.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7056): <!--number 7056 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvdG9vbHMvZ29wbHMgdG8gdjAuMTguMSAoZm9yZ2Vqbyk=-->Update module golang.org/x/tools/gopls to v0.18.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7050): <!--number 7050 --><!--line 0 --><!--description am9iIGxpc3QgcmVzcG9uc2UgdG8gYXZvaWQgd3JhcHBlZCBib2R5Lg==-->job list response to avoid wrapped body.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7048): <!--number 7048 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuMy40IChmb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.3.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7043): <!--number 7043 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuMy4zIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.3.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7042): <!--number 7042 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4xNzguMSAoZm9yZ2Vqbyk=-->Update renovate to v39.178.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7041): <!--number 7041 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBlbXB0eSBgc2VjcmV0YCB0YWJsZSBmaXh0dXJlcw==-->chore: add empty `secret` table fixtures<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7039): <!--number 7039 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2dvbGFuZyBEb2NrZXIgdGFnIHRvIHYxLjI0IChmb3JnZWpvKQ==-->Update data.forgejo.org/oci/golang Docker tag to v1.24 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7037): <!--number 7037 --><!--line 0 --><!--description ZmVhdCh1aSk6IGluY2x1ZGUgTUlNRSB0eXBlIGZvciBhcmNoaXZlIGxpbmtzIGluIGZvbGRlciBkb3dubG9hZA==-->feat(ui): include MIME type for archive links in folder download<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7036): <!--number 7036 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZW1lbnRzIGFyb3VuZCBmb2xkZXIgZG93bmxvYWQ=-->fix(ui): improvements around folder download<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7032): <!--number 7032 --><!--line 0 --><!--description aTE4bihlbik6IHNob3J0ZW4gYmFubmVyIHRleHQgZm9yIGFyY2hpdmVkIHJlcG9z-->i18n(en): shorten banner text for archived repos<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7031): <!--number 7031 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjUtMDkgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2025-09 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7029): <!--number 7029 --><!--line 0 --><!--description Zml4KHJlcG8pOiByZXR1cm4gY29kZSA0MDAgaW5zdGVhZCBvZiA1MDAgZm9yIGludmFsaWQgYXJjaGl2ZSB0eXBl-->fix(repo): return code 400 instead of 500 for invalid archive type<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7023): <!--number 7023 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjM0LjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.34.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7019): <!--number 7019 --><!--line 0 --><!--description Rml4IGludmFsaWQgc3dhZ2dlciBzeW50YXggb2YgJHJlZiB3aXRoIHNpYmxpbmc=-->Fix invalid swagger syntax of $ref with sibling<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7017): <!--number 7017 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgKGZvcmdlam8p-->Update x/tools (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7016): <!--number 7016 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3Byb21ldGhldXMvY2xpZW50X2dvbGFuZyB0byB2MS4yMS4wIChmb3JnZWpvKQ==-->Update module github.com/prometheus/client_golang to v1.21.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7015): <!--number 7015 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21laWxpc2VhcmNoL21laWxpc2VhcmNoLWdvIHRvIHYwLjMxLjAgKGZvcmdlam8p-->Update module github.com/meilisearch/meilisearch-go to v0.31.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7008): <!--number 7008 --><!--line 0 --><!--description Zml4KGV4YW1wbGUgY29uZik6IGFkZCAud2VicCB0byBBTExPV0VEX1RZUEVT-->fix(example conf): add .webp to ALLOWED_TYPES<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7007): <!--number 7007 --><!--line 0 --><!--description bGludGluZzogZml4IHR5cG9zLCBhZGQgdG9tbCB2YWxpZGF0aW9u-->linting: fix typos, add toml validation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7005): <!--number 7005 --><!--line 0 --><!--description VXBkYXRlIFppZyBnaXRpZ25vcmU=-->Update Zig gitignore<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7003): <!--number 7003 --><!--line 0 --><!--description cmV0dXJuIDQwNCBmb3IgZW1wdHkgcmVwb3NpdG9yaWVz-->return 404 for empty repositories<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6985): <!--number 6985 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2J1aWxka2l0ZS90ZXJtaW5hbC10by1odG1sL3YzIHRvIHYzLjE2LjYgKGZvcmdlam8p-->Update module github.com/buildkite/terminal-to-html/v3 to v3.16.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6969): <!--number 6969 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6967): <!--number 6967 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4xNzEuMiAoZm9yZ2Vqbyk=-->Update renovate to v39.171.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6965): <!--number 6965 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBhIG1ha2Ugb3B0aW9uIHRvIGRpc2FibGUgc3RyaXBwaW5nIGJpbmFyaWVzIGZvciBkZWJ1ZyBidWlsZHM=-->chore: add a make option to disable stripping binaries for debug builds<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6961): <!--number 6961 --><!--line 0 --><!--description UmV2ZXJ0ICJVcGRhdGUgbW9kdWxlIGdpdGh1Yi5jb20vbWluaW8vbWluaW8tZ28vdjcgdG8gdjcuMC44NiAoZm9yZ2VqbykgKCM2OTQ1KSI=-->Revert "Update module github.com/minio/minio-go/v7 to v7.0.86 (forgejo) (#6945)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6959): <!--number 6959 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFkZCBNSU1FIHR5cGVzIGZvciBnZW5lcmF0ZWQgYXJjaGl2ZXM=-->feat(ui): add MIME types for generated archives<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6958): <!--number 6958 --><!--line 0 --><!--description aTE4bjogdHJhbnNsYXRpb24gdXBkYXRlcyBmcm9tIEdpdGVh-->i18n: translation updates from Gitea<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6957): <!--number 6957 --><!--line 0 --><!--description Zm9yZ2VqbyBtaWdyYXRpb25zIG51bWJlcmluZyBpbiBjb21tZW50cyBhbmQgcmVuYW1lIGxhdGVzdCBtaWdyYXRpb24gZmlsZQ==-->forgejo migrations numbering in comments and rename latest migration file<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6953): <!--number 6953 --><!--line 0 --><!--description bmF0aXZlIHBhcnNpbmcgb2Ygc3NoIGNlcnRpZmljYXRlIGtleQ==-->native parsing of ssh certificate key<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6950): <!--number 6950 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYxNyAoZm9yZ2Vqbyk=-->Update dependency happy-dom to v17 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6949): <!--number 6949 --><!--line 0 --><!--description VXBkYXRlIGdvbGFuZyBwYWNrYWdlcyB0byB2MS4yNCAoZm9yZ2VqbykgKG1pbm9yKQ==-->Update golang packages to v1.24 (forgejo) (minor)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6945): <!--number 6945 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21pbmlvL21pbmlvLWdvL3Y3IHRvIHY3LjAuODYgKGZvcmdlam8p-->Update module github.com/minio/minio-go/v7 to v7.0.86 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6942): <!--number 6942 --><!--line 0 --><!--description QWxzbyBzdWJzdGl0dXRlIGBDT1BZUklHSFQgSE9MREVSYCBhbmQgYHRoZSBvcmdhbml6YXRpb25gIGluIEJTRCA0LUNsYXVzZSBsaWNlbnNl-->Also substitute `COPYRIGHT HOLDER` and `the organization` in BSD 4-Clause license<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6937): <!--number 6937 --><!--line 0 --><!--description ZGVsYXkgZGVsZXRpbmcgYXV0aG9yaXphdGlvbiB0b2tlbg==-->delay deleting authorization token<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6928): <!--number 6928 --><!--line 0 --><!--description aTE4bjogcmV3b3JkIGFyY2hpdmUudGl0bGUgYW5kIGFyY2hpdmUudGl0bGUuZGF0ZSBpbiBlbmdsaXNoIGxvY2FsZQ==-->i18n: reword archive.title and archive.title.date in english locale<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6927): <!--number 6927 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS45OC4wIChmb3JnZWpvKQ==-->Update dependency webpack to v5.98.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6923): <!--number 6923 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFsd2F5cyBzaG93IHJlc3RhcnQgYnV0dG9uIGZvciBBY3Rpb25zIGpvYnM=-->feat(ui): always show restart button for Actions jobs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6917): <!--number 6917 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTUuMTUuMCAoZm9yZ2Vqbyk=-->Update dependency globals to v15.15.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6916): <!--number 6916 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2J1aWxka2l0ZS90ZXJtaW5hbC10by1odG1sL3YzIHRvIHYzLjE2LjUgKGZvcmdlam8p-->Update module github.com/buildkite/terminal-to-html/v3 to v3.16.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6913): <!--number 6913 --><!--line 0 --><!--description QWRkIHBvc3NpYmlsaXR5IG9mIHJlbW92ZWQgY29udGVudCB0byA0MDQgcGFnZQ==-->Add possibility of removed content to 404 page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6908): <!--number 6908 --><!--line 0 --><!--description UmVkdWNlIGxpbmtzIGluIGNoYXQgbm90aWZpY2F0aW9ucyB0byBhdm9pZCBtdWx0aXBsZSBwcmV2aWV3cw==-->Reduce links in chat notifications to avoid multiple previews<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6903): <!--number 6903 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNidWlsZC1sb2FkZXIgdG8gdjQuMy4wIChmb3JnZWpvKQ==-->Update dependency esbuild-loader to v4.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6898): <!--number 6898 --><!--line 0 --><!--description Zml4KHVpKTogaGlkZSBleHRyYSBQUiBwcm9wZXJ0eSBsYWJlbHMgb24gdGl0bGUgZWRpdA==-->fix(ui): hide extra PR property labels on title edit<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6891): <!--number 6891 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjM1LjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.35.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6890): <!--number 6890 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgcG9zdGNzcyB0byB2OC41LjIgKGZvcmdlam8p-->Update dependency postcss to v8.5.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6885): <!--number 6885 --><!--line 0 --><!--description Rml4IGFwaSByZXR1cm5zIGludGVybmFsIHNlcnZlciBlcnJvciB3aGVuIG5vdCBmb3VuZCBzaG91bGQgYmUgcmV0dXJuZWQ=-->Fix api returns internal server error when not found should be returned<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6883): <!--number 6883 --><!--line 0 --><!--description Zml4KHVpKTogcmVsZWFzZTogc2V0IGRlZmF1bHQgcmVsZWFzZSB0aXRsZSB0byB0YWcgbmFtZQ==-->fix(ui): release: set default release title to tag name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6882): <!--number 6882 --><!--line 0 --><!--description Zml4KHVpKTogdXNlICJvcmdhbml6YXRpb24gbmFtZSIgaW4gY29sZG93biBtZXNzYWdlcyBmb3Igb3Jncw==-->fix(ui): use "organization name" in coldown messages for orgs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6877): <!--number 6877 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6875): <!--number 6875 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21pbmlvL21pbmlvLWdvL3Y3IHRvIHY3LjAuODUgKGZvcmdlam8p-->Update module github.com/minio/minio-go/v7 to v7.0.85 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6874): <!--number 6874 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4xNjQuMSAoZm9yZ2Vqbyk=-->Update renovate to v39.164.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6866): <!--number 6866 --><!--line 0 --><!--description YWx3YXlzIHNldCBzdHJpcHBlZCBzbGFzaGVzIG9uIGh0dHAgcmVxdWVzdA==-->always set stripped slashes on http request<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6865): <!--number 6865 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjUtMDcgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2025-07 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6858): <!--number 6858 --><!--line 0 --><!--description Y2hvcmUoYXBpKTogSW1wcm92ZSBkZXNjcmlwdGlvbiBmb3IgYHJlcG9DaGVja0NvbGxhYm9yYXRvcmA=-->chore(api): Improve description for `repoCheckCollaborator`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6857): <!--number 6857 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IGZpeCBGb3JnZWpvIHYxMC4wLjEgJiB2Ny4wLjEzIGJsb2cgcG9zdCBVUkwgKGFnYWluKSBbc2tpcCBjaV0=-->chore(release-notes): fix Forgejo v10.0.1 & v7.0.13 blog post URL (again) [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6852): <!--number 6852 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IGZpeCBGb3JnZWpvIHYxMC4wLjEgJiB2Ny4wLjEzIGJsb2cgcG9zdCBVUkw=-->chore(release-notes): fix Forgejo v10.0.1 & v7.0.13 blog post URL<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6851): <!--number 6851 --><!--line 0 --><!--description Zml4KHVpKTogaGlkZSAnTmV3IG1pZ3JhdGlvbicgYnV0dG9uIG9uIG9yZyBwYWdlcyB3aXRoIG1pZ3JhdGlvbnMgZGlzYWJsZWQgKCM2ODUwKQ==-->fix(ui): hide 'New migration' button on org pages with migrations disabled (#6850)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6849): <!--number 6849 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjcuMC4xMw==-->chore(release-notes): Forgejo v7.0.13<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6848): <!--number 6848 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEwLjAuMQ==-->chore(release-notes): Forgejo v10.0.1<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6844): <!--number 6844 --><!--line 0 --><!--description Zml4KHNlYyk6IEZvcmdlam8gQWN0aW9ucyB3ZWIgcm91dGVz-->fix(sec): Forgejo Actions web routes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6843): <!--number 6843 --><!--line 0 --><!--description Zml4KHNlYyk6IHBlcm1pc3Npb24gY2hlY2sgZm9yIHByb2plY3QgaXNzdWU=-->fix(sec): permission check for project issue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6836): <!--number 6836 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjMzLjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.33.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6827): <!--number 6827 --><!--line 0 --><!--description W3NraXAgY2ldIEZpeCBmbGFreSBjbGlwYm9hcmQgdGVzdA==-->[skip ci] Fix flaky clipboard test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6825): <!--number 6825 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWVucnkvZ28tZW5yeS92MiB0byB2Mi45LjIgKGZvcmdlam8p-->Update module github.com/go-enry/go-enry/v2 to v2.9.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6818): <!--number 6818 --><!--line 0 --><!--description Zml4KHVpKTogbWFrZSBGaW5pc2ggcmV2aWV3IGJ1dHRvbiB3b3JrIGFnYWlu-->fix(ui): make Finish review button work again<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6817): <!--number 6817 --><!--line 0 --><!--description YXZvaWQgeS1heGlzIGNsaXBwaW5nIGZvciBicmFuY2ggbmFtZQ==-->avoid y-axis clipping for branch name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6816): <!--number 6816 --><!--line 0 --><!--description dWk6IHVwZGF0ZSBzdHlsaW5nIG9mIGNvbW1lbnQgaGVhZGVycyBhbmQgcm9sZSBsYWJlbHM=-->ui: update styling of comment headers and role labels<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6815): <!--number 6815 --><!--line 0 --><!--description Rml4IGNvbW1lbnQgZm9ybSBlMmUgdGVzdA==-->Fix comment form e2e test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6808): <!--number 6808 --><!--line 0 --><!--description Y2hvcmUoaTE4bik6IGxpbnQgZXJyb3Jz-->chore(i18n): lint errors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6807): <!--number 6807 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvc3lzIHRvIHYwLjMwLjAgKGZvcmdlam8p-->Update module golang.org/x/sys to v0.30.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6800): <!--number 6800 --><!--line 0 --><!--description Y2hvcmU6IHRlYWNoIGxpbnQtbG9jYWxlIGFib3V0IGxvY2FsZV9uZXh0-->chore: teach lint-locale about locale_next<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6797): <!--number 6797 --><!--line 0 --><!--description YWRkIGNvbW1pdCBsaW1pdCBmb3Igd2ViaG9vayBwYXlsb2Fk-->add commit limit for webhook payload<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6796): <!--number 6796 --><!--line 0 --><!--description dWk6IHJlbW92ZSBkaXZpZGVyIGluIGNvZGUgc2VhcmNo-->ui: remove divider in code search<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6794): <!--number 6794 --><!--line 0 --><!--description Zml4KHVpKTogcmVtb3ZlIGNvZGUgc2VhcmNoIGdpdCBncmVwIHdhcm5pbmc=-->fix(ui): remove code search git grep warning<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6785): <!--number 6785 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjMuNiAoZm9yZ2Vqbyk=-->Update dependency go to v1.23.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6782): <!--number 6782 --><!--line 0 --><!--description bWFrZSBhdXRob3Igc2VhcmNoIGNhc2UgaW5zZW5zdGl2ZQ==-->make author search case insenstive<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6779): <!--number 6779 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBvdmVycmlkZSBwbGF0Zm9ybSB2ZXJzaW9u-->chore(renovate): override platform version<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6778): <!--number 6778 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4xNTguMiAoZm9yZ2Vqbyk=-->Update renovate to v39.158.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6777): <!--number 6777 --><!--line 0 --><!--description VXBkYXRlIHZpdGVzdCBtb25vcmVwbyB0byB2MyAoZm9yZ2VqbykgKG1ham9yKQ==-->Update vitest monorepo to v3 (forgejo) (major)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6776): <!--number 6776 --><!--line 0 --><!--description UGluIGRlcGVuZGVuY3kgY29kZXNwZWxsIHRvIDIuNC4xIChmb3JnZWpvKQ==-->Pin dependency codespell to 2.4.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6769): <!--number 6769 --><!--line 0 --><!--description RnJvbUFzQ2FzdGluZyB3YXJuaW5nIGZyb20gRG9ja2VyZmlsZQ==-->FromAsCasting warning from Dockerfile<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6768): <!--number 6768 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6767): <!--number 6767 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4xNTYuMSAoZm9yZ2Vqbyk=-->Update renovate to v39.156.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6758): <!--number 6758 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWFya2Rvd25saW50LWNsaSB0byB2MC40NC4wIChmb3JnZWpvKQ==-->Update dependency markdownlint-cli to v0.44.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6757): <!--number 6757 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYxNi44LjEgKGZvcmdlam8p-->Update dependency happy-dom to v16.8.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6756): <!--number 6756 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHBsYXl3cmlnaHQvdGVzdCB0byB2MS41MC4xIChmb3JnZWpvKQ==-->Update dependency @playwright/test to v1.50.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6755): <!--number 6755 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVzdC9lc2xpbnQtcGx1Z2luIHRvIHYxLjEuMjUgKGZvcmdlam8p-->Update dependency @vitest/eslint-plugin to v1.1.25 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6754): <!--number 6754 --><!--line 0 --><!--description dXNlIGNvcnJlY3QgZGVmYXVsdCBicmFuY2ggZm9yIG1pZ3JhdGVkIHdpa2k=-->use correct default branch for migrated wiki<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6750): <!--number 6750 --><!--line 0 --><!--description Y29uc2lkZXIgSEVBRCByZXF1ZXN0cyB0byBiZSBwdWxscw==-->consider HEAD requests to be pulls<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6743): <!--number 6743 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBkZWFkY29kZQ==-->chore: remove deadcode<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6741): <!--number 6741 --><!--line 0 --><!--description Y2hvcmU6IFJlbW92ZSBgQ2hhbmdlTWlsZXN0b25lU3RhdHVzYA==-->chore: Remove `ChangeMilestoneStatus`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6740): <!--number 6740 --><!--line 0 --><!--description VHJhbnNpZW50IG1vZGVsIGZvciBmZWRlcmF0ZWQgdW5zdGFy-->Transient model for federated unstar<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6738): <!--number 6738 --><!--line 0 --><!--description Y2hvcmU6IGZpeCBjaSBmYWlsdXJl-->chore: fix ci failure<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6734): <!--number 6734 --><!--line 0 --><!--description RGlzYWJsZSBhdXRvZm9jdXMgb24gdGhlIGRhc2hib2FyZCByZXBvc2l0b3J5IHNlYXJjaCBib3g=-->Disable autofocus on the dashboard repository search box<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6729): <!--number 6729 --><!--line 0 --><!--description Zml4KHVpKTogZGlzYWJsZSBQUiByZXZpZXcgYnV0dG9uIGluIGFyY2hpdmVkIHJlcG9z-->fix(ui): disable PR review button in archived repos<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6728): <!--number 6728 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBkZWFkY29kZSBpbiBgbW9kZWxzL3VzZXJg-->chore: remove deadcode in `models/user`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6727): <!--number 6727 --><!--line 0 --><!--description Y2hvcmU6IGxvYWQgMmZhIHN0YXR1cyBmb3IgdXNlciBzZWFyY2ggd2hlbiBuZWVkZWQ=-->chore: load 2fa status for user search when needed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6726): <!--number 6726 --><!--line 0 --><!--description Y2hlY2sgZm9yIHdlYmF1dGhuIGluIDJmYSB1c2VyIHNlYXJjaA==-->check for webauthn in 2fa user search<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6716): <!--number 6716 --><!--line 0 --><!--description ZGlzYWxsb3cgYmxhbWUgb24gZGlyZWN0b3JpZXM=-->disallow blame on directories<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6715): <!--number 6715 --><!--line 0 --><!--description cmVuZGVyIGlzc3VlIHRpdGxlcyBjb25zaXN0ZW50bHk=-->render issue titles consistently<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6708): <!--number 6708 --><!--line 0 --><!--description U2V0IGV4cGxvcmUgcGFnZXMgdG8gY29uZmlndXJhYmxlIGRlZmF1bHQgc29ydA==-->Set explore pages to configurable default sort<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6703): <!--number 6703 --><!--line 0 --><!--description Y2hvcmU6IGNvbnNpc3RlbnQgZG9ja2VyIGltYWdlIGFuZCBhY3Rpb24gcmVmZXJlbmNlcw==-->chore: consistent docker image and action references<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6702): <!--number 6702 --><!--line 0 --><!--description Zml4KGkxOG4pOiB1c2UgdHJhbnNsYXRlIGtleSBhcyBmYWxsYmFjaw==-->fix(i18n): use translate key as fallback<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6701): <!--number 6701 --><!--line 0 --><!--description Zml4KGkxOG4pOiBhZGQgZm9yZ290dGVuIHRyYW5zbGF0YWJsZSBzdHJpbmc=-->fix(i18n): add forgotten translatable string<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6700): <!--number 6700 --><!--line 0 --><!--description dWk6IHVwZGF0ZSBsYW5ndWFnZSBzdGF0cyBsYXlvdXQgYW5kIGNsaWNrIGJlaGF2aW9y-->ui: update language stats layout and click behavior<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6699): <!--number 6699 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy1jaGVja2VyL2VkaXRvcmNvbmZpZy1jaGVja2VyL3YzL2NtZC9lZGl0b3Jjb25maWctY2hlY2tlciB0byB2My4yLjAgKGZvcmdlam8p-->Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.2.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6695): <!--number 6695 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS4xMzYuMSAoZm9yZ2Vqbyk=-->Update renovate to v39.136.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6692): <!--number 6692 --><!--line 0 --><!--description Y2hvcmU6IFVwZGF0ZSByZW5vdmF0ZSB0byB2MzkuMTM2LjA=-->chore: Update renovate to v39.136.0<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6689): <!--number 6689 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSB1c2FnZXMgb2YgYHNvcnQuU29ydGA=-->chore: remove usages of `sort.Sort`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6688): <!--number 6688 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjUtMDUgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2025-05 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6686): <!--number 6686 --><!--line 0 --><!--description bml0KGkxOG4pOiB1cGRhdGUgcGFzc3dvcmQgdXBkYXRlIGluc3RydWN0aW9u-->nit(i18n): update password update instruction<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6677): <!--number 6677 --><!--line 0 --><!--description YWRkIG5vbiBhbGxvd2VkIGRvbWFpbiB0cmFuc2xhdGlvbg==-->add non allowed domain translation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6676): <!--number 6676 --><!--line 0 --><!--description Y2hvcmU6IHRlYWNoIGBzZXRgIG1vZHVsZSBhYm91dCBgaXRlci5TZXFg-->chore: teach `set` module about `iter.Seq`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6667): <!--number 6667 --><!--line 0 --><!--description W3NraXAgY2ldIGNob3JlOiBhZGp1c3QgaTE4biBlbnRyaWVzIGluIENPREVPV05FUlM=-->[skip ci] chore: adjust i18n entries in CODEOWNERS<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6666): <!--number 6666 --><!--line 0 --><!--description Y2hvcmU6IGZpeCB0eXBvcywgZGVjYXAgYSBmZXcgaTE4biBzdHJpbmdz-->chore: fix typos, decap a few i18n strings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6663): <!--number 6663 --><!--line 0 --><!--description Y29kZSByZXZpZXcgYWx0IHJlcG9zaXRvcnk=-->code review alt repository<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6659): <!--number 6659 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTMuMiAoZm9yZ2Vqbyk=-->Update module github.com/go-git/go-git/v5 to v5.13.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6656): <!--number 6656 --><!--line 0 --><!--description UmVsZWFzZS1ub3RlIGFuZCBmaWxlIHJlbmFtZSBmb3IgQWx0IExpbnV4IEFwdC1SUE0gc3VwcG9ydA==-->Release-note and file rename for Alt Linux Apt-RPM support<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6655): <!--number 6655 --><!--line 0 --><!--description Y2hvcmUoc2VjdXJpdHkpOiB1cGRhdGUgc2VjdXJpdHkudHh0IHdpdGggbmV3IGV4cGlyYXRpb24gZGF0ZQ==-->chore(security): update security.txt with new expiration date<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6652): <!--number 6652 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgY29kZXNwZWxsIHRvIHYyLjQuMCAoZm9yZ2Vqbyk=-->Update dependency codespell to v2.4.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6649): <!--number 6649 --><!--line 0 --><!--description Zml4KHRlc3RzKTogcHJldmVudCBmcm9udGVuZCB0ZXN0IGRlcGVuZGVuY3kgb24gc3lzdGVtIGxvY2FsZQ==-->fix(tests): prevent frontend test dependency on system locale<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6646): <!--number 6646 --><!--line 0 --><!--description Y2k6IGZpeCBnbyB2ZXJzaW9uIGNoZWNr-->ci: fix go version check<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6630): <!--number 6630 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6629): <!--number 6629 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21pbmlvL21pbmlvLWdvL3Y3IHRvIHY3LjAuODQgKGZvcmdlam8p-->Update module github.com/minio/minio-go/v7 to v7.0.84 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6623): <!--number 6623 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjUtMDQgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2025-04 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6620): <!--number 6620 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIHRyaWFuZ2xlIGRvd24gb2N0aWNvbiB0byBjb2RlIHNlYXJjaCBvcHRpb25zIGRyb3Bkb3du-->fix(ui): add triangle down octicon to code search options dropdown<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6619): <!--number 6619 --><!--line 0 --><!--description ZW5oKHVpKTogUmVtb3ZlIERpZmZGaWxlTGlzdCBjb21wb25lbnQ=-->enh(ui): Remove DiffFileList component<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6617): <!--number 6617 --><!--line 0 --><!--description Zml4KHVpKTogcHJldmVudCBvdmVyZmxvdyBvZiBicmFuY2ggc2VsZWN0b3IgaW4gY29tbWl0IGdyYXBo-->fix(ui): prevent overflow of branch selector in commit graph<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6613): <!--number 6613 --><!--line 0 --><!--description SGlkZSBnaXQgbm90ZSBhZGQgYnV0dG9uIGZvciBjb21taXQsIGlmIGNvbW1pdCBhbHJlYWR5IGhhcyBhIG5vdGU=-->Hide git note add button for commit, if commit already has a note<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6610): <!--number 6610 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBmaXggc2VsZi11cGRhdGUgY29uZmlnIFtza2lwIGNpXQ==-->chore(renovate): fix self-update config [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6607): <!--number 6607 --><!--line 0 --><!--description Zml4KGkxOG4pOiBmbGF0dGVuIG5leHQgbG9jYWxlcw==-->fix(i18n): flatten next locales<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6606): <!--number 6606 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIERvY2tlciB0YWcgdG8gdjM5LjExNS40IChmb3JnZWpvKQ==-->Update renovate Docker tag to v39.115.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6603): <!--number 6603 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMjEgKGZvcmdlam8p-->Update dependency katex to v0.16.21 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6597): <!--number 6597 --><!--line 0 --><!--description Rml4IG1lbnRpb24gYW5kIGVtb2ppIGV4cGFuc2lvbiAmIEltcHJvdmUgbGVhdmluZyBsaXN0IGNvbXBsZXRpb24=-->Fix mention and emoji expansion & Improve leaving list completion<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6595): <!--number 6595 --><!--line 0 --><!--description UmVzZXQgY29udGVudCBvZiBjb21tZW50IGVkaXQgZmllbGQgb24gY2FuY2Vs-->Reset content of comment edit field on cancel<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6591): <!--number 6591 --><!--line 0 --><!--description cmVkdWNlIG5vaXNlIGZvciB0aGUgdjMwMyBtaWdyYXRpb24=-->reduce noise for the v303 migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6590): <!--number 6590 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjMuNSAoZm9yZ2Vqbyk=-->Update dependency go to v1.23.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6581): <!--number 6581 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9wcm90b2J1ZiB0byB2MS4zNi4zIChmb3JnZWpvKQ==-->Update module google.golang.org/protobuf to v1.36.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6577): <!--number 6577 --><!--line 0 --><!--description YXZvaWQgR2l0ZWEgbWlncmF0aW9uIHdhcm5pbmdzICh0YWtlIDIp-->avoid Gitea migration warnings (take 2)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6576): <!--number 6576 --><!--line 0 --><!--description Zml4KHVpKTogY29ycmVjdCBzd2l0Y2ggb3JkZXJpbmc=-->fix(ui): correct switch ordering<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6573): <!--number 6573 --><!--line 0 --><!--description Y2hvcmUoY2kpOiB1cGdyYWRlIGZvcmdlam8tYnVpbGQtcHVibGlzaC9idWlsZEB2NS4zLjE=-->chore(ci): upgrade forgejo-build-publish/build@v5.3.1<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6572): <!--number 6572 --><!--line 0 --><!--description Rml4IGlubGluZSBmaWxlIHByZXZpZXcgZm9yIHJlbmRlcmVkIGZpbGVz-->Fix inline file preview for rendered files<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6570): <!--number 6570 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIERvY2tlciB0YWcgdG8gdjM5LjExMS4wIChmb3JnZWpvKQ==-->Update renovate Docker tag to v39.111.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6569): <!--number 6569 --><!--line 0 --><!--description dGVzdHMoZTJlKTogVmFyaW91cyBmaXhlcyB0byB2aXN1YWwgdGVzdGluZw==-->tests(e2e): Various fixes to visual testing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6563): <!--number 6563 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9pbmZyYXN0cnVjdHVyZS9pc3N1ZS1hY3Rpb24gYWN0aW9uIHRvIHYxLjMuMCAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/infrastructure/issue-action action to v1.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6562): <!--number 6562 --><!--line 0 --><!--description VXBkYXRlIHBvc3Rjc3MgKGZvcmdlam8p-->Update postcss (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6560): <!--number 6560 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9ncnBjIHRvIHYxLjcwLjAgKGZvcmdlam8p-->Update module google.golang.org/grpc to v1.70.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6559): <!--number 6559 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGdpdGh1Yi9yZWxhdGl2ZS10aW1lLWVsZW1lbnQgdG8gdjQuNC41IChmb3JnZWpvKQ==-->Update dependency @github/relative-time-element to v4.4.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6551): <!--number 6551 --><!--line 0 --><!--description YWRkIGEgYnVmZmVyIHdyaXRlciB0byB0aGUgbG9nZ2VyLCBmb3IgaW50ZXJuYWwgdXNl-->add a buffer writer to the logger, for internal use<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6550): <!--number 6550 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIERvY2tlciB0YWcgdG8gdjM5LjEwNi4wIChmb3JnZWpvKQ==-->Update renovate Docker tag to v39.106.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6548): <!--number 6548 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMjAgKGZvcmdlam8p-->Update dependency katex to v0.16.20 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6547): <!--number 6547 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvcmVub3ZhdGUvcmVub3ZhdGUgRG9ja2VyIHRhZyB0byB2MzkuMTA2LjAgKGZvcmdlam8p-->Update data.forgejo.org/renovate/renovate Docker tag to v39.106.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6546): <!--number 6546 --><!--line 0 --><!--description TWFrZSBzd2l0Y2ggbGFyZ2VyIG9uIHRvdWNoc2NyZWVuIGRldmljZXM=-->Make switch larger on touchscreen devices<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6545): <!--number 6545 --><!--line 0 --><!--description VXNlIHJlZGVzaWduZWQgc3dpdGNoIG9uIGNvbW1pdCBncmFwaCBwYWdl-->Use redesigned switch on commit graph page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6544): <!--number 6544 --><!--line 0 --><!--description VXNlIGZsZXggZm9yIHN3aXRjaCBpdGVtcw==-->Use flex for switch items<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6543): <!--number 6543 --><!--line 0 --><!--description UHJldmVudCB2ZXJ0aWNhbCBzdHJldGNoaW5nIG9mIHRoZSBzd2l0Y2g=-->Prevent vertical stretching of the switch<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6542): <!--number 6542 --><!--line 0 --><!--description QXBwbHkgc3dpdGNoIHJlZGVzaWduIHRvIG1vcmUgYXJlYXM=-->Apply switch redesign to more areas<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6541): <!--number 6541 --><!--line 0 --><!--description Rml4IG1pbm9yIG1pc2FsaWdubWVudA==-->Fix minor misalignment<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6540): <!--number 6540 --><!--line 0 --><!--description RG8gbm90IHJlcG9ydCB3YXJuaW5nIHdoZW4gZ2l0IHNob3dzIG5ldyByZWZlcmVuY2U=-->Do not report warning when git shows new reference<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6539): <!--number 6539 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjUtMDMgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2025-03 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6537): <!--number 6537 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgKGZvcmdlam8p-->Update x/tools (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6535): <!--number 6535 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vYWN0IHRvIHYxLjIzLjEgKGZvcmdlam8p-->Update module code.forgejo.org/forgejo/act to v1.23.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6529): <!--number 6529 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIERvY2tlciB0YWcgdG8gdjM5LjEwMy4wIChmb3JnZWpvKQ==-->Update renovate Docker tag to v39.103.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6528): <!--number 6528 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmdpdGVhLmlvL3Nkay9naXRlYSB0byB2MC4yMC4wIChmb3JnZWpvKQ==-->Update module code.gitea.io/sdk/gitea to v0.20.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6525): <!--number 6525 --><!--line 0 --><!--description Zml4IGlubGluZSBmaWxlIHByZXZpZXcgZm9yIGZpbGVzIHdpdGggZW5jb2RlZCBVUkwsIGZpeCAjNTA2OQ==-->fix inline file preview for files with encoded URL, fix #5069<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6522): <!--number 6522 --><!--line 0 --><!--description UmVtb3ZlIHNvdXJjZSBicmFuY2ggZnJvbSBwciBsaXN0LCBmaXggIzUwMDksICM2MDgw-->Remove source branch from pr list, fix #5009, #6080<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6521): <!--number 6521 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRsYWIuY29tL2dpdGxhYi1vcmcvYXBpL2NsaWVudC1nbyB0byB2MC4xMTkuMCAoZm9yZ2Vqbyk=-->Update module gitlab.com/gitlab-org/api/client-go to v0.119.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6520): <!--number 6520 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy1jaGVja2VyL2VkaXRvcmNvbmZpZy1jaGVja2VyL3YzL2NtZC9lZGl0b3Jjb25maWctY2hlY2tlciB0byB2My4xLjEgKGZvcmdlam8p-->Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.1.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6518): <!--number 6518 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgYXNjaWluZW1hLXBsYXllciB0byB2My44LjIgKGZvcmdlam8p-->Update dependency asciinema-player to v3.8.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6513): <!--number 6513 --><!--line 0 --><!--description cG9ydChnaXRlYSMzMTk1NCk6IEFkZCBsb2NrIGZvciBwYXJhbGxlbCBtYXZlbiB1cGxvYWQ=-->port(gitea#31954): Add lock for parallel maven upload<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6511): <!--number 6511 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbW9uYWNvLWVkaXRvciB0byB2MC41Mi4yIChmb3JnZWpvKQ==-->Update dependency monaco-editor to v0.52.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6510): <!--number 6510 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2NhZGR5c2VydmVyL2NlcnRtYWdpYyB0byB2MC4yMS42IChmb3JnZWpvKQ==-->Update module github.com/caddyserver/certmagic to v0.21.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6509): <!--number 6509 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdHlwZXNjcmlwdCB0byB2NS43LjMgKGZvcmdlam8p-->Update dependency typescript to v5.7.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6506): <!--number 6506 --><!--line 0 --><!--description QWRkZWQgYGFsdGAncyB0byBgPGltZz5g-->Added `alt`'s to `<img>`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6504): <!--number 6504 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBtYW51YWwgbmFtZSByZXBsYWNlbWVudA==-->chore(renovate): manual name replacement<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6503): <!--number 6503 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvcmVub3ZhdGUvcmVub3ZhdGUgRG9ja2VyIHRhZyB0byB2MzkuOTMuMCAoZm9yZ2Vqbyk=-->Update data.forgejo.org/renovate/renovate Docker tag to v39.93.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6502): <!--number 6502 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2FscGluZSBEb2NrZXIgdGFnIHRvIHYzLjIxIChmb3JnZWpvKQ==-->Update data.forgejo.org/oci/alpine Docker tag to v3.21 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6500): <!--number 6500 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9wcm90b2J1ZiB0byB2MS4zNi4yIChmb3JnZWpvKQ==-->Update module google.golang.org/protobuf to v1.36.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6499): <!--number 6499 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL1Byb3Rvbk1haWwvZ28tY3J5cHRvIHRvIHYxLjEuNCAoZm9yZ2Vqbyk=-->Update module github.com/ProtonMail/go-crypto to v1.1.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6495): <!--number 6495 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTMuMSAoZm9yZ2Vqbyk=-->Update module github.com/go-git/go-git/v5 to v5.13.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6491): <!--number 6491 --><!--line 0 --><!--description dXBncmFkZSBnb2YzIHBhY2thZ2UgYW5kIGRyaXZlcg==-->upgrade gof3 package and driver<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6490): <!--number 6490 --><!--line 0 --><!--description UmVwbGFjZSBkYXRhLmZvcmdlam8ub3JnL2Zvcmdlam8tY29udHJpYi9yZW5vdmF0ZSBEb2NrZXIgdGFnIHdpdGggZGF0YS5mb3JnZWpvLm9yZy9yZW5vdmF0ZS9yZW5vdmF0ZSAoZm9yZ2Vqbyk=-->Replace data.forgejo.org/forgejo-contrib/renovate Docker tag with data.forgejo.org/renovate/renovate (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6488): <!--number 6488 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBpbGxlZ2FsIGdpdCB1c2FnZQ==-->chore: remove illegal git usage<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6487): <!--number 6487 --><!--line 0 --><!--description Y2hvcmUoZGVwcyk6IFVwZGF0ZSBnaXRsYWIgYXBpIHRvIHVwZGF0ZWQgbGlicmFyeQ==-->chore(deps): Update gitlab api to updated library<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6482): <!--number 6482 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjM0LjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.34.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6480): <!--number 6480 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8vZm9yZ2Vqby1idWlsZC1wdWJsaXNoIGFjdGlvbiB0byB2NS4zLjAgKGZvcmdlam8p-->Update forgejo/forgejo-build-publish action to v5.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6479): <!--number 6479 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21pbmlvL21pbmlvLWdvL3Y3IHRvIHY3LjAuODMgKGZvcmdlam8p-->Update module github.com/minio/minio-go/v7 to v7.0.83 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6478): <!--number 6478 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6477): <!--number 6477 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL3YyIHRvIHYyLjE1LjAgKGZvcmdlam8p-->Update module github.com/alecthomas/chroma/v2 to v2.15.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6476): <!--number 6476 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZmFzdC1nbG9iIHRvIHYzLjMuMyAoZm9yZ2Vqbyk=-->Update dependency fast-glob to v3.3.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6475): <!--number 6475 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHYzOS45MS4wIChmb3JnZWpvKQ==-->Update renovate to v39.91.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6463): <!--number 6463 --><!--line 0 --><!--description Zml4KHVpKTogc2hvdyBvYXV0aCBkaXZpZGVyIG9uIHNpZ251cCBwYWdl-->fix(ui): show oauth divider on signup page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6462): <!--number 6462 --><!--line 0 --><!--description Y2hvcmU6IHVwZGF0ZSBpZ25vcmVz-->chore: update ignores<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6461): <!--number 6461 --><!--line 0 --><!--description YWRkIGZpbGVzIHRvIGNvbXBhcmU=-->add files to compare<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6459): <!--number 6459 --><!--line 0 --><!--description VUkgc3dpdGNoIHJlZGVzaWdu-->UI switch redesign<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6458): <!--number 6458 --><!--line 0 --><!--description Y2hvcmUoY2kpOiB1c2UgbWlycm9yIGZvciBvYnRhaW5pbmcgZ28teHNkLWR1cmF0aW9u-->chore(ci): use mirror for obtaining go-xsd-duration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6454): <!--number 6454 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYxNiAoZm9yZ2Vqbyk=-->Update dependency happy-dom to v16 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6453): <!--number 6453 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgcmVub3ZhdGUgdG8gdjM5LjkwLjA=-->chore: bump renovate to v39.90.0<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6447): <!--number 6447 --><!--line 0 --><!--description UmV3cml0ZSBPcGVuR3JhcGggSGVhZGVy-->Rewrite OpenGraph Header<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6441): <!--number 6441 --><!--line 0 --><!--description Zml4KGNvZGUgc2VhcmNoKTogZW1wdHkgbW9kZSBkcm9wZG93biB3aGVuIGtleXdvcmQgaXMgZW1wdHk=-->fix(code search): empty mode dropdown when keyword is empty<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6439): <!--number 6439 --><!--line 0 --><!--description aTE4bihlbik6IGNvbnNpc3RlbmN5IGltcHJvdmVtZW50cw==-->i18n(en): consistency improvements<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6437): <!--number 6437 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL1B1ZXJraXRvQmlvL2dvcXVlcnkgdG8gdjEuMTAuMSAoZm9yZ2Vqbyk=-->Update module github.com/PuerkitoBio/goquery to v1.10.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6436): <!--number 6436 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVzdC9lc2xpbnQtcGx1Z2luIHRvIHYxLjEuMjIgKGZvcmdlam8p-->Update dependency @vitest/eslint-plugin to v1.1.22 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6432): <!--number 6432 --><!--line 0 --><!--description Rml4IGVkaXRpbmcgcHIgcmV2aWV3-->Fix editing pr review<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6431): <!--number 6431 --><!--line 0 --><!--description TWFrZSBuZXcgdGFibGUgbW9kYWwgd29yayB3aGVuIGVkaXRpbmcgYSBpc3N1ZQ==-->Make new table modal work when editing a issue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6427): <!--number 6427 --><!--line 0 --><!--description Zml4KHVpKTogdXNlIHByaW1hcnkgY29sb3IgZm9yIGJ1dHRvbiBpbiB0YWJsZSBtb2RhbA==-->fix(ui): use primary color for button in table modal<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6425): <!--number 6425 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2NhZGR5c2VydmVyL2NlcnRtYWdpYyB0byB2MC4yMS41IChmb3JnZWpvKQ==-->Update module github.com/caddyserver/certmagic to v0.21.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6421): <!--number 6421 --><!--line 0 --><!--description Rml4IGVkaXQgY2FuY2VsIGJ1dHRvbg==-->Fix edit cancel button<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6419): <!--number 6419 --><!--line 0 --><!--description Rml4IGlzc3VlL2NvbW1lbnQgbWVudXM=-->Fix issue/comment menus<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6412): <!--number 6412 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIERvY2tlciB0YWcgdG8gdjM5Ljg2LjAgKGZvcmdlam8p-->Update renovate Docker tag to v39.86.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6410): <!--number 6410 --><!--line 0 --><!--description dXNlIERhdGVVdGlscyBmb3IgYmxvY2tlZCB1c2VycyBsaXN0-->use DateUtils for blocked users list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6408): <!--number 6408 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEwLjAuMA==-->chore(release-notes): Forgejo v10.0.0<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6407): <!--number 6407 --><!--line 0 --><!--description UmV3b3JrIHVzZXIgcHJvZmlsZSBzZXR0aW5ncw==-->Rework user profile settings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6405): <!--number 6405 --><!--line 0 --><!--description eG9ybSBuZWVkcyB0byBiZSBsb3dlcmNhc2Ugb3RoZXJ3aXNlIGl0IGlzIGlnbm9yZWQ=-->xorm needs to be lowercase otherwise it is ignored<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6404): <!--number 6404 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvb2NpL2FscGluZSBEb2NrZXIgdGFnIHRvIHYzLjIxIChmb3JnZWpvKQ==-->Update code.forgejo.org/oci/alpine Docker tag to v3.21 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6403): <!--number 6403 --><!--line 0 --><!--description Y2hvcmUoYnJhbmRpbmcpOiBzdHJpcCBtZXRhZGF0YSBpbmZvcm1hdGlvbiBmcm9tIHRoZSBmb290ZXI=-->chore(branding): strip metadata information from the footer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6401): <!--number 6401 --><!--line 0 --><!--description Q29zbWV0aWMgY2hhbmdlcyBhbmQgZml4ZXMgYXJvdW5kIHJlcG8gaG9tZXBhZ2U=-->Cosmetic changes and fixes around repo homepage<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6400): <!--number 6400 --><!--line 0 --><!--description UmVmYWN0b3IgZTJlIHRlc3RzIHRvIHNpbXBsaWZ5IGF1dGhlbnRpY2F0aW9uIHNldHVw-->Refactor e2e tests to simplify authentication setup<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6391): <!--number 6391 --><!--line 0 --><!--description W2dpdGVhXSB3ZWVrIDIwMjQtNTMgY2hlcnJ5IHBpY2sgKGdpdGVhL21haW4gLT4gZm9yZ2Vqbyk=-->[gitea] week 2024-53 cherry pick (gitea/main -> forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6390): <!--number 6390 --><!--line 0 --><!--description Rml4IG92ZXJmbG93IGluIGdpdCBub3Rlcw==-->Fix overflow in git notes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6387): <!--number 6387 --><!--line 0 --><!--description Y21kL2R1bXA6IGFkZCBvcHRpb24gZmxhZyB0byBza2lwIHJlcG9zaXRvcnkgYXJjaGl2ZXM=-->cmd/dump: add option flag to skip repository archives<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6386): <!--number 6386 --><!--line 0 --><!--description UmV3b3JrIG5ldyByZXBvIGRpYWxvZw==-->Rework new repo dialog<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6375): <!--number 6375 --><!--line 0 --><!--description Y2hvcmUoaTE4bik6IHVzZXIvbGFiZWwgdHJhbnNsYXRpb25zIGluIGRhbmlzaC9sYXR2aWFu-->chore(i18n): user/label translations in danish/latvian<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6372): <!--number 6372 --><!--line 0 --><!--description UmV2ZXJ0ICJVcGRhdGUgZGVwZW5kZW5jeSBpZGlvbW9ycGggdG8gdjAuNC4wIg==-->Revert "Update dependency idiomorph to v0.4.0"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6370): <!--number 6370 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZSk6IHYxMC4wIGlzIGN1dCwgdjkuMCBpcyBzb29uIHRvIGJlIEVPTA==-->chore(release): v10.0 is cut, v9.0 is soon to be EOL<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6286): <!--number 6286 --><!--line 0 --><!--description V2hlbiBjb21wYXJpbmcgaW4gcmVwb3MsIG1lbnRpb24gdGhhdCBwdWxsIHJlcXVlc3QgY3JlYXRpb24gcmVxdWlyZXMgc2lnbi1pbg==-->When comparing in repos, mention that pull request creation requires sign-in<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6051): <!--number 6051 --><!--line 0 --><!--description ZW5hYmxlIHJlbGVhc2VzIGFuZC9vciB3aWtpIGlmIHVzZXIgc2V0IHRoZSBvcHRpb25zIGluIHJlcG8gbWlncmF0aW9u-->enable releases and/or wiki if user set the options in repo migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5393): <!--number 5393 --><!--line 0 --><!--description ZmVkZXJhdGlvbiB3aXRoIGFsbG93IGxpc3Rz-->federation with allow lists<!--description-->
+- Already announced in the release notes of an older stable release
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7295): <!--number 7295 --><!--line 0 --><!--description dXNlIGNvcnJlY3QgaW5wdXQgZm9yIHN0cmlwIHNsYXNoZXMgbWlkZGxld2FyZQ==-->use correct input for strip slashes middleware<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7251): <!--number 7251 --><!--line 0 --><!--description V2hlbiBtaWdyYXRpbmcgZnJvbSBhIEZvcmdlam8gdmVyc2lvbiBsb3dlciB0aGFuIHYxMCwgdGhlIFRPVFAgc2VjcmV0cyBmb3VuZCB0byBiZSBjb3JydXB0ZWQgYXJlIG5vdyB0cmFuc3BhcmVudGx5IHJlbW92ZWQgZnJvbSB0aGUgZGF0YWJhc2UgaW5zdGVhZCBvZiBmYWlsaW5nIHRoZSBtaWdyYXRpb24uIFRPVFAgaXMgbm8gbG9uZ2VyIHJlcXVpcmVkIHRvIGxvZ2luIHdpdGggdGhlIGFzc29jaWF0ZWQgdXNlcnMuIFRoZXkgc2hvdWxkIGJlIGluZm9ybWVkIGJlY2F1c2UgdGhleSB3aWxsIG5lZWQgdG8gdmlzaXQgdGhlaXIgc2VjdXJpdHkgc2V0dGluZ3MgYW5kIGNvbmZpZ3VyZSBUT1RQIGFnYWluLiBObyBvdGhlciBhY3Rpb24gaXMgcmVxdWlyZWQu-->When migrating from a Forgejo version lower than v10, the TOTP secrets found to be corrupted are now transparently removed from the database instead of failing the migration. TOTP is no longer required to login with the associated users. They should be informed because they will need to visit their security settings and configure TOTP again. No other action is required.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7167): <!--number 7167 --><!--line 0 --><!--description bm8gbm90aWZpY2F0aW9uIGZvciByZXBsaWVzIHRvIHBlbmRpbmcgY29tbWVudHM=-->no notification for replies to pending comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7143): <!--number 7143 --><!--line 0 --><!--description Y29uc2lkZXIgcHVibGljIGlzc3VlcyBmb3IgcHJvamVjdCBib2FyZHM=-->consider public issues for project boards<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7038): <!--number 7038 --><!--line 0 --><!--description Zml4KHJlbGVhc2UpOiB0aGUgcm9vdGxlc3MgaW1hZ2UgdmVyc2lvbiBsYWJlbCBpcyBub3Qgc2V0-->fix(release): the rootless image version label is not set<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7004): <!--number 7004 --><!--line 0 --><!--description ZG8gbm90IGFsbG93IFNTSCB1cmwgZm9yIG1pZ3JhdGlvbg==-->do not allow SSH url for migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6920): <!--number 6920 --><!--line 0 --><!--description c2hvdyBpbnRlcm5hbCBsb2dpbiBwcm9tcHQgZm9yIGFjY291bnQgbGlua2luZw==-->show internal login prompt for account linking<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6896): <!--number 6896 --><!--line 0 --><!--description ZW5hYmxlIHNzaCBtaXJyb3JzIGluIHJvb3RsZXNzIGltYWdlcw==-->enable ssh mirrors in rootless images<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6853): <!--number 6853 --><!--line 0 --><!--description cmVuZGVyIGxpbmsgaW4gaGVhZGluZyBjb3JyZWN0bHkgaW4gVE9D-->render link in heading correctly in TOC<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6803): <!--number 6803 --><!--line 0 --><!--description Zml4KHVpKTogZGlzcGxheSB2ZXJpZmllZCBpY29uIGZvciBkZWZhdWx0IGdwZyBrZXk=-->fix(ui): display verified icon for default gpg key<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6680): <!--number 6680 --><!--line 0 --><!--description c2V0dGluZy5TZXJ2aWNlLkVuYWJsZUludGVybmFsU2lnbkluID0gZmFsc2UgaXMgZGlzYWJsaW5nIGZvcmdvdHRlbiBwYXNzd29yZA==-->setting.Service.EnableInternalSignIn = false is disabling forgotten password<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6674): <!--number 6674 --><!--line 0 --><!--description bG9hZCBzZXR0aW5ncyBmb3IgdmFsaWQgdXNlciBhbmQgZW1haWwgY2hlY2s=-->load settings for valid user and email check<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6639): <!--number 6639 --><!--line 0 --><!--description VGVhY2ggdGhlIGRvY3RvciB0byByZW1vdmUgb3JwaGFuZWQgdHdvX2ZhY3RvciB3aXRoIGBmb3JnZWpvIGRvY3RvciBjaGVjayAtLXJ1biBjaGVjay1kYi1jb25zaXN0ZW5jeSAtLWZpeGAuIFN1Y2ggcm93cyBtYXkgY29udGFpbiBpbnZhbGlkIGRhdGEgYW5kIFtibG9jayB0aGUgbWlncmF0aW9uIHRvIHYxMF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2lzc3Vlcy82NjM3KSB3aXRoIGEgbWVzc2FnZSBzdWNoIGFzIGBmYWlsZWQ6IEFlc0RlY3J5cHQgaW52YWxpZCBkZWNyeXB0ZWQgYmFzZTY0IHN0cmluZzogaWxsZWdhbCBiYXNlNjQgZGF0YSBhdCBpbnB1dCBieXRlIDBgLg==-->Teach the doctor to remove orphaned two_factor with `forgejo doctor check --run check-db-consistency --fix`. Such rows may contain invalid data and [block the migration to v10](https://codeberg.org/forgejo/forgejo/issues/6637) with a message such as `failed: AesDecrypt invalid decrypted base64 string: illegal base64 data at input byte 0`.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6633): <!--number 6633 --><!--line 0 --><!--description bGlzdGluZyB0b2tlbnMgbXVzdCBub3QgcmVxdWlyZSBiYXNpYyBhdXRo-->listing tokens must not require basic auth<!--description-->
+<!--end release-notes-assistant-->
diff --git a/renovate.json b/renovate.json
index 7ea5e9d6b9..3903e316db 100644
--- a/renovate.json
+++ b/renovate.json
@@ -9,7 +9,6 @@
   "baseBranches": [
     "$default",
     "/^v7\\.\\d+/forgejo$/",
-    "/^v10\\.\\d+/forgejo$/",
     "/^v11\\.\\d+/forgejo$/"
   ],
   "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths", "npmDedupe"],
@@ -37,7 +36,7 @@
     {
       "description": "Schedule some deps less frequently",
       "matchPackageNames": [
-        "code.forgejo.org/f3/gof3/v3",
+        "code.forgejo.org/f3/gof3/**",
         "github.com/google/pprof",
         "github.com/golangci/misspell/cmd/misspell"
       ],
@@ -81,7 +80,7 @@
       "description": "Split minor and patch updates",
       "matchPackageNames": [
         "containerbase/python-prebuild",
-        "github.com/urfave/cli/v2",
+        "github.com/urfave/cli/**",
         "python",
         "swagger-ui-dist",
         "vue"
@@ -92,7 +91,7 @@
       "description": "Automerge patch updates",
       "matchPackageNames": [
         "vue",
-        "github.com/urfave/cli/v2",
+        "github.com/urfave/cli/**",
         "swagger-ui-dist"
       ],
       "matchUpdateTypes": ["patch"],
@@ -127,8 +126,8 @@
         "@vitejs/plugin-vue",
         "@vue/test-utils",
         "djlint",
-        "github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker",
-        "github.com/golangci/golangci-lint/cmd/golangci-lint",
+        "github.com/editorconfig-checker/editorconfig-checker/**",
+        "github.com/golangci/golangci-lint/**",
         "github.com/go-testfixtures/testfixtures",
         "github.com/PuerkitoBio/goquery",
         "happy-dom",
diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index 8aae69f463..a971cd3fbf 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -178,7 +178,7 @@ func (s *Service) UpdateTask(
 ) (*connect.Response[runnerv1.UpdateTaskResponse], error) {
 	runner := GetRunner(ctx)
 
-	task, err := actions_model.UpdateTaskByState(ctx, runner.ID, req.Msg.State)
+	task, err := actions_service.UpdateTaskByState(ctx, runner.ID, req.Msg.State)
 	if err != nil {
 		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("update task: %w", err))
 	}
diff --git a/routers/api/v1/activitypub/reqsignature.go b/routers/api/v1/activitypub/reqsignature.go
index 5872d951cf..2d9cd3b1bb 100644
--- a/routers/api/v1/activitypub/reqsignature.go
+++ b/routers/api/v1/activitypub/reqsignature.go
@@ -36,33 +36,25 @@ func decodePublicKeyPem(pubKeyPem string) ([]byte, error) {
 }
 
 func getFederatedUser(ctx *gitea_context.APIContext, person *ap.Person, federationHost *forgefed.FederationHost) (*user.FederatedUser, error) {
-	dbUser, err := user.GetUserByFederatedURI(ctx, person.ID.String())
-	if err != nil {
-		return nil, err
-	}
-
-	if dbUser != nil {
-		federatedUser, err := user.GetFederatedUserByUserID(ctx, dbUser.ID)
-		if err != nil {
-			return nil, err
-		}
-
-		if federatedUser != nil {
-			return federatedUser, nil
-		}
-	}
-
 	personID, err := fm.NewPersonID(person.ID.String(), string(federationHost.NodeInfo.SoftwareName))
 	if err != nil {
 		return nil, err
 	}
-
-	_, federatedUser, err := federation.CreateUserFromAP(ctx, personID, federationHost.ID)
+	_, federatedUser, err := user.FindFederatedUser(ctx, personID.ID, federationHost.ID)
 	if err != nil {
 		return nil, err
 	}
 
-	return federatedUser, nil
+	if federatedUser != nil {
+		return federatedUser, nil
+	}
+
+	_, newFederatedUser, err := federation.CreateUserFromAP(ctx, personID, federationHost.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	return newFederatedUser, nil
 }
 
 func storePublicKey(ctx *gitea_context.APIContext, person *ap.Person, pubKeyBytes []byte) error {
@@ -159,7 +151,7 @@ func verifyHTTPSignatures(ctx *gitea_context.APIContext) (authenticated bool, er
 
 	// 2. Fetch the public key of the other actor
 	// Try if the signing actor is an already known federated user
-	federationUser, err := user.GetFederatedUserByKeyID(ctx, idIRI.String())
+	_, federationUser, err := user.FindFederatedUserByKeyID(ctx, idIRI.String())
 	if err != nil {
 		return false, err
 	}
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 551fcf7a43..d638e79a60 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -865,6 +865,7 @@ func Routes() *web.Route {
 		m.Group("", func() {
 			m.Get("/version", misc.Version)
 			m.Get("/signing-key.gpg", misc.SigningKey)
+			m.Get("/signing-key.ssh", misc.SSHSigningKey)
 			m.Post("/markup", reqToken(), bind(api.MarkupOption{}), misc.Markup)
 			m.Post("/markdown", reqToken(), bind(api.MarkdownOption{}), misc.Markdown)
 			m.Post("/markdown/raw", reqToken(), misc.MarkdownRaw)
@@ -1355,6 +1356,12 @@ func Routes() *web.Route {
 					m.Post("", bind(api.UpdateRepoAvatarOption{}), repo.UpdateAvatar)
 					m.Delete("", repo.DeleteAvatar)
 				}, reqAdmin(), reqToken())
+				m.Group("/sync_fork", func() {
+					m.Get("", reqRepoReader(unit.TypeCode), repo.SyncForkDefaultInfo)
+					m.Post("", mustNotBeArchived, reqRepoWriter(unit.TypeCode), repo.SyncForkDefault)
+					m.Get("/{branch}", reqRepoReader(unit.TypeCode), repo.SyncForkBranchInfo)
+					m.Post("/{branch}", mustNotBeArchived, reqRepoWriter(unit.TypeCode), repo.SyncForkBranch)
+				})
 
 				m.Get("/{ball_type:tarball|zipball|bundle}/*", reqRepoReader(unit.TypeCode), repo.DownloadArchive)
 			}, repoAssignment(), checkTokenPublicOnly())
diff --git a/routers/api/v1/misc/signing.go b/routers/api/v1/misc/signing.go
index 945df6068f..9f829b8443 100644
--- a/routers/api/v1/misc/signing.go
+++ b/routers/api/v1/misc/signing.go
@@ -7,8 +7,11 @@ import (
 	"fmt"
 	"net/http"
 
+	"forgejo.org/modules/setting"
 	asymkey_service "forgejo.org/services/asymkey"
 	"forgejo.org/services/context"
+
+	"golang.org/x/crypto/ssh"
 )
 
 // SigningKey returns the public key of the default signing key if it exists
@@ -61,3 +64,29 @@ func SigningKey(ctx *context.APIContext) {
 		ctx.Error(http.StatusInternalServerError, "gpg export", fmt.Errorf("Error writing key content %w", err))
 	}
 }
+
+// SSHSigningKey returns the public SSH key of the default signing key if it exists
+func SSHSigningKey(ctx *context.APIContext) {
+	// swagger:operation GET /signing-key.ssh miscellaneous getSSHSigningKey
+	// ---
+	// summary: Get default signing-key.ssh
+	// produces:
+	//     - text/plain
+	// responses:
+	//   "200":
+	//     description: "SSH public key in OpenSSH authorized key format"
+	//     schema:
+	//       type: string
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	if setting.SSHInstanceKey == nil {
+		ctx.NotFound()
+		return
+	}
+
+	_, err := ctx.Write(ssh.MarshalAuthorizedKey(setting.SSHInstanceKey))
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "ssh export", err)
+	}
+}
diff --git a/routers/api/v1/repo/release.go b/routers/api/v1/repo/release.go
index 68254a530a..336741b932 100644
--- a/routers/api/v1/repo/release.go
+++ b/routers/api/v1/repo/release.go
@@ -267,7 +267,7 @@ func CreateRelease(ctx *context.APIContext) {
 		}
 	} else {
 		if !rel.IsTag {
-			ctx.Error(http.StatusConflict, "GetRelease", "Release is has no Tag")
+			ctx.Error(http.StatusConflict, "GetRelease", "Release has no Tag")
 			return
 		}
 
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index 59b32eb667..50f628e035 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -11,7 +11,6 @@ import (
 	"strings"
 	"time"
 
-	actions_model "forgejo.org/models/actions"
 	activities_model "forgejo.org/models/activities"
 	"forgejo.org/models/db"
 	"forgejo.org/models/organization"
@@ -1065,7 +1064,7 @@ func updateRepoArchivedState(ctx *context.APIContext, opts api.EditRepoOption) e
 				ctx.Error(http.StatusInternalServerError, "ArchiveRepoState", err)
 				return err
 			}
-			if err := actions_model.CleanRepoScheduleTasks(ctx, repo, true); err != nil {
+			if err := actions_service.CleanRepoScheduleTasks(ctx, repo, true); err != nil {
 				log.Error("CleanRepoScheduleTasks for archived repo %s/%s: %v", ctx.Repo.Owner.Name, repo.Name, err)
 			}
 			log.Trace("Repository was archived: %s/%s", ctx.Repo.Owner.Name, repo.Name)
diff --git a/routers/api/v1/repo/sync_fork.go b/routers/api/v1/repo/sync_fork.go
new file mode 100644
index 0000000000..c3a9bd26ba
--- /dev/null
+++ b/routers/api/v1/repo/sync_fork.go
@@ -0,0 +1,185 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	git_model "forgejo.org/models/git"
+	"forgejo.org/services/context"
+	repo_service "forgejo.org/services/repository"
+)
+
+func getSyncForkInfo(ctx *context.APIContext, branch string) {
+	if !ctx.Repo.Repository.IsFork {
+		ctx.Error(http.StatusBadRequest, "NoFork", "The Repo must be a fork")
+		return
+	}
+
+	syncForkInfo, err := repo_service.GetSyncForkInfo(ctx, ctx.Repo.Repository, branch)
+	if err != nil {
+		if git_model.IsErrBranchNotExist(err) {
+			ctx.NotFound(err, branch)
+			return
+		}
+
+		ctx.Error(http.StatusInternalServerError, "GetSyncForkInfo", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, syncForkInfo)
+}
+
+// SyncForkBranchInfo returns information about syncing the default fork branch with the base branch
+func SyncForkDefaultInfo(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/sync_fork repository repoSyncForkDefaultInfo
+	// ---
+	// summary: Gets information about syncing the fork default branch with the base branch
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/SyncForkInfo"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	getSyncForkInfo(ctx, ctx.Repo.Repository.DefaultBranch)
+}
+
+// SyncForkBranchInfo returns information about syncing a fork branch with the base branch
+func SyncForkBranchInfo(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/sync_fork/{branch} repository repoSyncForkBranchInfo
+	// ---
+	// summary: Gets information about syncing a fork branch with the base branch
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: branch
+	//   in: path
+	//   description: The branch
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/SyncForkInfo"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	getSyncForkInfo(ctx, ctx.Params("branch"))
+}
+
+func syncForkBranch(ctx *context.APIContext, branch string) {
+	if !ctx.Repo.Repository.IsFork {
+		ctx.Error(http.StatusBadRequest, "NoFork", "The Repo must be a fork")
+		return
+	}
+
+	syncForkInfo, err := repo_service.GetSyncForkInfo(ctx, ctx.Repo.Repository, branch)
+	if err != nil {
+		if git_model.IsErrBranchNotExist(err) {
+			ctx.NotFound(err, branch)
+			return
+		}
+
+		ctx.Error(http.StatusInternalServerError, "GetSyncForkInfo", err)
+		return
+	}
+
+	if !syncForkInfo.Allowed {
+		ctx.Error(http.StatusBadRequest, "NotAllowed", "You can't sync this branch")
+		return
+	}
+
+	err = repo_service.SyncFork(ctx, ctx.Doer, ctx.Repo.Repository, branch)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "SyncFork", err)
+		return
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
+
+// SyncForkBranch syncs the default of a fork with the base branch
+func SyncForkDefault(ctx *context.APIContext) {
+	// swagger:operation POST /repos/{owner}/{repo}/sync_fork repository repoSyncForkDefault
+	// ---
+	// summary: Syncs the default branch of a fork with the base branch
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	syncForkBranch(ctx, ctx.Repo.Repository.DefaultBranch)
+}
+
+// SyncForkBranch syncs a fork branch with the base branch
+func SyncForkBranch(ctx *context.APIContext) {
+	// swagger:operation POST /repos/{owner}/{repo}/sync_fork/{branch} repository repoSyncForkBranch
+	// ---
+	// summary: Syncs a fork branch with the base branch
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: branch
+	//   in: path
+	//   description: The branch
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	syncForkBranch(ctx, ctx.Params("branch"))
+}
diff --git a/routers/api/v1/swagger/repo.go b/routers/api/v1/swagger/repo.go
index 445e3417fb..bf7e2cc0c3 100644
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -448,3 +448,10 @@ type swaggerCompare struct {
 	// in:body
 	Body api.Compare `json:"body"`
 }
+
+// SyncForkInfo
+// swagger:response SyncForkInfo
+type swaggerSyncForkInfo struct {
+	// in:body
+	Body []api.SyncForkInfo `json:"body"`
+}
diff --git a/routers/install/routes_test.go b/routers/install/routes_test.go
index 7324e912c8..9b10f05b3b 100644
--- a/routers/install/routes_test.go
+++ b/routers/install/routes_test.go
@@ -28,7 +28,7 @@ func TestRoutes(t *testing.T) {
 	assert.Equal(t, 404, w.Code)
 
 	w = httptest.NewRecorder()
-	req = httptest.NewRequest("GET", "/assets/img/gitea.svg", nil)
+	req = httptest.NewRequest("GET", "/assets/img/forgejo.svg", nil)
 	r.ServeHTTP(w, req)
 	assert.Equal(t, 200, w.Code)
 }
diff --git a/routers/web/admin/diagnosis.go b/routers/web/admin/diagnosis.go
index e436dca663..8b0ec45214 100644
--- a/routers/web/admin/diagnosis.go
+++ b/routers/web/admin/diagnosis.go
@@ -5,7 +5,9 @@ package admin
 
 import (
 	"archive/zip"
+	"bytes"
 	"fmt"
+	"io"
 	"runtime"
 	"runtime/pprof"
 	"runtime/trace"
@@ -45,14 +47,9 @@ func MonitorDiagnosis(ctx *context.Context) {
 		_, _ = f.Write([]byte(err.Error()))
 	}
 
-	f, err = zipWriter.CreateHeader(&zip.FileHeader{Name: "trace.dat", Method: zip.Deflate, Modified: time.Now()})
-	if err != nil {
-		ctx.ServerError("Failed to create zip file", err)
-		return
-	}
-
-	if err := trace.Start(f); err != nil {
-		_, _ = f.Write([]byte(err.Error()))
+	traceBuf := &bytes.Buffer{}
+	if err := trace.Start(traceBuf); err != nil {
+		_, _ = traceBuf.Write([]byte(err.Error()))
 	}
 
 	select {
@@ -62,6 +59,17 @@ func MonitorDiagnosis(ctx *context.Context) {
 	pprof.StopCPUProfile()
 	trace.Stop()
 
+	f, err = zipWriter.CreateHeader(&zip.FileHeader{Name: "trace.dat", Method: zip.Deflate, Modified: time.Now()})
+	if err != nil {
+		ctx.ServerError("Failed to create zip file", err)
+		return
+	}
+
+	if _, err := io.Copy(f, traceBuf); err != nil {
+		ctx.ServerError("Failed to create zip file", err)
+		return
+	}
+
 	f, err = zipWriter.CreateHeader(&zip.FileHeader{Name: "goroutine-after.txt", Method: zip.Deflate, Modified: time.Now()})
 	if err != nil {
 		ctx.ServerError("Failed to create zip file", err)
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 2d009c5720..563832297d 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -521,7 +521,7 @@ func Cancel(ctx *context_module.Context) {
 				}
 				continue
 			}
-			if err := actions_model.StopTask(ctx, job.TaskID, actions_model.StatusCancelled); err != nil {
+			if err := actions_service.StopTask(ctx, job.TaskID, actions_model.StatusCancelled); err != nil {
 				return err
 			}
 		}
diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
index 53b3f34347..226c666c64 100644
--- a/routers/web/repo/repo.go
+++ b/routers/web/repo/repo.go
@@ -782,3 +782,27 @@ func PrepareBranchList(ctx *context.Context) {
 	}
 	ctx.Data["Branches"] = brs
 }
+
+func SyncFork(ctx *context.Context) {
+	redirectURL := fmt.Sprintf("%s/src/branch/%s", ctx.Repo.RepoLink, util.PathEscapeSegments(ctx.Repo.BranchName))
+	branch := ctx.Params("branch")
+
+	syncForkInfo, err := repo_service.GetSyncForkInfo(ctx, ctx.Repo.Repository, branch)
+	if err != nil {
+		ctx.ServerError("GetSyncForkInfo", err)
+		return
+	}
+
+	if !syncForkInfo.Allowed {
+		ctx.Redirect(redirectURL)
+		return
+	}
+
+	err = repo_service.SyncFork(ctx, ctx.Doer, ctx.Repo.Repository, branch)
+	if err != nil {
+		ctx.ServerError("SyncFork", err)
+		return
+	}
+
+	ctx.Redirect(redirectURL)
+}
diff --git a/routers/web/repo/setting/setting.go b/routers/web/repo/setting/setting.go
index 083cc4ae82..6e4f0f4829 100644
--- a/routers/web/repo/setting/setting.go
+++ b/routers/web/repo/setting/setting.go
@@ -14,7 +14,6 @@ import (
 	"time"
 
 	"forgejo.org/models"
-	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	"forgejo.org/models/organization"
 	quota_model "forgejo.org/models/quota"
@@ -1034,7 +1033,7 @@ func SettingsPost(ctx *context.Context) {
 			return
 		}
 
-		if err := actions_model.CleanRepoScheduleTasks(ctx, repo, true); err != nil {
+		if err := actions_service.CleanRepoScheduleTasks(ctx, repo, true); err != nil {
 			log.Error("CleanRepoScheduleTasks for archived repo %s/%s: %v", ctx.Repo.Owner.Name, repo.Name, err)
 		}
 
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index bea002f690..dcbf665f0f 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -52,6 +52,7 @@ import (
 	"forgejo.org/routers/web/feed"
 	"forgejo.org/services/context"
 	issue_service "forgejo.org/services/issue"
+	repo_service "forgejo.org/services/repository"
 	files_service "forgejo.org/services/repository/files"
 
 	"github.com/nektos/act/pkg/model"
@@ -1154,6 +1155,21 @@ PostRecentBranchCheck:
 		}
 	}
 
+	if ctx.Repo.Repository.IsFork && ctx.Repo.IsViewBranch && len(ctx.Repo.TreePath) == 0 && ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) {
+		syncForkInfo, err := repo_service.GetSyncForkInfo(ctx, ctx.Repo.Repository, ctx.Repo.BranchName)
+		if err != nil {
+			ctx.ServerError("CanSync", err)
+			return
+		}
+
+		if syncForkInfo.Allowed {
+			ctx.Data["CanSyncFork"] = true
+			ctx.Data["ForkCommitsBehind"] = syncForkInfo.CommitsBehind
+			ctx.Data["SyncForkLink"] = fmt.Sprintf("%s/sync_fork/%s", ctx.Repo.RepoLink, util.PathEscapeSegments(ctx.Repo.BranchName))
+			ctx.Data["BaseBranchLink"] = fmt.Sprintf("%s/src/branch/%s", ctx.Repo.Repository.BaseRepo.HTMLURL(), util.PathEscapeSegments(ctx.Repo.BranchName))
+		}
+	}
+
 	ctx.Data["Paths"] = paths
 
 	branchLink := ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
diff --git a/routers/web/user/setting/applications.go b/routers/web/user/setting/applications.go
index 631d5958ea..e73239b79b 100644
--- a/routers/web/user/setting/applications.go
+++ b/routers/web/user/setting/applications.go
@@ -49,6 +49,9 @@ func ApplicationsPost(ctx *context.Context) {
 		ctx.ServerError("GetScope", err)
 		return
 	}
+	if !scope.HasPermissionScope() {
+		ctx.Flash.Error(ctx.Tr("settings.at_least_one_permission"), true)
+	}
 	t := &auth_model.AccessToken{
 		UID:   ctx.Doer.ID,
 		Name:  form.Name,
diff --git a/routers/web/web.go b/routers/web/web.go
index 7c29c6eeeb..74ede86553 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1394,7 +1394,7 @@ func registerRoutes(m *web.Route) {
 			m.Get("", actions.List)
 			m.Post("/disable", reqRepoAdmin, actions.DisableWorkflowFile)
 			m.Post("/enable", reqRepoAdmin, actions.EnableWorkflowFile)
-			m.Post("/manual", reqRepoAdmin, actions.ManualRunWorkflow)
+			m.Post("/manual", reqRepoActionsWriter, actions.ManualRunWorkflow)
 
 			m.Group("/runs", func() {
 				m.Get("/latest", actions.ViewLatest)
@@ -1593,6 +1593,8 @@ func registerRoutes(m *web.Route) {
 			}, context.RepoRef(), reqRepoCodeReader)
 		}
 		m.Get("/commit/{sha:([a-f0-9]{4,64})}.{ext:patch|diff}", repo.MustBeNotEmpty, reqRepoCodeReader, repo.RawDiff)
+
+		m.Get("/sync_fork/{branch}", context.RepoMustNotBeArchived(), repo.MustBeNotEmpty, reqRepoCodeWriter, repo.SyncFork)
 	}, ignSignIn, context.RepoAssignment, context.UnitTypes())
 
 	m.Post("/{username}/{reponame}/lastcommit/*", ignSignInAndCsrf, context.RepoAssignment, context.UnitTypes(), context.RepoRefByType(context.RepoRefCommit), reqRepoCodeReader, repo.LastCommit)
diff --git a/services/actions/clear_tasks.go b/services/actions/clear_tasks.go
index 31e15ec927..f34c07fe5c 100644
--- a/services/actions/clear_tasks.go
+++ b/services/actions/clear_tasks.go
@@ -41,7 +41,7 @@ func stopTasks(ctx context.Context, opts actions_model.FindTaskOptions) error {
 	jobs := make([]*actions_model.ActionRunJob, 0, len(tasks))
 	for _, task := range tasks {
 		if err := db.WithTx(ctx, func(ctx context.Context) error {
-			if err := actions_model.StopTask(ctx, task.ID, actions_model.StatusFailure); err != nil {
+			if err := StopTask(ctx, task.ID, actions_model.StatusFailure); err != nil {
 				return err
 			}
 			if err := task.LoadJob(ctx); err != nil {
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 9de0b75ac7..e55714a2c3 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -139,7 +139,7 @@ func notify(ctx context.Context, input *notifyInput) error {
 		return nil
 	}
 	if unit_model.TypeActions.UnitGlobalDisabled() {
-		if err := actions_model.CleanRepoScheduleTasks(ctx, input.Repo, true); err != nil {
+		if err := CleanRepoScheduleTasks(ctx, input.Repo, true); err != nil {
 			log.Error("CleanRepoScheduleTasks: %v", err)
 		}
 		return nil
@@ -373,7 +373,7 @@ func handleWorkflows(
 		// cancel running jobs if the event is push or pull_request_sync
 		if run.Event == webhook_module.HookEventPush ||
 			run.Event == webhook_module.HookEventPullRequestSync {
-			if err := actions_model.CancelPreviousJobs(
+			if err := CancelPreviousJobs(
 				ctx,
 				run.RepoID,
 				run.Ref,
@@ -504,7 +504,7 @@ func handleSchedules(
 		log.Error("CountSchedules: %v", err)
 		return err
 	} else if count > 0 {
-		if err := actions_model.CleanRepoScheduleTasks(ctx, input.Repo, false); err != nil {
+		if err := CleanRepoScheduleTasks(ctx, input.Repo, false); err != nil {
 			log.Error("CleanRepoScheduleTasks: %v", err)
 		}
 	}
diff --git a/services/actions/schedule_tasks.go b/services/actions/schedule_tasks.go
index f66a6ca092..8d41797a0e 100644
--- a/services/actions/schedule_tasks.go
+++ b/services/actions/schedule_tasks.go
@@ -17,6 +17,7 @@ import (
 	webhook_module "forgejo.org/modules/webhook"
 
 	"github.com/nektos/act/pkg/jobparser"
+	"xorm.io/builder"
 )
 
 // StartScheduleTasks start the task
@@ -55,7 +56,7 @@ func startTasks(ctx context.Context) error {
 			// cancel running jobs if the event is push
 			if row.Schedule.Event == webhook_module.HookEventPush {
 				// cancel running jobs of the same workflow
-				if err := actions_model.CancelPreviousJobs(
+				if err := CancelPreviousJobs(
 					ctx,
 					row.RepoID,
 					row.Schedule.Ref,
@@ -152,3 +153,93 @@ func CreateScheduleTask(ctx context.Context, cron *actions_model.ActionSchedule)
 	// Return nil if no errors occurred
 	return nil
 }
+
+// CancelPreviousJobs cancels all previous jobs of the same repository, reference, workflow, and event.
+// It's useful when a new run is triggered, and all previous runs needn't be continued anymore.
+func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID string, event webhook_module.HookEventType) error {
+	// Find all runs in the specified repository, reference, and workflow with non-final status
+	runs, total, err := db.FindAndCount[actions_model.ActionRun](ctx, actions_model.FindRunOptions{
+		RepoID:       repoID,
+		Ref:          ref,
+		WorkflowID:   workflowID,
+		TriggerEvent: event,
+		Status:       []actions_model.Status{actions_model.StatusRunning, actions_model.StatusWaiting, actions_model.StatusBlocked},
+	})
+	if err != nil {
+		return err
+	}
+
+	// If there are no runs found, there's no need to proceed with cancellation, so return nil.
+	if total == 0 {
+		return nil
+	}
+
+	// Iterate over each found run and cancel its associated jobs.
+	for _, run := range runs {
+		// Find all jobs associated with the current run.
+		jobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{
+			RunID: run.ID,
+		})
+		if err != nil {
+			return err
+		}
+
+		// Iterate over each job and attempt to cancel it.
+		for _, job := range jobs {
+			// Skip jobs that are already in a terminal state (completed, cancelled, etc.).
+			status := job.Status
+			if status.IsDone() {
+				continue
+			}
+
+			// If the job has no associated task (probably an error), set its status to 'Cancelled' and stop it.
+			if job.TaskID == 0 {
+				job.Status = actions_model.StatusCancelled
+				job.Stopped = timeutil.TimeStampNow()
+
+				// Update the job's status and stopped time in the database.
+				n, err := actions_model.UpdateRunJob(ctx, job, builder.Eq{"task_id": 0}, "status", "stopped")
+				if err != nil {
+					return err
+				}
+
+				// If the update affected 0 rows, it means the job has changed in the meantime, so we need to try again.
+				if n == 0 {
+					return fmt.Errorf("job has changed, try again")
+				}
+
+				// Continue with the next job.
+				continue
+			}
+
+			// If the job has an associated task, try to stop the task, effectively cancelling the job.
+			if err := StopTask(ctx, job.TaskID, actions_model.StatusCancelled); err != nil {
+				return err
+			}
+		}
+	}
+
+	// Return nil to indicate successful cancellation of all running and waiting jobs.
+	return nil
+}
+
+func CleanRepoScheduleTasks(ctx context.Context, repo *repo_model.Repository, cancelPreviousJobs bool) error {
+	// If actions disabled when there is schedule task, this will remove the outdated schedule tasks
+	// There is no other place we can do this because the app.ini will be changed manually
+	if err := actions_model.DeleteScheduleTaskByRepo(ctx, repo.ID); err != nil {
+		return fmt.Errorf("DeleteCronTaskByRepo: %v", err)
+	}
+	if cancelPreviousJobs {
+		// cancel running cron jobs of this repository and delete old schedules
+		if err := CancelPreviousJobs(
+			ctx,
+			repo.ID,
+			repo.DefaultBranch,
+			"",
+			webhook_module.HookEventSchedule,
+		); err != nil {
+			return fmt.Errorf("CancelPreviousJobs: %v", err)
+		}
+	}
+	return nil
+}
diff --git a/services/actions/task.go b/services/actions/task.go
index 43c8deaa5f..6d89afed45 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -10,9 +10,12 @@ import (
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	secret_model "forgejo.org/models/secret"
+	"forgejo.org/modules/timeutil"
+	"forgejo.org/modules/util"
 
 	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
 	"google.golang.org/protobuf/types/known/structpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 func PickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv1.Task, bool, error) {
@@ -105,3 +108,144 @@ func findTaskNeeds(ctx context.Context, taskJob *actions_model.ActionRunJob) (ma
 	}
 	return ret, nil
 }
+
+func StopTask(ctx context.Context, taskID int64, status actions_model.Status) error {
+	if !status.IsDone() {
+		return fmt.Errorf("cannot stop task with status %v", status)
+	}
+	e := db.GetEngine(ctx)
+
+	task := &actions_model.ActionTask{}
+	if has, err := e.ID(taskID).Get(task); err != nil {
+		return err
+	} else if !has {
+		return util.ErrNotExist
+	}
+	if task.Status.IsDone() {
+		return nil
+	}
+
+	now := timeutil.TimeStampNow()
+	task.Status = status
+	task.Stopped = now
+	if _, err := actions_model.UpdateRunJob(ctx, &actions_model.ActionRunJob{
+		ID:      task.JobID,
+		Status:  task.Status,
+		Stopped: task.Stopped,
+	}, nil); err != nil {
+		return err
+	}
+
+	if err := actions_model.UpdateTask(ctx, task, "status", "stopped"); err != nil {
+		return err
+	}
+
+	if err := task.LoadAttributes(ctx); err != nil {
+		return err
+	}
+
+	for _, step := range task.Steps {
+		if !step.Status.IsDone() {
+			step.Status = status
+			if step.Started == 0 {
+				step.Started = now
+			}
+			step.Stopped = now
+		}
+		if _, err := e.ID(step.ID).Update(step); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// UpdateTaskByState updates the task by the state.
+// It will always update the task if the state is not final, even there is no change.
+// So it will update ActionTask.Updated to avoid the task being judged as a zombie task.
+func UpdateTaskByState(ctx context.Context, runnerID int64, state *runnerv1.TaskState) (*actions_model.ActionTask, error) {
+	stepStates := map[int64]*runnerv1.StepState{}
+	for _, v := range state.Steps {
+		stepStates[v.Id] = v
+	}
+
+	ctx, commiter, err := db.TxContext(ctx)
+	if err != nil {
+		return nil, err
+	}
+	defer commiter.Close()
+
+	e := db.GetEngine(ctx)
+
+	task := &actions_model.ActionTask{}
+	if has, err := e.ID(state.Id).Get(task); err != nil {
+		return nil, err
+	} else if !has {
+		return nil, util.ErrNotExist
+	} else if runnerID != task.RunnerID {
+		return nil, fmt.Errorf("invalid runner for task")
+	}
+
+	if task.Status.IsDone() {
+		// the state is final, do nothing
+		return task, nil
+	}
+
+	// state.Result is not unspecified means the task is finished
+	if state.Result != runnerv1.Result_RESULT_UNSPECIFIED {
+		task.Status = actions_model.Status(state.Result)
+		task.Stopped = timeutil.TimeStamp(state.StoppedAt.AsTime().Unix())
+		if err := actions_model.UpdateTask(ctx, task, "status", "stopped"); err != nil {
+			return nil, err
+		}
+		if _, err := actions_model.UpdateRunJob(ctx, &actions_model.ActionRunJob{
+			ID:      task.JobID,
+			Status:  task.Status,
+			Stopped: task.Stopped,
+		}, nil); err != nil {
+			return nil, err
+		}
+	} else {
+		// Force update ActionTask.Updated to avoid the task being judged as a zombie task
+		task.Updated = timeutil.TimeStampNow()
+		if err := actions_model.UpdateTask(ctx, task, "updated"); err != nil {
+			return nil, err
+		}
+	}
+
+	if err := task.LoadAttributes(ctx); err != nil {
+		return nil, err
+	}
+
+	for _, step := range task.Steps {
+		var result runnerv1.Result
+		if v, ok := stepStates[step.Index]; ok {
+			result = v.Result
+			step.LogIndex = v.LogIndex
+			step.LogLength = v.LogLength
+			step.Started = convertTimestamp(v.StartedAt)
+			step.Stopped = convertTimestamp(v.StoppedAt)
+		}
+		if result != runnerv1.Result_RESULT_UNSPECIFIED {
+			step.Status = actions_model.Status(result)
+		} else if step.Started != 0 {
+			step.Status = actions_model.StatusRunning
+		}
+		if _, err := e.ID(step.ID).Update(step); err != nil {
+			return nil, err
+		}
+	}
+
+	if err := commiter.Commit(); err != nil {
+		return nil, err
+	}
+
+	return task, nil
+}
+
+func convertTimestamp(timestamp *timestamppb.Timestamp) timeutil.TimeStamp {
+	if timestamp.GetSeconds() == 0 && timestamp.GetNanos() == 0 {
+		return timeutil.TimeStamp(0)
+	}
+	return timeutil.TimeStamp(timestamp.AsTime().Unix())
+}
diff --git a/services/asymkey/sign.go b/services/asymkey/sign.go
index 0030523b22..592396769d 100644
--- a/services/asymkey/sign.go
+++ b/services/asymkey/sign.go
@@ -90,6 +90,13 @@ func SigningKey(ctx context.Context, repoPath string) (string, *git.Signature) {
 		return "", nil
 	}
 
+	if setting.Repository.Signing.Format == "ssh" {
+		return setting.Repository.Signing.SigningKey, &git.Signature{
+			Name:  setting.Repository.Signing.SigningName,
+			Email: setting.Repository.Signing.SigningEmail,
+		}
+	}
+
 	if setting.Repository.Signing.SigningKey == "default" || setting.Repository.Signing.SigningKey == "" {
 		// Can ignore the error here as it means that commit.gpgsign is not set
 		value, _, _ := git.NewCommand(ctx, "config", "--get", "commit.gpgsign").RunStdString(&git.RunOpts{Dir: repoPath})
diff --git a/services/federation/federation_service.go b/services/federation/federation_service.go
index b8c471bfbb..3d6e219ffc 100644
--- a/services/federation/federation_service.go
+++ b/services/federation/federation_service.go
@@ -1,4 +1,4 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
+// Copyright 2024, 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package federation
@@ -129,7 +129,7 @@ func CreateFederationHostFromAP(ctx context.Context, actorID fm.ActorID) (*forge
 		return nil, err
 	}
 
-	result, err := forgefed.NewFederationHost(nodeInfo, actorID.Host)
+	result, err := forgefed.NewFederationHost(actorID.Host, nodeInfo, actorID.HostPort, actorID.HostSchema)
 	if err != nil {
 		return nil, err
 	}
@@ -148,7 +148,7 @@ func GetFederationHostForURI(ctx context.Context, actorURI string) (*forgefed.Fe
 	if err != nil {
 		return nil, err
 	}
-	federationHost, err := forgefed.FindFederationHostByFqdn(ctx, rawActorID.Host)
+	federationHost, err := forgefed.FindFederationHostByFqdnAndPort(ctx, rawActorID.Host, rawActorID.HostPort)
 	if err != nil {
 		return nil, err
 	}
@@ -221,12 +221,12 @@ func CreateUserFromAP(ctx context.Context, personID fm.PersonID, federationHostI
 		LoginName:                    loginName,
 		Type:                         user.UserTypeRemoteUser,
 		IsAdmin:                      false,
-		NormalizedFederatedURI:       personID.AsURI(),
 	}
 
 	federatedUser := user.FederatedUser{
-		ExternalID:       personID.ID,
-		FederationHostID: federationHostID,
+		ExternalID:            personID.ID,
+		FederationHostID:      federationHostID,
+		NormalizedOriginalURL: personID.AsURI(),
 	}
 
 	err = user.CreateFederatedUser(ctx, &newUser, &federatedUser)
diff --git a/services/migrations/github.go b/services/migrations/github.go
index 5052a68114..9721c86180 100644
--- a/services/migrations/github.go
+++ b/services/migrations/github.go
@@ -140,7 +140,7 @@ func (g *GithubDownloaderV3) LogString() string {
 func (g *GithubDownloaderV3) addClient(client *http.Client, baseURL string) {
 	githubClient := github.NewClient(client)
 	if baseURL != "https://github.com" {
-		githubClient, _ = github.NewClient(client).WithEnterpriseURLs(baseURL, baseURL)
+		githubClient, _ = githubClient.WithEnterpriseURLs(baseURL, baseURL)
 	}
 	g.clients = append(g.clients, githubClient)
 	g.rates = append(g.rates, nil)
@@ -885,3 +885,18 @@ func (g *GithubDownloaderV3) GetReviews(reviewable base.Reviewable) ([]*base.Rev
 	}
 	return allReviews, nil
 }
+
+// FormatCloneURL add authentication into remote URLs
+func (g *GithubDownloaderV3) FormatCloneURL(opts MigrateOptions, remoteAddr string) (string, error) {
+	u, err := url.Parse(remoteAddr)
+	if err != nil {
+		return "", err
+	}
+	if len(opts.AuthToken) > 0 {
+		// "multiple tokens" are used to benefit more "API rate limit quota"
+		// git clone doesn't count for rate limits, so only use the first token.
+		// source: https://github.com/orgs/community/discussions/44515
+		u.User = url.UserPassword("oauth2", strings.Split(opts.AuthToken, ",")[0])
+	}
+	return u.String(), nil
+}
diff --git a/services/migrations/github_test.go b/services/migrations/github_test.go
index b1f20c4716..c5e24ebbcd 100644
--- a/services/migrations/github_test.go
+++ b/services/migrations/github_test.go
@@ -433,3 +433,36 @@ func TestGitHubDownloadRepo(t *testing.T) {
 		},
 	}, reviews)
 }
+
+func TestGithubMultiToken(t *testing.T) {
+	testCases := []struct {
+		desc             string
+		token            string
+		expectedCloneURL string
+	}{
+		{
+			desc:             "Single Token",
+			token:            "single_token",
+			expectedCloneURL: "https://oauth2:single_token@github.com",
+		},
+		{
+			desc:             "Multi Token",
+			token:            "token1,token2",
+			expectedCloneURL: "https://oauth2:token1@github.com",
+		},
+	}
+	factory := GithubDownloaderV3Factory{}
+
+	for _, tC := range testCases {
+		t.Run(tC.desc, func(t *testing.T) {
+			opts := base.MigrateOptions{CloneAddr: "https://github.com/go-gitea/gitea", AuthToken: tC.token}
+			client, err := factory.New(t.Context(), opts)
+			require.NoError(t, err)
+
+			cloneURL, err := client.FormatCloneURL(opts, "https://github.com")
+			require.NoError(t, err)
+
+			assert.Equal(t, tC.expectedCloneURL, cloneURL)
+		})
+	}
+}
diff --git a/services/packages/rpm/repository.go b/services/packages/rpm/repository.go
index 961de7828f..f3b6f5148a 100644
--- a/services/packages/rpm/repository.go
+++ b/services/packages/rpm/repository.go
@@ -410,7 +410,6 @@ func buildPrimary(ctx context.Context, pv *packages_model.PackageVersion, pfs []
 				files = append(files, f)
 			}
 		}
-		packageVersion := fmt.Sprintf("%s-%s", pd.FileMetadata.Version, pd.FileMetadata.Release)
 		packages = append(packages, &Package{
 			Type:         "rpm",
 			Name:         pd.Package.Name,
@@ -439,7 +438,7 @@ func buildPrimary(ctx context.Context, pv *packages_model.PackageVersion, pfs []
 				Archive:   pd.FileMetadata.ArchiveSize,
 			},
 			Location: Location{
-				Href: fmt.Sprintf("package/%s/%s/%s/%s-%s.%s.rpm", pd.Package.Name, packageVersion, pd.FileMetadata.Architecture, pd.Package.Name, packageVersion, pd.FileMetadata.Architecture),
+				Href: fmt.Sprintf("package/%s/%s/%s/%s-%s.%s.rpm", pd.Package.Name, pd.Version.Version, pd.FileMetadata.Architecture, pd.Package.Name, pd.Version.Version, pd.FileMetadata.Architecture),
 			},
 			Format: Format{
 				License:   pd.VersionMetadata.License,
diff --git a/services/repository/branch.go b/services/repository/branch.go
index 689f35803d..d5b68c1fa7 100644
--- a/services/repository/branch.go
+++ b/services/repository/branch.go
@@ -28,6 +28,7 @@ import (
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 	webhook_module "forgejo.org/modules/webhook"
+	actions_service "forgejo.org/services/actions"
 	notify_service "forgejo.org/services/notify"
 	pull_service "forgejo.org/services/pull"
 	files_service "forgejo.org/services/repository/files"
@@ -377,7 +378,7 @@ func RenameBranch(ctx context.Context, repo *repo_model.Repository, doer *user_m
 				log.Error("DeleteCronTaskByRepo: %v", err)
 			}
 			// cancel running cron jobs of this repository and delete old schedules
-			if err := actions_model.CancelPreviousJobs(
+			if err := actions_service.CancelPreviousJobs(
 				ctx,
 				repo.ID,
 				from,
@@ -578,7 +579,7 @@ func SetRepoDefaultBranch(ctx context.Context, repo *repo_model.Repository, gitR
 			log.Error("DeleteCronTaskByRepo: %v", err)
 		}
 		// cancel running cron jobs of this repository and delete old schedules
-		if err := actions_model.CancelPreviousJobs(
+		if err := actions_service.CancelPreviousJobs(
 			ctx,
 			repo.ID,
 			oldDefaultBranchName,
diff --git a/services/repository/files/content.go b/services/repository/files/content.go
index 3eb3049f12..5f7dd38303 100644
--- a/services/repository/files/content.go
+++ b/services/repository/files/content.go
@@ -178,12 +178,13 @@ func GetContents(ctx context.Context, repo *repo_model.Repository, treePath, ref
 
 	// All content types have these fields in populated
 	contentsResponse := &api.ContentsResponse{
-		Name:          entry.Name(),
-		Path:          treePath,
-		SHA:           entry.ID.String(),
-		LastCommitSHA: lastCommit.ID.String(),
-		Size:          entry.Size(),
-		URL:           &selfURLString,
+		Name:           entry.Name(),
+		Path:           treePath,
+		SHA:            entry.ID.String(),
+		LastCommitSHA:  lastCommit.ID.String(),
+		LastCommitWhen: lastCommit.Committer.When,
+		Size:           entry.Size(),
+		URL:            &selfURLString,
 		Links: &api.FileLinksResponse{
 			Self: &selfURLString,
 		},
diff --git a/services/repository/files/content_test.go b/services/repository/files/content_test.go
index 78ad52c61c..e55b840660 100644
--- a/services/repository/files/content_test.go
+++ b/services/repository/files/content_test.go
@@ -5,6 +5,7 @@ package files
 
 import (
 	"testing"
+	"time"
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
@@ -33,18 +34,19 @@ func getExpectedReadmeContentsResponse() *api.ContentsResponse {
 	gitURL := "https://try.gitea.io/api/v1/repos/user2/repo1/git/blobs/" + sha
 	downloadURL := "https://try.gitea.io/user2/repo1/raw/branch/master/" + treePath
 	return &api.ContentsResponse{
-		Name:          treePath,
-		Path:          treePath,
-		SHA:           "4b4851ad51df6a7d9f25c979345979eaeb5b349f",
-		LastCommitSHA: "65f1bf27bc3bf70f64657658635e66094edbcb4d",
-		Type:          "file",
-		Size:          30,
-		Encoding:      &encoding,
-		Content:       &content,
-		URL:           &selfURL,
-		HTMLURL:       &htmlURL,
-		GitURL:        &gitURL,
-		DownloadURL:   &downloadURL,
+		Name:           treePath,
+		Path:           treePath,
+		SHA:            "4b4851ad51df6a7d9f25c979345979eaeb5b349f",
+		LastCommitSHA:  "65f1bf27bc3bf70f64657658635e66094edbcb4d",
+		LastCommitWhen: time.Date(2017, time.March, 19, 16, 47, 59, 0, time.FixedZone("", -14400)),
+		Type:           "file",
+		Size:           30,
+		Encoding:       &encoding,
+		Content:        &content,
+		URL:            &selfURL,
+		HTMLURL:        &htmlURL,
+		GitURL:         &gitURL,
+		DownloadURL:    &downloadURL,
 		Links: &api.FileLinksResponse{
 			Self:    &selfURL,
 			GitURL:  &gitURL,
diff --git a/services/repository/setting.go b/services/repository/setting.go
index c127f3129e..68cdfc370b 100644
--- a/services/repository/setting.go
+++ b/services/repository/setting.go
@@ -7,7 +7,6 @@ import (
 	"context"
 	"slices"
 
-	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unit"
@@ -29,7 +28,7 @@ func UpdateRepositoryUnits(ctx context.Context, repo *repo_model.Repository, uni
 	}
 
 	if slices.Contains(deleteUnitTypes, unit.TypeActions) {
-		if err := actions_model.CleanRepoScheduleTasks(ctx, repo, true); err != nil {
+		if err := actions_service.CleanRepoScheduleTasks(ctx, repo, true); err != nil {
 			log.Error("CleanRepoScheduleTasks: %v", err)
 		}
 	}
diff --git a/services/repository/sync_fork.go b/services/repository/sync_fork.go
new file mode 100644
index 0000000000..99e7c33781
--- /dev/null
+++ b/services/repository/sync_fork.go
@@ -0,0 +1,113 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repository
+
+import (
+	"context"
+	"fmt"
+	"slices"
+
+	git_model "forgejo.org/models/git"
+	repo_model "forgejo.org/models/repo"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
+	repo_module "forgejo.org/modules/repository"
+	api "forgejo.org/modules/structs"
+)
+
+// SyncFork syncs a branch of a fork with the base repo
+func SyncFork(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, branch string) error {
+	err := repo.MustNotBeArchived()
+	if err != nil {
+		return err
+	}
+
+	err = repo.GetBaseRepo(ctx)
+	if err != nil {
+		return err
+	}
+
+	err = git.Push(ctx, repo.BaseRepo.RepoPath(), git.PushOptions{
+		Remote: repo.RepoPath(),
+		Branch: fmt.Sprintf("%s:%s", branch, branch),
+		Env:    repo_module.PushingEnvironment(doer, repo),
+	})
+
+	return err
+}
+
+// CanSyncFork returns information about syncing a fork
+func GetSyncForkInfo(ctx context.Context, repo *repo_model.Repository, branch string) (*api.SyncForkInfo, error) {
+	info := new(api.SyncForkInfo)
+
+	if !repo.IsFork {
+		return info, nil
+	}
+
+	if repo.IsArchived {
+		return info, nil
+	}
+
+	err := repo.GetBaseRepo(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	forkBranch, err := git_model.GetBranch(ctx, repo.ID, branch)
+	if err != nil {
+		return nil, err
+	}
+
+	info.ForkCommit = forkBranch.CommitID
+
+	baseBranch, err := git_model.GetBranch(ctx, repo.BaseRepo.ID, branch)
+	if err != nil {
+		if git_model.IsErrBranchNotExist(err) {
+			// If the base repo don't have the branch, we don't need to continue
+			return info, nil
+		}
+		return nil, err
+	}
+
+	info.BaseCommit = baseBranch.CommitID
+
+	// If both branches has the same latest commit, we don't need to sync
+	if forkBranch.CommitID == baseBranch.CommitID {
+		return info, nil
+	}
+
+	// Check if the latest commit of the fork is also in the base
+	gitRepo, err := git.OpenRepository(ctx, repo.BaseRepo.RepoPath())
+	if err != nil {
+		return nil, err
+	}
+	defer gitRepo.Close()
+
+	commit, err := gitRepo.GetCommit(forkBranch.CommitID)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			return info, nil
+		}
+		return nil, err
+	}
+
+	branchList, err := commit.GetAllBranches()
+	if err != nil {
+		return nil, err
+	}
+
+	if !slices.Contains(branchList, branch) {
+		return info, nil
+	}
+
+	diff, err := git.GetDivergingCommits(ctx, repo.BaseRepo.RepoPath(), baseBranch.CommitID, forkBranch.CommitID)
+	if err != nil {
+		return nil, err
+	}
+
+	info.Allowed = true
+	info.CommitsBehind = diff.Behind
+
+	return info, nil
+}
diff --git a/services/webhook/default.go b/services/webhook/default.go
index 30717a7352..797b98f99a 100644
--- a/services/webhook/default.go
+++ b/services/webhook/default.go
@@ -36,8 +36,7 @@ func (dh defaultHandler) Type() webhook_module.HookType {
 
 func (dh defaultHandler) Icon(size int) template.HTML {
 	if dh.forgejo {
-		// forgejo.svg is not in web_src/svg/, so svg.RenderHTML does not work
-		return shared.ImgIcon("forgejo.svg", size)
+		return svg.RenderHTML("gitea-forgejo", size, "img")
 	}
 	return svg.RenderHTML("gitea-gitea", size, "img")
 }
diff --git a/services/webhook/discord.go b/services/webhook/discord.go
index 3970a2552d..2b58bf892d 100644
--- a/services/webhook/discord.go
+++ b/services/webhook/discord.go
@@ -16,6 +16,7 @@ import (
 	"unicode/utf8"
 
 	webhook_model "forgejo.org/models/webhook"
+	"forgejo.org/modules/base"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
@@ -151,6 +152,18 @@ var (
 	redColor         = color("ff3232")
 )
 
+// https://discord.com/developers/docs/resources/message#embed-object-embed-limits
+// Discord has some limits in place for the embeds.
+// According to some tests, there is no consistent limit for different character sets.
+// For example: 4096 ASCII letters are allowed, but only 2490 emoji characters are allowed.
+// To keep it simple, we currently truncate at 2000.
+const discordDescriptionCharactersLimit = 2000
+
+type discordConvertor struct {
+	Username  string
+	AvatarURL string
+}
+
 // Create implements PayloadConvertor Create method
 func (d discordConvertor) Create(p *api.CreatePayload) (DiscordPayload, error) {
 	// created tag/branch
@@ -312,11 +325,6 @@ func (d discordConvertor) Package(p *api.PackagePayload) (DiscordPayload, error)
 	return d.createPayload(p.Sender, text, "", p.Package.HTMLURL, color), nil
 }
 
-type discordConvertor struct {
-	Username  string
-	AvatarURL string
-}
-
 var _ shared.PayloadConvertor[DiscordPayload] = discordConvertor{}
 
 func (discordHandler) NewRequest(ctx context.Context, w *webhook_model.Webhook, t *webhook_model.HookTask) (*http.Request, []byte, error) {
@@ -357,7 +365,7 @@ func (d discordConvertor) createPayload(s *api.User, title, text, url string, co
 		Embeds: []DiscordEmbed{
 			{
 				Title:       title,
-				Description: text,
+				Description: base.TruncateString(text, discordDescriptionCharactersLimit),
 				URL:         url,
 				Color:       color,
 				Author: DiscordEmbedAuthor{
diff --git a/services/webhook/discord_test.go b/services/webhook/discord_test.go
index ce3aaa10cf..b04be30bc6 100644
--- a/services/webhook/discord_test.go
+++ b/services/webhook/discord_test.go
@@ -175,7 +175,7 @@ func TestDiscordPayload(t *testing.T) {
 		require.NoError(t, err)
 
 		assert.Len(t, pl.Embeds, 1)
-		assert.Len(t, pl.Embeds[0].Description, 4096)
+		assert.Len(t, pl.Embeds[0].Description, 2000)
 	})
 
 	t.Run("IssueComment", func(t *testing.T) {
diff --git a/templates/package/shared/cargo.tmpl b/templates/package/shared/cargo.tmpl
index 5b0f63965d..8e158d60d8 100644
--- a/templates/package/shared/cargo.tmpl
+++ b/templates/package/shared/cargo.tmpl
@@ -3,25 +3,25 @@
 </h4>
 <div class="ui attached segment">
 	<div class="ui form">
-		{{if .CargoIndexExists}}
 		<div class="field">
-			<label>{{ctx.Locale.Tr "packages.owner.settings.cargo.rebuild.description"}}</label>
+			<label>{{ctx.Locale.Tr "packages.registry.documentation" "Cargo" "https://forgejo.org/docs/latest/user/packages/cargo/"}}</label>
 		</div>
+		{{if .CargoIndexExists}}
 		<form class="field" action="{{.Link}}/cargo/rebuild" method="post">
 			{{.CsrfTokenHtml}}
 			<button class="ui primary button">{{ctx.Locale.Tr "packages.owner.settings.cargo.rebuild"}}</button>
 		</form>
-		{{else}}
 		<div class="field">
-			<label>{{ctx.Locale.Tr "packages.owner.settings.cargo.initialize.description"}}</label>
+			<label>{{ctx.Locale.Tr "packages.owner.settings.cargo.rebuild.description"}}</label>
 		</div>
+		{{else}}
 		<form class="field" action="{{.Link}}/cargo/initialize" method="post">
 			{{.CsrfTokenHtml}}
 			<button class="ui primary button">{{ctx.Locale.Tr "packages.owner.settings.cargo.initialize"}}</button>
 		</form>
-		{{end}}
 		<div class="field">
-			<label>{{ctx.Locale.Tr "packages.registry.documentation" "Cargo" "https://forgejo.org/docs/latest/user/packages/cargo/"}}</label>
+			<label>{{ctx.Locale.Tr "packages.owner.settings.cargo.initialize.description"}}</label>
 		</div>
+		{{end}}
 	</div>
 </div>
diff --git a/templates/projects/list.tmpl b/templates/projects/list.tmpl
index 5a9ba004eb..8c9b7c6e6f 100644
--- a/templates/projects/list.tmpl
+++ b/templates/projects/list.tmpl
@@ -2,11 +2,11 @@
 	<div class="tw-flex tw-justify-between tw-mb-4">
 		<div class="switch list-header-toggle">
 			<a class="item{{if not .IsShowClosed}} active{{end}}" href="?state=open&q={{$.Keyword}}">
-				{{svg "octicon-project-symlink" 16 "tw-mr-2"}}
+				{{svg "octicon-project-symlink" 16}}
 				{{ctx.Locale.PrettyNumber .OpenCount}}&nbsp;{{ctx.Locale.Tr "repo.issues.open_title"}}
 			</a>
 			<a class="item{{if .IsShowClosed}} active{{end}}" href="?state=closed&q={{$.Keyword}}">
-				{{svg "octicon-check" 16 "tw-mr-2"}}
+				{{svg "octicon-check" 16}}
 				{{ctx.Locale.PrettyNumber .ClosedCount}}&nbsp;{{ctx.Locale.Tr "repo.issues.closed_title"}}
 			</a>
 		</div>
diff --git a/templates/repo/branch_dropdown.tmpl b/templates/repo/branch_dropdown.tmpl
index dcb1792485..ac4f8d2b75 100644
--- a/templates/repo/branch_dropdown.tmpl
+++ b/templates/repo/branch_dropdown.tmpl
@@ -77,8 +77,10 @@
 				{{else}}
 					{{if eq $type "tag"}}
 						{{svg "octicon-tag"}}
-					{{else}}
+					{{else if eq $type "branch"}}
 						{{svg "octicon-git-branch"}}
+					{{else}}
+						{{svg "octicon-git-commit"}}
 					{{end}}
 					<strong ref="dropdownRefName" class="tw-ml-2 tw-inline-block gt-ellipsis">{{if and .root.IsViewTag (not .noTag)}}{{.root.TagName}}{{else if .root.IsViewBranch}}{{.root.BranchName}}{{else}}{{ShortSha .root.CommitID}}{{end}}</strong>
 				{{end}}
diff --git a/templates/repo/graph.tmpl b/templates/repo/graph.tmpl
index 739c5954b1..b6211bd5d8 100644
--- a/templates/repo/graph.tmpl
+++ b/templates/repo/graph.tmpl
@@ -48,11 +48,11 @@
 				</div>
 				<div class="switch">
 					<button id="flow-color-monochrome" class="{{if eq .Mode "monochrome"}}active {{end}}item" title="{{ctx.Locale.Tr "repo.commit_graph.monochrome"}}">
-						{{svg "material-invert-colors" 16 "tw-mr-1"}}
+						{{svg "material-invert-colors" 16}}
 						{{ctx.Locale.Tr "repo.commit_graph.monochrome"}}
 					</button>
 					<button id="flow-color-colored" class="{{if ne .Mode "monochrome"}}active {{end}}item" title="{{ctx.Locale.Tr "repo.commit_graph.color"}}">
-						{{svg "material-palette" 16 "tw-mr-1"}}
+						{{svg "material-palette" 16}}
 						{{ctx.Locale.Tr "repo.commit_graph.color"}}
 					</button>
 				</div>
diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl
index d1685f6a79..318630dfbd 100644
--- a/templates/repo/home.tmpl
+++ b/templates/repo/home.tmpl
@@ -158,6 +158,18 @@
 				{{end}}
 			</div>
 		</div>
+
+		{{if .CanSyncFork}}
+			<div class="ui positive message tw-flex tw-items-center">
+				<div class="tw-flex-1">
+					{{ctx.Locale.TrN .ForkCommitsBehind "repo.sync_fork.branch_behind_one" "repo.sync_fork.branch_behind_few" .ForkCommitsBehind (printf "<a href='%s'>%s:%s</a>" .BaseBranchLink .Repository.BaseRepo.FullName .BranchName | SafeHTML)}}
+				</div>
+				<a role="button" class="ui compact positive button tw-m-0" href="{{.SyncForkLink}}">
+					{{ctx.Locale.Tr "repo.sync_fork.button"}}
+				</a>
+			</div>
+		{{end}}
+
 		{{if .IsViewFile}}
 			{{template "repo/view_file" .}}
 		{{else if .IsBlame}}
diff --git a/templates/repo/issue/openclose.tmpl b/templates/repo/issue/openclose.tmpl
index 25f73a857d..5d5cf4140e 100644
--- a/templates/repo/issue/openclose.tmpl
+++ b/templates/repo/issue/openclose.tmpl
@@ -1,21 +1,21 @@
 <div class="switch">
 	<a class="{{if eq .State "open"}}active {{end}}item" href="{{.OpenLink}}" data-test-name="open-issue-count">
 		{{if .PageIsMilestones}}
-			{{svg "octicon-milestone" 16 "tw-mr-2"}}
+			{{svg "octicon-milestone" 16}}
 		{{else if .PageIsPullList}}
-			{{svg "octicon-git-pull-request" 16 "tw-mr-2"}}
+			{{svg "octicon-git-pull-request" 16}}
 		{{else}}
-			{{svg "octicon-issue-opened" 16 "tw-mr-2"}}
+			{{svg "octicon-issue-opened" 16}}
 		{{end}}
 		{{ctx.Locale.PrettyNumber .OpenCount}}&nbsp;{{ctx.Locale.Tr "repo.issues.open_title"}}
 	</a>
 	<a class="{{if eq .State "closed"}}active {{end}}item" href="{{.ClosedLink}}" data-test-name="closed-issue-count">
-		{{svg "octicon-issue-closed" 16 "tw-mr-2"}}
+		{{svg "octicon-issue-closed" 16}}
 		{{ctx.Locale.PrettyNumber .ClosedCount}}&nbsp;{{ctx.Locale.Tr "repo.issues.closed_title"}}
 	</a>
 	{{if not .PageIsMilestones}}
 		<a class="{{if eq .State "all"}}active {{end}}item" href="{{.AllStatesLink}}" data-test-name="all-issue-count">
-			{{svg "octicon-eye" 16 "tw-mr-2"}}
+			{{svg "octicon-eye" 16}}
 			{{ctx.Locale.PrettyNumber (.AllCount)}}&nbsp;{{ctx.Locale.Tr "repo.issues.all_title"}}
 		</a>
 	{{end}}
diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl
index bea517dfa2..f7d4f7c96e 100644
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@@ -526,7 +526,7 @@
 		{{else if eq .Type 27}}
 			{{if or .AddedRequestReview .RemovedRequestReview}}
 				<div class="timeline-item event" id="{{.HashTag}}">
-					<span class="badge">{{svg "octicon-tag"}}</span>
+					<span class="badge">{{svg "octicon-eye"}}</span>
 					{{template "shared/user/avatarlink" dict "user" .Poster}}
 					<span class="text grey muted-links">
 						{{if and (eq (len .RemovedRequestReview) 1) (eq (len .AddedRequestReview) 0) (eq ((index .RemovedRequestReview 0).ID) .PosterID) (eq ((index .RemovedRequestReview 0).Type) "user")}}
@@ -724,7 +724,7 @@
 
 						{{if or .AddedRequestReview .RemovedRequestReview}}
 						<li>
-						<span class="badge">{{svg "octicon-tag" 20}}</span>
+						<span class="badge">{{svg "octicon-eye" 20}}</span>
 						<span class="text grey muted-links">
 
 						{{if and (eq (len .RemovedRequestReview) 1) (eq (len .AddedRequestReview) 0) (eq ((index .RemovedRequestReview 0).ID) .PosterID) (eq ((index .RemovedRequestReview 0).Type) "user")}}
diff --git a/templates/repo/migrate/migrate.tmpl b/templates/repo/migrate/migrate.tmpl
index c5c697edff..9d10bba49d 100644
--- a/templates/repo/migrate/migrate.tmpl
+++ b/templates/repo/migrate/migrate.tmpl
@@ -1,31 +1,26 @@
 {{template "base/head" .}}
 <div role="main" aria-label="{{.Title}}" class="page-content repository new migrate">
-	<div class="ui middle very relaxed page grid">
-		<div class="column">
-			{{template "repo/migrate/helper" .}}
-			<div class="ui cards migrate-entries">
-				{{range .Services}}
-					<a class="ui card migrate-entry tw-flex tw-items-center" href="{{AppSubUrl}}/repo/migrate?service_type={{.}}&org={{$.Org}}&mirror={{$.Mirror}}">
-						{{if eq .Name "github"}}
-							{{svg "octicon-mark-github" 184 "tw-p-4"}}
-						{{else if eq .Name "gitlab"}}
-							{{svg "gitea-gitlab" 184 "tw-p-4"}}
-						{{else if eq .Name "gitbucket"}}
-							{{svg "gitea-gitbucket" 184 "tw-p-4"}}
-						{{else}}
-							{{svg (printf "gitea-%s" .Name) 184}}
-						{{end}}
-						<div class="content">
-							<div class="header tw-text-center">
-								{{.Title}}
-							</div>
-							<div class="description tw-text-center">
-								{{ctx.Locale.Tr (printf "repo.migrate.%s.description" .Name)}}
-							</div>
+	<div class="ui container">
+		<h2 class="tw-mt-4">Migrate repository</h1>
+		{{template "repo/migrate/helper" .}}
+		<div class="migrate-entries">
+			{{range .Services}}
+				<a class="migrate-entry tw-items-center" href="{{AppSubUrl}}/repo/migrate?service_type={{.}}&org={{$.Org}}&mirror={{$.Mirror}}">
+					{{if eq .Name "github"}}
+						{{svg "octicon-mark-github" 184}}
+					{{else}}
+						{{svg (printf "gitea-%s" .Name) 184}}
+					{{end}}
+					<div class="content">
+						<h3>
+							{{.Title}}
+						</h3>
+						<div class="description">
+							{{ctx.Locale.Tr (printf "repo.migrate.%s.description" .Name)}}
 						</div>
-					</a>
-				{{end}}
-			</div>
+					</div>
+				</a>
+			{{end}}
 		</div>
 	</div>
 </div>
diff --git a/templates/shared/combomarkdowneditor.tmpl b/templates/shared/combomarkdowneditor.tmpl
index 1ea22660f7..e9fbb67313 100644
--- a/templates/shared/combomarkdowneditor.tmpl
+++ b/templates/shared/combomarkdowneditor.tmpl
@@ -13,43 +13,46 @@ Template Attributes:
 * EasyMDE: whether to display button for switching to legacy editor
 */}}
 <div {{if .ContainerId}}id="{{.ContainerId}}"{{end}} class="combo-markdown-editor {{.ContainerClasses}}" data-dropzone-parent-container="{{.DropzoneParentContainer}}">
-	{{if .MarkdownPreviewUrl}}
-	<div class="ui top tabular menu">
-		<a href="#" class="active item" data-tab-for="markdown-writer">{{ctx.Locale.Tr "write"}}</a>
-		<a href="#" class="item" data-tab-for="markdown-previewer" data-preview-url="{{.MarkdownPreviewUrl}}" data-preview-context="{{.MarkdownPreviewContext}}">{{ctx.Locale.Tr "preview"}}</a>
-	</div>
-	{{end}}
+
+	<markdown-toolbar>
+		{{if .MarkdownPreviewUrl}}
+		<div class="markdown-toolbar-switch">
+			<div class="switch">
+				<a href="#" class="active item" data-tab-for="markdown-writer">{{ctx.Locale.Tr "write"}}</a>
+				<a href="#" class="item" data-tab-for="markdown-previewer" data-preview-url="{{.MarkdownPreviewUrl}}" data-preview-context="{{.MarkdownPreviewContext}}">{{ctx.Locale.Tr "preview"}}</a>
+			</div>
+		</div>
+		{{end}}
+		<div class="markdown-toolbar-group">
+			<md-header class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.heading.tooltip"}}">{{svg "octicon-heading"}}</md-header>
+			<md-bold class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.bold.tooltip"}}">{{svg "octicon-bold"}}</md-bold>
+			<md-italic class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.italic.tooltip"}}">{{svg "octicon-italic"}}</md-italic>
+		</div>
+		<div class="markdown-toolbar-group">
+			<md-quote class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.quote.tooltip"}}">{{svg "octicon-quote"}}</md-quote>
+			<md-code class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.code.tooltip"}}">{{svg "octicon-code"}}</md-code>
+			<button class="markdown-toolbar-button show-modal button" data-md-button data-md-action="new-link" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.link.tooltip"}}">{{svg "octicon-link"}}</button>
+		</div>
+		<div class="markdown-toolbar-group">
+			<md-unordered-list class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.list.unordered.tooltip"}}">{{svg "octicon-list-unordered"}}</md-unordered-list>
+			<md-ordered-list class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.list.ordered.tooltip"}}">{{svg "octicon-list-ordered"}}</md-ordered-list>
+			<md-task-list class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.list.task.tooltip"}}">{{svg "octicon-tasklist"}}</md-task-list>
+			<button type="button" class="markdown-toolbar-button" data-md-button data-md-action="unindent" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.unindent.tooltip"}}">{{svg "octicon-arrow-left"}}</button>
+			<button type="button" class="markdown-toolbar-button" data-md-button data-md-action="indent" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.indent.tooltip"}}">{{svg "octicon-arrow-right"}}</button>
+		</div>
+		<div class="markdown-toolbar-group">
+			<button type="button" class="markdown-toolbar-button show-modal button" data-md-button data-md-action="new-table" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.new_table.tooltip"}}">{{svg "octicon-table"}}</button>
+			<md-mention class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.mention.tooltip"}}">{{svg "octicon-mention"}}</md-mention>
+			<md-ref class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.ref.tooltip"}}">{{svg "octicon-cross-reference"}}</md-ref>
+		</div>
+		<div class="markdown-toolbar-group">
+			<button class="markdown-toolbar-button markdown-switch-monospace" data-md-button role="switch" data-enable-text="{{ctx.Locale.Tr "editor.buttons.enable_monospace_font"}}" data-disable-text="{{ctx.Locale.Tr "editor.buttons.disable_monospace_font"}}">{{svg "octicon-typography"}}</button>
+			{{if .EasyMDE}}
+				<button class="markdown-toolbar-button markdown-switch-easymde" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.switch_to_legacy.tooltip"}}">{{svg "octicon-arrow-switch"}}</button>
+			{{end}}
+		</div>
+	</markdown-toolbar>
 	<div class="ui tab active" data-tab-panel="markdown-writer">
-		<markdown-toolbar>
-			<div class="markdown-toolbar-group">
-				<md-header class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.heading.tooltip"}}">{{svg "octicon-heading"}}</md-header>
-				<md-bold class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.bold.tooltip"}}">{{svg "octicon-bold"}}</md-bold>
-				<md-italic class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.italic.tooltip"}}">{{svg "octicon-italic"}}</md-italic>
-			</div>
-			<div class="markdown-toolbar-group">
-				<md-quote class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.quote.tooltip"}}">{{svg "octicon-quote"}}</md-quote>
-				<md-code class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.code.tooltip"}}">{{svg "octicon-code"}}</md-code>
-				<button class="markdown-toolbar-button show-modal button" data-md-button data-md-action="new-link" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.link.tooltip"}}">{{svg "octicon-link"}}</button>
-			</div>
-			<div class="markdown-toolbar-group">
-				<md-unordered-list class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.list.unordered.tooltip"}}">{{svg "octicon-list-unordered"}}</md-unordered-list>
-				<md-ordered-list class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.list.ordered.tooltip"}}">{{svg "octicon-list-ordered"}}</md-ordered-list>
-				<md-task-list class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.list.task.tooltip"}}">{{svg "octicon-tasklist"}}</md-task-list>
-				<button type="button" class="markdown-toolbar-button" data-md-button data-md-action="unindent" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.unindent.tooltip"}}">{{svg "octicon-arrow-left"}}</button>
-				<button type="button" class="markdown-toolbar-button" data-md-button data-md-action="indent" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.indent.tooltip"}}">{{svg "octicon-arrow-right"}}</button>
-			</div>
-			<div class="markdown-toolbar-group">
-				<button type="button" class="markdown-toolbar-button show-modal button" data-md-button data-md-action="new-table" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.new_table.tooltip"}}">{{svg "octicon-table"}}</button>
-				<md-mention class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.mention.tooltip"}}">{{svg "octicon-mention"}}</md-mention>
-				<md-ref class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.ref.tooltip"}}">{{svg "octicon-cross-reference"}}</md-ref>
-			</div>
-			<div class="markdown-toolbar-group">
-				<button class="markdown-toolbar-button markdown-switch-monospace" data-md-button role="switch" data-enable-text="{{ctx.Locale.Tr "editor.buttons.enable_monospace_font"}}" data-disable-text="{{ctx.Locale.Tr "editor.buttons.disable_monospace_font"}}">{{svg "octicon-typography"}}</button>
-				{{if .EasyMDE}}
-					<button class="markdown-toolbar-button markdown-switch-easymde" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.switch_to_legacy.tooltip"}}">{{svg "octicon-arrow-switch"}}</button>
-				{{end}}
-			</div>
-		</markdown-toolbar>
 		<text-expander keys=": @" suffix="">
 			<textarea class="markdown-text-editor js-quick-submit"{{if .TextareaName}} name="{{.TextareaName}}"{{end}}{{if .TextareaPlaceholder}} placeholder="{{.TextareaPlaceholder}}"{{end}}{{if .TextareaAriaLabel}} aria-label="{{.TextareaAriaLabel}}"{{end}}{{if .DisableAutosize}} data-disable-autosize="{{.DisableAutosize}}"{{end}}>{{.TextareaContent}}</textarea>
 		</text-expander>
diff --git a/templates/shared/issuelist.tmpl b/templates/shared/issuelist.tmpl
index 53575d82b2..6c0950caff 100644
--- a/templates/shared/issuelist.tmpl
+++ b/templates/shared/issuelist.tmpl
@@ -52,25 +52,27 @@
 					</div>
 					{{end}}
 				</div>
-				<div class="flex-item-body">
-					<a class="index" href="{{if .Link}}{{.Link}}{{else}}{{$.Link}}/{{.Index}}{{end}}">
-						{{if eq $.listType "dashboard"}}
-							{{.Repo.FullName}}#{{.Index}}
+				<div class="flex-item-body issue-meta">
+					<span>
+						<a class="index" href="{{if .Link}}{{.Link}}{{else}}{{$.Link}}/{{.Index}}{{end}}">
+							{{if eq $.listType "dashboard"}}
+								{{.Repo.FullName}}#{{.Index}}
+							{{else}}
+								#{{.Index}}
+							{{end}}
+						</a>
+						{{$timeStr := DateUtils.TimeSince .GetLastEventTimestamp}}
+						{{if .OriginalAuthor}}
+							{{ctx.Locale.Tr .GetLastEventLabelFake $timeStr .OriginalAuthor}}
+						{{else if gt .Poster.ID 0}}
+							{{ctx.Locale.Tr .GetLastEventLabel $timeStr .Poster.HomeLink .Poster.GetDisplayName}}
 						{{else}}
-							#{{.Index}}
+							{{ctx.Locale.Tr .GetLastEventLabelFake $timeStr .Poster.GetDisplayName}}
 						{{end}}
-					</a>
-					{{$timeStr := DateUtils.TimeSince .GetLastEventTimestamp}}
-					{{if .OriginalAuthor}}
-						{{ctx.Locale.Tr .GetLastEventLabelFake $timeStr .OriginalAuthor}}
-					{{else if gt .Poster.ID 0}}
-						{{ctx.Locale.Tr .GetLastEventLabel $timeStr .Poster.HomeLink .Poster.GetDisplayName}}
-					{{else}}
-						{{ctx.Locale.Tr .GetLastEventLabelFake $timeStr .Poster.GetDisplayName}}
-					{{end}}
+					</span>
 					{{if .IsPull}}
-						<div class="branches flex-text-inline">
-							{{svg "gitea-double-chevron-right" 12}}
+						{{svg "gitea-double-chevron-right" 12}}
+						<div class="flex-text-inline issue-meta-branch">
 							<div class="branch">
 								<a href="{{.PullRequest.BaseRepo.Link}}/src/branch/{{PathEscapeSegments .PullRequest.BaseBranch}}">
 									{{/* inline to remove the spaces between spans */}}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index a16deb61a8..d1571d1b13 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -15630,6 +15630,172 @@
         }
       }
     },
+    "/repos/{owner}/{repo}/sync_fork": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Gets information about syncing the fork default branch with the base branch",
+        "operationId": "repoSyncForkDefaultInfo",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/SyncForkInfo"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      },
+      "post": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Syncs the default branch of a fork with the base branch",
+        "operationId": "repoSyncForkDefault",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "$ref": "#/responses/empty"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
+    "/repos/{owner}/{repo}/sync_fork/{branch}": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Gets information about syncing a fork branch with the base branch",
+        "operationId": "repoSyncForkBranchInfo",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "The branch",
+            "name": "branch",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/SyncForkInfo"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      },
+      "post": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Syncs a fork branch with the base branch",
+        "operationId": "repoSyncForkBranch",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "The branch",
+            "name": "branch",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "$ref": "#/responses/empty"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/repos/{owner}/{repo}/tag_protections": {
       "get": {
         "produces": [
@@ -17149,6 +17315,29 @@
         }
       }
     },
+    "/signing-key.ssh": {
+      "get": {
+        "produces": [
+          "text/plain"
+        ],
+        "tags": [
+          "miscellaneous"
+        ],
+        "summary": "Get default signing-key.ssh",
+        "operationId": "getSSHSigningKey",
+        "responses": {
+          "200": {
+            "description": "SSH public key in OpenSSH authorized key format",
+            "schema": {
+              "type": "string"
+            }
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/teams/{id}": {
       "get": {
         "produces": [
@@ -21833,6 +22022,11 @@
           "type": "string",
           "x-go-name": "LastCommitSHA"
         },
+        "last_commit_when": {
+          "type": "string",
+          "format": "date-time",
+          "x-go-name": "LastCommitWhen"
+        },
         "name": {
           "type": "string",
           "x-go-name": "Name"
@@ -27432,6 +27626,30 @@
       },
       "x-go-package": "forgejo.org/modules/structs"
     },
+    "SyncForkInfo": {
+      "description": "SyncForkInfo information about syncing a fork",
+      "type": "object",
+      "properties": {
+        "allowed": {
+          "type": "boolean",
+          "x-go-name": "Allowed"
+        },
+        "base_commit": {
+          "type": "string",
+          "x-go-name": "BaseCommit"
+        },
+        "commits_behind": {
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "CommitsBehind"
+        },
+        "fork_commit": {
+          "type": "string",
+          "x-go-name": "ForkCommit"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
     "Tag": {
       "description": "Tag represents a repository tag",
       "type": "object",
@@ -29211,6 +29429,15 @@
         }
       }
     },
+    "SyncForkInfo": {
+      "description": "SyncForkInfo",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/SyncForkInfo"
+        }
+      }
+    },
     "Tag": {
       "description": "Tag",
       "schema": {
diff --git a/templates/user/dashboard/issues.tmpl b/templates/user/dashboard/issues.tmpl
index e25a9d8219..c76a61c393 100644
--- a/templates/user/dashboard/issues.tmpl
+++ b/templates/user/dashboard/issues.tmpl
@@ -6,11 +6,11 @@
 		<div class="list-header">
 			<div class="switch list-header-toggle">
 				<a class="item{{if not .IsShowClosed}} active{{end}}" href="?type={{$.ViewType}}&sort={{$.SortType}}&state=open&labels={{.SelectLabels}}&q={{$.Keyword}}">
-					{{svg "octicon-issue-opened" 16 "tw-mr-2"}}
+					{{svg "octicon-issue-opened" 16}}
 					{{ctx.Locale.PrettyNumber .IssueStats.OpenCount}}&nbsp;{{ctx.Locale.Tr "repo.issues.open_title"}}
 				</a>
 				<a class="item{{if .IsShowClosed}} active{{end}}" href="?type={{$.ViewType}}&sort={{$.SortType}}&state=closed&labels={{.SelectLabels}}&q={{$.Keyword}}">
-					{{svg "octicon-issue-closed" 16 "tw-mr-2"}}
+					{{svg "octicon-issue-closed" 16}}
 					{{ctx.Locale.PrettyNumber .IssueStats.ClosedCount}}&nbsp;{{ctx.Locale.Tr "repo.issues.closed_title"}}
 				</a>
 			</div>
diff --git a/templates/user/dashboard/milestones.tmpl b/templates/user/dashboard/milestones.tmpl
index b269c63b37..267d5e3534 100644
--- a/templates/user/dashboard/milestones.tmpl
+++ b/templates/user/dashboard/milestones.tmpl
@@ -37,11 +37,11 @@
 				<div class="list-header">
 					<div class="switch list-header-toggle">
 						<a class="item{{if not .IsShowClosed}} active{{end}}" href="?repos=[{{range $.RepoIDs}}{{.}}%2C{{end}}]&sort={{$.SortType}}&state=open&q={{$.Keyword}}">
-							{{svg "octicon-milestone" 16 "tw-mr-2"}}
+							{{svg "octicon-milestone" 16}}
 							{{ctx.Locale.PrettyNumber .MilestoneStats.OpenCount}}&nbsp;{{ctx.Locale.Tr "repo.issues.open_title"}}
 						</a>
 						<a class="item{{if .IsShowClosed}} active{{end}}" href="?repos=[{{range $.RepoIDs}}{{.}}%2C{{end}}]&sort={{$.SortType}}&state=closed&q={{$.Keyword}}">
-							{{svg "octicon-check" 16 "tw-mr-2"}}
+							{{svg "octicon-check" 16}}
 							{{ctx.Locale.PrettyNumber .MilestoneStats.ClosedCount}}&nbsp;{{ctx.Locale.Tr "repo.issues.closed_title"}}
 						</a>
 					</div>
@@ -114,7 +114,7 @@
 											{{ctx.Locale.Tr "repo.milestones.closed" $closedDate}}
 										{{else}}
 											{{if .DeadlineString}}
-												<span{{if .IsOverdue}} class="text red"{{end}}>
+												<span class="flex-text-inline {{if .IsOverdue}}text red{{end}}">
 													{{svg "octicon-calendar" 14}}
 													{{DateUtils.AbsoluteShort (.DeadlineString|DateUtils.ParseLegacy)}}
 												</span>
diff --git a/templates/user/settings/keys_ssh.tmpl b/templates/user/settings/keys_ssh.tmpl
index b8783dead0..420a25cb1d 100644
--- a/templates/user/settings/keys_ssh.tmpl
+++ b/templates/user/settings/keys_ssh.tmpl
@@ -78,15 +78,16 @@
 							<input readonly="" value="{{$.TokenToSign}}">
 							<div class="help">
 								<p>{{ctx.Locale.Tr "settings.ssh_token_help"}}</p>
-								<p><code>echo -n '{{$.TokenToSign}}' | ssh-keygen -Y sign -n gitea -f /path_to_PrivateKey_or_RelatedPublicKey</code></p>
+								<div class="markup"><pre class="code-block"><code>bash -c "echo -n '{{$.TokenToSign}}' | ssh-keygen -Y sign -n gitea -f <(echo '{{.OmitEmail}}')"</code></pre></div>
+								<br>
 								<details>
 									<summary>Windows PowerShell</summary>
-									<p><code>cmd /c "&lt;NUL set /p=`"{{$.TokenToSign}}`"| ssh-keygen -Y sign -n gitea -f /path_to_PrivateKey_or_RelatedPublicKey"</code></p>
+									<div class="markup"><pre class="code-block"><code>cmd /c "&lt;NUL set /p=`"{{$.TokenToSign}}`"| ssh-keygen -Y sign -n gitea -f /path_to_PrivateKey_or_RelatedPublicKey"</code></pre></div>
 								</details>
 								<br>
 								<details>
 									<summary>Windows CMD</summary>
-									<p><code>set /p={{$.TokenToSign}}| ssh-keygen -Y sign -n gitea -f /path_to_PrivateKey_or_RelatedPublicKey</code></p>
+									<div class="markup"><pre class="code-block"><code>set /p={{$.TokenToSign}}| ssh-keygen -Y sign -n gitea -f /path_to_PrivateKey_or_RelatedPublicKey</code></pre></div>
 								</details>
 							</div>
 							<br>
diff --git a/templates/user/settings/packages.tmpl b/templates/user/settings/packages.tmpl
index bd7d69b259..bdfdac8e37 100644
--- a/templates/user/settings/packages.tmpl
+++ b/templates/user/settings/packages.tmpl
@@ -9,14 +9,14 @@
 		<div class="ui attached segment">
 			<div class="ui form">
 				<div class="field">
-					<label>{{ctx.Locale.Tr "packages.owner.settings.chef.keypair.description"}}</label>
+					<label>{{ctx.Locale.Tr "packages.registry.documentation" "Chef" "https://forgejo.org/docs/latest/user/packages/chef/"}}</label>
 				</div>
 				<form class="field" action="{{.Link}}/chef/regenerate_keypair" method="post">
 					{{.CsrfTokenHtml}}
 					<button class="ui primary button">{{ctx.Locale.Tr "packages.owner.settings.chef.keypair"}}</button>
 				</form>
 				<div class="field">
-					<label>{{ctx.Locale.Tr "packages.registry.documentation" "Chef" "https://forgejo.org/docs/latest/user/packages/chef/"}}</label>
+					<label>{{ctx.Locale.Tr "packages.owner.settings.chef.keypair.description"}}</label>
 				</div>
 			</div>
 		</div>
diff --git a/tests/e2e/declare_repos_test.go b/tests/e2e/declare_repos_test.go
index 774b587575..2e6e8e7361 100644
--- a/tests/e2e/declare_repos_test.go
+++ b/tests/e2e/declare_repos_test.go
@@ -13,6 +13,7 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
+	"forgejo.org/modules/indexer/stats"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
@@ -36,6 +37,10 @@ func DeclareGitRepos(t *testing.T) func() {
 			Filename: "testfile",
 			Versions: []string{"hello", "hallo", "hola", "native", "ubuntu-latest", "- runs-on: ubuntu-latest", "- runs-on: debian-latest"},
 		}}),
+		newRepo(t, 2, "language-stats-test", []FileChanges{{
+			Filename: "main.rs",
+			Versions: []string{"fn main() {", "println!(\"Hello World!\");", "}"},
+		}}),
 		newRepo(t, 2, "mentions-highlighted", []FileChanges{
 			{
 				Filename:  "history1.md",
@@ -109,5 +114,8 @@ func newRepo(t *testing.T, userID int64, repoName string, fileChanges []FileChan
 		}
 	}
 
+	err := stats.UpdateRepoIndexer(somerepo)
+	require.NoError(t, err)
+
 	return cleanupFunc
 }
diff --git a/tests/e2e/dimmer.test.e2e.ts b/tests/e2e/dimmer.test.e2e.ts
index 04c6433a5a..9ee6f82c07 100644
--- a/tests/e2e/dimmer.test.e2e.ts
+++ b/tests/e2e/dimmer.test.e2e.ts
@@ -37,3 +37,36 @@ test('Dimmed modal', async ({page}) => {
   await expect(page.locator('.ui.dimmer')).toHaveCount(1);
   await save_visual(page);
 });
+
+test('Dimmed overflow', async ({page}, workerInfo) => {
+  test.skip(['Mobile Safari'].includes(workerInfo.project.name), 'Mouse wheel is not supported in mobile WebKit');
+  await page.goto('/user2/repo1/_new/master/');
+
+  // Type in a file name.
+  await page.locator('#file-name').click();
+  await page.keyboard.type('todo.txt');
+
+  // Scroll to the bottom.
+  const scrollY = await page.evaluate(() => document.body.scrollHeight);
+  await page.mouse.wheel(0, scrollY);
+
+  // Click on 'Commit changes'
+  await page.locator('#commit-button').click();
+
+  // Expect a 'are you sure, this file is empty' modal.
+  await expect(page.locator('.ui.dimmer')).toBeVisible();
+  await expect(page.locator('.ui.dimmer .header')).toContainText('Commit an empty file');
+  await save_visual(page);
+
+  // Trickery to check that the dimmer covers the whole page.
+  const viewport = page.viewportSize();
+  const box = await page.locator('.ui.dimmer').boundingBox();
+  expect(box.x).toBe(0);
+  expect(box.y).toBe(0);
+  expect(box.width).toBe(viewport.width);
+  expect(box.height).toBe(viewport.height);
+
+  // Trickery to check the page cannot be scrolled.
+  const {scrollHeight, clientHeight} = await page.evaluate(() => document.body);
+  expect(scrollHeight).toBe(clientHeight);
+});
diff --git a/tests/e2e/markdown-editor.test.e2e.ts b/tests/e2e/markdown-editor.test.e2e.ts
index 39ced25bc3..c69c9a7f0c 100644
--- a/tests/e2e/markdown-editor.test.e2e.ts
+++ b/tests/e2e/markdown-editor.test.e2e.ts
@@ -39,7 +39,7 @@ test('Markdown image preview behaviour', async ({page}, workerInfo) => {
   await save_visual(page);
 });
 
-test('markdown indentation', async ({page}) => {
+test('Markdown indentation', async ({page}) => {
   const initText = `* first\n* second\n* third\n* last`;
 
   const response = await page.goto('/user2/repo1/issues/new');
@@ -109,7 +109,7 @@ test('markdown indentation', async ({page}) => {
   await expect(textarea).toHaveValue(initText);
 });
 
-test('markdown list continuation', async ({page}) => {
+test('Markdown list continuation', async ({page}) => {
   const initText = `* first\n* second`;
 
   const response = await page.goto('/user2/repo1/issues/new');
@@ -202,7 +202,7 @@ test('markdown list continuation', async ({page}) => {
   }
 });
 
-test('markdown insert table', async ({page}) => {
+test('Markdown insert table', async ({page}) => {
   const response = await page.goto('/user2/repo1/issues/new');
   expect(response?.status()).toBe(200);
 
@@ -225,7 +225,7 @@ test('markdown insert table', async ({page}) => {
   await save_visual(page);
 });
 
-test('markdown insert link', async ({page}) => {
+test('Markdown insert link', async ({page}) => {
   const response = await page.goto('/user2/repo1/issues/new');
   expect(response?.status()).toBe(200);
 
@@ -277,3 +277,43 @@ test('text expander has higher prio then prefix continuation', async ({page}) =>
   await textarea.press('Enter');
   await expect(textarea).toHaveValue(`* first\n* 😸\n* @user2 \n* `);
 });
+
+test('Combo Markdown: preview mode switch', async ({page}) => {
+  // Load page with editor
+  const response = await page.goto('/user2/repo1/issues/new');
+  expect(response?.status()).toBe(200);
+
+  const toolbarItem = page.locator('md-header');
+  const editorPanel = page.locator('[data-tab-panel="markdown-writer"]');
+  const previewPanel = page.locator('[data-tab-panel="markdown-previewer"]');
+
+  // Verify correct visibility of related UI elements
+  await expect(toolbarItem).toBeVisible();
+  await expect(editorPanel).toBeVisible();
+  await expect(previewPanel).toBeHidden();
+
+  // Fill some content
+  const textarea = page.locator('textarea.markdown-text-editor');
+  await textarea.fill('**Content** :100: _100_');
+
+  // Switch to preview mode
+  await page.locator('a[data-tab-for="markdown-previewer"]').click();
+
+  // Verify that the related UI elements were switched correctly
+  await expect(toolbarItem).toBeHidden();
+  await expect(editorPanel).toBeHidden();
+  await expect(previewPanel).toBeVisible();
+  await save_visual(page);
+
+  // Verify that some content rendered
+  await expect(page.locator('[data-tab-panel="markdown-previewer"] .emoji[data-alias="100"]')).toBeVisible();
+
+  // Switch back to edit mode
+  await page.locator('a[data-tab-for="markdown-writer"]').click();
+
+  // Verify that the related UI elements were switched back correctly
+  await expect(toolbarItem).toBeVisible();
+  await expect(editorPanel).toBeVisible();
+  await expect(previewPanel).toBeHidden();
+  await save_visual(page);
+});
diff --git a/tests/e2e/repo-home.e2e.ts b/tests/e2e/repo-home.e2e.ts
deleted file mode 100644
index fbcfe17226..0000000000
--- a/tests/e2e/repo-home.e2e.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-// @watch start
-// web_src/js/features/common-global.js
-// web_src/css/repo.css
-// @watch end
-
-import {expect} from '@playwright/test';
-import {save_visual, test} from './utils_e2e.ts';
-
-test('Language stats bar', async ({page}) => {
-  const response = await page.goto('/user2/repo1');
-  expect(response?.status()).toBe(200);
-
-  await expect(page.locator('#language-stats-legend')).toBeVisible();
-  await save_visual(page);
-
-  await page.click('#language-stats-bar');
-  await expect(page.locator('#language-stats-legend')).toBeHidden();
-  await save_visual(page);
-});
diff --git a/tests/e2e/repo-home.test.e2e.ts b/tests/e2e/repo-home.test.e2e.ts
new file mode 100644
index 0000000000..6f3d6c373b
--- /dev/null
+++ b/tests/e2e/repo-home.test.e2e.ts
@@ -0,0 +1,35 @@
+// @watch start
+// web_src/js/components/RepoBranchTagSelector.vue
+// web_src/js/features/common-global.js
+// web_src/css/repo.css
+// @watch end
+
+import {expect} from '@playwright/test';
+import {save_visual, test} from './utils_e2e.ts';
+
+test('Language stats bar', async ({page}) => {
+  const response = await page.goto('/user2/language-stats-test');
+  expect(response?.status()).toBe(200);
+
+  await expect(page.locator('#language-stats-legend')).toBeHidden();
+
+  await page.click('#language-stats-bar');
+  await expect(page.locator('#language-stats-legend')).toBeVisible();
+  await save_visual(page);
+
+  await page.click('#language-stats-bar');
+  await expect(page.locator('#language-stats-legend')).toBeHidden();
+  await save_visual(page);
+});
+
+test('Branch selector commit icon', async ({page}) => {
+  const response = await page.goto('/user2/repo1');
+  expect(response?.status()).toBe(200);
+
+  await expect(page.locator('.branch-dropdown-button svg.octicon-git-branch')).toBeVisible();
+  await expect(page.locator('.branch-dropdown-button')).toHaveText('master');
+
+  await page.goto('/user2/repo1/src/commit/65f1bf27bc3bf70f64657658635e66094edbcb4d');
+  await expect(page.locator('.branch-dropdown-button svg.octicon-git-commit')).toBeVisible();
+  await expect(page.locator('.branch-dropdown-button')).toHaveText('65f1bf27bc');
+});
diff --git a/tests/e2e/repo-migrate.test.e2e.ts b/tests/e2e/repo-migrate.test.e2e.ts
index b6541179f0..f0be73e777 100644
--- a/tests/e2e/repo-migrate.test.e2e.ts
+++ b/tests/e2e/repo-migrate.test.e2e.ts
@@ -7,6 +7,24 @@ import {test, save_visual, test_context, dynamic_id} from './utils_e2e.ts';
 
 test.use({user: 'user2'});
 
+test('Migration type seleciton screen', async ({page}) => {
+  await page.goto('/repo/migrate');
+
+  // For branding purposes, it is desired that `gitea-` prefixes in SVGs are
+  // replaced with something like `productlogo-`.
+  await expect(page.locator('svg.gitea-git')).toBeVisible();
+  await expect(page.locator('svg.octicon-mark-github')).toBeVisible();
+  await expect(page.locator('svg.gitea-gitlab')).toBeVisible();
+  await expect(page.locator('svg.gitea-forgejo')).toBeVisible();
+  await expect(page.locator('svg.gitea-gitea')).toBeVisible();
+  await expect(page.locator('svg.gitea-gogs')).toBeVisible();
+  await expect(page.locator('svg.gitea-onedev')).toBeVisible();
+  await expect(page.locator('svg.gitea-gitbucket')).toBeVisible();
+  await expect(page.locator('svg.gitea-codebase')).toBeVisible();
+
+  await save_visual(page);
+});
+
 test('Migration Repo Name detection', async ({page}, workerInfo) => {
   test.skip(workerInfo.project.name === 'Mobile Safari', 'Flaky actionability checks on Mobile Safari');
 
diff --git a/tests/integration/api_federation_httpsig_test.go b/tests/integration/api_federation_httpsig_test.go
index 9d66f25102..a7a5ae26ed 100644
--- a/tests/integration/api_federation_httpsig_test.go
+++ b/tests/integration/api_federation_httpsig_test.go
@@ -64,7 +64,7 @@ func TestFederationHttpSigValidation(t *testing.T) {
 			assert.NotNil(t, host)
 			assert.True(t, host.PublicKey.Valid)
 
-			user, err := user.GetFederatedUserByKeyID(db.DefaultContext, actorKeyID)
+			_, user, err := user.FindFederatedUserByKeyID(db.DefaultContext, actorKeyID)
 			require.NoError(t, err)
 			assert.NotNil(t, user)
 			assert.True(t, user.PublicKey.Valid)
diff --git a/tests/integration/api_misc_test.go b/tests/integration/api_misc_test.go
new file mode 100644
index 0000000000..2687a9bb31
--- /dev/null
+++ b/tests/integration/api_misc_test.go
@@ -0,0 +1,38 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/crypto/ssh"
+)
+
+func TestAPISSHSigningKey(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("No signing key", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.SSHInstanceKey, nil)()
+		defer tests.PrintCurrentTest(t)()
+
+		MakeRequest(t, NewRequest(t, "GET", "/api/v1/signing-key.ssh"), http.StatusNotFound)
+	})
+	t.Run("With signing key", func(t *testing.T) {
+		publicKey := "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeRC8GfFyXtiy0f1E7hLv77BXW7e68tFvIcs8/29YqH\n"
+		pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKey))
+		require.NoError(t, err)
+		defer test.MockVariableValue(&setting.SSHInstanceKey, pubKey)()
+		defer tests.PrintCurrentTest(t)()
+
+		resp := MakeRequest(t, NewRequest(t, "GET", "/api/v1/signing-key.ssh"), http.StatusOK)
+		assert.Equal(t, publicKey, resp.Body.String())
+	})
+}
diff --git a/tests/integration/api_repo_file_create_test.go b/tests/integration/api_repo_file_create_test.go
index 2cc05c42bb..4d34e5d43f 100644
--- a/tests/integration/api_repo_file_create_test.go
+++ b/tests/integration/api_repo_file_create_test.go
@@ -177,6 +177,8 @@ func TestAPICreateFile(t *testing.T) {
 			expectedFileResponse := getExpectedFileResponseForCreate("user2/repo1", commitID, treePath, latestCommit.ID.String())
 			var fileResponse api.FileResponse
 			DecodeJSON(t, resp, &fileResponse)
+			// Testify cannot assert time.Time correctly.
+			expectedFileResponse.Content.LastCommitWhen = fileResponse.Content.LastCommitWhen
 			assert.Equal(t, expectedFileResponse.Content, fileResponse.Content)
 			assert.Equal(t, expectedFileResponse.Commit.SHA, fileResponse.Commit.SHA)
 			assert.Equal(t, expectedFileResponse.Commit.HTMLURL, fileResponse.Commit.HTMLURL)
@@ -296,6 +298,8 @@ func TestAPICreateFile(t *testing.T) {
 			latestCommit, _ := gitRepo.GetCommitByPath(treePath)
 			expectedFileResponse := getExpectedFileResponseForCreate("user2/"+reponame, commitID, treePath, latestCommit.ID.String())
 			DecodeJSON(t, resp, &fileResponse)
+			// Testify cannot assert time.Time correctly.
+			expectedFileResponse.Content.LastCommitWhen = fileResponse.Content.LastCommitWhen
 			assert.Equal(t, expectedFileResponse.Content, fileResponse.Content)
 			assert.Equal(t, expectedFileResponse.Commit.SHA, fileResponse.Commit.SHA)
 			assert.Equal(t, expectedFileResponse.Commit.HTMLURL, fileResponse.Commit.HTMLURL)
diff --git a/tests/integration/api_repo_file_update_test.go b/tests/integration/api_repo_file_update_test.go
index b14dfbc565..098d7a3fde 100644
--- a/tests/integration/api_repo_file_update_test.go
+++ b/tests/integration/api_repo_file_update_test.go
@@ -140,6 +140,8 @@ func TestAPIUpdateFile(t *testing.T) {
 			expectedFileResponse := getExpectedFileResponseForUpdate(commitID, treePath, lasCommit.ID.String())
 			var fileResponse api.FileResponse
 			DecodeJSON(t, resp, &fileResponse)
+			// Testify cannot assert time.Time correctly.
+			expectedFileResponse.Content.LastCommitWhen = fileResponse.Content.LastCommitWhen
 			assert.Equal(t, expectedFileResponse.Content, fileResponse.Content)
 			assert.Equal(t, expectedFileResponse.Commit.SHA, fileResponse.Commit.SHA)
 			assert.Equal(t, expectedFileResponse.Commit.HTMLURL, fileResponse.Commit.HTMLURL)
diff --git a/tests/integration/api_repo_files_change_test.go b/tests/integration/api_repo_files_change_test.go
index 1272c3d8bf..1772dec6a6 100644
--- a/tests/integration/api_repo_files_change_test.go
+++ b/tests/integration/api_repo_files_change_test.go
@@ -104,6 +104,10 @@ func TestAPIChangeFiles(t *testing.T) {
 			var filesResponse api.FilesResponse
 			DecodeJSON(t, resp, &filesResponse)
 
+			// Testify cannot assert time.Time correctly.
+			expectedCreateFileResponse.Content.LastCommitWhen = filesResponse.Files[0].LastCommitWhen
+			expectedUpdateFileResponse.Content.LastCommitWhen = filesResponse.Files[1].LastCommitWhen
+
 			// check create file
 			assert.Equal(t, expectedCreateFileResponse.Content, filesResponse.Files[0])
 
diff --git a/tests/integration/api_repo_get_contents_list_test.go b/tests/integration/api_repo_get_contents_list_test.go
index 2073c2cb98..7d010ffdf1 100644
--- a/tests/integration/api_repo_get_contents_list_test.go
+++ b/tests/integration/api_repo_get_contents_list_test.go
@@ -8,6 +8,7 @@ import (
 	"net/url"
 	"path/filepath"
 	"testing"
+	"time"
 
 	auth_model "forgejo.org/models/auth"
 	repo_model "forgejo.org/models/repo"
@@ -32,16 +33,17 @@ func getExpectedContentsListResponseForContents(ref, refType, lastCommitSHA stri
 	downloadURL := setting.AppURL + "user2/repo1/raw/" + refType + "/" + ref + "/" + treePath
 	return []*api.ContentsResponse{
 		{
-			Name:          filepath.Base(treePath),
-			Path:          treePath,
-			SHA:           sha,
-			LastCommitSHA: lastCommitSHA,
-			Type:          "file",
-			Size:          30,
-			URL:           &selfURL,
-			HTMLURL:       &htmlURL,
-			GitURL:        &gitURL,
-			DownloadURL:   &downloadURL,
+			Name:           filepath.Base(treePath),
+			Path:           treePath,
+			SHA:            sha,
+			LastCommitSHA:  lastCommitSHA,
+			LastCommitWhen: time.Date(2017, time.March, 19, 16, 47, 59, 0, time.FixedZone("", -14400)),
+			Type:           "file",
+			Size:           30,
+			URL:            &selfURL,
+			HTMLURL:        &htmlURL,
+			GitURL:         &gitURL,
+			DownloadURL:    &downloadURL,
 			Links: &api.FileLinksResponse{
 				Self:    &selfURL,
 				GitURL:  &gitURL,
diff --git a/tests/integration/api_repo_get_contents_test.go b/tests/integration/api_repo_get_contents_test.go
index 4053828082..47ac4cfc03 100644
--- a/tests/integration/api_repo_get_contents_test.go
+++ b/tests/integration/api_repo_get_contents_test.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"net/url"
 	"testing"
+	"time"
 
 	auth_model "forgejo.org/models/auth"
 	repo_model "forgejo.org/models/repo"
@@ -33,18 +34,19 @@ func getExpectedContentsResponseForContents(ref, refType, lastCommitSHA string)
 	gitURL := setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha
 	downloadURL := setting.AppURL + "user2/repo1/raw/" + refType + "/" + ref + "/" + treePath
 	return &api.ContentsResponse{
-		Name:          treePath,
-		Path:          treePath,
-		SHA:           sha,
-		LastCommitSHA: lastCommitSHA,
-		Type:          "file",
-		Size:          30,
-		Encoding:      &encoding,
-		Content:       &content,
-		URL:           &selfURL,
-		HTMLURL:       &htmlURL,
-		GitURL:        &gitURL,
-		DownloadURL:   &downloadURL,
+		Name:           treePath,
+		Path:           treePath,
+		SHA:            sha,
+		LastCommitSHA:  lastCommitSHA,
+		LastCommitWhen: time.Date(2017, time.March, 19, 16, 47, 59, 0, time.FixedZone("", -14400)),
+		Type:           "file",
+		Size:           30,
+		Encoding:       &encoding,
+		Content:        &content,
+		URL:            &selfURL,
+		HTMLURL:        &htmlURL,
+		GitURL:         &gitURL,
+		DownloadURL:    &downloadURL,
 		Links: &api.FileLinksResponse{
 			Self:    &selfURL,
 			GitURL:  &gitURL,
diff --git a/tests/integration/gpg_git_test.go b/tests/integration/gpg_git_test.go
deleted file mode 100644
index 271c225a3f..0000000000
--- a/tests/integration/gpg_git_test.go
+++ /dev/null
@@ -1,304 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package integration
-
-import (
-	"encoding/base64"
-	"fmt"
-	"net/url"
-	"os"
-	"testing"
-
-	auth_model "forgejo.org/models/auth"
-	"forgejo.org/models/unittest"
-	user_model "forgejo.org/models/user"
-	"forgejo.org/modules/git"
-	"forgejo.org/modules/process"
-	"forgejo.org/modules/setting"
-	api "forgejo.org/modules/structs"
-	"forgejo.org/modules/test"
-	"forgejo.org/tests"
-
-	"github.com/ProtonMail/go-crypto/openpgp"
-	"github.com/ProtonMail/go-crypto/openpgp/armor"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestGPGGit(t *testing.T) {
-	tmpDir := t.TempDir() // use a temp dir to avoid messing with the user's GPG keyring
-	err := os.Chmod(tmpDir, 0o700)
-	require.NoError(t, err)
-
-	t.Setenv("GNUPGHOME", tmpDir)
-	require.NoError(t, err)
-
-	// Need to create a root key
-	rootKeyPair, err := importTestingKey()
-	require.NoError(t, err, "importTestingKey")
-
-	defer test.MockVariableValue(&setting.Repository.Signing.SigningKey, rootKeyPair.PrimaryKey.KeyIdShortString())()
-	defer test.MockVariableValue(&setting.Repository.Signing.SigningName, "gitea")()
-	defer test.MockVariableValue(&setting.Repository.Signing.SigningEmail, "gitea@fake.local")()
-	defer test.MockVariableValue(&setting.Repository.Signing.InitialCommit, []string{"never"})()
-	defer test.MockVariableValue(&setting.Repository.Signing.CRUDActions, []string{"never"})()
-
-	username := "user2"
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: username})
-	baseAPITestContext := NewAPITestContext(t, username, "repo1")
-
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
-		u.Path = baseAPITestContext.GitPath()
-
-		t.Run("Unsigned-Initial", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-unsigned", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
-			t.Run("CheckMasterBranchUnsigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
-				assert.NotNil(t, branch.Commit)
-				assert.NotNil(t, branch.Commit.Verification)
-				assert.False(t, branch.Commit.Verification.Verified)
-				assert.Empty(t, branch.Commit.Verification.Signature)
-			}))
-			t.Run("CreateCRUDFile-Never", crudActionCreateFile(
-				t, testCtx, user, "master", "never", "unsigned-never.txt", func(t *testing.T, response api.FileResponse) {
-					assert.False(t, response.Verification.Verified)
-				}))
-			t.Run("CreateCRUDFile-Never", crudActionCreateFile(
-				t, testCtx, user, "never", "never2", "unsigned-never2.txt", func(t *testing.T, response api.FileResponse) {
-					assert.False(t, response.Verification.Verified)
-				}))
-		})
-
-		setting.Repository.Signing.CRUDActions = []string{"parentsigned"}
-		t.Run("Unsigned-Initial-CRUD-ParentSigned", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-unsigned", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateCRUDFile-ParentSigned", crudActionCreateFile(
-				t, testCtx, user, "master", "parentsigned", "signed-parent.txt", func(t *testing.T, response api.FileResponse) {
-					assert.False(t, response.Verification.Verified)
-				}))
-			t.Run("CreateCRUDFile-ParentSigned", crudActionCreateFile(
-				t, testCtx, user, "parentsigned", "parentsigned2", "signed-parent2.txt", func(t *testing.T, response api.FileResponse) {
-					assert.False(t, response.Verification.Verified)
-				}))
-		})
-
-		setting.Repository.Signing.CRUDActions = []string{"never"}
-		t.Run("Unsigned-Initial-CRUD-Never", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-unsigned", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateCRUDFile-Never", crudActionCreateFile(
-				t, testCtx, user, "parentsigned", "parentsigned-never", "unsigned-never2.txt", func(t *testing.T, response api.FileResponse) {
-					assert.False(t, response.Verification.Verified)
-				}))
-		})
-
-		setting.Repository.Signing.CRUDActions = []string{"always"}
-		t.Run("Unsigned-Initial-CRUD-Always", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-unsigned", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateCRUDFile-Always", crudActionCreateFile(
-				t, testCtx, user, "master", "always", "signed-always.txt", func(t *testing.T, response api.FileResponse) {
-					assert.NotNil(t, response.Verification)
-					if response.Verification == nil {
-						assert.FailNow(t, "no verification provided with response", "response: %v", response)
-					}
-					assert.True(t, response.Verification.Verified)
-					if !response.Verification.Verified {
-						t.FailNow()
-					}
-					assert.Equal(t, "gitea@fake.local", response.Verification.Signer.Email)
-				}))
-			t.Run("CreateCRUDFile-ParentSigned-always", crudActionCreateFile(
-				t, testCtx, user, "parentsigned", "parentsigned-always", "signed-parent2.txt", func(t *testing.T, response api.FileResponse) {
-					assert.NotNil(t, response.Verification)
-					if response.Verification == nil {
-						assert.FailNow(t, "no verification provided with response", "response: %v", response)
-					}
-					assert.True(t, response.Verification.Verified)
-					if !response.Verification.Verified {
-						t.FailNow()
-					}
-					assert.Equal(t, "gitea@fake.local", response.Verification.Signer.Email)
-				}))
-		})
-
-		setting.Repository.Signing.CRUDActions = []string{"parentsigned"}
-		t.Run("Unsigned-Initial-CRUD-ParentSigned", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-unsigned", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateCRUDFile-Always-ParentSigned", crudActionCreateFile(
-				t, testCtx, user, "always", "always-parentsigned", "signed-always-parentsigned.txt", func(t *testing.T, response api.FileResponse) {
-					assert.NotNil(t, response.Verification)
-					if response.Verification == nil {
-						assert.FailNow(t, "no verification provided with response", "response: %v", response)
-					}
-					assert.True(t, response.Verification.Verified)
-					if !response.Verification.Verified {
-						t.FailNow()
-					}
-					assert.Equal(t, "gitea@fake.local", response.Verification.Signer.Email)
-				}))
-		})
-
-		setting.Repository.Signing.InitialCommit = []string{"always"}
-		t.Run("AlwaysSign-Initial", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-always", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
-			t.Run("CheckMasterBranchSigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
-				assert.NotNil(t, branch.Commit)
-				if branch.Commit == nil {
-					assert.FailNow(t, "no commit provided with branch", "branch: %v", branch)
-				}
-				assert.NotNil(t, branch.Commit.Verification)
-				if branch.Commit.Verification == nil {
-					assert.FailNow(t, "no verification provided with branch commit", "commit: %v", branch.Commit)
-				}
-				assert.True(t, branch.Commit.Verification.Verified)
-				if !branch.Commit.Verification.Verified {
-					t.FailNow()
-				}
-				assert.Equal(t, "gitea@fake.local", branch.Commit.Verification.Signer.Email)
-			}))
-		})
-
-		setting.Repository.Signing.CRUDActions = []string{"never"}
-		t.Run("AlwaysSign-Initial-CRUD-Never", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-always-never", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
-			t.Run("CreateCRUDFile-Never", crudActionCreateFile(
-				t, testCtx, user, "master", "never", "unsigned-never.txt", func(t *testing.T, response api.FileResponse) {
-					assert.False(t, response.Verification.Verified)
-				}))
-		})
-
-		setting.Repository.Signing.CRUDActions = []string{"parentsigned"}
-		t.Run("AlwaysSign-Initial-CRUD-ParentSigned-On-Always", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-always-parent", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
-			t.Run("CreateCRUDFile-ParentSigned", crudActionCreateFile(
-				t, testCtx, user, "master", "parentsigned", "signed-parent.txt", func(t *testing.T, response api.FileResponse) {
-					assert.True(t, response.Verification.Verified)
-					if !response.Verification.Verified {
-						t.FailNow()
-						return
-					}
-					assert.Equal(t, "gitea@fake.local", response.Verification.Signer.Email)
-				}))
-		})
-
-		setting.Repository.Signing.CRUDActions = []string{"always"}
-		t.Run("AlwaysSign-Initial-CRUD-Always", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-always-always", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
-			t.Run("CreateCRUDFile-Always", crudActionCreateFile(
-				t, testCtx, user, "master", "always", "signed-always.txt", func(t *testing.T, response api.FileResponse) {
-					assert.True(t, response.Verification.Verified)
-					if !response.Verification.Verified {
-						t.FailNow()
-						return
-					}
-					assert.Equal(t, "gitea@fake.local", response.Verification.Signer.Email)
-				}))
-		})
-
-		setting.Repository.Signing.Merges = []string{"commitssigned"}
-		t.Run("UnsignedMerging", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-unsigned", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreatePullRequest", func(t *testing.T) {
-				pr, err := doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, "master", "never2")(t)
-				require.NoError(t, err)
-				t.Run("MergePR", doAPIMergePullRequest(testCtx, testCtx.Username, testCtx.Reponame, pr.Index))
-			})
-			t.Run("CheckMasterBranchUnsigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
-				assert.NotNil(t, branch.Commit)
-				assert.NotNil(t, branch.Commit.Verification)
-				assert.False(t, branch.Commit.Verification.Verified)
-				assert.Empty(t, branch.Commit.Verification.Signature)
-			}))
-		})
-
-		setting.Repository.Signing.Merges = []string{"basesigned"}
-		t.Run("BaseSignedMerging", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-unsigned", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreatePullRequest", func(t *testing.T) {
-				pr, err := doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, "master", "parentsigned2")(t)
-				require.NoError(t, err)
-				t.Run("MergePR", doAPIMergePullRequest(testCtx, testCtx.Username, testCtx.Reponame, pr.Index))
-			})
-			t.Run("CheckMasterBranchUnsigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
-				assert.NotNil(t, branch.Commit)
-				assert.NotNil(t, branch.Commit.Verification)
-				assert.False(t, branch.Commit.Verification.Verified)
-				assert.Empty(t, branch.Commit.Verification.Signature)
-			}))
-		})
-
-		setting.Repository.Signing.Merges = []string{"commitssigned"}
-		t.Run("CommitsSignedMerging", func(t *testing.T) {
-			defer tests.PrintCurrentTest(t)()
-			testCtx := NewAPITestContext(t, username, "initial-unsigned", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreatePullRequest", func(t *testing.T) {
-				pr, err := doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, "master", "always-parentsigned")(t)
-				require.NoError(t, err)
-				t.Run("MergePR", doAPIMergePullRequest(testCtx, testCtx.Username, testCtx.Reponame, pr.Index))
-			})
-			t.Run("CheckMasterBranchUnsigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
-				assert.NotNil(t, branch.Commit)
-				assert.NotNil(t, branch.Commit.Verification)
-				assert.True(t, branch.Commit.Verification.Verified)
-			}))
-		})
-	})
-}
-
-func crudActionCreateFile(_ *testing.T, ctx APITestContext, user *user_model.User, from, to, path string, callback ...func(*testing.T, api.FileResponse)) func(*testing.T) {
-	return doAPICreateFile(ctx, path, &api.CreateFileOptions{
-		FileOptions: api.FileOptions{
-			BranchName:    from,
-			NewBranchName: to,
-			Message:       fmt.Sprintf("from:%s to:%s path:%s", from, to, path),
-			Author: api.Identity{
-				Name:  user.FullName,
-				Email: user.Email,
-			},
-			Committer: api.Identity{
-				Name:  user.FullName,
-				Email: user.Email,
-			},
-		},
-		ContentBase64: base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("This is new text for %s", path))),
-	}, callback...)
-}
-
-func importTestingKey() (*openpgp.Entity, error) {
-	if _, _, err := process.GetManager().Exec("gpg --import tests/integration/private-testing.key", "gpg", "--import", "tests/integration/private-testing.key"); err != nil {
-		return nil, err
-	}
-	keyringFile, err := os.Open("tests/integration/private-testing.key")
-	if err != nil {
-		return nil, err
-	}
-	defer keyringFile.Close()
-
-	block, err := armor.Decode(keyringFile)
-	if err != nil {
-		return nil, err
-	}
-
-	keyring, err := openpgp.ReadKeyRing(block.Body)
-	if err != nil {
-		return nil, fmt.Errorf("Keyring access failed: '%w'", err)
-	}
-
-	// There should only be one entity in this file.
-	return keyring[0], nil
-}
diff --git a/tests/integration/repo_sync_fork_test.go b/tests/integration/repo_sync_fork_test.go
new file mode 100644
index 0000000000..956494cfc6
--- /dev/null
+++ b/tests/integration/repo_sync_fork_test.go
@@ -0,0 +1,117 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	api "forgejo.org/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func syncForkTest(t *testing.T, forkName, urlPart string, webSync bool) {
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20})
+
+	baseRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	baseUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: baseRepo.OwnerID})
+
+	session := loginUser(t, user.Name)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+	/// Create a new fork
+	req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/forks", baseUser.Name, baseRepo.LowerName), &api.CreateForkOption{Name: &forkName}).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusAccepted)
+
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/%s", user.Name, forkName, urlPart).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	var syncForkInfo *api.SyncForkInfo
+	DecodeJSON(t, resp, &syncForkInfo)
+
+	// This is a new fork, so the commits in both branches should be the same
+	assert.False(t, syncForkInfo.Allowed)
+	assert.Equal(t, syncForkInfo.BaseCommit, syncForkInfo.ForkCommit)
+
+	// Make a commit on the base branch
+	err := createOrReplaceFileInBranch(baseUser, baseRepo, "sync_fork.txt", "master", "Hello")
+	require.NoError(t, err)
+
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/%s", user.Name, forkName, urlPart).AddTokenAuth(token)
+	resp = MakeRequest(t, req, http.StatusOK)
+
+	DecodeJSON(t, resp, &syncForkInfo)
+
+	// The commits should no longer be the same and we can sync
+	assert.True(t, syncForkInfo.Allowed)
+	assert.NotEqual(t, syncForkInfo.BaseCommit, syncForkInfo.ForkCommit)
+
+	// Sync the fork
+	if webSync {
+		session.MakeRequest(t, NewRequestf(t, "GET", "/%s/%s/sync_fork/master", user.Name, forkName), http.StatusSeeOther)
+	} else {
+		req = NewRequestf(t, "POST", "/api/v1/repos/%s/%s/%s", user.Name, forkName, urlPart).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+	}
+
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/%s", user.Name, forkName, urlPart).AddTokenAuth(token)
+	resp = MakeRequest(t, req, http.StatusOK)
+
+	DecodeJSON(t, resp, &syncForkInfo)
+
+	// After the sync both commits should be the same again
+	assert.False(t, syncForkInfo.Allowed)
+	assert.Equal(t, syncForkInfo.BaseCommit, syncForkInfo.ForkCommit)
+}
+
+func TestAPIRepoSyncForkDefault(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		syncForkTest(t, "SyncForkDefault", "sync_fork", false)
+	})
+}
+
+func TestAPIRepoSyncForkBranch(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		syncForkTest(t, "SyncForkBranch", "sync_fork/master", false)
+	})
+}
+
+func TestWebRepoSyncForkBranch(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		syncForkTest(t, "SyncForkBranch", "sync_fork/master", true)
+	})
+}
+
+func TestWebRepoSyncForkHomepage(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		forkName := "SyncForkHomepage"
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20})
+
+		baseRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		baseUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: baseRepo.OwnerID})
+
+		session := loginUser(t, user.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+		/// Create a new fork
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/forks", baseUser.Name, baseRepo.LowerName), &api.CreateForkOption{Name: &forkName}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusAccepted)
+
+		// Make a commit on the base branch
+		err := createOrReplaceFileInBranch(baseUser, baseRepo, "sync_fork.txt", "master", "Hello")
+		require.NoError(t, err)
+
+		resp := session.MakeRequest(t, NewRequestf(t, "GET", "/%s/%s", user.Name, forkName), http.StatusOK)
+
+		assert.Contains(t, resp.Body.String(), fmt.Sprintf("This branch is 1 commit behind <a href='http://localhost:%s/user2/repo1/src/branch/master'>user2/repo1:master</a>", u.Port()))
+	})
+}
diff --git a/tests/integration/repofiles_change_test.go b/tests/integration/repofiles_change_test.go
index 149b8b8d70..bac311f64e 100644
--- a/tests/integration/repofiles_change_test.go
+++ b/tests/integration/repofiles_change_test.go
@@ -108,7 +108,7 @@ func getExpectedFileResponseForRepofilesDelete() *api.FileResponse {
 	}
 }
 
-func getExpectedFileResponseForRepofilesCreate(commitID, lastCommitSHA string) *api.FileResponse {
+func getExpectedFileResponseForRepofilesCreate(commitID, lastCommitSHA string, lastCommitWhen time.Time) *api.FileResponse {
 	treePath := "new/file.txt"
 	encoding := "base64"
 	content := "VGhpcyBpcyBhIE5FVyBmaWxl"
@@ -118,18 +118,19 @@ func getExpectedFileResponseForRepofilesCreate(commitID, lastCommitSHA string) *
 	downloadURL := setting.AppURL + "user2/repo1/raw/branch/master/" + treePath
 	return &api.FileResponse{
 		Content: &api.ContentsResponse{
-			Name:          filepath.Base(treePath),
-			Path:          treePath,
-			SHA:           "103ff9234cefeee5ec5361d22b49fbb04d385885",
-			LastCommitSHA: lastCommitSHA,
-			Type:          "file",
-			Size:          18,
-			Encoding:      &encoding,
-			Content:       &content,
-			URL:           &selfURL,
-			HTMLURL:       &htmlURL,
-			GitURL:        &gitURL,
-			DownloadURL:   &downloadURL,
+			Name:           filepath.Base(treePath),
+			Path:           treePath,
+			SHA:            "103ff9234cefeee5ec5361d22b49fbb04d385885",
+			LastCommitSHA:  lastCommitSHA,
+			LastCommitWhen: lastCommitWhen,
+			Type:           "file",
+			Size:           18,
+			Encoding:       &encoding,
+			Content:        &content,
+			URL:            &selfURL,
+			HTMLURL:        &htmlURL,
+			GitURL:         &gitURL,
+			DownloadURL:    &downloadURL,
 			Links: &api.FileLinksResponse{
 				Self:    &selfURL,
 				GitURL:  &gitURL,
@@ -177,7 +178,7 @@ func getExpectedFileResponseForRepofilesCreate(commitID, lastCommitSHA string) *
 	}
 }
 
-func getExpectedFileResponseForRepofilesUpdate(commitID, filename, lastCommitSHA string) *api.FileResponse {
+func getExpectedFileResponseForRepofilesUpdate(commitID, filename, lastCommitSHA string, lastCommitWhen time.Time) *api.FileResponse {
 	encoding := "base64"
 	content := "VGhpcyBpcyBVUERBVEVEIGNvbnRlbnQgZm9yIHRoZSBSRUFETUUgZmlsZQ=="
 	selfURL := setting.AppURL + "api/v1/repos/user2/repo1/contents/" + filename + "?ref=master"
@@ -186,18 +187,19 @@ func getExpectedFileResponseForRepofilesUpdate(commitID, filename, lastCommitSHA
 	downloadURL := setting.AppURL + "user2/repo1/raw/branch/master/" + filename
 	return &api.FileResponse{
 		Content: &api.ContentsResponse{
-			Name:          filename,
-			Path:          filename,
-			SHA:           "dbf8d00e022e05b7e5cf7e535de857de57925647",
-			LastCommitSHA: lastCommitSHA,
-			Type:          "file",
-			Size:          43,
-			Encoding:      &encoding,
-			Content:       &content,
-			URL:           &selfURL,
-			HTMLURL:       &htmlURL,
-			GitURL:        &gitURL,
-			DownloadURL:   &downloadURL,
+			Name:           filename,
+			Path:           filename,
+			SHA:            "dbf8d00e022e05b7e5cf7e535de857de57925647",
+			LastCommitSHA:  lastCommitSHA,
+			LastCommitWhen: lastCommitWhen,
+			Type:           "file",
+			Size:           43,
+			Encoding:       &encoding,
+			Content:        &content,
+			URL:            &selfURL,
+			HTMLURL:        &htmlURL,
+			GitURL:         &gitURL,
+			DownloadURL:    &downloadURL,
 			Links: &api.FileLinksResponse{
 				Self:    &selfURL,
 				GitURL:  &gitURL,
@@ -264,7 +266,7 @@ func TestChangeRepoFiles(t *testing.T) {
 			require.NoError(t, err)
 			lastCommit, err := gitRepo.GetCommitByPath("new/file.txt")
 			require.NoError(t, err)
-			expectedFileResponse := getExpectedFileResponseForRepofilesCreate(commitID, lastCommit.ID.String())
+			expectedFileResponse := getExpectedFileResponseForRepofilesCreate(commitID, lastCommit.ID.String(), lastCommit.Committer.When)
 			assert.Equal(t, expectedFileResponse.Content, filesResponse.Files[0])
 			assert.Equal(t, expectedFileResponse.Commit.SHA, filesResponse.Commit.SHA)
 			assert.Equal(t, expectedFileResponse.Commit.HTMLURL, filesResponse.Commit.HTMLURL)
@@ -282,7 +284,7 @@ func TestChangeRepoFiles(t *testing.T) {
 			require.NoError(t, err)
 			lastCommit, err := commit.GetCommitByPath(opts.Files[0].TreePath)
 			require.NoError(t, err)
-			expectedFileResponse := getExpectedFileResponseForRepofilesUpdate(commit.ID.String(), opts.Files[0].TreePath, lastCommit.ID.String())
+			expectedFileResponse := getExpectedFileResponseForRepofilesUpdate(commit.ID.String(), opts.Files[0].TreePath, lastCommit.ID.String(), lastCommit.Committer.When)
 			assert.Equal(t, expectedFileResponse.Content, filesResponse.Files[0])
 			assert.Equal(t, expectedFileResponse.Commit.SHA, filesResponse.Commit.SHA)
 			assert.Equal(t, expectedFileResponse.Commit.HTMLURL, filesResponse.Commit.HTMLURL)
@@ -303,7 +305,7 @@ func TestChangeRepoFiles(t *testing.T) {
 			require.NoError(t, err)
 			lastCommit, err := commit.GetCommitByPath(opts.Files[0].TreePath)
 			require.NoError(t, err)
-			expectedFileResponse := getExpectedFileResponseForRepofilesUpdate(commit.ID.String(), opts.Files[0].TreePath, lastCommit.ID.String())
+			expectedFileResponse := getExpectedFileResponseForRepofilesUpdate(commit.ID.String(), opts.Files[0].TreePath, lastCommit.ID.String(), lastCommit.Committer.When)
 
 			// assert that the old file no longer exists in the last commit of the branch
 			fromEntry, err := commit.GetTreeEntryByPath(opts.Files[0].FromTreePath)
@@ -339,7 +341,7 @@ func TestChangeRepoFiles(t *testing.T) {
 
 			commit, _ := gitRepo.GetBranchCommit(repo.DefaultBranch)
 			lastCommit, _ := commit.GetCommitByPath(opts.Files[0].TreePath)
-			expectedFileResponse := getExpectedFileResponseForRepofilesUpdate(commit.ID.String(), opts.Files[0].TreePath, lastCommit.ID.String())
+			expectedFileResponse := getExpectedFileResponseForRepofilesUpdate(commit.ID.String(), opts.Files[0].TreePath, lastCommit.ID.String(), lastCommit.Committer.When)
 			assert.Equal(t, expectedFileResponse.Content, filesResponse.Files[0])
 		})
 
diff --git a/tests/integration/signing_git_test.go b/tests/integration/signing_git_test.go
new file mode 100644
index 0000000000..bc662ee3bb
--- /dev/null
+++ b/tests/integration/signing_git_test.go
@@ -0,0 +1,330 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"net/url"
+	"os"
+	"path/filepath"
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
+	"forgejo.org/modules/process"
+	"forgejo.org/modules/setting"
+	api "forgejo.org/modules/structs"
+	"forgejo.org/modules/test"
+	"forgejo.org/tests"
+
+	"github.com/ProtonMail/go-crypto/openpgp"
+	"github.com/ProtonMail/go-crypto/openpgp/armor"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/crypto/ssh"
+)
+
+func TestInstanceSigning(t *testing.T) {
+	t.Cleanup(func() {
+		// Cannot use t.Context(), it is in the done state.
+		require.NoError(t, git.InitFull(context.Background())) //nolint:usetesting
+	})
+
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		defer test.MockVariableValue(&setting.Repository.Signing.SigningName, "UwU")()
+		defer test.MockVariableValue(&setting.Repository.Signing.SigningEmail, "fox@example.com")()
+		defer test.MockProtect(&setting.Repository.Signing.InitialCommit)()
+		defer test.MockProtect(&setting.Repository.Signing.CRUDActions)()
+
+		t.Run("SSH", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			pubKeyContent, err := os.ReadFile("tests/integration/ssh-signing-key.pub")
+			require.NoError(t, err)
+
+			pubKey, _, _, _, err := ssh.ParseAuthorizedKey(pubKeyContent)
+			require.NoError(t, err)
+			signingKeyPath, err := filepath.Abs("tests/integration/ssh-signing-key")
+			require.NoError(t, err)
+			require.NoError(t, os.Chmod(signingKeyPath, 0o600))
+			defer test.MockVariableValue(&setting.SSHInstanceKey, pubKey)()
+			defer test.MockVariableValue(&setting.Repository.Signing.Format, "ssh")()
+			defer test.MockVariableValue(&setting.Repository.Signing.SigningKey, signingKeyPath)()
+
+			// Ensure the git config is updated with the new signing format.
+			require.NoError(t, git.InitFull(t.Context()))
+
+			forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
+				u2 := *u
+				testCRUD(t, &u2, "ssh", objectFormat)
+			})
+		})
+
+		t.Run("PGP", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			// Use a new GNUPGPHOME to avoid messing with the existing GPG keyring.
+			tmpDir := t.TempDir()
+			require.NoError(t, os.Chmod(tmpDir, 0o700))
+			t.Setenv("GNUPGHOME", tmpDir)
+
+			rootKeyPair, err := importTestingKey()
+			require.NoError(t, err)
+			defer test.MockVariableValue(&setting.Repository.Signing.SigningKey, rootKeyPair.PrimaryKey.KeyIdShortString())()
+			defer test.MockVariableValue(&setting.Repository.Signing.Format, "openpgp")()
+
+			// Ensure the git config is updated with the new signing format.
+			require.NoError(t, git.InitFull(t.Context()))
+
+			forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
+				u2 := *u
+				testCRUD(t, &u2, "pgp", objectFormat)
+			})
+		})
+	})
+}
+
+func testCRUD(t *testing.T, u *url.URL, signingFormat string, objectFormat git.ObjectFormat) {
+	t.Helper()
+	setting.Repository.Signing.CRUDActions = []string{"never"}
+	setting.Repository.Signing.InitialCommit = []string{"never"}
+
+	username := "user2"
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: username})
+	baseAPITestContext := NewAPITestContext(t, username, "repo1")
+	u.Path = baseAPITestContext.GitPath()
+
+	suffix := "-" + signingFormat + "-" + objectFormat.Name()
+
+	t.Run("Unsigned-Initial", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		testCtx := NewAPITestContext(t, username, "initial-unsigned"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreateRepository", doAPICreateRepository(testCtx, false, objectFormat))
+		t.Run("CheckMasterBranchUnsigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
+			assert.NotNil(t, branch.Commit)
+			assert.NotNil(t, branch.Commit.Verification)
+			assert.False(t, branch.Commit.Verification.Verified)
+			assert.Empty(t, branch.Commit.Verification.Signature)
+		}))
+		t.Run("CreateCRUDFile-Never", crudActionCreateFile(
+			t, testCtx, user, "master", "never", "unsigned-never.txt", func(t *testing.T, response api.FileResponse) {
+				assert.False(t, response.Verification.Verified)
+			}))
+		t.Run("CreateCRUDFile-Never", crudActionCreateFile(
+			t, testCtx, user, "never", "never2", "unsigned-never2.txt", func(t *testing.T, response api.FileResponse) {
+				assert.False(t, response.Verification.Verified)
+			}))
+	})
+
+	t.Run("Unsigned-Initial-CRUD-ParentSigned", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.CRUDActions = []string{"parentsigned"}
+
+		testCtx := NewAPITestContext(t, username, "initial-unsigned"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreateCRUDFile-ParentSigned", crudActionCreateFile(
+			t, testCtx, user, "master", "parentsigned", "signed-parent.txt", func(t *testing.T, response api.FileResponse) {
+				assert.False(t, response.Verification.Verified)
+			}))
+		t.Run("CreateCRUDFile-ParentSigned", crudActionCreateFile(
+			t, testCtx, user, "parentsigned", "parentsigned2", "signed-parent2.txt", func(t *testing.T, response api.FileResponse) {
+				assert.False(t, response.Verification.Verified)
+			}))
+	})
+
+	t.Run("Unsigned-Initial-CRUD-Never", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.InitialCommit = []string{"never"}
+
+		testCtx := NewAPITestContext(t, username, "initial-unsigned"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreateCRUDFile-Never", crudActionCreateFile(
+			t, testCtx, user, "parentsigned", "parentsigned-never", "unsigned-never2.txt", func(t *testing.T, response api.FileResponse) {
+				assert.False(t, response.Verification.Verified)
+			}))
+	})
+
+	t.Run("Unsigned-Initial-CRUD-Always", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.CRUDActions = []string{"always"}
+
+		testCtx := NewAPITestContext(t, username, "initial-unsigned"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreateCRUDFile-Always", crudActionCreateFile(
+			t, testCtx, user, "master", "always", "signed-always.txt", func(t *testing.T, response api.FileResponse) {
+				require.NotNil(t, response.Verification)
+				assert.True(t, response.Verification.Verified)
+				assert.Equal(t, "fox@example.com", response.Verification.Signer.Email)
+			}))
+		t.Run("CreateCRUDFile-ParentSigned-always", crudActionCreateFile(
+			t, testCtx, user, "parentsigned", "parentsigned-always", "signed-parent2.txt", func(t *testing.T, response api.FileResponse) {
+				require.NotNil(t, response.Verification)
+				assert.True(t, response.Verification.Verified)
+				assert.Equal(t, "fox@example.com", response.Verification.Signer.Email)
+			}))
+	})
+
+	t.Run("Unsigned-Initial-CRUD-ParentSigned", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.CRUDActions = []string{"parentsigned"}
+
+		testCtx := NewAPITestContext(t, username, "initial-unsigned"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreateCRUDFile-Always-ParentSigned", crudActionCreateFile(
+			t, testCtx, user, "always", "always-parentsigned", "signed-always-parentsigned.txt", func(t *testing.T, response api.FileResponse) {
+				require.NotNil(t, response.Verification)
+				assert.True(t, response.Verification.Verified)
+				assert.Equal(t, "fox@example.com", response.Verification.Signer.Email)
+			}))
+	})
+
+	t.Run("AlwaysSign-Initial", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.InitialCommit = []string{"always"}
+
+		testCtx := NewAPITestContext(t, username, "initial-always"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreateRepository", doAPICreateRepository(testCtx, false, objectFormat))
+		t.Run("CheckMasterBranchSigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
+			require.NotNil(t, branch.Commit)
+			require.NotNil(t, branch.Commit.Verification)
+			assert.True(t, branch.Commit.Verification.Verified)
+			assert.Equal(t, "fox@example.com", branch.Commit.Verification.Signer.Email)
+		}))
+	})
+
+	t.Run("AlwaysSign-Initial-CRUD-Never", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.CRUDActions = []string{"never"}
+
+		testCtx := NewAPITestContext(t, username, "initial-always-never"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreateRepository", doAPICreateRepository(testCtx, false, objectFormat))
+		t.Run("CreateCRUDFile-Never", crudActionCreateFile(
+			t, testCtx, user, "master", "never", "unsigned-never.txt", func(t *testing.T, response api.FileResponse) {
+				assert.False(t, response.Verification.Verified)
+			}))
+	})
+
+	t.Run("AlwaysSign-Initial-CRUD-ParentSigned-On-Always", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.CRUDActions = []string{"parentsigned"}
+
+		testCtx := NewAPITestContext(t, username, "initial-always-parent"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreateRepository", doAPICreateRepository(testCtx, false, objectFormat))
+		t.Run("CreateCRUDFile-ParentSigned", crudActionCreateFile(
+			t, testCtx, user, "master", "parentsigned", "signed-parent.txt", func(t *testing.T, response api.FileResponse) {
+				assert.True(t, response.Verification.Verified)
+				assert.Equal(t, "fox@example.com", response.Verification.Signer.Email)
+			}))
+	})
+
+	t.Run("AlwaysSign-Initial-CRUD-Always", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.CRUDActions = []string{"always"}
+
+		testCtx := NewAPITestContext(t, username, "initial-always-always"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreateRepository", doAPICreateRepository(testCtx, false, objectFormat))
+		t.Run("CreateCRUDFile-Always", crudActionCreateFile(
+			t, testCtx, user, "master", "always", "signed-always.txt", func(t *testing.T, response api.FileResponse) {
+				assert.True(t, response.Verification.Verified)
+				assert.Equal(t, "fox@example.com", response.Verification.Signer.Email)
+			}))
+	})
+
+	t.Run("UnsignedMerging", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.Merges = []string{"commitssigned"}
+
+		testCtx := NewAPITestContext(t, username, "initial-unsigned"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreatePullRequest", func(t *testing.T) {
+			pr, err := doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, "master", "never2")(t)
+			require.NoError(t, err)
+			t.Run("MergePR", doAPIMergePullRequest(testCtx, testCtx.Username, testCtx.Reponame, pr.Index))
+		})
+		t.Run("CheckMasterBranchUnsigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
+			require.NotNil(t, branch.Commit)
+			require.NotNil(t, branch.Commit.Verification)
+			assert.False(t, branch.Commit.Verification.Verified)
+			assert.Empty(t, branch.Commit.Verification.Signature)
+		}))
+	})
+
+	t.Run("BaseSignedMerging", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.Merges = []string{"basesigned"}
+
+		testCtx := NewAPITestContext(t, username, "initial-unsigned"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreatePullRequest", func(t *testing.T) {
+			pr, err := doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, "master", "parentsigned2")(t)
+			require.NoError(t, err)
+			t.Run("MergePR", doAPIMergePullRequest(testCtx, testCtx.Username, testCtx.Reponame, pr.Index))
+		})
+		t.Run("CheckMasterBranchUnsigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
+			require.NotNil(t, branch.Commit)
+			require.NotNil(t, branch.Commit.Verification)
+			assert.False(t, branch.Commit.Verification.Verified)
+			assert.Empty(t, branch.Commit.Verification.Signature)
+		}))
+	})
+
+	t.Run("CommitsSignedMerging", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		setting.Repository.Signing.Merges = []string{"commitssigned"}
+
+		testCtx := NewAPITestContext(t, username, "initial-unsigned"+suffix, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		t.Run("CreatePullRequest", func(t *testing.T) {
+			pr, err := doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, "master", "always-parentsigned")(t)
+			require.NoError(t, err)
+			t.Run("MergePR", doAPIMergePullRequest(testCtx, testCtx.Username, testCtx.Reponame, pr.Index))
+		})
+		t.Run("CheckMasterBranchUnsigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
+			require.NotNil(t, branch.Commit)
+			require.NotNil(t, branch.Commit.Verification)
+			assert.True(t, branch.Commit.Verification.Verified)
+		}))
+	})
+}
+
+func crudActionCreateFile(_ *testing.T, ctx APITestContext, user *user_model.User, from, to, path string, callback ...func(*testing.T, api.FileResponse)) func(*testing.T) {
+	return doAPICreateFile(ctx, path, &api.CreateFileOptions{
+		FileOptions: api.FileOptions{
+			BranchName:    from,
+			NewBranchName: to,
+			Message:       fmt.Sprintf("from:%s to:%s path:%s", from, to, path),
+			Author: api.Identity{
+				Name:  user.FullName,
+				Email: user.Email,
+			},
+			Committer: api.Identity{
+				Name:  user.FullName,
+				Email: user.Email,
+			},
+		},
+		ContentBase64: base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("This is new text for %s", path))),
+	}, callback...)
+}
+
+func importTestingKey() (*openpgp.Entity, error) {
+	if _, _, err := process.GetManager().Exec("gpg --import tests/integration/private-testing.key", "gpg", "--import", "tests/integration/private-testing.key"); err != nil {
+		return nil, err
+	}
+	keyringFile, err := os.Open("tests/integration/private-testing.key")
+	if err != nil {
+		return nil, err
+	}
+	defer keyringFile.Close()
+
+	block, err := armor.Decode(keyringFile)
+	if err != nil {
+		return nil, err
+	}
+
+	keyring, err := openpgp.ReadKeyRing(block.Body)
+	if err != nil {
+		return nil, fmt.Errorf("Keyring access failed: '%w'", err)
+	}
+
+	// There should only be one entity in this file.
+	return keyring[0], nil
+}
diff --git a/tests/integration/ssh-signing-key b/tests/integration/ssh-signing-key
new file mode 100644
index 0000000000..e67df477c5
--- /dev/null
+++ b/tests/integration/ssh-signing-key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBXkQvBnxcl7YstH9RO4S7++wV1u3uvLRbyHLPP9vWKhwAAAJhlmhmkZZoZ
+pAAAAAtzc2gtZWQyNTUxOQAAACBXkQvBnxcl7YstH9RO4S7++wV1u3uvLRbyHLPP9vWKhw
+AAAEDnOTuE2rDECN+2OsuUbQgGrMSY22tn+IF5JG5nuyJinVeRC8GfFyXtiy0f1E7hLv77
+BXW7e68tFvIcs8/29YqHAAAAE2d1c3RlZEBndXN0ZWQtYmVhc3QBAg==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/tests/integration/ssh-signing-key.pub b/tests/integration/ssh-signing-key.pub
new file mode 100644
index 0000000000..3d1ab60b47
--- /dev/null
+++ b/tests/integration/ssh-signing-key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeRC8GfFyXtiy0f1E7hLv77BXW7e68tFvIcs8/29YqH
diff --git a/tests/integration/size_translations_test.go b/tests/integration/translations_test.go
similarity index 77%
rename from tests/integration/size_translations_test.go
rename to tests/integration/translations_test.go
index d34cd0b490..9cfa3423b7 100644
--- a/tests/integration/size_translations_test.go
+++ b/tests/integration/translations_test.go
@@ -1,6 +1,5 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
+// SPDX-License-Identifier: GPL-3.0-or-later
 package integration
 
 import (
@@ -13,6 +12,7 @@ import (
 
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/translation/i18n"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
@@ -20,6 +20,29 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+func TestMissingTranslationHandling(t *testing.T) {
+	// Currently new languages can only be added to localestore via AddLocaleByIni
+	// so this line is here to make the other one work. When INI locales are removed,
+	// it will not be needed by this test.
+	i18n.DefaultLocales.AddLocaleByIni("fun", "Funlang", nil, []byte(""), nil)
+
+	// Add a testing locale to the store
+	i18n.DefaultLocales.AddToLocaleFromJSON("fun", []byte(`{
+		"meta.last_line": "This language only has one line that is never used by the UI. It will never have a translation for incorrect_root_url"
+	}`))
+
+	// Get "fun" locale, make sure it's available
+	funLocale, found := i18n.DefaultLocales.Locale("fun")
+	assert.True(t, found)
+
+	// Get translation for a string that this locale doesn't have
+	s := funLocale.TrString("incorrect_root_url")
+
+	// Verify fallback to English
+	assert.True(t, strings.HasPrefix(s, "This Forgejo instance"))
+}
+
+// TestDataSizeTranslation is a test for usage of TrSize in file size display
 func TestDataSizeTranslation(t *testing.T) {
 	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
 		testUser := "user2"
@@ -103,14 +126,14 @@ func testFileSizeTranslated(t *testing.T, session *TestSession, filePath, correc
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
 	// Check if file size is translated
-	sizeCorrent := false
+	sizeCorrect := false
 	fileInfo := NewHTMLParser(t, resp.Body).Find(".file-info .file-info-entry")
 	fileInfo.Each(func(i int, info *goquery.Selection) {
 		infoText := strings.TrimSpace(info.Text())
 		if infoText == correctSize {
-			sizeCorrent = true
+			sizeCorrect = true
 		}
 	})
 
-	assert.True(t, sizeCorrent)
+	assert.True(t, sizeCorrect)
 }
diff --git a/tools/generate-images.js b/tools/generate-images.js
index d28e0916f7..06f05892fb 100755
--- a/tools/generate-images.js
+++ b/tools/generate-images.js
@@ -1,9 +1,8 @@
-#!/usr/bin/env node
-import imageminZopfli from 'imagemin-zopfli'; // eslint-disable-line import-x/no-unresolved
-import {loadSVGFromString, Canvas, Rect, util} from 'fabric/node'; // eslint-disable-line import-x/no-unresolved
 import {optimize} from 'svgo';
 import {readFile, writeFile} from 'node:fs/promises';
-import {argv, exit} from 'node:process';
+import {exit} from 'node:process';
+import SharpConstructor from 'sharp';
+import {fileURLToPath} from 'node:url';
 
 function doExit(err) {
   if (err) console.error(err);
@@ -28,36 +27,14 @@ async function generate(svg, path, {size, bg}) {
     return;
   }
 
-  const {objects, options} = await loadSVGFromString(svg);
-  const canvas = new Canvas();
-  canvas.setDimensions({width: size, height: size});
-  const ctx = canvas.getContext('2d');
-  ctx.scale(options.width ? (size / options.width) : 1, options.height ? (size / options.height) : 1);
-
+  let sharp = (new SharpConstructor(Buffer.from(svg))).resize(size, size).png({compressionLevel: 9, palette: true, effort: 10, quality: 80});
   if (bg) {
-    canvas.add(new Rect({
-      left: 0,
-      top: 0,
-      height: size * (1 / (size / options.height)),
-      width: size * (1 / (size / options.width)),
-      fill: 'white',
-    }));
+    sharp = sharp.flatten({background: 'white'});
   }
-
-  canvas.add(util.groupSVGElements(objects, options));
-  canvas.renderAll();
-
-  let png = Buffer.from([]);
-  for await (const chunk of canvas.createPNGStream()) {
-    png = Buffer.concat([png, chunk]);
-  }
-
-  png = await imageminZopfli({more: true})(png);
-  await writeFile(outputFile, png);
+  sharp.toFile(fileURLToPath(outputFile), (err) => err !== null && console.error(err) && exit(1));
 }
 
 async function main() {
-  const gitea = argv.slice(2).includes('gitea');
   const logoSvg = await readFile(new URL('../assets/logo.svg', import.meta.url), 'utf8');
   const faviconSvg = await readFile(new URL('../assets/favicon.svg', import.meta.url), 'utf8');
 
@@ -68,7 +45,6 @@ async function main() {
     generate(faviconSvg, '../public/assets/img/favicon.png', {size: 180}),
     generate(logoSvg, '../public/assets/img/avatar_default.png', {size: 200}),
     generate(logoSvg, '../public/assets/img/apple-touch-icon.png', {size: 180, bg: true}),
-    gitea && generate(logoSvg, '../public/assets/img/gitea.svg', {size: 32}),
   ]);
 }
 
diff --git a/web_src/css/base.css b/web_src/css/base.css
index bfe8cd54ae..559a035c2c 100644
--- a/web_src/css/base.css
+++ b/web_src/css/base.css
@@ -18,6 +18,7 @@
   /* other variables */
   --border-radius: 4px;
   --border-radius-medium: 6px;
+  --border-radius-large: 25px;
   --border-radius-full: 99999px; /* TODO: use calc(infinity * 1px) */
   --opacity-disabled: 0.55;
   --height-loading: 16rem;
@@ -1053,10 +1054,11 @@ overflow-menu .overflow-menu-items {
 
 overflow-menu .overflow-menu-items .item {
   margin-bottom: 0 !important; /* reset fomantic's margin, because the active menu has special bottom border */
+  height: 100%;
 }
 
 overflow-menu .overflow-menu-items .item > .svg {
-  align-self: baseline;
+  align-self: center;
 }
 
 overflow-menu .ui.label {
@@ -1282,10 +1284,6 @@ svg.text.purple,
   width: 100%;
 }
 
-.migrate .svg.gitea-git {
-  color: var(--color-git);
-}
-
 .color-icon {
   display: inline-block;
   border-radius: var(--border-radius-full);
@@ -1363,10 +1361,6 @@ table th[data-sortt-desc] .svg {
   border-color: var(--color-secondary);
 }
 
-.ui.tabular.menu .item {
-  height: 100%;
-}
-
 .ui.tabular.menu .item,
 .ui.secondary.pointing.menu .item {
   padding: 11px 12px !important;
diff --git a/web_src/css/editor/combomarkdowneditor.css b/web_src/css/editor/combomarkdowneditor.css
index f190c7eb1f..b151080c64 100644
--- a/web_src/css/editor/combomarkdowneditor.css
+++ b/web_src/css/editor/combomarkdowneditor.css
@@ -11,6 +11,18 @@
   flex-wrap: wrap;
 }
 
+.markdown-toolbar-switch {
+  display: flex;
+  height: 30px;
+}
+.markdown-toolbar-switch .switch .item {
+  padding: 0.25em 1em;
+}
+
+.markdown-toolbar-hidden .markdown-toolbar-button {
+  display: none;
+}
+
 .combo-markdown-editor .markdown-toolbar-group {
   display: flex;
 }
diff --git a/web_src/css/index.css b/web_src/css/index.css
index eec17eab13..0a5a0180aa 100644
--- a/web_src/css/index.css
+++ b/web_src/css/index.css
@@ -75,6 +75,7 @@
 @import "./explore.css";
 @import "./review.css";
 @import "./actions.css";
+@import "./migrate.css";
 
 @tailwind utilities;
 @import "./helpers.css";
diff --git a/web_src/css/markup/content.css b/web_src/css/markup/content.css
index 947480a7e8..6574d413fc 100644
--- a/web_src/css/markup/content.css
+++ b/web_src/css/markup/content.css
@@ -2,7 +2,7 @@
   overflow: hidden;
   font-size: 16px;
   line-height: 1.5 !important;
-  word-wrap: break-word;
+  overflow-wrap: anywhere;
 }
 
 .markup > *:first-child {
diff --git a/web_src/css/migrate.css b/web_src/css/migrate.css
new file mode 100644
index 0000000000..d5e909b42d
--- /dev/null
+++ b/web_src/css/migrate.css
@@ -0,0 +1,68 @@
+.migrate .svg.gitea-git {
+  --git-logo-color: #f05133;
+  color: var(--git-logo-color);
+}
+
+.migrate-entries {
+  display: grid;
+  /* Limited to 4 cols by 1280px container */
+  grid-template-columns: repeat(auto-fit, minmax(20rem, 1fr));
+  gap: 1.5rem;
+}
+
+.migrate-entry svg {
+  padding: 1.5rem;
+}
+
+.migrate-entry {
+  display: flex;
+  flex-direction: column;
+  color: var(--color-text);
+  background: var(--color-card);
+  border: 1px solid var(--fancy-card-border);
+  border-radius: var(--border-radius-large);
+  transition: all 0.1s ease-in-out;
+}
+
+.migrate-entry:hover {
+  transform: scale(105%);
+  box-shadow: 0 0.5rem 1rem var(--color-shadow);
+  color: var(--color-text);
+}
+
+.migrate-entry .content {
+  width: 100%;
+  margin-top: .5rem;
+  padding: 1rem;
+  flex: 1;
+}
+
+.migrate-entry .description {
+  margin-top: .5rem;
+  text-wrap: balance;
+}
+
+/* Desktop layout features */
+@media (min-width: 599.98px) {
+  .migrate-entry .content {
+    text-align: center;
+    border-top: 1px solid var(--fancy-card-border);
+    border-radius: 0 0 var(--border-radius-large) var(--border-radius-large);
+    background: var(--fancy-card-bg);
+  }
+}
+
+/* Mobile layout features */
+@media (max-width: 600px) {
+  .migrate-entries {
+    grid-template-columns: repeat(1, 1fr);
+  }
+  .migrate-entry {
+    flex-direction: row;
+  }
+  .migrate-entry svg {
+    height: 100%;
+    width: 100%;
+    max-width: 128px;
+  }
+}
diff --git a/web_src/css/modules/dimmer.css b/web_src/css/modules/dimmer.css
index 1d0bf83390..7ef4618a18 100644
--- a/web_src/css/modules/dimmer.css
+++ b/web_src/css/modules/dimmer.css
@@ -1,3 +1,7 @@
+body:has(> .ui.active.dimmer) {
+  overflow: hidden;
+}
+
 .ui.active.dimmer {
   display: flex;
   opacity: 1;
@@ -10,8 +14,9 @@
   display: none;
   flex-direction: column;
   height: 100%;
-  position: absolute;
+  position: fixed;
   opacity: 0;
+  transform-origin: center center;
   justify-content: center;
   user-select: none;
   width: 100%;
diff --git a/web_src/css/modules/switch.css b/web_src/css/modules/switch.css
index a9499a84aa..7780155787 100644
--- a/web_src/css/modules/switch.css
+++ b/web_src/css/modules/switch.css
@@ -11,6 +11,7 @@
 
 .switch .item {
   display: flex;
+  gap: 0.5rem;
   align-items: center;
   padding: .5em 1.125em;
   color: var(--color-text);
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index f498a992ed..80fd2be00d 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -2764,37 +2764,6 @@ tbody.commit-list {
   border-left: 1px solid var(--color-secondary);
 }
 
-.migrate-entries {
-  display: grid !important;
-  grid-template-columns: repeat(3, 1fr);
-  gap: 25px;
-  margin: 0 !important;
-}
-
-@media (max-width: 767.98px) {
-  .migrate-entries {
-    grid-template-columns: repeat(1, 1fr);
-  }
-}
-
-.migrate-entry {
-  transition: all 0.1s ease-in-out;
-  box-shadow: none !important;
-  border: 1px solid var(--color-secondary);
-  color: var(--color-text) !important;
-  width: auto !important;
-  margin: 0 !important;
-}
-
-.migrate-entry:hover {
-  transform: scale(105%);
-  box-shadow: 0 0.5rem 1rem var(--color-shadow) !important;
-}
-
-.migrate-entry .description {
-  text-wrap: balance;
-}
-
 .commits-table .commits-table-right form {
   display: flex;
   align-items: center;
diff --git a/web_src/css/repo/issue-list.css b/web_src/css/repo/issue-list.css
index 07ae5a5683..7f1b8c31cd 100644
--- a/web_src/css/repo/issue-list.css
+++ b/web_src/css/repo/issue-list.css
@@ -69,17 +69,17 @@
   }
 }
 
-#issue-list .flex-item-body .branches {
-  display: inline-flex;
+#issue-list .issue-meta {
+  gap: 0 0.5rem;
 }
 
-#issue-list .flex-item-body .branches .branch {
+#issue-list .issue-meta .branch {
   background-color: var(--color-secondary-alpha-50);
   border-radius: var(--border-radius);
   padding: 0 4px;
 }
 
-#issue-list .flex-item-body .branches .truncated-name {
+#issue-list .issue-meta .branch .truncated-name {
   white-space: nowrap;
   overflow: hidden;
   text-overflow: ellipsis;
@@ -88,18 +88,18 @@
   vertical-align: top;
 }
 
-#issue-list .flex-item-body .checklist progress {
+#issue-list .issue-meta .checklist progress {
   margin-left: 2px;
   width: 80px;
   height: 6px;
   display: inline-block;
 }
 
-#issue-list .flex-item-body .checklist progress::-webkit-progress-value {
+#issue-list .issue-meta .checklist progress::-webkit-progress-value {
   background-color: var(--color-secondary-dark-4);
 }
 
-#issue-list .flex-item-body .checklist progress::-moz-progress-bar {
+#issue-list .issue-meta .checklist progress::-moz-progress-bar {
   background-color: var(--color-secondary-dark-4);
 }
 
diff --git a/web_src/css/themes/theme-forgejo-dark.css b/web_src/css/themes/theme-forgejo-dark.css
index c9c538502d..b1b80510d4 100644
--- a/web_src/css/themes/theme-forgejo-dark.css
+++ b/web_src/css/themes/theme-forgejo-dark.css
@@ -196,7 +196,6 @@
   --color-orange-badge: #ea580c;
   --color-orange-badge-bg: #ea580c22;
   --color-orange-badge-hover-bg: #ea580c44;
-  --color-git: #f05133;
   /* Icon colors (PR/Issue/...) */
   --color-icon-green: #3fb950;
   --color-icon-red: #f85149;
@@ -228,6 +227,8 @@
   --color-active: var(--steel-650);
   --color-menu: var(--steel-700);
   --color-card: var(--steel-700);
+  --fancy-card-bg: var(--steel-650);
+  --fancy-card-border: var(--steel-600);
   --color-markup-table-row: #ffffff06;
   --color-markup-code-block: var(--steel-800);
   --color-markup-code-inline: var(--steel-850);
diff --git a/web_src/css/themes/theme-forgejo-light.css b/web_src/css/themes/theme-forgejo-light.css
index a5e4ffe050..277b52165f 100644
--- a/web_src/css/themes/theme-forgejo-light.css
+++ b/web_src/css/themes/theme-forgejo-light.css
@@ -212,7 +212,6 @@
   --color-orange-badge: #ea580c;
   --color-orange-badge-bg: #ea580c22;
   --color-orange-badge-hover-bg: #ea580c44;
-  --color-git: #f05133;
   /* Icon colors (PR/Issue/...) */
   --color-icon-green: var(--color-green-light);
   --color-icon-red: var(--color-red-light);
@@ -244,6 +243,8 @@
   --color-active: #d4d4d8aa;
   --color-menu: var(--zinc-100);
   --color-card: var(--zinc-50);
+  --fancy-card-bg: var(--zinc-100);
+  --fancy-card-border: var(--zinc-200);
   --color-markup-table-row: #ffffff06;
   --color-markup-code-block: var(--zinc-150);
   --color-markup-code-inline: var(--zinc-200);
diff --git a/web_src/css/themes/theme-gitea-dark.css b/web_src/css/themes/theme-gitea-dark.css
index 6ad6efe748..7ba428f0b7 100644
--- a/web_src/css/themes/theme-gitea-dark.css
+++ b/web_src/css/themes/theme-gitea-dark.css
@@ -179,7 +179,6 @@
   --color-orange-badge: #f2711c;
   --color-orange-badge-bg: #f2711c1a;
   --color-orange-badge-hover-bg: #f2711c4d;
-  --color-git: #f05133;
   /* Icon colors (PR/Issue/...) */
   --color-icon-green: var(--color-green);
   --color-icon-red: var(--color-red);
@@ -209,6 +208,8 @@
   --color-active: #e8e8ff24;
   --color-menu: #151a1e;
   --color-card: #151a1e;
+  --fancy-card-bg: #14171a;
+  --fancy-card-border: #3b444a;
   --color-markup-table-row: #e8e8ff0f;
   --color-markup-code-block: #e8e8ff12;
   --color-markup-code-inline: #e8e8ff28;
diff --git a/web_src/css/themes/theme-gitea-light.css b/web_src/css/themes/theme-gitea-light.css
index 830b96febe..8ad89f44a4 100644
--- a/web_src/css/themes/theme-gitea-light.css
+++ b/web_src/css/themes/theme-gitea-light.css
@@ -179,7 +179,6 @@
   --color-orange-badge: #f2711c;
   --color-orange-badge-bg: #f2711c1a;
   --color-orange-badge-hover-bg: #f2711c4d;
-  --color-git: #f05133;
   /* Icon colors (PR/Issue/...) */
   --color-icon-green: var(--color-green);
   --color-icon-red: var(--color-red);
@@ -209,6 +208,8 @@
   --color-active: #00001714;
   --color-menu: #f8f9fb;
   --color-card: #f8f9fb;
+  --fancy-card-bg: #ffffff;
+  --fancy-card-border: #d0d7de;
   --color-markup-table-row: #0030600a;
   --color-markup-code-block: #00306010;
   --color-markup-code-inline: #00306012;
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index 9d5ec0ca2a..72b04caf36 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -132,17 +132,17 @@
       }
     },
     "node_modules/@octokit/core": {
-      "version": "6.1.4",
-      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-6.1.4.tgz",
-      "integrity": "sha512-lAS9k7d6I0MPN+gb9bKDt7X8SdxknYqAMh44S5L+lNqIN2NuV8nvv3g8rPp7MuRxcOpxpUIATWprO0C34a8Qmg==",
+      "version": "6.1.5",
+      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-6.1.5.tgz",
+      "integrity": "sha512-vvmsN0r7rguA+FySiCsbaTTobSftpIDIpPW81trAmsv9TGxg3YCujAxRYp/Uy8xmDgYCzzgulG62H7KYUFmeIg==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
         "@octokit/auth-token": "^5.0.0",
-        "@octokit/graphql": "^8.1.2",
-        "@octokit/request": "^9.2.1",
-        "@octokit/request-error": "^6.1.7",
-        "@octokit/types": "^13.6.2",
+        "@octokit/graphql": "^8.2.2",
+        "@octokit/request": "^9.2.3",
+        "@octokit/request-error": "^6.1.8",
+        "@octokit/types": "^14.0.0",
         "before-after-hook": "^3.0.2",
         "universal-user-agent": "^7.0.0"
       },
@@ -161,13 +161,13 @@
       }
     },
     "node_modules/@octokit/core/node_modules/@octokit/endpoint": {
-      "version": "10.1.3",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-10.1.3.tgz",
-      "integrity": "sha512-nBRBMpKPhQUxCsQQeW+rCJ/OPSMcj3g0nfHn01zGYZXuNDvvXudF/TYY6APj5THlurerpFN4a/dQAIAaM6BYhA==",
+      "version": "10.1.4",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-10.1.4.tgz",
+      "integrity": "sha512-OlYOlZIsfEVZm5HCSR8aSg02T2lbUWOsCQoPKfTXJwDzcHQBrVBGdGXb89dv2Kw2ToZaRtudp8O3ZIYoaOjKlA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/types": "^13.6.2",
+        "@octokit/types": "^14.0.0",
         "universal-user-agent": "^7.0.2"
       },
       "engines": {
@@ -175,22 +175,22 @@
       }
     },
     "node_modules/@octokit/core/node_modules/@octokit/openapi-types": {
-      "version": "24.2.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-      "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
+      "version": "25.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.0.0.tgz",
+      "integrity": "sha512-FZvktFu7HfOIJf2BScLKIEYjDsw6RKc7rBJCdvCTfKsVnx2GEB/Nbzjr29DUdb7vQhlzS/j8qDzdditP0OC6aw==",
       "license": "MIT",
       "peer": true
     },
     "node_modules/@octokit/core/node_modules/@octokit/request": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-9.2.2.tgz",
-      "integrity": "sha512-dZl0ZHx6gOQGcffgm1/Sf6JfEpmh34v3Af2Uci02vzUYz6qEN6zepoRtmybWXIGXFIK8K9ylE3b+duCWqhArtg==",
+      "version": "9.2.3",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-9.2.3.tgz",
+      "integrity": "sha512-Ma+pZU8PXLOEYzsWf0cn/gY+ME57Wq8f49WTXA8FMHp2Ps9djKw//xYJ1je8Hm0pR2lU9FUGeJRWOtxq6olt4w==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/endpoint": "^10.1.3",
-        "@octokit/request-error": "^6.1.7",
-        "@octokit/types": "^13.6.2",
+        "@octokit/endpoint": "^10.1.4",
+        "@octokit/request-error": "^6.1.8",
+        "@octokit/types": "^14.0.0",
         "fast-content-type-parse": "^2.0.0",
         "universal-user-agent": "^7.0.2"
       },
@@ -199,26 +199,26 @@
       }
     },
     "node_modules/@octokit/core/node_modules/@octokit/request-error": {
-      "version": "6.1.7",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.7.tgz",
-      "integrity": "sha512-69NIppAwaauwZv6aOzb+VVLwt+0havz9GT5YplkeJv7fG7a40qpLt/yZKyiDxAhgz0EtgNdNcb96Z0u+Zyuy2g==",
+      "version": "6.1.8",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.8.tgz",
+      "integrity": "sha512-WEi/R0Jmq+IJKydWlKDmryPcmdYSVjL3ekaiEL1L9eo1sUnqMJ+grqmC9cjk7CA7+b2/T397tO5d8YLOH3qYpQ==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/types": "^13.6.2"
+        "@octokit/types": "^14.0.0"
       },
       "engines": {
         "node": ">= 18"
       }
     },
     "node_modules/@octokit/core/node_modules/@octokit/types": {
-      "version": "13.10.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-      "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.0.0.tgz",
+      "integrity": "sha512-VVmZP0lEhbo2O1pdq63gZFiGCKkm8PPp8AUOijlwPO6hojEVjspA0MWKP7E4hbvGxzFKNqKr6p0IYtOH/Wf/zA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/openapi-types": "^24.2.0"
+        "@octokit/openapi-types": "^25.0.0"
       }
     },
     "node_modules/@octokit/core/node_modules/before-after-hook": {
@@ -253,14 +253,14 @@
       "license": "ISC"
     },
     "node_modules/@octokit/graphql": {
-      "version": "8.2.1",
-      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-8.2.1.tgz",
-      "integrity": "sha512-n57hXtOoHrhwTWdvhVkdJHdhTv0JstjDbDRhJfwIRNfFqmSo1DaK/mD2syoNUoLCyqSjBpGAKOG0BuwF392slw==",
+      "version": "8.2.2",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-8.2.2.tgz",
+      "integrity": "sha512-Yi8hcoqsrXGdt0yObxbebHXFOiUA+2v3n53epuOg1QUgOB6c4XzvisBNVXJSl8RYA5KrDuSL2yq9Qmqe5N0ryA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/request": "^9.2.2",
-        "@octokit/types": "^13.8.0",
+        "@octokit/request": "^9.2.3",
+        "@octokit/types": "^14.0.0",
         "universal-user-agent": "^7.0.0"
       },
       "engines": {
@@ -268,13 +268,13 @@
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/endpoint": {
-      "version": "10.1.3",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-10.1.3.tgz",
-      "integrity": "sha512-nBRBMpKPhQUxCsQQeW+rCJ/OPSMcj3g0nfHn01zGYZXuNDvvXudF/TYY6APj5THlurerpFN4a/dQAIAaM6BYhA==",
+      "version": "10.1.4",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-10.1.4.tgz",
+      "integrity": "sha512-OlYOlZIsfEVZm5HCSR8aSg02T2lbUWOsCQoPKfTXJwDzcHQBrVBGdGXb89dv2Kw2ToZaRtudp8O3ZIYoaOjKlA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/types": "^13.6.2",
+        "@octokit/types": "^14.0.0",
         "universal-user-agent": "^7.0.2"
       },
       "engines": {
@@ -282,22 +282,22 @@
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/openapi-types": {
-      "version": "24.2.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-      "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
+      "version": "25.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.0.0.tgz",
+      "integrity": "sha512-FZvktFu7HfOIJf2BScLKIEYjDsw6RKc7rBJCdvCTfKsVnx2GEB/Nbzjr29DUdb7vQhlzS/j8qDzdditP0OC6aw==",
       "license": "MIT",
       "peer": true
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/request": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-9.2.2.tgz",
-      "integrity": "sha512-dZl0ZHx6gOQGcffgm1/Sf6JfEpmh34v3Af2Uci02vzUYz6qEN6zepoRtmybWXIGXFIK8K9ylE3b+duCWqhArtg==",
+      "version": "9.2.3",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-9.2.3.tgz",
+      "integrity": "sha512-Ma+pZU8PXLOEYzsWf0cn/gY+ME57Wq8f49WTXA8FMHp2Ps9djKw//xYJ1je8Hm0pR2lU9FUGeJRWOtxq6olt4w==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/endpoint": "^10.1.3",
-        "@octokit/request-error": "^6.1.7",
-        "@octokit/types": "^13.6.2",
+        "@octokit/endpoint": "^10.1.4",
+        "@octokit/request-error": "^6.1.8",
+        "@octokit/types": "^14.0.0",
         "fast-content-type-parse": "^2.0.0",
         "universal-user-agent": "^7.0.2"
       },
@@ -306,26 +306,26 @@
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/request-error": {
-      "version": "6.1.7",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.7.tgz",
-      "integrity": "sha512-69NIppAwaauwZv6aOzb+VVLwt+0havz9GT5YplkeJv7fG7a40qpLt/yZKyiDxAhgz0EtgNdNcb96Z0u+Zyuy2g==",
+      "version": "6.1.8",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.8.tgz",
+      "integrity": "sha512-WEi/R0Jmq+IJKydWlKDmryPcmdYSVjL3ekaiEL1L9eo1sUnqMJ+grqmC9cjk7CA7+b2/T397tO5d8YLOH3qYpQ==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/types": "^13.6.2"
+        "@octokit/types": "^14.0.0"
       },
       "engines": {
         "node": ">= 18"
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/types": {
-      "version": "13.10.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-      "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.0.0.tgz",
+      "integrity": "sha512-VVmZP0lEhbo2O1pdq63gZFiGCKkm8PPp8AUOijlwPO6hojEVjspA0MWKP7E4hbvGxzFKNqKr6p0IYtOH/Wf/zA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@octokit/openapi-types": "^24.2.0"
+        "@octokit/openapi-types": "^25.0.0"
       }
     },
     "node_modules/@octokit/graphql/node_modules/universal-user-agent": {
@@ -494,12 +494,12 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "22.13.14",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.14.tgz",
-      "integrity": "sha512-Zs/Ollc1SJ8nKUAgc7ivOEdIBM8JAKgrqqUYi2J997JuKO7/tpQC+WCetQ1sypiKCQWHdvdg9wBNpUPEWZae7w==",
+      "version": "22.14.1",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.14.1.tgz",
+      "integrity": "sha512-u0HuPQwe/dHrItgHHpmw3N2fYCR6x4ivMNbPHRkBVP4CvN+kiRrKHWk3i8tXiO/joPwXLMYvF9TTF0eqgHIuOw==",
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~6.20.0"
+        "undici-types": "~6.21.0"
       }
     },
     "node_modules/@types/vinyl": {
@@ -1249,9 +1249,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001707",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001707.tgz",
-      "integrity": "sha512-3qtRjw/HQSMlDWf+X79N206fepf4SOOU6SQLMaq/0KkZLmSjPxAkBOQQ+FxbHKfHmYLZFfdWsO3KA90ceHPSnw==",
+      "version": "1.0.30001713",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001713.tgz",
+      "integrity": "sha512-wCIWIg+A4Xr7NfhTuHdX+/FKh3+Op3LBbSp2N5Pfx6T/LhdQy3GTyoTg48BReaW/MyMNZAkTadsBtai3ldWK0Q==",
       "funding": [
         {
           "type": "opencollective",
@@ -2005,9 +2005,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.128",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.128.tgz",
-      "integrity": "sha512-bo1A4HH/NS522Ws0QNFIzyPcyUUNV/yyy70Ho1xqfGYzPUme2F/xr4tlEOuM6/A538U1vDA7a4XfCd1CKRegKQ==",
+      "version": "1.5.136",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.136.tgz",
+      "integrity": "sha512-kL4+wUTD7RSA5FHx5YwWtjDnEEkIIikFgWHR4P6fqjw1PPLlqYkxeOb++wAauAssat0YClCy8Y3C5SxgSkjibQ==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -8226,9 +8226,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "6.20.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz",
-      "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==",
+      "version": "6.21.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
+      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
       "license": "MIT"
     },
     "node_modules/union-value": {
diff --git a/web_src/js/components/RepoBranchTagSelector.vue b/web_src/js/components/RepoBranchTagSelector.vue
index 12ff564aa7..81b1244328 100644
--- a/web_src/js/components/RepoBranchTagSelector.vue
+++ b/web_src/js/components/RepoBranchTagSelector.vue
@@ -54,12 +54,12 @@ const sfc = {
     if (this.viewType === 'tree') {
       this.isViewTree = true;
       this.refNameText = this.commitIdShort;
-    } else if (this.viewType === 'tag') {
-      this.isViewTag = true;
-      this.refNameText = this.tagName;
-    } else {
+    } else if (this.viewType === 'branch') {
       this.isViewBranch = true;
       this.refNameText = this.branchName;
+    } else {
+      this.isViewTag = true;
+      this.refNameText = this.tagName;
     }
 
     document.body.addEventListener('click', (event) => {
@@ -252,7 +252,8 @@ export default sfc; // activate IDE's Vue plugin
         <template v-if="release">{{ textReleaseCompare }}</template>
         <template v-else>
           <svg-icon v-if="isViewTag" name="octicon-tag"/>
-          <svg-icon v-else name="octicon-git-branch"/>
+          <svg-icon v-else-if="isViewBranch" name="octicon-git-branch"/>
+          <svg-icon v-else name="octicon-git-commit"/>
           <strong ref="dropdownRefName" class="tw-ml-2 tw-inline-block gt-ellipsis">{{ refNameText }}</strong>
         </template>
       </span>
diff --git a/web_src/js/features/admin/common.js b/web_src/js/features/admin/common.js
index b46f4f8a74..76cf4e57f7 100644
--- a/web_src/js/features/admin/common.js
+++ b/web_src/js/features/admin/common.js
@@ -199,7 +199,7 @@ export function initAdminCommon() {
     }
   }
 
-  if (document.querySelector('.admin.authentication')) {
+  if (document.querySelector('.admin.edit.authentication, .admin.new.authentication')) {
     const authNameEl = document.getElementById('auth_name');
     authNameEl.addEventListener('input', (el) => {
       // appSubUrl is either empty or is a path that starts with `/` and doesn't have a trailing slash.
diff --git a/web_src/js/features/comp/ComboMarkdownEditor.js b/web_src/js/features/comp/ComboMarkdownEditor.js
index efd068f354..53c6b85728 100644
--- a/web_src/js/features/comp/ComboMarkdownEditor.js
+++ b/web_src/js/features/comp/ComboMarkdownEditor.js
@@ -151,7 +151,7 @@ class ComboMarkdownEditor {
 
   setupTab() {
     const $container = $(this.container);
-    const tabs = $container[0].querySelectorAll('.tabular.menu > .item');
+    const tabs = $container[0].querySelectorAll('.switch > .item');
 
     // Fomantic Tab requires the "data-tab" to be globally unique.
     // So here it uses our defined "data-tab-for" and "data-tab-panel" to generate the "data-tab" attribute for Fomantic.
@@ -159,12 +159,14 @@ class ComboMarkdownEditor {
     const tabPreviewer = Array.from(tabs).find((tab) => tab.getAttribute('data-tab-for') === 'markdown-previewer');
     tabEditor.setAttribute('data-tab', `markdown-writer-${elementIdCounter}`);
     tabPreviewer.setAttribute('data-tab', `markdown-previewer-${elementIdCounter}`);
+    const toolbar = $container[0].querySelector('markdown-toolbar');
     const panelEditor = $container[0].querySelector('.ui.tab[data-tab-panel="markdown-writer"]');
     const panelPreviewer = $container[0].querySelector('.ui.tab[data-tab-panel="markdown-previewer"]');
     panelEditor.setAttribute('data-tab', `markdown-writer-${elementIdCounter}`);
     panelPreviewer.setAttribute('data-tab', `markdown-previewer-${elementIdCounter}`);
 
     tabEditor.addEventListener('click', () => {
+      toolbar.classList.remove('markdown-toolbar-hidden');
       requestAnimationFrame(() => {
         this.focus();
       });
@@ -177,6 +179,7 @@ class ComboMarkdownEditor {
     this.previewMode = this.options.previewMode ?? 'comment';
     this.previewWiki = this.options.previewWiki ?? false;
     tabPreviewer.addEventListener('click', async () => {
+      toolbar.classList.add('markdown-toolbar-hidden');
       const formData = new FormData();
       formData.append('mode', this.previewMode);
       formData.append('context', this.previewContext);
diff --git a/web_src/js/features/repo-common.js b/web_src/js/features/repo-common.js
index 038336fc0d..f4fe2f40fd 100644
--- a/web_src/js/features/repo-common.js
+++ b/web_src/js/features/repo-common.js
@@ -58,7 +58,7 @@ export function initRepoCloneLink() {
 export function initRepoCommonBranchOrTagDropdown(selector) {
   $(selector).each(function () {
     const $dropdown = $(this);
-    $dropdown.find('.reference.column').on('click', function () {
+    $dropdown.find('.branch-tag-item').on('click', function () {
       hideElem($dropdown.find('.scrolling.reference-list-menu'));
       showElem($($(this).data('target')));
       return false;
diff --git a/web_src/js/features/repo-legacy.js b/web_src/js/features/repo-legacy.js
index c74ba1efbe..4c2ff50574 100644
--- a/web_src/js/features/repo-legacy.js
+++ b/web_src/js/features/repo-legacy.js
@@ -72,7 +72,7 @@ export function initRepoCommentForm() {
         $selectBranch.find('.ui .branch-name').text(selectedValue);
       }
     });
-    $selectBranch.find('.reference.column').on('click', function () {
+    $selectBranch.find('.branch-tag-item').on('click', function () {
       hideElem($selectBranch.find('.scrolling.reference-list-menu'));
       $selectBranch.find('.reference .text').removeClass('black');
       showElem($($(this).data('target')));
@@ -469,7 +469,7 @@ async function onEditContent(event) {
     editContentZone.querySelector('button[data-button-name="cancel-edit"]').addEventListener('click', cancelAndReset);
     editContentZone.querySelector('button[data-button-name="save-edit"]').addEventListener('click', saveAndRefresh);
   } else {
-    const tabEditor = editContentZone.querySelector('.combo-markdown-editor').querySelector('.tabular.menu > a[data-tab-for=markdown-writer]');
+    const tabEditor = editContentZone.querySelector('.combo-markdown-editor').querySelector('.switch > a[data-tab-for=markdown-writer]');
     tabEditor?.click();
   }
 
diff --git a/web_src/svg/gitea-forgejo.svg b/web_src/svg/gitea-forgejo.svg
index e00e5963cf..9daa1ff8f3 100644
--- a/web_src/svg/gitea-forgejo.svg
+++ b/web_src/svg/gitea-forgejo.svg
@@ -1,5 +1,5 @@
-<svg width="64" height="64" viewBox="0 0 256 256" xmlns="http://www.w3.org/2000/svg" class="forgejo-logo" aria-hidden="true">
-  <g transform="translate(28,28)">
+<svg width="64" height="64" viewBox="0 0 212 212" xmlns="http://www.w3.org/2000/svg" class="forgejo-logo" aria-hidden="true">
+  <g transform="translate(6,6)">
     <path d="M58 168 v-98 a50 50 0 0 1 50-50 h20" fill="none" stroke="#ff6600" stroke-width="25" />
     <path d="M58 168 v-30 a50 50 0 0 1 50-50 h20" fill="none" stroke="#d40000" stroke-width="25" />
     <circle cx="142" cy="20" r="18" fill="none" stroke="#ff6600" stroke-width="15" />
diff --git a/web_src/svg/gitea-git.svg b/web_src/svg/gitea-git.svg
index 8b8a7b5fed..b60f3818d1 100644
--- a/web_src/svg/gitea-git.svg
+++ b/web_src/svg/gitea-git.svg
@@ -1 +1,3 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48" width="64px" height="64px"><path d="M42.2,22.1L25.9,5.8C25.4,5.3,24.7,5,24,5c0,0,0,0,0,0c-0.7,0-1.4,0.3-1.9,0.8l-3.5,3.5l4.1,4.1c0.4-0.2,0.8-0.3,1.3-0.3c1.7,0,3,1.3,3,3c0,0.5-0.1,0.9-0.3,1.3l4,4c0.4-0.2,0.8-0.3,1.3-0.3c1.7,0,3,1.3,3,3s-1.3,3-3,3c-1.7,0-3-1.3-3-3c0-0.5,0.1-0.9,0.3-1.3l-4-4c-0.1,0-0.2,0.1-0.3,0.1v10.4c1.2,0.4,2,1.5,2,2.8c0,1.7-1.3,3-3,3s-3-1.3-3-3c0-1.3,0.8-2.4,2-2.8V18.8c-1.2-0.4-2-1.5-2-2.8c0-0.5,0.1-0.9,0.3-1.3l-4.1-4.1L5.8,22.1C5.3,22.6,5,23.3,5,24c0,0.7,0.3,1.4,0.8,1.9l16.3,16.3c0,0,0,0,0,0c0.5,0.5,1.2,0.8,1.9,0.8s1.4-0.3,1.9-0.8l16.3-16.3c0.5-0.5,0.8-1.2,0.8-1.9C43,23.3,42.7,22.6,42.2,22.1z"/></svg>
\ No newline at end of file
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48" width="50.667px" height="50.667px">
+	<path d="M 46.989474,21.6 26.399999,1.0105263 C 25.768421,0.3789474 24.884211,0 24,0 c 0,0 0,0 0,0 -0.884211,0 -1.768421,0.3789474 -2.400001,1.0105263 l -4.421052,4.4210527 5.178947,5.178947 C 22.863158,10.357895 23.368422,10.231579 24,10.231579 c 2.147368,0 3.789474,1.642105 3.789474,3.789474 0,0.631579 -0.126316,1.136842 -0.378947,1.642105 l 5.052631,5.052632 c 0.505264,-0.252632 1.010526,-0.378948 1.642106,-0.378948 2.147368,0 3.789473,1.642105 3.789473,3.789474 0,2.147368 -1.642105,3.789474 -3.789473,3.789474 -2.14737,0 -3.789474,-1.642106 -3.789474,-3.789474 0,-0.631579 0.126316,-1.136842 0.378947,-1.642105 l -5.052631,-5.052632 c -0.126316,0 -0.252633,0.126316 -0.378947,0.126316 v 13.136842 c 1.515788,0.505263 2.526315,1.894737 2.526315,3.536842 0,2.147368 -1.642106,3.789474 -3.789474,3.789474 -2.147368,0 -3.789474,-1.642106 -3.789474,-3.789474 0,-1.642105 1.010527,-3.031579 2.526316,-3.536842 V 17.431579 c -1.515789,-0.505263 -2.526316,-1.894737 -2.526316,-3.536842 0,-0.631579 0.126316,-1.136842 0.378947,-1.642105 L 15.410526,7.073684 1.0105264,21.6 C 0.3789474,22.231579 0,23.11579 0,24 c 0,0.884211 0.3789474,1.768421 1.0105264,2.4 L 21.599999,46.989474 c 0,0 0,0 0,0 C 22.231579,47.621053 23.115789,48 24,48 c 0.884211,0 1.768421,-0.378947 2.399999,-1.010526 L 46.989474,26.4 C 47.621053,25.768421 48,24.884211 48,24 48,23.11579 47.621053,22.231579 46.989474,21.6 Z" />
+</svg>
\ No newline at end of file
diff --git a/web_src/svg/gitea-gogs.svg b/web_src/svg/gitea-gogs.svg
index 7c4d5c23a3..2b0aeb7dea 100644
--- a/web_src/svg/gitea-gogs.svg
+++ b/web_src/svg/gitea-gogs.svg
@@ -1,19 +1,19 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   width="67.73333mm"
-   height="67.73333mm"
-   viewBox="0 0 67.73333 67.73333"
+   width="64mm"
+   height="64mm"
+   viewBox="0 0 67.724868 67.724868"
    version="1.1"
    id="svg8"
-   inkscape:version="1.0.2 (e86c870879, 2021-01-15)"
-   sodipodi:docname="gitea-gogs.svg">
+   inkscape:version="1.4 (e7c3feb100, 2024-10-09)"
+   sodipodi:docname="gitea-gogs.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:dc="http://purl.org/dc/elements/1.1/">
   <defs
      id="defs2" />
   <sodipodi:namedview
@@ -24,17 +24,20 @@
      inkscape:pageopacity="0.0"
      inkscape:pageshadow="2"
      inkscape:zoom="2.4352161"
-     inkscape:cx="145.15203"
-     inkscape:cy="129.56614"
+     inkscape:cx="122.57639"
+     inkscape:cy="137.97543"
      inkscape:document-units="mm"
      inkscape:current-layer="layer3"
      inkscape:document-rotation="0"
      showgrid="false"
-     inkscape:window-width="1920"
-     inkscape:window-height="1006"
-     inkscape:window-x="1200"
-     inkscape:window-y="444"
-     inkscape:window-maximized="1" />
+     inkscape:window-width="2327"
+     inkscape:window-height="1238"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:showpageshadow="2"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1" />
   <metadata
      id="metadata5">
     <rdf:RDF>
@@ -43,7 +46,6 @@
         <dc:format>image/svg+xml</dc:format>
         <dc:type
            rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title></dc:title>
       </cc:Work>
     </rdf:RDF>
   </metadata>
@@ -53,8 +55,8 @@
      inkscape:label="Layer 3"
      style="display:inline">
     <path
-       style="display:inline;fill:#d75547;fill-opacity:1;fill-rule:evenodd;stroke:#428f29;stroke-width:0.0190672;paint-order:markers fill stroke"
-       d="M 28.763808,62.186078 C 28.552224,62.156588 28.3282,62.079645 28.265977,62.01509 28.123377,61.867145 27.941284,61.235718 27.375971,58.928893 27.128273,57.918138 26.870167,56.952588 26.8024,56.783223 26.653428,56.410912 26.321729,56.197407 24.664484,55.407125 22.815394,54.525354 20.800132,53.303558 19.034519,51.99383 l -0.753641,-0.55905 -2.322335,0.678345 c -1.277286,0.37309 -2.657942,0.75099 -3.068125,0.839774 l -0.745787,0.161424 -0.351437,-0.536616 C 10.841488,51.124528 8.2297585,46.620395 7.1670955,44.599636 L 6.6102577,43.540752 7.0934858,42.948695 c 0.2657754,-0.325634 1.2926661,-1.41771 2.2819797,-2.426837 l 1.7987515,-1.834779 -0.180416,-1.038637 c -0.160803,-0.925735 -0.180684,-1.319661 -0.182886,-3.623976 -0.002,-2.082515 0.02593,-2.77882 0.143552,-3.580102 L 11.100491,29.449609 9.0366642,27.414662 C 7.5050421,25.904473 6.9326263,25.287565 6.8169034,25.02237 6.6626002,24.668764 6.6626297,24.660735 6.8197249,24.254845 7.2963868,23.023252 11.239804,16.273894 12.005659,15.378857 l 0.257067,-0.300427 0.484759,0.125942 c 0.266618,0.06927 1.585016,0.43706 2.929773,0.817315 l 2.445013,0.691373 0.429771,-0.260466 c 0.236371,-0.143253 0.844892,-0.564341 1.352266,-0.935741 1.30433,-0.954784 2.690014,-1.762213 4.707543,-2.74306 1.87475,-0.911433 1.838916,-0.883043 2.124645,-1.683256 0.06563,-0.1838 0.336217,-1.1703787 0.601305,-2.1923981 0.26509,-1.0220196 0.573575,-2.1360624 0.685518,-2.4756513 0.17614,-0.5343091 0.23295,-0.623873 0.421984,-0.6652627 0.483669,-0.1058996 3.97054,-0.1502609 7.292057,-0.092772 l 3.518704,0.060902 0.430989,1.7479767 c 0.510047,2.0686117 0.909017,3.4804444 1.127722,3.9906574 0.174557,0.407221 0.0081,0.308631 2.593742,1.53554 1.3556,0.643225 2.654323,1.424602 4.307061,2.591347 0.702523,0.495943 1.33877,0.943783 1.413882,0.995202 0.109699,0.0751 0.502152,-0.01615 1.994813,-0.463793 1.022033,-0.306501 2.381778,-0.689488 3.021651,-0.85108 l 1.163411,-0.293805 0.145052,0.19205 c 0.93221,1.234241 5.324678,8.900157 5.324678,9.292846 0,0.333447 -0.488016,0.914807 -2.540796,3.02678 l -1.893181,1.947777 0.15824,0.960735 c 0.227755,1.382822 0.274355,3.126299 0.15827,5.921847 l -0.101763,2.450639 1.510118,1.495377 c 1.549811,1.534681 2.47101,2.550338 2.683271,2.958414 0.115947,0.22291 0.103768,0.264805 -0.328833,1.13109 -1.289906,2.583039 -4.510781,8.106197 -4.924647,8.444791 -0.229142,0.187467 -0.906252,0.05936 -3.361841,-0.636096 -1.264388,-0.358089 -2.427812,-0.66997 -2.585382,-0.693076 -0.254259,-0.03729 -0.377393,0.02128 -1.094426,0.520539 -2.75021,1.914888 -3.396183,2.301016 -5.615132,3.356412 -0.864328,0.4111 -1.586938,0.808234 -1.713456,0.94169 -0.279925,0.295269 -0.499881,1.010417 -1.141053,3.709893 l -0.508517,2.140988 -1.893589,0.04981 c -2.516342,0.0662 -8.338233,0.06367 -8.822539,-0.0038 z m 7.858077,-12.120535 c 2.091378,-0.388455 5.175143,-1.723813 6.867427,-2.973786 1.796481,-1.326945 4.757949,-4.883235 4.97652,-5.976082 0.04707,-0.23538 0.0195,-0.268126 -0.544626,-0.646577 -0.89966,-0.603557 -2.187787,-1.377201 -5.078243,-3.049968 -4.184205,-2.421491 -4.52345,-2.676285 -4.524118,-3.397889 -0.0011,-1.340016 -1.219035,-3.278179 -2.4241,-3.858035 -1.790528,-0.861573 -3.841611,-0.52172 -5.213619,0.863866 -0.315085,0.318202 -0.680808,0.789483 -0.82133,1.058382 -1.355657,2.59418 0.09164,5.558218 3.005202,6.154597 0.886416,0.181439 1.72976,0.07365 2.913276,-0.372328 l 0.879991,-0.331607 2.02184,1.158352 c 2.672299,1.531012 3.61875,2.12207 4.1007,2.560884 0.340094,0.309652 0.391458,0.394601 0.346398,0.57285 -0.0768,0.303803 -0.673843,1.002125 -1.394132,1.630629 -1.608465,1.403495 -3.352982,2.265892 -5.547142,2.742214 -1.178042,0.255735 -3.523379,0.256058 -4.699639,6.79e-4 -1.211182,-0.262989 -1.987409,-0.533958 -3.06492,-1.06991 -3.757271,-1.868855 -6.310115,-5.470633 -6.829909,-9.636234 -0.156607,-1.255046 -0.06748,-3.197221 0.200967,-4.379595 1.024517,-4.512371 4.409288,-7.971423 8.971948,-9.168835 1.368354,-0.359109 1.98948,-0.43042 3.32699,-0.381966 1.261093,0.04568 1.953923,0.167871 3.540434,0.624377 0.565292,0.162659 1.094549,0.260446 1.454278,0.268701 0.495297,0.01136 0.620752,-0.01798 1.009916,-0.236201 1.079693,-0.605431 1.3594,-1.855128 0.602683,-2.692712 -1.317562,-1.458359 -6.682213,-2.214558 -10.373764,-1.462279 -2.483279,0.506053 -5.053495,1.805105 -6.993517,3.534699 -2.575021,2.295712 -4.259712,4.711906 -5.127071,7.353271 -0.924677,2.815913 -1.025226,6.141317 -0.275431,9.109059 0.774038,3.063694 2.549965,5.963534 4.958139,8.095943 2.441521,2.161939 5.76675,3.672334 8.927653,4.055148 1.089179,0.13191 3.734827,0.04956 4.807199,-0.149613 z"
+       style="display:inline;fill:#d75547;fill-opacity:1;fill-rule:evenodd;stroke:#428f29;stroke-width:0.0190659;paint-order:markers fill stroke"
+       d="m 27.943159,67.65302 c -0.253104,-0.03528 -0.521089,-0.127319 -0.595523,-0.204541 -0.170583,-0.176978 -0.388409,-0.932313 -1.064657,-3.69182 -0.296305,-1.209101 -0.60506,-2.364126 -0.686126,-2.566727 -0.178205,-0.445372 -0.574995,-0.700774 -2.557451,-1.646137 -2.211948,-1.054807 -4.622676,-2.516363 -6.734766,-4.083106 l -0.901532,-0.668755 -2.778061,0.81146 c -1.527934,0.446304 -3.1795254,0.898361 -3.6702011,1.004568 l -0.8921367,0.1931 -0.4204017,-0.641919 C 6.503839,54.420798 3.3795946,49.032794 2.1083992,46.61549 L 1.4422899,45.348815 2.0203446,44.640574 C 2.3382746,44.25104 3.566678,42.94466 4.7501303,41.737505 L 6.9018612,39.542677 6.6860413,38.300222 C 6.4936827,37.192826 6.4699004,36.721598 6.4672666,33.965093 c -0.0024,-2.491179 0.031018,-3.324124 0.171722,-4.282646 L 6.8136674,28.492485 4.3448441,26.058209 C 2.512663,24.251667 1.8279188,23.5137 1.6894868,23.196464 1.5049038,22.773468 1.5049391,22.763863 1.692862,22.278323 2.2630621,20.805047 6.9803188,12.731224 7.8964618,11.660549 l 0.3075125,-0.359381 0.5798865,0.150655 c 0.3189377,0.08286 1.8960532,0.522828 3.5047002,0.977702 l 2.924811,0.827045 0.514108,-0.311579 c 0.282756,-0.171364 1.01069,-0.675085 1.617629,-1.119367 1.560286,-1.142146 3.217891,-2.1080228 5.631331,-3.2813469 2.242643,-1.0902889 2.199778,-1.0563282 2.541577,-2.0135714 0.0785,-0.2198676 0.402195,-1.4000482 0.719302,-2.6226247 0.31711,-1.2225764 0.686131,-2.5552343 0.820041,-2.96146271 0.210706,-0.63915956 0.278663,-0.74629918 0.504792,-0.79581102 0.578583,-0.12668086 4.749702,-0.17974745 8.72302,-0.11097715 l 4.209199,0.07285291 0.515565,2.09099227 c 0.610136,2.4745478 1.087398,4.1634318 1.349022,4.7737672 0.20881,0.487132 0.0097,0.3691952 3.102726,1.8368677 1.621618,0.7694493 3.175196,1.7041608 5.15226,3.0998638 0.840384,0.593265 1.601485,1.128986 1.691337,1.190496 0.131226,0.08983 0.600692,-0.01932 2.386266,-0.554806 1.222593,-0.366648 2.849169,-0.82479 3.614607,-1.018092 l 1.391714,-0.351461 0.173517,0.229738 c 1.115143,1.476443 6.36957,10.646686 6.36957,11.116435 0,0.398881 -0.583782,1.094324 -3.039391,3.620742 l -2.264691,2.33 0.189292,1.149266 c 0.272449,1.654181 0.328193,3.739791 0.189329,7.083925 l -0.121733,2.931542 1.806457,1.788824 c 1.85394,1.835839 2.955911,3.050805 3.209825,3.53896 0.138699,0.266653 0.12413,0.316769 -0.393361,1.35305 -1.543033,3.089924 -5.395959,9.696923 -5.89104,10.101962 -0.274108,0.224254 -1.08409,0.071 -4.021554,-0.760921 -1.512507,-0.428359 -2.904235,-0.801442 -3.092726,-0.829082 -0.304154,-0.04461 -0.451452,0.02546 -1.309192,0.622687 -3.2899,2.290657 -4.062636,2.752557 -6.717022,4.01506 -1.033939,0.491772 -1.898352,0.966838 -2.049698,1.126483 -0.334855,0.353211 -0.597975,1.208697 -1.364967,4.437907 l -0.608307,2.561126 -2.265179,0.05959 c -3.010138,0.07919 -9.974492,0.07617 -10.553837,-0.0045 z m 9.400113,-14.499017 c 2.501781,-0.464684 6.190692,-2.062087 8.215062,-3.55735 2.149015,-1.587338 5.691629,-5.8415 5.953092,-7.148802 0.05631,-0.28157 0.02333,-0.320742 -0.651502,-0.773458 -1.076206,-0.721997 -2.617109,-1.647457 -6.074776,-3.648482 -5.005295,-2.896673 -5.411113,-3.201467 -5.411912,-4.064676 -0.0013,-1.602975 -1.458253,-3.921475 -2.899794,-4.615119 -2.141895,-1.030644 -4.595473,-0.6241 -6.236718,1.033387 -0.376916,0.380645 -0.814407,0.944408 -0.982504,1.266075 -1.621686,3.10325 0.109622,6.648939 3.59493,7.362349 1.060362,0.217044 2.0692,0.0881 3.484964,-0.445392 l 1.052677,-0.39668 2.418598,1.385662 c 3.196699,1.831451 4.328878,2.538496 4.905404,3.063421 0.406832,0.370416 0.468276,0.472035 0.414374,0.685263 -0.09187,0.36342 -0.806076,1.198778 -1.667711,1.950617 -1.924104,1.678911 -4.010957,2.710541 -6.63569,3.280334 -1.409216,0.305919 -4.214792,0.306306 -5.621876,8.13e-4 -1.44886,-0.314597 -2.37741,-0.63874 -3.666367,-1.279865 -4.494582,-2.235591 -7.548385,-6.544167 -8.170181,-11.527208 -0.187339,-1.501331 -0.08072,-3.82463 0.240404,-5.239028 1.225563,-5.397859 5.274548,-9.535701 10.732564,-10.968088 1.636875,-0.429579 2.379888,-0.514884 3.979865,-0.456921 1.508564,0.05465 2.337352,0.200813 4.235194,0.746902 0.676222,0.194578 1.309338,0.311554 1.739659,0.321429 0.592492,0.01359 0.742566,-0.02151 1.208098,-0.282552 1.291567,-0.724238 1.626162,-2.21917 0.72095,-3.221118 -1.576114,-1.744541 -7.993501,-2.649134 -12.409467,-1.749231 -2.970586,0.605359 -6.045171,2.159331 -8.365895,4.228334 -3.080333,2.746212 -5.09562,5.63655 -6.133185,8.796246 -1.106132,3.368495 -1.226413,7.346462 -0.329481,10.896582 0.925932,3.6649 3.05036,7.133792 5.931103,9.684656 2.920634,2.586189 6.898393,4.392977 10.679578,4.850913 1.302915,0.157795 4.467734,0.05929 5.750543,-0.178972 z"
        id="path851" />
   </g>
 </svg>