From d727757cfb3eb84e58f613fb0898047d87ff1d8f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 26 Sep 2024 08:03:00 +0000 Subject: [PATCH 001/166] Update dependency monaco-editor to v0.51.0 --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7dd1cba03a..7a537c3fc0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -33,7 +33,7 @@ "mermaid": "11.2.1", "mini-css-extract-plugin": "2.9.1", "minimatch": "10.0.1", - "monaco-editor": "0.50.0", + "monaco-editor": "0.51.0", "monaco-editor-webpack-plugin": "7.1.0", "pdfobject": "2.3.0", "postcss": "8.4.47", @@ -12114,9 +12114,9 @@ } }, "node_modules/monaco-editor": { - "version": "0.50.0", - "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.50.0.tgz", - "integrity": "sha512-8CclLCmrRRh+sul7C08BmPBP3P8wVWfBHomsTcndxg5NRCEPfu/mc2AGU8k37ajjDVXcXFc12ORAMUkmk+lkFA==", + "version": "0.51.0", + "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.51.0.tgz", + "integrity": "sha512-xaGwVV1fq343cM7aOYB6lVE4Ugf0UyimdD/x5PWcWBMKENwectaEu77FAN7c5sFiyumqeJdX1RPTh1ocioyDjw==", "license": "MIT" }, "node_modules/monaco-editor-webpack-plugin": { diff --git a/package.json b/package.json index 12c6a05c12..085d10dfca 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "mermaid": "11.2.1", "mini-css-extract-plugin": "2.9.1", "minimatch": "10.0.1", - "monaco-editor": "0.50.0", + "monaco-editor": "0.51.0", "monaco-editor-webpack-plugin": "7.1.0", "pdfobject": "2.3.0", "postcss": "8.4.47", From 300e01f7337e7999870444b682f8036b1b6cd71e Mon Sep 17 00:00:00 2001 From: Zettat123 Date: Sun, 15 Sep 2024 00:40:36 +0800 Subject: [PATCH 002/166] Check if the `due_date` is nil when editing issues (#32035) (cherry picked from commit 3a51c37672d2fbad1f222922e75ce704d5a1ac71) (cherry picked from commit 961766744bb5b7bf138cb508c8f9afe69622d514) --- routers/api/v1/repo/issue.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go index afcfbc00e3..22779e38d2 100644 --- a/routers/api/v1/repo/issue.go +++ b/routers/api/v1/repo/issue.go @@ -839,10 +839,16 @@ func EditIssue(ctx *context.APIContext) { if (form.Deadline != nil || form.RemoveDeadline != nil) && canWrite { var deadlineUnix timeutil.TimeStamp - if (form.RemoveDeadline == nil || !*form.RemoveDeadline) && !form.Deadline.IsZero() { - deadline := time.Date(form.Deadline.Year(), form.Deadline.Month(), form.Deadline.Day(), - 23, 59, 59, 0, form.Deadline.Location()) - deadlineUnix = timeutil.TimeStamp(deadline.Unix()) + if form.RemoveDeadline == nil || !*form.RemoveDeadline { + if form.Deadline == nil { + ctx.Error(http.StatusBadRequest, "", "The due_date cannot be empty") + return + } + if !form.Deadline.IsZero() { + deadline := time.Date(form.Deadline.Year(), form.Deadline.Month(), form.Deadline.Day(), + 23, 59, 59, 0, form.Deadline.Location()) + deadlineUnix = timeutil.TimeStamp(deadline.Unix()) + } } if err := issues_model.UpdateIssueDeadline(ctx, issue, deadlineUnix, ctx.Doer); err != nil { From 232179aa3d25a554c8acdac29d13c3d82d14da92 Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Mon, 16 Sep 2024 23:10:33 +0200 Subject: [PATCH 003/166] Do not escape relative path in RPM primary index (#32038) Fixes #32021 Do not escape the relative path. (cherry picked from commit f528df944bb9436afcb9272add2ee0cccefbdb55) (cherry picked from commit 0cafec4c7a2faf810953e9d522faf5dc019e1522) --- services/packages/rpm/repository.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/services/packages/rpm/repository.go b/services/packages/rpm/repository.go index 8a2db8670f..2cea04212a 100644 --- a/services/packages/rpm/repository.go +++ b/services/packages/rpm/repository.go @@ -13,7 +13,6 @@ import ( "errors" "fmt" "io" - "net/url" "strings" "time" @@ -440,7 +439,7 @@ func buildPrimary(ctx context.Context, pv *packages_model.PackageVersion, pfs [] Archive: pd.FileMetadata.ArchiveSize, }, Location: Location{ - Href: fmt.Sprintf("package/%s/%s/%s/%s", url.PathEscape(pd.Package.Name), url.PathEscape(packageVersion), url.PathEscape(pd.FileMetadata.Architecture), url.PathEscape(fmt.Sprintf("%s-%s.%s.rpm", pd.Package.Name, packageVersion, pd.FileMetadata.Architecture))), + Href: fmt.Sprintf("package/%s/%s/%s/%s-%s.%s.rpm", pd.Package.Name, packageVersion, pd.FileMetadata.Architecture, pd.Package.Name, packageVersion, pd.FileMetadata.Architecture), }, Format: Format{ License: pd.VersionMetadata.License, From 84718e7b17a2b16e382d69528441a6ce1d4959a9 Mon Sep 17 00:00:00 2001 From: hiifong Date: Wed, 18 Sep 2024 03:02:48 +0800 Subject: [PATCH 004/166] Lazy load avatar images (#32051) (cherry picked from commit f38e1014483b84f4541ffb354cd5dfdd7e000e2c) (cherry picked from commit 9d5f409a5a0ac784523cc94a6011f8c8a41d5a95) --- modules/templates/util_avatar.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/templates/util_avatar.go b/modules/templates/util_avatar.go index 85832cf264..afc1091516 100644 --- a/modules/templates/util_avatar.go +++ b/modules/templates/util_avatar.go @@ -34,7 +34,7 @@ func AvatarHTML(src string, size int, class, name string) template.HTML { name = "avatar" } - return template.HTML(``) + return template.HTML(``) } // Avatar renders user avatars. args: user, size (int), class (string) From 1a8f1482af1a2ce6db834914edfcf00f8dfb0683 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sun, 22 Sep 2024 09:28:20 +0200 Subject: [PATCH 005/166] feat: add IfZero utility function (cherry picked from commit 43de021ac1ca017212ec75fd88a8a80a9db27c4c) (cherry picked from commit 1bdf334844f398d0a2adafc4499cef15f95df6d8) --- modules/util/util.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/util/util.go b/modules/util/util.go index 0444680228..dcd7cf4f29 100644 --- a/modules/util/util.go +++ b/modules/util/util.go @@ -225,6 +225,15 @@ func Iif[T any](condition bool, trueVal, falseVal T) T { return falseVal } +// IfZero returns "def" if "v" is a zero value, otherwise "v" +func IfZero[T comparable](v, def T) T { + var zero T + if v == zero { + return def + } + return v +} + func ReserveLineBreakForTextarea(input string) string { // Since the content is from a form which is a textarea, the line endings are \r\n. // It's a standard behavior of HTML. From d26b7902ec03b3ae9454163a01b184d01d8217d0 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Wed, 18 Sep 2024 15:17:25 +0800 Subject: [PATCH 006/166] Refactor CSRF protector (#32057) Remove unused CSRF options, decouple "new csrf protector" and "prepare" logic, do not redirect to home page if CSRF validation falis (it shouldn't happen in daily usage, if it happens, redirecting to home doesn't help either but just makes the problem more complex for "fetch") (cherry picked from commit 1fede04b83288d8a91304a83b7601699bb5cba04) Conflicts: options/locale/locale_en-US.ini tests/integration/repo_branch_test.go trivial context conflicts (cherry picked from commit 1ae3b127fc74906f0722caf6486890cf32d23715) --- options/locale/locale_en-US.ini | 1 - routers/web/web.go | 2 + services/context/context.go | 6 +- services/context/csrf.go | 192 ++++++++------------------ tests/integration/attachment_test.go | 3 +- tests/integration/csrf_test.go | 26 +--- tests/integration/repo_branch_test.go | 12 +- 7 files changed, 71 insertions(+), 171 deletions(-) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 6b732fb121..61a820774d 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -231,7 +231,6 @@ string.desc = Z - A [error] occurred = An error occurred report_message = If you believe that this is a Forgejo bug, please search for issues on Codeberg or open a new issue if necessary. -invalid_csrf = Bad Request: invalid CSRF token not_found = The target couldn't be found. network_error = Network error server_internal = Internal server error diff --git a/routers/web/web.go b/routers/web/web.go index d174b4e251..39116b882d 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -132,6 +132,8 @@ func webAuth(authMethod auth_service.Method) func(*context.Context) { // ensure the session uid is deleted _ = ctx.Session.Delete("uid") } + + ctx.Csrf.PrepareForSessionUser(ctx) } } diff --git a/services/context/context.go b/services/context/context.go index c0819ab11e..91e7b1849d 100644 --- a/services/context/context.go +++ b/services/context/context.go @@ -127,10 +127,8 @@ func Contexter() func(next http.Handler) http.Handler { csrfOpts := CsrfOptions{ Secret: hex.EncodeToString(setting.GetGeneralTokenSigningSecret()), Cookie: setting.CSRFCookieName, - SetCookie: true, Secure: setting.SessionConfig.Secure, CookieHTTPOnly: setting.CSRFCookieHTTPOnly, - Header: "X-Csrf-Token", CookieDomain: setting.SessionConfig.Domain, CookiePath: setting.SessionConfig.CookiePath, SameSite: setting.SessionConfig.SameSite, @@ -156,7 +154,7 @@ func Contexter() func(next http.Handler) http.Handler { ctx.Base.AppendContextValue(WebContextKey, ctx) ctx.Base.AppendContextValueFunc(gitrepo.RepositoryContextKey, func() any { return ctx.Repo.GitRepo }) - ctx.Csrf = PrepareCSRFProtector(csrfOpts, ctx) + ctx.Csrf = NewCSRFProtector(csrfOpts) // Get the last flash message from cookie lastFlashCookie := middleware.GetSiteCookie(ctx.Req, CookieNameFlash) @@ -193,8 +191,6 @@ func Contexter() func(next http.Handler) http.Handler { ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions) ctx.Data["SystemConfig"] = setting.Config() - ctx.Data["CsrfToken"] = ctx.Csrf.GetToken() - ctx.Data["CsrfTokenHtml"] = template.HTML(``) // FIXME: do we really always need these setting? There should be someway to have to avoid having to always set these ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations diff --git a/services/context/csrf.go b/services/context/csrf.go index 57c55e6550..5890d53f42 100644 --- a/services/context/csrf.go +++ b/services/context/csrf.go @@ -20,64 +20,42 @@ package context import ( - "encoding/base32" - "fmt" + "html/template" "net/http" "strconv" "time" "code.gitea.io/gitea/modules/log" - "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/util" - "code.gitea.io/gitea/modules/web/middleware" +) + +const ( + CsrfHeaderName = "X-Csrf-Token" + CsrfFormName = "_csrf" ) // CSRFProtector represents a CSRF protector and is used to get the current token and validate the token. type CSRFProtector interface { - // GetHeaderName returns HTTP header to search for token. - GetHeaderName() string - // GetFormName returns form value to search for token. - GetFormName() string - // GetToken returns the token. - GetToken() string - // Validate validates the token in http context. + // PrepareForSessionUser prepares the csrf protector for the current session user. + PrepareForSessionUser(ctx *Context) + // Validate validates the csrf token in http context. Validate(ctx *Context) - // DeleteCookie deletes the cookie + // DeleteCookie deletes the csrf cookie DeleteCookie(ctx *Context) } type csrfProtector struct { opt CsrfOptions - // Token generated to pass via header, cookie, or hidden form value. - Token string - // This value must be unique per user. - ID string -} - -// GetHeaderName returns the name of the HTTP header for csrf token. -func (c *csrfProtector) GetHeaderName() string { - return c.opt.Header -} - -// GetFormName returns the name of the form value for csrf token. -func (c *csrfProtector) GetFormName() string { - return c.opt.Form -} - -// GetToken returns the current token. This is typically used -// to populate a hidden form in an HTML template. -func (c *csrfProtector) GetToken() string { - return c.Token + // id must be unique per user. + id string + // token is the valid one which wil be used by end user and passed via header, cookie, or hidden form value. + token string } // CsrfOptions maintains options to manage behavior of Generate. type CsrfOptions struct { // The global secret value used to generate Tokens. Secret string - // HTTP header used to set and get token. - Header string - // Form value used to set and get token. - Form string // Cookie value used to set and get token. Cookie string // Cookie domain. @@ -87,103 +65,64 @@ type CsrfOptions struct { CookieHTTPOnly bool // SameSite set the cookie SameSite type SameSite http.SameSite - // Key used for getting the unique ID per user. - SessionKey string - // oldSessionKey saves old value corresponding to SessionKey. - oldSessionKey string - // If true, send token via X-Csrf-Token header. - SetHeader bool - // If true, send token via _csrf cookie. - SetCookie bool // Set the Secure flag to true on the cookie. Secure bool - // Disallow Origin appear in request header. - Origin bool - // Cookie lifetime. Default is 0 - CookieLifeTime int + // sessionKey is the key used for getting the unique ID per user. + sessionKey string + // oldSessionKey saves old value corresponding to sessionKey. + oldSessionKey string } -func prepareDefaultCsrfOptions(opt CsrfOptions) CsrfOptions { - if opt.Secret == "" { - randBytes, err := util.CryptoRandomBytes(8) - if err != nil { - // this panic can be handled by the recover() in http handlers - panic(fmt.Errorf("failed to generate random bytes: %w", err)) - } - opt.Secret = base32.StdEncoding.EncodeToString(randBytes) - } - if opt.Header == "" { - opt.Header = "X-Csrf-Token" - } - if opt.Form == "" { - opt.Form = "_csrf" - } - if opt.Cookie == "" { - opt.Cookie = "_csrf" - } - if opt.CookiePath == "" { - opt.CookiePath = "/" - } - if opt.SessionKey == "" { - opt.SessionKey = "uid" - } - if opt.CookieLifeTime == 0 { - opt.CookieLifeTime = int(CsrfTokenTimeout.Seconds()) - } - - opt.oldSessionKey = "_old_" + opt.SessionKey - return opt -} - -func newCsrfCookie(c *csrfProtector, value string) *http.Cookie { +func newCsrfCookie(opt *CsrfOptions, value string) *http.Cookie { return &http.Cookie{ - Name: c.opt.Cookie, + Name: opt.Cookie, Value: value, - Path: c.opt.CookiePath, - Domain: c.opt.CookieDomain, - MaxAge: c.opt.CookieLifeTime, - Secure: c.opt.Secure, - HttpOnly: c.opt.CookieHTTPOnly, - SameSite: c.opt.SameSite, + Path: opt.CookiePath, + Domain: opt.CookieDomain, + MaxAge: int(CsrfTokenTimeout.Seconds()), + Secure: opt.Secure, + HttpOnly: opt.CookieHTTPOnly, + SameSite: opt.SameSite, } } -// PrepareCSRFProtector returns a CSRFProtector to be used for every request. -// Additionally, depending on options set, generated tokens will be sent via Header and/or Cookie. -func PrepareCSRFProtector(opt CsrfOptions, ctx *Context) CSRFProtector { - opt = prepareDefaultCsrfOptions(opt) - x := &csrfProtector{opt: opt} - - if opt.Origin && len(ctx.Req.Header.Get("Origin")) > 0 { - return x +func NewCSRFProtector(opt CsrfOptions) CSRFProtector { + if opt.Secret == "" { + panic("CSRF secret is empty but it must be set") // it shouldn't happen because it is always set in code } + opt.Cookie = util.IfZero(opt.Cookie, "_csrf") + opt.CookiePath = util.IfZero(opt.CookiePath, "/") + opt.sessionKey = "uid" + opt.oldSessionKey = "_old_" + opt.sessionKey + return &csrfProtector{opt: opt} +} - x.ID = "0" - uidAny := ctx.Session.Get(opt.SessionKey) - if uidAny != nil { +func (c *csrfProtector) PrepareForSessionUser(ctx *Context) { + c.id = "0" + if uidAny := ctx.Session.Get(c.opt.sessionKey); uidAny != nil { switch uidVal := uidAny.(type) { case string: - x.ID = uidVal + c.id = uidVal case int64: - x.ID = strconv.FormatInt(uidVal, 10) + c.id = strconv.FormatInt(uidVal, 10) default: log.Error("invalid uid type in session: %T", uidAny) } } - oldUID := ctx.Session.Get(opt.oldSessionKey) - uidChanged := oldUID == nil || oldUID.(string) != x.ID - cookieToken := ctx.GetSiteCookie(opt.Cookie) + oldUID := ctx.Session.Get(c.opt.oldSessionKey) + uidChanged := oldUID == nil || oldUID.(string) != c.id + cookieToken := ctx.GetSiteCookie(c.opt.Cookie) needsNew := true if uidChanged { - _ = ctx.Session.Set(opt.oldSessionKey, x.ID) + _ = ctx.Session.Set(c.opt.oldSessionKey, c.id) } else if cookieToken != "" { // If cookie token presents, reuse existing unexpired token, else generate a new one. if issueTime, ok := ParseCsrfToken(cookieToken); ok { dur := time.Since(issueTime) // issueTime is not a monotonic-clock, the server time may change a lot to an early time. if dur >= -CsrfTokenRegenerationInterval && dur <= CsrfTokenRegenerationInterval { - x.Token = cookieToken + c.token = cookieToken needsNew = false } } @@ -191,42 +130,33 @@ func PrepareCSRFProtector(opt CsrfOptions, ctx *Context) CSRFProtector { if needsNew { // FIXME: actionId. - x.Token = GenerateCsrfToken(x.opt.Secret, x.ID, "POST", time.Now()) - if opt.SetCookie { - cookie := newCsrfCookie(x, x.Token) - ctx.Resp.Header().Add("Set-Cookie", cookie.String()) - } + c.token = GenerateCsrfToken(c.opt.Secret, c.id, "POST", time.Now()) + cookie := newCsrfCookie(&c.opt, c.token) + ctx.Resp.Header().Add("Set-Cookie", cookie.String()) } - if opt.SetHeader { - ctx.Resp.Header().Add(opt.Header, x.Token) - } - return x + ctx.Data["CsrfToken"] = c.token + ctx.Data["CsrfTokenHtml"] = template.HTML(``) } func (c *csrfProtector) validateToken(ctx *Context, token string) { - if !ValidCsrfToken(token, c.opt.Secret, c.ID, "POST", time.Now()) { + if !ValidCsrfToken(token, c.opt.Secret, c.id, "POST", time.Now()) { c.DeleteCookie(ctx) - if middleware.IsAPIPath(ctx.Req) { - // currently, there should be no access to the APIPath with CSRF token. because templates shouldn't use the `/api/` endpoints. - http.Error(ctx.Resp, "Invalid CSRF token.", http.StatusBadRequest) - } else { - ctx.Flash.Error(ctx.Tr("error.invalid_csrf")) - ctx.Redirect(setting.AppSubURL + "/") - } + // currently, there should be no access to the APIPath with CSRF token. because templates shouldn't use the `/api/` endpoints. + // FIXME: distinguish what the response is for: HTML (web page) or JSON (fetch) + http.Error(ctx.Resp, "Invalid CSRF token.", http.StatusBadRequest) } } // Validate should be used as a per route middleware. It attempts to get a token from an "X-Csrf-Token" // HTTP header and then a "_csrf" form value. If one of these is found, the token will be validated. -// If this validation fails, custom Error is sent in the reply. -// If neither a header nor form value is found, http.StatusBadRequest is sent. +// If this validation fails, http.StatusBadRequest is sent. func (c *csrfProtector) Validate(ctx *Context) { - if token := ctx.Req.Header.Get(c.GetHeaderName()); token != "" { + if token := ctx.Req.Header.Get(CsrfHeaderName); token != "" { c.validateToken(ctx, token) return } - if token := ctx.Req.FormValue(c.GetFormName()); token != "" { + if token := ctx.Req.FormValue(CsrfFormName); token != "" { c.validateToken(ctx, token) return } @@ -234,9 +164,7 @@ func (c *csrfProtector) Validate(ctx *Context) { } func (c *csrfProtector) DeleteCookie(ctx *Context) { - if c.opt.SetCookie { - cookie := newCsrfCookie(c, "") - cookie.MaxAge = -1 - ctx.Resp.Header().Add("Set-Cookie", cookie.String()) - } + cookie := newCsrfCookie(&c.opt, "") + cookie.MaxAge = -1 + ctx.Resp.Header().Add("Set-Cookie", cookie.String()) } diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go index 95c9c9f753..7cbc2545d5 100644 --- a/tests/integration/attachment_test.go +++ b/tests/integration/attachment_test.go @@ -60,7 +60,8 @@ func createAttachment(t *testing.T, session *TestSession, repoURL, filename stri func TestCreateAnonymousAttachment(t *testing.T) { defer tests.PrepareTestEnv(t)() session := emptyTestSession(t) - createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusSeeOther) + // this test is not right because it just doesn't pass the CSRF validation + createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusBadRequest) } func TestCreateIssueAttachment(t *testing.T) { diff --git a/tests/integration/csrf_test.go b/tests/integration/csrf_test.go index a789859889..fcb9661b8a 100644 --- a/tests/integration/csrf_test.go +++ b/tests/integration/csrf_test.go @@ -5,12 +5,10 @@ package integration import ( "net/http" - "strings" "testing" "code.gitea.io/gitea/models/unittest" user_model "code.gitea.io/gitea/models/user" - "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/tests" "github.com/stretchr/testify/assert" @@ -25,28 +23,12 @@ func TestCsrfProtection(t *testing.T) { req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ "_csrf": "fake_csrf", }) - session.MakeRequest(t, req, http.StatusSeeOther) - - resp := session.MakeRequest(t, req, http.StatusSeeOther) - loc := resp.Header().Get("Location") - assert.Equal(t, setting.AppSubURL+"/", loc) - resp = session.MakeRequest(t, NewRequest(t, "GET", loc), http.StatusOK) - htmlDoc := NewHTMLParser(t, resp.Body) - assert.Equal(t, "Bad Request: invalid CSRF token", - strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()), - ) + resp := session.MakeRequest(t, req, http.StatusBadRequest) + assert.Contains(t, resp.Body.String(), "Invalid CSRF token") // test web form csrf via header. TODO: should use an UI api to test req = NewRequest(t, "POST", "/user/settings") req.Header.Add("X-Csrf-Token", "fake_csrf") - session.MakeRequest(t, req, http.StatusSeeOther) - - resp = session.MakeRequest(t, req, http.StatusSeeOther) - loc = resp.Header().Get("Location") - assert.Equal(t, setting.AppSubURL+"/", loc) - resp = session.MakeRequest(t, NewRequest(t, "GET", loc), http.StatusOK) - htmlDoc = NewHTMLParser(t, resp.Body) - assert.Equal(t, "Bad Request: invalid CSRF token", - strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()), - ) + resp = session.MakeRequest(t, req, http.StatusBadRequest) + assert.Contains(t, resp.Body.String(), "Invalid CSRF token") } diff --git a/tests/integration/repo_branch_test.go b/tests/integration/repo_branch_test.go index 2aa299479a..df9ea9a97c 100644 --- a/tests/integration/repo_branch_test.go +++ b/tests/integration/repo_branch_test.go @@ -18,7 +18,6 @@ import ( "code.gitea.io/gitea/models/unittest" "code.gitea.io/gitea/modules/git" "code.gitea.io/gitea/modules/graceful" - "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/test" "code.gitea.io/gitea/modules/translation" repo_service "code.gitea.io/gitea/services/repository" @@ -157,15 +156,8 @@ func TestCreateBranchInvalidCSRF(t *testing.T) { "_csrf": "fake_csrf", "new_branch_name": "test", }) - resp := session.MakeRequest(t, req, http.StatusSeeOther) - loc := resp.Header().Get("Location") - assert.Equal(t, setting.AppSubURL+"/", loc) - resp = session.MakeRequest(t, NewRequest(t, "GET", loc), http.StatusOK) - htmlDoc := NewHTMLParser(t, resp.Body) - assert.Equal(t, - "Bad Request: invalid CSRF token", - strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()), - ) + resp := session.MakeRequest(t, req, http.StatusBadRequest) + assert.Contains(t, resp.Body.String(), "Invalid CSRF token") } func TestDatabaseMissingABranch(t *testing.T) { From 5b6d8a303d3a6738657238983b75edf547ace0a3 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sun, 22 Sep 2024 12:57:03 +0200 Subject: [PATCH 007/166] Refactor CSRF protector (#32057) (fix forgejo tests) Fix the tests unique to Forgejo that are impacted by the refactor. (cherry picked from commit 6275d1bc5000a09793574696cb18cc5b5c4b07d6) --- services/context/csrf.go | 7 ++-- tests/integration/links_test.go | 24 +++++++++--- tests/integration/oauth_test.go | 66 ++++++++++++++++++--------------- 3 files changed, 59 insertions(+), 38 deletions(-) diff --git a/services/context/csrf.go b/services/context/csrf.go index 5890d53f42..e0518a499b 100644 --- a/services/context/csrf.go +++ b/services/context/csrf.go @@ -30,8 +30,9 @@ import ( ) const ( - CsrfHeaderName = "X-Csrf-Token" - CsrfFormName = "_csrf" + CsrfHeaderName = "X-Csrf-Token" + CsrfFormName = "_csrf" + CsrfErrorString = "Invalid CSRF token." ) // CSRFProtector represents a CSRF protector and is used to get the current token and validate the token. @@ -144,7 +145,7 @@ func (c *csrfProtector) validateToken(ctx *Context, token string) { c.DeleteCookie(ctx) // currently, there should be no access to the APIPath with CSRF token. because templates shouldn't use the `/api/` endpoints. // FIXME: distinguish what the response is for: HTML (web page) or JSON (fetch) - http.Error(ctx.Resp, "Invalid CSRF token.", http.StatusBadRequest) + http.Error(ctx.Resp, CsrfErrorString, http.StatusBadRequest) } } diff --git a/tests/integration/links_test.go b/tests/integration/links_test.go index 68d7008e02..e9ad933b24 100644 --- a/tests/integration/links_test.go +++ b/tests/integration/links_test.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/test" + forgejo_context "code.gitea.io/gitea/services/context" "code.gitea.io/gitea/tests" "github.com/stretchr/testify/assert" @@ -190,11 +191,6 @@ func TestRedirectsWebhooks(t *testing.T) { {from: "/user/settings/hooks/" + kind + "/new", to: "/user/login", verb: "GET"}, {from: "/admin/system-hooks/" + kind + "/new", to: "/user/login", verb: "GET"}, {from: "/admin/default-hooks/" + kind + "/new", to: "/user/login", verb: "GET"}, - {from: "/user2/repo1/settings/hooks/" + kind + "/new", to: "/", verb: "POST"}, - {from: "/admin/system-hooks/" + kind + "/new", to: "/", verb: "POST"}, - {from: "/admin/default-hooks/" + kind + "/new", to: "/", verb: "POST"}, - {from: "/user2/repo1/settings/hooks/1", to: "/", verb: "POST"}, - {from: "/admin/hooks/1", to: "/", verb: "POST"}, } for _, info := range redirects { req := NewRequest(t, info.verb, info.from) @@ -202,6 +198,24 @@ func TestRedirectsWebhooks(t *testing.T) { assert.EqualValues(t, path.Join(setting.AppSubURL, info.to), test.RedirectURL(resp), info.from) } } + + for _, kind := range []string{"forgejo", "gitea"} { + csrf := []struct { + from string + verb string + }{ + {from: "/user2/repo1/settings/hooks/" + kind + "/new", verb: "POST"}, + {from: "/admin/hooks/1", verb: "POST"}, + {from: "/admin/system-hooks/" + kind + "/new", verb: "POST"}, + {from: "/admin/default-hooks/" + kind + "/new", verb: "POST"}, + {from: "/user2/repo1/settings/hooks/1", verb: "POST"}, + } + for _, info := range csrf { + req := NewRequest(t, info.verb, info.from) + resp := MakeRequest(t, req, http.StatusBadRequest) + assert.Contains(t, resp.Body.String(), forgejo_context.CsrfErrorString) + } + } } func TestRepoLinks(t *testing.T) { diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go index 0d5e9a0472..f385b99e46 100644 --- a/tests/integration/oauth_test.go +++ b/tests/integration/oauth_test.go @@ -11,6 +11,7 @@ import ( "fmt" "io" "net/http" + "net/http/httptest" "net/url" "strings" "testing" @@ -24,6 +25,7 @@ import ( api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/test" "code.gitea.io/gitea/routers/web/auth" + forgejo_context "code.gitea.io/gitea/services/context" "code.gitea.io/gitea/tests" "github.com/markbates/goth" @@ -803,6 +805,16 @@ func TestOAuthIntrospection(t *testing.T) { }) } +func requireCookieCSRF(t *testing.T, resp http.ResponseWriter) string { + for _, c := range resp.(*httptest.ResponseRecorder).Result().Cookies() { + if c.Name == "_csrf" { + return c.Value + } + } + require.True(t, false, "_csrf not found in cookies") + return "" +} + func TestOAuth_GrantScopesReadUser(t *testing.T) { defer tests.PrepareTestEnv(t)() @@ -840,19 +852,18 @@ func TestOAuth_GrantScopesReadUser(t *testing.T) { authorizeResp := ctx.MakeRequest(t, authorizeReq, http.StatusSeeOther) authcode := strings.Split(strings.Split(authorizeResp.Body.String(), "?code=")[1], "&")[0] - htmlDoc := NewHTMLParser(t, authorizeResp.Body) grantReq := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{ - "_csrf": htmlDoc.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "client_id": app.ClientID, "redirect_uri": "a", "state": "thestate", "granted": "true", }) - grantResp := ctx.MakeRequest(t, grantReq, http.StatusSeeOther) - htmlDocGrant := NewHTMLParser(t, grantResp.Body) + grantResp := ctx.MakeRequest(t, grantReq, http.StatusBadRequest) + assert.NotContains(t, grantResp.Body.String(), forgejo_context.CsrfErrorString) accessTokenReq := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ - "_csrf": htmlDocGrant.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "grant_type": "authorization_code", "client_id": app.ClientID, "client_secret": app.ClientSecret, @@ -921,19 +932,18 @@ func TestOAuth_GrantScopesFailReadRepository(t *testing.T) { authorizeResp := ctx.MakeRequest(t, authorizeReq, http.StatusSeeOther) authcode := strings.Split(strings.Split(authorizeResp.Body.String(), "?code=")[1], "&")[0] - htmlDoc := NewHTMLParser(t, authorizeResp.Body) grantReq := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{ - "_csrf": htmlDoc.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "client_id": app.ClientID, "redirect_uri": "a", "state": "thestate", "granted": "true", }) - grantResp := ctx.MakeRequest(t, grantReq, http.StatusSeeOther) - htmlDocGrant := NewHTMLParser(t, grantResp.Body) + grantResp := ctx.MakeRequest(t, grantReq, http.StatusBadRequest) + assert.NotContains(t, grantResp.Body.String(), forgejo_context.CsrfErrorString) accessTokenReq := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ - "_csrf": htmlDocGrant.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "grant_type": "authorization_code", "client_id": app.ClientID, "client_secret": app.ClientSecret, @@ -1000,19 +1010,18 @@ func TestOAuth_GrantScopesReadRepository(t *testing.T) { authorizeResp := ctx.MakeRequest(t, authorizeReq, http.StatusSeeOther) authcode := strings.Split(strings.Split(authorizeResp.Body.String(), "?code=")[1], "&")[0] - htmlDoc := NewHTMLParser(t, authorizeResp.Body) grantReq := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{ - "_csrf": htmlDoc.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "client_id": app.ClientID, "redirect_uri": "a", "state": "thestate", "granted": "true", }) - grantResp := ctx.MakeRequest(t, grantReq, http.StatusSeeOther) - htmlDocGrant := NewHTMLParser(t, grantResp.Body) + grantResp := ctx.MakeRequest(t, grantReq, http.StatusBadRequest) + assert.NotContains(t, grantResp.Body.String(), forgejo_context.CsrfErrorString) accessTokenReq := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ - "_csrf": htmlDocGrant.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "grant_type": "authorization_code", "client_id": app.ClientID, "client_secret": app.ClientSecret, @@ -1082,19 +1091,18 @@ func TestOAuth_GrantScopesReadPrivateGroups(t *testing.T) { authorizeResp := ctx.MakeRequest(t, authorizeReq, http.StatusSeeOther) authcode := strings.Split(strings.Split(authorizeResp.Body.String(), "?code=")[1], "&")[0] - htmlDoc := NewHTMLParser(t, authorizeResp.Body) grantReq := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{ - "_csrf": htmlDoc.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "client_id": app.ClientID, "redirect_uri": "a", "state": "thestate", "granted": "true", }) - grantResp := ctx.MakeRequest(t, grantReq, http.StatusSeeOther) - htmlDocGrant := NewHTMLParser(t, grantResp.Body) + grantResp := ctx.MakeRequest(t, grantReq, http.StatusBadRequest) + assert.NotContains(t, grantResp.Body.String(), forgejo_context.CsrfErrorString) accessTokenReq := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ - "_csrf": htmlDocGrant.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "grant_type": "authorization_code", "client_id": app.ClientID, "client_secret": app.ClientSecret, @@ -1164,19 +1172,18 @@ func TestOAuth_GrantScopesReadOnlyPublicGroups(t *testing.T) { authorizeResp := ctx.MakeRequest(t, authorizeReq, http.StatusSeeOther) authcode := strings.Split(strings.Split(authorizeResp.Body.String(), "?code=")[1], "&")[0] - htmlDoc := NewHTMLParser(t, authorizeResp.Body) grantReq := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{ - "_csrf": htmlDoc.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "client_id": app.ClientID, "redirect_uri": "a", "state": "thestate", "granted": "true", }) - grantResp := ctx.MakeRequest(t, grantReq, http.StatusSeeOther) - htmlDocGrant := NewHTMLParser(t, grantResp.Body) + grantResp := ctx.MakeRequest(t, grantReq, http.StatusBadRequest) + assert.NotContains(t, grantResp.Body.String(), forgejo_context.CsrfErrorString) accessTokenReq := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ - "_csrf": htmlDocGrant.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "grant_type": "authorization_code", "client_id": app.ClientID, "client_secret": app.ClientSecret, @@ -1260,19 +1267,18 @@ func TestOAuth_GrantScopesReadPublicGroupsWithTheReadScope(t *testing.T) { authorizeResp := ctx.MakeRequest(t, authorizeReq, http.StatusSeeOther) authcode := strings.Split(strings.Split(authorizeResp.Body.String(), "?code=")[1], "&")[0] - htmlDoc := NewHTMLParser(t, authorizeResp.Body) grantReq := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{ - "_csrf": htmlDoc.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "client_id": app.ClientID, "redirect_uri": "a", "state": "thestate", "granted": "true", }) - grantResp := ctx.MakeRequest(t, grantReq, http.StatusSeeOther) - htmlDocGrant := NewHTMLParser(t, grantResp.Body) + grantResp := ctx.MakeRequest(t, grantReq, http.StatusBadRequest) + assert.NotContains(t, grantResp.Body.String(), forgejo_context.CsrfErrorString) accessTokenReq := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ - "_csrf": htmlDocGrant.GetCSRF(), + "_csrf": requireCookieCSRF(t, authorizeResp), "grant_type": "authorization_code", "client_id": app.ClientID, "client_secret": app.ClientSecret, From 2f1a737769b2ecd64c7c62e94cabf4bd72e89b69 Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Fri, 20 Sep 2024 21:00:39 +0200 Subject: [PATCH 008/166] Fix incorrect `/tokens` api (#32085) Fixes #32078 - Add missing scopes output. - Disallow empty scope. --------- Co-authored-by: Lunny Xiao (cherry picked from commit 08adbc468f8875fd4763c3656b334203c11adc0a) (cherry picked from commit 526054332acb221e061d3900bba2dc6e012da52d) --- routers/api/v1/user/app.go | 5 +++++ tests/integration/api_token_test.go | 31 ++++++++++------------------- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index b61ebac7d0..d5b20f7703 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -118,6 +118,10 @@ func CreateAccessToken(ctx *context.APIContext) { ctx.Error(http.StatusBadRequest, "AccessTokenScope.Normalize", fmt.Errorf("invalid access token scope provided: %w", err)) return } + if scope == "" { + ctx.Error(http.StatusBadRequest, "AccessTokenScope", "access token must have a scope") + return + } t.Scope = scope if err := auth_model.NewAccessToken(ctx, t); err != nil { @@ -129,6 +133,7 @@ func CreateAccessToken(ctx *context.APIContext) { Token: t.Token, ID: t.ID, TokenLastEight: t.TokenLastEight, + Scopes: t.Scope.StringSlice(), }) } diff --git a/tests/integration/api_token_test.go b/tests/integration/api_token_test.go index 9c7bf37330..01d18ef6f1 100644 --- a/tests/integration/api_token_test.go +++ b/tests/integration/api_token_test.go @@ -23,10 +23,10 @@ func TestAPICreateAndDeleteToken(t *testing.T) { defer tests.PrepareTestEnv(t)() user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) - newAccessToken := createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user, nil) + newAccessToken := createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll}) deleteAPIAccessToken(t, newAccessToken, user) - newAccessToken = createAPIAccessTokenWithoutCleanUp(t, "test-key-2", user, nil) + newAccessToken = createAPIAccessTokenWithoutCleanUp(t, "test-key-2", user, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll}) deleteAPIAccessToken(t, newAccessToken, user) } @@ -72,19 +72,19 @@ func TestAPIDeleteTokensPermission(t *testing.T) { user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) // admin can delete tokens for other users - createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user2, nil) + createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user2, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll}) req := NewRequest(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-1"). AddBasicAuth(admin.Name) MakeRequest(t, req, http.StatusNoContent) // non-admin can delete tokens for himself - createAPIAccessTokenWithoutCleanUp(t, "test-key-2", user2, nil) + createAPIAccessTokenWithoutCleanUp(t, "test-key-2", user2, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll}) req = NewRequest(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-2"). AddBasicAuth(user2.Name) MakeRequest(t, req, http.StatusNoContent) // non-admin can't delete tokens for other users - createAPIAccessTokenWithoutCleanUp(t, "test-key-3", user2, nil) + createAPIAccessTokenWithoutCleanUp(t, "test-key-3", user2, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll}) req = NewRequest(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-3"). AddBasicAuth(user4.Name) MakeRequest(t, req, http.StatusForbidden) @@ -520,7 +520,7 @@ func runTestCase(t *testing.T, testCase *requiredScopeTestCase, user *user_model unauthorizedScopes = append(unauthorizedScopes, cateogoryUnauthorizedScopes...) } - accessToken := createAPIAccessTokenWithoutCleanUp(t, "test-token", user, &unauthorizedScopes) + accessToken := createAPIAccessTokenWithoutCleanUp(t, "test-token", user, unauthorizedScopes) defer deleteAPIAccessToken(t, accessToken, user) // Request the endpoint. Verify that permission is denied. @@ -532,20 +532,12 @@ func runTestCase(t *testing.T, testCase *requiredScopeTestCase, user *user_model // createAPIAccessTokenWithoutCleanUp Create an API access token and assert that // creation succeeded. The caller is responsible for deleting the token. -func createAPIAccessTokenWithoutCleanUp(t *testing.T, tokenName string, user *user_model.User, scopes *[]auth_model.AccessTokenScope) api.AccessToken { +func createAPIAccessTokenWithoutCleanUp(t *testing.T, tokenName string, user *user_model.User, scopes []auth_model.AccessTokenScope) api.AccessToken { payload := map[string]any{ - "name": tokenName, - } - if scopes != nil { - for _, scope := range *scopes { - scopes, scopesExists := payload["scopes"].([]string) - if !scopesExists { - scopes = make([]string, 0) - } - scopes = append(scopes, string(scope)) - payload["scopes"] = scopes - } + "name": tokenName, + "scopes": scopes, } + log.Debug("Requesting creation of token with scopes: %v", scopes) req := NewRequestWithJSON(t, "POST", "/api/v1/users/"+user.LoginName+"/tokens", payload). AddBasicAuth(user.Name) @@ -563,8 +555,7 @@ func createAPIAccessTokenWithoutCleanUp(t *testing.T, tokenName string, user *us return newAccessToken } -// createAPIAccessTokenWithoutCleanUp Delete an API access token and assert that -// deletion succeeded. +// deleteAPIAccessToken deletes an API access token and assert that deletion succeeded. func deleteAPIAccessToken(t *testing.T, accessToken api.AccessToken, user *user_model.User) { req := NewRequestf(t, "DELETE", "/api/v1/users/"+user.LoginName+"/tokens/%d", accessToken.ID). AddBasicAuth(user.Name) From 81308159fd72fc901cdd4afa0b8b1193bc054532 Mon Sep 17 00:00:00 2001 From: Timon van der Berg Date: Sat, 21 Sep 2024 20:57:01 +0200 Subject: [PATCH 009/166] Repo Activity: count new issues that were closed (#31776) I'm new to go and contributing to gitea, your guidance is much appreciated. This is meant to solve https://github.com/go-gitea/gitea/issues/13309 Previously, closed issues would not be shown under new issues in the activity tab, even if they were newly created. changes: * Split out newlyCreatedIssues from issuesForActivityStatement to count both currently open and closed issues. * Use a seperate function to count active issues to prevent double-counting issues after the above change. Result is that new issues that have been closed are shown both under "new" and "closed". Signed-off-by: Timon van der Berg (cherry picked from commit ebfde845294cc681de6b1fe1adcf27e35f61b89b) (cherry picked from commit 2675a24649af2fff34f5c7e416d6ff78591d8d9c) --- models/activities/repo_activity.go | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/models/activities/repo_activity.go b/models/activities/repo_activity.go index ba5e4959f0..3ffad035b7 100644 --- a/models/activities/repo_activity.go +++ b/models/activities/repo_activity.go @@ -34,6 +34,7 @@ type ActivityStats struct { OpenedPRAuthorCount int64 MergedPRs issues_model.PullRequestList MergedPRAuthorCount int64 + ActiveIssues issues_model.IssueList OpenedIssues issues_model.IssueList OpenedIssueAuthorCount int64 ClosedIssues issues_model.IssueList @@ -172,7 +173,7 @@ func (stats *ActivityStats) MergedPRPerc() int { // ActiveIssueCount returns total active issue count func (stats *ActivityStats) ActiveIssueCount() int { - return stats.OpenedIssueCount() + stats.ClosedIssueCount() + return len(stats.ActiveIssues) } // OpenedIssueCount returns open issue count @@ -285,13 +286,21 @@ func (stats *ActivityStats) FillIssues(ctx context.Context, repoID int64, fromTi stats.ClosedIssueAuthorCount = count // New issues - sess = issuesForActivityStatement(ctx, repoID, fromTime, false, false) + sess = newlyCreatedIssues(ctx, repoID, fromTime) sess.OrderBy("issue.created_unix ASC") stats.OpenedIssues = make(issues_model.IssueList, 0) if err = sess.Find(&stats.OpenedIssues); err != nil { return err } + // Active issues + sess = activeIssues(ctx, repoID, fromTime) + sess.OrderBy("issue.created_unix ASC") + stats.ActiveIssues = make(issues_model.IssueList, 0) + if err = sess.Find(&stats.ActiveIssues); err != nil { + return err + } + // Opened issue authors sess = issuesForActivityStatement(ctx, repoID, fromTime, false, false) if _, err = sess.Select("count(distinct issue.poster_id) as `count`").Table("issue").Get(&count); err != nil { @@ -317,6 +326,23 @@ func (stats *ActivityStats) FillUnresolvedIssues(ctx context.Context, repoID int return sess.Find(&stats.UnresolvedIssues) } +func newlyCreatedIssues(ctx context.Context, repoID int64, fromTime time.Time) *xorm.Session { + sess := db.GetEngine(ctx).Where("issue.repo_id = ?", repoID). + And("issue.is_pull = ?", false). // Retain the is_pull check to exclude pull requests + And("issue.created_unix >= ?", fromTime.Unix()) // Include all issues created after fromTime + + return sess +} + +func activeIssues(ctx context.Context, repoID int64, fromTime time.Time) *xorm.Session { + sess := db.GetEngine(ctx).Where("issue.repo_id = ?", repoID). + And("issue.is_pull = ?", false). + And("issue.created_unix >= ?", fromTime.Unix()). + Or("issue.closed_unix >= ?", fromTime.Unix()) + + return sess +} + func issuesForActivityStatement(ctx context.Context, repoID int64, fromTime time.Time, closed, unresolved bool) *xorm.Session { sess := db.GetEngine(ctx).Where("issue.repo_id = ?", repoID). And("issue.is_closed = ?", closed) From 6c16834d281fb66caf3e3f21817ef6464a781117 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Sun, 22 Sep 2024 05:56:25 +0800 Subject: [PATCH 010/166] Fix wrong last modify time (#32102) (cherry picked from commit a802508f88e546bf18990559e44bf27a09c869ee) (cherry picked from commit f709de24039ab7e605d3e09e3b61240836381603) --- modules/httpcache/httpcache.go | 3 ++- modules/httplib/serve.go | 1 + routers/api/packages/maven/maven.go | 4 +++- routers/web/repo/githttp.go | 3 ++- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/httpcache/httpcache.go b/modules/httpcache/httpcache.go index b4af371541..30ce0a4a03 100644 --- a/modules/httpcache/httpcache.go +++ b/modules/httpcache/httpcache.go @@ -76,7 +76,8 @@ func HandleGenericETagTimeCache(req *http.Request, w http.ResponseWriter, etag s w.Header().Set("Etag", etag) } if lastModified != nil && !lastModified.IsZero() { - w.Header().Set("Last-Modified", lastModified.Format(http.TimeFormat)) + // http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat + w.Header().Set("Last-Modified", lastModified.UTC().Format(http.TimeFormat)) } if len(etag) > 0 { diff --git a/modules/httplib/serve.go b/modules/httplib/serve.go index 6e147d76f5..2e3e6a7c42 100644 --- a/modules/httplib/serve.go +++ b/modules/httplib/serve.go @@ -79,6 +79,7 @@ func ServeSetHeaders(w http.ResponseWriter, opts *ServeHeaderOptions) { httpcache.SetCacheControlInHeader(header, duration) if !opts.LastModified.IsZero() { + // http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat header.Set("Last-Modified", opts.LastModified.UTC().Format(http.TimeFormat)) } } diff --git a/routers/api/packages/maven/maven.go b/routers/api/packages/maven/maven.go index 58271e1d43..4181577454 100644 --- a/routers/api/packages/maven/maven.go +++ b/routers/api/packages/maven/maven.go @@ -117,7 +117,9 @@ func serveMavenMetadata(ctx *context.Context, params parameters) { xmlMetadataWithHeader := append([]byte(xml.Header), xmlMetadata...) latest := pds[len(pds)-1] - ctx.Resp.Header().Set("Last-Modified", latest.Version.CreatedUnix.Format(http.TimeFormat)) + // http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat + lastModifed := latest.Version.CreatedUnix.AsTime().UTC().Format(http.TimeFormat) + ctx.Resp.Header().Set("Last-Modified", lastModifed) ext := strings.ToLower(filepath.Ext(params.Filename)) if isChecksumExtension(ext) { diff --git a/routers/web/repo/githttp.go b/routers/web/repo/githttp.go index 9f3b63698a..a082498dfd 100644 --- a/routers/web/repo/githttp.go +++ b/routers/web/repo/githttp.go @@ -395,7 +395,8 @@ func (h *serviceHandler) sendFile(ctx *context.Context, contentType, file string ctx.Resp.Header().Set("Content-Type", contentType) ctx.Resp.Header().Set("Content-Length", fmt.Sprintf("%d", fi.Size())) - ctx.Resp.Header().Set("Last-Modified", fi.ModTime().Format(http.TimeFormat)) + // http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat + ctx.Resp.Header().Set("Last-Modified", fi.ModTime().UTC().Format(http.TimeFormat)) http.ServeFile(ctx.Resp, ctx.Req, reqFile) } From 74712e340026f127bcc627cc2342fe5b629c5f00 Mon Sep 17 00:00:00 2001 From: Jamie Schouten Date: Sun, 22 Sep 2024 00:42:17 +0200 Subject: [PATCH 011/166] Add bin to Composer Metadata (#32099) This PR addresses the missing `bin` field in Composer metadata, which currently causes vendor-provided binaries to not be symlinked to `vendor/bin` during installation. In the current implementation, running `composer install` does not publish the binaries, leading to issues where expected binaries are not available. By properly declaring the `bin` field, this PR ensures that binaries are correctly symlinked upon installation, as described in the [Composer documentation](https://getcomposer.org/doc/articles/vendor-binaries.md). (cherry picked from commit d351a42494e71b5e2da63302c2f9b46c78e6dbde) (cherry picked from commit 9d3473119893ffde0ab36d98e7a0e41c5d0ba9a3) --- modules/packages/composer/metadata.go | 1 + tests/integration/api_packages_composer_test.go | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/packages/composer/metadata.go b/modules/packages/composer/metadata.go index 2c2e9ebf27..6035eae8ca 100644 --- a/modules/packages/composer/metadata.go +++ b/modules/packages/composer/metadata.go @@ -48,6 +48,7 @@ type Metadata struct { Homepage string `json:"homepage,omitempty"` License Licenses `json:"license,omitempty"` Authors []Author `json:"authors,omitempty"` + Bin []string `json:"bin,omitempty"` Autoload map[string]any `json:"autoload,omitempty"` AutoloadDev map[string]any `json:"autoload-dev,omitempty"` Extra map[string]any `json:"extra,omitempty"` diff --git a/tests/integration/api_packages_composer_test.go b/tests/integration/api_packages_composer_test.go index 9cdcd07e37..9d25cc4d64 100644 --- a/tests/integration/api_packages_composer_test.go +++ b/tests/integration/api_packages_composer_test.go @@ -37,6 +37,7 @@ func TestPackageComposer(t *testing.T) { packageType := "composer-plugin" packageAuthor := "Gitea Authors" packageLicense := "MIT" + packageBin := "./bin/script" var buf bytes.Buffer archive := zip.NewWriter(&buf) @@ -50,6 +51,9 @@ func TestPackageComposer(t *testing.T) { { "name": "` + packageAuthor + `" } + ], + "bin": [ + "` + packageBin + `" ] }`)) archive.Close() @@ -211,6 +215,8 @@ func TestPackageComposer(t *testing.T) { assert.Len(t, pkgs[0].Authors, 1) assert.Equal(t, packageAuthor, pkgs[0].Authors[0].Name) assert.Equal(t, "zip", pkgs[0].Dist.Type) - assert.Equal(t, "7b40bfd6da811b2b78deec1e944f156dbb2c747b", pkgs[0].Dist.Checksum) + assert.Equal(t, "4f5fa464c3cb808a1df191dbf6cb75363f8b7072", pkgs[0].Dist.Checksum) + assert.Len(t, pkgs[0].Bin, 1) + assert.Equal(t, packageBin, pkgs[0].Bin[0]) }) } From ba7da0af3184e7f732ea5eec4a01c6fdd1b899ab Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Sat, 21 Sep 2024 17:50:54 +0800 Subject: [PATCH 012/166] Use camo.Always instead of camo.Allways (#32097) Fix #31575 https://gitea.com/gitea/docs/pulls/73 (cherry picked from commit 8e2dd5d3ddfb442937c79f05df88d18b856952cb) (cherry picked from commit 2ffb08bb888bb950b6ed4ff12a4cf4bacc337e18) --- custom/conf/app.example.ini | 3 ++- modules/markup/camo.go | 2 +- modules/markup/camo_test.go | 2 +- modules/setting/camo.go | 14 ++++++++++++-- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 9cb5a67172..2eff51fe98 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -529,7 +529,8 @@ INTERNAL_TOKEN = ;; HMAC to encode urls with, it **is required** if camo is enabled. ;HMAC_KEY = ;; Set to true to use camo for https too lese only non https urls are proxyed -;ALLWAYS = false +;; ALLWAYS is deprecated and will be removed in the future +;ALWAYS = false ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; diff --git a/modules/markup/camo.go b/modules/markup/camo.go index e93797de2b..7e2583469d 100644 --- a/modules/markup/camo.go +++ b/modules/markup/camo.go @@ -38,7 +38,7 @@ func camoHandleLink(link string) string { if setting.Camo.Enabled { lnkURL, err := url.Parse(link) if err == nil && lnkURL.IsAbs() && !strings.HasPrefix(link, setting.AppURL) && - (setting.Camo.Allways || lnkURL.Scheme != "https") { + (setting.Camo.Always || lnkURL.Scheme != "https") { return CamoEncode(link) } } diff --git a/modules/markup/camo_test.go b/modules/markup/camo_test.go index ba58835221..3c5d40afa0 100644 --- a/modules/markup/camo_test.go +++ b/modules/markup/camo_test.go @@ -28,7 +28,7 @@ func TestCamoHandleLink(t *testing.T) { "https://image.proxy/eivin43gJwGVIjR9MiYYtFIk0mw/aHR0cDovL3Rlc3RpbWFnZXMub3JnL2ltZy5qcGc", camoHandleLink("http://testimages.org/img.jpg")) - setting.Camo.Allways = true + setting.Camo.Always = true assert.Equal(t, "https://gitea.com/img.jpg", camoHandleLink("https://gitea.com/img.jpg")) diff --git a/modules/setting/camo.go b/modules/setting/camo.go index 366e9a116c..608ecf8363 100644 --- a/modules/setting/camo.go +++ b/modules/setting/camo.go @@ -3,18 +3,28 @@ package setting -import "code.gitea.io/gitea/modules/log" +import ( + "strconv" + + "code.gitea.io/gitea/modules/log" +) var Camo = struct { Enabled bool ServerURL string `ini:"SERVER_URL"` HMACKey string `ini:"HMAC_KEY"` - Allways bool + Always bool }{} func loadCamoFrom(rootCfg ConfigProvider) { mustMapSetting(rootCfg, "camo", &Camo) if Camo.Enabled { + oldValue := rootCfg.Section("camo").Key("ALLWAYS").MustString("") + if oldValue != "" { + log.Warn("camo.ALLWAYS is deprecated, use camo.ALWAYS instead") + Camo.Always, _ = strconv.ParseBool(oldValue) + } + if Camo.ServerURL == "" || Camo.HMACKey == "" { log.Fatal(`Camo settings require "SERVER_URL" and HMAC_KEY`) } From eb4f1de8ec64a078971de8be6070b81ce74b6c1d Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sun, 22 Sep 2024 10:01:43 +0200 Subject: [PATCH 013/166] chore(release-notes): weekly cherry-pick week 2024-39 (cherry picked from commit e3deb88a8d2494e386f221b9dc743a6a1710837d) --- release-notes/5372.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 release-notes/5372.md diff --git a/release-notes/5372.md b/release-notes/5372.md new file mode 100644 index 0000000000..fccb305f34 --- /dev/null +++ b/release-notes/5372.md @@ -0,0 +1,5 @@ +feat: [commit](https://codeberg.org/forgejo/forgejo/commit/9d3473119893ffde0ab36d98e7a0e41c5d0ba9a3) Add bin to Composer Metadata. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/f709de24039ab7e605d3e09e3b61240836381603) Fix wrong last modify time. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/2675a24649af2fff34f5c7e416d6ff78591d8d9c) Repo Activity: count new issues that were closed. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/526054332acb221e061d3900bba2dc6e012da52d) Fix incorrect /tokens api. +fix: [commit](https://codeberg.org/forgejo/forgejo/commit/0cafec4c7a2faf810953e9d522faf5dc019e1522) Do not escape relative path in RPM primary index. From 658ed564cbfd4b95e2985dc2e15bedad33e8a6ee Mon Sep 17 00:00:00 2001 From: Exploding Dragon Date: Fri, 27 Sep 2024 08:21:22 +0000 Subject: [PATCH 014/166] feat: add architecture-specific removal support for arch package (#5351) - [x] add architecture-specific removal support - [x] Fix upload competition - [x] Fix not checking input when downloading docs: https://codeberg.org/forgejo/docs/pulls/874 ### Release notes - [ ] I do not want this change to show in the release notes. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5351 Reviewed-by: Earl Warren Co-authored-by: Exploding Dragon Co-committed-by: Exploding Dragon (cherry picked from commit 89742c49135e47372e272596bd536d5d1244721f) --- modules/packages/arch/metadata.go | 69 ++++++++++----------- routers/api/packages/api.go | 12 ++-- routers/api/packages/arch/arch.go | 47 +++++++++----- services/packages/arch/repository.go | 65 ++++++++++--------- templates/package/content/arch.tmpl | 4 +- templates/package/metadata/arch.tmpl | 4 +- tests/integration/api_packages_arch_test.go | 50 ++++++++++++--- 7 files changed, 151 insertions(+), 100 deletions(-) diff --git a/modules/packages/arch/metadata.go b/modules/packages/arch/metadata.go index 0e08670311..6cdde75cdc 100644 --- a/modules/packages/arch/metadata.go +++ b/modules/packages/arch/metadata.go @@ -39,8 +39,8 @@ const ( var ( reName = regexp.MustCompile(`^[a-zA-Z0-9@._+-]+$`) reVer = regexp.MustCompile(`^[a-zA-Z0-9:_.+]+-+[0-9]+$`) - reOptDep = regexp.MustCompile(`^[a-zA-Z0-9@._+-]+([<>]?=?[a-zA-Z0-9@._+-]+)?(:.*)?$`) - rePkgVer = regexp.MustCompile(`^[a-zA-Z0-9@._+-]+([<>]?=?[a-zA-Z0-9@._+-]+)?$`) + reOptDep = regexp.MustCompile(`^[a-zA-Z0-9@._+-]+([<>]?=?([0-9]+:)?[a-zA-Z0-9@._+-]+)?(:.*)?$`) + rePkgVer = regexp.MustCompile(`^[a-zA-Z0-9@._+-]+([<>]?=?([0-9]+:)?[a-zA-Z0-9@._+-]+)?$`) magicZSTD = []byte{0x28, 0xB5, 0x2F, 0xFD} magicXZ = []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A} @@ -71,7 +71,7 @@ type VersionMetadata struct { Conflicts []string `json:"conflicts,omitempty"` Replaces []string `json:"replaces,omitempty"` Backup []string `json:"backup,omitempty"` - Xdata []string `json:"xdata,omitempty"` + XData []string `json:"xdata,omitempty"` } // FileMetadata Metadata related to specific package file. @@ -125,7 +125,7 @@ func ParsePackage(r *packages.HashedBuffer) (*Package, error) { defer tarball.Close() var pkg *Package - var mtree bool + var mTree bool for { f, err := tarball.Read() @@ -135,24 +135,24 @@ func ParsePackage(r *packages.HashedBuffer) (*Package, error) { if err != nil { return nil, err } - defer f.Close() - switch f.Name() { case ".PKGINFO": pkg, err = ParsePackageInfo(tarballType, f) if err != nil { + _ = f.Close() return nil, err } case ".MTREE": - mtree = true + mTree = true } + _ = f.Close() } if pkg == nil { return nil, util.NewInvalidArgumentErrorf(".PKGINFO file not found") } - if !mtree { + if !mTree { return nil, util.NewInvalidArgumentErrorf(".MTREE file not found") } @@ -220,7 +220,7 @@ func ParsePackageInfo(compressType string, r io.Reader) (*Package, error) { case "replaces": p.VersionMetadata.Replaces = append(p.VersionMetadata.Replaces, value) case "xdata": - p.VersionMetadata.Xdata = append(p.VersionMetadata.Xdata, value) + p.VersionMetadata.XData = append(p.VersionMetadata.XData, value) case "builddate": bd, err := strconv.ParseInt(value, 10, 64) if err != nil { @@ -260,48 +260,43 @@ func ValidatePackageSpec(p *Package) error { return util.NewInvalidArgumentErrorf("invalid project URL") } } - for _, cd := range p.VersionMetadata.CheckDepends { - if !rePkgVer.MatchString(cd) { - return util.NewInvalidArgumentErrorf("invalid check dependency: %s", cd) + for _, checkDepend := range p.VersionMetadata.CheckDepends { + if !rePkgVer.MatchString(checkDepend) { + return util.NewInvalidArgumentErrorf("invalid check dependency: %s", checkDepend) } } - for _, d := range p.VersionMetadata.Depends { - if !rePkgVer.MatchString(d) { - return util.NewInvalidArgumentErrorf("invalid dependency: %s", d) + for _, depend := range p.VersionMetadata.Depends { + if !rePkgVer.MatchString(depend) { + return util.NewInvalidArgumentErrorf("invalid dependency: %s", depend) } } - for _, md := range p.VersionMetadata.MakeDepends { - if !rePkgVer.MatchString(md) { - return util.NewInvalidArgumentErrorf("invalid make dependency: %s", md) + for _, makeDepend := range p.VersionMetadata.MakeDepends { + if !rePkgVer.MatchString(makeDepend) { + return util.NewInvalidArgumentErrorf("invalid make dependency: %s", makeDepend) } } - for _, p := range p.VersionMetadata.Provides { - if !rePkgVer.MatchString(p) { - return util.NewInvalidArgumentErrorf("invalid provides: %s", p) + for _, provide := range p.VersionMetadata.Provides { + if !rePkgVer.MatchString(provide) { + return util.NewInvalidArgumentErrorf("invalid provides: %s", provide) } } - for _, p := range p.VersionMetadata.Conflicts { - if !rePkgVer.MatchString(p) { - return util.NewInvalidArgumentErrorf("invalid conflicts: %s", p) + for _, conflict := range p.VersionMetadata.Conflicts { + if !rePkgVer.MatchString(conflict) { + return util.NewInvalidArgumentErrorf("invalid conflicts: %s", conflict) } } - for _, p := range p.VersionMetadata.Replaces { - if !rePkgVer.MatchString(p) { - return util.NewInvalidArgumentErrorf("invalid replaces: %s", p) + for _, replace := range p.VersionMetadata.Replaces { + if !rePkgVer.MatchString(replace) { + return util.NewInvalidArgumentErrorf("invalid replaces: %s", replace) } } - for _, p := range p.VersionMetadata.Replaces { - if !rePkgVer.MatchString(p) { - return util.NewInvalidArgumentErrorf("invalid xdata: %s", p) + for _, optDepend := range p.VersionMetadata.OptDepends { + if !reOptDep.MatchString(optDepend) { + return util.NewInvalidArgumentErrorf("invalid optional dependency: %s", optDepend) } } - for _, od := range p.VersionMetadata.OptDepends { - if !reOptDep.MatchString(od) { - return util.NewInvalidArgumentErrorf("invalid optional dependency: %s", od) - } - } - for _, bf := range p.VersionMetadata.Backup { - if strings.HasPrefix(bf, "/") { + for _, b := range p.VersionMetadata.Backup { + if strings.HasPrefix(b, "/") { return util.NewInvalidArgumentErrorf("backup file contains leading forward slash") } } diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go index 76a8fd4714..c72f812704 100644 --- a/routers/api/packages/api.go +++ b/routers/api/packages/api.go @@ -175,18 +175,20 @@ func CommonRoutes() *web.Route { arch.PushPackage(ctx) return } else if isDelete { - if groupLen < 2 { + if groupLen < 3 { ctx.Status(http.StatusBadRequest) return } - if groupLen == 2 { + if groupLen == 3 { ctx.SetParams("group", "") ctx.SetParams("package", pathGroups[0]) ctx.SetParams("version", pathGroups[1]) + ctx.SetParams("arch", pathGroups[2]) } else { - ctx.SetParams("group", strings.Join(pathGroups[:groupLen-2], "/")) - ctx.SetParams("package", pathGroups[groupLen-2]) - ctx.SetParams("version", pathGroups[groupLen-1]) + ctx.SetParams("group", strings.Join(pathGroups[:groupLen-3], "/")) + ctx.SetParams("package", pathGroups[groupLen-3]) + ctx.SetParams("version", pathGroups[groupLen-2]) + ctx.SetParams("arch", pathGroups[groupLen-1]) } reqPackageAccess(perm.AccessModeWrite)(ctx) if ctx.Written() { diff --git a/routers/api/packages/arch/arch.go b/routers/api/packages/arch/arch.go index 2d3481a33f..15fcc37c70 100644 --- a/routers/api/packages/arch/arch.go +++ b/routers/api/packages/arch/arch.go @@ -9,12 +9,14 @@ import ( "fmt" "io" "net/http" + "path/filepath" "regexp" "strings" packages_model "code.gitea.io/gitea/models/packages" packages_module "code.gitea.io/gitea/modules/packages" arch_module "code.gitea.io/gitea/modules/packages/arch" + "code.gitea.io/gitea/modules/sync" "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/routers/api/packages/helper" "code.gitea.io/gitea/services/context" @@ -25,6 +27,8 @@ import ( var ( archPkgOrSig = regexp.MustCompile(`^.*\.pkg\.tar\.\w+(\.sig)*$`) archDBOrSig = regexp.MustCompile(`^.*.db(\.tar\.gz)*(\.sig)*$`) + + locker = sync.NewExclusivePool() ) func apiError(ctx *context.Context, status int, obj any) { @@ -33,6 +37,14 @@ func apiError(ctx *context.Context, status int, obj any) { }) } +func refreshLocker(ctx *context.Context, group string) func() { + key := fmt.Sprintf("pkg_%d_arch_pkg_%s", ctx.Package.Owner.ID, group) + locker.CheckIn(key) + return func() { + locker.CheckOut(key) + } +} + func GetRepositoryKey(ctx *context.Context) { _, pub, err := arch_service.GetOrCreateKeyPair(ctx, ctx.Package.Owner.ID) if err != nil { @@ -48,7 +60,8 @@ func GetRepositoryKey(ctx *context.Context) { func PushPackage(ctx *context.Context) { group := ctx.Params("group") - + releaser := refreshLocker(ctx, group) + defer releaser() upload, needToClose, err := ctx.UploadStream() if err != nil { apiError(ctx, http.StatusInternalServerError, err) @@ -154,6 +167,7 @@ func PushPackage(ctx *context.Context) { }) if err != nil { apiError(ctx, http.StatusInternalServerError, err) + return } if err = arch_service.BuildPacmanDB(ctx, ctx.Package.Owner.ID, group, p.FileMetadata.Arch); err != nil { apiError(ctx, http.StatusInternalServerError, err) @@ -169,7 +183,7 @@ func GetPackageOrDB(ctx *context.Context) { arch = ctx.Params("arch") ) if archPkgOrSig.MatchString(file) { - pkg, err := arch_service.GetPackageFile(ctx, group, file, ctx.Package.Owner.ID) + pkg, u, pf, err := arch_service.GetPackageFile(ctx, group, file, ctx.Package.Owner.ID) if err != nil { if errors.Is(err, util.ErrNotExist) { apiError(ctx, http.StatusNotFound, err) @@ -178,15 +192,12 @@ func GetPackageOrDB(ctx *context.Context) { } return } - - ctx.ServeContent(pkg, &context.ServeHeaderOptions{ - Filename: file, - }) + helper.ServePackageFile(ctx, pkg, u, pf) return } if archDBOrSig.MatchString(file) { - pkg, err := arch_service.GetPackageDBFile(ctx, group, arch, ctx.Package.Owner.ID, + pkg, u, pf, err := arch_service.GetPackageDBFile(ctx, group, arch, ctx.Package.Owner.ID, strings.HasSuffix(file, ".sig")) if err != nil { if errors.Is(err, util.ErrNotExist) { @@ -196,9 +207,7 @@ func GetPackageOrDB(ctx *context.Context) { } return } - ctx.ServeContent(pkg, &context.ServeHeaderOptions{ - Filename: file, - }) + helper.ServePackageFile(ctx, pkg, u, pf) return } @@ -207,10 +216,13 @@ func GetPackageOrDB(ctx *context.Context) { func RemovePackage(ctx *context.Context) { var ( - group = ctx.Params("group") - pkg = ctx.Params("package") - ver = ctx.Params("version") + group = ctx.Params("group") + pkg = ctx.Params("package") + ver = ctx.Params("version") + pkgArch = ctx.Params("arch") ) + releaser := refreshLocker(ctx, group) + defer releaser() pv, err := packages_model.GetVersionByNameAndVersion( ctx, ctx.Package.Owner.ID, packages_model.TypeArch, pkg, ver, ) @@ -229,7 +241,13 @@ func RemovePackage(ctx *context.Context) { } deleted := false for _, file := range files { - if file.CompositeKey == group { + extName := fmt.Sprintf("-%s.pkg.tar%s", pkgArch, filepath.Ext(file.LowerName)) + if strings.HasSuffix(file.LowerName, ".sig") { + extName = fmt.Sprintf("-%s.pkg.tar%s.sig", pkgArch, + filepath.Ext(strings.TrimSuffix(file.LowerName, filepath.Ext(file.LowerName)))) + } + if file.CompositeKey == group && + strings.HasSuffix(file.LowerName, extName) { deleted = true err := packages_service.RemovePackageFileAndVersionIfUnreferenced(ctx, ctx.ContextUser, file) if err != nil { @@ -242,6 +260,7 @@ func RemovePackage(ctx *context.Context) { err = arch_service.BuildCustomRepositoryFiles(ctx, ctx.Package.Owner.ID, group) if err != nil { apiError(ctx, http.StatusInternalServerError, err) + return } ctx.Status(http.StatusNoContent) } else { diff --git a/services/packages/arch/repository.go b/services/packages/arch/repository.go index de72467421..58433ab5c2 100644 --- a/services/packages/arch/repository.go +++ b/services/packages/arch/repository.go @@ -10,6 +10,7 @@ import ( "errors" "fmt" "io" + "net/url" "os" "path/filepath" "sort" @@ -20,6 +21,7 @@ import ( packages_module "code.gitea.io/gitea/modules/packages" arch_module "code.gitea.io/gitea/modules/packages/arch" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/sync" "code.gitea.io/gitea/modules/util" packages_service "code.gitea.io/gitea/services/packages" @@ -28,6 +30,8 @@ import ( "github.com/ProtonMail/go-crypto/openpgp/packet" ) +var locker = sync.NewExclusivePool() + func GetOrCreateRepositoryVersion(ctx context.Context, ownerID int64) (*packages_model.PackageVersion, error) { return packages_service.GetOrCreateInternalPackageVersion(ctx, ownerID, packages_model.TypeArch, arch_module.RepositoryPackage, arch_module.RepositoryVersion) } @@ -101,6 +105,9 @@ func NewFileSign(ctx context.Context, ownerID int64, input io.Reader) (*packages // BuildPacmanDB Create db signature cache func BuildPacmanDB(ctx context.Context, ownerID int64, group, arch string) error { + key := fmt.Sprintf("pkg_%d_arch_db_%s", ownerID, group) + locker.CheckIn(key) + defer locker.CheckOut(key) pv, err := GetOrCreateRepositoryVersion(ctx, ownerID) if err != nil { return err @@ -173,15 +180,18 @@ func createDB(ctx context.Context, ownerID int64, group, arch string) (*packages if err != nil { return nil, err } + defer db.Close() gw := gzip.NewWriter(db) + defer gw.Close() tw := tar.NewWriter(gw) + defer tw.Close() count := 0 for _, pkg := range pkgs { versions, err := packages_model.GetVersionsByPackageName( ctx, ownerID, packages_model.TypeArch, pkg.Name, ) if err != nil { - return nil, errors.Join(tw.Close(), gw.Close(), db.Close(), err) + return nil, err } sort.Slice(versions, func(i, j int) bool { return versions[i].CreatedUnix > versions[j].CreatedUnix @@ -190,7 +200,7 @@ func createDB(ctx context.Context, ownerID int64, group, arch string) (*packages for _, ver := range versions { files, err := packages_model.GetFilesByVersionID(ctx, ver.ID) if err != nil { - return nil, errors.Join(tw.Close(), gw.Close(), db.Close(), err) + return nil, err } var pf *packages_model.PackageFile for _, file := range files { @@ -213,7 +223,7 @@ func createDB(ctx context.Context, ownerID int64, group, arch string) (*packages ctx, packages_model.PropertyTypeFile, pf.ID, arch_module.PropertyDescription, ) if err != nil { - return nil, errors.Join(tw.Close(), gw.Close(), db.Close(), err) + return nil, err } if len(pps) >= 1 { meta := []byte(pps[0].Value) @@ -223,60 +233,50 @@ func createDB(ctx context.Context, ownerID int64, group, arch string) (*packages Mode: int64(os.ModePerm), } if err = tw.WriteHeader(header); err != nil { - return nil, errors.Join(tw.Close(), gw.Close(), db.Close(), err) + return nil, err } if _, err := tw.Write(meta); err != nil { - return nil, errors.Join(tw.Close(), gw.Close(), db.Close(), err) + return nil, err } count++ break } } } - defer gw.Close() - defer tw.Close() if count == 0 { - return nil, errors.Join(db.Close(), io.EOF) + return nil, io.EOF } return db, nil } // GetPackageFile Get data related to provided filename and distribution, for package files // update download counter. -func GetPackageFile(ctx context.Context, group, file string, ownerID int64) (io.ReadSeekCloser, error) { - pf, err := getPackageFile(ctx, group, file, ownerID) - if err != nil { - return nil, err +func GetPackageFile(ctx context.Context, group, file string, ownerID int64) (io.ReadSeekCloser, *url.URL, *packages_model.PackageFile, error) { + fileSplit := strings.Split(file, "-") + if len(fileSplit) <= 3 { + return nil, nil, nil, errors.New("invalid file format, need ---.pkg.") } - - filestream, _, _, err := packages_service.GetPackageFileStream(ctx, pf) - return filestream, err -} - -// Ejects parameters required to get package file property from file name. -func getPackageFile(ctx context.Context, group, file string, ownerID int64) (*packages_model.PackageFile, error) { var ( - splt = strings.Split(file, "-") - pkgname = strings.Join(splt[0:len(splt)-3], "-") - vername = splt[len(splt)-3] + "-" + splt[len(splt)-2] + pkgName = strings.Join(fileSplit[0:len(fileSplit)-3], "-") + pkgVer = fileSplit[len(fileSplit)-3] + "-" + fileSplit[len(fileSplit)-2] ) - - version, err := packages_model.GetVersionByNameAndVersion(ctx, ownerID, packages_model.TypeArch, pkgname, vername) + version, err := packages_model.GetVersionByNameAndVersion(ctx, ownerID, packages_model.TypeArch, pkgName, pkgVer) if err != nil { - return nil, err + return nil, nil, nil, err } - pkgfile, err := packages_model.GetFileForVersionByName(ctx, version.ID, file, group) + pkgFile, err := packages_model.GetFileForVersionByName(ctx, version.ID, file, group) if err != nil { - return nil, err + return nil, nil, nil, err } - return pkgfile, nil + + return packages_service.GetPackageFileStream(ctx, pkgFile) } -func GetPackageDBFile(ctx context.Context, group, arch string, ownerID int64, signFile bool) (io.ReadSeekCloser, error) { +func GetPackageDBFile(ctx context.Context, group, arch string, ownerID int64, signFile bool) (io.ReadSeekCloser, *url.URL, *packages_model.PackageFile, error) { pv, err := GetOrCreateRepositoryVersion(ctx, ownerID) if err != nil { - return nil, err + return nil, nil, nil, err } fileName := fmt.Sprintf("%s.db", arch) if signFile { @@ -284,10 +284,9 @@ func GetPackageDBFile(ctx context.Context, group, arch string, ownerID int64, si } file, err := packages_model.GetFileForVersionByName(ctx, pv.ID, fileName, group) if err != nil { - return nil, err + return nil, nil, nil, err } - filestream, _, _, err := packages_service.GetPackageFileStream(ctx, file) - return filestream, err + return packages_service.GetPackageFileStream(ctx, file) } // GetOrCreateKeyPair gets or creates the PGP keys used to sign repository metadata files diff --git a/templates/package/content/arch.tmpl b/templates/package/content/arch.tmpl index bcc24b585b..6138b1d698 100644 --- a/templates/package/content/arch.tmpl +++ b/templates/package/content/arch.tmpl @@ -16,11 +16,11 @@ pacman-key --lsign-key '{{$.SignMail}}' 

 {{- if gt (len $.Groups) 1 -}}
-# {{ctx.Locale.Tr "packages.arch.pacman.repo.multi"  $.PackageDescriptor.Package.LowerName}}
+# {{ctx.Locale.Tr "packages.arch.pacman.repo.multi" $.PackageDescriptor.Package.LowerName}}
 
 {{end -}}
 {{- $GroupSize := (len .Groups) -}}
-{{-  range $i,$v :=  .Groups -}}
+{{-  range $i,$v := .Groups -}}
 {{- if gt $i 0}}
 {{end -}}{{- if gt $GroupSize 1 -}}
 # {{ctx.Locale.Tr "packages.arch.pacman.repo.multi.item" .}}
diff --git a/templates/package/metadata/arch.tmpl b/templates/package/metadata/arch.tmpl
index 822973eb7d..89001b979c 100644
--- a/templates/package/metadata/arch.tmpl
+++ b/templates/package/metadata/arch.tmpl
@@ -1,4 +1,4 @@
 {{if eq .PackageDescriptor.Package.Type "arch"}}
-	{{range .PackageDescriptor.Metadata.License}}
{{svg "octicon-law" 16 "gt-mr-3"}} {{.}}
{{end}}
-	{{if .PackageDescriptor.Metadata.ProjectURL}}
{{svg "octicon-link-external" 16 "mr-3"}} {{ctx.Locale.Tr "packages.details.project_site"}}
{{end}}
+	{{if .PackageDescriptor.Metadata.ProjectURL}}
{{svg "octicon-link-external" 16 "tw-mr-2"}} {{ctx.Locale.Tr "packages.details.project_site"}}
{{end}}
+	{{range .PackageDescriptor.Metadata.License}}
{{svg "octicon-law" 16 "tw-mr-2"}} {{.}}
{{end}}
 {{end}}
diff --git a/tests/integration/api_packages_arch_test.go b/tests/integration/api_packages_arch_test.go
index af275de442..2cf0186416 100644
--- a/tests/integration/api_packages_arch_test.go
+++ b/tests/integration/api_packages_arch_test.go
@@ -14,6 +14,7 @@ import (
 	"io"
 	"net/http"
 	"strings"
+	"sync"
 	"testing"
 	"testing/fstest"
 
@@ -258,11 +259,15 @@ HMhNSS1IzUsBcpJAPFAwwUXSM0u4BjoaR8EoGAWjgGQAAILFeyQADAAA
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusCreated)
 
-			req = NewRequestWithBody(t, "DELETE", rootURL+"/base/notfound/1.0.0-1", nil).
+			req = NewRequestWithBody(t, "DELETE", rootURL+"/base/notfound/1.0.0-1/any", nil).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusNotFound)
 
-			req = NewRequestWithBody(t, "DELETE", groupURL+"/test/1.0.0-1", nil).
+			req = NewRequestWithBody(t, "DELETE", groupURL+"/test/1.0.0-1/x86_64", nil).
+				AddBasicAuth(user.Name)
+			MakeRequest(t, req, http.StatusNoContent)
+
+			req = NewRequestWithBody(t, "DELETE", groupURL+"/test/1.0.0-1/any", nil).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusNoContent)
 
@@ -270,12 +275,22 @@ HMhNSS1IzUsBcpJAPFAwwUXSM0u4BjoaR8EoGAWjgGQAAILFeyQADAAA
 			respPkg := MakeRequest(t, req, http.StatusOK)
 			files, err := listTarGzFiles(respPkg.Body.Bytes())
 			require.NoError(t, err)
-			require.Len(t, files, 1) // other pkg in L225
+			require.Len(t, files, 1)
 
-			req = NewRequestWithBody(t, "DELETE", groupURL+"/test2/1.0.0-1", nil).
+			req = NewRequestWithBody(t, "DELETE", groupURL+"/test2/1.0.0-1/any", nil).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusNoContent)
-			req = NewRequest(t, "GET", groupURL+"/x86_64/base.db")
+
+			req = NewRequest(t, "GET", groupURL+"/x86_64/base.db").
+				AddBasicAuth(user.Name)
+			MakeRequest(t, req, http.StatusNotFound)
+
+			req = NewRequestWithBody(t, "DELETE", groupURL+"/test/1.0.0-1/aarch64", nil).
+				AddBasicAuth(user.Name)
+			MakeRequest(t, req, http.StatusNoContent)
+
+			req = NewRequest(t, "GET", groupURL+"/aarch64/base.db").
+				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusNotFound)
 		})
 
@@ -294,12 +309,33 @@ HMhNSS1IzUsBcpJAPFAwwUXSM0u4BjoaR8EoGAWjgGQAAILFeyQADAAA
 				resp := MakeRequest(t, req, http.StatusOK)
 				require.Equal(t, pkgs[key], resp.Body.Bytes())
 
-				req = NewRequestWithBody(t, "DELETE", groupURL+"/test2/1.0.0-1", nil).
+				req = NewRequestWithBody(t, "DELETE", groupURL+"/test2/1.0.0-1/any", nil).
 					AddBasicAuth(user.Name)
 				MakeRequest(t, req, http.StatusNoContent)
 			})
 		}
 	}
+	t.Run("Concurrent Upload", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		var wg sync.WaitGroup
+
+		targets := []string{"any", "aarch64", "x86_64"}
+		for _, tag := range targets {
+			wg.Add(1)
+			go func(i string) {
+				defer wg.Done()
+				req := NewRequestWithBody(t, "PUT", rootURL, bytes.NewReader(pkgs[i])).
+					AddBasicAuth(user.Name)
+				MakeRequest(t, req, http.StatusCreated)
+			}(tag)
+		}
+		wg.Wait()
+		for _, target := range targets {
+			req := NewRequestWithBody(t, "DELETE", rootURL+"/test/1.0.0-1/"+target, nil).
+				AddBasicAuth(user.Name)
+			MakeRequest(t, req, http.StatusNoContent)
+		}
+	})
 }
 
 func getProperty(data, key string) string {
@@ -318,10 +354,10 @@ func getProperty(data, key string) string {
 
 func listTarGzFiles(data []byte) (fstest.MapFS, error) {
 	reader, err := gzip.NewReader(bytes.NewBuffer(data))
-	defer reader.Close()
 	if err != nil {
 		return nil, err
 	}
+	defer reader.Close()
 	tarRead := tar.NewReader(reader)
 	files := make(fstest.MapFS)
 	for {

From 7d45c1c6c779ac73825507dcea27689a08925ba9 Mon Sep 17 00:00:00 2001
From: Codeberg Translate 
Date: Sat, 28 Sep 2024 09:40:29 +0000
Subject: [PATCH 015/166] i18n: update of translations from Codeberg Translate
 (#5355)

Co-authored-by: earl-warren 
Co-authored-by: Vaclovas Intas 
Co-authored-by: Zughy 
Co-authored-by: aleksi 
Co-authored-by: Application-Maker 
Co-authored-by: Salif Mehmed 
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro 
Co-authored-by: Panagiotis \"Ivory\" Vasilopoulos 
Co-authored-by: claudep 
Co-authored-by: vri 
Co-authored-by: nicokaiser 
Co-authored-by: Outbreak2096 
Co-authored-by: robines 
Co-authored-by: nazrin 
Co-authored-by: Kaede Fujisaki 

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5355
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate 
Co-committed-by: Codeberg Translate 
(cherry picked from commit e40554f89baa79d12a1ff89b434041b297afff02)
---
 options/locale/locale_bg.ini    |  25 +++-
 options/locale/locale_cs-CZ.ini |  38 +++--
 options/locale/locale_de-DE.ini |  32 ++++-
 options/locale/locale_el-GR.ini | 242 ++++++++++++++++----------------
 options/locale/locale_fi-FI.ini |   5 +
 options/locale/locale_fr-FR.ini |  58 +++++---
 options/locale/locale_is-IS.ini |   8 +-
 options/locale/locale_it-IT.ini |  23 +++
 options/locale/locale_ja-JP.ini |   7 +
 options/locale/locale_lt.ini    |  77 +++++++++-
 options/locale/locale_nb_NO.ini | 113 ++++++++++++++-
 options/locale/locale_ru-RU.ini |  16 ++-
 options/locale/locale_zh-CN.ini |  34 ++++-
 13 files changed, 505 insertions(+), 173 deletions(-)

diff --git a/options/locale/locale_bg.ini b/options/locale/locale_bg.ini
index 01fb84c3c6..2207129cfa 100644
--- a/options/locale/locale_bg.ini
+++ b/options/locale/locale_bg.ini
@@ -168,6 +168,7 @@ versions.view_all = Вижте вŃички
 dependencies = ЗавиŃимоŃти
 published_by_in = ĐźŃбликŃван %[1]s от %[3]s в %[5]s
 published_by = ĐźŃбликŃван %[1]s от %[3]s
+generic.download = Đзтеглете пакета от командния ред:
 
 [tool]
 hours = %d чаŃĐ°
@@ -1020,7 +1021,7 @@ pulls.title_desc_one = иŃка Đ´Đ° Ńлее %[1]d подаване от 
 pulls.showing_specified_commit_range = Показани ŃĐ° ŃĐ°ĐĽĐľ промените ĐĽĐµĐ¶Đ´Ń %[1]s..%[2]s
 pulls.merged_title_desc_one = Ńля %[1]d подаване от %[2]s в %[3]s %[4]s
 pulls.no_merge_access = Не Ńте Ńпълномощени Đ·Đ° Ńливане на тази заявка Đ·Đ° Ńливане.
-activity.navbar.code_frequency = ЧеŃтота на кода
+activity.navbar.code_frequency = ЧеŃтота на промените
 activity.git_stats_pushed_1 = е изтлаŃкал
 activity.git_stats_push_to_branch = към %s и
 contributors.contribution_type.commits = Подавания
@@ -1183,6 +1184,15 @@ diff.hide_file_tree = Скриване на файловото дърво
 tag.ahead.target = в %s Ńлед този маркер
 diff.file_image_width = Широчина
 activity.unresolved_conv_label = Отворено
+invisible_runes_line = `Този ред Ńъдържа невидими Уникод знаци`
+code.desc = ДоŃŃ‚ŃŠĐż Đ´Đľ програмния код, файловете, подаванията и клоновете.
+settings.branches.update_default_branch = Обновяване на Ńтандартния клон
+settings.default_branch_desc = Đзберете Ńтандартен клон Đ·Đ° хранилището, Đ·Đ° заявки Đ·Đ° Ńливане и подавания на код:
+settings.transfer.button = Прехвърляне на притежанието
+settings.transfer.modal.title = Прехвърляне на притежанието
+ambiguous_runes_line = `Този ред Ńъдържа двŃŃмиŃлени Уникод знаци`
+ambiguous_character = `%[1]c [U+%04[1]X] може Đ´Đ° бъде объркан Ń %[2]c [U+%04[2]X]`
+invisible_runes_header = `Този файл Ńъдържа невидими Уникод знаци`
 
 [modal]
 confirm = Потвърждаване
@@ -1279,6 +1289,7 @@ members.member = УчаŃтник
 members.private_helper = Да е видим
 teams.no_desc = Този екип няма опиŃание
 settings.delete_org_desc = Тази организация ще бъде изтрита перманентно. Продължаване?
+open_dashboard = Отваряне на таблото
 
 [install]
 admin_password = Парола
@@ -1378,6 +1389,7 @@ followers.title.few = ПоŃледователи
 followers.title.one = ПоŃледовател
 following.title.one = Следван
 following.title.few = Следвани
+public_activity.visibility_hint.self_public = Đ’Đ°ŃĐ°Ń‚Đ° дейноŃŃ‚ е видима Đ·Đ° вŃички, Ń Đ¸Đ·ĐşĐ»ŃŽŃ‡ĐµĐ˝Đ¸Đµ на взаимодейŃтвията в чаŃтни проŃтранŃтва. КонфигŃриране.
 
 [home]
 filter = ДрŃги филтри
@@ -1544,6 +1556,8 @@ push_tag = изтлаŃка маркер %[3]s към %[3]s#%[2]s`
 reject_pull_request = `предложи промени за %[3]s#%[2]s`
 compare_branch = Сравняване
+compare_commits_general = Сравняване на подавания
+compare_commits = Сравнете %d подавания
 
 [auth]
 tab_openid = OpenID
@@ -1572,6 +1586,12 @@ tab_signin = Влизане
 tab_signup = РегиŃтриране
 password_pwned = Паролата, която Ńте избрали, е в ŃпиŃŃŠĐş Ń ĐľŃ‚ĐşŃ€Đ°Đ´Đ˝Đ°Ń‚Đ¸ пароли, разкрити преди това при ĐżŃблични пробиви на данни. Моля, опитайте отново Ń Ń€Đ°Đ·Đ»Đ¸Ń‡Đ˝Đ° парола.
 confirmation_mail_sent_prompt = Ново ел. пиŃĐĽĐľ Đ·Đ° потвърждение е изпратено Đ´Đľ %s. Đ—Đ° Đ´Đ° завърŃите процеŃĐ° на региŃтрация, моля, проверете входящата Ńи ĐşŃтия и поŃледвайте предоŃтавената връзка в рамките на Ńледващите %s. Đко адреŃŃŠŃ‚ Đ·Đ° ел. поща е неправилен, можете Đ´Đ° влезете и Đ´Đ° поиŃкате Đ´Ń€Ńго ел. пиŃĐĽĐľ Đ·Đ° потвърждение Đ´Đ° бъде изпратено на различен адреŃ.
+hint_login = Вече имате акаŃнт? Влезте!
+hint_register = ĐťŃждаете Ńе от акаŃнт? РегиŃтрирайте Ńе.
+sign_up_button = РегиŃтрирайте Ńе.
+back_to_sign_in = Назад към Вход
+sign_in_openid = Продължаване Ń OpenID
+send_reset_mail = Đзпращане на ел. пиŃĐĽĐľ Đ·Đ° възŃтановяване
 
 [aria]
 footer.software = ОтноŃно този ŃофтŃер
@@ -1582,7 +1602,7 @@ footer = Долен колонтитŃĐ»
 install = ЛеŃен Đ·Đ° инŃталиране
 lightweight = Лек
 license = Отворен код
-install_desc = ПроŃŃ‚Đľ Ńтартирайте двоичния файл Đ·Đ° ваŃĐ°Ń‚Đ° платформа, използвайте Docker, или го полŃчете пакетирано.
+install_desc = ПроŃŃ‚Đľ Ńтартирайте двоичния файл Đ·Đ° ваŃĐ°Ń‚Đ° платформа, използвайте Docker, или го полŃчете пакетиран.
 app_desc = Безпроблемна Git ŃŃĐ»Ńга ŃŃŠŃ ŃĐ°ĐĽĐľŃтоятелен Ń…ĐľŃтинг
 platform = МеждŃплатформен
 lightweight_desc = Forgejo има ниŃки минимални изиŃквания и може Đ´Đ° работи на икономичен Raspberry Pi. СпеŃтете енергията на ваŃĐ°Ń‚Đ° ĐĽĐ°Ńина!
@@ -1670,6 +1690,7 @@ contributors.what = приноŃи
 recent_commits.what = ŃкороŃни подавания
 component_loading = Зареждане на %s...
 component_loading_info = Това може Đ´Đ° отнеме извеŃтно време…
+code_frequency.what = чеŃтота на промените
 
 [projects]
 type-1.display_name = ĐндивидŃален проект
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 9ca8c6b387..4fa19b80f2 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -842,8 +842,8 @@ add_key=Přidat klíč
 ssh_desc=Tyto veřejné klíče SSH jsou propojeny s vaším účtem. Odpovídající soukromé klíče umožní plný přístup k vašim repozitářům. Klíče SSH, které byly ověřeny, mohou být použity pro ověření Git commitů podepsaných přes SSH.
 principal_desc=Tyto SSH Principal certifikáty jsou pĹ™idruĹľeny k vašemu účtu a umoĹľĹujĂ­ plnĂ˝ přístup do vašich repozitářů.
 gpg_desc=Tyto veĹ™ejnĂ© klĂ­ÄŤe GPG jsou propojeny s vaším účtem a používajĂ­ se k ověřenĂ­ vašich commitĹŻ. UloĹľte je na bezpeÄŤnĂ© mĂ­sto, jelikoĹľ umoĹľĹujĂ­ podepsat commity vaší identitou.
-ssh_helper=Potřebujete pomoct? Podívejte se do příručky GitHubu na to vytvoření vlastních klíčů SSH nebo vyřešte běžné problémy, se kterými se můžete potkat při použití SSH.
-gpg_helper=Potřebujete pomoct? Podívejte se do příručky GitHubu o GPG.
+ssh_helper=Potřebujete pomoct? Podívejte se do příručky, jak vytvořit vlastní klíče SSH nebo vyřešte běžné problémy, se kterými se můžete potkat při použití SSH.
+gpg_helper=Potřebujete pomoct? Podívejte se do příručky o GPG.
 add_new_key=Přidat klíč SSH
 add_new_gpg_key=Přidat klíč GPG
 key_content_ssh_placeholder=Začíná s „ssh-ed25519“, „ssh-rsa“, „ecdsa-sha2-nistp256“, „ecdsa-sha2-nistp384“, „ecdsa-sha2-nistp521“, „sk-ecdsa-sha2-nistp256@openssh.com“ nebo „sk-ssh-ed25519@openssh.com“
@@ -1427,7 +1427,7 @@ commitstatus.failure=Chyba
 commitstatus.pending=ÄŚekajĂ­cĂ­
 commitstatus.success=Úspěch
 
-ext_issues=Přístup k externím problémům
+ext_issues=Externí problémy
 ext_issues.desc=Odkaz na externí systém problémů.
 
 projects=Projekty
@@ -1608,9 +1608,9 @@ issues.no_content=K dispozici není žádný popis.
 issues.close=Zavřít problém
 issues.comment_pull_merged_at=slouÄŤenĂ˝ commit %[1]s do %[2]s %[3]s
 issues.comment_manually_pull_merged_at=ruÄŤnÄ› slouÄŤenĂ˝ commit %[1]s do %[2]s %[3]s
-issues.close_comment_issue=Okomentovat a zavřít
+issues.close_comment_issue=Zavřít s komentářem
 issues.reopen_issue=Znovu otevřít
-issues.reopen_comment_issue=Okomentovat a znovu otevřít
+issues.reopen_comment_issue=Znovu otevřít s komentářem
 issues.create_comment=Okomentovat
 issues.closed_at=`uzavřel/a tento problém %[2]s`
 issues.reopened_at=`znovu otevřel/a tento problém %[2]s`
@@ -1995,7 +1995,7 @@ signing.wont_sign.commitssigned=Sloučení nebude podepsáno, protože všechny
 signing.wont_sign.approved=Sloučení nebude podepsáno, protože požadavek na natažení není schválen.
 signing.wont_sign.not_signed_in=Nejste přihlášeni.
 
-ext_wiki=Přístup k externí Wiki
+ext_wiki=ExternĂ­ wiki
 ext_wiki.desc=Odkaz do externĂ­ Wiki.
 
 wiki=Wiki
@@ -2436,7 +2436,7 @@ settings.protect_branch_name_pattern=Vzor jména chráněné větve
 settings.protect_branch_name_pattern_desc=Vzory názvů chráněných větví. Pro vzorovou syntaxi viz dokumentace. Příklady: main, release/**
 settings.protect_patterns=Vzory
 settings.protect_protected_file_patterns=Vzory chráněných souborů (oddělené středníkem „;“)
-settings.protect_protected_file_patterns_desc=Chráněné soubory, které nemají povoleno být měněny přímo, i když uživatel má právo přidávat, upravovat nebo mazat soubory v této větvi. Více vzorů lze oddělit pomocí středníku („;“). Podívejte se na github.com/gobwas/glob dokumentaci pro syntaxi vzoru. Příklady: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc=Chráněné soubory, které nemají povoleno být měněny přímo, i když uživatel má právo přidávat, upravovat nebo mazat soubory v této větvi. Více vzorů lze oddělit pomocí středníku („;“). Podívejte se na dokumentaci %[2]s pro syntaxi vzoru. Příklady: .drone.yml, /docs/**/*.txt.
 settings.protect_unprotected_file_patterns=Vzory nechráněných souborů (oddělené středníkem „;“)
 settings.protect_unprotected_file_patterns_desc=Nechráněné soubory, které je možné měnit přímo, pokud má uživatel právo zápisu, čímž se obejde omezení push. Více vzorů lze oddělit pomocí středníku („;“). Podívejte se na %[2]s dokumentaci pro syntaxi vzoru. Příklady: .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=Zapnout ochranu
@@ -3822,7 +3822,7 @@ management=Správa tajných klíčů
 [actions]
 actions=Akce
 
-unit.desc=Spravovat integrované pipeliny CI/CD pomocí funkce Forgejo Actions
+unit.desc=Spravovat integrované pipeliny CI/CD pomocí funkce Forgejo Actions.
 
 status.unknown=Neznámý
 status.waiting=Čekání
@@ -3987,4 +3987,24 @@ eib = EiB
 
 
 [translation_meta]
-test = diky vsem za pomoc :)
\ No newline at end of file
+test = diky vsem za pomoc :)
+
+[repo.permissions]
+pulls.write = Zapisovat: Zavírat žádosti o sloučení a spravovat metadata jako štítky, milníky, zpracovatele, data dokončení a závislosti.
+packages.write = Zapisovat: ZveĹ™ejĹovat a mazat balĂ­ÄŤky pĹ™ipojenĂ© k repozitáři.
+projects.read = Číst: Přístup k projektovým nástěnkám repozitáře.
+code.write = Zapisovat: Odesílat změny do repozitáře, vytvářet větve a značky.
+issues.write = Zapisovat: Zavírat problémy a spravovat metadata jako štítky, milníky, zpracovatele, data dokončení a závislosti.
+pulls.read = Číst: Číst a vytvářet žádosti o sloučení.
+releases.read = Číst: Zobrazovat a stahovat vydání.
+releases.write = Zapisovat: ZveĹ™ejĹovat, upravovat a mazat vydánĂ­ a jejich soubory.
+wiki.read = ÄŚĂ­st: ÄŚĂ­st integrovanou wiki a jejĂ­ historii.
+wiki.write = Zapisovat: Vytvářet, aktualizovat a mazat stránky v integrované wiki.
+projects.write = Zapisovat: Vytvářet projekty a sloupce a upravovat je.
+packages.read = Číst: Zobrazovat a stahovat balíčky připojené k repozitáři.
+actions.read = Číst: Zobrazovat integrované pipeliny CI/CD a jejich protokoly.
+actions.write = Zapisovat: Ručně spouštět, restartovat, rušit nebo schvalovat čekající pipeliny CI/CD.
+ext_wiki = Přístup k odkazu v externí wiki. Oprávnění jsou spravována externě.
+code.read = Číst: Přístup a klonování kódu v repozitáři.
+issues.read = Číst: Číst a vytvářet problémy a komentáře.
+ext_issues = Přístup k odkazu v externím sledovacím systému problémů. Oprávnění jsou spravována externě.
\ No newline at end of file
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 39b3596aa7..b112ec82c3 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -1420,7 +1420,7 @@ commitstatus.failure=Fehler
 commitstatus.pending=Ausstehend
 commitstatus.success=Erfolg
 
-ext_issues=Zugriff auf Externe Issues
+ext_issues=Externe Issues
 ext_issues.desc=Link zu externem Issuetracker.
 
 projects=Projekte
@@ -1601,9 +1601,9 @@ issues.no_content=Keine Beschreibung angegeben.
 issues.close=Issue schlieĂźen
 issues.comment_pull_merged_at=hat Commit %[1]s in %[2]s %[3]s zusammengefĂĽhrt
 issues.comment_manually_pull_merged_at=hat Commit %[1]s in %[2]s %[3]s manuell zusammengefĂĽhrt
-issues.close_comment_issue=Kommentieren und schlieĂźen
+issues.close_comment_issue=Mit Kommentar schlieĂźen
 issues.reopen_issue=Wieder öffnen
-issues.reopen_comment_issue=Kommentieren und wieder öffnen
+issues.reopen_comment_issue=Mit Kommentar wieder öffnen
 issues.create_comment=Kommentieren
 issues.closed_at=`hat diesen Issue %[2]s geschlossen`
 issues.reopened_at=`hat dieses Issue %[2]s wieder geöffnet`
@@ -1984,7 +1984,7 @@ signing.wont_sign.commitssigned=Der Merge-Commit wird nicht signiert werden, da
 signing.wont_sign.approved=Der Merge-Commit wird nicht signiert werden, da der Pull-Request nicht genehmigt wurde.
 signing.wont_sign.not_signed_in=Du bist nicht eingeloggt.
 
-ext_wiki=Zugriff auf externes Wiki
+ext_wiki=Externes Wiki
 ext_wiki.desc=Verweis auf externes Wiki.
 
 wiki=Wiki
@@ -3792,7 +3792,7 @@ management=Secrets verwalten
 [actions]
 actions=Actions
 
-unit.desc=Integrierte CI/CD-Pipelines mit Forgejo-Actions verwalten
+unit.desc=Integrierte CI/CD-Pipelines mit Forgejo-Actions verwalten.
 
 status.unknown=Unbekannt
 status.waiting=Wartend
@@ -3964,4 +3964,24 @@ eib = EiB
 
 
 [translation_meta]
-test = ok
\ No newline at end of file
+test = ok
+
+[repo.permissions]
+code.write = Schreiben: In das Repository pushen, Branches und Tags erstellen.
+code.read = Lesen: Zugriff auf das Repository und Klonen.
+issues.read = Lesen: Issues und Kommentare lesen und erstellen.
+issues.write = Schreiben: Issues schließen und Metadaten wie Labels, Meilensteine, Zuweisungen, Fälligkeitsdaten und Abhängigkeiten verwalten.
+pulls.read = Lesen: Pull-Requests lesen und erstellen.
+releases.read = Lesen: Releases ansehen und herunterladen.
+releases.write = Schreiben: Releases und ihre Assets veröffentlichen, bearbeiten und löschen.
+wiki.read = Read: Das integrierte Wiki und seine Historie lesen.
+wiki.write = Schreiben: Seiten im integrierten Wiki erstellen, aktualisieren und löschen.
+projects.read = Lesen: Zugriff auf Projektboards des Repositories.
+projects.write = Schreiben: Projekte und Spalten erstellen und bearbeiten.
+packages.read = Lesen: Pakete dieses Repositories betrachten und herunterladen.
+packages.write = Schreiben: Pakete dieses Repositories veröffentlichen und löschen.
+actions.read = Lesen: Integrierte CI/CD-Pipelines und ihre Logs betrachten.
+actions.write = Schreiben: Ausstehende CI/CD-Pipelines manuell auslösen, neustarten, abbrechen oder genehmigen.
+ext_issues = Zugriff auf den Link zu einem externen Issue-Tracker. Die Berechtigungen werden extern verwaltet.
+ext_wiki = Zugriff auf den Link zu einem externen Wiki. Die Berechtigungen werden extern verwaltet.
+pulls.write = Schreiben: Pull-Requests schließen und Metadaten wie Labels, Meilensteine, Zuweisungen, Fälligkeitsdaten und Abhängigkeiten verwalten.
\ No newline at end of file
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 55478dacf2..2df8dce95d 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -51,7 +51,7 @@ webauthn_error_empty=ΠĎέπει να ÎżĎÎŻĎετε ένα όνομα για 
 webauthn_error_timeout=Το χĎονικό ĎŚĎιο έφταĎε Ď€Ďιν Ď„Îż κλειδί να διαβαĎτεί. ΠαĎακαλώ ανανεώĎτε τη Ďελίδα και Ď€ĎÎżĎπαθήĎτε ξανά.
 webauthn_reload=ΑνανέωĎη
 
-repository=ΑποθετήĎιο
+repository=Repository
 organization=ÎźĎγανιĎÎĽĎŚĎ‚
 mirror=ΑντίγĎαφο
 new_repo=Νέο αποθετήĎιο
@@ -129,7 +129,7 @@ archived=ΑĎχειοθετήθηκε
 
 concept_system_global=Γενικό
 concept_user_individual=Ατομικό
-concept_code_repository=ΑποθετήĎιο
+concept_code_repository=Repository
 concept_user_organization=ÎźĎγανιĎÎĽĎŚĎ‚
 
 show_timestamps=ΕμφάνιĎη χĎονοĎημάνĎεων
@@ -160,11 +160,11 @@ invalid_data = Τα δεδομένα δεν είναι έγκυĎα: %v
 test = ΤεĎĎ„
 copy_generic = ΑντιγĎαφή ĎĎ„Îż Ď€ĎόχειĎÎż
 error413 = Îχετε εξαντλήĎει τους διαθέĎιμους πόĎους Ďας.
-new_repo.link = Νέο αποθετήĎιο
+new_repo.link = Νέο repository
 new_migrate.link = Νέα μεταφοĎά
 new_org.link = Νέος ÎżĎγανιĎÎĽĎŚĎ‚
 new_migrate.title = Νέα μεταφοĎά
-new_repo.title = Νέο αποθετήĎιο
+new_repo.title = Νέο repository
 new_org.title = Νέος ÎżĎγανιĎÎĽĎŚĎ‚
 
 [aria]
@@ -504,8 +504,8 @@ reset_password.text=ΕφόĎον Ď„Îż αίτημα δημιουĎγήθηκε α
 
 register_success=Η εγγĎαφή ολοκληĎώθηκε επιτυχώς
 
-issue_assigned.pull=Îź/Η @%[1]s Ďας έχει αναθέĎει ĎĎ„Îż pull request %[2]s ĎĎ„Îż αποθετήĎιο %[3]s.
-issue_assigned.issue=Îź/Η @%[1]s Ďας ανέθεĎε Ď„Îż ζήτημα %[2]s ĎĎ„Îż αποθετήĎιο %[3]s.
+issue_assigned.pull=Îź/Η @%[1]s Ďας έχει αναθέĎει ĎĎ„Îż pull request %[2]s ĎĎ„Îż repository %[3]s.
+issue_assigned.issue=Îź/Η @%[1]s Ďας ανέθεĎε Ď„Îż ζήτημα %[2]s ĎĎ„Îż repository %[3]s.
 
 issue.x_mentioned_you=Îź/Η @%s Ďας ανέφεĎε:
 issue.action.force_push=Îź/Η %[1]s έκανε force-push Ď„Îż %[2]s από %[3]s Ďε %[4]s.
@@ -530,13 +530,13 @@ release.downloads=ΛήĎεις:
 release.download.zip=Πηγαίος Κώδικας (ZIP)
 release.download.targz=Πηγαίος Κώδικας (TAR.GZ)
 
-repo.transfer.subject_to=Îź/Η %s θα ήθελε να μεταφέĎει Ď„Îż αποθετήĎιο «%s» Ďε %s
-repo.transfer.subject_to_you=Îź/Η %s θα ήθελε να Ďας μεταφέĎει Ď„Îż αποθετήĎιο «%s»
+repo.transfer.subject_to=Îź/Η %s θα ήθελε να μεταφέĎει Ď„Îż repository «%s» ĎĎ„Îż %s
+repo.transfer.subject_to_you=Îź/Η %s θα ήθελε να Ďας μεταφέĎει Ď„Îż repository «%s»
 repo.transfer.to_you=εĎάς
 repo.transfer.body=Για να αποδεχτείτε ή να αποĎĎÎŻĎετε Ď„Îż αίτημα αυτό, επιĎκεφθείτε Ď„Îż %s ή απλά αγνοήĎτε Ď„Îż.
 
 repo.collaborator.added.subject=Îź/Η %s Ďας Ď€ĎĎŚĎθεĎε ĎĎ„Îż %s ως ĎυνεĎγάτη
-repo.collaborator.added.text=ΕίĎτε πλέον ĎυνεĎγάτης ĎĎ„Îż αποθετήĎιο:
+repo.collaborator.added.text=ΕίĎτε πλέον ĎυνεĎγάτης ĎĎ„Îż repository:
 
 team_invite.subject=Îź/Η %[1]s Ďας Ď€ĎÎżĎκάλεĎε να Ďυμμετέχετε Ďτον ÎżĎγανιĎÎĽĎŚ %[2]s
 team_invite.text_1=Îź/Η %[1]s Ďας Ď€ĎÎżĎκάλεĎε να Ďυμμετέχετε Ďτην ομάδα %[2]s του ÎżĎγανιĎμού %[3]s.
@@ -615,10 +615,10 @@ username_change_not_local_user=Δεν επιτĎέπεται Ďτους μη Ď„
 username_has_not_been_changed=Το όνομα χĎήĎτη δεν άλλαξε
 repo_name_been_taken=Το όνομα του αποθετηĎίου χĎηĎιμοποιείται ήδη.
 repository_force_private=Η επιλογή Μόνο Ιδιωτικά είναι ενεĎγοποιημένη: τα ιδιωτικά αποθετήĎια δεν μποĎούν να δημοĎιευθούν.
-repository_files_already_exist=ΑĎχεία υπάĎχουν ήδη για αυτό Ď„Îż αποθετήĎιο. ΕπικοινωνήĎτε με Ď„Îż διαχειĎÎąĎτή του ĎĎ…Ďτήματος.
-repository_files_already_exist.adopt=ΑĎχεία υπάĎχουν ήδη για αυτό Ď„Îż αποθετήĎιο και μποĎούν να Υιοθετηθούν μόνο.
-repository_files_already_exist.delete=Τα αĎχεία υπάĎχουν ήδη για αυτόν Ď„Îż αποθετήĎιο. ΠĎέπει να τα διαγĎάĎετε.
-repository_files_already_exist.adopt_or_delete=Τα αĎχεία υπάĎχουν ήδη για αυτόν Ď„Îż αποθετήĎιο. Είτε υιοθετήĎτε τα είτε διαγĎάĎτε τα.
+repository_files_already_exist=ΑĎχεία υπάĎχουν ήδη για αυτό Ď„Îż repository. ΕπικοινωνήĎτε με Ď„Îż διαχειĎÎąĎτή του ĎĎ…Ďτήματος.
+repository_files_already_exist.adopt=ΑĎχεία υπάĎχουν ήδη για αυτό Ď„Îż repository και μποĎούν μόνο να υιοθετηθούν.
+repository_files_already_exist.delete=Τα αĎχεία υπάĎχουν ήδη για αυτόν Ď„Îż repository. ΠĎέπει να τα διαγĎάĎετε.
+repository_files_already_exist.adopt_or_delete=ΥπάĎχουν ήδη τα αĎχεία για αυτό Ď„Îż repository. ΠĎέπει να τα υιοθετήĎετε ή να τα διαγĎάĎετε.
 visit_rate_limit=Συναντήθηκε Ď„Îż ĎŚĎιο Ďυθμού κατά την απομακĎĎ…Ďμένη Ď€ĎĎŚĎβαĎη.
 2fa_auth_required=Απαιτήθηκε ταυτοποίηĎη δύο παĎαγόντων κατά την απομακĎĎ…Ďμένη Ď€ĎĎŚĎβαĎη.
 org_name_been_taken=Το όνομα του ÎżĎγανιĎμού χĎηĎιμοποιείται ήδη.
@@ -925,7 +925,7 @@ access_token_deletion_cancel_action=ΆκυĎÎż
 access_token_deletion_confirm_action=ΔιαγĎαφή
 access_token_deletion_desc=Η διαγĎαφή ενός διακĎιτικού θα ανακαλέĎει ÎżĎÎąĎτικά την Ď€ĎĎŚĎβαĎη ĎĎ„Îż λογαĎιαĎÎĽĎŚ Ďας για εφαĎμογές που Ď„Îż χĎηĎιμοποιούν. Συνέχεια;
 delete_token_success=Το διακĎιτικό έχει διαγĎαφεί. Οι εφαĎμογές που Ď„Îż χĎηĎιμοποιούν δεν έχουν πλέον Ď€ĎĎŚĎβαĎη ĎĎ„Îż λογαĎιαĎÎĽĎŚ Ďας.
-repo_and_org_access=ΠĎĎŚĎβαĎη ĎĎ„Îż ΑποθετήĎιο και ÎźĎγανιĎÎĽĎŚ
+repo_and_org_access=ΠĎĎŚĎβαĎη ĎĎ„Îż repository και ÎżĎγανιĎÎĽĎŚ
 permissions_public_only=ΔημόĎια μόνο
 permissions_access_all=Όλα (δημόĎια, ιδιωτικά, και πεĎιοĎÎąĎμένα)
 select_permissions=Επιλογή δικαιωμάτων
@@ -1005,7 +1005,7 @@ remove_account_link_success=Îź Ďυνδεδεμένος λογαĎιαĎÎĽĎŚĎ‚ 
 hooks.desc=ΠĎÎżĎθήκη webhooks που θα ενεĎγοποιούνται για όλα τα αποθετήĎια που Ďας ανήκουν.
 
 orgs_none=Δεν είĎτε μέλος Ďε κάποιο ÎżĎγανιĎÎĽĎŚ.
-repos_none=Δεν Ďας ανήκει κανένα κάποιο αποθετήĎιο.
+repos_none=Δεν υπάĎχει κάποιο repository που Ďας ανήκει.
 
 delete_account=ΔιαγĎαφή του λογαĎιαĎμού Ďας
 delete_prompt=Αυτή η ενέĎγεια θα διαγĎάĎει μόνιμα Ď„Îż λογαĎιαĎÎĽĎŚ Ďας. ΔΕΝ ÎΑ ΜΠΟΡΕΙ να επανέλθει.
@@ -1047,7 +1047,7 @@ language.localization_project = ΒοηθήĎτε μας να μεταφĎάĎÎż
 language.description = Από εδώ και ĎĎ„Îż εξής, αυτή η γλώĎĎα θα χĎηĎιμοποιείται από Ď€Ďοεπιλογή για τον λογαĎιαĎÎĽĎŚ Ďας.
 
 [repo]
-new_repo_helper=Îνα αποθετήĎιο πεĎιέχει όλα τα αĎχεία έĎγου, ĎυμπεĎιλαμβανομένου του ÎąĎĎ„ÎżĎικού εκδόĎεων. Ήδη φιλοξενείται αλλού; ΜετεγκατάĎταĎη αποθετηĎίου.
+new_repo_helper=Îνα repository πεĎιέχει όλα τα αĎχεία έĎγου, ĎυμπεĎιλαμβανομένου του ÎąĎĎ„ÎżĎικού εκδόĎεων. Îχετε ήδη ένα που φιλοξενείται κάπου αλλού; ΜεταφοĎά αποθετηĎίου.
 owner=Ιδιοκτήτης
 owner_helper=ÎźĎÎąĎμένοι ÎżĎγανιĎμοί ενδέχεται να μην εμφανίζονται ĎĎ„Îż αναπτυĎĎόμενο μενού λόγω του μέγιĎτου αĎιθμού αποθετηĎίων.
 repo_name=Όνομα αποθετηĎίου
@@ -1055,7 +1055,7 @@ repo_name_helper=Τα καλά ονόματα αποθετηĎίων χĎηĎÎą
 repo_size=Μέγεθος ΑποθετηĎίου
 template=ΠĎότυπο
 template_select=Επιλέξτε ένα Ď€Ďότυπο
-template_helper=ΜετατĎοπή Ďε Ď€Ďότυπο αποθετήĎιο
+template_helper=ΜετατĎοπή Ďε Ď€Ďότυπο repository
 template_description=Τα Ď€Ďότυπα αποθετήĎια επιτĎέπουν Ďτους χĎήĎτες να δημιουĎγήĎουν νέα αποθετήĎια με την ίδια δομή, αĎχεία και Ď€ĎοαιĎετικές ĎυθμίĎεις.
 visibility=ÎźĎατότητα
 visibility_description=Μόνο Îż ιδιοκτήτης ή τα μέλη του ÎżĎγανιĎμού εάν έχουν δικαιώματα, θα είναι Ďε θέĎη να Ď„Îż δουν.
@@ -1070,7 +1070,7 @@ fork_to_different_account=Fork Ďε διαφοĎετικό λογαĎιαĎÎĽĎŚ
 fork_visibility_helper=Η ÎżĎατότητα ενός fork αποθετηĎίου δεν μποĎεί να αλλάξει.
 fork_branch=Κλάδος που θα κλωνοποιηθεί ĎĎ„Îż fork
 all_branches=Όλοι οι κλάδοι
-fork_no_valid_owners=Αυτό Ď„Îż αποθετήĎιο δεν μποĎεί να γίνει fork επειδή δεν υπάĎχουν έγκυĎοι ιδιοκτήτες.
+fork_no_valid_owners=Αυτό Ď„Îż repository δεν μποĎεί να γίνει fork, επειδή δεν υπάĎχουν έγκυĎοι ιδιοκτήτες.
 use_template=ΧĎήĎη αυτού του Ď€Ďότυπου
 clone_in_vsc=ΚλωνοποίηĎη ĎĎ„Îż VS Code
 download_zip=ΛήĎη ZIP
@@ -1120,7 +1120,7 @@ mirror_password_blank_placeholder=(Μη ÎżĎÎąĎμένο)
 mirror_password_help=Αλλάξτε Ď„Îż όνομα χĎήĎτη για να διαγĎάĎετε έναν αποθηκευμένο κωδικό Ď€ĎĎŚĎβαĎης.
 watchers=ΠαĎατηĎητές
 stargazers=ÎαυμαĎτές
-stars_remove_warning=Αυτό θα αφαιĎέĎει όλα τα αĎτέĎια από αυτό Ď„Îż αποθετήĎιο.
+stars_remove_warning=Αυτό θα αφαιĎέĎει όλα τα αĎτέĎια από αυτό Ď„Îż repository.
 forks=Forks
 reactions_more=και %d πεĎÎąĎĎότεĎα
 unit_disabled=Îź διαχειĎÎąĎτής του ÎąĎτότοπου έχει απενεĎγοποιήĎει αυτήν την ενότητα αποθετηĎίου.
@@ -1129,7 +1129,7 @@ adopt_search=ΕιĎάγετε όνομα χĎήĎτη για αναζήτηĎη
 adopt_preexisting_label=ΥιοθέτηĎη αĎχείων
 adopt_preexisting=ΥιοθετήĎτε τα Ď€ĎοϋπάĎχοντα αĎχεία
 adopt_preexisting_content=ΔημιουĎγία αποθετηĎίου από %s
-adopt_preexisting_success=Υιοθετήθηκαν αĎχεία και δημιουĎγήθηκε Ď„Îż αποθετήĎιο από %s
+adopt_preexisting_success=Υιοθετήθηκαν αĎχεία και δημιουĎγήθηκε Ď„Îż repository από %s
 delete_preexisting_label=ΔιαγĎαφή
 delete_preexisting=ΔιαγĎαφή αĎχείων που Ď€ĎοϋπήĎχαν
 delete_preexisting_content=ΔιαγĎαφή αĎχείων ĎĎ„Îż %s
@@ -1159,17 +1159,17 @@ desc.archived=ΑĎχειοθετημένο
 template.items=Αντικείμενα Ď€Ďοτύπου
 template.git_content=ΠεĎιεχόμενο Git (ΠĎοεπιλεγμένος κλάδος)
 template.git_hooks=Git hooks
-template.git_hooks_tooltip=Δεν θα μποĎέĎετε να αφαιĎέĎετε ή να Ď„ĎοποποιήĎετε τα Git hook αφού τα έχετε Ď€ĎÎżĎθέĎει. Επιλέξτε την ĎύθμιĎη αυτή μόνο αν εμπιĎτεύεĎτε Ď„Îż Ď€Ďότυπο αποθετήĎιο.
+template.git_hooks_tooltip=Δεν θα μποĎέĎετε να αφαιĎέĎετε ή να Ď„ĎοποποιήĎετε τα Git hook αφού τα έχετε Ď€ĎÎżĎθέĎει. Επιλέξτε την ĎύθμιĎη αυτή μόνο αν εμπιĎτεύεĎτε Ď„Îż Ď€Ďότυπο repository.
 template.webhooks=Webhooks
 template.topics=Îέματα
 template.avatar=Εικόνα
 template.issue_labels=Ταμπέλες ζητημάτων
 template.one_item=ΠĎέπει να επιλέξετε τουλάχιĎτον ένα αντικείμενο ĎĎ„Îż Ď€Ďότυπο
-template.invalid=ΠĎέπει να επιλέξετε ένα Ď€Ďότυπο αποθετήĎιο
+template.invalid=ΠĎέπει να επιλέξετε ένα Ď€Ďότυπο repository
 
 archive.title=Αυτό Ď„Îż αποθετήĎειο αĎχειοθετήθηκε. ΜποĎείτε να Ď€Ďοβάλετε αĎχεία και να τα κλωνοποιήĎετε, αλλά δεν μποĎείτε να ωθήĎετε ή να ανοίξετε ζητήματα ή pull requests.
-archive.title_date=Αυτό Ď„Îż αποθετήĎιο έχει αĎχειοθετηθεί ĎĎ„Îż %s. ΜποĎείτε να Ď€Ďοβάλετε αĎχεία και να κλωνοποιήĎετε, αλλά δεν μποĎείτε να ωθήĎετε ή να ανοίξετε ζητήματα ή pull requests.
-archive.issue.nocomment=Αυτό Ď„Îż αποθετήĎιο αĎχειοθετήθηκε. Δεν μποĎείτε να ĎχολιάĎετε Ďε ζητήματα.
+archive.title_date=Αυτό Ď„Îż repository αĎχειοθετήθηκε Ďτις %s. ΜποĎείτε να δείτε τα αĎχεία του και να Ď„Îż κλωνοποιήĎετε, αλλά δεν μποĎείτε να κάνετε push, να ανοίξετε ζητήματα ή pull requests.
+archive.issue.nocomment=Αυτό Ď„Îż repository έχει αĎχειοθετηθεί. Δεν μποĎείτε να ĎχολιάĎετε Ďε ζητήματα.
 archive.pull.nocomment=Αυτό Ď„Îż repo αĎχειοθετήθηκε. Δεν μποĎείτε να ĎχολιάĎετε Ďτα pull requests.
 
 form.reach_limit_of_creation_1=Îχετε ήδη ĎυμπληĎĎŽĎει Ď„Îż ĎŚĎιο του %d αποθετηĎίου.
@@ -1180,7 +1180,7 @@ form.name_pattern_not_allowed=Το μοτίβο «%s» δεν επιτĎέπετ
 need_auth=ΕξουĎιοδότηĎη
 migrate_options=ΡυθμίĎεις μεταφοĎάς
 migrate_service=ΥπηĎεĎία ΜεταφοĎάς
-migrate_options_mirror_helper=Αυτό Ď„Îż αποθετήĎιο θα είναι είδωλο
+migrate_options_mirror_helper=Αυτό το repository θα είναι είδωλο
 migrate_options_lfs=ΜεταφοĎά αĎχείων LFS
 migrate_options_lfs_endpoint.label=ΆκĎÎż LFS
 migrate_options_lfs_endpoint.description=Η μεταφοĎά θα Ď€ĎÎżĎπαθήĎει να χĎηĎιμοποιήĎει Ď„Îż Git remote για να καθοĎÎŻĎει τον διακομιĎτή LFS. ΜποĎείτε επίĎης να καθοĎÎŻĎετε ένα δικό Ďας endpoint αν τα δεδομένα LFS του αποθετηĎίου αποθηκεύονται κάπου αλλού.
@@ -1233,10 +1233,10 @@ migrate.cancel_migrating_confirm=Îέλετε να ακυĎĎŽĎετε αυτή 
 mirror_from=είδωλο του
 forked_from=forked από
 generated_from=παĎαγμένο από
-fork_from_self=Δεν μποĎείτε να κάνετε fork Ďε ένα αποθετήĎιο που κατέχετε.
-fork_guest_user=Συνδεθείτε για να κάνετε fork αυτό Ď„Îż αποθετήĎιο.
-watch_guest_user=Συνδεθείτε για να παĎακολουθήĎετε αυτό Ď„Îż αποθετήĎιο.
-star_guest_user=Συνδεθείτε για να δώĎετε ένα αĎτέĎÎą Ďε αυτό Ď„Îż αποθετήĎιο.
+fork_from_self=Δεν μποĎείτε να κάνετε fork ένα repository που Ďας ανήκει.
+fork_guest_user=Συνδεθείτε για να κάνετε fork αυτό το repository.
+watch_guest_user=Συνδεθείτε για να παĎακολουθήĎετε αυτό Ď„Îż repository.
+star_guest_user=Συνδεθείτε για να δώĎετε ένα αĎτέĎÎą Ďε αυτό Ď„Îż repository.
 unwatch=ΠαύĎη ακολούθηĎης
 watch=ΠαĎακολούθηĎη
 unstar=ΑφαίĎεĎη αĎτεĎιού
@@ -1248,11 +1248,11 @@ more_operations=ΠεĎÎąĎĎότεĎες λειτουĎγίες
 no_desc=ΧωĎÎŻĎ‚ πεĎιγĎαφή
 quick_guide=ΓĎήγοĎος οδηγός
 clone_this_repo=ΚλωνοποίηĎη αυτού του αποθετηĎίου
-cite_this_repo=ΑναφοĎά Ďε αυτό Ď„Îż αποθετήĎιο
+cite_this_repo=ΑναφοĎά Ďε αυτό Ď„Îż repository
 create_new_repo_command=ΔημιουĎγία νέου αποθετηĎίου Ďτη ÎłĎαμμή εντολών
 push_exist_repo=ΠĎοώθηĎη ενός υπάĎχοντος αποθετηĎίου από τη ÎłĎαμμή εντολών
-empty_message=Αυτό Ď„Îż αποθετήĎιο δεν έχει πεĎιεχόμενο.
-broken_message=Τα δεδομένα Git που διέπουν αυτό Ď„Îż αποθετήĎιο δεν μποĎούν να διαβαĎτούν. ΕπικοινωνήĎτε με Ď„Îż διαχειĎÎąĎτή ή διαγĎάĎτε αυτό Ď„Îż αποθετήĎιο.
+empty_message=Αυτό Ď„Îż repository δεν έχει πεĎιεχόμενο.
+broken_message=Τα δεδομένα Git που διέπουν αυτό Ď„Îż αποθετήĎιο δεν μποĎούν να διαβαĎτούν. ΕπικοινωνήĎτε με Ď„Îż διαχειĎÎąĎτή ή διαγĎάĎτε αυτό Ď„Îż repository.
 
 code=Κώδικας
 code.desc=ΠĎĎŚĎβαĎη Ďτον πηγαίο κώδικα, αĎχεία, υποβολές και κλάδους.
@@ -1330,7 +1330,7 @@ editor.cannot_edit_non_text_files=Τα δυαδικά αĎχεία δεν μπο
 editor.edit_this_file=ΕπεξεĎγαĎία αĎχείου
 editor.this_file_locked=Το αĎχείο είναι κλειδωμένο
 editor.must_be_on_a_branch=ΠĎέπει να βĎÎŻĎκεĎτε Ďε έναν κλάδο για να κάνετε ή να Ď€Ďοτείνετε αλλαγές Ďε αυτό Ď„Îż αĎχείο.
-editor.fork_before_edit=ΠĎέπει να κάνετε fork αυτό Ď„Îż αποθετήĎιο για να κάνετε ή να Ď€Ďοτείνετε αλλαγές Ďε αυτό Ď„Îż αĎχείο.
+editor.fork_before_edit=ΠĎέπει να κάνετε fork αυτό Ď„Îż repository για να κάνετε ή να Ď€Ďοτείνετε αλλαγές Ďε αυτό Ď„Îż αĎχείο.
 editor.delete_this_file=ΔιαγĎαφή αĎχείου
 editor.must_have_write_access=ΠĎέπει να έχετε Ď€ĎĎŚĎβαĎη εγγĎαφής για να κάνετε ή να Ď€Ďοτείνετε αλλαγές Ďε αυτό Ď„Îż αĎχείο.
 editor.file_delete_success=Το αĎχείο «%s» έχει διαγĎαφεί.
@@ -1359,15 +1359,15 @@ editor.new_branch_name_desc=Όνομα νέου κλάδου…
 editor.cancel=ΑκύĎωĎη
 editor.filename_cannot_be_empty=Το όνομα αĎχείου δεν μποĎεί να είναι κενό.
 editor.filename_is_invalid=Το όνομα αĎχείου δεν είναι έγκυĎÎż: "%s".
-editor.branch_does_not_exist=Îź κλάδος "%s" δεν υπάĎχει Ďε αυτό Ď„Îż αποθετήĎιο.
-editor.branch_already_exists=Îź κλάδος «%s» υπάĎχει ήδη Ďε αυτό Ď„Îż αποθετήĎιο.
-editor.directory_is_a_file=Το όνομα φακέλου «%s» χĎηĎιμοποιείται ήδη ως όνομα αĎχείου Ďε αυτό Ď„Îż αποθετήĎιο.
+editor.branch_does_not_exist=Îź κλάδος "%s" δεν υπάĎχει Ďε αυτό Ď„Îż repository.
+editor.branch_already_exists=Îź κλάδος «%s» υπάĎχει ήδη Ďε αυτό Ď„Îż repository.
+editor.directory_is_a_file=Το όνομα φακέλου «%s» χĎηĎιμοποιείται ήδη ως όνομα αĎχείου Ďε αυτό Ď„Îż repository.
 editor.file_is_a_symlink=`Το «%s» είναι Ďυμβολικός ĎύνδεĎμος. Οι Ďυμβολικοί ĎύνδεĎμοι δεν μποĎούν να επεξεĎγαĎτούν Ďτην ενĎωματωμένη εφαĎμογή`
-editor.filename_is_a_directory=Το όνομα αĎχείου «%s» χĎηĎιμοποιείται ήδη ως όνομα φακέλου Ďε αυτό Ď„Îż αποθετήĎιο.
-editor.file_editing_no_longer_exists=Το αĎχείο «%s», Ď„Îż οποίο επεξεĎγάζεĎτε, δεν υπάĎχει πλέον Ďε αυτό Ď„Îż αποθετήĎιο.
-editor.file_deleting_no_longer_exists=Το αĎχείο «%s», Ď„Îż οποίο διαγĎάφεται, δεν υπάĎχει πλέον Ďε αυτό Ď„Îż αποθετήĎιο.
+editor.filename_is_a_directory=Το όνομα αĎχείου «%s» χĎηĎιμοποιείται ήδη ως όνομα φακέλου Ďε αυτό Ď„Îż repository.
+editor.file_editing_no_longer_exists=Το αĎχείο «%s», Ď„Îż οποίο επεξεĎγάζεĎτε, δεν υπάĎχει πλέον Ďε αυτό Ď„Îż repository.
+editor.file_deleting_no_longer_exists=Το αĎχείο «%s», Ď„Îż οποίο διαγĎάφεται, δεν υπάĎχει πλέον Ďε αυτό Ď„Îż repository.
 editor.file_changed_while_editing=ΠĎοέκυĎαν κάποιες αλλαγές Ďτα πεĎιεχόμενα του αĎχείου από τότε που ξεκινήĎατε να τα επεξεĎγάζεĎτε. Κάντε κλικ εδώ για να τα δείτε ή ξανακάντε μία υποβολή των αλλαγών Ďας για να τις αντικαταĎτήĎετε.
-editor.file_already_exists=ΥπάĎχει ήδη ένα αĎχείο με Ď„Îż όνομα «%s» Ďε αυτό Ď„Îż αποθετήĎιο.
+editor.file_already_exists=ΥπάĎχει ήδη ένα αĎχείο με Ď„Îż όνομα «%s» Ďε αυτό Ď„Îż repository.
 editor.commit_empty_file_header=Υποβολή ενός κενού αĎχείου
 editor.commit_empty_file_text=Το αĎχείο που Ď€Ďόκειται να υποβληθεί είναι κενό. Συνέχεια;
 editor.no_changes_to_show=Δεν υπάĎχουν αλλαγές για εμφάνιĎη.
@@ -1620,13 +1620,13 @@ issues.author_helper=Αυτός Îż χĎήĎτης είναι Îż ĎυγγĎαφέ
 issues.role.owner=Ιδιοκτήτης
 issues.role.owner_helper=Αυτός Îż χĎήĎτης είναι Îż ιδιοκτήτης αυτού του αποθετηĎίου.
 issues.role.member=Μέλος
-issues.role.member_helper=Αυτός Îż χĎήĎτης είναι μέλος του ÎżĎγανιĎμού, του οποίου ανήκει Ď„Îż αποθετήĎιο.
+issues.role.member_helper=Αυτός Îż χĎήĎτης είναι μέλος του ÎżĎγανιĎμού, του οποίου ανήκει Ď„Îż repository.
 issues.role.collaborator=ΣυνεĎγάτης
-issues.role.collaborator_helper=Îź χĎήĎτης έλαβε Ď€ĎĎŚĎκληĎη ĎυνεĎγαĎίας ĎĎ„Îż αποθετήĎιο.
+issues.role.collaborator_helper=Îź χĎήĎτης έλαβε Ď€ĎĎŚĎκληĎη ĎυνεĎγαĎίας ĎĎ„Îż repository.
 issues.role.first_time_contributor=ΣυντελεĎτής για Ď€Ďώτη φοĎά
-issues.role.first_time_contributor_helper=Αυτή είναι η Ď€Ďώτη ĎυνειĎφοĎά αυτού του χĎήĎτη ĎĎ„Îż αποθετήĎιο.
+issues.role.first_time_contributor_helper=Αυτή είναι η Ď€Ďώτη ĎυνειĎφοĎά αυτού του χĎήĎτη ĎĎ„Îż repository.
 issues.role.contributor=ΣυντελεĎτής
-issues.role.contributor_helper=Αυτός Îż χĎήĎτης έχει Ď€Ďοηγούμενές υποβολές (commits) ĎĎ„Îż αποθετήĎιο.
+issues.role.contributor_helper=Αυτός Îż χĎήĎτης έχει Ď€Ďοηγούμενές υποβολές (commits) ĎĎ„Îż repository.
 issues.re_request_review=ΕπαναίτηĎη αναĎκόπηĎης
 issues.is_stale=Îχουν υπάĎξει αλλαγές Ďε αυτό Ď„Îż PR από αυτή την αναθεώĎηĎη
 issues.remove_request_review=ΑφαίĎεĎη αιτήματος αναθεώĎηĎης
@@ -1678,7 +1678,7 @@ issues.unlock_comment=: ξεκλείδωĎε αυτή τη Ďυνομιλία %s
 issues.lock_confirm=Κλείδωμα
 issues.unlock_confirm=Ξεκλείδωμα
 issues.lock.notice_1=- Άλλοι χĎήĎτες δεν μποĎούν να αφήĎουν νέα Ďχόλια Ďε αυτό Ď„Îż ζήτημα.
-issues.lock.notice_2=- ΕĎείς και άλλοι ĎυνεĎγάτες που έχουν Ď€ĎĎŚĎβαĎη ĎĎ„Îż αποθετήĎιο θα μποĎείτε ακόμα να αφήĎετε Ďχόλια που θα είναι ÎżĎατά Ďε άλλους.
+issues.lock.notice_2=- ΕĎείς, μαζί με τους ĎυνεĎγάτες Ďας που έχουν Ď€ĎĎŚĎβαĎη ĎĎ„Îż repository, θα μποĎείτε ακόμα να αφήĎετε Ďχόλια που θα μποĎούν να βλέπουν και άλλοι.
 issues.lock.notice_3=- Îα μποĎείτε να ξεκλειδώĎετε αυτό Ď„Îż ζήτημα πιο μετά.
 issues.unlock.notice_1=- Όλοι θα βĎÎŻĎκονται πάλι Ďε θέĎη να αφήĎουν Ďχόλιο Ďε αυτό Ď„Îż ζήτημα.
 issues.unlock.notice_2=- Îα μποĎείτε πάντα να ξανακλειδώĎετε αυτό Ď„Îż ζήτημα πιο μετά.
@@ -1759,7 +1759,7 @@ issues.dependency.add_error_dep_issue_not_exist=ΕξαĎτώμενο ζήτημ
 issues.dependency.add_error_dep_not_exist=Δεν υπάĎχει η ΕξάĎτηĎη.
 issues.dependency.add_error_dep_exists=Η ΕξάĎτηĎη υπάĎχει ήδη.
 issues.dependency.add_error_cannot_create_circular=Δεν μποĎείτε να δημιουĎγήĎετε μια εξάĎτηĎη με δύο ζητήματα που μπλοκάĎουν Ď„Îż ένα Ď„Îż άλλο.
-issues.dependency.add_error_dep_not_same_repo=Και τα δύο ζητήματα Ď€Ďέπει να βĎÎŻĎκονται ĎĎ„Îż ίδιο αποθετήĎιο.
+issues.dependency.add_error_dep_not_same_repo=Και τα δύο ζητήματα Ď€Ďέπει να βĎÎŻĎκονται ĎĎ„Îż ίδιο repository.
 issues.review.self.approval=Δεν μποĎείτε να εγκĎίνετε Ď„Îż δικό Ďας pull request.
 issues.review.self.rejection=Δεν μποĎείτε να ζητήĎετε αλλαγές ĎĎ„Îż δικό Ďας pull request.
 issues.review.approve=ενέκĎινε τις αλλαγές %s
@@ -1922,7 +1922,7 @@ pulls.closed_at=`έκλειĎε αυτό Ď„Îż pull request %[2]s`
 pulls.cmd_instruction_hint=ΠĎοβολή οδηγιών ÎłĎαμμής εντολών
 pulls.cmd_instruction_checkout_title=Îλεγχος
-pulls.cmd_instruction_checkout_desc=Από Ď„Îż αποθετήĎιο του έĎγου Ďας, ελέγξτε έναν νέο κλάδο και δοκιμάĎτε τις αλλαγές.
+pulls.cmd_instruction_checkout_desc=Από Ď„Îż repository του έĎγου Ďας, ελέγξτε έναν νέο κλάδο και δοκιμάĎτε τις αλλαγές.
 pulls.cmd_instruction_merge_title=ΣυγχώνευĎη
 pulls.cmd_instruction_merge_desc=ΣυγχώνευĎη των αλλαγών και ενημέĎωĎη ĎĎ„Îż Gitea.
 pulls.clear_merge_message=ΕκκαθάĎÎąĎη μηνύματος ĎυγχώνευĎης
@@ -2101,8 +2101,8 @@ search.code_no_results=Δεν βĎέθηκε πηγαίος κώδικας πο
 search.code_search_unavailable=Η αναζήτηĎη κώδικα δεν είναι διαθέĎιμη αυτή τη Ďτιγμή. ΠαĎακαλώ επικοινωνήĎτε με Ď„Îż διαχειĎÎąĎτή.
 
 settings=ΡυθμίĎεις
-settings.desc=Στις ΡυθμίĎεις μποĎείτε να διαχειĎÎąĎτείτε τις ĎυθμίĎεις για Ď„Îż αποθετήĎιο
-settings.options=ΑποθετήĎιο
+settings.desc=Στις ΡυθμίĎεις μποĎείτε να διαχειĎÎąĎτείτε τις ĎυθμίĎεις για Ď„Îż repository
+settings.options=Repository
 settings.collaboration=ΣυνεĎγάτες
 settings.collaboration.admin=ΔιαχειĎÎąĎτής
 settings.collaboration.write=ΕγγĎαφή
@@ -2113,18 +2113,18 @@ settings.hooks=Webhooks
 settings.githooks=Git hooks
 settings.basic_settings=ΒαĎικές ĎυθμίĎεις
 settings.mirror_settings=ΡυθμίĎεις ειδώλου
-settings.mirror_settings.docs=ΡυθμίĎτε τον αυτόματο ĎυγχĎονιĎÎĽĎŚ των υποβολών, ετικετών και κλάδων του αποθετηĎίου Ďας Ďε ένα άλλο αποθετήĎιο.
-settings.mirror_settings.docs.disabled_pull_mirror.instructions=ΡυθμίĎτε τον αυτόματο ĎυγχĎονιĎÎĽĎŚ των υποβολών, ετικετών και κλάδων του έĎγου Ďας με ένα άλλο αποθετήĎιο. Τα είδωλα τύπου λήĎης έχουν απενεĎγοποιηθεί από τον διαχειĎÎąĎτή Ďας.
-settings.mirror_settings.docs.disabled_push_mirror.instructions=ΡυθμίĎτε την αυτόματη λήĎη υποβολών, ετικετών και κλάδων από ένα άλλο αποθετήĎιο.
+settings.mirror_settings.docs=ΡυθμίĎτε τον αυτόματο ĎυγχĎονιĎÎĽĎŚ των commit, ετικετών και κλάδων του αποθετηĎίου Ďας Ďε ένα άλλο repository.
+settings.mirror_settings.docs.disabled_pull_mirror.instructions=ΡυθμίĎτε τον αυτόματο ĎυγχĎονιĎÎĽĎŚ των commit, ετικετών και κλάδων του έĎγου Ďας με ένα άλλο repository. Τα είδωλα τύπου λήĎης έχουν απενεĎγοποιηθεί από τον διαχειĎÎąĎτή Ďας.
+settings.mirror_settings.docs.disabled_push_mirror.instructions=ΡυθμίĎτε την αυτόματη λήĎη υποβολών, ετικετών και κλάδων από ένα άλλο repository.
 settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning=Αυτή τη Ďτιγμή, αυτό μποĎεί να γίνει μόνο ĎĎ„Îż μενού "Νέα ΜεταφοĎά". Για πεĎÎąĎĎότεĎες πληĎοφοĎίες, Ďυμβουλευτείτε Ď„Îż:
 settings.mirror_settings.docs.disabled_push_mirror.info=Τα είδωλα ώθηĎης έχουν απενεĎγοποιηθεί από Ď„Îż διαχειĎÎąĎτή Ďας.
-settings.mirror_settings.docs.no_new_mirrors=Το αποθετήĎιο Ďας αντιγĎάφει τις αλλαγές Ď€Ďος ή από ένα άλλο αποθετήĎιο. Λάβετε υπόĎη ĎŚĎ„Îą δεν μποĎείτε να δημιουĎγήĎετε νέα είδωλα αυτή τη Ďτιγμή.
+settings.mirror_settings.docs.no_new_mirrors=Το repository Ďας αντιγĎάφει τις αλλαγές Ď€Ďος ή από ένα άλλο repository. Λάβετε υπόĎη ĎŚĎ„Îą δεν μποĎείτε να δημιουĎγήĎετε νέα είδωλα αυτή τη Ďτιγμή.
 settings.mirror_settings.docs.can_still_use=Αν και δεν μποĎείτε να Ď„ĎοποποιήĎετε τα υπάĎχοντα είδωλα ή να δημιουĎγήĎετε νέα, μποĎείτε να χĎηĎιμοποιείται ακόμα Ď„Îż υπάĎχων είδωλο.
 settings.mirror_settings.docs.pull_mirror_instructions=Για να ÎżĎÎŻĎετε έναν είδωλο έλξης, παĎακαλούμε Ďυμβουλευθείτε:
 settings.mirror_settings.docs.more_information_if_disabled=ΜποĎείτε να μάθετε πεĎÎąĎĎότεĎα για τα είδωλα ώθηĎης και έλξης εδώ:
 settings.mirror_settings.docs.doc_link_title=Πώς μποĎĎŽ να αντιγĎάĎω αποθετήĎια;
 settings.mirror_settings.docs.doc_link_pull_section=Ď„Îż κεφάλαιο "Pulling from a remote repository" της τεκμηĎίωĎης.
-settings.mirror_settings.docs.pulling_remote_title=Îλξη από ένα απομακĎĎ…Ďμένο αποθετήĎιο
+settings.mirror_settings.docs.pulling_remote_title=Pull από ένα απομακĎĎ…Ďμένο repository
 settings.mirror_settings.mirrored_repository=Είδωλο αποθετηĎίου
 settings.mirror_settings.direction=ΚατεύθυνĎη
 settings.mirror_settings.direction.pull=Pull
@@ -2188,33 +2188,33 @@ settings.reindex_button=ΠĎÎżĎθήκη Ďτην ουĎά Reindex
 settings.reindex_requested=Αιτήθηκε reindex
 settings.admin_enable_close_issues_via_commit_in_any_branch=ΚλείĎιμο ενός ζητήματος μέĎω μιας υποβολής που έγινε Ďε έναν μη Ď€Ďοεπιλεγμένο κλάδο
 settings.danger_zone=Ζώνη κινδύνου
-settings.new_owner_has_same_repo=Îź νέος ιδιοκτήτης έχει ήδη ένα αποθετήĎιο με Ď„Îż ίδιο όνομα. ΠαĎακαλώ επιλέξτε ένα άλλο όνομα.
-settings.convert=ΜετατĎοπή Ďε κανονικό αποθετήĎιο
-settings.convert_desc=ΜποĎείτε να μετατĎέĎετε αυτόν Ď„Îż είδωλο Ďε κανονικό αποθετήĎιο. Αυτό δεν μποĎεί να αναιĎεθεί.
-settings.convert_notices_1=Αυτή η λειτουĎγία θα μετατĎέĎει Ď„Îż είδωλο Ďε ένα κανονικό αποθετήĎιο και δεν μποĎεί να αναιĎεθεί.
+settings.new_owner_has_same_repo=Îź νέος ιδιοκτήτης έχει ήδη ένα repository με Ď„Îż ίδιο όνομα. ΠαĎακαλώ επιλέξτε ένα άλλο όνομα.
+settings.convert=ΜετατĎοπή Ďε κανονικό repository
+settings.convert_desc=ΜποĎείτε να μετατĎέĎετε αυτόν Ď„Îż είδωλο Ďε κανονικό repository. Αυτό δεν μποĎεί να αναιĎεθεί.
+settings.convert_notices_1=Αυτή η λειτουĎγία θα μετατĎέĎει Ď„Îż είδωλο Ďε ένα κανονικό repository και δεν μποĎεί να αναιĎεθεί.
 settings.convert_confirm=ΜετατĎοπή αποθετηĎίου
-settings.convert_succeed=Το είδωλο έχει μετατĎαπεί Ďε κανονικό αποθετήĎιο.
-settings.convert_fork=ΜετατĎοπή Ďε κανονικό αποθετήĎιο
-settings.convert_fork_desc=ΜποĎείτε να μετατĎέĎετε αυτό Ď„Îż fork Ďε κανονικό αποθετήĎιο. Αυτό δεν μποĎεί να αναιĎεθεί.
-settings.convert_fork_notices_1=Αυτή η λειτουĎγία θα μετατĎέĎει Ď„Îż fork Ďε ένα κανονικό αποθετήĎιο και δεν μποĎεί να αναιĎεθεί.
+settings.convert_succeed=Το είδωλο έχει μετατĎαπεί Ďε κανονικό repository.
+settings.convert_fork=ΜετατĎοπή Ďε κανονικό repository
+settings.convert_fork_desc=ΜποĎείτε να μετατĎέĎετε αυτό Ď„Îż fork Ďε κανονικό repository. Αυτό δεν μποĎεί να αναιĎεθεί.
+settings.convert_fork_notices_1=Αυτή η λειτουĎγία θα μετατĎέĎει Ď„Îż fork Ďε ένα κανονικό repository και δεν μποĎεί να αναιĎεθεί.
 settings.convert_fork_confirm=ΜετατĎοπή αποθετηĎίου
-settings.convert_fork_succeed=Το fork έχει μετατĎαπεί Ďε κανονικό αποθετήĎιο.
+settings.convert_fork_succeed=Το fork έχει μετατĎαπεί Ďε κανονικό repository.
 settings.transfer.title=ΜεταβίβαĎη ιδιοκτηĎίας
 settings.transfer.rejected=Η μεταβίβαĎη του αποθετηĎίου αποĎĎίφθηκε.
 settings.transfer.success=Η μεταβίβαĎη του αποθετηĎίου ήταν επιτυχής.
 settings.transfer_abort=ΑκύĎωĎη μεταβίβαĎης
 settings.transfer_abort_invalid=Δεν μποĎείτε να ακυĎĎŽĎετε μια ανύπαĎκτη μεταβίβαĎη αποθετηĎίου.
 settings.transfer_abort_success=Η μεταφοĎά αποθετηĎίου ĎĎ„Îż %s ακυĎώθηκε με επιτυχία.
-settings.transfer_desc=ΜεταβιβάĎτε αυτό Ď„Îż αποθετήĎιο Ďε έναν χĎήĎτη ή Ďε έναν ÎżĎγανιĎÎĽĎŚ για τον οποίο έχετε δικαιώματα διαχειĎÎąĎτή.
+settings.transfer_desc=ΜεταβιβάĎτε αυτό Ď„Îż repository Ďε έναν χĎήĎτη ή Ďε έναν ÎżĎγανιĎÎĽĎŚ για τον οποίο έχετε δικαιώματα διαχειĎÎąĎτή.
 settings.transfer_form_title=ΕιĎάγετε Ď„Îż όνομα του αποθετηĎίου ως επιβεβαίωĎη:
-settings.transfer_in_progress=Αυτή τη Ďτιγμή υπάĎχει μια εν εξελίξει μεταβίβαĎη. ΠαĎακαλούμε ακυĎĎŽĎτε την αν θέλετε να μεταβιβάĎετε αυτό Ď„Îż αποθετήĎιο Ďε άλλο χĎήĎτη.
-settings.transfer_notices_1=- Îα χάĎετε την Ď€ĎĎŚĎβαĎη ĎĎ„Îż αποθετήĎιο αν Ď„Îż μεταβιβάĎετε Ďε έναν μεμονωμένο χĎήĎτη.
-settings.transfer_notices_2=- Îα διατηĎήĎετε την Ď€ĎĎŚĎβαĎη ĎĎ„Îż αποθετήĎιο αν Ď„Îż μεταβιβάĎετε Ďε έναν ÎżĎγανιĎÎĽĎŚ που είĎτε (Ďυν)ιδιοκτήτης.
-settings.transfer_notices_3=- Εάν Ď„Îż αποθετήĎιο είναι ιδιωτικό και μεταβιβάζεται Ďε μεμονωμένο χĎήĎτη, αυτή η ενέĎγεια εξαĎφαλίζει ĎŚĎ„Îą Îż χĎήĎτης έχει τουλάχιĎτον άδεια ανάγνωĎης (και αλλάζει τα δικαιώματα εάν είναι απαĎαίτητο).
+settings.transfer_in_progress=Αυτή τη Ďτιγμή υπάĎχει μια εν εξελίξει μεταβίβαĎη. ΠαĎακαλούμε ακυĎĎŽĎτε την αν θέλετε να μεταβιβάĎετε αυτό Ď„Îż repository Ďε άλλο χĎήĎτη.
+settings.transfer_notices_1=- Îα χάĎετε την Ď€ĎĎŚĎβαĎη ĎĎ„Îż repository αν Ď„Îż μεταβιβάĎετε Ďε έναν μεμονωμένο χĎήĎτη.
+settings.transfer_notices_2=- Îα διατηĎήĎετε την Ď€ĎĎŚĎβαĎη ĎĎ„Îż repository αν Ď„Îż μεταβιβάĎετε Ďε έναν ÎżĎγανιĎÎĽĎŚ που είĎτε (Ďυν)ιδιοκτήτης.
+settings.transfer_notices_3=- Εάν Ď„Îż repository είναι ιδιωτικό και μεταβιβάζεται Ďε μεμονωμένο χĎήĎτη, αυτή η ενέĎγεια εξαĎφαλίζει ĎŚĎ„Îą Îż χĎήĎτης έχει τουλάχιĎτον άδεια ανάγνωĎης (και αλλάζει τα δικαιώματα εάν είναι απαĎαίτητο).
 settings.transfer_owner=Νέος ιδιοκτήτης
 settings.transfer_perform=ΕκτέλεĎη μεταφοĎάς
-settings.transfer_started=`Αυτό Ď„Îż αποθετήĎιο έχει επιĎημανθεί για μεταφοĎά και αναμένει επιβεβαίωĎη από Ď„Îż "%s"`
-settings.transfer_succeed=Το αποθετήĎιο έχει μεταφεĎθεί.
+settings.transfer_started=`Αυτό Ď„Îż repository έχει επιĎημανθεί για μεταφοĎά και αναμένει επιβεβαίωĎη από Ď„Îż "%s"`
+settings.transfer_succeed=Το repository έχει μεταφεĎθεί.
 settings.signing_settings=ΡυθμίĎεις επαλήθευĎης υπογĎαφών
 settings.trust_model=Μοντέλο εμπιĎĎ„ÎżĎύνης υπογĎαφών
 settings.trust_model.default=ΠĎοεπιλεγμένο μοντέλο εμπιĎĎ„ÎżĎύνης
@@ -2236,33 +2236,33 @@ settings.wiki_deletion_success=Τα δεδομένα wiki του αποθετη
 settings.delete=ΔιαγĎαφή αυτόυ του αποθετηĎίου
 settings.delete_desc=Η διαγĎαφή ενός αποθετηĎίου είναι μόνιμη και δεν μποĎεί να αναιĎεθεί.
 settings.delete_notices_1=- Αυτή η ενέĎγεια ΔΕΝ ΜΠΟΡΕΙ να αναιĎεθεί.
-settings.delete_notices_2=- Αυτή η ενέĎγεια θα διαγĎάĎει μόνιμα Ď„Îż αποθετήĎιο %s μαζί με τον κώδικα, τα ζητημάτα, τα Ďχόλια, τα δεδομένα των wiki και τις ĎυθμίĎεις ĎυνεĎγατών που βĎÎŻĎκονται μέĎα Ďε αυτό.
+settings.delete_notices_2=- Αυτή η ενέĎγεια θα διαγĎάĎει μόνιμα Ď„Îż repository %s μαζί με τον κώδικα, τα ζητημάτα, τα Ďχόλια, τα δεδομένα των wiki και τις ĎυθμίĎεις ĎυνεĎγατών που βĎÎŻĎκονται μέĎα Ďε αυτό.
 settings.delete_notices_fork_1=- Τα Forks αυτού του αποθετηĎίου θα γίνουν ανεξάĎτητα μετά τη διαγĎαφή.
-settings.deletion_success=Το αποθετήĎιο έχει διαγĎαφεί.
+settings.deletion_success=Το repository έχει διαγĎαφεί.
 settings.update_settings_success=Οι ĎυθμίĎεις του αποθετηĎίου έχουν ενημεĎωθεί.
-settings.update_settings_no_unit=Το αποθετήĎιο θα Ď€Ďέπει να επιτĎέπει τουλάχιĎτον κάποιο είδος αλληλεπίδĎαĎης.
+settings.update_settings_no_unit=Το repository θα Ď€Ďέπει να επιτĎέπει τουλάχιĎτον κάποιο είδος αλληλεπίδĎαĎης.
 settings.confirm_delete=ΔιαγĎαφή αποθετηĎίου
 settings.add_collaborator=ΠĎÎżĎθήκη ĎυνεĎγάτη
 settings.add_collaborator_success=Îź ĎυνεĎγάτης Ď€ĎÎżĎτέθηκε.
 settings.add_collaborator_inactive_user=Δεν είναι δυνατή η Ď€ĎÎżĎθήκη ενός ανενεĎγού χĎήĎτη ως ĎυνεĎγάτη.
 settings.add_collaborator_owner=Δεν είναι δυνατή η Ď€ĎÎżĎθήκη ενός ιδιοκτήτη Ďαν ĎυνεĎγάτη.
-settings.add_collaborator_duplicate=Îź ĎυνεĎγάτης έχει ήδη Ď€ĎÎżĎτεθεί Ďε αυτό Ď„Îż αποθετήĎιο.
+settings.add_collaborator_duplicate=Îź ĎυνεĎγάτης έχει ήδη Ď€ĎÎżĎτεθεί Ďε αυτό Ď„Îż repository.
 settings.delete_collaborator=ΚατάĎγηĎη
 settings.collaborator_deletion=ΚατάĎγηĎη ĎυνεĎγάτη
-settings.collaborator_deletion_desc=Η κατάĎγηĎη ενός ĎυνεĎγάτη θα αφαιĎέĎει και την Ď€ĎĎŚĎβαĎή του ĎĎ„Îż αποθετήĎιο. ΕίĎτε βέβαιοι;
+settings.collaborator_deletion_desc=Η κατάĎγηĎη ενός ĎυνεĎγάτη θα αφαιĎέĎει και την Ď€ĎĎŚĎβαĎή του ĎĎ„Îż repository. ΕίĎτε βέβαιοι;
 settings.remove_collaborator_success=Îź ĎυνεĎγάτης έχει καταĎγηθεί.
 settings.search_user_placeholder=ΑναζήτηĎη χĎήĎτη…
 settings.org_not_allowed_to_be_collaborator=Δεν μποĎείτε να Ď€ĎÎżĎθέĎετε έναν ÎżĎγανιĎÎĽĎŚ ως ĎυνεĎγάτη.
-settings.change_team_access_not_allowed=Η αλλαγή της Ď€ĎĎŚĎβαĎης ομάδας για Ď„Îż αποθετήĎιο έχει πεĎιοĎÎąĎτεί Ďτον ιδιοκτήτη του ÎżĎγανιĎμού
-settings.team_not_in_organization=Η ομάδα δεν είναι Ďτον ίδιο ÎżĎγανιĎÎĽĎŚ με Ď„Îż αποθετήĎιο
+settings.change_team_access_not_allowed=Η αλλαγή της Ď€ĎĎŚĎβαĎης ομάδας για Ď„Îż repository έχει πεĎιοĎÎąĎτεί Ďτον ιδιοκτήτη του ÎżĎγανιĎμού
+settings.team_not_in_organization=Η ομάδα δεν είναι Ďτον ίδιο ÎżĎγανιĎÎĽĎŚ με Ď„Îż repository
 settings.teams=Ομάδες
 settings.add_team=ΠĎÎżĎθήκη ομάδας
-settings.add_team_duplicate=Η ομάδα έχει ήδη Ď„Îż αποθετήĎιο
-settings.add_team_success=Η ομάδα έχει πλέον Ď€ĎĎŚĎβαĎη ĎĎ„Îż αποθετήĎιο.
+settings.add_team_duplicate=Η ομάδα έχει ήδη το repository
+settings.add_team_success=Η ομάδα έχει πλέον Ď€ĎĎŚĎβαĎη ĎĎ„Îż repository.
 settings.search_team=ΑναζήτηĎη Ομάδας…
-settings.change_team_permission_tip=Τα δικαιώματα της ομάδας έχουν ÎżĎÎąĎτεί Ďτη Ďελίδα ĎυθμίĎεων της ομάδας και δεν μποĎούν να αλλάξουν ανά αποθετήĎιο
+settings.change_team_permission_tip=Τα δικαιώματα της ομάδας έχουν ÎżĎÎąĎτεί Ďτη Ďελίδα ĎυθμίĎεων της ομάδας και δεν μποĎούν να αλλάξουν ανά repository
 settings.delete_team_tip=Αυτή η ομάδα έχει Ď€ĎĎŚĎβαĎη Ďε όλα τα αποθετήĎια και δεν μποĎεί να αφαιĎεθεί
-settings.remove_team_success=Îχει αφαιĎεθεί η Ď€ĎĎŚĎβαĎη της ομάδας ĎĎ„Îż αποθετήĎιο.
+settings.remove_team_success=Îχει αφαιĎεθεί η Ď€ĎĎŚĎβαĎη της ομάδας ĎĎ„Îż repository.
 settings.add_webhook=ΠĎÎżĎθήκη webhook
 settings.add_webhook.invalid_channel_name=Το όνομα του καναλιού Webhook δεν μποĎεί να είναι κενό και δεν μποĎεί να πεĎιέχει μόνο έναν χαĎακτήĎα #.
 settings.hooks_desc=Τα Webhooks κάνουν αυτόματα αιτήĎεις HTTP POST Ďε ένα διακομιĎτή όταν ενεĎγοποιούνται ÎżĎÎąĎμένα γεγονότα ĎĎ„Îż Forgejo. ΔιαβάĎτε πεĎÎąĎĎότεĎα Ďτον οδηγό webhooks.
@@ -2305,15 +2305,15 @@ settings.event_create_desc=Îź κλάδος ή η ετικέτα δημιουĎÎł
 settings.event_delete=ΔιαγĎαφή
 settings.event_delete_desc=Îź κλάδος ή η ετικέτα διαγĎάφηκε.
 settings.event_fork=Fork
-settings.event_fork_desc=Το αποθετήĎιο έγινε fork.
+settings.event_fork_desc=Το repository έγινε fork.
 settings.event_wiki=Wiki
 settings.event_wiki_desc=Η Ďελίδα Wiki δημιουĎγήθηκε, μετονομάĎτηκε, επεξεĎγάĎτηκε ή διαγĎάφηκε.
 settings.event_release=ΚυκλοφοĎία
 settings.event_release_desc=Η έκδοĎη δημοĎιεύτηκε, ενημεĎώθηκε ή διαγĎάφηκε από ένα αποθετήĎιο.
 settings.event_push=Push
-settings.event_push_desc=Git push Ďε ένα αποθετήĎιο.
-settings.event_repository=ΑποθετήĎιο
-settings.event_repository_desc=Το αποθετήĎιο δημιουĎγήθηκε ή διαγĎάφηκε.
+settings.event_push_desc=Git push Ďε ένα repository.
+settings.event_repository=Repository
+settings.event_repository_desc=Το repository δημιουĎγήθηκε ή διαγĎάφηκε.
 settings.event_header_issue=Συμβάντα ζητημάτων
 settings.event_issues=Ζητήματα
 settings.event_issues_desc=Το ζήτημα άνοιξε, έκλειĎε, ανοίχθηκε εκ νέου ή επεξεĎγάĎτηκε.
@@ -2345,7 +2345,7 @@ settings.event_pull_request_review_request_desc=Ζητήθηκε η αξιολό
 settings.event_pull_request_approvals=ΕγκĎÎŻĎεις pull request
 settings.event_pull_request_merge=ΣυγχώνευĎη pull request
 settings.event_package=Πακέτο
-settings.event_package_desc=Το πακέτο δημιουĎγήθηκε ή διαγĎάφηκε Ďε ένα αποθετήĎιο.
+settings.event_package_desc=Το πακέτο δημιουĎγήθηκε ή διαγĎάφηκε Ďε ένα repository.
 settings.branch_filter=ΦίλτĎÎż κλάδου
 settings.branch_filter_desc=ΛίĎτα επιτĎεπόμενων κλάδων για ωθήĎεις, δημιουĎγία κλάδων και γεγονότα διαγĎαφής κλάδων, που ÎżĎίζονται ως μοτίβο glob. Εάν είναι κενό ή *, αναφέĎονται Ďυμβάντα για όλους τους κλάδους. Δείτε τη τεκμηĎίωĎη%[2]s για Ďύνταξη. ΠαĎαδείγματα: master, {master,release*}.
 settings.authorization_header=Κεφαλίδα authorization
@@ -2361,7 +2361,7 @@ settings.hook_type=Είδος hook
 settings.slack_token=ΔιακĎιτικό
 settings.slack_domain=Domain
 settings.slack_channel=Κανάλι
-settings.add_web_hook_desc=ΕνĎωμάτωĎε Ď„Îż %s ĎĎ„Îż αποθετήĎιο Ďας.
+settings.add_web_hook_desc=ΕνĎωμάτωĎε Ď„Îż %s ĎĎ„Îż repository Ďας.
 settings.web_hook_name_gitea=Gitea
 settings.web_hook_name_forgejo = Forgejo
 settings.web_hook_name_gogs=Gogs
@@ -2381,9 +2381,9 @@ settings.packagist_api_token=ΔιακĎιτικό API
 settings.packagist_package_url=URL πακέτων Packagist
 settings.deploy_keys=Κλειδιά διάθεĎης
 settings.add_deploy_key=ΠĎÎżĎθήκη κλειδιού διάθεĎης
-settings.deploy_key_desc=Τα κλειδιά διάθεĎης έχουν Ď€ĎĎŚĎβαĎη μόνο-ανάγνωĎης ĎĎ„Îż αποθετήĎιο.
+settings.deploy_key_desc=Τα κλειδιά διάθεĎης έχουν Ď€ĎĎŚĎβαĎη μόνο-ανάγνωĎης ĎĎ„Îż repository.
 settings.is_writable=ΕνεĎγοποίηĎη Ď€ĎĎŚĎβαĎης εγγĎαφής
-settings.is_writable_info=ΕπιτĎέĎτε Ďε αυτό Ď„Îż κλειδί διάθεĎης να ωθήĎει ĎĎ„Îż αποθετήĎιο.
+settings.is_writable_info=ΕπιτĎέĎτε Ďε αυτό Ď„Îż κλειδί διάθεĎης να ωθήĎει ĎĎ„Îż repository.
 settings.no_deploy_keys=Δεν υπάĎχουν ακόμα κλειδιά διάθεĎης.
 settings.title=Τίτλος
 settings.deploy_key_content=ΠεĎιεχόμενο
@@ -2391,7 +2391,7 @@ settings.key_been_used=Îνα κλειδί διάθεĎης με Ď„Îż ίδιο 
 settings.key_name_used=Îνα κλειδί διάθεĎης με Ď„Îż ίδιο όνομα υπάĎχει ήδη.
 settings.add_key_success=Το κλειδί διάθεĎης «%s» Ď€ĎÎżĎτέθηκε.
 settings.deploy_key_deletion=ΑφαίĎεĎη κλειδιού διάθεĎης
-settings.deploy_key_deletion_desc=Η κατάĎγηĎη ενός κλειδί διάθεĎης θα ανακαλέĎει την Ď€ĎĎŚĎβαĎή του Ďε αυτό Ď„Îż αποθετήĎιο. Συνέχεια;
+settings.deploy_key_deletion_desc=Η κατάĎγηĎη ενός κλειδί διάθεĎης θα ανακαλέĎει την Ď€ĎĎŚĎβαĎή του Ďε αυτό Ď„Îż repository. Συνέχεια;
 settings.deploy_key_deletion_success=Το κλειδί διάθεĎης έχει αφαιĎεθεί.
 settings.branches=Κλάδοι
 settings.protected_branch=ΠĎÎżĎταĎία κλάδου
@@ -2424,7 +2424,7 @@ settings.protect_check_status_contexts=ΕνεĎγοποίηĎη ελέγχου 
 settings.protect_status_check_patterns=Μοτίβα ελέγχου κατάĎταĎης:
 settings.protect_status_check_patterns_desc=ÎźĎÎŻĎτε μοτίβα για να καθοĎÎŻĎετε ποιοι έλεγχοι κατάĎταĎης Ď€Ďέπει να πεĎάĎουν Ď€Ďιν οι κλάδοι να μποĎούν να Ďυγχωνευτούν Ďε έναν κλάδο που ταιĎιάζει με αυτόν τον κανόνα. Κάθε ÎłĎαμμή καθοĎίζει ένα μοτίβο. Τα μοτίβα δεν μποĎούν να είναι κενά.
 settings.protect_check_status_contexts_desc=Απαιτείται έλεγχος κατάĎταĎης για να πεĎάĎει Ď„Îż pull request Ď€Ďιν από τη ĎυγχώνευĎη. Επιλέξτε ποιοι έλεγχοι κατάĎταĎης Ď€Ďέπει να πεĎάĎουν Ď€Ďιν κλάδοι μποĎούν να Ďυγχωνευτούν Ďε έναν κλάδο που ταιĎιάζει με αυτόν τον κανόνα. Όταν είναι ενεĎγοποιημένο, οι υποβολές Ď€Ďέπει Ď€Ďώτα να γίνονται push Ďε άλλο κλάδο, Ďτη Ďυνέχεια, να Ďυγχωνεύονται ή γίνονται push απευθείας Ďε ένα κλάδο που ταιĎιάζει με αυτόν τον κανόνα, αφού έχουν ολοκληĎωθεί οι έλεγχοι κατάĎταĎης. Αν δεν επιλεχθεί κανένα πλαίĎιο, η τελευταία υποβολή Ď€Ďέπει να είναι επιτυχής ανεξάĎτητα από Ď„Îż πλαίĎιο.
-settings.protect_check_status_contexts_list=Îλεγχοι κατάĎταĎης που βĎέθηκαν την τελευταία εβδομάδα για αυτό Ď„Îż αποθετήĎιο
+settings.protect_check_status_contexts_list=Îλεγχοι κατάĎταĎης που βĎέθηκαν την τελευταία εβδομάδα για αυτό Ď„Îż repository
 settings.protect_status_check_matched=ΤαιĎιάζει
 settings.protect_invalid_status_check_pattern=Μη έγκυĎÎż μοτίβο ελέγχου κατάĎταĎης: "%s".
 settings.protect_no_valid_status_check_patterns=Μη έγκυĎα μοτίβα ελέγχου κατάĎταĎης.
@@ -2486,20 +2486,20 @@ settings.matrix.message_type=Είδος μηνύματος
 settings.archive.button=ΑĎχειοθέτηĎη αποθετηĎίου
 settings.archive.header=ΑĎχειοθέτηĎη αποθετηĎίου
 settings.archive.text=Η αĎχειοθέτηĎη του αποθετηĎίου θα Ď„Îż αλλάξει Ďε μόνο για ανάγνωĎη. Δε θα φαίνεται Ďτον αĎχικό πίνακα. Κανείς (ακόμα και εĎείς!) δε θα μποĎεί να κάνει νέες υποβολές, ή να ανοίξει ζητήματα ή pull request.
-settings.archive.success=Το αποθετήĎιο αĎχειοθετήθηκε με επιτυχία.
+settings.archive.success=Το repository αĎχειοθετήθηκε με επιτυχία.
 settings.archive.error=ΠαĎουĎιάĎτηκε Ďφάλμα κατά την Ď€ĎÎżĎπάθεια αĎχειοθέτηĎης του αποθετηĎίου. Δείτε Ď„Îż αĎχείο καταγĎαφής για πεĎÎąĎĎότεĎες λεπτομέĎειες.
 settings.archive.error_ismirror=Δε μποĎείτε να αĎχειοθετήĎετε ένα είδωλο αποθετηĎίου.
-settings.archive.branchsettings_unavailable=Οι ĎυθμίĎεις του κλάδου δεν είναι διαθέĎιμες αν Ď„Îż αποθετήĎιο είναι αĎχειοθετημένο.
-settings.archive.tagsettings_unavailable=Οι ĎυθμίĎεις της ετικέτας δεν είναι διαθέĎιμες αν Ď„Îż αποθετήĎιο είναι αĎχειοθετημένο.
+settings.archive.branchsettings_unavailable=Οι ĎυθμίĎεις του κλάδου δεν είναι διαθέĎιμες αν Ď„Îż repository είναι αĎχειοθετημένο.
+settings.archive.tagsettings_unavailable=Οι ĎυθμίĎεις της ετικέτας δεν είναι διαθέĎιμες αν Ď„Îż repository είναι αĎχειοθετημένο.
 settings.unarchive.button=ΑναίĎεĎη αĎχειοθέτηĎης αποθετηĎίου
 settings.unarchive.header=Απο-ΑĎχειοθέτηĎη του αποθετηĎίου
 settings.unarchive.text=Η απο-αĎχειοθέτηĎη του αποθετηĎίου θα αποκαταĎτήĎει την ικανότητά του να λαμβάνει υποβολές και ωθήĎεις, καθώς και νέα ζητήματα και pull-requests.
-settings.unarchive.success=Το αποθετήĎιο απο-αĎχειοθετήθηκε με επιτυχία.
+settings.unarchive.success=Το repository απο-αĎχειοθετήθηκε με επιτυχία.
 settings.unarchive.error=ΠαĎουĎιάĎτηκε Ďφάλμα κατά την Ď€ĎÎżĎπάθεια απο-αĎχειοθέτηĎης του αποθετηĎίου. Δείτε τις καταγĎαφές για πεĎÎąĎĎότεĎες λεπτομέĎειες.
 settings.update_avatar_success=Η εικόνα του αποθετηĎίου έχει ενημεĎωθεί.
 settings.lfs=LFS
-settings.lfs_filelist=ΑĎχεία LFS Ďε αυτό Ď„Îż αποθετήĎιο
-settings.lfs_no_lfs_files=Δεν υπάĎχουν αĎχεία LFS Ďε αυτό Ď„Îż αποθετήĎιο
+settings.lfs_filelist=ΑĎχεία LFS Ďε αυτό Ď„Îż repository
+settings.lfs_no_lfs_files=Δεν υπάĎχουν αĎχεία LFS Ďε αυτό Ď„Îż repository
 settings.lfs_findcommits=ΕύĎεĎη υποβολών
 settings.lfs_lfs_file_no_commits=Δεν βĎέθηκαν υποβολές για αυτό Ď„Îż αĎχείο LFS
 settings.lfs_noattribute=Αυτή η διαδĎομή δεν έχει λειτουĎγία κλειδώματος Ďτον Ď€Ďοεπιλεγμένο κλάδο
@@ -2518,7 +2518,7 @@ settings.lfs_force_unlock=ΕξαγκαναĎτικό ξεκλείδωμα
 settings.lfs_pointers.found=Î’Ďέθηκαν %d δείκτης(ες) blob - %d ĎĎ…ĎχετίĎτηκαν, %d δεν ĎĎ…ĎχετίĎτηκαν (%d λείπουν από Ď„Îż χώĎÎż αποθήκευĎης)
 settings.lfs_pointers.sha=Blob hash
 settings.lfs_pointers.oid=OID
-settings.lfs_pointers.inRepo=ÎŁĎ„Îż αποθετήĎιο
+settings.lfs_pointers.inRepo=ÎŁĎ„Îż repository
 settings.lfs_pointers.exists=ΥπάĎχει ĎĎ„Îż χώĎÎż αποθήκευĎης
 settings.lfs_pointers.accessible=ΠĎÎżĎβάĎιμο Ďτον χĎήĎτη
 settings.lfs_pointers.associateAccessible=ÎŁĎ…ĎχετιĎÎĽĎŚĎ‚ Ď€ĎÎżĎιτών %d OID
@@ -2621,7 +2621,7 @@ release.delete_tag=ΔιαγĎαφή ετικέτας
 release.deletion=ΔιαγĎαφή κυκλοφοĎίας
 release.deletion_desc=ΔιαγĎάφοντας μια κυκλοφοĎία, αυτή αφαιĎείται μόνο από Ď„Îż Gitea. Δε θα επηĎεάĎει την ετικέτα Git, τα πεĎιεχόμενα του αποθετηĎίου Ďας ή Ď„Îż ÎąĎĎ„ÎżĎικό της. Συνέχεια;
 release.deletion_success=Η κυκλοφοĎία έχει διαγĎαφεί.
-release.deletion_tag_desc=Îα διαγĎάĎει αυτή την ετικέτα από Ď„Îż αποθετήĎιο. Τα πεĎιεχόμενα του αποθετηĎίου και Ď„Îż ÎąĎĎ„ÎżĎικό παĎαμένουν αμετάβλητα. Συνέχεια;
+release.deletion_tag_desc=Îα διαγĎάĎει αυτή την ετικέτα από Ď„Îż repository. Τα πεĎιεχόμενα του repository και Ď„Îż ÎąĎĎ„ÎżĎικό δεν θα πειĎαχτούν. Να γίνει Ďυνέχεια;
 release.deletion_tag_success=Η ετικέτα έχει διαγĎαφεί.
 release.tag_name_already_exist=ΥπάĎχει ήδη μια έκδοĎη με αυτό Ď„Îż όνομα ετικέτας.
 release.tag_name_invalid=Το όνομα της ετικέτας δεν είναι έγκυĎÎż.
@@ -2646,7 +2646,7 @@ branch.delete_branch_has_new_commits=Îź κλάδος «%s» δεν μποĎεί
 branch.create_branch=ΔημιουĎγία κλάδου %s
 branch.create_from=`από το «%s»`
 branch.create_success=Îź κλάδος «%s» δημιουĎγήθηκε.
-branch.branch_already_exists=Îź κλάδος «%s» υπάĎχει ήδη Ďε αυτό Ď„Îż αποθετήĎιο.
+branch.branch_already_exists=Îź κλάδος «%s» υπάĎχει ήδη Ďε αυτό Ď„Îż repository.
 branch.branch_name_conflict=Το όνομα του κλάδου «%s» ĎυγκĎούεται με Ď„Îż ήδη υπάĎχον κλάδο «%s».
 branch.tag_collision=Îź κλάδος «%s» δεν μποĎεί να δημιουĎγηθεί επειδή μια ετικέτα με Ď„Îż ίδιο όνομα υπάĎχει ήδη ĎĎ„Îż αποθετήĎιο.
 branch.deleted_by=ΔιαγĎάφηκε από %s
@@ -2691,7 +2691,7 @@ error.csv.invalid_field_count=Δεν είναι δυνατή η απόδοĎη 
 commits.renamed_from = ΜετονομάĎτηκε από %Ď
 settings.wiki_rename_branch_main_desc = Îź κλάδος, Îż οποίος χĎηĎιμοποιείται εĎωτεĎικά από Ď„Îż wiki, θα μετονομαĎτεί (μόνιμα και μη αναĎĎ„ĎάĎιμα) Ďε «%s».
 issues.comment.blocked_by_user = Δεν μποĎείτε να αφήĎετε Ďχόλιο Ďε αυτό Ď„Îż ζήτημα, επειδή Îż κάτοχος του αποθετηĎίου ή Ď„Îż άτομο που δημιούĎγηĎε Ď„Îż ζήτημα Ďας έχει αποκλείĎει.
-pulls.blocked_by_user = Δεν μποĎείτε να δημιουĎγήĎετε pull request Ďε αυτό Ď„Îż αποθετήĎιο, επειδή Îż κάτοχος του αποθετηĎίου Ďας έχει αποκλείĎει.
+pulls.blocked_by_user = Δεν μποĎείτε να δημιουĎγήĎετε pull request Ďε αυτό Ď„Îż repository, επειδή Îż κάτοχος του repository Ďας έχει αποκλείĎει.
 pulls.made_using_agit = AGit
 wiki.cancel = ΑκύĎωĎη
 settings.units.add_more = ΠĎÎżĎθήκη μονάδων...
@@ -2710,13 +2710,13 @@ rss.must_be_on_branch = Για να αποκτήĎετε ένα RSS feed, Ď€Ďέ
 clone_in_vscodium = ΚλωνοποίηĎη ĎĎ„Îż VSCodium
 editor.invalid_commit_mail = Αυτή η διεύθυνĎη email δεν είναι έγκυĎη για την δημιουĎγία μίας υποβολής.
 pulls.nothing_to_compare_have_tag = Ο επιλεγμένος κλάδος/tag είναι όμοιος.
-issues.blocked_by_user = Δεν μποĎείτε να δημιουĎγήĎετε ζητήματα Ďε αυτό Ď„Îż αποθετήĎιο, επειδή Îż κάτοχος του αποθετηĎίου Ďας έχει αποκλείĎει.
+issues.blocked_by_user = Δεν μποĎείτε να δημιουĎγήĎετε ζητήματα Ďε αυτό Ď„Îż repository, επειδή Îż κάτοχος του repository Ďας έχει αποκλείĎει.
 pulls.agit_explanation = ΔημιουĎγημένο μέĎω του AGit. Το AGit επιτĎέπει Ďε ĎυνειĎφέĎοντες να Ď€Ďοτείνουν αλλαγές χĎηĎιμοποιώντας την εντολή «git push», χωĎÎŻĎ‚ την δημιουĎγία fork ή έναν νέο κλάδο.
 activity.navbar.recent_commits = ΠĎĎŚĎφατες υποβολές
 settings.wiki_globally_editable = Να επιτĎέπεται η επεξεĎγαĎία του wiki Ďε όλους
 admin.manage_flags = ΔιαχείĎÎąĎη ĎημάνĎεων
-admin.enabled_flags = Το αποθετήĎιο έχει τις εξής ĎημάνĎεις:
-settings.mirror_settings.pushed_repository = ΠĎοοĎιζόμενο αποθετήĎιο
+admin.enabled_flags = Το repository έχει τις εξής ĎημάνĎεις:
+settings.mirror_settings.pushed_repository = ΠĎοοĎιζόμενο repository
 admin.flags_replaced = Οι ĎημάνĎεις του αποθετηĎίου αντικαταĎτάθηκαν
 activity.navbar.code_frequency = Συχνότητα κώδικα
 settings.wiki_branch_rename_success = Το όνομα κλάδου wiki του αποθετηĎίου κανονικοποιήθηκε επιτυχώς.
@@ -2767,7 +2767,7 @@ editor.commit_id_not_matching = Το αĎχείο άλλαξε ĎŚĎÎż Ď„Îż επ
 settings.sourcehut_builds.visibility = ÎźĎατότητα εĎγαĎιών
 object_format = ΜοĎφή αντικειμένων («object format»)
 settings.ignore_stale_approvals_desc = Οι εγκĎÎŻĎεις, οι οποίες αναφέĎονται Ďε παλαιότεĎες υποβολές, δεν θα Ď€ĎÎżĎμετĎούνται ĎĎ„Îż Ďύνολο των απαιτούμενων εγκĎÎŻĎεων του pull request. ΕφόĎον αυτές οι εγκĎÎŻĎεις έχουν ήδη ανακληθεί, τότε αυτή η ĎύθμιĎη δεν θα παίξει κάποιον Ďόλο.
-settings.archive.mirrors_unavailable = Οι λειτουĎγίες ειδώλου δεν είναι διαθέĎιμες εφόĎον Ď„Îż αποθετήĎιο έχει αĎχειοθετηθεί.
+settings.archive.mirrors_unavailable = Οι λειτουĎγίες ειδώλου δεν είναι διαθέĎιμες εφόĎον Ď„Îż repository έχει αĎχειοθετηθεί.
 settings.web_hook_name_sourcehut_builds = SourceHut Builds
 settings.enforce_on_admins = ΕφαĎμογή κανόνα Ďε διαχειĎÎąĎτές του αποθετηĎίου
 object_format_helper = Η ÎĽÎżĎφή αντικειμένων («object format») του αποθετηĎίου. Δεν θα μποĎείτε να Ď„Îż αλλάξετε μεταγενέĎτεĎα. Η πιο Ďυμβατή ÎĽÎżĎφή είναι η SHA1.
@@ -2805,7 +2805,7 @@ release.type_attachment = Συνημμένο
 activity.published_prerelease_label = ΠĎοδημοĎίευĎη
 activity.published_tag_label = Ετικέτα
 settings.pull_mirror_sync_quota_exceeded = Îχετε υπεĎβεί τους διαθέĎιμους πόĎους Ďας, για αυτό δεν θα γίνει λήĎη των πιο Ď€ĎĎŚĎφατων αλλαγών.
-settings.transfer_quota_exceeded = Îź νέος ιδιοκτήτης (%s) έχει υπεĎβεί τους διαθέĎιμους πόĎους του. Το αποθετήĎιο δεν μποĎεί να μεταφεĎθεί.
+settings.transfer_quota_exceeded = Îź νέος ιδιοκτήτης (%s) έχει υπεĎβεί τους διαθέĎιμους πόĎους του. Το repository δεν μποĎεί να μεταφεĎθεί.
 release.asset_name = Όνομα αĎχείου
 release.asset_external_url = ΕξωτεĎικό URL
 release.invalid_external_url = Μη έγκυĎÎż εξωτεĎικό URL: «%s»
@@ -2901,7 +2901,7 @@ teams.join=Συμμετοχή
 teams.leave=ΑποχώĎηĎη
 teams.leave.detail=ΣίγουĎα θέλετε να αποχωĎήĎετε από την ομάδα %s;
 teams.can_create_org_repo=ΔημιουĎγία αποθετηĎίων
-teams.can_create_org_repo_helper=Τα μέλη μποĎούν να δημιουĎγήĎουν νέα αποθετήĎια Ďτον ÎżĎγανιĎÎĽĎŚ. Îź δημιουĎγός θα αποκτήĎει Ď€ĎĎŚĎβαĎη διαχειĎÎąĎτή ĎĎ„Îż νέο αποθετήĎιο.
+teams.can_create_org_repo_helper=Τα μέλη μποĎούν να δημιουĎγήĎουν νέα αποθετήĎια Ďτον ÎżĎγανιĎÎĽĎŚ. Îź δημιουĎγός θα αποκτήĎει Ď€ĎĎŚĎβαĎη διαχειĎÎąĎτή ĎĎ„Îż νέο repository.
 teams.none_access=Καμία Ď€ĎĎŚĎβαĎη
 teams.none_access_helper=Τα μέλη δεν μποĎούν να δουν ή να κάνουν οποιαδήποτε άλλη ενέĎγεια Ďε αυτή τη μονάδα.
 teams.general_access=Γενική Ď€ĎĎŚĎβαĎη
@@ -2922,7 +2922,7 @@ teams.add_team_member=ΠĎÎżĎθήκη μέλους ομάδας
 teams.invite_team_member=ΠĎĎŚĎκληĎη Ďτην ομάδα %s
 teams.invite_team_member.list=ΕκκĎεμείς Ď€ĎÎżĎκλήĎεις
 teams.delete_team_title=ΔιαγĎαφή ομάδας
-teams.delete_team_desc=Η διαγĎαφή μιας ομάδας ανακαλεί τη Ď€ĎĎŚĎβαĎη ĎĎ„Îż αποθετήĎιο από τα μέλη της. Συνέχεια;
+teams.delete_team_desc=Η διαγĎαφή μιας ομάδας ανακαλεί τη Ď€ĎĎŚĎβαĎη ĎĎ„Îż repository από τα μέλη της. Συνέχεια;
 teams.delete_team_success=Η ομάδα έχει διαγĎαφεί.
 teams.read_permission_desc=Αυτή η ομάδα χοĎηγεί Ď€ĎĎŚĎβαĎη ΑνάγνωĎης: τα μέλη μποĎούν να δουν και να κλωνοποιήĎουν τα αποθετήĎια της ομάδας.
 teams.write_permission_desc=Αυτή η ομάδα χοĎηγεί Ď€ĎĎŚĎβαĎη ΕγγĎαφής: τα μέλη μποĎούν να διαβάĎουν και να κάνουν push Ďτα αποθετήĎια της ομάδας.
@@ -2934,9 +2934,9 @@ teams.remove_all_repos_title=ΑφαίĎεĎη όλων των αποθετηĎÎŻ
 teams.remove_all_repos_desc=Αυτό θα αφαιĎέĎει όλα τα αποθετήĎια από την ομάδα.
 teams.add_all_repos_title=ΠĎÎżĎθήκη όλων των αποθετηĎίων
 teams.add_all_repos_desc=Αυτό θα Ď€ĎÎżĎθέĎει όλα τα αποθετήĎια του ÎżĎγανιĎμού Ďτην ομάδα.
-teams.add_nonexistent_repo=Το αποθετήĎιο που Ď€ĎÎżĎπαθείτε να Ď€ĎÎżĎθέĎετε δεν υπάĎχει, παĎακαλώ δημιουĎγήĎτε Ď„Îż Ď€Ďώτα.
+teams.add_nonexistent_repo=Το repository που Ď€ĎÎżĎπαθείτε να Ď€ĎÎżĎθέĎετε δεν υπάĎχει, παĎακαλώ δημιουĎγήĎτε Ď„Îż Ď€Ďώτα.
 teams.add_duplicate_users=Îź χĎήĎτης είναι ήδη μέλος της ομάδας.
-teams.repos.none=Αυτή η ομάδα δεν έχει Ď€ĎĎŚĎβαĎη Ďε κανένα αποθετήĎιο.
+teams.repos.none=Αυτή η ομάδα δεν έχει Ď€ĎĎŚĎβαĎη Ďε κανένα repository.
 teams.members.none=Δεν υπάĎχουν μέλη Ďε αυτήν την ομάδα.
 teams.specific_repositories=ΣυγκεκĎιμένα αποθετήĎια
 teams.specific_repositories_helper=Τα μέλη θα έχουν Ď€ĎĎŚĎβαĎη μόνο Ďε αποθετήĎια που Ď€ĎÎżĎτίθενται Ďητά Ďτην ομάδα. Επιλέγοντας Ď„Îż δεν θα θα αφαιĎεθούν αυτόματα τα αποθετήĎια που έχουν ήδη Ď€ĎÎżĎτεθεί με Ď„Îż Όλα τα αποθετήĎια.
@@ -3154,7 +3154,7 @@ packages.creator=ΔημιουĎγός
 packages.name=Όνομα
 packages.version=ÎκδοĎη
 packages.type=Τύπος
-packages.repository=ΑποθετήĎιο
+packages.repository=Repository
 packages.size=Μέγεθος
 packages.published=ΔημοĎιευμένα
 
@@ -3473,7 +3473,7 @@ notices.inverse_selection=ΑντιĎĎ„Ďοφή επιλογής
 notices.delete_selected=ΔιαγĎαφή επιλεγμένων
 notices.delete_all=ΔιαγĎαφή όλων των ειδοποιήĎεων
 notices.type=Τύπος
-notices.type_1=ΑποθετήĎιο
+notices.type_1=Repository
 notices.type_2=ΕĎγαĎία
 notices.desc=ΠεĎιγĎαφή
 notices.op=Λειτ.
@@ -3511,7 +3511,7 @@ users.organization_creation.description = Να επιτĎέπεται η δημ
 
 [action]
 create_repo=δημιούĎγηĎε Ď„Îż αποθετήĎιο %s
-rename_repo=μετονόμαĎε Ď„Îż αποθετήĎιο από %[1]s Ďε %[3]s
+rename_repo=μετονόμαĎε Ď„Îż repository από %[1]s Ďε %[3]s
 commit_repo=έκανε push ĎĎ„Îż %[3]s του %[4]s
 create_issue=`άνοιξε το ζήτημα %[3]s#%[2]s`
 close_issue=`έκλειĎε Ď„Îż ζήτημα %[3]s#%[2]s`
@@ -3523,7 +3523,7 @@ comment_issue=`άφηĎε Ďχόλιο ĎĎ„Îż ζήτημα %[3]s
 comment_pull=`ĎχολίαĎε ĎĎ„Îż pull request %[3]s#%[2]s`
 merge_pull_request=`ĎυγχώνευĎε Ď„Îż pull request %[3]s#%[2]s`
 auto_merge_pull_request=`αυτόματη ĎυγχώνευĎη του pull request %[3]s#%[2]s`
-transfer_repo=μετέφεĎε Ď„Îż αποθετήĎιο %s Ďε %s
+transfer_repo=μετέφεĎε Ď„Îż repository %s Ďε %s
 push_tag=ώθηĎε την ετικέτα %[3]s Ďε %[4]s
 delete_tag=διέγĎαĎε την ετικέτα %[2]s από %[3]s
 delete_branch=διέγĎαĎε Ď„Îż κλάδο %[2]s από %[3]s
@@ -3603,7 +3603,7 @@ title=Πακέτα
 desc=ΔιαχείĎÎąĎη πακέτων μητĎώου.
 empty=Δεν υπάĎχουν πακέτα ακόμα.
 empty.documentation=Για πεĎÎąĎĎότεĎες πληĎοφοĎίες Ďχετικά με Ď„Îż μητĎĎŽÎż πακέτων, Ďυμβουλευτείτε τον οδηγό.
-empty.repo=Μήπως ανεβάĎατε ένα πακέτο, αλλά δεν εμφανίζεται εδώ; Πηγαίνετε Ďτις ĎυθμίĎεις πακέτων και ĎυνδέĎτε Ď„Îż Ďε αυτό Ď„Îż αποθετήĎιο.
+empty.repo=Μήπως ανεβάĎατε ένα πακέτο, αλλά δεν εμφανίζεται εδώ; Πηγαίνετε Ďτις ĎυθμίĎεις πακέτων και ĎυνδέĎτε Ď„Îż Ďε αυτό Ď„Îż repository.
 registry.documentation=Για πεĎÎąĎĎότεĎες πληĎοφοĎίες Ďχετικά με Ď„Îż μητĎĎŽÎż %s, Ďυμβουλευτείτε τον οδηγό.
 filter.type=Τύπος
 filter.type.all=Όλα
@@ -3644,10 +3644,10 @@ composer.registry=ΡυθμίĎτε αυτό Ď„Îż μητĎĎŽÎż ĎĎ„Îż αĎχεί
 composer.install=Για να εγκαταĎτήĎετε Ď„Îż πακέτο χĎηĎιμοποιώντας Ď„Îż Composer, εκτελέĎτε την ακόλουθη εντολή:
 composer.dependencies=ΕξαĎτήĎεις
 composer.dependencies.development=ΕξαĎτήĎεις Ανάπτυξης
-conan.details.repository=ΑποθετήĎιο
+conan.details.repository=Repository
 conan.registry=ΡυθμίĎτε αυτό Ď„Îż μητĎĎŽÎż από τη ÎłĎαμμή εντολών:
 conan.install=Για να εγκαταĎτήĎετε Ď„Îż πακέτο χĎηĎιμοποιώντας Ď„Îż Conan, εκτελέĎτε την ακόλουθη εντολή:
-conda.registry=ΡυθμίĎτε αυτό Ď„Îż μητĎĎŽÎż ως αποθετήĎιο Conda ĎĎ„Îż αĎχείο .condarc:
+conda.registry=ΡυθμίĎτε αυτό Ď„Îż μητĎĎŽÎż ως repository Conda ĎĎ„Îż αĎχείο .condarc:
 conda.install=Για να εγκαταĎτήĎετε Ď„Îż πακέτο χĎηĎιμοποιώντας Ď„Îż Conda, εκτελέĎτε την ακόλουθη εντολή:
 container.details.type=Τύπος Εικόνας
 container.details.platform=ΠλατφόĎμα
@@ -3705,8 +3705,8 @@ swift.registry=ΡυθμίĎτε αυτό Ď„Îż μητĎĎŽÎż από τη ÎłĎαμ
 swift.install=ΠĎÎżĎθέĎτε Ď„Îż πακέτο ĎĎ„Îż αĎχείο Package.swift:
 swift.install2=και εκτελέĎτε την ακόλουθη εντολή:
 vagrant.install=Για Ď€ĎÎżĎθήκη ενός κυτίου Vagrant, εκτελέĎτε την ακόλουθη εντολή:
-settings.link=ΣύνδεĎη αυτού του πακέτου με ένα αποθετήĎιο
-settings.link.description=Εάν ĎυνδέĎετε ένα πακέτο με ένα αποθετήĎιο, Ď„Îż πακέτο πεĎιλαμβάνεται Ďτη λίĎτα πακέτων του αποθετηĎίου.
+settings.link=ΣύνδεĎη αυτού του πακέτου με ένα repository
+settings.link.description=Εάν ĎυνδέĎετε ένα πακέτο με ένα repository, Ď„Îż πακέτο πεĎιλαμβάνεται Ďτη λίĎτα πακέτων του repository.
 settings.link.select=Επιλογή ΑποθετηĎίου
 settings.link.button=ΕνημέĎωĎη ΣυνδέĎμου ΑποθετηĎίου
 settings.link.success=Îź ĎύνδεĎμος αποθετηĎίου ενημεĎώθηκε επιτυχώς.
@@ -3718,7 +3718,7 @@ settings.delete.success=Το πακέτο έχει διαγĎαφεί.
 settings.delete.error=Αποτυχία διαγĎαφής του πακέτου.
 owner.settings.cargo.title=ΕυĎετήĎιο μητĎώου Cargo
 owner.settings.cargo.initialize=ΑĎχικοποίηĎη ευĎετηĎίου
-owner.settings.cargo.initialize.description=Απαιτείται ένα ειδικό αποθετήĎιο ευĎετηĎίου Git για τη χĎήĎη του μητĎώου Cargo. ΧĎηĎιμοποιώντας αυτή την επιλογή θα δημιουĎγηθεί ξανά Ď„Îż αποθετήĎιο και θα ĎυθμιĎτεί αυτόματα.
+owner.settings.cargo.initialize.description=Απαιτείται ένα ειδικό repository ευĎετηĎίου Git για τη χĎήĎη του μητĎώου Cargo. ΧĎηĎιμοποιώντας αυτή την επιλογή θα δημιουĎγηθεί ξανά Ď„Îż repository και θα ĎυθμιĎτεί αυτόματα.
 owner.settings.cargo.initialize.error=Αποτυχία αĎχικοποίηĎης ευĎετηĎίου Cargo: %v
 owner.settings.cargo.initialize.success=Îź ευĎετήĎιο Cargo δημιουĎγήθηκε με επιτυχία.
 owner.settings.cargo.rebuild=ΑνανέωĎη ευĎετηĎίου
@@ -3811,7 +3811,7 @@ runners.task_list=ΠĎĎŚĎφατες εĎγαĎίες Ďτον εκτελεĎĎ„
 runners.task_list.no_tasks=Δεν υπάĎχει καμία εĎγαĎία ακόμα.
 runners.task_list.run=ΕκτέλεĎη
 runners.task_list.status=ΚατάĎταĎη
-runners.task_list.repository=ΑποθετήĎιο
+runners.task_list.repository=Repository
 runners.task_list.commit=Υποβολή
 runners.task_list.done_at=ΟλοκλήĎωĎε Στις
 runners.edit_runner=ΕπεξεĎγαĎία ΕκτελεĎτή
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 643a61b456..75ee89b545 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -147,6 +147,11 @@ value = Arvo
 rerun = Suorita uudelleen
 filter.clear = Tyhjennä suodattimet
 invalid_data = Virheellistä dataa: %v
+new_repo.title = Uusi repositorio
+new_org.title = Uusi organisaatio
+new_org.link = Uusi organisaatio
+new_repo.link = Uusi repositorio
+new_migrate.link = Uusi siirto
 
 [aria]
 footer.links = Linkit
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 656ead34e1..0df97ec31b 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -207,7 +207,7 @@ string.desc=Z - A
 
 [error]
 occurred=Une erreur s’est produite
-report_message=Si vous pensez qu'il s'agit d'un bug Forgejo, veuillez consulter notre board Codeberg ou ouvrir un nouveau ticket si nécessaire.
+report_message=Si vous pensez qu'il s'agit d'un bug Forgejo, veuillez consulter les tickets de Codeberg ou ouvrir un nouveau ticket si nécessaire.
 missing_csrf=Requête incorrecte : aucun jeton CSRF présent
 invalid_csrf=Requête incorrecte : jeton CSRF invalide
 not_found=La cible n'a pu être trouvée.
@@ -223,7 +223,7 @@ platform_desc=Forgejo est confirmé fonctionner sur des systèmes d'exploitation
 lightweight=LĂ©ger
 lightweight_desc=Forgejo utilise peu de ressources. Il peut même tourner sur un Raspberry Pi très bon marché. Économisez l'énergie de vos serveurs !
 license=Open Source
-license_desc=Toutes les sources sont sur Forgejo ! Rejoignez-nous et contribuez à rendre ce projet encore meilleur !
+license_desc=Toutes les sources sont sur Forgejo ! Rejoignez-nous et contribuez à rendre ce projet encore meilleur. Ne craignez pas de devenir un·e contributeur·trice !
 
 [install]
 install=Installation
@@ -558,6 +558,11 @@ removed_security_key.subject = Une clé de sécurité a été supprimée
 totp_disabled.subject = TOTP a été désactivé
 removed_security_key.no_2fa = Il n'y a plus de méthodes 2FA configurées ce qui signifie qu'il n'est plus nécessaire d'utiliser 2FA pour se connecter à votre compte.
 account_security_caution.text_1 = Si vous êtes à l’origine de cette action, vous pouvez ignorer ce courriel.
+totp_enrolled.text_1.no_webauthn = Vous venez d'activer TOTP pour votre compte. Cela signifie que pour toutes les prochaines connexions à votre compte, vous devrez utiliser TOTP comme méthode 2FA.
+totp_enrolled.subject = Vous avez activé TOTP comme méthode 2FA
+totp_enrolled.text_1.has_webauthn = Vous venez d'activer TOTP pour votre compte. Cela signifie que pour toutes les prochaines connexions à votre compte, vous pouvez utiliser TOTP comme méthode 2FA ou l'une de vos clés de sécurité.
+removed_security_key.text_1 = La clé de sécurité « %[1]s » vient d'être supprimée de votre compte.
+account_security_caution.text_2 = S'il ne s'agissait pas de vous, votre compte est compromis. Veuillez contacter les administrateurs du site.
 
 [modal]
 yes=Oui
@@ -823,7 +828,7 @@ add_new_email=Ajouter une nouvelle adresse e-mail
 add_new_openid=Ajouter une nouvelle URI OpenID
 add_email=Ajouter une adresse courriel
 add_openid=Ajouter une URI OpenID
-add_email_confirmation_sent=Un e-mail de confirmation a été envoyé à "%s". Veuillez vérifier votre boîte de réception dans les %s suivants pour confirmer votre adresse e-mail.
+add_email_confirmation_sent=Un courriel de confirmation a été envoyé à « %s ». Pour confirmer votre adresse de courriel, veuillez vérifier votre boîte de réception et suivre le lien indiqué dans les prochains %s.
 add_email_success=La nouvelle adresse e-mail a été ajoutée.
 email_preference_set_success=L'e-mail de préférence a été défini avec succès.
 add_openid_success=La nouvelle adresse OpenID a été ajoutée.
@@ -1042,6 +1047,8 @@ pronouns = Pronoms
 pronouns_unspecified = Non spécifiés
 language.title = Langue par défaut
 keep_activity_private.description = Vous seul pourrez voir votre activité publique, ainsi que les administrateurs de l'instance.
+language.localization_project = Aidez-nous à traduire Forgejo dans votre langue ! En savoir plus.
+language.description = Cette langue sera enregistrée dans votre compte et utilisée comme langue par défaut après votre connexion.
 
 [repo]
 new_repo_helper=Un dépôt contient tous les fichiers d’un projet, ainsi que l’historique de leurs modifications. Vous avez déjà ça ailleurs ? Migrez-le ici.
@@ -1421,7 +1428,7 @@ commitstatus.failure=Échec
 commitstatus.pending=En attente
 commitstatus.success=Succès
 
-ext_issues=Accès aux tickets externes
+ext_issues=Tickets externes
 ext_issues.desc=Lien vers un gestionnaire de tickets externe.
 
 projects=Projets
@@ -1602,9 +1609,9 @@ issues.no_content=Sans contenu.
 issues.close=Fermer le ticket
 issues.comment_pull_merged_at=a fusionné la révision %[1]s dans %[2]s %[3]s
 issues.comment_manually_pull_merged_at=a fusionné manuellement la révision %[1]s dans %[2]s %[3]s
-issues.close_comment_issue=Commenter et fermer
+issues.close_comment_issue=Fermer avec le commentaire
 issues.reopen_issue=Rouvrir
-issues.reopen_comment_issue=Commenter et réouvrir
+issues.reopen_comment_issue=RĂ©ouvrir avec le commentaire
 issues.create_comment=Commenter
 issues.closed_at=`a fermé ce ticket %[2]s.`
 issues.reopened_at=`a réouvert ce ticket %[2]s.`
@@ -1993,7 +2000,7 @@ signing.wont_sign.commitssigned=La fusion ne sera pas signée car ses révisions
 signing.wont_sign.approved=La fusion ne sera pas signée car la demande d'ajout n'a pas été approuvée.
 signing.wont_sign.not_signed_in=Vous n'êtes pas connecté.
 
-ext_wiki=Accès au wiki externe
+ext_wiki=Wiki externe
 ext_wiki.desc=Lier un wiki externe.
 
 wiki=Wiki
@@ -2418,14 +2425,14 @@ settings.protect_enable_merge_desc=Toute personne ayant un accès en écriture s
 settings.protect_whitelist_committers=Liste blanche des soumissions (push)
 settings.protect_whitelist_committers_desc=Seuls les utilisateurs ou les équipes autorisés pourront soumettre sur cette branche (sans forcer).
 settings.protect_whitelist_deploy_keys=Mettez les clés de déploiement sur liste blanche avec accès en écriture pour soumettre.
-settings.protect_whitelist_users=Utilisateurs sur liste blanche :
+settings.protect_whitelist_users=Utilisateurs sur liste blanche pour pousser
 settings.protect_whitelist_search_users=Rechercher des utilisateurs…
-settings.protect_whitelist_teams=Équipes sur liste blanche :
+settings.protect_whitelist_teams=Équipes sur liste blanche pour pousser
 settings.protect_whitelist_search_teams=Rechercher des équipes…
 settings.protect_merge_whitelist_committers=Activer la liste blanche pour la fusion
 settings.protect_merge_whitelist_committers_desc=N'autoriser que les utilisateurs et les Ă©quipes en liste blanche d'appliquer les demandes de fusion sur cette branche.
-settings.protect_merge_whitelist_users=Utilisateurs en liste blanche de fusion :
-settings.protect_merge_whitelist_teams=Équipes en liste blanche de fusion :
+settings.protect_merge_whitelist_users=Utilisateurs en liste blanche pour fusionner
+settings.protect_merge_whitelist_teams=Équipes en liste blanche pour fusionner
 settings.protect_check_status_contexts=Activer le contrĂ´le de status
 settings.protect_status_check_patterns=Motifs de vérification des statuts :
 settings.protect_status_check_patterns_desc=Entrez des motifs pour spécifier quelles vérifications doivent réussir avant que des branches puissent être fusionnées. Un motif par ligne. Un motif ne peut être vide.
@@ -2434,12 +2441,12 @@ settings.protect_check_status_contexts_list=Contrôles qualité trouvés au cour
 settings.protect_status_check_matched=Correspondant
 settings.protect_invalid_status_check_pattern=Motif de vérification des statuts incorrect : « %s ».
 settings.protect_no_valid_status_check_patterns=Aucun motif de vérification des statuts valide.
-settings.protect_required_approvals=Minimum d'approbations requis :
+settings.protect_required_approvals=Approbations requises
 settings.protect_required_approvals_desc=Permet de fusionner les demandes d’ajout lorsque suffisamment d’évaluation sont positives.
 settings.protect_approvals_whitelist_enabled=Restreindre les approbations aux utilisateurs ou aux Ă©quipes en liste blanche
 settings.protect_approvals_whitelist_enabled_desc=Seuls les évaluations des utilisateurs ou des équipes suivantes compteront dans les approbations requises. Si laissé vide, les évaluations de toute personne ayant un accès en écriture seront comptabilisées à la place.
-settings.protect_approvals_whitelist_users=Évaluateurs autorisés :
-settings.protect_approvals_whitelist_teams=Équipes d’évaluateurs autorisés :
+settings.protect_approvals_whitelist_users=Évaluateurs autorisés
+settings.protect_approvals_whitelist_teams=Équipes d’évaluateurs autorisés
 settings.dismiss_stale_approvals=Révoquer automatiquement les approbations périmées
 settings.dismiss_stale_approvals_desc=Lorsque des nouvelles révisions changent le contenu de la demande d’ajout, les approbations existantes sont révoquées.
 settings.ignore_stale_approvals=Ignorer les approbations obsolètes
@@ -2449,9 +2456,9 @@ settings.require_signed_commits_desc=Rejeter les soumissions sur cette branche l
 settings.protect_branch_name_pattern=Motif de nom de branche protégé
 settings.protect_branch_name_pattern_desc=Motifs de nom de branche protégé. Consultez la documentation pour la syntaxe du motif. Exemples : main, release/**
 settings.protect_patterns=Motifs
-settings.protect_protected_file_patterns=Liste des fichiers et motifs protégés (séparés par un point virgule ";") :
-settings.protect_protected_file_patterns_desc=Les fichiers protégés ne peuvent être modifiés, même si l'utilisateur a le droit d'ajouter, éditer ou supprimer des fichiers dans cette branche. Plusieurs motifs peuvent être séparés par un point-virgule (";"). Veuillez voir github.com/gobwas/glob la documentation pour la syntaxe des motifs. Exemples : .drone.yml, /docs/**/*.txt.
-settings.protect_unprotected_file_patterns=Liste des fichiers et motifs exclus (séparés par un point virgule ";") :
+settings.protect_protected_file_patterns=Motifs de fichiers protégés (séparés par un point virgule ";")
+settings.protect_protected_file_patterns_desc=Les fichiers protégés ne peuvent être modifiés, même si l'utilisateur a le droit d'ajouter, éditer ou supprimer des fichiers dans cette branche. Plusieurs motifs peuvent être séparés par un point-virgule (";"). Veuillez voir %[2]s la documentation pour la syntaxe des motifs. Exemples : .drone.yml, /docs/**/*.txt.
+settings.protect_unprotected_file_patterns=Motifs de fichiers non protégés (séparés par un point virgule ";")
 settings.protect_unprotected_file_patterns_desc=Les fichiers non-protégés qui peuvent être modifiés si l'utilisateur a le droit d'écriture, prenant le pas sur les restrictions de push. Plusieurs motifs peuvent être séparés par un point-virgule (";"). Veuillez voir %[2]s la documentation pour la syntaxe des motifs. Exemples : .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=Activer la protection
 settings.delete_protected_branch=DĂ©sactiver la protection
@@ -2811,6 +2818,23 @@ settings.federation_following_repos = Les URL des dépôts suivis séparés par
 settings.federation_not_enabled = La fédération n'est pas activée pour votre instance.
 comments.edit.already_changed = Impossible de sauvegarder les changements du commentaire car son contenu a déjà été modifié par un autre utilisateur. Veuillez recharger la page et essayer de l'éditer à nouveau pour éviter d'écraser ses changements
 settings.federation_apapiurl = URL de fédération de ce dépôt. A copier-coller dans les paramètres de fédérations d'un autre dépôt comme URL d'un dépôt à suivre.
+mirror_denied_combination = Il n'est pas possible de combiner une authentification par clé publique et par mot de passe.
+mirror_public_key = Clé SSH publique
+mirror_use_ssh.text = Utiliser l'authentification SSH
+mirror_use_ssh.helper = Forgejo va créer un miroir du dépôt via Git sur SSH et créer une paire de clés pour vous lorsque vous sélectionnez cette option. Vous devez vous assurer que la clé publique générée est autorisée à pousser dans le dépôt de destination. Il n'est pas possible d'utiliser l'autorisation basée sur un mot de passe si vous choisissez cette option.
+no_eol.text = Pas d'EOL
+mirror_use_ssh.not_available = L'authentification par SSH n'est pas disponible.
+no_eol.tooltip = Ce fichier ne contient pas de caractère final de fin de ligne.
+release.type_attachment = Pièce jointe
+settings.transfer_quota_exceeded = Le nouvel utilisateur (%s) a dépassé son quota. Le dépôt n'a pas été transféré.
+settings.pull_mirror_sync_quota_exceeded = Quota dépassé, les modifications ne sont pas tirées.
+activity.commit = Activité de commit
+settings.mirror_settings.push_mirror.copy_public_key = Copier la clé publique
+release.asset_external_url = URL externe
+release.invalid_external_url = URL externe non valable : « %s »
+milestones.filter_sort.name = Nom
+settings.mirror_settings.push_mirror.none_ssh = Aucun
+settings.protect_new_rule = Créer une nouvelle règle de protection de branche
 
 [graphs]
 component_loading=Chargement de %s…
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index e34da348a5..0cb6c0f7ab 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -3,7 +3,7 @@ home=ForsĂ­Ă°a
 dashboard=StjĂłrnborĂ°
 explore=Vafra
 help=Hjálp
-sign_in=Skrá Inn
+sign_in=Skrá inn
 sign_in_or=eĂ°a
 sign_out=Skrá Út
 sign_up=Nýskráning
@@ -15,9 +15,9 @@ page=SĂ­Ă°a
 template=Sniðmát
 language=Tungumál
 notifications=Tilkynningar
-active_stopwatch=Virk Tímamæling
+active_stopwatch=Virk tímamæling
 create_new=Skapa…
-user_profile_and_more=Notandasíða og Stillingar…
+user_profile_and_more=Notandasíða og stillingar…
 signed_in_as=Skráð(ur) inn sem
 toc=Efnisyfirlit
 licenses=HugbĂşnaĂ°arleyfi
@@ -111,6 +111,8 @@ concept_code_repository=HugbĂşnaĂ°arsafn
 
 name=Heiti
 value=Gildi
+sign_in_with_provider = Skrá inn með %s
+enable_javascript = Ăžessi sĂ­Ă°a krefst JavaScript.
 
 [aria]
 
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 0860176b18..f6fcd5135f 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -471,6 +471,11 @@ openid_signin_desc = Inserisci il tuo URI OpenID. Per esempio: alice.openid.exam
 password_pwned = La password che hai scelto è in un elenco di password rubate precedentemente esposte a violazioni di dati pubblici. Riprova con una password diversa e valuta di modificare questa password anche altrove.
 tab_signup = Registrati
 tab_signin = Accedi
+back_to_sign_in = Torna alla schermata d'accesso
+sign_in_openid = Procedi con OpenID
+hint_login = Hai giĂ  un'utenza? Accedi!
+hint_register = Non hai un'utenza? Registrati ora.
+sign_up_button = Registrati ora.
 
 [mail]
 view_it_on=Visualizza su %s
@@ -539,6 +544,21 @@ activate_email.title = %s, verifica il tuo indirizzo email
 admin.new_user.text = Clicca qui per gestire questo utente dal pannello di amministrazione.
 team_invite.text_1 = %[1]s ti ha invitato a far parte del team %[2]s nell'organizzazione %[3]s.
 team_invite.text_3 = Nota: Questo invito è destinato a %[1]s. Se non ti aspettavi questo invito, puoi ignorare questa email.
+primary_mail_change.subject = La tua mail principale è stata cambiata
+removed_security_key.no_2fa = Non ci sono più altri metodi di autenticazione a due fattori configurati, ergo non c'è più bisogno di accedere alla tua utenza tramite tale autenticazione.
+primary_mail_change.text_1 = La mail principale della tua utenza è appena stata cambiata in %[1]s. Ciò significa che questo indirizzo di posta elettronica non riceverà più notifiche mail da quest'utenza.
+totp_disabled.subject = La TOTP è stata disabilitata
+totp_disabled.no_2fa = Non ci sono più altri metodi d'autenticazione a due fattori configurati, ergo non c'è più bisogno di accedere alla tua utenza con tale autenticazione.
+removed_security_key.subject = Ă stata rimossa una chiave di sicurezza
+removed_security_key.text_1 = La chiave di sicurezza "%[1]s" è appena stata rimossa dalla tua utenza.
+totp_disabled.text_1 = La password a tempo usa e getta (TOTP) della tua utenza è appena stata disabilitata.
+totp_enrolled.subject = Hai attivato la TOTP come metodo d'autenticazione a due fattori
+totp_enrolled.text_1.no_webauthn = Hai appena attivato la TOTP per la tua utenza. Ciò significa che dovrai usarla come metodo d'autenticazione a due fattori per tutti i tuoi accessi futuri.
+totp_enrolled.text_1.has_webauthn = Hai appena attivato la TOTP per la tua utenza. Ciò significa che dovrai usare come metodo d'autenticazione a due fattori per i tuoi accessi futuri tale TOTP o una delle tue chiavi di sicurezza.
+password_change.subject = La tua password è stata modificata
+password_change.text_1 = La password della tua utenza è appena stata modificata.
+account_security_caution.text_1 = Se sei statÉ™ tu, puoi ignorare questa mail.
+account_security_caution.text_2 = Se non sei statə tu, la tua utenza è compromessa. Contatta l'amministrazione del sito.
 
 
 [modal]
@@ -1022,6 +1042,8 @@ pronouns = Pronomi
 pronouns_custom = Personalizzato
 pronouns_unspecified = Non specificato
 language.title = Lingua predefinita
+language.description = Questa lingua verrĂ  salvata nella tua utenza e verrĂ  usata come predefinita ogni volta che farai l'accesso.
+language.localization_project = Aiutaci a tradurre Forgejo nella tua lingua! PiĂą informazioni.
 
 [repo]
 owner=Proprietario
@@ -3863,6 +3885,7 @@ exact_tooltip = Includi solo i risultati che corrispondono esattamente al termin
 issue_kind = Cerca segnalazioni...
 pull_kind = Cerca richieste...
 exact = Esatto
+milestone_kind = Ricerca tappe...
 
 [munits.data]
 gib = GiB
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index f53356ee71..fba7f37808 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -158,6 +158,13 @@ filter.not_template = ă†ăłă—ă¬ăĽăă§ăŻăŞă„
 invalid_data = 無効ăŞă‡ăĽă‚ż: %v
 more_items = ă•ă‚‰ă«čˇ¨ç¤ş
 copy_generic = ă‚ŻăŞăă—ăśăĽă‰ă¸ă‚łă”ăĽ
+new_repo.title = ć–°ă—ă„ăŞăťă‚¸ăăŞ
+new_migrate.title = ć–°ă—ă„ăžă‚¤ă‚°ă¬ăĽă‚·ă§ăł
+new_org.title = ć–°ă—ă„組織
+new_repo.link = ć–°ă—ă„ăŞăťă‚¸ăăŞ
+new_migrate.link = ć–°ă—ă„ăžă‚¤ă‚°ă¬ăĽă‚·ă§ăł
+new_org.link = ć–°ă—ă„組織
+test = ă†ă‚ąă
 
 [aria]
 navbar=ăŠă“ゲăĽă‚·ă§ăłăăĽ
diff --git a/options/locale/locale_lt.ini b/options/locale/locale_lt.ini
index 35f56fa4fd..b55a749cb2 100644
--- a/options/locale/locale_lt.ini
+++ b/options/locale/locale_lt.ini
@@ -159,6 +159,18 @@ fuzzy_tooltip = Įtraukti rezultatus, kurie taip pat labai atitinka paieškos te
 repo_kind = Ieškoti saugyklų...
 code_search_unavailable = Kodų paieška šiuo metu nepasiekiama. Kreipkis į svetainės administratorių.
 org_kind = Ieškoti organizacijų...
+union = Bendrinis
+code_search_by_git_grep = Dabartiniai kodo paieškos rezultatai pateikiami atliekant „git grep“. Rezultatai gali būti geresni, jei svetainės administratorius įjungs kodo indeksuotoją.
+package_kind = Ieškoti paketų...
+project_kind = Ieškoti projektų...
+commit_kind = Ieškoti įsipareigojimų...
+runner_kind = Ieškoti vykdyklių...
+no_results = Nerasta atitinkamĹł rezultatĹł.
+issue_kind = Ieškoti problemų...
+branch_kind = Ieškoti šakų...
+milestone_kind = Ieškoti gairių...
+pull_kind = Ieškoti sujungimų...
+keyword_search_unavailable = Ieškoti pagal raktažodį šiuo metu nepasiekiamas. Susisiekite su svetainės administratoriumi.
 
 [actions]
 workflow.disable = Išjungti darbo eigą
@@ -171,6 +183,9 @@ runs.empty_commit_message = (tuščias įsipareigojimo pranešimas)
 submodule = Pomodulis
 changed_filemode = %[1]s → %[2]s
 symbolic_link = Virtualusis aplankas
+directory = Katalogas
+executable_file = Vykdomasis failas
+normal_file = Įprastas failas
 
 [projects]
 deleted.display_name = Ištrintas projektas
@@ -182,4 +197,64 @@ type-3.display_name = Organizacijos projektas
 filepreview.truncated = Peržiūra buvo sutrumpinta
 
 [mail]
-reset_password.text = Jei tai buvote jūs, spustelėkite toliau esančią nuorodą, kad atkurtumėte savo paskyrą per %s:
\ No newline at end of file
+reset_password.text = Jei tai buvote jūs, spustelėkite toliau esančią nuorodą, kad atkurtumėte savo paskyrą per %s:
+
+[heatmap]
+contributions_one = įnašas
+contributions_few = įnašai
+less = MaĹľiau
+more = Daugiau
+number_of_contributions_in_the_last_12_months = %s įnašų per pastaruosius 12 mėnesių
+contributions_zero = Įnašų nėra
+contributions_format = {contributions} {year} {month} {day}
+
+[aria]
+navbar = Naršymo juosta
+footer = Puslapinė poraštė
+footer.software = Apie šią programinę įrangą
+footer.links = Nuorodos
+
+[editor]
+buttons.quote.tooltip = Cituoti tekstÄ…
+buttons.code.tooltip = PridÄ—ti kodÄ…
+buttons.link.tooltip = PridÄ—ti nuorodÄ…
+buttons.heading.tooltip = Pridėti antraštę
+buttons.bold.tooltip = PridÄ—ti pusjuodÄŻ tekstÄ…
+buttons.italic.tooltip = PridÄ—ti kursyvinÄŻ tekstÄ…
+
+[error]
+network_error = Tinklo klaida
+server_internal = Vidinio serverio klaida
+
+[startpage]
+app_desc = Nesudėtinga, savarankiškai teikiama „Git“ paslauga
+install = Lengva ÄŻdiegti
+
+[install]
+path = Kelias
+err_admin_name_is_reserved = Administratoriaus naudotojo vardas netinkamas. Naudotojo vardas yra rezervuotas.
+enable_update_checker = Įjungti naujinimų tikrintuvą
+env_config_keys = Aplinkos konfigūracija
+db_title = DuomenĹł bazÄ—s nustatymai
+db_type = DuomenĹł bazÄ—s tipas
+user = Naudotojo vardas
+password = SlaptaĹľodis
+db_name = DuomenĹł bazÄ—s pavadinimas
+db_schema = Schema
+ssl_mode = SSL
+host = Pagrindinis komputeris
+general_title = Bendrieji nustatymai
+email_title = El. pašto nustatymai
+federated_avatar_lookup.description = Ieškokite pseudoportretų naudojant „Libravatar“.
+db_schema_helper = Palikite tuščią, jei tai numatytoji duomenų bazė („public“).
+err_empty_admin_password = Administratoriaus slaptažodis negali būti tuščias.
+err_empty_admin_email = Administratoriaus el. paštas negali būti tuščias.
+
+[explore]
+go_to = Eiti ÄŻ
+code = Kodas
+
+[auth]
+remember_me = Prisiminti šį įrenginį
+forgot_password_title = Pamirštas slaptažodis
+forgot_password = Pamiršote slaptažodį?
\ No newline at end of file
diff --git a/options/locale/locale_nb_NO.ini b/options/locale/locale_nb_NO.ini
index aae4ae788f..349d56ce13 100644
--- a/options/locale/locale_nb_NO.ini
+++ b/options/locale/locale_nb_NO.ini
@@ -23,4 +23,115 @@ language = SprĂĄk
 notifications = Varslinger
 create_new = Opprett…
 user_profile_and_more = Profil og innstillinger…
-signed_in_as = Logget inn som
\ No newline at end of file
+signed_in_as = Logget inn som
+confirm_delete_selected = Bekreft sletting av alle valgte elementer?
+dashboard = Dashbord
+download_logs = Last ned logger
+copy_hash = Kopier hash
+more_items = Flere elementer
+passcode = Adgangskode
+webauthn_insert_key = Skriv inn din sikkerhetsnøkkel
+webauthn_use_twofa = Bruk tofaktorkode fra din mobil
+organization = Organisasjon
+mirror = Speil
+new_mirror = Ny speiling
+repository = Repositorium
+new_project = Nytt prosjekt
+new_project_column = Ny kolonne
+webauthn_error = Klarte ikke lese sikkerhetsnøkkelen.
+webauthn_unsupported_browser = Nettleseren din støtter ikke WebAuthn.
+webauthn_error_unknown = En ukjent feil oppstod. Vennligst prøv igjen.
+webauthn_error_insecure = WebAuhn støtter kun sikre forbindelser. For testing over HTTP kan du bruke verten "localhost" eller "127.0.0.1"
+admin_panel = Nettsideadministrasjon
+settings = Innstillinger
+your_profile = Profil
+your_starred = Stjernemerket
+your_settings = Innstillinger
+new_repo.title = Nytt repositorium
+new_migrate.title = Ny migrasjon
+new_org.title = Ny organisasjon
+new_repo.link = Nytt repositorium
+new_migrate.link = Ny migrasjon
+new_org.link = Ny organisasjon
+all = Alle
+sources = Kilder
+mirrors = Speilinger
+activities = Aktiviteter
+rss_feed = RSS feed
+retry = Prøv igjen
+rerun = Kjør på nytt
+rerun_all = Kjør alle jobber på nytt
+save = Lagre
+cancel = Avbryt
+forks = Forks
+milestones = Milepæler
+ok = OK
+test = Test
+loading = Laster inn…
+error = Feil
+go_back = GĂĄ tilbake
+never = Aldri
+invalid_data = Ugyldig data: %v
+unknown = Ukjent
+pin = Pin
+artifacts = Artefakter
+archived = Arkivert
+concept_system_global = Global
+add = Legg til
+add_all = Legg til alle
+remove = Fjern
+remove_all = Fjern alle
+remove_label_str = Fjern element "%s"
+edit = Rediger
+view = Vis
+enabled = Aktivert
+disabled = Deaktivert
+locked = LĂĄst
+copy = Kopier
+copy_generic = Kopier til utklippstavlen
+copy_url = Kopier URL
+copy_content = Kopier innhold
+copy_success = Kopiert!
+copy_error = Kopiering mislyktes
+copy_type_unsupported = Denne filtypen kan ikke kopieres
+write = Skriv
+preview = ForhĂĄndsvis
+concept_user_individual = Individuell
+concept_code_repository = Repositorium
+concept_user_organization = Organisasjon
+show_timestamps = Vis tidsstempler
+show_log_seconds = Vis sekunder
+show_full_screen = Vis fullskjerm
+name = Navn
+value = Verdi
+filter = Filter
+filter.clear = Tøm filtre
+filter.is_archived = Arkivert
+filter.not_archived = Ikke arkivert
+filter.is_mirror = Speilinger
+filter.not_mirror = Ikke speilinger
+filter.is_template = Maler
+filter.not_template = Ikke maler
+filter.public = Offentlig
+filter.private = Privat
+explore = Utforsk
+active_stopwatch = Aktiv tidsregistrering
+home = Hjem
+help = Hjelp
+logo = Logo
+sign_in = Logg inn
+sign_in_with_provider = Logg inn med %s
+sign_in_or = eller
+sign_out = Logg ut
+sign_up = Opprett konto
+confirm_delete_artifact = Er du sikker pĂĄ at du vil slette artefakten "%s" ?
+
+[search]
+search = Søk...
+type_tooltip = Søketype
+fuzzy = Fuzzy
+union = Union
+
+[auth]
+verify = Bekreft
+sign_up_button = Opprett konto nĂĄ.
\ No newline at end of file
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 0938d4099c..e13b1341c4 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -1406,7 +1406,7 @@ commitstatus.failure=НеŃдача
 commitstatus.pending=Ожидание
 commitstatus.success=ĐŁŃпеŃно
 
-ext_issues=ДоŃŃ‚ŃĐż ко внеŃним задачам
+ext_issues=ВнеŃние задачи
 ext_issues.desc=СŃылка на внеŃнюю ŃиŃŃ‚ĐµĐĽŃ ĐľŃ‚Ńлеживания задач.
 
 projects=Проекты
@@ -1587,9 +1587,9 @@ issues.no_content=ОпиŃание отŃŃŃ‚ŃтвŃет.
 issues.close=Закрыть задачŃ
 issues.comment_pull_merged_at=коммит %[1]s был добавлен в %[2]s %[3]s
 issues.comment_manually_pull_merged_at=коммит %[1]s был врŃчнŃŃŽ добавлен в %[2]s %[3]s
-issues.close_comment_issue=Прокомментировать и закрыть
+issues.close_comment_issue=Закрыть комментарием
 issues.reopen_issue=Открыть Ńнова
-issues.reopen_comment_issue=Прокомментировать и открыть Ńнова
+issues.reopen_comment_issue=Открыть Ńнова комментарием
 issues.create_comment=Комментировать
 issues.closed_at=`задача была закрыта %[2]s`
 issues.reopened_at=`задача была открыта Ńнова %[2]s`
@@ -1964,7 +1964,7 @@ signing.wont_sign.commitssigned=Слияние не бŃдет подпиŃĐ°Đ˝
 signing.wont_sign.approved=Слияние не бŃдет подпиŃано, Ń‚Đ°Đş как Đ·Đ°ĐżŃ€ĐľŃ Đ˝Đ° Ńлияние не одобрен.
 signing.wont_sign.not_signed_in=Đ’Ń‹ не воŃли в ŃиŃтемŃ.
 
-ext_wiki=ДоŃŃ‚ŃĐż ко внеŃней вики
+ext_wiki=ВнеŃняя вики
 ext_wiki.desc=СŃылка на внеŃнюю вики.
 
 wiki=Вики
@@ -3332,7 +3332,7 @@ config.allow_only_external_registration=РегиŃтрация только че
 config.enable_openid_signup=СаморегиŃтрация через OpenID
 config.enable_openid_signin=Вход через OpenID
 config.show_registration_button=Кнопка региŃтрации
-config.require_sign_in_view=Для проŃмотра Ńодержимого необходима авторизация
+config.require_sign_in_view=Требовать авторизацию для проŃмотра Ńодержимого
 config.mail_notify=Уведомления по эл. почте
 config.enable_captcha=CAPTCHA
 config.active_code_lives=Срок дейŃтвия кода активации Ńчётной запиŃи
@@ -3963,4 +3963,8 @@ filepreview.lines = Строки Ń %[1]d по %[2]d в %[3]s
 filepreview.truncated = ПредпроŃмотр был обрезан
 
 [translation_meta]
-test = хи-хи!
\ No newline at end of file
+test = хи-хи!
+
+[repo.permissions]
+code.write = ЗапиŃŃŚ: отправка изменений в репозиторий, Ńоздание веток и тегов.
+code.read = Чтение: Đ´ĐľŃŃ‚ŃĐż Đş иŃŃ…ĐľĐ´Đ˝ĐľĐĽŃ ĐşĐľĐ´Ń Ń€ĐµĐżĐľĐ·Đ¸Ń‚ĐľŃ€Đ¸ŃŹ и клонированию.
\ No newline at end of file
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 1873b11478..7a1a77c3e5 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -1427,7 +1427,7 @@ commitstatus.failure=失败
 commitstatus.pending=待定
 commitstatus.success=ć功
 
-ext_issues=访问外é¨ĺ·ĄĺŤ•
+ext_issues=外é¨ĺ·ĄĺŤ•
 ext_issues.desc=链接ĺ°ĺ¤–é¨ĺ·ĄĺŤ•č·źč¸Şçł»ç»źă€‚
 
 projects=项目
@@ -1608,9 +1608,9 @@ issues.no_content=没有ćŹäľ›čŻ´ćŽă€‚
 issues.close=关闭工单
 issues.comment_pull_merged_at=ĺ·˛ĺ并ćŹäş¤ %[1]s ĺ° %[2]s %[3]s
 issues.comment_manually_pull_merged_at=手动ĺ并ćŹäş¤ %[1]s ĺ° %[2]s %[3]s
-issues.close_comment_issue=评论并关闭
+issues.close_comment_issue=关闭评论
 issues.reopen_issue=重新开ĺŻ
-issues.reopen_comment_issue=评论并重新开ĺŻ
+issues.reopen_comment_issue=重新打开评论
 issues.create_comment=评论
 issues.closed_at=`于 %[2]s 关闭此工单`
 issues.reopened_at=`é‡Ťć–°ć‰“ĺĽ€ć­¤é—®é˘ %[2]s`
@@ -1999,7 +1999,7 @@ signing.wont_sign.commitssigned=ĺ并将不会被签ĺŤďĽŚĺ› ä¸şć‰€ćś‰ç›¸ĺ…łçš„
 signing.wont_sign.approved=ĺ并将不会被签ĺŤďĽŚĺ› ä¸şĺ并请求未被批准。
 signing.wont_sign.not_signed_in=您čżć˛ˇćś‰ç™»ĺ˝•ă€‚
 
-ext_wiki=访问外é¨ç™ľç§‘
+ext_wiki=外é¨ç™ľç§‘
 ext_wiki.desc=链接ĺ°ĺ¤–é¨ wiki。
 
 wiki=百科
@@ -2330,7 +2330,7 @@ settings.event_repository_desc=ĺ›ĺ»şć–ĺ é™¤ä»“ĺş“
 settings.event_header_issue=工单事件
 settings.event_issues=工单
 settings.event_issues_desc=工单已打开ă€ĺ·˛ĺ…łé—­ă€ĺ·˛é‡Ťć–°ć‰“开ć–已编辑。
-settings.event_issue_assign=工单已ĺ†é…Ť
+settings.event_issue_assign=工单已指派
 settings.event_issue_assign_desc=工单已被指派ć–取ć¶ćŚ‡ć´ľă€‚
 settings.event_issue_label=工单已ĺ†ç±»
 settings.event_issue_label_desc=工单标签被更新ć–清除。
@@ -3818,7 +3818,7 @@ management=密钥管ç†
 [actions]
 actions=Actions
 
-unit.desc=使用 Forgejo Actions 管ç†é›†ćçš„ CI/CD 管é“
+unit.desc=使用 Forgejo Actions 管ç†é›†ćçš„ CI/CD 管é“。
 
 status.unknown=未知
 status.waiting=等待中
@@ -3980,4 +3980,24 @@ filepreview.lines = %[3]s 中的第 %[1]d ĺ° %[2]d 行
 filepreview.truncated = 预č§ĺ·˛č˘«ćŞć–­
 
 [translation_meta]
-test = 好的
\ No newline at end of file
+test = 好的
+
+[repo.permissions]
+code.write = 写入:推é€ĺ°ä»“库,ĺ›ĺ»şĺ†ć”Żĺ’Ść ‡ç­ľă€‚
+code.read = 读取:访问并克隆仓库的代ç ă€‚
+actions.read = 读取:查看集ćçš„ CI/CD 管é“及其日志。
+issues.write = 写入:关闭工单并管ç†ĺ…数据,如标签ă€é‡Śç¨‹ç˘‘ă€ćŚ‡ć´ľćĺ‘ă€ćŞć­˘ć—Ąćśźĺ’Śäľťčµ–。
+releases.write = 写入:发ĺ¸ă€çĽ–čľ‘ĺ’Śĺ é™¤ç‰ćś¬ĺŹ‘ĺ¸ĺŹŠĺ…¶čµ„产。
+issues.read = 读取:é…读并ĺ›ĺ»şĺ·ĄĺŤ•ĺ’ŚčŻ„论。
+pulls.read = 读取:é…读并ĺ›ĺ»şĺ并请求。
+releases.read = 读取:查看并下载ç‰ćś¬ĺŹ‘ĺ¸ă€‚
+wiki.read = 读取:é…读集ć的百科及其历史。
+wiki.write = 写入:在集ć的百科中ĺ›ĺ»şă€ć›´ć–°ĺ’Śĺ é™¤éˇµéť˘ă€‚
+projects.read = 读取:访问仓库项目看板。
+packages.read = 读取:查看并下载指派给仓库的软件包。
+packages.write = 写入:发ĺ¸ĺą¶ĺ é™¤ćŚ‡ć´ľç»™ä»“库的软件包。
+actions.write = 写入:手动触发ă€é‡ŤĺŻă€ĺŹ–ć¶ć–批准待处ç†çš„ CI/CD 管é“。
+ext_issues = 访问外é¨ĺ·ĄĺŤ•çł»ç»źçš„链接。ćťé™ç”±ĺ¤–é¨ç®ˇç†ă€‚
+ext_wiki = 访问外é¨ç™ľç§‘的链接。ćťé™ç”±ĺ¤–é¨ç®ˇç†ă€‚
+projects.write = 写入:ĺ›ĺ»şéˇąç›®ĺ’Śĺ—并进行编辑。
+pulls.write = 写入:关闭ĺ并请求并管ç†ĺ…数据,如标签ă€é‡Śç¨‹ç˘‘ă€ćŚ‡ć´ľćĺ‘ă€ćŞć­˘ć—Ąćśźĺ’Śäľťčµ–。
\ No newline at end of file

From a75862bd7d76654a4706769a01f693b425f34b05 Mon Sep 17 00:00:00 2001
From: Renovate Bot 
Date: Sun, 29 Sep 2024 08:03:17 +0000
Subject: [PATCH 016/166] Update dependency webpack to v5.95.0

---
 package-lock.json | 14 +++++++-------
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7dd1cba03a..7da312bb80 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -55,7 +55,7 @@
         "vue-chartjs": "5.3.1",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.94.0",
+        "webpack": "5.95.0",
         "webpack-cli": "5.1.4",
         "wrap-ansi": "9.0.0"
       },
@@ -16379,9 +16379,9 @@
       }
     },
     "node_modules/webpack": {
-      "version": "5.94.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.94.0.tgz",
-      "integrity": "sha512-KcsGn50VT+06JH/iunZJedYGUJS5FGjow8wb9c0v5n1Om8O1g4L6LjtfxwlXIATopoQu+vOXXa7gYisWxCoPyg==",
+      "version": "5.95.0",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.95.0.tgz",
+      "integrity": "sha512-2t3XstrKULz41MNMBF+cJ97TyHdyQ8HCt//pqErqDvNjU9YQBnZxIHa11VXsi7F3mb5/aO2tuDxdeTPdU7xu9Q==",
       "license": "MIT",
       "dependencies": {
         "@types/estree": "^1.0.5",
@@ -16494,9 +16494,9 @@
       }
     },
     "node_modules/webpack/node_modules/@types/estree": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz",
-      "integrity": "sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==",
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz",
+      "integrity": "sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw==",
       "license": "MIT"
     },
     "node_modules/webpack/node_modules/ajv": {
diff --git a/package.json b/package.json
index 12c6a05c12..a9cf80684b 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
     "vue-chartjs": "5.3.1",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.94.0",
+    "webpack": "5.95.0",
     "webpack-cli": "5.1.4",
     "wrap-ansi": "9.0.0"
   },

From 14c7055494b995476d9d2ec1948784bf36dd9e4d Mon Sep 17 00:00:00 2001
From: ChristopherHX 
Date: Sun, 22 Sep 2024 13:01:09 +0200
Subject: [PATCH 017/166] Fix artifact v4 upload above 8MB (#31664)

Multiple chunks are uploaded with type "block" without using
"appendBlock" and eventually out of order for bigger uploads.
8MB seems to be the chunk size

This change parses the blockList uploaded after all blocks to get the
final artifact size and order them correctly before calculating the
sha256 checksum over all blocks

Fixes #31354

(cherry picked from commit b594cec2bda6f861effedb2e8e0a7ebba191c0e9)

Conflicts:
	routers/api/actions/artifactsv4.go
  conflict because of Refactor AppURL usage (#30885) 67c1a07285008cc00036a87cef966c3bd519a50c
    that was not cherry-picked in Forgejo
    the resolution consist of removing the extra ctx argument
---
 routers/api/actions/artifacts_chunks.go       |  50 +++++-
 routers/api/actions/artifactsv4.go            | 144 +++++++++++++-----
 .../api_actions_artifact_v4_test.go           | 130 ++++++++++++++++
 3 files changed, 285 insertions(+), 39 deletions(-)

diff --git a/routers/api/actions/artifacts_chunks.go b/routers/api/actions/artifacts_chunks.go
index b0c96585cb..cdb56584b8 100644
--- a/routers/api/actions/artifacts_chunks.go
+++ b/routers/api/actions/artifacts_chunks.go
@@ -123,6 +123,54 @@ func listChunksByRunID(st storage.ObjectStorage, runID int64) (map[int64][]*chun
 	return chunksMap, nil
 }
 
+func listChunksByRunIDV4(st storage.ObjectStorage, runID, artifactID int64, blist *BlockList) ([]*chunkFileItem, error) {
+	storageDir := fmt.Sprintf("tmpv4%d", runID)
+	var chunks []*chunkFileItem
+	chunkMap := map[string]*chunkFileItem{}
+	dummy := &chunkFileItem{}
+	for _, name := range blist.Latest {
+		chunkMap[name] = dummy
+	}
+	if err := st.IterateObjects(storageDir, func(fpath string, obj storage.Object) error {
+		baseName := filepath.Base(fpath)
+		if !strings.HasPrefix(baseName, "block-") {
+			return nil
+		}
+		// when read chunks from storage, it only contains storage dir and basename,
+		// no matter the subdirectory setting in storage config
+		item := chunkFileItem{Path: storageDir + "/" + baseName, ArtifactID: artifactID}
+		var size int64
+		var b64chunkName string
+		if _, err := fmt.Sscanf(baseName, "block-%d-%d-%s", &item.RunID, &size, &b64chunkName); err != nil {
+			return fmt.Errorf("parse content range error: %v", err)
+		}
+		rchunkName, err := base64.URLEncoding.DecodeString(b64chunkName)
+		if err != nil {
+			return fmt.Errorf("failed to parse chunkName: %v", err)
+		}
+		chunkName := string(rchunkName)
+		item.End = item.Start + size - 1
+		if _, ok := chunkMap[chunkName]; ok {
+			chunkMap[chunkName] = &item
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+	for i, name := range blist.Latest {
+		chunk, ok := chunkMap[name]
+		if !ok || chunk.Path == "" {
+			return nil, fmt.Errorf("missing Chunk (%d/%d): %s", i, len(blist.Latest), name)
+		}
+		chunks = append(chunks, chunk)
+		if i > 0 {
+			chunk.Start = chunkMap[blist.Latest[i-1]].End + 1
+			chunk.End += chunk.Start
+		}
+	}
+	return chunks, nil
+}
+
 func mergeChunksForRun(ctx *ArtifactContext, st storage.ObjectStorage, runID int64, artifactName string) error {
 	// read all db artifacts by name
 	artifacts, err := db.Find[actions.ActionArtifact](ctx, actions.FindArtifactsOptions{
@@ -230,7 +278,7 @@ func mergeChunksForArtifact(ctx *ArtifactContext, chunks []*chunkFileItem, st st
 		rawChecksum := hash.Sum(nil)
 		actualChecksum := hex.EncodeToString(rawChecksum)
 		if !strings.HasSuffix(checksum, actualChecksum) {
-			return fmt.Errorf("update artifact error checksum is invalid")
+			return fmt.Errorf("update artifact error checksum is invalid %v vs %v", checksum, actualChecksum)
 		}
 	}
 
diff --git a/routers/api/actions/artifactsv4.go b/routers/api/actions/artifactsv4.go
index 7b2f9c4360..677e89da2f 100644
--- a/routers/api/actions/artifactsv4.go
+++ b/routers/api/actions/artifactsv4.go
@@ -24,8 +24,15 @@ package actions
 // PUT: http://localhost:3000/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact?sig=mO7y35r4GyjN7fwg0DTv3-Fv1NDXD84KLEgLpoPOtDI=&expires=2024-01-23+21%3A48%3A37.20833956+%2B0100+CET&artifactName=test&taskID=75&comp=block
 // 1.3. Continue Upload Zip Content to Blobstorage (unauthenticated request), repeat until everything is uploaded
 // PUT: http://localhost:3000/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact?sig=mO7y35r4GyjN7fwg0DTv3-Fv1NDXD84KLEgLpoPOtDI=&expires=2024-01-23+21%3A48%3A37.20833956+%2B0100+CET&artifactName=test&taskID=75&comp=appendBlock
-// 1.4. Unknown xml payload to Blobstorage (unauthenticated request), ignored for now
+// 1.4. BlockList xml payload to Blobstorage (unauthenticated request)
+// Files of about 800MB are parallel in parallel and / or out of order, this file is needed to enshure the correct order
 // PUT: http://localhost:3000/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact?sig=mO7y35r4GyjN7fwg0DTv3-Fv1NDXD84KLEgLpoPOtDI=&expires=2024-01-23+21%3A48%3A37.20833956+%2B0100+CET&artifactName=test&taskID=75&comp=blockList
+// Request
+// 
+// 
+// 	blockId1
+// 	blockId2
+// 
 // 1.5. FinalizeArtifact
 // Post: /twirp/github.actions.results.api.v1.ArtifactService/FinalizeArtifact
 // Request
@@ -82,6 +89,7 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/base64"
+	"encoding/xml"
 	"fmt"
 	"io"
 	"net/http"
@@ -153,31 +161,34 @@ func ArtifactsV4Routes(prefix string) *web.Route {
 	return m
 }
 
-func (r artifactV4Routes) buildSignature(endp, expires, artifactName string, taskID int64) []byte {
+func (r artifactV4Routes) buildSignature(endp, expires, artifactName string, taskID, artifactID int64) []byte {
 	mac := hmac.New(sha256.New, setting.GetGeneralTokenSigningSecret())
 	mac.Write([]byte(endp))
 	mac.Write([]byte(expires))
 	mac.Write([]byte(artifactName))
 	mac.Write([]byte(fmt.Sprint(taskID)))
+	mac.Write([]byte(fmt.Sprint(artifactID)))
 	return mac.Sum(nil)
 }
 
-func (r artifactV4Routes) buildArtifactURL(endp, artifactName string, taskID int64) string {
+func (r artifactV4Routes) buildArtifactURL(endp, artifactName string, taskID, artifactID int64) string {
 	expires := time.Now().Add(60 * time.Minute).Format("2006-01-02 15:04:05.999999999 -0700 MST")
 	uploadURL := strings.TrimSuffix(setting.AppURL, "/") + strings.TrimSuffix(r.prefix, "/") +
-		"/" + endp + "?sig=" + base64.URLEncoding.EncodeToString(r.buildSignature(endp, expires, artifactName, taskID)) + "&expires=" + url.QueryEscape(expires) + "&artifactName=" + url.QueryEscape(artifactName) + "&taskID=" + fmt.Sprint(taskID)
+		"/" + endp + "?sig=" + base64.URLEncoding.EncodeToString(r.buildSignature(endp, expires, artifactName, taskID, artifactID)) + "&expires=" + url.QueryEscape(expires) + "&artifactName=" + url.QueryEscape(artifactName) + "&taskID=" + fmt.Sprint(taskID) + "&artifactID=" + fmt.Sprint(artifactID)
 	return uploadURL
 }
 
 func (r artifactV4Routes) verifySignature(ctx *ArtifactContext, endp string) (*actions.ActionTask, string, bool) {
 	rawTaskID := ctx.Req.URL.Query().Get("taskID")
+	rawArtifactID := ctx.Req.URL.Query().Get("artifactID")
 	sig := ctx.Req.URL.Query().Get("sig")
 	expires := ctx.Req.URL.Query().Get("expires")
 	artifactName := ctx.Req.URL.Query().Get("artifactName")
 	dsig, _ := base64.URLEncoding.DecodeString(sig)
 	taskID, _ := strconv.ParseInt(rawTaskID, 10, 64)
+	artifactID, _ := strconv.ParseInt(rawArtifactID, 10, 64)
 
-	expecedsig := r.buildSignature(endp, expires, artifactName, taskID)
+	expecedsig := r.buildSignature(endp, expires, artifactName, taskID, artifactID)
 	if !hmac.Equal(dsig, expecedsig) {
 		log.Error("Error unauthorized")
 		ctx.Error(http.StatusUnauthorized, "Error unauthorized")
@@ -272,6 +283,8 @@ func (r *artifactV4Routes) createArtifact(ctx *ArtifactContext) {
 		return
 	}
 	artifact.ContentEncoding = ArtifactV4ContentEncoding
+	artifact.FileSize = 0
+	artifact.FileCompressedSize = 0
 	if err := actions.UpdateArtifactByID(ctx, artifact.ID, artifact); err != nil {
 		log.Error("Error UpdateArtifactByID: %v", err)
 		ctx.Error(http.StatusInternalServerError, "Error UpdateArtifactByID")
@@ -280,7 +293,7 @@ func (r *artifactV4Routes) createArtifact(ctx *ArtifactContext) {
 
 	respData := CreateArtifactResponse{
 		Ok:              true,
-		SignedUploadUrl: r.buildArtifactURL("UploadArtifact", artifactName, ctx.ActionTask.ID),
+		SignedUploadUrl: r.buildArtifactURL("UploadArtifact", artifactName, ctx.ActionTask.ID, artifact.ID),
 	}
 	r.sendProtbufBody(ctx, &respData)
 }
@@ -306,38 +319,77 @@ func (r *artifactV4Routes) uploadArtifact(ctx *ArtifactContext) {
 	comp := ctx.Req.URL.Query().Get("comp")
 	switch comp {
 	case "block", "appendBlock":
-		// get artifact by name
-		artifact, err := r.getArtifactByName(ctx, task.Job.RunID, artifactName)
-		if err != nil {
-			log.Error("Error artifact not found: %v", err)
-			ctx.Error(http.StatusNotFound, "Error artifact not found")
-			return
-		}
+		blockid := ctx.Req.URL.Query().Get("blockid")
+		if blockid == "" {
+			// get artifact by name
+			artifact, err := r.getArtifactByName(ctx, task.Job.RunID, artifactName)
+			if err != nil {
+				log.Error("Error artifact not found: %v", err)
+				ctx.Error(http.StatusNotFound, "Error artifact not found")
+				return
+			}
 
-		if comp == "block" {
-			artifact.FileSize = 0
-			artifact.FileCompressedSize = 0
+			_, err = appendUploadChunk(r.fs, ctx, artifact, artifact.FileSize, ctx.Req.ContentLength, artifact.RunID)
+			if err != nil {
+				log.Error("Error runner api getting task: task is not running")
+				ctx.Error(http.StatusInternalServerError, "Error runner api getting task: task is not running")
+				return
+			}
+			artifact.FileCompressedSize += ctx.Req.ContentLength
+			artifact.FileSize += ctx.Req.ContentLength
+			if err := actions.UpdateArtifactByID(ctx, artifact.ID, artifact); err != nil {
+				log.Error("Error UpdateArtifactByID: %v", err)
+				ctx.Error(http.StatusInternalServerError, "Error UpdateArtifactByID")
+				return
+			}
+		} else {
+			_, err := r.fs.Save(fmt.Sprintf("tmpv4%d/block-%d-%d-%s", task.Job.RunID, task.Job.RunID, ctx.Req.ContentLength, base64.URLEncoding.EncodeToString([]byte(blockid))), ctx.Req.Body, -1)
+			if err != nil {
+				log.Error("Error runner api getting task: task is not running")
+				ctx.Error(http.StatusInternalServerError, "Error runner api getting task: task is not running")
+				return
+			}
 		}
-
-		_, err = appendUploadChunk(r.fs, ctx, artifact, artifact.FileSize, ctx.Req.ContentLength, artifact.RunID)
+		ctx.JSON(http.StatusCreated, "appended")
+	case "blocklist":
+		rawArtifactID := ctx.Req.URL.Query().Get("artifactID")
+		artifactID, _ := strconv.ParseInt(rawArtifactID, 10, 64)
+		_, err := r.fs.Save(fmt.Sprintf("tmpv4%d/%d-%d-blocklist", task.Job.RunID, task.Job.RunID, artifactID), ctx.Req.Body, -1)
 		if err != nil {
 			log.Error("Error runner api getting task: task is not running")
 			ctx.Error(http.StatusInternalServerError, "Error runner api getting task: task is not running")
 			return
 		}
-		artifact.FileCompressedSize += ctx.Req.ContentLength
-		artifact.FileSize += ctx.Req.ContentLength
-		if err := actions.UpdateArtifactByID(ctx, artifact.ID, artifact); err != nil {
-			log.Error("Error UpdateArtifactByID: %v", err)
-			ctx.Error(http.StatusInternalServerError, "Error UpdateArtifactByID")
-			return
-		}
-		ctx.JSON(http.StatusCreated, "appended")
-	case "blocklist":
 		ctx.JSON(http.StatusCreated, "created")
 	}
 }
 
+type BlockList struct {
+	Latest []string `xml:"Latest"`
+}
+
+type Latest struct {
+	Value string `xml:",chardata"`
+}
+
+func (r *artifactV4Routes) readBlockList(runID, artifactID int64) (*BlockList, error) {
+	blockListName := fmt.Sprintf("tmpv4%d/%d-%d-blocklist", runID, runID, artifactID)
+	s, err := r.fs.Open(blockListName)
+	if err != nil {
+		return nil, err
+	}
+
+	xdec := xml.NewDecoder(s)
+	blockList := &BlockList{}
+	err = xdec.Decode(blockList)
+
+	delerr := r.fs.Delete(blockListName)
+	if delerr != nil {
+		log.Warn("Failed to delete blockList %s: %v", blockListName, delerr)
+	}
+	return blockList, err
+}
+
 func (r *artifactV4Routes) finalizeArtifact(ctx *ArtifactContext) {
 	var req FinalizeArtifactRequest
 
@@ -356,18 +408,34 @@ func (r *artifactV4Routes) finalizeArtifact(ctx *ArtifactContext) {
 		ctx.Error(http.StatusNotFound, "Error artifact not found")
 		return
 	}
-	chunkMap, err := listChunksByRunID(r.fs, runID)
+
+	var chunks []*chunkFileItem
+	blockList, err := r.readBlockList(runID, artifact.ID)
 	if err != nil {
-		log.Error("Error merge chunks: %v", err)
-		ctx.Error(http.StatusInternalServerError, "Error merge chunks")
-		return
-	}
-	chunks, ok := chunkMap[artifact.ID]
-	if !ok {
-		log.Error("Error merge chunks")
-		ctx.Error(http.StatusInternalServerError, "Error merge chunks")
-		return
+		log.Warn("Failed to read BlockList, fallback to old behavior: %v", err)
+		chunkMap, err := listChunksByRunID(r.fs, runID)
+		if err != nil {
+			log.Error("Error merge chunks: %v", err)
+			ctx.Error(http.StatusInternalServerError, "Error merge chunks")
+			return
+		}
+		chunks, ok = chunkMap[artifact.ID]
+		if !ok {
+			log.Error("Error merge chunks")
+			ctx.Error(http.StatusInternalServerError, "Error merge chunks")
+			return
+		}
+	} else {
+		chunks, err = listChunksByRunIDV4(r.fs, runID, artifact.ID, blockList)
+		if err != nil {
+			log.Error("Error merge chunks: %v", err)
+			ctx.Error(http.StatusInternalServerError, "Error merge chunks")
+			return
+		}
+		artifact.FileSize = chunks[len(chunks)-1].End + 1
+		artifact.FileCompressedSize = chunks[len(chunks)-1].End + 1
 	}
+
 	checksum := ""
 	if req.Hash != nil {
 		checksum = req.Hash.Value
@@ -468,7 +536,7 @@ func (r *artifactV4Routes) getSignedArtifactURL(ctx *ArtifactContext) {
 		}
 	}
 	if respData.SignedUrl == "" {
-		respData.SignedUrl = r.buildArtifactURL("DownloadArtifact", artifactName, ctx.ActionTask.ID)
+		respData.SignedUrl = r.buildArtifactURL("DownloadArtifact", artifactName, ctx.ActionTask.ID, artifact.ID)
 	}
 	r.sendProtbufBody(ctx, &respData)
 }
diff --git a/tests/integration/api_actions_artifact_v4_test.go b/tests/integration/api_actions_artifact_v4_test.go
index b2c25a2e70..96668b1ddf 100644
--- a/tests/integration/api_actions_artifact_v4_test.go
+++ b/tests/integration/api_actions_artifact_v4_test.go
@@ -7,12 +7,14 @@ import (
 	"bytes"
 	"crypto/sha256"
 	"encoding/hex"
+	"encoding/xml"
 	"io"
 	"net/http"
 	"strings"
 	"testing"
 	"time"
 
+	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/routers/api/actions"
 	actions_service "code.gitea.io/gitea/services/actions"
 	"code.gitea.io/gitea/tests"
@@ -175,6 +177,134 @@ func TestActionsArtifactV4UploadSingleFileWithRetentionDays(t *testing.T) {
 	assert.True(t, finalizeResp.Ok)
 }
 
+func TestActionsArtifactV4UploadSingleFileWithPotentialHarmfulBlockID(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	assert.NoError(t, err)
+
+	// acquire artifact upload url
+	req := NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/CreateArtifact", toProtoJSON(&actions.CreateArtifactRequest{
+		Version:                 4,
+		Name:                    "artifactWithPotentialHarmfulBlockID",
+		WorkflowRunBackendId:    "792",
+		WorkflowJobRunBackendId: "193",
+	})).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var uploadResp actions.CreateArtifactResponse
+	protojson.Unmarshal(resp.Body.Bytes(), &uploadResp)
+	assert.True(t, uploadResp.Ok)
+	assert.Contains(t, uploadResp.SignedUploadUrl, "/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact")
+
+	// get upload urls
+	idx := strings.Index(uploadResp.SignedUploadUrl, "/twirp/")
+	url := uploadResp.SignedUploadUrl[idx:] + "&comp=block&blockid=%2f..%2fmyfile"
+	blockListURL := uploadResp.SignedUploadUrl[idx:] + "&comp=blocklist"
+
+	// upload artifact chunk
+	body := strings.Repeat("A", 1024)
+	req = NewRequestWithBody(t, "PUT", url, strings.NewReader(body))
+	MakeRequest(t, req, http.StatusCreated)
+
+	// verify that the exploit didn't work
+	_, err = storage.Actions.Stat("myfile")
+	assert.Error(t, err)
+
+	// upload artifact blockList
+	blockList := &actions.BlockList{
+		Latest: []string{
+			"/../myfile",
+		},
+	}
+	rawBlockList, err := xml.Marshal(blockList)
+	assert.NoError(t, err)
+	req = NewRequestWithBody(t, "PUT", blockListURL, bytes.NewReader(rawBlockList))
+	MakeRequest(t, req, http.StatusCreated)
+
+	t.Logf("Create artifact confirm")
+
+	sha := sha256.Sum256([]byte(body))
+
+	// confirm artifact upload
+	req = NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/FinalizeArtifact", toProtoJSON(&actions.FinalizeArtifactRequest{
+		Name:                    "artifactWithPotentialHarmfulBlockID",
+		Size:                    1024,
+		Hash:                    wrapperspb.String("sha256:" + hex.EncodeToString(sha[:])),
+		WorkflowRunBackendId:    "792",
+		WorkflowJobRunBackendId: "193",
+	})).
+		AddTokenAuth(token)
+	resp = MakeRequest(t, req, http.StatusOK)
+	var finalizeResp actions.FinalizeArtifactResponse
+	protojson.Unmarshal(resp.Body.Bytes(), &finalizeResp)
+	assert.True(t, finalizeResp.Ok)
+}
+
+func TestActionsArtifactV4UploadSingleFileWithChunksOutOfOrder(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	assert.NoError(t, err)
+
+	// acquire artifact upload url
+	req := NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/CreateArtifact", toProtoJSON(&actions.CreateArtifactRequest{
+		Version:                 4,
+		Name:                    "artifactWithChunksOutOfOrder",
+		WorkflowRunBackendId:    "792",
+		WorkflowJobRunBackendId: "193",
+	})).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var uploadResp actions.CreateArtifactResponse
+	protojson.Unmarshal(resp.Body.Bytes(), &uploadResp)
+	assert.True(t, uploadResp.Ok)
+	assert.Contains(t, uploadResp.SignedUploadUrl, "/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact")
+
+	// get upload urls
+	idx := strings.Index(uploadResp.SignedUploadUrl, "/twirp/")
+	block1URL := uploadResp.SignedUploadUrl[idx:] + "&comp=block&blockid=block1"
+	block2URL := uploadResp.SignedUploadUrl[idx:] + "&comp=block&blockid=block2"
+	blockListURL := uploadResp.SignedUploadUrl[idx:] + "&comp=blocklist"
+
+	// upload artifact chunks
+	bodyb := strings.Repeat("B", 1024)
+	req = NewRequestWithBody(t, "PUT", block2URL, strings.NewReader(bodyb))
+	MakeRequest(t, req, http.StatusCreated)
+
+	bodya := strings.Repeat("A", 1024)
+	req = NewRequestWithBody(t, "PUT", block1URL, strings.NewReader(bodya))
+	MakeRequest(t, req, http.StatusCreated)
+
+	// upload artifact blockList
+	blockList := &actions.BlockList{
+		Latest: []string{
+			"block1",
+			"block2",
+		},
+	}
+	rawBlockList, err := xml.Marshal(blockList)
+	assert.NoError(t, err)
+	req = NewRequestWithBody(t, "PUT", blockListURL, bytes.NewReader(rawBlockList))
+	MakeRequest(t, req, http.StatusCreated)
+
+	t.Logf("Create artifact confirm")
+
+	sha := sha256.Sum256([]byte(bodya + bodyb))
+
+	// confirm artifact upload
+	req = NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/FinalizeArtifact", toProtoJSON(&actions.FinalizeArtifactRequest{
+		Name:                    "artifactWithChunksOutOfOrder",
+		Size:                    2048,
+		Hash:                    wrapperspb.String("sha256:" + hex.EncodeToString(sha[:])),
+		WorkflowRunBackendId:    "792",
+		WorkflowJobRunBackendId: "193",
+	})).
+		AddTokenAuth(token)
+	resp = MakeRequest(t, req, http.StatusOK)
+	var finalizeResp actions.FinalizeArtifactResponse
+	protojson.Unmarshal(resp.Body.Bytes(), &finalizeResp)
+	assert.True(t, finalizeResp.Ok)
+}
+
 func TestActionsArtifactV4DownloadSingle(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From b2483b2ae031bbfd8829595fbff19cd323d80e7f Mon Sep 17 00:00:00 2001
From: Earl Warren 
Date: Sun, 29 Sep 2024 09:58:47 +0200
Subject: [PATCH 018/166] Fix artifact v4 upload above 8MB (#31664) (fix lint
 errors)

---
 tests/integration/api_actions_artifact_v4_test.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/integration/api_actions_artifact_v4_test.go b/tests/integration/api_actions_artifact_v4_test.go
index 96668b1ddf..f55250f6c1 100644
--- a/tests/integration/api_actions_artifact_v4_test.go
+++ b/tests/integration/api_actions_artifact_v4_test.go
@@ -181,7 +181,7 @@ func TestActionsArtifactV4UploadSingleFileWithPotentialHarmfulBlockID(t *testing
 	defer tests.PrepareTestEnv(t)()
 
 	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	// acquire artifact upload url
 	req := NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/CreateArtifact", toProtoJSON(&actions.CreateArtifactRequest{
@@ -208,7 +208,7 @@ func TestActionsArtifactV4UploadSingleFileWithPotentialHarmfulBlockID(t *testing
 
 	// verify that the exploit didn't work
 	_, err = storage.Actions.Stat("myfile")
-	assert.Error(t, err)
+	require.Error(t, err)
 
 	// upload artifact blockList
 	blockList := &actions.BlockList{
@@ -217,7 +217,7 @@ func TestActionsArtifactV4UploadSingleFileWithPotentialHarmfulBlockID(t *testing
 		},
 	}
 	rawBlockList, err := xml.Marshal(blockList)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	req = NewRequestWithBody(t, "PUT", blockListURL, bytes.NewReader(rawBlockList))
 	MakeRequest(t, req, http.StatusCreated)
 
@@ -244,7 +244,7 @@ func TestActionsArtifactV4UploadSingleFileWithChunksOutOfOrder(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	// acquire artifact upload url
 	req := NewRequestWithBody(t, "POST", "/twirp/github.actions.results.api.v1.ArtifactService/CreateArtifact", toProtoJSON(&actions.CreateArtifactRequest{
@@ -282,7 +282,7 @@ func TestActionsArtifactV4UploadSingleFileWithChunksOutOfOrder(t *testing.T) {
 		},
 	}
 	rawBlockList, err := xml.Marshal(blockList)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	req = NewRequestWithBody(t, "PUT", blockListURL, bytes.NewReader(rawBlockList))
 	MakeRequest(t, req, http.StatusCreated)
 

From b28a070a528b2df5472018d296e4e9d9e128b3bc Mon Sep 17 00:00:00 2001
From: cloudchamb3r 
Date: Tue, 24 Sep 2024 02:09:57 +0900
Subject: [PATCH 019/166] Fix Bug in Issue/pulls list (#32081)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

fix #32080

## After
### for opened issues
Screenshot 2024-09-19 at 6 29 31 PM

### for closed issues
Screenshot 2024-09-19 at 6 29 37 PM

### for all issues
Screenshot 2024-09-20 at 12 07 12 PM

(cherry picked from commit e1f0598c8f5af5ac95f5e13b74fbab99506762db)
---
 routers/web/repo/issue.go                | 1 +
 templates/repo/issue/filter_actions.tmpl | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 01fd1e2725..5d13ccc97c 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -476,6 +476,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
 	ctx.Data["PosterID"] = posterID
 	ctx.Data["IsFuzzy"] = isFuzzy
 	ctx.Data["Keyword"] = keyword
+	ctx.Data["IsShowClosed"] = isShowClosed
 	switch {
 	case isShowClosed.Value():
 		ctx.Data["State"] = "closed"
diff --git a/templates/repo/issue/filter_actions.tmpl b/templates/repo/issue/filter_actions.tmpl
index a341448bcc..58b1ef8ecd 100644
--- a/templates/repo/issue/filter_actions.tmpl
+++ b/templates/repo/issue/filter_actions.tmpl
@@ -1,9 +1,9 @@
 

 	{{if not .Repository.IsArchived}}
 		
-		{{if .IsShowClosed}}
+		{{if and .IsShowClosed.Has .IsShowClosed.Value}}
 			
-		{{else}}
+		{{else if and .IsShowClosed.Has (not .IsShowClosed.Value)}}
 			
 		{{end}}
 		{{if $.IsRepoAdmin}}

From d8ae7d9e96978c3e428ab8dc945cbd5ba601451c Mon Sep 17 00:00:00 2001
From: Lunny Xiao 
Date: Tue, 24 Sep 2024 09:30:05 +0800
Subject: [PATCH 020/166] Fix panic when cloning with wrong ssh format.
 (#32076)

(cherry picked from commit 3f2d8f873035b614b4cdb447d8e16f5af82cefe8)
---
 cmd/serv.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/cmd/serv.go b/cmd/serv.go
index 0e3006b36b..db67e36fa3 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -147,6 +147,12 @@ func runServ(c *cli.Context) error {
 		return nil
 	}
 
+	defer func() {
+		if err := recover(); err != nil {
+			_ = fail(ctx, "Internal Server Error", "Panic: %v\n%s", err, log.Stack(2))
+		}
+	}()
+
 	keys := strings.Split(c.Args().First(), "-")
 	if len(keys) != 2 || keys[0] != "key" {
 		return fail(ctx, "Key ID format error", "Invalid key argument: %s", c.Args().First())
@@ -193,10 +199,7 @@ func runServ(c *cli.Context) error {
 	}
 
 	verb := words[0]
-	repoPath := words[1]
-	if repoPath[0] == '/' {
-		repoPath = repoPath[1:]
-	}
+	repoPath := strings.TrimPrefix(words[1], "/")
 
 	var lfsVerb string
 	if verb == lfsAuthenticateVerb {

From e1e7299bd9a07c568a857ea346f446ffa67f8809 Mon Sep 17 00:00:00 2001
From: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
Date: Mon, 23 Sep 2024 20:38:08 -0700
Subject: [PATCH 021/166] Truncate commit message during Discord webhook push
 events (#31970)

Resolves #31668.

(cherry picked from commit aadbe0488f454b9f7f5a56765f4530f9d1e2c6ec)
---
 services/webhook/discord.go      | 11 +++++++++--
 services/webhook/discord_test.go | 14 ++++++++++++++
 services/webhook/general_test.go | 10 +++++++++-
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/services/webhook/discord.go b/services/webhook/discord.go
index b342b45690..af1dd79927 100644
--- a/services/webhook/discord.go
+++ b/services/webhook/discord.go
@@ -12,6 +12,7 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"unicode/utf8"
 
 	webhook_model "code.gitea.io/gitea/models/webhook"
 	"code.gitea.io/gitea/modules/git"
@@ -179,8 +180,14 @@ func (d discordConvertor) Push(p *api.PushPayload) (DiscordPayload, error) {
 	var text string
 	// for each commit, generate attachment text
 	for i, commit := range p.Commits {
-		text += fmt.Sprintf("[%s](%s) %s - %s", commit.ID[:7], commit.URL,
-			strings.TrimRight(commit.Message, "\r\n"), commit.Author.Name)
+		// limit the commit message display to just the summary, otherwise it would be hard to read
+		message := strings.TrimRight(strings.SplitN(commit.Message, "\n", 1)[0], "\r")
+
+		// a limit of 50 is set because GitHub does the same
+		if utf8.RuneCountInString(message) > 50 {
+			message = fmt.Sprintf("%.47s...", message)
+		}
+		text += fmt.Sprintf("[%s](%s) %s - %s", commit.ID[:7], commit.URL, message, commit.Author.Name)
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
 			text += "\n"
diff --git a/services/webhook/discord_test.go b/services/webhook/discord_test.go
index 73be143f46..cc5ec8a3e0 100644
--- a/services/webhook/discord_test.go
+++ b/services/webhook/discord_test.go
@@ -80,6 +80,20 @@ func TestDiscordPayload(t *testing.T) {
 		assert.Equal(t, p.Sender.AvatarURL, pl.Embeds[0].Author.IconURL)
 	})
 
+	t.Run("PushWithLongCommitMessage", func(t *testing.T) {
+		p := pushTestMultilineCommitMessagePayload()
+
+		pl, err := dc.Push(p)
+		require.NoError(t, err)
+
+		assert.Len(t, pl.Embeds, 1)
+		assert.Equal(t, "[test/repo:test] 2 new commits", pl.Embeds[0].Title)
+		assert.Equal(t, "[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好... - user1\n[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好... - user1", pl.Embeds[0].Description)
+		assert.Equal(t, p.Sender.UserName, pl.Embeds[0].Author.Name)
+		assert.Equal(t, setting.AppURL+p.Sender.UserName, pl.Embeds[0].Author.URL)
+		assert.Equal(t, p.Sender.AvatarURL, pl.Embeds[0].Author.IconURL)
+	})
+
 	t.Run("Issue", func(t *testing.T) {
 		p := issueTestPayload()
 
diff --git a/services/webhook/general_test.go b/services/webhook/general_test.go
index 5b9bfdc1b2..2d991f8300 100644
--- a/services/webhook/general_test.go
+++ b/services/webhook/general_test.go
@@ -64,9 +64,17 @@ func forkTestPayload() *api.ForkPayload {
 }
 
 func pushTestPayload() *api.PushPayload {
+	return pushTestPayloadWithCommitMessage("commit message")
+}
+
+func pushTestMultilineCommitMessagePayload() *api.PushPayload {
+	return pushTestPayloadWithCommitMessage("This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好 ⚠️⚠️️\n\nThis is the message body.")
+}
+
+func pushTestPayloadWithCommitMessage(message string) *api.PushPayload {
 	commit := &api.PayloadCommit{
 		ID:      "2020558fe2e34debb818a514715839cabd25e778",
-		Message: "commit message",
+		Message: message,
 		URL:     "http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778",
 		Author: &api.PayloadUser{
 			Name:     "user1",

From cb88d558378b66154c4334d73230ba0e8946d3b0 Mon Sep 17 00:00:00 2001
From: Lunny Xiao 
Date: Tue, 24 Sep 2024 15:12:06 +0800
Subject: [PATCH 022/166] Include collaboration repositories on dashboard
 source/forks/mirrors list (#31946)

Fix #13489

In the original implementation, only `All` will display your owned and
collaborated repositories. For other filters like `Source`, `Mirrors`
and etc. will only display your owned repositories.

This PR removed the limitations. Now except `collbrations`, other
filters will always display your owned and collaborated repositories.

(cherry picked from commit 4947bec8360c152daca23e120eae1732d3848492)
---
 web_src/js/components/DashboardRepoList.vue | 1 -
 1 file changed, 1 deletion(-)

diff --git a/web_src/js/components/DashboardRepoList.vue b/web_src/js/components/DashboardRepoList.vue
index 69a8ced47d..e5874133b1 100644
--- a/web_src/js/components/DashboardRepoList.vue
+++ b/web_src/js/components/DashboardRepoList.vue
@@ -78,7 +78,6 @@ const sfc = {
     searchURL() {
       return `${this.subUrl}/repo/search?sort=updated&order=desc&uid=${this.uid}&team_id=${this.teamId}&q=${this.searchQuery
       }&page=${this.page}&limit=${this.searchLimit}&mode=${this.repoTypes[this.reposFilter].searchMode
-      }${this.reposFilter !== 'all' ? '&exclusive=1' : ''
       }${this.archivedFilter === 'archived' ? '&archived=true' : ''}${this.archivedFilter === 'unarchived' ? '&archived=false' : ''
       }${this.privateFilter === 'private' ? '&is_private=true' : ''}${this.privateFilter === 'public' ? '&is_private=false' : ''
       }`;

From 0a0a3cea1b54d9cd7c95faf9318f6c3cdf1469a9 Mon Sep 17 00:00:00 2001
From: Lunny Xiao 
Date: Tue, 24 Sep 2024 15:42:08 +0800
Subject: [PATCH 023/166] Fix bug when deleting a migrated branch (#32075)

After migrating a repository with pull request, the branch is missed and
after the pull request merged, the branch cannot be deleted.

(cherry picked from commit 5a8568459d22e57cac506465463660526ca6a08f)

Conflicts:
	services/repository/branch.go
  conflict because of [GITEA] Fix typo in formatting error e71b5a038ecfd80630c98752472c2719b0e9659f
---
 services/repository/branch.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/services/repository/branch.go b/services/repository/branch.go
index 27e50e5ced..f0e7120926 100644
--- a/services/repository/branch.go
+++ b/services/repository/branch.go
@@ -430,13 +430,12 @@ func DeleteBranch(ctx context.Context, doer *user_model.User, repo *repo_model.R
 	}
 
 	rawBranch, err := git_model.GetBranch(ctx, repo.ID, branchName)
-	if err != nil {
+	if err != nil && !git_model.IsErrBranchNotExist(err) {
 		return fmt.Errorf("GetBranch: %v", err)
 	}
 
-	if rawBranch.IsDeleted {
-		return nil
-	}
+	// database branch record not exist or it's a deleted branch
+	notExist := git_model.IsErrBranchNotExist(err) || rawBranch.IsDeleted
 
 	commit, err := gitRepo.GetBranchCommit(branchName)
 	if err != nil {
@@ -444,8 +443,10 @@ func DeleteBranch(ctx context.Context, doer *user_model.User, repo *repo_model.R
 	}
 
 	if err := db.WithTx(ctx, func(ctx context.Context) error {
-		if err := git_model.AddDeletedBranch(ctx, repo.ID, branchName, doer.ID); err != nil {
-			return err
+		if !notExist {
+			if err := git_model.AddDeletedBranch(ctx, repo.ID, branchName, doer.ID); err != nil {
+				return err
+			}
 		}
 
 		return gitRepo.DeleteBranch(branchName, git.DeleteBranchOptions{

From c400f26e6cf17358750d680d91e828827f91b179 Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Wed, 25 Sep 2024 03:34:08 +0900
Subject: [PATCH 024/166] Fix wrong status of `Set up Job` when first step is
 skipped (#32120)

Fix #32089

(cherry picked from commit 6fa962f409c84477a7a4cf35b4a38a4a93fc3224)
---
 modules/actions/task_state.go      | 51 ++++++++++++++++++------------
 modules/actions/task_state_test.go | 19 +++++++++++
 2 files changed, 49 insertions(+), 21 deletions(-)

diff --git a/modules/actions/task_state.go b/modules/actions/task_state.go
index 31a74be3fd..1f36e021a5 100644
--- a/modules/actions/task_state.go
+++ b/modules/actions/task_state.go
@@ -18,8 +18,32 @@ func FullSteps(task *actions_model.ActionTask) []*actions_model.ActionTaskStep {
 		return fullStepsOfEmptySteps(task)
 	}
 
-	firstStep := task.Steps[0]
+	// firstStep is the first step that has run or running, not include preStep.
+	// For example,
+	// 1. preStep(Success) -> step1(Success) -> step2(Running) -> step3(Waiting) -> postStep(Waiting): firstStep is step1.
+	// 2. preStep(Success) -> step1(Skipped) -> step2(Success) -> postStep(Success): firstStep is step2.
+	// 3. preStep(Success) -> step1(Running) -> step2(Waiting) -> postStep(Waiting): firstStep is step1.
+	// 4. preStep(Success) -> step1(Skipped) -> step2(Skipped) -> postStep(Skipped): firstStep is nil.
+	// 5. preStep(Success) -> step1(Cancelled) -> step2(Cancelled) -> postStep(Cancelled): firstStep is nil.
+	var firstStep *actions_model.ActionTaskStep
+	// lastHasRunStep is the last step that has run.
+	// For example,
+	// 1. preStep(Success) -> step1(Success) -> step2(Running) -> step3(Waiting) -> postStep(Waiting): lastHasRunStep is step1.
+	// 2. preStep(Success) -> step1(Success) -> step2(Success) -> step3(Success) -> postStep(Success): lastHasRunStep is step3.
+	// 3. preStep(Success) -> step1(Success) -> step2(Failure) -> step3 -> postStep(Waiting): lastHasRunStep is step2.
+	// So its Stopped is the Started of postStep when there are no more steps to run.
+	var lastHasRunStep *actions_model.ActionTaskStep
+
 	var logIndex int64
+	for _, step := range task.Steps {
+		if firstStep == nil && (step.Status.HasRun() || step.Status.IsRunning()) {
+			firstStep = step
+		}
+		if step.Status.HasRun() {
+			lastHasRunStep = step
+		}
+		logIndex += step.LogLength
+	}
 
 	preStep := &actions_model.ActionTaskStep{
 		Name:      preStepName,
@@ -28,32 +52,17 @@ func FullSteps(task *actions_model.ActionTask) []*actions_model.ActionTaskStep {
 		Status:    actions_model.StatusRunning,
 	}
 
-	if firstStep.Status.HasRun() || firstStep.Status.IsRunning() {
+	// No step has run or is running, so preStep is equal to the task
+	if firstStep == nil {
+		preStep.Stopped = task.Stopped
+		preStep.Status = task.Status
+	} else {
 		preStep.LogLength = firstStep.LogIndex
 		preStep.Stopped = firstStep.Started
 		preStep.Status = actions_model.StatusSuccess
-	} else if task.Status.IsDone() {
-		preStep.Stopped = task.Stopped
-		preStep.Status = actions_model.StatusFailure
-		if task.Status.IsSkipped() {
-			preStep.Status = actions_model.StatusSkipped
-		}
 	}
 	logIndex += preStep.LogLength
 
-	// lastHasRunStep is the last step that has run.
-	// For example,
-	// 1. preStep(Success) -> step1(Success) -> step2(Running) -> step3(Waiting) -> postStep(Waiting): lastHasRunStep is step1.
-	// 2. preStep(Success) -> step1(Success) -> step2(Success) -> step3(Success) -> postStep(Success): lastHasRunStep is step3.
-	// 3. preStep(Success) -> step1(Success) -> step2(Failure) -> step3 -> postStep(Waiting): lastHasRunStep is step2.
-	// So its Stopped is the Started of postStep when there are no more steps to run.
-	var lastHasRunStep *actions_model.ActionTaskStep
-	for _, step := range task.Steps {
-		if step.Status.HasRun() {
-			lastHasRunStep = step
-		}
-		logIndex += step.LogLength
-	}
 	if lastHasRunStep == nil {
 		lastHasRunStep = preStep
 	}
diff --git a/modules/actions/task_state_test.go b/modules/actions/task_state_test.go
index 28213d781b..ff0fd57195 100644
--- a/modules/actions/task_state_test.go
+++ b/modules/actions/task_state_test.go
@@ -137,6 +137,25 @@ func TestFullSteps(t *testing.T) {
 				{Name: postStepName, Status: actions_model.StatusSkipped, LogIndex: 0, LogLength: 0, Started: 0, Stopped: 0},
 			},
 		},
+		{
+			name: "first step is skipped",
+			task: &actions_model.ActionTask{
+				Steps: []*actions_model.ActionTaskStep{
+					{Status: actions_model.StatusSkipped, LogIndex: 0, LogLength: 0, Started: 0, Stopped: 0},
+					{Status: actions_model.StatusSuccess, LogIndex: 10, LogLength: 80, Started: 10010, Stopped: 10090},
+				},
+				Status:    actions_model.StatusSuccess,
+				Started:   10000,
+				Stopped:   10100,
+				LogLength: 100,
+			},
+			want: []*actions_model.ActionTaskStep{
+				{Name: preStepName, Status: actions_model.StatusSuccess, LogIndex: 0, LogLength: 10, Started: 10000, Stopped: 10010},
+				{Status: actions_model.StatusSkipped, LogIndex: 0, LogLength: 0, Started: 0, Stopped: 0},
+				{Status: actions_model.StatusSuccess, LogIndex: 10, LogLength: 80, Started: 10010, Stopped: 10090},
+				{Name: postStepName, Status: actions_model.StatusSuccess, LogIndex: 90, LogLength: 10, Started: 10090, Stopped: 10100},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

From 3003195ad7d58df6d18d4216c2ecf9201cbd15eb Mon Sep 17 00:00:00 2001
From: Earl Warren 
Date: Sun, 29 Sep 2024 11:58:17 +0200
Subject: [PATCH 025/166] chore(release-notes): weekly cherry-pick week
 2024-40-v9.0

---
 release-notes/5418.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 release-notes/5418.md

diff --git a/release-notes/5418.md b/release-notes/5418.md
new file mode 100644
index 0000000000..729f4a4f88
--- /dev/null
+++ b/release-notes/5418.md
@@ -0,0 +1,2 @@
+fix: [commit](https://codeberg.org/forgejo/forgejo/commit/0a0a3cea1b54d9cd7c95faf9318f6c3cdf1469a9) After migrating a repository that contains merged pull requests, the branch is missing and cannot be deleted.
+fix: [commit](https://codeberg.org/forgejo/forgejo/commit/14c7055494b995476d9d2ec1948784bf36dd9e4d) Forgejo Actions artifact v4 upload above 8MB.

From e8a67571a13c8b1f0328818aa96ea29bdfca440a Mon Sep 17 00:00:00 2001
From: Renovate Bot 
Date: Sun, 29 Sep 2024 12:03:27 +0000
Subject: [PATCH 026/166] Update module github.com/minio/minio-go/v7 to v7.0.77

---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 3f7bb9d7ce..87ccc0669b 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/meilisearch/meilisearch-go v0.28.0
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/minio/minio-go/v7 v7.0.74
+	github.com/minio/minio-go/v7 v7.0.77
 	github.com/msteinert/pam v1.2.0
 	github.com/nektos/act v0.2.52
 	github.com/niklasfasching/go-org v1.7.0
@@ -250,7 +250,7 @@ require (
 	github.com/rhysd/actionlint v1.6.27 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
-	github.com/rs/xid v1.5.0 // indirect
+	github.com/rs/xid v1.6.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
diff --git a/go.sum b/go.sum
index a8f4ff066f..f5e0e87bd5 100644
--- a/go.sum
+++ b/go.sum
@@ -502,8 +502,8 @@ github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs=
 github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.74 h1:fTo/XlPBTSpo3BAMshlwKL5RspXRv9us5UeHEGYCFe0=
-github.com/minio/minio-go/v7 v7.0.74/go.mod h1:qydcVzV8Hqtj1VtEocfxbmVFa2siu6HGa+LDEPogjD8=
+github.com/minio/minio-go/v7 v7.0.77 h1:GaGghJRg9nwDVlNbwYjSDJT1rqltQkBFDsypWX1v3Bw=
+github.com/minio/minio-go/v7 v7.0.77/go.mod h1:AVM3IUN6WwKzmwBxVdjzhH8xq+f57JSbbvzqvUzR6eg=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
@@ -599,8 +599,8 @@ github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc=
-github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=

From f8c0a352ab9515ab8da480fd6e0ec10d3ec38afd Mon Sep 17 00:00:00 2001
From: Renovate Bot 
Date: Sun, 29 Sep 2024 18:02:49 +0000
Subject: [PATCH 027/166] Update dependency vue to v3.5.10

---
 package-lock.json | 108 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 17b119893c..eada4dddbd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -51,7 +51,7 @@
         "tributejs": "5.1.3",
         "uint8-to-base64": "0.2.0",
         "vanilla-colorful": "0.7.2",
-        "vue": "3.5.8",
+        "vue": "3.5.10",
         "vue-chartjs": "5.3.1",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
@@ -5028,39 +5028,39 @@
       }
     },
     "node_modules/@vue/compiler-core": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.8.tgz",
-      "integrity": "sha512-Uzlxp91EPjfbpeO5KtC0KnXPkuTfGsNDeaKQJxQN718uz+RqDYarEf7UhQJGK+ZYloD2taUbHTI2J4WrUaZQNA==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.10.tgz",
+      "integrity": "sha512-iXWlk+Cg/ag7gLvY0SfVucU8Kh2CjysYZjhhP70w9qI4MvSox4frrP+vDGvtQuzIcgD8+sxM6lZvCtdxGunTAA==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.25.3",
-        "@vue/shared": "3.5.8",
+        "@vue/shared": "3.5.10",
         "entities": "^4.5.0",
         "estree-walker": "^2.0.2",
         "source-map-js": "^1.2.0"
       }
     },
     "node_modules/@vue/compiler-dom": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.8.tgz",
-      "integrity": "sha512-GUNHWvoDSbSa5ZSHT9SnV5WkStWfzJwwTd6NMGzilOE/HM5j+9EB9zGXdtu/fCNEmctBqMs6C9SvVPpVPuk1Eg==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.10.tgz",
+      "integrity": "sha512-DyxHC6qPcktwYGKOIy3XqnHRrrXyWR2u91AjP+nLkADko380srsC2DC3s7Y1Rk6YfOlxOlvEQKa9XXmLI+W4ZA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-core": "3.5.8",
-        "@vue/shared": "3.5.8"
+        "@vue/compiler-core": "3.5.10",
+        "@vue/shared": "3.5.10"
       }
     },
     "node_modules/@vue/compiler-sfc": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.8.tgz",
-      "integrity": "sha512-taYpngQtSysrvO9GULaOSwcG5q821zCoIQBtQQSx7Uf7DxpR6CIHR90toPr9QfDD2mqHQPCSgoWBvJu0yV9zjg==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.10.tgz",
+      "integrity": "sha512-to8E1BgpakV7224ZCm8gz1ZRSyjNCAWEplwFMWKlzCdP9DkMKhRRwt0WkCjY7jkzi/Vz3xgbpeig5Pnbly4Tow==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.25.3",
-        "@vue/compiler-core": "3.5.8",
-        "@vue/compiler-dom": "3.5.8",
-        "@vue/compiler-ssr": "3.5.8",
-        "@vue/shared": "3.5.8",
+        "@vue/compiler-core": "3.5.10",
+        "@vue/compiler-dom": "3.5.10",
+        "@vue/compiler-ssr": "3.5.10",
+        "@vue/shared": "3.5.10",
         "estree-walker": "^2.0.2",
         "magic-string": "^0.30.11",
         "postcss": "^8.4.47",
@@ -5077,63 +5077,63 @@
       }
     },
     "node_modules/@vue/compiler-ssr": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.8.tgz",
-      "integrity": "sha512-W96PtryNsNG9u0ZnN5Q5j27Z/feGrFV6zy9q5tzJVyJaLiwYxvC0ek4IXClZygyhjm+XKM7WD9pdKi/wIRVC/Q==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.10.tgz",
+      "integrity": "sha512-hxP4Y3KImqdtyUKXDRSxKSRkSm1H9fCvhojEYrnaoWhE4w/y8vwWhnosJoPPe2AXm5sU7CSbYYAgkt2ZPhDz+A==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.8",
-        "@vue/shared": "3.5.8"
+        "@vue/compiler-dom": "3.5.10",
+        "@vue/shared": "3.5.10"
       }
     },
     "node_modules/@vue/reactivity": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.8.tgz",
-      "integrity": "sha512-mlgUyFHLCUZcAYkqvzYnlBRCh0t5ZQfLYit7nukn1GR96gc48Bp4B7OIcSfVSvlG1k3BPfD+p22gi1t2n9tsXg==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.10.tgz",
+      "integrity": "sha512-kW08v06F6xPSHhid9DJ9YjOGmwNDOsJJQk0ax21wKaUYzzuJGEuoKNU2Ujux8FLMrP7CFJJKsHhXN9l2WOVi2g==",
       "license": "MIT",
       "dependencies": {
-        "@vue/shared": "3.5.8"
+        "@vue/shared": "3.5.10"
       }
     },
     "node_modules/@vue/runtime-core": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.8.tgz",
-      "integrity": "sha512-fJuPelh64agZ8vKkZgp5iCkPaEqFJsYzxLk9vSC0X3G8ppknclNDr61gDc45yBGTaN5Xqc1qZWU3/NoaBMHcjQ==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.10.tgz",
+      "integrity": "sha512-9Q86I5Qq3swSkFfzrZ+iqEy7Vla325M7S7xc1NwKnRm/qoi1Dauz0rT6mTMmscqx4qz0EDJ1wjB+A36k7rl8mA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.8",
-        "@vue/shared": "3.5.8"
+        "@vue/reactivity": "3.5.10",
+        "@vue/shared": "3.5.10"
       }
     },
     "node_modules/@vue/runtime-dom": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.8.tgz",
-      "integrity": "sha512-DpAUz+PKjTZPUOB6zJgkxVI3GuYc2iWZiNeeHQUw53kdrparSTG6HeXUrYDjaam8dVsCdvQxDz6ZWxnyjccUjQ==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.10.tgz",
+      "integrity": "sha512-t3x7ht5qF8ZRi1H4fZqFzyY2j+GTMTDxRheT+i8M9Ph0oepUxoadmbwlFwMoW7RYCpNQLpP2Yx3feKs+fyBdpA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.8",
-        "@vue/runtime-core": "3.5.8",
-        "@vue/shared": "3.5.8",
+        "@vue/reactivity": "3.5.10",
+        "@vue/runtime-core": "3.5.10",
+        "@vue/shared": "3.5.10",
         "csstype": "^3.1.3"
       }
     },
     "node_modules/@vue/server-renderer": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.8.tgz",
-      "integrity": "sha512-7AmC9/mEeV9mmXNVyUIm1a1AjUhyeeGNbkLh39J00E7iPeGks8OGRB5blJiMmvqSh8SkaS7jkLWSpXtxUCeagA==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.10.tgz",
+      "integrity": "sha512-IVE97tt2kGKwHNq9yVO0xdh1IvYfZCShvDSy46JIh5OQxP1/EXSpoDqetVmyIzL7CYOWnnmMkVqd7YK2QSWkdw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-ssr": "3.5.8",
-        "@vue/shared": "3.5.8"
+        "@vue/compiler-ssr": "3.5.10",
+        "@vue/shared": "3.5.10"
       },
       "peerDependencies": {
-        "vue": "3.5.8"
+        "vue": "3.5.10"
       }
     },
     "node_modules/@vue/shared": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.8.tgz",
-      "integrity": "sha512-mJleSWbAGySd2RJdX1RBtcrUBX6snyOc0qHpgk3lGi4l9/P/3ny3ELqFWqYdkXIwwNN/kdm8nD9ky8o6l/Lx2A==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.10.tgz",
+      "integrity": "sha512-VkkBhU97Ki+XJ0xvl4C9YJsIZ2uIlQ7HqPpZOS3m9VCvmROPaChZU6DexdMJqvz9tbgG+4EtFVrSuailUq5KGQ==",
       "license": "MIT"
     },
     "node_modules/@vue/test-utils": {
@@ -16227,16 +16227,16 @@
       "license": "MIT"
     },
     "node_modules/vue": {
-      "version": "3.5.8",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.8.tgz",
-      "integrity": "sha512-hvuvuCy51nP/1fSRvrrIqTLSvrSyz2Pq+KQ8S8SXCxTWVE0nMaOnSDnSOxV1eYmGfvK7mqiwvd1C59CEEz7dAQ==",
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.10.tgz",
+      "integrity": "sha512-Vy2kmJwHPlouC/tSnIgXVg03SG+9wSqT1xu1Vehc+ChsXsRd7jLkKgMltVEFOzUdBr3uFwBCG+41LJtfAcBRng==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.8",
-        "@vue/compiler-sfc": "3.5.8",
-        "@vue/runtime-dom": "3.5.8",
-        "@vue/server-renderer": "3.5.8",
-        "@vue/shared": "3.5.8"
+        "@vue/compiler-dom": "3.5.10",
+        "@vue/compiler-sfc": "3.5.10",
+        "@vue/runtime-dom": "3.5.10",
+        "@vue/server-renderer": "3.5.10",
+        "@vue/shared": "3.5.10"
       },
       "peerDependencies": {
         "typescript": "*"
diff --git a/package.json b/package.json
index 10d1ec5939..36ec1a716e 100644
--- a/package.json
+++ b/package.json
@@ -50,7 +50,7 @@
     "tributejs": "5.1.3",
     "uint8-to-base64": "0.2.0",
     "vanilla-colorful": "0.7.2",
-    "vue": "3.5.8",
+    "vue": "3.5.10",
     "vue-chartjs": "5.3.1",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",

From 8da48fead3fb2406fe288698b1e84e5fe963e184 Mon Sep 17 00:00:00 2001
From: Renovate Bot 
Date: Mon, 30 Sep 2024 16:03:41 +0000
Subject: [PATCH 028/166] Lock file maintenance

---
 package-lock.json                  | 368 ++++++++++++++---------------
 web_src/fomantic/package-lock.json |  70 +++---
 2 files changed, 219 insertions(+), 219 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index eada4dddbd..c904d59e27 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3661,9 +3661,9 @@
       "license": "MIT"
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.21.3.tgz",
-      "integrity": "sha512-MmKSfaB9GX+zXl6E8z4koOr/xU63AMVleLEa64v7R0QF/ZloMs5vcD1sHgM64GXXS1csaJutG+ddtzcueI/BLg==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.22.5.tgz",
+      "integrity": "sha512-SU5cvamg0Eyu/F+kLeMXS7GoahL+OoizlclVFX3l5Ql6yNlywJJ0OuqTzUx0v+aHhPHEB/56CT06GQrRrGNYww==",
       "cpu": [
         "arm"
       ],
@@ -3675,9 +3675,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.21.3.tgz",
-      "integrity": "sha512-zrt8ecH07PE3sB4jPOggweBjJMzI1JG5xI2DIsUbkA+7K+Gkjys6eV7i9pOenNSDJH3eOr/jLb/PzqtmdwDq5g==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.22.5.tgz",
+      "integrity": "sha512-S4pit5BP6E5R5C8S6tgU/drvgjtYW76FBuG6+ibG3tMvlD1h9LHVF9KmlmaUBQ8Obou7hEyS+0w+IR/VtxwNMQ==",
       "cpu": [
         "arm64"
       ],
@@ -3689,9 +3689,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.21.3.tgz",
-      "integrity": "sha512-P0UxIOrKNBFTQaXTxOH4RxuEBVCgEA5UTNV6Yz7z9QHnUJ7eLX9reOd/NYMO3+XZO2cco19mXTxDMXxit4R/eQ==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.22.5.tgz",
+      "integrity": "sha512-250ZGg4ipTL0TGvLlfACkIxS9+KLtIbn7BCZjsZj88zSg2Lvu3Xdw6dhAhfe/FjjXPVNCtcSp+WZjVsD3a/Zlw==",
       "cpu": [
         "arm64"
       ],
@@ -3703,9 +3703,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.21.3.tgz",
-      "integrity": "sha512-L1M0vKGO5ASKntqtsFEjTq/fD91vAqnzeaF6sfNAy55aD+Hi2pBI5DKwCO+UNDQHWsDViJLqshxOahXyLSh3EA==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.22.5.tgz",
+      "integrity": "sha512-D8brJEFg5D+QxFcW6jYANu+Rr9SlKtTenmsX5hOSzNYVrK5oLAEMTUgKWYJP+wdKyCdeSwnapLsn+OVRFycuQg==",
       "cpu": [
         "x64"
       ],
@@ -3717,9 +3717,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.21.3.tgz",
-      "integrity": "sha512-btVgIsCjuYFKUjopPoWiDqmoUXQDiW2A4C3Mtmp5vACm7/GnyuprqIDPNczeyR5W8rTXEbkmrJux7cJmD99D2g==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.22.5.tgz",
+      "integrity": "sha512-PNqXYmdNFyWNg0ma5LdY8wP+eQfdvyaBAojAXgO7/gs0Q/6TQJVXAXe8gwW9URjbS0YAammur0fynYGiWsKlXw==",
       "cpu": [
         "arm"
       ],
@@ -3731,9 +3731,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.21.3.tgz",
-      "integrity": "sha512-zmjbSphplZlau6ZTkxd3+NMtE4UKVy7U4aVFMmHcgO5CUbw17ZP6QCgyxhzGaU/wFFdTfiojjbLG3/0p9HhAqA==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.22.5.tgz",
+      "integrity": "sha512-kSSCZOKz3HqlrEuwKd9TYv7vxPYD77vHSUvM2y0YaTGnFc8AdI5TTQRrM1yIp3tXCKrSL9A7JLoILjtad5t8pQ==",
       "cpu": [
         "arm"
       ],
@@ -3745,9 +3745,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.21.3.tgz",
-      "integrity": "sha512-nSZfcZtAnQPRZmUkUQwZq2OjQciR6tEoJaZVFvLHsj0MF6QhNMg0fQ6mUOsiCUpTqxTx0/O6gX0V/nYc7LrgPw==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.22.5.tgz",
+      "integrity": "sha512-oTXQeJHRbOnwRnRffb6bmqmUugz0glXaPyspp4gbQOPVApdpRrY/j7KP3lr7M8kTfQTyrBUzFjj5EuHAhqH4/w==",
       "cpu": [
         "arm64"
       ],
@@ -3759,9 +3759,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.21.3.tgz",
-      "integrity": "sha512-MnvSPGO8KJXIMGlQDYfvYS3IosFN2rKsvxRpPO2l2cum+Z3exiExLwVU+GExL96pn8IP+GdH8Tz70EpBhO0sIQ==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.22.5.tgz",
+      "integrity": "sha512-qnOTIIs6tIGFKCHdhYitgC2XQ2X25InIbZFor5wh+mALH84qnFHvc+vmWUpyX97B0hNvwNUL4B+MB8vJvH65Fw==",
       "cpu": [
         "arm64"
       ],
@@ -3773,9 +3773,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-powerpc64le-gnu": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.21.3.tgz",
-      "integrity": "sha512-+W+p/9QNDr2vE2AXU0qIy0qQE75E8RTwTwgqS2G5CRQ11vzq0tbnfBd6brWhS9bCRjAjepJe2fvvkvS3dno+iw==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.22.5.tgz",
+      "integrity": "sha512-TMYu+DUdNlgBXING13rHSfUc3Ky5nLPbWs4bFnT+R6Vu3OvXkTkixvvBKk8uO4MT5Ab6lC3U7x8S8El2q5o56w==",
       "cpu": [
         "ppc64"
       ],
@@ -3787,9 +3787,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.21.3.tgz",
-      "integrity": "sha512-yXH6K6KfqGXaxHrtr+Uoy+JpNlUlI46BKVyonGiaD74ravdnF9BUNC+vV+SIuB96hUMGShhKV693rF9QDfO6nQ==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.22.5.tgz",
+      "integrity": "sha512-PTQq1Kz22ZRvuhr3uURH+U/Q/a0pbxJoICGSprNLAoBEkyD3Sh9qP5I0Asn0y0wejXQBbsVMRZRxlbGFD9OK4A==",
       "cpu": [
         "riscv64"
       ],
@@ -3801,9 +3801,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.21.3.tgz",
-      "integrity": "sha512-R8cwY9wcnApN/KDYWTH4gV/ypvy9yZUHlbJvfaiXSB48JO3KpwSpjOGqO4jnGkLDSk1hgjYkTbTt6Q7uvPf8eg==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.22.5.tgz",
+      "integrity": "sha512-bR5nCojtpuMss6TDEmf/jnBnzlo+6n1UhgwqUvRoe4VIotC7FG1IKkyJbwsT7JDsF2jxR+NTnuOwiGv0hLyDoQ==",
       "cpu": [
         "s390x"
       ],
@@ -3815,9 +3815,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.21.3.tgz",
-      "integrity": "sha512-kZPbX/NOPh0vhS5sI+dR8L1bU2cSO9FgxwM8r7wHzGydzfSjLRCFAT87GR5U9scj2rhzN3JPYVC7NoBbl4FZ0g==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.22.5.tgz",
+      "integrity": "sha512-N0jPPhHjGShcB9/XXZQWuWBKZQnC1F36Ce3sDqWpujsGjDz/CQtOL9LgTrJ+rJC8MJeesMWrMWVLKKNR/tMOCA==",
       "cpu": [
         "x64"
       ],
@@ -3829,9 +3829,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.21.3.tgz",
-      "integrity": "sha512-S0Yq+xA1VEH66uiMNhijsWAafffydd2X5b77eLHfRmfLsRSpbiAWiRHV6DEpz6aOToPsgid7TI9rGd6zB1rhbg==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.22.5.tgz",
+      "integrity": "sha512-uBa2e28ohzNNwjr6Uxm4XyaA1M/8aTgfF2T7UIlElLaeXkgpmIJ2EitVNQxjO9xLLLy60YqAgKn/AqSpCUkE9g==",
       "cpu": [
         "x64"
       ],
@@ -3843,9 +3843,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.21.3.tgz",
-      "integrity": "sha512-9isNzeL34yquCPyerog+IMCNxKR8XYmGd0tHSV+OVx0TmE0aJOo9uw4fZfUuk2qxobP5sug6vNdZR6u7Mw7Q+Q==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.22.5.tgz",
+      "integrity": "sha512-RXT8S1HP8AFN/Kr3tg4fuYrNxZ/pZf1HemC5Tsddc6HzgGnJm0+Lh5rAHJkDuW3StI0ynNXukidROMXYl6ew8w==",
       "cpu": [
         "arm64"
       ],
@@ -3857,9 +3857,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.21.3.tgz",
-      "integrity": "sha512-nMIdKnfZfzn1Vsk+RuOvl43ONTZXoAPUUxgcU0tXooqg4YrAqzfKzVenqqk2g5efWh46/D28cKFrOzDSW28gTA==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.22.5.tgz",
+      "integrity": "sha512-ElTYOh50InL8kzyUD6XsnPit7jYCKrphmddKAe1/Ytt74apOxDq5YEcbsiKs0fR3vff3jEneMM+3I7jbqaMyBg==",
       "cpu": [
         "ia32"
       ],
@@ -3871,9 +3871,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.21.3.tgz",
-      "integrity": "sha512-fOvu7PCQjAj4eWDEuD8Xz5gpzFqXzGlxHZozHP4b9Jxv9APtdxL6STqztDzMLuRXEc4UpXGGhx029Xgm91QBeA==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.22.5.tgz",
+      "integrity": "sha512-+lvL/4mQxSV8MukpkKyyvfwhH266COcWlXE/1qxwN08ajovta3459zrjLghYMgDerlzNwLAcFpvU+WWE5y6nAQ==",
       "cpu": [
         "x64"
       ],
@@ -4313,9 +4313,9 @@
       "license": "Apache-2.0"
     },
     "node_modules/@stoplight/spectral-rulesets": {
-      "version": "1.20.1",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-rulesets/-/spectral-rulesets-1.20.1.tgz",
-      "integrity": "sha512-LrJ9lm/Jy9uUrPyBVO03zOkRVRVB2EfzrbtMegTiGs6ju02YGH/0mPu0DKJy+749aKGiSjpXTiLZgsbDJniEew==",
+      "version": "1.20.2",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-rulesets/-/spectral-rulesets-1.20.2.tgz",
+      "integrity": "sha512-7Y8orZuNyGyeHr9n50rMfysgUJ+/zzIEHMptt66jiy82GUWl+0nr865DkMuXdC5GryfDYhtjoRTUCVsXu80Nkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -4531,9 +4531,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "22.5.5",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.5.tgz",
-      "integrity": "sha512-Xjs4y5UPO/CLdzpgR6GirZJx36yScjh73+2NlLlkFRSoQN8B0DpfXPdZGnvVmLRLOsqDpOfTNv7D9trgGhmOIA==",
+      "version": "22.7.4",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.4.tgz",
+      "integrity": "sha512-y+NPi1rFzDs1NdQHHToqeiX2TIS79SWEAw9GYhkkx8bD0ChpfqC+n2j5OXOCpzfojBEBt6DnEnnG9MY0zk1XLg==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~6.19.2"
@@ -4570,17 +4570,17 @@
       "license": "MIT"
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.5.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.5.0.tgz",
-      "integrity": "sha512-lHS5hvz33iUFQKuPFGheAB84LwcJ60G8vKnEhnfcK1l8kGVLro2SFYW6K0/tj8FUhRJ0VHyg1oAfg50QGbPPHw==",
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.7.0.tgz",
+      "integrity": "sha512-RIHOoznhA3CCfSTFiB6kBGLQtB/sox+pJ6jeFu6FxJvqL8qRxq/FfGO/UhsGgQM9oGdXkV4xUgli+dt26biB6A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.5.0",
-        "@typescript-eslint/type-utils": "8.5.0",
-        "@typescript-eslint/utils": "8.5.0",
-        "@typescript-eslint/visitor-keys": "8.5.0",
+        "@typescript-eslint/scope-manager": "8.7.0",
+        "@typescript-eslint/type-utils": "8.7.0",
+        "@typescript-eslint/utils": "8.7.0",
+        "@typescript-eslint/visitor-keys": "8.7.0",
         "graphemer": "^1.4.0",
         "ignore": "^5.3.1",
         "natural-compare": "^1.4.0",
@@ -4604,16 +4604,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.5.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.5.0.tgz",
-      "integrity": "sha512-gF77eNv0Xz2UJg/NbpWJ0kqAm35UMsvZf1GHj8D9MRFTj/V3tAciIWXfmPLsAAF/vUlpWPvUDyH1jjsr0cMVWw==",
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.7.0.tgz",
+      "integrity": "sha512-lN0btVpj2unxHlNYLI//BQ7nzbMJYBVQX5+pbNXvGYazdlgYonMn4AhhHifQ+J4fGRYA/m1DjaQjx+fDetqBOQ==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.5.0",
-        "@typescript-eslint/types": "8.5.0",
-        "@typescript-eslint/typescript-estree": "8.5.0",
-        "@typescript-eslint/visitor-keys": "8.5.0",
+        "@typescript-eslint/scope-manager": "8.7.0",
+        "@typescript-eslint/types": "8.7.0",
+        "@typescript-eslint/typescript-estree": "8.7.0",
+        "@typescript-eslint/visitor-keys": "8.7.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -4633,14 +4633,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.5.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.5.0.tgz",
-      "integrity": "sha512-06JOQ9Qgj33yvBEx6tpC8ecP9o860rsR22hWMEd12WcTRrfaFgHr2RB/CA/B+7BMhHkXT4chg2MyboGdFGawYg==",
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.7.0.tgz",
+      "integrity": "sha512-87rC0k3ZlDOuz82zzXRtQ7Akv3GKhHs0ti4YcbAJtaomllXoSO8hi7Ix3ccEvCd824dy9aIX+j3d2UMAfCtVpg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.5.0",
-        "@typescript-eslint/visitor-keys": "8.5.0"
+        "@typescript-eslint/types": "8.7.0",
+        "@typescript-eslint/visitor-keys": "8.7.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4651,14 +4651,14 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.5.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.5.0.tgz",
-      "integrity": "sha512-N1K8Ix+lUM+cIDhL2uekVn/ZD7TZW+9/rwz8DclQpcQ9rk4sIL5CAlBC0CugWKREmDjBzI/kQqU4wkg46jWLYA==",
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.7.0.tgz",
+      "integrity": "sha512-tl0N0Mj3hMSkEYhLkjREp54OSb/FI6qyCzfiiclvJvOqre6hsZTGSnHtmFLDU8TIM62G7ygEa1bI08lcuRwEnQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "8.5.0",
-        "@typescript-eslint/utils": "8.5.0",
+        "@typescript-eslint/typescript-estree": "8.7.0",
+        "@typescript-eslint/utils": "8.7.0",
         "debug": "^4.3.4",
         "ts-api-utils": "^1.3.0"
       },
@@ -4676,9 +4676,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.5.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.5.0.tgz",
-      "integrity": "sha512-qjkormnQS5wF9pjSi6q60bKUHH44j2APxfh9TQRXK8wbYVeDYYdYJGIROL87LGZZ2gz3Rbmjc736qyL8deVtdw==",
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.7.0.tgz",
+      "integrity": "sha512-LLt4BLHFwSfASHSF2K29SZ+ZCsbQOM+LuarPjRUuHm+Qd09hSe3GCeaQbcCr+Mik+0QFRmep/FyZBO6fJ64U3w==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4690,14 +4690,14 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.5.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.5.0.tgz",
-      "integrity": "sha512-vEG2Sf9P8BPQ+d0pxdfndw3xIXaoSjliG0/Ejk7UggByZPKXmJmw3GW5jV2gHNQNawBUyfahoSiCFVov0Ruf7Q==",
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.7.0.tgz",
+      "integrity": "sha512-MC8nmcGHsmfAKxwnluTQpNqceniT8SteVwd2voYlmiSWGOtjvGXdPl17dYu2797GVscK30Z04WRM28CrKS9WOg==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
-        "@typescript-eslint/types": "8.5.0",
-        "@typescript-eslint/visitor-keys": "8.5.0",
+        "@typescript-eslint/types": "8.7.0",
+        "@typescript-eslint/visitor-keys": "8.7.0",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -4735,16 +4735,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.5.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.5.0.tgz",
-      "integrity": "sha512-6yyGYVL0e+VzGYp60wvkBHiqDWOpT63pdMV2CVG4LVDd5uR6q1qQN/7LafBZtAtNIn/mqXjsSeS5ggv/P0iECw==",
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.7.0.tgz",
+      "integrity": "sha512-ZbdUdwsl2X/s3CiyAu3gOlfQzpbuG3nTWKPoIvAu1pu5r8viiJvv2NPN2AqArL35NCYtw/lrPPfM4gxrMLNLPw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.4.0",
-        "@typescript-eslint/scope-manager": "8.5.0",
-        "@typescript-eslint/types": "8.5.0",
-        "@typescript-eslint/typescript-estree": "8.5.0"
+        "@typescript-eslint/scope-manager": "8.7.0",
+        "@typescript-eslint/types": "8.7.0",
+        "@typescript-eslint/typescript-estree": "8.7.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4758,13 +4758,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.5.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.5.0.tgz",
-      "integrity": "sha512-yTPqMnbAZJNy2Xq2XU8AdtOW9tJIr+UQb64aXB9f3B1498Zx9JorVgFJcZpEc9UBuCCrdzKID2RGAMkYcDtZOw==",
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.7.0.tgz",
+      "integrity": "sha512-b1tx0orFCCh/THWPQa2ZwWzvOeyzzp36vkJYOpVg0u8UVOIsfVrnuC9FqAw9gRKn+rG2VmWQ/zDJZzkxUnj/XQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.5.0",
+        "@typescript-eslint/types": "8.7.0",
         "eslint-visitor-keys": "^3.4.3"
       },
       "engines": {
@@ -4921,9 +4921,9 @@
       }
     },
     "node_modules/@vitest/mocker/node_modules/@types/estree": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz",
-      "integrity": "sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==",
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz",
+      "integrity": "sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw==",
       "dev": true,
       "license": "MIT"
     },
@@ -5538,9 +5538,9 @@
       "license": "Python-2.0"
     },
     "node_modules/aria-query": {
-      "version": "5.3.1",
-      "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.1.tgz",
-      "integrity": "sha512-Z/ZeOgVl7bcSYZ/u/rh0fOpvEpq//LZmdbkXyc7syVzjPAhfOa9ebsdTSjEBDU4vs5nC98Kfduj1uFo0qyET3g==",
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.2.tgz",
+      "integrity": "sha512-COROpnaoap1E2F000S62r6A60uHZnmlvomhfyT2DlTcrY1OrBKn2UhH7qn5wTC9zMvD0AY7csdPSNwKP+7WiQw==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -5972,9 +5972,9 @@
       }
     },
     "node_modules/browserslist": {
-      "version": "4.23.3",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.3.tgz",
-      "integrity": "sha512-btwCFJVjI4YWDNfau8RhZ+B1Q/VLoUITrm3RlP6y1tYGWIOa+InuYiRGXUBXo8nA1qKmHMyLB/iVQg5TT4eFoA==",
+      "version": "4.24.0",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.24.0.tgz",
+      "integrity": "sha512-Rmb62sR1Zpjql25eSanFGEhAxcFwfA1K0GuQcLoaJBAcENegrQut3hYdhXFF1obQfiDyqIW/cLM5HSJ/9k884A==",
       "funding": [
         {
           "type": "opencollective",
@@ -5991,8 +5991,8 @@
       ],
       "license": "MIT",
       "dependencies": {
-        "caniuse-lite": "^1.0.30001646",
-        "electron-to-chromium": "^1.5.4",
+        "caniuse-lite": "^1.0.30001663",
+        "electron-to-chromium": "^1.5.28",
         "node-releases": "^2.0.18",
         "update-browserslist-db": "^1.1.0"
       },
@@ -6112,9 +6112,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001660",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001660.tgz",
-      "integrity": "sha512-GacvNTTuATm26qC74pt+ad1fW15mlQ/zuTzzY1ZoIzECTP8HURDfF43kNxPgf7H1jmelCBQTTbBNxdSXOA7Bqg==",
+      "version": "1.0.30001664",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001664.tgz",
+      "integrity": "sha512-AmE7k4dXiNKQipgn7a2xg558IRqPN3jMQY/rOsbxDhrd0tyChwbITBfiwtnqz8bi2M5mIWbxAYBvk7W7QBUS2g==",
       "funding": [
         {
           "type": "opencollective",
@@ -6384,9 +6384,9 @@
       }
     },
     "node_modules/codemirror": {
-      "version": "5.65.17",
-      "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.65.17.tgz",
-      "integrity": "sha512-1zOsUx3lzAOu/gnMAZkQ9kpIHcPYOc9y1Fbm2UVk5UBPkdq380nhkelG0qUwm1f7wPvTbndu9ZYlug35EwAZRQ==",
+      "version": "5.65.18",
+      "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.65.18.tgz",
+      "integrity": "sha512-Gaz4gHnkbHMGgahNt3CA5HBk5lLQBqmD/pBgeB4kQU6OedZmqMBjlRF0LSrp2tJ4wlLNPm2FfaUd1pDy0mdlpA==",
       "license": "MIT"
     },
     "node_modules/codemirror-spell-checker": {
@@ -7461,9 +7461,9 @@
       }
     },
     "node_modules/dom-input-range": {
-      "version": "1.1.6",
-      "resolved": "https://registry.npmjs.org/dom-input-range/-/dom-input-range-1.1.6.tgz",
-      "integrity": "sha512-4o/SkTpscD0n81BeErrrtmE58lG8vTks++92vk//ld0NmkQTb4AVJ2rexh2yor6rtBf5IMte26u+fF3EgCppPQ==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/dom-input-range/-/dom-input-range-1.2.0.tgz",
+      "integrity": "sha512-8HVA5Oy5Vt872S7IXsjjp6/5Hqsm5YZLhurxwwQXp80T9qVsj8/mEUH3sQlFujLLUoWfxiaThHHuJ3/q1MHVuA==",
       "license": "MIT",
       "workspaces": [
         "demos"
@@ -7514,9 +7514,9 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.1.6",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz",
-      "integrity": "sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==",
+      "version": "3.1.7",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz",
+      "integrity": "sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ==",
       "license": "(MPL-2.0 OR Apache-2.0)"
     },
     "node_modules/domutils": {
@@ -7599,9 +7599,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.23",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.23.tgz",
-      "integrity": "sha512-mBhODedOXg4v5QWwl21DjM5amzjmI1zw9EPrPK/5Wx7C8jt33bpZNrC7OhHUG3pxRtbLpr3W2dXT+Ph1SsfRZA==",
+      "version": "1.5.29",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.29.tgz",
+      "integrity": "sha512-PF8n2AlIhCKXQ+gTpiJi0VhcHDb69kYX4MtCiivctc2QD3XuNZ/XIOlbGzt7WAjjEev0TtaH6Cu3arZExm5DOw==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -8088,9 +8088,9 @@
       }
     },
     "node_modules/eslint-module-utils": {
-      "version": "2.11.0",
-      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.11.0.tgz",
-      "integrity": "sha512-gbBE5Hitek/oG6MUVj6sFuzEjA/ClzNflVrLovHi/JgLdC7fiN5gLAY1WIPW1a0V5I999MnsrvVrCOGmmVqDBQ==",
+      "version": "2.12.0",
+      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.12.0.tgz",
+      "integrity": "sha512-wALZ0HFoytlyh/1+4wuZ9FJCD/leWHQzzrxJ8+rebyReSLk7LApMyd3WJaLVoN+D5+WIdJyDK1c6JnE65V4Zyg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8129,9 +8129,9 @@
       }
     },
     "node_modules/eslint-plugin-escompat": {
-      "version": "3.11.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-escompat/-/eslint-plugin-escompat-3.11.1.tgz",
-      "integrity": "sha512-j/H70uveM+G9M0onQJOYM+h5trTjQfmBnhGzxAxwGrqARfgXwkfjs+SkvJ1j/a4ofyCIYpBQsGg7q+TowwPNmA==",
+      "version": "3.11.3",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-escompat/-/eslint-plugin-escompat-3.11.3.tgz",
+      "integrity": "sha512-Gz/eTJzl7fK9SPBkvB3t+xc1iribxRc5Fgu6Z7206b5q1d7kG0t8Drtin8MRY4UgGBg8Zu1HG6RGzR35LCUpLA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8527,9 +8527,9 @@
       }
     },
     "node_modules/eslint-plugin-react": {
-      "version": "7.36.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.36.1.tgz",
-      "integrity": "sha512-/qwbqNXZoq+VP30s1d4Nc1C5GTxjJQjk4Jzs4Wq2qzxFM7dSmuG2UkIjg2USMLh3A/aVcUNrK7v0J5U1XEGGwA==",
+      "version": "7.37.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.37.0.tgz",
+      "integrity": "sha512-IHBePmfWH5lKhJnJ7WB1V+v/GolbB0rjS8XYVCSQCZKaQCAUhMoVoOEn1Ef8Z8Wf0a7l8KTJvuZg5/e4qrZ6nA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9302,9 +9302,9 @@
       }
     },
     "node_modules/eslint-visitor-keys": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.0.0.tgz",
-      "integrity": "sha512-OtIRv/2GyiF6o/d8K7MYKKbXrOUBIK6SfkIRM4Z0dY3w+LiQ0vy3F57m0Z71bjbyeiWFiHJ8brqnmE6H6/jEuw==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.1.0.tgz",
+      "integrity": "sha512-Q7lok0mqMUSf5a/AdAZkA5a/gHcO6snwQClVNNvFKCAVlxXucdU8pKydU5ZVZjBx5xr37vGbFFWtLQYreLzrZg==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -9394,15 +9394,15 @@
       }
     },
     "node_modules/espree": {
-      "version": "10.1.0",
-      "resolved": "https://registry.npmjs.org/espree/-/espree-10.1.0.tgz",
-      "integrity": "sha512-M1M6CpiE6ffoigIOWYO9UDP8TMUw9kqb21tf+08IgDYjCsOvCuDt4jQcZmoYxx+w7zlKw9/N0KXfto+I8/FrXA==",
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-10.2.0.tgz",
+      "integrity": "sha512-upbkBJbckcCNBDBDXEbuhjbP68n+scUd3k/U2EkyM9nw+I/jPiL4cLF/Al06CF96wRltFda16sxDFrxsI1v0/g==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
         "acorn": "^8.12.0",
         "acorn-jsx": "^5.3.2",
-        "eslint-visitor-keys": "^4.0.0"
+        "eslint-visitor-keys": "^4.1.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -9542,9 +9542,9 @@
       "license": "MIT"
     },
     "node_modules/fast-uri": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.1.tgz",
-      "integrity": "sha512-MWipKbbYiYI0UC7cl8m/i/IWTqfC8YXsqjzybjddLsFjStroQzsHXkc73JutMvBiXmOvapk+axIl79ig5t55Bw==",
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.2.tgz",
+      "integrity": "sha512-GR6f0hD7XXyNJa25Tb9BuIdN0tdr+0BMi6/CJPH3wJO1JjNG3n/VsSw38AwRdKZABm8lGbPfakLRkYzx2V9row==",
       "license": "MIT"
     },
     "node_modules/fastest-levenshtein": {
@@ -12545,9 +12545,9 @@
       }
     },
     "node_modules/package-json-from-dist": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.0.tgz",
-      "integrity": "sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz",
+      "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==",
       "license": "BlueOak-1.0.0"
     },
     "node_modules/package-manager-detector": {
@@ -13943,9 +13943,9 @@
       "license": "Unlicense"
     },
     "node_modules/rollup": {
-      "version": "2.79.1",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.79.1.tgz",
-      "integrity": "sha512-uKxbd0IhMZOhjAiD5oAFp7BqvkA4Dv47qpOCtaNvng4HBwdbWtdOh8f5nZNuk2rp51PMGk3bzfWu5oayNEuYnw==",
+      "version": "2.79.2",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.79.2.tgz",
+      "integrity": "sha512-fS6iqSPZDs3dr/y7Od6y5nha8dW1YnbgtsyotCVvoFGKbERG++CVRFv1meyGDE1SNItQA8BrnCw7ScdAhRJ3XQ==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -14345,9 +14345,9 @@
       }
     },
     "node_modules/solid-js": {
-      "version": "1.8.22",
-      "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.8.22.tgz",
-      "integrity": "sha512-VBzN5j+9Y4rqIKEnK301aBk+S7fvFSTs9ljg+YEdFxjNjH0hkjXPiQRcws9tE5fUzMznSS6KToL5hwMfHDgpLA==",
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.9.1.tgz",
+      "integrity": "sha512-Gd6QWRFfO2XKKZqVK4YwbhWZkr0jWw1dYHOt+VYebomeyikGP0SuMflf42XcDuU9HAEYDArFJIYsBNjlE7iZsw==",
       "license": "MIT",
       "dependencies": {
         "csstype": "^3.1.0",
@@ -15272,9 +15272,9 @@
       "license": "ISC"
     },
     "node_modules/terser": {
-      "version": "5.32.0",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.32.0.tgz",
-      "integrity": "sha512-v3Gtw3IzpBJ0ugkxEX8U0W6+TnPKRRCWGh1jC/iM/e3Ki5+qvO1L1EAZ56bZasc64aXHwRHNIQEzm6//i5cemQ==",
+      "version": "5.34.1",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.34.1.tgz",
+      "integrity": "sha512-FsJZ7iZLd/BXkz+4xrRTGJ26o/6VTjQytUk8b8OxkwcD2I+79VPJlz7qss1+zE7h8GNIScFqXcDyJ/KqBYZFVA==",
       "license": "BSD-2-Clause",
       "dependencies": {
         "@jridgewell/source-map": "^0.3.3",
@@ -15854,9 +15854,9 @@
       }
     },
     "node_modules/update-browserslist-db": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.0.tgz",
-      "integrity": "sha512-EdRAaAyk2cUE1wOf2DkEhzxqOQvFOoRJFNS6NeyJ01Gp2beMRpBAINjM2iDXE3KCuKhwnvHIQCJm6ThL2Z+HzQ==",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.1.tgz",
+      "integrity": "sha512-R8UzCaa9Az+38REPiJ1tXlImTJXlVfgHZsglwBD/k6nj76ctsH1E3q4doGrukiLQd3sGQYu56r5+lo5r94l29A==",
       "funding": [
         {
           "type": "opencollective",
@@ -15873,8 +15873,8 @@
       ],
       "license": "MIT",
       "dependencies": {
-        "escalade": "^3.1.2",
-        "picocolors": "^1.0.1"
+        "escalade": "^3.2.0",
+        "picocolors": "^1.1.0"
       },
       "bin": {
         "update-browserslist-db": "cli.js"
@@ -15956,9 +15956,9 @@
       "license": "MIT"
     },
     "node_modules/vite": {
-      "version": "5.4.5",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-5.4.5.tgz",
-      "integrity": "sha512-pXqR0qtb2bTwLkev4SE3r4abCNioP3GkjvIDLlzziPpXtHgiJIjuKl+1GN6ESOT3wMjG3JTeARopj2SwYaHTOA==",
+      "version": "5.4.8",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-5.4.8.tgz",
+      "integrity": "sha512-FqrItQ4DT1NC4zCUqMB4c4AZORMKIa0m8/URVCZ77OZ/QSNeJ54bU1vrFADbDsuwfIPcgknRkmqakQcgnL4GiQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -16045,9 +16045,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/vite/node_modules/@types/estree": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz",
-      "integrity": "sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==",
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz",
+      "integrity": "sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw==",
       "dev": true,
       "license": "MIT"
     },
@@ -16067,13 +16067,13 @@
       }
     },
     "node_modules/vite/node_modules/rollup": {
-      "version": "4.21.3",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.21.3.tgz",
-      "integrity": "sha512-7sqRtBNnEbcBtMeRVc6VRsJMmpI+JU1z9VTvW8D4gXIYQFz0aLcsE6rRkyghZkLfEgUZgVvOG7A5CVz/VW5GIA==",
+      "version": "4.22.5",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.22.5.tgz",
+      "integrity": "sha512-WoinX7GeQOFMGznEcWA1WrTQCd/tpEbMkc3nuMs9BT0CPjMdSjPMTVClwWd4pgSQwJdP65SK9mTCNvItlr5o7w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@types/estree": "1.0.5"
+        "@types/estree": "1.0.6"
       },
       "bin": {
         "rollup": "dist/bin/rollup"
@@ -16083,22 +16083,22 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.21.3",
-        "@rollup/rollup-android-arm64": "4.21.3",
-        "@rollup/rollup-darwin-arm64": "4.21.3",
-        "@rollup/rollup-darwin-x64": "4.21.3",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.21.3",
-        "@rollup/rollup-linux-arm-musleabihf": "4.21.3",
-        "@rollup/rollup-linux-arm64-gnu": "4.21.3",
-        "@rollup/rollup-linux-arm64-musl": "4.21.3",
-        "@rollup/rollup-linux-powerpc64le-gnu": "4.21.3",
-        "@rollup/rollup-linux-riscv64-gnu": "4.21.3",
-        "@rollup/rollup-linux-s390x-gnu": "4.21.3",
-        "@rollup/rollup-linux-x64-gnu": "4.21.3",
-        "@rollup/rollup-linux-x64-musl": "4.21.3",
-        "@rollup/rollup-win32-arm64-msvc": "4.21.3",
-        "@rollup/rollup-win32-ia32-msvc": "4.21.3",
-        "@rollup/rollup-win32-x64-msvc": "4.21.3",
+        "@rollup/rollup-android-arm-eabi": "4.22.5",
+        "@rollup/rollup-android-arm64": "4.22.5",
+        "@rollup/rollup-darwin-arm64": "4.22.5",
+        "@rollup/rollup-darwin-x64": "4.22.5",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.22.5",
+        "@rollup/rollup-linux-arm-musleabihf": "4.22.5",
+        "@rollup/rollup-linux-arm64-gnu": "4.22.5",
+        "@rollup/rollup-linux-arm64-musl": "4.22.5",
+        "@rollup/rollup-linux-powerpc64le-gnu": "4.22.5",
+        "@rollup/rollup-linux-riscv64-gnu": "4.22.5",
+        "@rollup/rollup-linux-s390x-gnu": "4.22.5",
+        "@rollup/rollup-linux-x64-gnu": "4.22.5",
+        "@rollup/rollup-linux-x64-musl": "4.22.5",
+        "@rollup/rollup-win32-arm64-msvc": "4.22.5",
+        "@rollup/rollup-win32-ia32-msvc": "4.22.5",
+        "@rollup/rollup-win32-x64-msvc": "4.22.5",
         "fsevents": "~2.3.2"
       }
     },
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index 2401294105..0b9dc6eaa7 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -198,9 +198,9 @@
       }
     },
     "node_modules/@octokit/core/node_modules/@octokit/request-error": {
-      "version": "6.1.4",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.4.tgz",
-      "integrity": "sha512-VpAhIUxwhWZQImo/dWAN/NpPqqojR6PSLgLYAituLM6U+ddx9hCioFGwBr5Mi+oi5CLeJkcAs3gJ0PYYzU6wUg==",
+      "version": "6.1.5",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.5.tgz",
+      "integrity": "sha512-IlBTfGX8Yn/oFPMwSfvugfncK2EwRLjzbrpifNaMY8o/HTEAFqCA1FZxjD9cWvSKBHgrIhc4CSBIzMxiLsbzFQ==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -211,9 +211,9 @@
       }
     },
     "node_modules/@octokit/core/node_modules/@octokit/types": {
-      "version": "13.5.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz",
-      "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==",
+      "version": "13.6.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.6.0.tgz",
+      "integrity": "sha512-CrooV/vKCXqwLa+osmHLIMUb87brpgUqlqkPGc6iE2wCkUvTrHiXFMhAKoDDaAAYJrtKtrFTgSQTg5nObBEaew==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -304,9 +304,9 @@
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/request-error": {
-      "version": "6.1.4",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.4.tgz",
-      "integrity": "sha512-VpAhIUxwhWZQImo/dWAN/NpPqqojR6PSLgLYAituLM6U+ddx9hCioFGwBr5Mi+oi5CLeJkcAs3gJ0PYYzU6wUg==",
+      "version": "6.1.5",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.5.tgz",
+      "integrity": "sha512-IlBTfGX8Yn/oFPMwSfvugfncK2EwRLjzbrpifNaMY8o/HTEAFqCA1FZxjD9cWvSKBHgrIhc4CSBIzMxiLsbzFQ==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -317,9 +317,9 @@
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/types": {
-      "version": "13.5.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz",
-      "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==",
+      "version": "13.6.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.6.0.tgz",
+      "integrity": "sha512-CrooV/vKCXqwLa+osmHLIMUb87brpgUqlqkPGc6iE2wCkUvTrHiXFMhAKoDDaAAYJrtKtrFTgSQTg5nObBEaew==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -492,9 +492,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "22.5.5",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.5.tgz",
-      "integrity": "sha512-Xjs4y5UPO/CLdzpgR6GirZJx36yScjh73+2NlLlkFRSoQN8B0DpfXPdZGnvVmLRLOsqDpOfTNv7D9trgGhmOIA==",
+      "version": "22.7.4",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.4.tgz",
+      "integrity": "sha512-y+NPi1rFzDs1NdQHHToqeiX2TIS79SWEAw9GYhkkx8bD0ChpfqC+n2j5OXOCpzfojBEBt6DnEnnG9MY0zk1XLg==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~6.19.2"
@@ -1115,9 +1115,9 @@
       }
     },
     "node_modules/browserslist": {
-      "version": "4.23.3",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.3.tgz",
-      "integrity": "sha512-btwCFJVjI4YWDNfau8RhZ+B1Q/VLoUITrm3RlP6y1tYGWIOa+InuYiRGXUBXo8nA1qKmHMyLB/iVQg5TT4eFoA==",
+      "version": "4.24.0",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.24.0.tgz",
+      "integrity": "sha512-Rmb62sR1Zpjql25eSanFGEhAxcFwfA1K0GuQcLoaJBAcENegrQut3hYdhXFF1obQfiDyqIW/cLM5HSJ/9k884A==",
       "funding": [
         {
           "type": "opencollective",
@@ -1134,8 +1134,8 @@
       ],
       "license": "MIT",
       "dependencies": {
-        "caniuse-lite": "^1.0.30001646",
-        "electron-to-chromium": "^1.5.4",
+        "caniuse-lite": "^1.0.30001663",
+        "electron-to-chromium": "^1.5.28",
         "node-releases": "^2.0.18",
         "update-browserslist-db": "^1.1.0"
       },
@@ -1219,9 +1219,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001660",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001660.tgz",
-      "integrity": "sha512-GacvNTTuATm26qC74pt+ad1fW15mlQ/zuTzzY1ZoIzECTP8HURDfF43kNxPgf7H1jmelCBQTTbBNxdSXOA7Bqg==",
+      "version": "1.0.30001664",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001664.tgz",
+      "integrity": "sha512-AmE7k4dXiNKQipgn7a2xg558IRqPN3jMQY/rOsbxDhrd0tyChwbITBfiwtnqz8bi2M5mIWbxAYBvk7W7QBUS2g==",
       "funding": [
         {
           "type": "opencollective",
@@ -1961,9 +1961,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.23",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.23.tgz",
-      "integrity": "sha512-mBhODedOXg4v5QWwl21DjM5amzjmI1zw9EPrPK/5Wx7C8jt33bpZNrC7OhHUG3pxRtbLpr3W2dXT+Ph1SsfRZA==",
+      "version": "1.5.29",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.29.tgz",
+      "integrity": "sha512-PF8n2AlIhCKXQ+gTpiJi0VhcHDb69kYX4MtCiivctc2QD3XuNZ/XIOlbGzt7WAjjEev0TtaH6Cu3arZExm5DOw==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -2618,7 +2618,7 @@
       "version": "1.2.13",
       "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.13.tgz",
       "integrity": "sha512-oWb1Z6mkHIskLzEJ/XWX0srkpkTQ7vaopMQkyaEIoq0fmtFVxOthb8cCxeT+p3ynTdkk/RZwbgG4brR5BeWECw==",
-      "deprecated": "The v1 package contains DANGEROUS / INSECURE binaries. Upgrade to safe fsevents v2",
+      "deprecated": "Upgrade to fsevents v2 to mitigate potential security issues",
       "hasInstallScript": true,
       "license": "MIT",
       "optional": true,
@@ -6239,9 +6239,9 @@
       }
     },
     "node_modules/package-json-from-dist": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.0.tgz",
-      "integrity": "sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz",
+      "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==",
       "license": "BlueOak-1.0.0"
     },
     "node_modules/parse-filepath": {
@@ -8229,9 +8229,9 @@
       }
     },
     "node_modules/update-browserslist-db": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.0.tgz",
-      "integrity": "sha512-EdRAaAyk2cUE1wOf2DkEhzxqOQvFOoRJFNS6NeyJ01Gp2beMRpBAINjM2iDXE3KCuKhwnvHIQCJm6ThL2Z+HzQ==",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.1.tgz",
+      "integrity": "sha512-R8UzCaa9Az+38REPiJ1tXlImTJXlVfgHZsglwBD/k6nj76ctsH1E3q4doGrukiLQd3sGQYu56r5+lo5r94l29A==",
       "funding": [
         {
           "type": "opencollective",
@@ -8248,8 +8248,8 @@
       ],
       "license": "MIT",
       "dependencies": {
-        "escalade": "^3.1.2",
-        "picocolors": "^1.0.1"
+        "escalade": "^3.2.0",
+        "picocolors": "^1.1.0"
       },
       "bin": {
         "update-browserslist-db": "cli.js"

From 00749b3a8fc8b32baf8f71ee86d237033277750e Mon Sep 17 00:00:00 2001
From: Earl Warren 
Date: Mon, 30 Sep 2024 14:58:40 +0200
Subject: [PATCH 029/166] fix: referenced sha256:* container images may be
 deleted

The inventory of the sha256:* images and the manifest index that
reference them is incomplete because it does not take into account any
image older than the expiration limit. As a result some sha256:* will
be considered orphaned although they are referenced from a manifest
index that was created more recently than the expiration limit.

There must not be any filtering based on the creation time when
building the inventory. The expiration limit must only be taken into
account when deleting orphaned images: those that are more recent than
the expiration limit must not be deleted.

This limit is specially important because it protects against a race
between a cleanup task and an ongoing mirroring task. A mirroring
task (such as skopeo sync) will first upload sha256:* images and then
create the corresponding manifest index. If a cleanup races against
it, the sha256:* images that are not yet referenced will be deleted
without skopeo noticing and the published index manifest that happens
at a later time will contain references to non-existent images.

(cherry picked from commit 0a5fd7fdb89d55e38db4a8bb5c2f0a851b23b592)
---
 .../packages/cleanup/cleanup_sha256_test.go   | 116 ++++++++++++++++++
 services/packages/cleanup/main_test.go        |  14 +++
 services/packages/container/cleanup_sha256.go |  50 +++++---
 3 files changed, 163 insertions(+), 17 deletions(-)
 create mode 100644 services/packages/cleanup/cleanup_sha256_test.go
 create mode 100644 services/packages/cleanup/main_test.go

diff --git a/services/packages/cleanup/cleanup_sha256_test.go b/services/packages/cleanup/cleanup_sha256_test.go
new file mode 100644
index 0000000000..6d7cc47d3e
--- /dev/null
+++ b/services/packages/cleanup/cleanup_sha256_test.go
@@ -0,0 +1,116 @@
+// Copyright 2024 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package container
+
+import (
+	"testing"
+	"time"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/packages"
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/log"
+	container_module "code.gitea.io/gitea/modules/packages/container"
+	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/modules/timeutil"
+	container_service "code.gitea.io/gitea/services/packages/container"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCleanupSHA256(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	defer test.MockVariableValue(&container_service.SHA256BatchSize, 1)()
+
+	ctx := db.DefaultContext
+
+	createContainer := func(t *testing.T, name, version, digest string, created timeutil.TimeStamp) {
+		t.Helper()
+
+		ownerID := int64(2001)
+
+		p := packages.Package{
+			OwnerID:   ownerID,
+			LowerName: name,
+			Type:      packages.TypeContainer,
+		}
+		_, err := db.GetEngine(ctx).Insert(&p)
+		// package_version").Where("version = ?", multiTag).Update(&packages_model.PackageVersion{MetadataJSON: `corrupted "manifests":[{ bad`})
+		require.NoError(t, err)
+
+		var metadata string
+		if digest != "" {
+			m := container_module.Metadata{
+				Manifests: []*container_module.Manifest{
+					{
+						Digest: digest,
+					},
+				},
+			}
+			mt, err := json.Marshal(m)
+			require.NoError(t, err)
+			metadata = string(mt)
+		}
+		v := packages.PackageVersion{
+			PackageID:    p.ID,
+			LowerVersion: version,
+			MetadataJSON: metadata,
+			CreatedUnix:  created,
+		}
+		_, err = db.GetEngine(ctx).NoAutoTime().Insert(&v)
+		require.NoError(t, err)
+	}
+
+	cleanupAndCheckLogs := func(t *testing.T, olderThan time.Duration, expected ...string) {
+		t.Helper()
+		logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
+		logChecker.Filter(expected...)
+		logChecker.StopMark(container_service.SHA256LogFinish)
+		defer cleanup()
+
+		require.NoError(t, CleanupExpiredData(ctx, olderThan))
+
+		logFiltered, logStopped := logChecker.Check(5 * time.Second)
+		assert.True(t, logStopped)
+		filtered := make([]bool, 0, len(expected))
+		for range expected {
+			filtered = append(filtered, true)
+		}
+		assert.EqualValues(t, filtered, logFiltered, expected)
+	}
+
+	ancient := 1 * time.Hour
+
+	t.Run("no packages, cleanup nothing", func(t *testing.T) {
+		cleanupAndCheckLogs(t, ancient, "Nothing to cleanup")
+	})
+
+	orphan := "orphan"
+	createdLongAgo := timeutil.TimeStamp(time.Now().Add(-(ancient * 2)).Unix())
+	createdRecently := timeutil.TimeStamp(time.Now().Add(-(ancient / 2)).Unix())
+
+	t.Run("an orphaned package created a long time ago is removed", func(t *testing.T) {
+		createContainer(t, orphan, "sha256:"+orphan, "", createdLongAgo)
+		cleanupAndCheckLogs(t, ancient, "Removing 1 entries from `package_version`")
+		cleanupAndCheckLogs(t, ancient, "Nothing to cleanup")
+	})
+
+	t.Run("a newly created orphaned package is not cleaned up", func(t *testing.T) {
+		createContainer(t, orphan, "sha256:"+orphan, "", createdRecently)
+		cleanupAndCheckLogs(t, ancient, "1 out of 1 container image(s) are not deleted because they were created less than")
+		cleanupAndCheckLogs(t, 0, "Removing 1 entries from `package_version`")
+		cleanupAndCheckLogs(t, 0, "Nothing to cleanup")
+	})
+
+	t.Run("a referenced package is not removed", func(t *testing.T) {
+		referenced := "referenced"
+		digest := "sha256:" + referenced
+		createContainer(t, referenced, digest, "", createdRecently)
+		index := "index"
+		createContainer(t, index, index, digest, createdRecently)
+		cleanupAndCheckLogs(t, ancient, "Nothing to cleanup")
+	})
+}
diff --git a/services/packages/cleanup/main_test.go b/services/packages/cleanup/main_test.go
new file mode 100644
index 0000000000..ded3d76c83
--- /dev/null
+++ b/services/packages/cleanup/main_test.go
@@ -0,0 +1,14 @@
+// Copyright 2024 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package container
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}
diff --git a/services/packages/container/cleanup_sha256.go b/services/packages/container/cleanup_sha256.go
index 558aea3a55..16afc74b18 100644
--- a/services/packages/container/cleanup_sha256.go
+++ b/services/packages/container/cleanup_sha256.go
@@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	container_module "code.gitea.io/gitea/modules/packages/container"
+	"code.gitea.io/gitea/modules/timeutil"
 )
 
 var (
@@ -37,18 +38,24 @@ func cleanupSHA256(outerCtx context.Context, olderThan time.Duration) error {
 	defer committer.Close()
 
 	foundAtLeastOneSHA256 := false
-	shaToVersionID := make(map[string]int64, 100)
+	type packageVersion struct {
+		id      int64
+		created timeutil.TimeStamp
+	}
+	shaToPackageVersion := make(map[string]packageVersion, 100)
 	knownSHA := make(map[string]any, 100)
 
+	// compute before making the inventory to not race against ongoing
+	// image creations
+	old := timeutil.TimeStamp(time.Now().Add(-olderThan).Unix())
+
 	log.Debug("Look for all package_version.version that start with sha256:")
 
-	old := time.Now().Add(-olderThan).Unix()
-
 	// Iterate over all container versions in ascending order and store
-	// in shaToVersionID all versions with a sha256: prefix. If an index
+	// in shaToPackageVersion all versions with a sha256: prefix. If an index
 	// manifest is found, the sha256: digest it references are removed
-	// from shaToVersionID. If the sha256: digest found in an index
-	// manifest is not already in shaToVersionID, it is stored in
+	// from shaToPackageVersion. If the sha256: digest found in an index
+	// manifest is not already in shaToPackageVersion, it is stored in
 	// knownSHA to be dealt with later.
 	//
 	// Although it is theoretically possible that a sha256: is uploaded
@@ -56,16 +63,16 @@ func cleanupSHA256(outerCtx context.Context, olderThan time.Duration) error {
 	// normal order of operations. First the sha256: version is uploaded
 	// and then the index manifest. When the iteration completes,
 	// knownSHA will therefore be empty most of the time and
-	// shaToVersionID will only contain unreferenced sha256: versions.
+	// shaToPackageVersion will only contain unreferenced sha256: versions.
 	if err := db.GetEngine(ctx).
-		Select("`package_version`.`id`, `package_version`.`lower_version`, `package_version`.`metadata_json`").
+		Select("`package_version`.`id`, `package_version`.`created_unix`, `package_version`.`lower_version`, `package_version`.`metadata_json`").
 		Join("INNER", "`package`", "`package`.`id` = `package_version`.`package_id`").
-		Where("`package`.`type` = ? AND `package_version`.`created_unix` < ?", packages.TypeContainer, old).
+		Where("`package`.`type` = ?", packages.TypeContainer).
 		OrderBy("`package_version`.`id` ASC").
 		Iterate(new(packages.PackageVersion), func(_ int, bean any) error {
 			v := bean.(*packages.PackageVersion)
 			if strings.HasPrefix(v.LowerVersion, "sha256:") {
-				shaToVersionID[v.LowerVersion] = v.ID
+				shaToPackageVersion[v.LowerVersion] = packageVersion{id: v.ID, created: v.CreatedUnix}
 				foundAtLeastOneSHA256 = true
 			} else if strings.Contains(v.MetadataJSON, `"manifests":[{`) {
 				var metadata container_module.Metadata
@@ -74,8 +81,8 @@ func cleanupSHA256(outerCtx context.Context, olderThan time.Duration) error {
 					return nil
 				}
 				for _, manifest := range metadata.Manifests {
-					if _, ok := shaToVersionID[manifest.Digest]; ok {
-						delete(shaToVersionID, manifest.Digest)
+					if _, ok := shaToPackageVersion[manifest.Digest]; ok {
+						delete(shaToPackageVersion, manifest.Digest)
 					} else {
 						knownSHA[manifest.Digest] = true
 					}
@@ -87,10 +94,10 @@ func cleanupSHA256(outerCtx context.Context, olderThan time.Duration) error {
 	}
 
 	for sha := range knownSHA {
-		delete(shaToVersionID, sha)
+		delete(shaToPackageVersion, sha)
 	}
 
-	if len(shaToVersionID) == 0 {
+	if len(shaToPackageVersion) == 0 {
 		if foundAtLeastOneSHA256 {
 			log.Debug("All container images with a version matching sha256:* are referenced by an index manifest")
 		} else {
@@ -100,15 +107,24 @@ func cleanupSHA256(outerCtx context.Context, olderThan time.Duration) error {
 		return nil
 	}
 
-	found := len(shaToVersionID)
+	found := len(shaToPackageVersion)
 
 	log.Warn("%d container image(s) with a version matching sha256:* are not referenced by an index manifest", found)
 
 	log.Debug("Deleting unreferenced image versions from `package_version`, `package_file` and `package_property` (%d at a time)", SHA256BatchSize)
 
 	packageVersionIDs := make([]int64, 0, SHA256BatchSize)
-	for _, id := range shaToVersionID {
-		packageVersionIDs = append(packageVersionIDs, id)
+	tooYoung := 0
+	for _, p := range shaToPackageVersion {
+		if p.created < old {
+			packageVersionIDs = append(packageVersionIDs, p.id)
+		} else {
+			tooYoung++
+		}
+	}
+
+	if tooYoung > 0 {
+		log.Warn("%d out of %d container image(s) are not deleted because they were created less than %v ago", tooYoung, found, olderThan)
 	}
 
 	for len(packageVersionIDs) > 0 {

From 01e7095968df67a74828604977c240021ea645e2 Mon Sep 17 00:00:00 2001
From: Renovate Bot 
Date: Tue, 1 Oct 2024 11:19:39 +0000
Subject: [PATCH 030/166] Update actions/cache action to v4 (v9.0/forgejo)
 (#5442)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5442
Reviewed-by: Michael Kriese 
Co-authored-by: Renovate Bot 
Co-committed-by: Renovate Bot 
---
 .forgejo/workflows/build-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index ce05f6d8ff..68e0398241 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -87,7 +87,7 @@ jobs:
 
       - name: cache node_modules
         id: node
-        uses: https://code.forgejo.org/actions/cache@v3
+        uses: https://code.forgejo.org/actions/cache@v4
         with:
           path: |
             node_modules

From 4c7fef22f622bb96b9dd0d40bc20823748b55f17 Mon Sep 17 00:00:00 2001
From: Renovate Bot 
Date: Tue, 1 Oct 2024 11:36:57 +0000
Subject: [PATCH 031/166] Update actions/checkout action to v4 (v9.0/forgejo)
 (#5443)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5443
Reviewed-by: Michael Kriese 
Co-authored-by: Renovate Bot 
Co-committed-by: Renovate Bot 
---
 .forgejo/workflows/build-release-integration.yml |  2 +-
 .forgejo/workflows/build-release.yml             |  2 +-
 .forgejo/workflows/publish-release.yml           |  2 +-
 .../release-notes-assistant-milestones.yml       |  2 +-
 .forgejo/workflows/release-notes-assistant.yml   |  2 +-
 .forgejo/workflows/testing.yml                   | 16 ++++++++--------
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 610b8f0520..f5f0d19da3 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -25,7 +25,7 @@ jobs:
     if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: self-hosted
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - id: forgejo
         uses: https://code.forgejo.org/actions/setup-forgejo@v1
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 68e0398241..2614775577 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -27,7 +27,7 @@ jobs:
     # root is used for testing, allow it
     if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 41c884c2d1..5de8785ee1 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -39,7 +39,7 @@ jobs:
     runs-on: self-hosted
     if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: copy & sign
         uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5
diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index fb7bba1d52..dfe9a33a3c 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -11,7 +11,7 @@ jobs:
     container:
       image: 'code.forgejo.org/oci/node:20-bookworm'
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
 
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index dd67b4e203..3fed2d08d4 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -12,7 +12,7 @@ jobs:
     container:
       image: 'code.forgejo.org/oci/node:20-bookworm'
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
 
       - name: event
         run: |
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 725cd242ee..563ff3b495 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -19,7 +19,7 @@ jobs:
           cat <<'EOF'
           ${{ toJSON(github) }}
           EOF
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
           go-version-file: "go.mod"
@@ -39,7 +39,7 @@ jobs:
     container:
       image: 'code.forgejo.org/oci/node:20-bookworm'
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
       - run: make deps-frontend
       - run: make lint-frontend
       - run: make checks-frontend
@@ -66,7 +66,7 @@ jobs:
           MINIO_ROOT_USER: 123456
           MINIO_ROOT_PASSWORD: 12345678
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
           go-version-file: "go.mod"
@@ -131,7 +131,7 @@ jobs:
         image: ${{ matrix.cacher.image }}
         options: ${{ matrix.cacher.options }}
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
           go-version-file: "go.mod"
@@ -183,7 +183,7 @@ jobs:
           #
           MYSQL_EXTRA_FLAGS: --innodb-adaptive-flushing=OFF --innodb-buffer-pool-size=4G --innodb-log-buffer-size=128M --innodb-flush-log-at-trx-commit=0 --innodb-flush-log-at-timeout=30 --innodb-flush-method=nosync --innodb-fsync-threshold=1000000000
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
           go-version-file: "go.mod"
@@ -237,7 +237,7 @@ jobs:
           POSTGRES_DB: test
           POSTGRES_PASSWORD: postgres
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
           go-version-file: "go.mod"
@@ -280,7 +280,7 @@ jobs:
     container:
       image: 'code.forgejo.org/oci/node:20-bookworm'
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
           go-version-file: "go.mod"
@@ -329,7 +329,7 @@ jobs:
     container:
       image: 'code.forgejo.org/oci/node:20-bookworm'
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/checkout@v4
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
           go-version-file: "go.mod"

From 4ddf4a8fd30658414c49ea27834f1477f94771d1 Mon Sep 17 00:00:00 2001
From: Renovate Bot 
Date: Tue, 1 Oct 2024 11:38:53 +0000
Subject: [PATCH 032/166] Update actions/setup-node action to v4 (v9.0/forgejo)
 (#5444)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5444
Reviewed-by: Michael Kriese 
Co-authored-by: Renovate Bot 
Co-committed-by: Renovate Bot 
---
 .forgejo/workflows/build-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 2614775577..a132242ad0 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -37,7 +37,7 @@ jobs:
           repository="${{ github.repository }}"
           echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
 
-      - uses: https://code.forgejo.org/actions/setup-node@v3
+      - uses: https://code.forgejo.org/actions/setup-node@v4
         with:
           node-version: 20
 

From 2ff9e77dba85a07d74e36bc67b2f11d2ea7c2af0 Mon Sep 17 00:00:00 2001
From: Codeberg Translate 
Date: Thu, 3 Oct 2024 21:23:07 +0000
Subject: [PATCH 033/166] i18n: update of translations from Codeberg Translate
 (#5413)

Translations update from [Codeberg Translate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: fnetX 
Co-authored-by: be4zad 
Co-authored-by: Fjuro 
Co-authored-by: hankskyjames777 
Co-authored-by: kwoot 
Co-authored-by: emansije 
Co-authored-by: xtex 
Co-authored-by: Outbreak2096 
Co-authored-by: WithLithum 
Co-authored-by: yeziruo 
Co-authored-by: kecrily 
Co-authored-by: overloop 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5413
Reviewed-by: Otto 
Co-authored-by: Codeberg Translate 
Co-committed-by: Codeberg Translate 
(cherry picked from commit aca00fa3465f554b06de4da840f9bd2c75fd494f)
---
 options/locale/locale_cs-CZ.ini | 164 ++++++++++++++++----------------
 options/locale/locale_de-DE.ini |   4 +-
 options/locale/locale_el-GR.ini |   2 +-
 options/locale/locale_es-ES.ini |   2 +-
 options/locale/locale_fa-IR.ini |   4 +-
 options/locale/locale_fil.ini   |   2 +
 options/locale/locale_fr-FR.ini |   2 +-
 options/locale/locale_it-IT.ini |   2 +-
 options/locale/locale_ja-JP.ini |   2 +-
 options/locale/locale_lv-LV.ini |   2 +-
 options/locale/locale_nl-NL.ini |  17 ++--
 options/locale/locale_pt-BR.ini |   2 +-
 options/locale/locale_pt-PT.ini |  24 ++++-
 options/locale/locale_ru-RU.ini |  22 ++++-
 options/locale/locale_tr-TR.ini |   2 +-
 options/locale/locale_zh-CN.ini |  84 ++++++++--------
 options/locale/locale_zh-TW.ini |   2 +-
 17 files changed, 191 insertions(+), 148 deletions(-)

diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 4fa19b80f2..0eb5e1afef 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -33,7 +33,7 @@ password=Heslo
 access_token=Přístupový token
 re_type=PotvrzenĂ­ hesla
 captcha=CAPTCHA
-twofa=Dvoufaktorové ověřování
+twofa=Dvoufázové ověření
 twofa_scratch=DvoufaktorovĂ˝ kĂłd
 passcode=Přístupový kód
 
@@ -434,7 +434,7 @@ non_local_account=Externě ověřovaní uživatelé nemohou změnit své heslo p
 verify=Ověřit
 scratch_code=Záložní kód
 use_scratch_code=Použít záložní kód
-twofa_scratch_used=Použili jste váš záložní kód. Byli jste přesměrování na stránku s nastavením dvoufaktorového ověřování, kde můžete odstranit registraci vašeho zařízení nebo vygenerovat nový záložní kód.
+twofa_scratch_used=Použili jste svůj záložní kód. Byli jste přesměrování na stránku s nastavením dvoufázového ověření, kde můžete odstranit registraci vašeho zařízení nebo vygenerovat nový záložní kód.
 twofa_passcode_incorrect=Vaše heslo je neplatné. Pokud jste ztratili vaše zařízení, použijte záložní kód k přihlášení.
 twofa_scratch_token_incorrect=Váš záložní kód není správný.
 login_userpass=Přihlásit se
@@ -622,7 +622,7 @@ repository_files_already_exist.adopt=Soubory pro tento repozitář již existuj
 repository_files_already_exist.delete=Soubory pro tento repozitář již existují. Musíte je odstranit.
 repository_files_already_exist.adopt_or_delete=Soubory pro tento repozitář jiĹľ existujĂ­. PĹ™ijmÄ›te je, nebo je odstraĹte.
 visit_rate_limit=Dosaženo limitu rychlosti dotazů při vzdáleném přístupu.
-2fa_auth_required=Vzdálený přístup vyžaduje dvoufaktorové ověřování.
+2fa_auth_required=Vzdálený přístup vyžaduje dvoufázové ověření.
 org_name_been_taken=Název organizace je již použit.
 team_name_been_taken=Název týmu je již použit.
 team_no_units_error=Povolit přístup alespoŠdo jedné sekce repozitáře.
@@ -732,11 +732,11 @@ applications=Aplikace
 orgs=Organizace
 repos=Repozitáře
 delete=Smazat účet
-twofa=Dvoufaktorové ověřování (TOTP)
+twofa=Dvoufázové ověření (TOTP)
 account_link=Propojené účty
 organization=Organizace
 uid=UID
-webauthn=Dvoufaktorové ověřování (bezpečnostní klíče)
+webauthn=Dvoufázové ověření (bezpečnostní klíče)
 
 public_profile=Veřejný profil
 biography_placeholder=ĹeknÄ›te nám nÄ›co o sobÄ›! (MĹŻĹľete použít Markdown)
@@ -806,7 +806,7 @@ manage_emails=Správa e-mailových adres
 manage_themes=Výchozí motiv
 manage_openid=Adresy OpenID
 email_desc=Vaše hlavní e-mailová adresa bude použita pro oznámení, obnovení hesla, a pokud není skrytá, pro operace Gitu.
-theme_desc=Toto bude váš výchozí motiv vzhledu napříč stránkou.
+theme_desc=Toto bude váš výchozí motiv vzhledu na tomto webu.
 primary=HlavnĂ­
 activated=Aktivován
 requires_activation=VyĹľaduje aktivaci
@@ -898,7 +898,7 @@ ssh_principal_deletion_success=SSH Principal certifikát byl odstraněn.
 added_on=Přidáno %s
 valid_until_date=Platné do %s
 valid_forever=Platné navždy
-last_used=Naposledy pouĹľito dne
+last_used=Naposledy pouĹľito
 no_activity=Žádná aktuální aktivita
 can_read_info=ÄŚtenĂ­
 can_write_info=Zápis
@@ -928,17 +928,17 @@ access_token_deletion_cancel_action=Zrušit
 access_token_deletion_confirm_action=Smazat
 access_token_deletion_desc=Smazání tokenu zruší přístup k vašemu účtu pro aplikace, které jej používají. Tuto akci nelze vrátit. Pokračovat?
 delete_token_success=Token byl odstraněn. Aplikace, které jej používají již nemají přístup k vašemu účtu.
-repo_and_org_access=Repozitář a přístup organizace
-permissions_public_only=Pouze veřejnost
+repo_and_org_access=Přístup k repozitářům a organizacím
+permissions_public_only=Pouze veřejné
 permissions_access_all=Vše (veřejné, soukromé a omezené)
 select_permissions=Vyberte oprávnění
-permission_no_access=Bez přístupu
-permission_read=Přečtené
+permission_no_access=Žádný přístup
+permission_read=ÄŚtenĂ­
 permission_write=Čtení a zápis
 at_least_one_permission=Musíte vybrat alespoŠjedno oprávnění pro vytvoření tokenu
 permissions_list=Oprávnění:
 
-manage_oauth2_applications=Spravovat aplikace OAuth2
+manage_oauth2_applications=Správa aplikací OAuth2
 edit_oauth2_application=Upravit OAuth2 aplikaci
 oauth2_applications_desc=OAuth2 aplikace umožní aplikacím třetích stran bezpečně ověřit uživatele v této instanci Forgejo.
 remove_oauth2_application=Odstranit OAuth2 aplikaci
@@ -949,8 +949,8 @@ create_oauth2_application_button=Vytvořit aplikaci
 create_oauth2_application_success=Úspěšně jste vytvořili novou OAuth2 aplikaci.
 update_oauth2_application_success=Úspěšně jste aktualizovali OAuth2 aplikaci.
 oauth2_application_name=Název aplikace
-oauth2_confidential_client=Důvěrný klient. Zvolte jej pro aplikace, které ukládají soubor secret, například webové aplikace. Nevybírejte jej pro nativní aplikace včetně aplikací pro počítače a mobilní zařízení.
-oauth2_redirect_uris=Přesměrování URI. Použijte nový řádek pro každou URI.
+oauth2_confidential_client=Důvěrný klient. Vyberte pro aplikace, které udržují tajný klíč v bezpečí, například webové aplikace. Nevybírejte pro nativní aplikace včetně aplikací pro počítače a mobilní zařízení.
+oauth2_redirect_uris=Přesměrování URI. Zadejte každou URI na vlastní řádek.
 save_application=UloĹľit
 oauth2_client_id=ID klienta
 oauth2_client_secret=TajnĂ˝ klĂ­ÄŤ klienta
@@ -958,12 +958,12 @@ oauth2_regenerate_secret=Obnovit tajnĂ˝ klĂ­ÄŤ
 oauth2_regenerate_secret_hint=Ztratili jste svĹŻj tajnĂ˝ klĂ­ÄŤ?
 oauth2_client_secret_hint=Tajný klíč se znovu nezobrazí po opuštění nebo obnovení této stránky. Ujistěte se, že jste si jej uložili.
 oauth2_application_edit=Upravit
-oauth2_application_create_description=OAuth2 aplikace poskytuje přístup aplikacím třetích stran k uživatelským účtům na této instanci.
+oauth2_application_create_description=Aplikace OAuth2 poskytují přístup vašim aplikacím třetích stran k uživatelským účtům na této instanci.
 oauth2_application_remove_description=Odebráním OAuth2 aplikace zabrání přístupu ověřeným uživatelům na této instanci. Pokračovat?
 oauth2_application_locked=Gitea předregistruje některé OAuth2 aplikace při spuštění, pokud je to povoleno v konfiguraci. Aby se zabránilo neočekávanému chování, nelze je upravovat ani odstranit. Více informací naleznete v dokumentaci OAuth2.
 
-authorized_oauth2_applications=Autorizovat aplikaci OAuth2
-authorized_oauth2_applications_description=Úspěšně jste povolili přístup k vašemu osobnímu účtu této aplikaci třetí strany. Zrušte prosím přístup aplikacím, které již nejsou používány.
+authorized_oauth2_applications=Autorizované aplikace OAuth2
+authorized_oauth2_applications_description=Těmto aplikacím třetích stran jste udělili přístup ke svému osobnímu účtu Forgejo. Zrušte prosím přístup aplikacím, které již nejsou používány.
 revoke_key=Zrušit
 revoke_oauth2_grant=Zrušit přístup
 revoke_oauth2_grant_description=Zrušením přístupu této aplikaci třetí strany ji zabráníte v přístupu k vašim datům. Jste si jisti?
@@ -971,24 +971,24 @@ revoke_oauth2_grant_success=Přístup byl úspěšně zrušen.
 
 twofa_desc=Dvoufaktorový způsob ověřování zvýší zabezpečení vašeho účtu.
 twofa_recovery_tip=Pokud ztratíte své zařízení, budete moci použít jednorázový obnovovací klíč k získání přístupu k vašemu účtu.
-twofa_is_enrolled=Váš účet aktuálně používá dvoufaktorové ověřování.
-twofa_not_enrolled=Váš účet aktuálně nepoužívá dvoufaktorové ověřování.
-twofa_disable=Zakázat dvoufaktorové ověřování
+twofa_is_enrolled=Váš účet aktuálně používá dvoufázové ověření.
+twofa_not_enrolled=Váš účet aktuálně nepoužívá dvoufázové ověření.
+twofa_disable=Zakázat dvoufázové ověření
 twofa_scratch_token_regenerate=Znovu vygenerovat jednorázový klíč pro obnovení
 twofa_scratch_token_regenerated=Váš jednorázový klíč pro obnovení je nyní %s. Uložte jej na bezpečné místo, protože se znovu nezobrazí.
-twofa_enroll=Povolit dvoufaktorové ověřování
-twofa_disable_note=Dvoufaktorové ověřování můžete zakázat, když bude potřeba.
-twofa_disable_desc=Zakážete-li dvoufaktorové ověřování, bude váš účet méně zabezpečený. Pokračovat?
+twofa_enroll=Povolit dvoufázové ověření
+twofa_disable_note=Dvoufázové ověření můžete v případě potřeby zakázat.
+twofa_disable_desc=Zakázáním dvoufázového ověření bude váš účet méně bezpečný. Pokračovat?
 regenerate_scratch_token_desc=Pokud jste ztratili svůj klíč pro obnovení nebo jste jej již použili k přihlášení, můžete jej resetovat zde.
-twofa_disabled=Dvoufaktorové ověřování bylo zakázáno.
+twofa_disabled=Dvoufázové ověření bylo zakázáno.
 scan_this_image=Naskenujte tento obrázek s vaší ověřovací aplikací:
 or_enter_secret=Nebo zadejte tajnĂ˝ kĂłd: %s
 then_enter_passcode=A zadejte přístupový kód zobrazený ve vaší aplikaci:
 passcode_invalid=Přístupový kód není platný. Zkuste to znovu.
-twofa_enrolled=Ve vašem účtu bylo povoleno dvoufaktorové ověřování. Uložte si jednorázový obnovovací klíč (%s) na bezpečné místo, jelikož již nebude znovu zobrazen.
+twofa_enrolled=Ve vašem účtu bylo povoleno dvoufázové ověření. Uložte si jednorázový obnovovací klíč (%s) na bezpečné místo, jelikož již nebude znovu zobrazen.
 twofa_failed_get_secret=Nepodařilo se získat tajemství.
 
-webauthn_desc=Bezpečnostní klíče jsou hardwarová zařízení obsahující kryptografické klíče. Mohou být použity pro dvoufaktorové ověřování. Bezpečnostní klíče musí podporovat WebAuthn Authenticator standard.
+webauthn_desc=Bezpečnostní klíče jsou hardwarová zařízení obsahující kryptografické klíče. Mohou být použity pro dvoufázové ověření. Bezpečnostní klíče musí podporovat standard WebAuthn Authenticator.
 webauthn_register_key=Přidat bezpečnostní klíč
 webauthn_nickname=Přezdívka
 webauthn_delete_key=Odebrat bezpeÄŤnostnĂ­ klĂ­ÄŤ
@@ -997,7 +997,7 @@ webauthn_key_loss_warning=Pokud ztratíte své bezpečnostní klíče, ztratíte
 webauthn_alternative_tip=Možná budete chtít nakonfigurovat další metodu ověřování.
 
 manage_account_links=Propojené účty
-manage_account_links_desc=Tyto externí účty jsou propojeny s vaším Forgejo účtem.
+manage_account_links_desc=Tyto externí účty jsou propojeny s vaším účtem Forgejo.
 account_links_not_available=K vašemu Forgejo účtu nejsou aktuálně připojené žádné externí účty.
 link_account=Propojit účet
 remove_account_link=Odstranit propojený účet
@@ -1009,7 +1009,7 @@ hooks.desc=Přidat webhooky, které budou spouštěny pro všechny repoz
 orgs_none=Nejste členem žádné organizace.
 repos_none=Nevlastníte žádné repozitáře.
 
-delete_account=Odstranit svůj účet
+delete_account=Odstranit účet
 delete_prompt=Tato operace natrvalo odstraní váš uživatelský účet. NELZE ji vrátit zpět.
 delete_with_all_comments=Váš účet je mladší než %s. Pro zabránění fantomovým komentářům budou společně s ním odstraněny všechny komentáře u problémů a ŽS.
 confirm_delete_account=Potvrdit odstranění
@@ -1037,7 +1037,7 @@ access_token_desc = Oprávnění vybraného tokenu omezují autorizaci pouze na
 blocked_users_none = Nemáte žádné zablokované uživatele.
 blocked_since = Zablokován od %s
 hints = Nápovědy
-additional_repo_units_hint = Navrhnout povolení dalších jednotek úložiště
+additional_repo_units_hint = Navrhnout povolení dalších jednotek repozitáře
 update_hints = Aktualizovat nápovědy
 update_hints_success = Nápovědy byly aktualizovány.
 additional_repo_units_hint_description = Zobrazit tlačítko „Přidat další jednotky...“ u repozitářů, které nemají povolené všechny dostupné jednotky.
@@ -1058,7 +1058,7 @@ repo_name_helper=Dobrý název repozitáře většinou používá krátká, zapa
 repo_size=Velikost repozitáře
 template=Ĺ ablona
 template_select=Vyberte šablonu
-template_helper=Z repozitáře vytvořit šablonu
+template_helper=Nastavit repozitář jako šablonu
 template_description=Ĺ ablony repozitářů umoĹľĹujĂ­ uĹľivatelĹŻm generovat novĂ© repositáře se stejnou strukturou, soubory a volitelnĂ˝mi nastavenĂ­mi.
 visibility=Viditelnost
 visibility_description=Pouze majitelé nebo členové organizace to budou moci vidět, pokud mají práva.
@@ -1069,7 +1069,7 @@ clone_helper=Potřebujete pomoci s klonováním? Navštivte “
+editor.commit_signed_changes=Odeslat podepsané změny
+editor.commit_changes=Odeslat změny
+editor.add_tmpl=Přidán „“
 editor.add=Přidat %s
 editor.update=Aktualizovat %s
 editor.delete=Odstranit %s
@@ -1357,7 +1357,7 @@ editor.fail_to_apply_patch=Nelze použít záplatu „%s“
 editor.new_patch=Nová záplata
 editor.commit_message_desc=Přidat volitelný rozšířený popis…
 editor.signoff_desc=Přidat Signed-off-by podpis přispěvatele na konec zprávy o commitu.
-editor.commit_directly_to_this_branch=Odevzdat přímo do větve %s.
+editor.commit_directly_to_this_branch=Odeslat přímo do větve %s.
 editor.create_new_branch=Vytvořit novou větev pro tento commit a vytvořit žádost o sloučení.
 editor.create_new_branch_np=Vytvořte novou větev z tohoto commitu.
 editor.propose_file_change=Navrhnout změnu souboru
@@ -1375,8 +1375,8 @@ editor.file_editing_no_longer_exists=Upravovaný soubor „%s“ již není sou
 editor.file_deleting_no_longer_exists=OdstraĹovanĂ˝ soubor „%s“ jiĹľ nenĂ­ součástĂ­ tohoto repozitáře.
 editor.file_changed_while_editing=Obsah souboru se od zahájení úprav změnil. Klikněte sem pro jejich zobrazení nebo proveďte commit změn ještě jednou pro jejich přepsání.
 editor.file_already_exists=Soubor „%s“ již existuje v tomto repozitáři.
-editor.commit_empty_file_header=Odevzdat prázdný soubor
-editor.commit_empty_file_text=Soubor, který se chystáte odevzdat, je prázdný. Pokračovat?
+editor.commit_empty_file_header=Odeslat prázdný soubor
+editor.commit_empty_file_text=Soubor, který se chystáte odeslat, je prázdný. Pokračovat?
 editor.no_changes_to_show=Žádné změny k zobrazení.
 editor.fail_to_update_file=Nepodařilo se aktualizovat/vytvořit soubor „%s“.
 editor.fail_to_update_file_summary=Chybová zpráva:
@@ -1386,9 +1386,9 @@ editor.push_rejected_summary=Úplná zpráva o zamítnutí:
 editor.add_subdir=Přidat adresář…
 editor.unable_to_upload_files=Nepodařilo se nahrát soubory do „%s“. Chyba: %v
 editor.upload_file_is_locked=Soubor „%s“ je uzamčen uživatelem %s.
-editor.upload_files_to_dir=Nahrát soubory do „%s“
+editor.upload_files_to_dir=Nahrány soubory do „%s“
 editor.cannot_commit_to_protected_branch=Nelze vytvořit commit v chráněné větvi „%s“.
-editor.no_commit_to_branch=Nelze odevzdat přímo do větve, protože:
+editor.no_commit_to_branch=Nepodařilo se odeslat přímo do větve:
 editor.user_no_push_to_branch=Uživatel nemůže nahrávat do větve
 editor.require_signed_commit=Větev vyžaduje podepsaný commit
 editor.cherry_pick=Cherry-pick %s na:
@@ -1909,7 +1909,7 @@ pulls.has_merged=Chyba: žádost byla sloučena, nelze ji znovu sloučit nebo zm
 pulls.push_rejected=Push selhal: nahrání bylo zamítnuto. Zkontrolujte Git hooky pro tento repozitář.
 pulls.push_rejected_summary=Úplná zpráva o zamítnutí
 pulls.push_rejected_no_message=Push selhal: nahrání bylo odmítnuto, ale nebyla nalezena žádná vzdálená zpráva. Zkontrolujte Git hooky pro tento repozitář
-pulls.open_unmerged_pull_exists=`Nemůžete provést operaci znovuotevření protože je tu čekající požadavek na natažení (#%d) s identickými vlastnostmi.`
+pulls.open_unmerged_pull_exists=`Nemůžete provést operaci opětovného otevření, protože máte čekající žádost o sloučení (#%d) s identickými vlastnostmi.`
 pulls.status_checking=Některé kontroly jsou nedořešeny
 pulls.status_checks_success=Všechny kontroly byly úspěšné
 pulls.status_checks_warning=Některé kontroly nahlásily varování
@@ -1925,8 +1925,8 @@ pulls.update_branch_success=Aktualizace větve byla úspěšná
 pulls.update_not_allowed=Nemáte oprávnění aktualizovat větev
 pulls.outdated_with_base_branch=Tato větev je zastaralá oproti základní větvi
 pulls.close=Zavřít žádost o sloučení
-pulls.closed_at=`uzavřel/a tento požadavek na natažení %[2]s`
-pulls.reopened_at=`znovuotevřel/a tento požadavek na natažení %[2]s`
+pulls.closed_at=`uzavřel/a tuto žádost o sloučení %[2]s`
+pulls.reopened_at=`znovu otevřel/a tuto žádost o sloučení %[2]s`
 pulls.cmd_instruction_hint=Zobrazit instrukce příkazové řádky
 pulls.cmd_instruction_checkout_desc=Z vašeho repositáře projektu se podívejte na novou větev a vyzkoušejte změny.
 pulls.cmd_instruction_merge_title=SlouÄŤit
@@ -1935,18 +1935,18 @@ pulls.clear_merge_message=Vymazat zprávu o sloučení
 
 pulls.auto_merge_button_when_succeed=(Když kontroly uspějí)
 pulls.auto_merge_when_succeed=Automaticky sloučit, když všechny kontroly uspějí
-pulls.auto_merge_newly_scheduled=Požadavek na natažení byl naplánován na sloučení, jakmile všechny kontroly uspějí.
-pulls.auto_merge_has_pending_schedule=%[1]s naplánoval/a tento požadavek na natažení pro automatické sloučení, když všechny kontroly uspějí v %[2]s.
+pulls.auto_merge_newly_scheduled=Žádost o sloučení bude sloučena, jakmile budou všechny kontroly úspěšné.
+pulls.auto_merge_has_pending_schedule=%[1]s naplánoval/a tuto žádost o sloučení na automatické sloučení, jakmile budou všechny kontroly úspěšné %[2]s.
 
 pulls.auto_merge_cancel_schedule=Zrušit automatické sloučení
-pulls.auto_merge_not_scheduled=Tento požadavek na natažení není naplánován na automatické sloučení.
-pulls.auto_merge_canceled_schedule=Automatické sloučení bylo zrušeno pro tento požadavek na natažení.
+pulls.auto_merge_not_scheduled=Tato žádost o sloučení nebude automaticky sloučena.
+pulls.auto_merge_canceled_schedule=Automatické sloučení bylo u této žádosti o sloučení zrušeno.
 
-pulls.auto_merge_newly_scheduled_comment=`požadavek na automatické sloučení tohoto požadavku na natažení je naplánován, když všechny kontroly uspějí %[1]s`
-pulls.auto_merge_canceled_schedule_comment=`zrušil/a automatické sloučení tohoto požadavku na natažení, když všechny kontroly uspějí %[1]s`
+pulls.auto_merge_newly_scheduled_comment=`naplánoval/a tuto žádost o sloučení na automatické sloučení, jakmile budou všechny kontroly úspěšné %[1]s`
+pulls.auto_merge_canceled_schedule_comment=`zrušil/a automatické sloučení této žádosti o sloučení, jakmile budou všechny kontroly úspěšné %[1]s`
 
-pulls.delete.title=Odstranit tento poĹľadavek na nataĹľenĂ­?
-pulls.delete.text=Opravdu chcete tento požadavek na natažení smazat? (Tím se trvale odstraní veškerý obsah. Pokud jej hodláte archivovat, zvažte raději jeho uzavření.)
+pulls.delete.title=Odstranit tuto žádost o sloučení?
+pulls.delete.text=Opravdu chcete odstranit tuto žádost o sloučení? (Tímto trvale odstraníte všechen obsah. Pokud jej chcete archivovat, zvažte raději jeho uzavření)
 
 
 pull.deleted_branch=(odstraněno):%s
@@ -1987,12 +1987,12 @@ signing.wont_sign.nokey=Tato instance nemá žádný klíč k podepsání tohoto
 signing.wont_sign.never=Commity nejsou nikdy podepsány.
 signing.wont_sign.always=Commity jsou vždy podepsány.
 signing.wont_sign.pubkey=Commit nebude podepsán, protože nemáte veřejný klíč spojený s vaším účtem.
-signing.wont_sign.twofa=Pro podepsání commitů musíte mít povoleno dvoufaktorové ověření.
+signing.wont_sign.twofa=Pro podepisování commitů musíte mít zapnuto dvoufázové ověření.
 signing.wont_sign.parentsigned=Commit nebude podepsán, protože nadřazený commit není podepsán.
 signing.wont_sign.basesigned=Sloučení nebude podepsáno, protože základní commit není podepsaný.
 signing.wont_sign.headsigned=Sloučení nebude podepsáno, protože hlavní revize není podepsána.
 signing.wont_sign.commitssigned=Sloučení nebude podepsáno, protože všechny přidružené revize nejsou podepsány.
-signing.wont_sign.approved=Sloučení nebude podepsáno, protože požadavek na natažení není schválen.
+signing.wont_sign.approved=Sloučení nebude podepsáno, protože žádost o sloučení není schválena.
 signing.wont_sign.not_signed_in=Nejste přihlášeni.
 
 ext_wiki=ExternĂ­ wiki
@@ -2114,7 +2114,7 @@ settings.collaboration.write=Zápis
 settings.collaboration.read=ÄŚtenĂ­
 settings.collaboration.owner=VlastnĂ­k
 settings.collaboration.undefined=NeurÄŤeno
-settings.hooks=Webové háčky
+settings.hooks=Webhooky
 settings.githooks=Git hooky
 settings.basic_settings=Základní nastavení
 settings.mirror_settings=NastavenĂ­ zrcadla
@@ -2125,7 +2125,7 @@ settings.mirror_settings.docs.no_new_mirrors=Váš repozitář zrcadlí změny d
 settings.mirror_settings.docs.can_still_use=I když nemůžete upravit stávající zrcadla nebo vytvořit nová, stále můžete použít své stávající zrcadlo.
 settings.mirror_settings.docs.more_information_if_disabled=Více informací o zrcadlech pro nahrání a natažení naleznete zde:
 settings.mirror_settings.docs.doc_link_title=Jak mohu zrcadlit repozitáře?
-settings.mirror_settings.docs.pulling_remote_title=Stažení ze vzdáleného úložiště
+settings.mirror_settings.docs.pulling_remote_title=Stahování ze vzdáleného repozitáře
 settings.mirror_settings.mirrored_repository=Zrcadlený repozitář
 settings.mirror_settings.direction=Směr
 settings.mirror_settings.direction.pull=Natáhnout
@@ -2264,23 +2264,23 @@ settings.delete_team_tip=Tento tým má přístup ke všem repositářům a nem
 settings.remove_team_success=Přístup týmu k repozitáři byl odstraněn.
 settings.add_webhook=Přidat webhook
 settings.add_webhook.invalid_channel_name=Kanál webového háčku nemůže být prázdný a nemůže obsahovat pouze znak #.
-settings.hooks_desc=Webové háčky automaticky vytvářejí dotazy HTTP POST na server, když nastane určitá událost v Forgejo. Čtěte více v příručce webových háčků.
+settings.hooks_desc=Webhooky automaticky vytvářejí dotazy HTTP POST na server, když nastane určitá událost ve Forgejo. Více informací v příručce webhooků.
 settings.webhook_deletion=Odstranit webhook
 settings.webhook_deletion_desc=Odstranění webového háčku smaže jeho nastavení a historii doručení. Pokračovat?
-settings.webhook_deletion_success=Webový háček byl smazán.
+settings.webhook_deletion_success=Webhook byl smazán.
 settings.webhook.test_delivery=Test doruÄŤitelnosti
-settings.webhook.test_delivery_desc=Vyzkoušet tento webový háček pomocí falešné události.
-settings.webhook.test_delivery_desc_disabled=Chcete-li tento webový háček otestovat s falešnou událostí, aktivujte ho.
+settings.webhook.test_delivery_desc=Otestovat tento webhook pomocí falešné události.
+settings.webhook.test_delivery_desc_disabled=Chcete-li pomocí falešné události otestovat tento webhook, aktivujte ho.
 settings.webhook.request=PoĹľadavek
 settings.webhook.response=Odpověď
 settings.webhook.headers=HlaviÄŤky
 settings.webhook.payload=Obsah
 settings.webhook.body=Tělo zprávy
-settings.webhook.replay.description=Zopakovat tento webový háček.
-settings.webhook.replay.description_disabled=Chcete-li znovu spustit tento webový háček, aktivujte jej.
+settings.webhook.replay.description=Zopakovat tento webhook.
+settings.webhook.replay.description_disabled=Chcete-li zopakovat tento webhook, aktivujte jej.
 settings.webhook.delivery.success=Událost byla přidána do fronty doručení. Může to trvat několik sekund, než se zobrazí v historii doručení.
 settings.githooks_desc=Git hooks jsou spravovány samotným Gitem. Níže můžete upravit soubory hooků pro nastavení vlastních operací.
-settings.githook_edit_desc=Je-li háček neaktivní, bude zobrazen vzorový obsah. Nebude-li zadán žádný obsah, háček bude vypnut.
+settings.githook_edit_desc=Je-li webhook neaktivní, bude zobrazen vzorový obsah. Ponechte prázdné pro zakázání tohoto webhooku.
 settings.githook_name=Název hooku
 settings.githook_content=Obsah hooku
 settings.update_githook=Upravit hook
@@ -2303,7 +2303,7 @@ settings.event_create=Vytvořit
 settings.event_create_desc=Větev nebo značka vytvořena.
 settings.event_delete=Smazat
 settings.event_delete_desc=Větev nebo značka smazána.
-settings.event_fork=Rozštěpit
+settings.event_fork=Fork
 settings.event_fork_desc=Repozitář rozštěpen.
 settings.event_wiki=Wiki
 settings.event_wiki_desc=Wiki stránka vytvořena, přejmenována nebo smazána.
@@ -2348,9 +2348,9 @@ settings.authorization_header=AutorizaÄŤnĂ­ hlaviÄŤka
 settings.authorization_header_desc=Pokud vyplněno, bude připojeno k požadavkům jako autorizační hlavička. Příklady: %s.
 settings.active=AktivnĂ­
 settings.active_helper=Informace o spuštěných událostech budou odeslány na URL webového háčku.
-settings.add_hook_success=Webový háček byl přidán.
+settings.add_hook_success=Webhook byl přidán.
 settings.update_webhook=Upravit webhook
-settings.update_hook_success=Webový háček byl aktualizován.
+settings.update_hook_success=Webhook byl aktualizován.
 settings.delete_webhook=Odstranit webhook
 settings.recent_deliveries=Nedávná doručení
 settings.hook_type=Typ hooku
@@ -2582,7 +2582,7 @@ diff.hide_file_tree=Skrýt souborový strom
 
 releases.desc=Sledování verzí projektu a souborů ke stažení.
 release.releases=Vydání
-release.detail=Podrobnosti vydání
+release.detail=Podrobnosti o vydání
 release.tags=ZnaÄŤky
 release.new_release=Nové vydání
 release.draft=Koncept
@@ -2727,7 +2727,7 @@ settings.pull_mirror_sync_in_progress = Probíhá načítání změn ze vzdálen
 settings.enter_repo_name = Zadejte majitele a repozitář přesně tak, jak je vidíte níže:
 settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = Tuto akci lze v současné chvíli provést pouze v nabídce „Nová migrace“. Pro více informací viz:
 settings.new_owner_blocked_doer = Nový majitel vás zablokoval.
-settings.mirror_settings.pushed_repository = Pushnutý repozitář
+settings.mirror_settings.pushed_repository = Odeslaný repozitář
 settings.add_collaborator_blocked_our = Nepodařilo se přidat spolupracovníka, jelikož byl zablokován majitelem repozitáře.
 pulls.commit_ref_at = `se odkázal na tuto žádost o sloučení z commitu %[2]s`
 settings.wiki_rename_branch_main = Normalizovat název větve Wiki
@@ -2783,8 +2783,8 @@ settings.enforce_on_admins_desc = Správci repozitáře nemohou obejít toto pra
 issues.num_participants_one = %d účastník
 size_format = %[1]s: %[2]s, %[3]s: %[4]s
 issues.archived_label_description = (Archivován) %s
-release.download_count_one = %d staĹľenĂ­
-release.download_count_few = %d staĹľenĂ­
+release.download_count_one = %s staĹľenĂ­
+release.download_count_few = %s staĹľenĂ­
 release.system_generated = Tato příloha byla automaticky vygenerována.
 settings.add_webhook.invalid_path = Cesta nesmí obsahovat část, která je „.“ nebo „..“ nebo prázdný řetězec. Nesmí začínat ani končit lomítkem.
 settings.web_hook_name_sourcehut_builds = SestavenĂ­ SourceHut
@@ -2885,7 +2885,7 @@ settings.email=KontaktnĂ­ e-mail
 settings.website=Webové stránky
 settings.location=Umístění
 settings.permission=Oprávnění
-settings.repoadminchangeteam=Správce úložišť může týmům přidávat a odebírat přístup
+settings.repoadminchangeteam=Správce repozitářů může týmům přidávat a odebírat přístup
 settings.visibility=Viditelnost
 settings.visibility.public=Veřejná
 settings.visibility.limited=Omezená (viditelné pouze pro ověřené uživatele)
@@ -2904,7 +2904,7 @@ settings.delete_prompt=Organizace bude trvale odstraněna. Tato změna N
 settings.confirm_delete_account=Potvrdit odstranění
 settings.delete_org_title=Odstranit organizaci
 settings.delete_org_desc=Tato organizace bude trvale smazána. Pokračovat?
-settings.hooks_desc=Přidat webové háčky, které budou spouštěny pro všechny repozitáře v této organizaci.
+settings.hooks_desc=Přidat webhooky, které budou spouštěny pro všechny repozitáře v této organizaci.
 
 settings.labels_desc=Přidejte štítky, které mohou být použity pro problémy všech repozitářů v rámci této organizace.
 
@@ -2983,7 +2983,7 @@ identity_access=Identita a přístup
 users=Uživatelské účty
 organizations=Organizace
 repositories=Repozitáře
-hooks=Webové háčky
+hooks=Webhooky
 integrations=Integrace
 authentication=Zdroje ověření
 emails=Uživatelské e-maily
@@ -3183,12 +3183,12 @@ packages.size=Velikost
 packages.published=Publikováno
 
 defaulthooks=Výchozí webhooky
-defaulthooks.add_webhook=Přidat výchozí webový háček
-defaulthooks.update_webhook=Aktualizovat výchozí webový háček
+defaulthooks.add_webhook=Přidat výchozí webhook
+defaulthooks.update_webhook=Aktualizovat výchozí webhook
 
 systemhooks=Systémové webhooky
-systemhooks.add_webhook=Přidat systémový webový háček
-systemhooks.update_webhook=Aktualizovat systémový webový háček
+systemhooks.add_webhook=Přidat systémový webhook
+systemhooks.update_webhook=Aktualizovat systémový webhook
 
 auths.auth_manage_panel=Správa zdrojů ověřování
 auths.new=Přidat zdroj ověřování
@@ -3636,7 +3636,7 @@ error.unit_not_allowed=Nejste oprávněni přistupovat k této části repozitá
 [packages]
 title=BalĂ­ÄŤky
 desc=Správa balíčků repozitáře.
-empty=Zatím nejsou žádné balíčky.
+empty=Zatím zde nejsou žádné balíčky.
 empty.documentation=Další informace o registru balíčků naleznete v dokumentaci.
 empty.repo=Nahráli jste balíček, ale nezobrazil se zde? Přejděte na nastavení balíčku a propojte jej s tímto repozitářem.
 registry.documentation=Další informace o registru %s naleznete v dokumentaci.
@@ -3754,7 +3754,7 @@ settings.delete.success=Balíček byl odstraněn.
 settings.delete.error=Nepodařilo se odstranit balíček.
 owner.settings.cargo.title=Index registru Cargo
 owner.settings.cargo.initialize=Inicializovat index
-owner.settings.cargo.initialize.description=Pro použití Cargo registru je zapotřebí speciální index Git. Použití této možnosti (znovu)vytvoří repozitář a automaticky jej nastaví.
+owner.settings.cargo.initialize.description=Pro použití registru Cargo je zapotřebí speciální index Git. Použití této možnosti (znovu) vytvoří repozitář a automaticky jej nastaví.
 owner.settings.cargo.initialize.error=Nepodařilo se inicializovat Cargo index: %v
 owner.settings.cargo.initialize.success=Index Cargo byl úspěšně vytvořen.
 owner.settings.cargo.rebuild=Znovu vytvořit index
@@ -3893,7 +3893,7 @@ workflow.disabled=Pracovní postup je zakázán.
 variables=Proměnné
 variables.management=Správa proměnných
 variables.creation=Přidat proměnnou
-variables.none=Zatím nejsou žádné proměnné.
+variables.none=Zatím zde nejsou žádné proměnné.
 variables.deletion=Odstranit proměnnou
 variables.deletion.description=Odstranění proměnné je trvalé a nelze jej vrátit zpět. Pokračovat?
 variables.description=Proměnné budou předány určitým akcím a nelze je přečíst jinak.
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index b112ec82c3..a0c2c0c1fa 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -2434,7 +2434,7 @@ settings.require_signed_commits_desc=Pushes auf diesen Branch ablehnen, wenn Com
 settings.protect_branch_name_pattern=Muster fĂĽr geschĂĽtzte Branchnamen
 settings.protect_patterns=Muster
 settings.protect_protected_file_patterns=Geschützte Dateimuster (durch Semikolon „;“ getrennt)
-settings.protect_protected_file_patterns_desc=Geschützte Dateien dürfen nicht direkt geändert werden, auch wenn der Benutzer Rechte hat, Dateien in diesem Branch hinzuzufügen, zu bearbeiten oder zu löschen. Mehrere Muster können mit Semikolon („;“) getrennt werden. Siehe github.com/gobwas/glob Dokumentation zur Mustersyntax. Beispiele: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc=Geschützte Dateien dürfen nicht direkt geändert werden, auch wenn der Benutzer Rechte hat, Dateien in diesem Branch hinzuzufügen, zu bearbeiten oder zu löschen. Mehrere Muster können mit Semikolon („;“) getrennt werden. Siehe %s Dokumentation zur Mustersyntax. Beispiele: .drone.yml, /docs/**/*.txt.
 settings.protect_unprotected_file_patterns=Ungeschützte Dateimuster (durch Semikolon „;“ getrennt)
 settings.protect_unprotected_file_patterns_desc=Ungeschützte Dateien, die direkt geändert werden dürfen, wenn der Benutzer Schreibzugriff hat, können die Push-Beschränkung umgehen. Mehrere Muster können mit Semikolon („;“) getrennt werden. Siehe %[2]s Dokumentation zur Mustersyntax. Beispiele: .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=Schutz aktivieren
@@ -3974,7 +3974,7 @@ issues.write = Schreiben: Issues schlieĂźen und Metadaten wie Labels, Mei
 pulls.read = Lesen: Pull-Requests lesen und erstellen.
 releases.read = Lesen: Releases ansehen und herunterladen.
 releases.write = Schreiben: Releases und ihre Assets veröffentlichen, bearbeiten und löschen.
-wiki.read = Read: Das integrierte Wiki und seine Historie lesen.
+wiki.read = Lesen: Das integrierte Wiki und seine Historie lesen.
 wiki.write = Schreiben: Seiten im integrierten Wiki erstellen, aktualisieren und löschen.
 projects.read = Lesen: Zugriff auf Projektboards des Repositories.
 projects.write = Schreiben: Projekte und Spalten erstellen und bearbeiten.
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 2df8dce95d..5227c8a7fc 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -2442,7 +2442,7 @@ settings.protect_branch_name_pattern=Μοτίβο Ď€ĎÎżĎτατευμένου 
 settings.protect_branch_name_pattern_desc=Μοτίβα ονόματος Ď€ĎÎżĎτατευμένων κλάδων. Συμβολευτείτε την τεκμηĎίωĎη για την Ďύνταξη ενός μοτίβου. ΠαĎαδείγματα: main, release/**
 settings.protect_patterns=Μοτίβα
 settings.protect_protected_file_patterns=Μοτίβα Ď€ĎÎżĎτατευμένων αĎχείων (διαχωĎÎąĎÎĽĎŚĎ‚ με semicolon «;» και ΟΧΙ Ď„Îż ελληνικό εĎωτηματικό):
-settings.protect_protected_file_patterns_desc=Τα Ď€ĎÎżĎτατευόμενα αĎχεία δεν επιτĎέπεται να αλλάξουν άμεĎα, ακόμη και αν Îż χĎήĎτης έχει δικαιώματα να Ď€ĎÎżĎθέĎει, να επεξεĎγαĎτεί ή να διαγĎάĎει αĎχεία Ďε αυτόν τον κλάδο. Επιπλέων μοτίβα μποĎούν να διαχωĎÎąĎτούν με semicolon («;») (ΟΧΙ εĎωτηματικό). Για να Ďυντάξετε μοτίβα, Ďυμβουλευτείται την τεκμηĎίωĎη github.com/gobwas/glob. ΠαĎάδειγμα: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc=Τα Ď€ĎÎżĎτατευόμενα αĎχεία δεν επιτĎέπεται να αλλάξουν άμεĎα, ακόμη και αν Îż χĎήĎτης έχει δικαιώματα να Ď€ĎÎżĎθέĎει, να επεξεĎγαĎτεί ή να διαγĎάĎει αĎχεία Ďε αυτόν τον κλάδο. Επιπλέων μοτίβα μποĎούν να διαχωĎÎąĎτούν με semicolon («;») (ΟΧΙ εĎωτηματικό). Για να Ďυντάξετε μοτίβα, Ďυμβουλευτείται την τεκμηĎίωĎη %s. ΠαĎάδειγμα: .drone.yml, /docs/**/*.txt.
 settings.protect_unprotected_file_patterns=Μοτίβα μη Ď€ĎÎżĎτατευμένων αĎχείων (διαχωĎÎąĎμένα με semicolon «;» και ΟΧΙ Ď„Îż ελληνικό εĎωτηματικό):
 settings.protect_unprotected_file_patterns_desc=Μη Ď€ĎÎżĎτατευμένα αĎχεία που επιτĎέπεται να αλλάξουν απευθείας εάν Îż χĎήĎτης έχει Ď€ĎĎŚĎβαĎη εγγĎαφής, παĎακάμπτοντας τον πεĎιοĎÎąĎÎĽĎŚ ώθηĎης. Επιπλέων μοτίβα μποĎούν να διαχωĎÎąĎτούν με εĎωτηματικό (';'). Δείτε την τεκμηĎίωĎη %[2]s για τη Ďύνταξη του μοτίβου. Πχ: .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=ΕνεĎγοποίηĎη Ď€ĎÎżĎταĎίας
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index d08770321c..6c55dcb1c6 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -2431,7 +2431,7 @@ settings.require_signed_commits_desc=Rechazar push en esta rama si los commits n
 settings.protect_branch_name_pattern=PatrĂłn de nombre de ramas protegidas
 settings.protect_patterns=Patrones
 settings.protect_protected_file_patterns=Patrones de archivos protegidos (separados con punto y coma ';')
-settings.protect_protected_file_patterns_desc=No está permitido cambiar archivos directamente incluso si el usuario tiene permiso para agregar, editar o borrar archivos en esta rama. Múltiples patrones pueden separarse usando punto y coma (';'). Refvisa la documentación de github.com/gobwas/glob para la sintaxis de patrones. Ejemplos: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc=No está permitido cambiar archivos directamente incluso si el usuario tiene permiso para agregar, editar o borrar archivos en esta rama. Múltiples patrones pueden separarse usando punto y coma (';'). Refvisa la documentación de %s para la sintaxis de patrones. Ejemplos: .drone.yml, /docs/**/*.txt.
 settings.protect_unprotected_file_patterns=Patrones de archivos sin protecciĂłn (separados con punto y coma ";")
 settings.protect_unprotected_file_patterns_desc=Los archivos sin protecciĂłn se pueden cambiar directamente si el usuario tiene acceso de escritura, evitando la restricciĂłn push. MĂşltiples patrones pueden separarse usando punto y coma (';'). Vea la documentaciĂłn de %[2]s para la sintaxis de patrones. Ejemplos: .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=Activar protecciĂłn
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index 0af24db9e1..f1e109c953 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -15,9 +15,9 @@ page=صŮحه
 template=قالب
 language=زبان
 notifications=اعلان‌ها
-active_stopwatch=Ůعال کردن ثبت زمان
+active_stopwatch=Ůعال کردن ردیاب زمان
 create_new=ایجاد…
-user_profile_and_more=پرŮŮایل ٠تنظیمات…
+user_profile_and_more=نمایه ٠تنظیمات…
 signed_in_as=ŮرŮŘŻ به عنŮان
 toc=Ůهرست Ů…Ř­ŘŞŮیات
 licenses=ÚŻŮاهینامه ها
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index 5ac699359a..b0c515dccb 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -2008,6 +2008,8 @@ settings.mirror_settings.docs.disabled_push_mirror.info = Na-disable ng iyong ta
 settings.mirror_settings.docs.disabled_push_mirror.instructions = I-set up ang iyong proyekto na awtomatikong hilahin ang mga commit, tag at branch mula sa isa pang repositoryo.
 settings.mirror_settings.docs.disabled_pull_mirror.instructions = I-set up ang iyong proyekto na awtomatikong magtulak ng mga commit, tag at branch sa isa pang repositoryo. Na-disable ng iyong tagapangasiwa ng site ang mga pull mirror.
 activity.overview = Pangkalahatang Ideya
+mirror_public_key = Pampublikong susi ng SSH
+milestones.cancel = 
 
 [search]
 commit_kind = Maghanap ng mga commit...
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 0df97ec31b..3921d118e3 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -2922,7 +2922,7 @@ teams.can_create_org_repo=Créer des dépôts
 teams.can_create_org_repo_helper=Les membres peuvent créer de nouveaux dépôts dans l'organisation. Le créateur obtiendra l'accès administrateur au nouveau dépôt.
 teams.none_access=Aucun accès
 teams.none_access_helper=Les membres ne peuvent voir ou faire quoi que ce soit sur cette partie. Sans effet pour les dépôts publics.
-teams.general_access=Accès général
+teams.general_access=Accès personnalisé
 teams.general_access_helper=Les permissions des membres seront déterminées par la table des permissions ci-dessous.
 teams.read_access=Lecture
 teams.read_access_helper=Les membres peuvent voir et cloner les dépôts de l'équipe.
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index f6fcd5135f..6b7de91462 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -2742,7 +2742,7 @@ settings.protect_status_check_patterns_desc = Inserisci sequenze per specificare
 settings.authorization_header_desc = VerrĂ  inclusa come intestazione dell'autorizzazione per le richieste quando presente. Esempi: %s.
 pulls.title_desc_one = vuole fondere %[1]d commit da %[2]s in %[3]s
 settings.protect_unprotected_file_patterns_desc = File non protetti dei quali è consentita la modifica direttamente se l'utente ha permesso di scrittura, saltandole restrizioni di immissione. Più sequenze possono essere separate usando il punto e virgola (";"). Vedi la documentazione su %[2]s per la sintassi delle sequenze glob. Esempi .drone.yml, /docs/**/*.txt.
-settings.protect_protected_file_patterns_desc = I file non protetti non possono essere modificati direttamente neanche se l'utente ha il permesso di aggiungere, modificare o eliminare file in questo ramo. PiĂą sequenze possono essere separate usando il punto e virgola (";"). Vedi la documentazione su github.com/gobwas/glob per la sintassi della sequenze. Esempi: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc = I file non protetti non possono essere modificati direttamente neanche se l'utente ha il permesso di aggiungere, modificare o eliminare file in questo ramo. PiĂą sequenze possono essere separate usando il punto e virgola (";"). Vedi la documentazione su %s per la sintassi della sequenze. Esempi: .drone.yml, /docs/**/*.txt.
 settings.protect_no_valid_status_check_patterns = Nessuna sequenza valida per il controllo dello stato.
 settings.event_pull_request_review_request_desc = Richiesta la revisione della richiesta di modifica o richiesta di revisione rimossa.
 stars = Stelle
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index fba7f37808..b7cd2ae5d1 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -2413,7 +2413,7 @@ settings.protect_branch_name_pattern=äżťč­·ă–ă©ăłăĺŤă®ă‘ă‚żăĽăł
 settings.protect_branch_name_pattern_desc=äżťč­·ă–ă©ăłăĺŤă®ă‘ă‚żăĽăłă€‚書ăŤć–ąă«ă¤ă„ă¦ăŻ ă‰ă‚­ăĄăˇăłă を参照ă—ă¦ăŹă ă•ă„。例: main, release/**
 settings.protect_patterns=ă‘ă‚żăĽăł
 settings.protect_protected_file_patterns=äżťč­·ă•ă‚Śă‚‹ă•ă‚ˇă‚¤ă«ă®ă‘ă‚żăĽăł (ă‚»ăźă‚łă­ăł';'ă§ĺŚşĺ‡ă‚‹):
-settings.protect_protected_file_patterns_desc=äżťč­·ă•ă‚Śăźă•ă‚ˇă‚¤ă«ăŻă€ă“ă®ă–ă©ăłăă«ă•ă‚ˇă‚¤ă«ă‚’追加ă»ç·¨é›†ă»ĺ‰Šé™¤ă™ă‚‹ć¨©é™ă‚’ćŚă¤ă¦ăĽă‚¶ăĽă§ă‚ăŁă¦ă‚‚ă€ç›´ćŽĄĺ¤‰ć›´ă™ă‚‹ă“ă¨ăŚă§ăŤăŞăŹăŞă‚Šăľă™ă€‚ ă‚»ăźă‚łă­ăł(';')ă§ĺŚşĺ‡ăŁă¦č¤‡ć•°ă®ă‘ă‚żăĽăłă‚’指定ă§ăŤăľă™ă€‚ ă‘ă‚żăĽăłă®ć–‡ćł•ă«ă¤ă„ă¦ăŻ github.com/gobwas/glob を参照ă—ă¦ăŹă ă•ă„。 äľ‹: .drone.yml, /docs/**/*.txt
+settings.protect_protected_file_patterns_desc=äżťč­·ă•ă‚Śăźă•ă‚ˇă‚¤ă«ăŻă€ă“ă®ă–ă©ăłăă«ă•ă‚ˇă‚¤ă«ă‚’追加ă»ç·¨é›†ă»ĺ‰Šé™¤ă™ă‚‹ć¨©é™ă‚’ćŚă¤ă¦ăĽă‚¶ăĽă§ă‚ăŁă¦ă‚‚ă€ç›´ćŽĄĺ¤‰ć›´ă™ă‚‹ă“ă¨ăŚă§ăŤăŞăŹăŞă‚Šăľă™ă€‚ ă‚»ăźă‚łă­ăł(';')ă§ĺŚşĺ‡ăŁă¦č¤‡ć•°ă®ă‘ă‚żăĽăłă‚’指定ă§ăŤăľă™ă€‚ ă‘ă‚żăĽăłă®ć–‡ćł•ă«ă¤ă„ă¦ăŻ %s を参照ă—ă¦ăŹă ă•ă„。 äľ‹: .drone.yml, /docs/**/*.txt
 settings.protect_unprotected_file_patterns=äżťč­·ă—ăŞă„ă•ă‚ˇă‚¤ă«ă®ă‘ă‚żăĽăł (ă‚»ăźă‚łă­ăł';'ă§ĺŚşĺ‡ă‚‹):
 settings.protect_unprotected_file_patterns_desc=äżťč­·ă—ăŞă„ă•ă‚ˇă‚¤ă«ăŻă€ă¦ăĽă‚¶ăĽă«ć›¸ăŤčľĽăżć¨©é™ăŚă‚ă‚Śă°ă—ăă‚·ăĄĺ¶é™ă‚’ăイă‘ă‚ąă—ă¦ç›´ćŽĄĺ¤‰ć›´ă§ăŤăľă™ă€‚ ă‚»ăźă‚łă­ăł(';')ă§ĺŚşĺ‡ăŁă¦č¤‡ć•°ă®ă‘ă‚żăĽăłă‚’指定ă§ăŤăľă™ă€‚ ă‘ă‚żăĽăłă®ć–‡ćł•ă«ă¤ă„ă¦ăŻ %[2]s を参照ă—ă¦ăŹă ă•ă„。 äľ‹: .drone.yml, /docs/**/*.txt
 settings.add_protected_branch=保護を有効ă«ă™ă‚‹
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index f4616cd1ff..48c739bb30 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -2323,7 +2323,7 @@ settings.protect_branch_name_pattern=AizsargÄtÄ zara šablons
 settings.protect_branch_name_pattern_desc=AizsargÄto atzaru nosaukumu šabloni. Ĺ ablonu pierakstu skatÄ«t dokumentÄcijÄ. PiemÄ“ri: main, release/**
 settings.protect_patterns=Ĺ abloni
 settings.protect_protected_file_patterns=AizsargÄto failu šablons (vairÄkus var norÄdÄ«t atdalot ar semikolu ';'):
-settings.protect_protected_file_patterns_desc=AizsargÄtie faili, ko nevar mainÄ«t, pat ja lietotÄjam ir tiesÄ«bas veidot jaunus, labot vai dzÄ“st failus šajÄ atzarÄ. VairÄkus šablons ir iespÄ“jams norÄdÄ«t atdalot tos ar semikolu (';'). SÄ«kÄka informÄcija par šabloniem pieejama github.com/gobwas/glob dokumentÄcijÄ. PiemÄ“ram, .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc=AizsargÄtie faili, ko nevar mainÄ«t, pat ja lietotÄjam ir tiesÄ«bas veidot jaunus, labot vai dzÄ“st failus šajÄ atzarÄ. VairÄkus šablons ir iespÄ“jams norÄdÄ«t atdalot tos ar semikolu (';'). SÄ«kÄka informÄcija par šabloniem pieejama %s dokumentÄcijÄ. PiemÄ“ram, .drone.yml, /docs/**/*.txt.
 settings.protect_unprotected_file_patterns=NeaizsargÄto failu šablons (vairÄkus var norÄdÄ«t atdalot ar semikolu ';'):
 settings.protect_unprotected_file_patterns_desc=NeaizsargÄtie faili, ko iespÄ“jams mainÄ«t apejot iesĹ«tīšanas ierobeĹľojumus, ja lietotÄjam ir tiesÄ«bas iesĹ«tÄ«t izmaiņas šajÄ atzarÄ. VairÄkus šablons ir iespÄ“jams norÄdÄ«t atdalot tos ar semikolu (';'). SÄ«kÄka informÄcija par šabloniem pieejama %[2]s dokumentÄcijÄ. PiemÄ“ram, .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=Iespējot aizsargĚanu
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index baec116282..d254036e36 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -1356,7 +1356,7 @@ commit.cherry-pick-content=Selecteer een branch om te cherry-pick op:
 commitstatus.error=Fout
 commitstatus.pending=In behandeling
 
-ext_issues=Toegang tot externe issues
+ext_issues=Externe issues
 ext_issues.desc=Koppelen aan een externe kwestie-tracker.
 
 projects=Projecten
@@ -1503,9 +1503,9 @@ issues.context.quote_reply=Citeer antwoord
 issues.context.reference_issue=Verwijs in een nieuwe issue
 issues.context.edit=Bewerken
 issues.context.delete=Verwijder
-issues.close_comment_issue=Reageer en sluit
+issues.close_comment_issue=Sluit met commentaar
 issues.reopen_issue=Heropen
-issues.reopen_comment_issue=Reageer en heropen
+issues.reopen_comment_issue=Heropen met commentaar
 issues.create_comment=Reageer
 issues.closed_at=`heeft dit probleem gesloten %[2]s`
 issues.reopened_at=`heropende dit probleem %[2]s`
@@ -1811,7 +1811,7 @@ milestones.filter_sort.most_issues=Meeste problemen
 milestones.filter_sort.least_issues=Minste problemen
 
 
-ext_wiki=Toegang tot externe wiki
+ext_wiki=Externe wiki
 ext_wiki.desc=Koppelen aan een externe wiki.
 
 wiki=Wiki
@@ -2692,7 +2692,7 @@ settings.wiki_rename_branch_main_notices_2 = Dit zal de interne branch van %s's
 settings.trust_model.collaborator.desc = Geldige handtekeningen van samenwerkers van deze repository worden als "vertrouwd" gemarkeerd - (of ze nu overeenkomen met de committer of niet). Anders worden geldige handtekeningen gemarkeerd als "niet-vertrouwd" als de handtekening overeenkomt met de committer en "niet-gematcht" als dat niet het geval is.
 settings.trust_model.committer.desc = Geldige handtekeningen zullen alleen "vertrouwd" gemarkeerd worden als ze overeenkomen met de committer, anders zullen ze gemarkeerd worden als "ongeëvenaard". Dit dwingt Forgejo om de committer te zijn op ondertekende commits met de werkelijke committer gemarkeerd als Co-authored-by: en Co-committed-by: aanhanger in de commit. De standaard Forgejo sleutel moet overeenkomen met een gebruiker in de database.
 settings.pulls.enable_autodetect_manual_merge = Handmatig samenvoegen met autodetectie inschakelen (Opmerking: In sommige speciale gevallen kunnen hierdoor verkeerde beoordelingen optreden)
-settings.protect_protected_file_patterns_desc = Beschermde bestanden mogen niet direct gewijzigd worden, zelfs als de gebruiker rechten heeft om bestanden in deze branch toe te voegen, te bewerken of te verwijderen. Meerdere patronen kunnen gescheiden worden met een puntkomma (";"). Zie github.com/gobwas/glob documentatie voor patroon syntax. Voorbeelden: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc = Beschermde bestanden mogen niet direct gewijzigd worden, zelfs als de gebruiker rechten heeft om bestanden in deze branch toe te voegen, te bewerken of te verwijderen. Meerdere patronen kunnen gescheiden worden met een puntkomma (";"). Zie %s documentatie voor patroon syntax. Voorbeelden: .drone.yml, /docs/**/*.txt.
 wiki.delete_page_notice_1 = Het verwijderen van de wikipagina "%s" kan niet ongedaan worden gemaakt. Doorgaan?
 wiki.reserved_page = De wikipaginanaam "%s" is gereserveerd.
 activity.navbar.pulse = Puls
@@ -3959,4 +3959,9 @@ filepreview.truncated = Voorbeeld is ingekort
 
 
 [translation_meta]
-test = Oké
\ No newline at end of file
+test = Oké
+
+[repo.permissions]
+code.write = Schrijven: Push naar de repositorie, maak branches en tags.
+code.read = Lezen: Toegang en clone de code van de repository.
+issues.read = Lezen: Lees en maak issues en commentaren.
\ No newline at end of file
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index a0e5acc060..1b1ae6882f 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -2370,7 +2370,7 @@ settings.require_signed_commits_desc=Rejeitar pushes para este branch se nĂŁo es
 settings.protect_branch_name_pattern=PadrĂŁo de Nome de Branch Protegida
 settings.protect_patterns=Padrões
 settings.protect_protected_file_patterns=Padrões de arquivos protegidos (separados usando ponto e vírgula ';'):
-settings.protect_protected_file_patterns_desc=Arquivos protegidos não podem ser alterados diretamente, mesmo que o usuário tenha direitos para adicionar, editar ou excluir arquivos neste branch. Vários padrões podem ser separados usando ponto e vírgula (';'). Consulte a documentação github.com/gobwas/glob para a sintaxe padrão. Exemplos: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc=Arquivos protegidos não podem ser alterados diretamente, mesmo que o usuário tenha direitos para adicionar, editar ou excluir arquivos neste branch. Vários padrões podem ser separados usando ponto e vírgula (';'). Consulte a documentação %s para a sintaxe padrão. Exemplos: .drone.yml, /docs/**/*.txt.
 settings.protect_unprotected_file_patterns=Padrões de arquivos desprotegidos (separados usando ponto e vírgula ';'):
 settings.protect_unprotected_file_patterns_desc=Arquivos não protegidos que podem ser alterados diretamente se o usuário tiver acesso de gravação, ignorando as restrições de push. Vários padrões podem ser separados usando ponto e vírgula (\;'). Veja %[2]s documentação para sintaxe de padrões. Exemplos: .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=Habilitar proteção
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 7f2bb86b79..ae912f3ffb 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -2458,7 +2458,7 @@ settings.protect_branch_name_pattern=PadrĂŁo do nome do ramo protegido
 settings.protect_branch_name_pattern_desc=Padrões de nomes de ramos protegidos. Consulte a documentação para ver a sintaxe dos padrões. Exemplos: main, release/**
 settings.protect_patterns=Padrões
 settings.protect_protected_file_patterns=Padrões de ficheiros protegidos (separados com ponto e vírgula ";")
-settings.protect_protected_file_patterns_desc=Ficheiros protegidos não podem ser modificados imediatamente, mesmo que o utilizador tenha direitos para adicionar, editar ou eliminar ficheiros neste ramo. Múltiplos padrões podem ser separados com ponto e vírgula (";"). Veja a documentação em github.com/gobwas/glob para ver a sintaxe. Exemplos: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc=Ficheiros protegidos não podem ser modificados imediatamente, mesmo que o utilizador tenha direitos para adicionar, editar ou eliminar ficheiros neste ramo. Múltiplos padrões podem ser separados com ponto e vírgula (";"). Veja a documentação em %s para ver a sintaxe. Exemplos: .drone.yml, /docs/**/*.txt.
 settings.protect_unprotected_file_patterns=Padrões de ficheiros desprotegidos (separados com ponto e vírgula ";")
 settings.protect_unprotected_file_patterns_desc=Ficheiros desprotegidos que podem ser modificados imediatamente se o utilizador tiver direitos de escrita, contornando a restrição no envio. Padrões múltiplos podem ser separados com ponto e vírgula (";"). Veja a documentação em %[2]s para ver a sintaxe. Exemplos: .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=Habilitar salvaguarda
@@ -3954,4 +3954,24 @@ filepreview.line = Linha %[1]d em %[2]s
 filepreview.truncated = A previsĂŁo foi truncada
 
 [translation_meta]
-test = ok
\ No newline at end of file
+test = ok
+
+[repo.permissions]
+code.read = Ler: Aceder e clonar o cĂłdigo-fonte do repositĂłrio.
+releases.read = Ler: Ver e descarregar lançamentos.
+projects.read = Ler: Aceder aos quadros de planeamento do repositĂłrio.
+projects.write = Escrever: Criar planeamentos e colunas e editá-las.
+packages.read = Ler: Ver e descarregar pacotes atribuĂ­dos ao repositĂłrio.
+packages.write = Escrever: Publicar e eliminar pacotes atribuĂ­dos ao repositĂłrio.
+actions.read = Ler: Ver canais CI/CD integrados e os seus registos.
+actions.write = Escrever: Despoletar, reiniciar, cancelar ou aprovar manualmente canais CI/CD pendentes.
+ext_issues = Aceder à ligação para um rastreador de questões externo. As permissões são geridas externamente.
+ext_wiki = Aceder à ligação para um wiki externo. As permissões são geridas externamente.
+issues.write = Escrever: Fechar questões e gerir metadados, tais como rótulos, etapas, encarregados, datas de vencimento e dependências.
+pulls.read = Ler: Ler e criar pedidos de integração.
+releases.write = Escrever: Publicar, editar e eliminar lançamentos e seus recursos.
+wiki.read = Ler: Ler o wiki integrado e o seu histĂłrico.
+wiki.write = Escrever: Criar, modificar e eliminar páginas no wiki integrado.
+code.write = Escrever: Enviar para o repositĂłrio, criar ramos e etiquetas.
+issues.read = Ler: Ler e criar questões e comentários.
+pulls.write = Escrever: Fechar pedidos de integração e gerir metadados, tais como rótulos, etapas, encarregados, datas de vencimento e dependências.
\ No newline at end of file
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index e13b1341c4..450118fed4 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -1019,7 +1019,7 @@ visibility.public=ĐźŃбличный
 visibility.public_tooltip=Виден вŃем, кто может открыть этот Ńайт
 visibility.limited=Ограниченный
 visibility.limited_tooltip=Виден только зарегиŃтрированным пользователям Ńайта
-visibility.private=ЧаŃтный
+visibility.private=Скрытый
 visibility.private_tooltip=Виден только ŃчаŃтникам организаций, в которых вы ŃĐľŃтоите
 blocked_users_none = Заблокированных пользователей нет.
 user_block_success = Пользователь заблокирован.
@@ -2410,7 +2410,7 @@ settings.protect_branch_name_pattern=Шаблон названий защищё
 settings.protect_branch_name_pattern_desc=Шаблоны названий защищённых ветвей. Đž ŃинтакŃиŃе Ńаблонов читайте в докŃментации. Примеры: main, release/**
 settings.protect_patterns=Шаблоны
 settings.protect_protected_file_patterns=Шаблоны защищённых файлов, разделённые точкой Ń Đ·Đ°ĐżŃŹŃ‚ĐľĐą «;»
-settings.protect_protected_file_patterns_desc=Защищенные файлы нельзя изменить напрямŃŃŽ, даже еŃли пользователь имеет право добавлять, редактировать или Ńдалять файлы в этой ветви. Можно Ńказать неŃколько Ńаблонов, разделяя их точкой Ń Đ·Đ°ĐżŃŹŃ‚ĐľĐą («;»). Đž ŃинтакŃиŃе Ńаблонов читайте в докŃментации github.com/gobwas/glob . Примеры: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc=Защищенные файлы нельзя изменить напрямŃŃŽ, даже еŃли пользователь имеет право добавлять, редактировать или Ńдалять файлы в этой ветви. Можно Ńказать неŃколько Ńаблонов, разделяя их точкой Ń Đ·Đ°ĐżŃŹŃ‚ĐľĐą («;»). Đž ŃинтакŃиŃе Ńаблонов читайте в докŃментации %s . Примеры: .drone.yml, /docs/**/*.txt.
 settings.protect_unprotected_file_patterns=Шаблоны незащищённых файлов, разделённые точкой Ń Đ·Đ°ĐżŃŹŃ‚ĐľĐą «;»
 settings.protect_unprotected_file_patterns_desc=Незащищенные файлы, которые допŃŃкаетŃŃŹ изменять напрямŃŃŽ, еŃли пользователь имеет право на запиŃŃŚ, неŃмотря на ограничение отправки изменений. Можно Ńказать неŃколько Ńаблонов, разделяя их точкой Ń Đ·Đ°ĐżŃŹŃ‚ĐľĐą («;»). Đž ŃинтакŃиŃе Ńаблонов читайте в докŃментации %[2]s . Примеры: .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=Включить защитŃ
@@ -3967,4 +3967,20 @@ test = хи-хи!
 
 [repo.permissions]
 code.write = ЗапиŃŃŚ: отправка изменений в репозиторий, Ńоздание веток и тегов.
-code.read = Чтение: Đ´ĐľŃŃ‚ŃĐż Đş иŃŃ…ĐľĐ´Đ˝ĐľĐĽŃ ĐşĐľĐ´Ń Ń€ĐµĐżĐľĐ·Đ¸Ń‚ĐľŃ€Đ¸ŃŹ и клонированию.
\ No newline at end of file
+code.read = Чтение: проŃмотр и клонирование иŃходного кода репозитория.
+issues.read = Чтение: проŃмотр и Ńоздание задач и комментариев.
+pulls.read = Чтение: проŃмотр и открытие запроŃов Ńлияний.
+releases.read = Чтение: проŃмотр выпŃŃков и Ńкачивание файлов.
+releases.write = ЗапиŃŃŚ: ĐżŃбликация, изменение и Ńдаление выпŃŃков и их файлов.
+wiki.read = Чтение: проŃмотр Ńтраниц и иŃтории редактирования вŃтроенной вики.
+projects.write = ЗапиŃŃŚ: Ńоздание и изменение проектов и колонок.
+packages.write = ЗапиŃŃŚ: ĐżŃбликация и Ńдаление пакетов в репозитории.
+projects.read = Чтение: проŃмотр проектов в репозитории.
+ext_wiki = ДоŃŃ‚ŃĐż ко ŃŃылке на внеŃнюю вики. НаŃтройка разреŃений выполняетŃŃŹ вне Ńайта.
+actions.read = Чтение: проŃмотр интегрированных конвейеров CI/CD и их логов.
+pulls.write = ЗапиŃŃŚ: закрытие запроŃов Ńлияний и изменение их метаданных: меток, этапа, назначений, Ńрока выполнения и завиŃимоŃтей и пр.
+issues.write = ЗапиŃŃŚ: закрытие задач и изменение их метаданных: меток, этапа, назначений, Ńрока выполнения и завиŃимоŃтей и пр.
+actions.write = ЗапиŃŃŚ: Ń€Ńчной Đ·Đ°ĐżŃŃĐş, перезапŃŃĐş, отмена и одобрение работы конвейеров CI/CD.
+wiki.write = ЗапиŃŃŚ: Ńоздание, изменение и Ńдаление Ńтраниц во вŃтроенной вики.
+packages.read = Чтение: проŃмотр и Ńкачивание пакетов в репозитории.
+ext_issues = ДоŃŃ‚ŃĐż Đş ŃŃылке на внеŃний трекер задач. НаŃтройка разреŃений выполняетŃŃŹ вне Ńайта.
\ No newline at end of file
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 9aa99729d6..ef7903eb31 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -2344,7 +2344,7 @@ settings.protect_branch_name_pattern=Korunmuş Dal Adı Deseni
 settings.protect_branch_name_pattern_desc=Korunmuş dal isim desenleri. Desen sözdizimi için belgelere bakabilirsiniz. Örnekler: main, release/**
 settings.protect_patterns=Desenler
 settings.protect_protected_file_patterns=Korumalı dosya kalıpları (noktalı virgülle ayrılmış ';'):
-settings.protect_protected_file_patterns_desc=Kullanıcının bu dalda dosya ekleme, düzenleme veya silme hakları olsa bile doğrudan değiştirilmesine izin verilmeyen korumalı dosyalar. Birden çok desen noktalı virgül (';') kullanılarak ayrılabilir. Desen sözdizimi için github.com/gobwas/glob belgelerine bakın. Örnekler: .drone.yml, /docs/**/*.txt.
+settings.protect_protected_file_patterns_desc=Kullanıcının bu dalda dosya ekleme, düzenleme veya silme hakları olsa bile doğrudan değiştirilmesine izin verilmeyen korumalı dosyalar. Birden çok desen noktalı virgül (';') kullanılarak ayrılabilir. Desen sözdizimi için %s belgelerine bakın. Örnekler: .drone.yml, /docs/**/*.txt.
 settings.protect_unprotected_file_patterns=Korunmasız dosya desenleri (noktalı virgülle ayrılmış ';'):
 settings.protect_unprotected_file_patterns_desc=Kullanıcının yazma erişimi, itme kısıtlamasını atlama hakkı olduğunda doğrudan değiştirmesine izin verilen korunmasız dosyalar. Birden çok desen noktalı virgül (';') kullanılarak ayrılabilir. Desen söz dizimi için %[2]s belgelerine bakın. Örnekler: .drone.yml, /docs/**/*.txt.
 settings.add_protected_branch=Korumayı etkinleştir
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 7a1a77c3e5..42d601b8db 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -1,6 +1,6 @@
 [common]
 home=首页
-dashboard=首页
+dashboard=控ĺ¶éť˘ćťż
 explore=探索
 help=帮助
 logo=徽标
@@ -12,7 +12,7 @@ sign_up=注册
 link_account=链接账ć·
 register=注册
 version=当前ç‰ćś¬
-powered_by=Powered by %s
+powered_by=ç”± %s ćŹäľ›ć”ŻćŚ
 page=页面
 template=模板
 language=语言选项
@@ -77,7 +77,7 @@ forks=派生
 
 activities=最近活动
 pull_requests=ĺ并请求
-issues=工单管ç†
+issues=工单
 milestones=里程碑
 
 ok=确定
@@ -109,7 +109,7 @@ copy_type_unsupported=无法复ĺ¶ć­¤ç±»ĺž‹çš„文件内容
 
 write=撰写
 preview=预č§
-loading=正在加载...
+loading=正在加载…
 
 error=错误
 error404=您正尝试访问的页面 不ĺ­ĺś¨ ć– ć‚¨ĺ°šćśŞč˘«ćŽćť 查看该页面。
@@ -216,13 +216,13 @@ server_internal = 服务器内é¨é”™čŻŻ
 [startpage]
 app_desc=一款ćžć“ć­ĺ»şçš„自助 Git 服务
 install=ć“安装
-install_desc=通过 äşŚčż›ĺ¶ ćťĄčżčˇŚďĽ›ć–者通过 docker 来čżčˇŚďĽ›ć–者通过 安装包 来čżčˇŚ
+install_desc=通过 äşŚčż›ĺ¶ ćťĄčżčˇŚďĽ›ć–者通过 docker 来čżčˇŚďĽ›ć–者通过 安装包 来čżčˇŚă€‚
 platform=跨平台
 platform_desc=ĺ·˛čŻĺ®žĺŹŻä»Ąĺś¨ Linux ĺ’Ś FreeBSD 等自由操作系统以及不ĺŚçš„ CPU 架构上čżčˇŚ Forgejo。挑一个您喜欢的就行ďĽ
 lightweight=轻量级
 lightweight_desc=一个廉价的树莓派的配置足以满足 Forgejo 的最低系统硬件č¦ć±‚。最大程度上节çść‚¨çš„服务器资ćşďĽ
 license=开ćşĺŚ–
-license_desc=所有的代ç é˝ĺĽ€ćşĺś¨ Forgejo 上,赶快加入ć‘们来共ĺŚĺŹ‘展这个伟大的项目ďĽčżç­‰ä»€äąďĽźć为贡献者ĺ§ďĽ
+license_desc=取得 ForgejoďĽčµ¶ĺż«ĺŠ ĺ…Ąć‘们来共ĺŚĺŹ‘展这个伟大的项目ďĽčżç­‰ä»€äąďĽźć为贡献者ĺ§ďĽ
 
 [install]
 install=安装页面
@@ -235,7 +235,7 @@ host=数据库主机
 user=用ć·ĺŤ
 password=数据库用ć·ĺŻ†ç 
 db_name=数据库ĺŤç§°
-db_schema=Schema
+db_schema=架构模式
 db_schema_helper=留空ĺ™ć•°ćŤ®ĺş“中é»č®¤ĺ€Ľä¸ş("public")。
 ssl_mode=SSL
 path=数据库文件路径
@@ -259,8 +259,8 @@ app_name_helper=在此处输入您的实例ĺŤç§°ă€‚ĺ®ĺ°†ćľç¤şĺś¨ć‰€ćś‰éˇµéť˘
 repo_path=仓库根目录
 repo_path_helper=所有远程 Git 仓库将保ĺ­ĺ°ć­¤ç›®ĺ˝•ă€‚
 lfs_path=LFS 根目录
-lfs_path_helper=ĺ­ĺ‚¨ä¸şGit LFS的文件将被ĺ­ĺ‚¨ĺś¨ć­¤ç›®ĺ˝•ă€‚留空ç¦ç”¨LFS
-run_user=以用ć·čżčˇŚ
+lfs_path_helper=ĺ­ĺ‚¨ä¸şGit LFS的文件将被ĺ­ĺ‚¨ĺś¨ć­¤ç›®ĺ˝•ă€‚留空以ç¦ç”¨LFS。
+run_user=č¦ä˝żç”¨çš„用ć·čş«ä»˝
 run_user_helper=čľ“ĺ…Ą Forgejo čżčˇŚçš„操作系统用ć·ĺŤă€‚请注意,此用ć·ĺż…须具有对仓库根路径的访问ćťé™ă€‚
 domain=服务器域ĺŤ
 domain_helper=服务器的域ĺŤć–主机地址。
@@ -426,7 +426,7 @@ invalid_code=此确认密钥无ć•ć–已过期。
 invalid_code_forgot_password=你的确认ç ć— ć•ć–者已过期,点击 这里 开始新的会话。
 invalid_password=您的密ç ä¸Žç”¨äşŽĺ›ĺ»şč´¦ć·çš„密ç ä¸ŤĺŚąé…Ťă€‚
 reset_password_helper=ć˘ĺ¤Ťč´¦ć·
-reset_password_wrong_user=您以 %s 登录,但ć˘ĺ¤Ťč´¦ĺŹ·é“ľćŽĄćŻç”¨äşŽ %s。
+reset_password_wrong_user=您以 %s 登录,但ć˘ĺ¤Ťč´¦ĺŹ·é“ľćŽĄé€‚用于 %s
 password_too_short=密ç é•żĺş¦ä¸Ťč˝ĺ°‘于 %d 位。
 non_local_account=非本地ĺ¸ć·ä¸Ťč˝é€ščż‡ Forgejo çš„ web 界面更改密ç ă€‚
 verify=验čŻ
@@ -443,7 +443,7 @@ oauth_signup_submit=完ć账号
 oauth_signin_tab=绑定ĺ°çŽ°ćś‰ĺ¸ĺŹ·
 oauth_signin_title=登录以ćŽćťç»‘定ĺ¸ć·
 oauth_signin_submit=绑定账号
-oauth.signin.error=处ç†ćŽćťčŻ·ć±‚时出错。 如果此错误仍然ĺ­â€‹â€‹ĺś¨ďĽŚčŻ·č”系站点管ç†ĺ‘。
+oauth.signin.error=处ç†ćŽćťčŻ·ć±‚时出错。如果此错误仍然ĺ­ĺś¨ďĽŚčŻ·č”系站点管ç†ĺ‘。
 oauth.signin.error.access_denied=ćŽćťčŻ·ć±‚被拒绝。
 oauth.signin.error.temporarily_unavailable=ćŽćťĺ¤±č´ĄďĽŚĺ› ä¸şč®¤čŻćśŤĺŠˇĺ™¨ćš‚时不可用。请稍ĺŽĺ†ŤčŻ•ă€‚
 openid_connect_submit=连接
@@ -675,7 +675,7 @@ Pronouns = 代称
 Biography = 简历
 
 [user]
-change_avatar=修改头ĺŹ
+change_avatar=修改头ĺŹâ€¦
 joined_on=加入于 %s
 repositories=仓库ĺ—表
 activity=公开活动
@@ -759,7 +759,7 @@ language=界面语言
 ui=主é˘
 hidden_comment_types=éšč—Źçš„评论类型
 hidden_comment_types_description=此处选中的注释类型不会ćľç¤şĺś¨é—®é˘éˇµéť˘ä¸­ă€‚比如,勾选”标签“ĺ é™¤ć‰€ćś‰ " 添加/ĺ é™¤çš„