fix(repository): git push to an adopted repository fails

Fix adopt repository has empty object name in database (#31333) Fix #31330 Fix #31311 A workaround to fix the old database is to update object_format_name to `sha1` if it's empty or null. (cherry picked from commit 1968c2222dcf47ebd1697afb4e79a81e74702d31) With tests services/repository/adopt_test.go (cherry picked from commit 8efef06fb1)
Rename repo_updated to repo_updated_v7 to prevent regressions (#4117 )
2024-06-16 18:15:02 +00:00 · 2024-06-14 13:26:46 +00:00 · 2024-06-12 07:11:49 +00:00 · 2024-06-12 09:47:23 +05:00 · 2024-06-11 19:22:11 +00:00 · 2024-06-11 16:34:03 +00:00
1070 changed files with 11841 additions and 37263 deletions
--- a/.air.toml
+++ b/.air.toml
@ -2,10 +2,9 @@ root = "."
 tmp_dir = ".air"

 [build]
-pre_cmd = ["killall -9 gitea 2>/dev/null || true"] # kill off potential zombie processes from previous runs
 cmd = "make --no-print-directory backend"
 bin = "gitea"
-delay = 2000
+delay = 1000
 include_ext = ["go", "tmpl"]
 include_file = ["main.go"]
 include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
@ -16,14 +15,8 @@ exclude_dir = [
  "modules/avatar/testdata",
  "modules/git/tests",
  "modules/migration/file_format_testdata",
-  "modules/markup/tests/repo/repo1_filepreview",
  "routers/private/tests",
  "services/gitdiff/testdata",
-  "services/migrations/testdata",
-  "services/webhook/sourcehut/testdata",
 ]
 exclude_regex = ["_test.go$", "_gen.go$"]
 stop_on_error = true
-
-[log]
-main_only = true
--- a/.changelog.yml
+++ b/.changelog.yml
@ -0,0 +1,57 @@
+# The full repository name
+repo: go-gitea/gitea
+
+# Service type (gitea or github)
+service: github
+
+# Base URL for Gitea instance if using gitea service type (optional)
+# Default: https://gitea.com
+base-url:
+
+# Changelog groups and which labeled PRs to add to each group
+groups:
+  -
+    name: BREAKING
+    labels:
+      - pr/breaking
+  -
+    name: SECURITY
+    labels:
+      - topic/security
+  -
+    name: FEATURES
+    labels:
+      - type/feature
+  -
+    name: API
+    labels:
+      - modifies/api
+  -
+    name: ENHANCEMENTS
+    labels:
+      - type/enhancement
+      - type/refactoring
+      - topic/ui
+  -
+    name: BUGFIXES
+    labels:
+      - type/bug
+  -
+    name: TESTING
+    labels:
+      - type/testing
+  -
+    name: BUILD
+    labels:
+      - topic/build
+      - topic/code-linting
+  -
+    name: DOCS
+    labels:
+      - type/docs
+  -
+    name: MISC
+    default: true
+
+# regex indicating which labels to skip for the changelog
+skip-labels: skip-changelog|backport\/.+
--- a/.deadcode-out
+++ b/.deadcode-out
@ -1,350 +1,344 @@
-code.gitea.io/gitea/cmd
-	NoMainListener
-
-code.gitea.io/gitea/cmd/forgejo
-	ContextSetNoInit
-	ContextSetNoExit
-	ContextSetStderr
-	ContextGetStderr
-	ContextSetStdout
-	ContextSetStdin
-
-code.gitea.io/gitea/models
-	IsErrUpdateTaskNotExist
-	ErrUpdateTaskNotExist.Error
-	ErrUpdateTaskNotExist.Unwrap
-	IsErrSHANotFound
-	IsErrMergeDivergingFastForwardOnly
-	GetYamlFixturesAccess
-
-code.gitea.io/gitea/models/actions
-	ScheduleList.GetUserIDs
-	ScheduleList.GetRepoIDs
-	ScheduleList.LoadTriggerUser
-	ScheduleList.LoadRepos
-
-code.gitea.io/gitea/models/asymkey
-	ErrGPGKeyAccessDenied.Error
-	ErrGPGKeyAccessDenied.Unwrap
-	HasDeployKey
-
-code.gitea.io/gitea/models/auth
-	GetSourceByName
-	GetWebAuthnCredentialByID
-	WebAuthnCredentials
-
-code.gitea.io/gitea/models/db
-	TruncateBeans
-	InTransaction
-	DumpTables
-
-code.gitea.io/gitea/models/dbfs
-	file.renameTo
-	Create
-	Rename
-
-code.gitea.io/gitea/models/forgefed
-	GetFederationHost
-
-code.gitea.io/gitea/models/forgejo/semver
-	GetVersion
-	SetVersionString
-	SetVersion
-
-code.gitea.io/gitea/models/git
-	RemoveDeletedBranchByID
-
-code.gitea.io/gitea/models/issues
-	IsErrUnknownDependencyType
-	ErrNewIssueInsert.Error
-	IsErrIssueWasClosed
-	ChangeMilestoneStatus
-
-code.gitea.io/gitea/models/migrations/base
-	removeAllWithRetry
-	newXORMEngine
-	deleteDB
-	PrepareTestEnv
-	MainTest
-
-code.gitea.io/gitea/models/organization
-	GetTeamNamesByID
-	UpdateTeamUnits
-	SearchMembersOptions.ToConds
-	UsersInTeamsCount
-
-code.gitea.io/gitea/models/perm/access
-	GetRepoWriters
-
-code.gitea.io/gitea/models/project
-	UpdateColumnSorting
-	ChangeProjectStatus
-
-code.gitea.io/gitea/models/repo
-	DeleteAttachmentsByIssue
-	releaseSorter.Len
-	releaseSorter.Less
-	releaseSorter.Swap
-	SortReleases
-	FindReposMapByIDs
-	IsErrTopicNotExist
-	ErrTopicNotExist.Error
-	ErrTopicNotExist.Unwrap
-	GetTopicByName
-	WatchRepoMode
-
-code.gitea.io/gitea/models/unittest
-	CheckConsistencyFor
-	checkForConsistency
-	GetXORMEngine
-	OverrideFixtures
-	InitFixtures
-	LoadFixtures
-	Copy
-	CopyDir
-	NewMockWebServer
-	NormalizedFullPath
-	FixturesDir
-	fatalTestError
-	InitSettings
-	MainTest
-	CreateTestEngine
-	PrepareTestDatabase
-	PrepareTestEnv
-	Cond
-	OrderBy
-	LoadBeanIfExists
-	BeanExists
-	AssertExistsAndLoadBean
-	GetCount
-	AssertNotExistsBean
-	AssertExistsIf
-	AssertSuccessfulInsert
-	AssertCount
-	AssertInt64InRange
-
-code.gitea.io/gitea/models/user
-	IsErrPrimaryEmailCannotDelete
-	ErrUserInactive.Error
-	ErrUserInactive.Unwrap
-	IsErrExternalLoginUserAlreadyExist
-	IsErrExternalLoginUserNotExist
-	NewFederatedUser
-	IsErrUserSettingIsNotExist
-	GetUserAllSettings
-	DeleteUserSetting
-	GetUserEmailsByNames
-	GetUserNamesByIDs
-
-code.gitea.io/gitea/modules/assetfs
-	Bindata
-
-code.gitea.io/gitea/modules/auth/password/hash
-	DummyHasher.HashWithSaltBytes
-	NewDummyHasher
-
-code.gitea.io/gitea/modules/auth/password/pwn
-	WithHTTP
-
-code.gitea.io/gitea/modules/base
-	SetupGiteaRoot
-
-code.gitea.io/gitea/modules/cache
-	GetInt
-	WithNoCacheContext
-	RemoveContextData
-
-code.gitea.io/gitea/modules/charset
-	BreakWriter.Write
-
-code.gitea.io/gitea/modules/emoji
-	ReplaceCodes
-
-code.gitea.io/gitea/modules/eventsource
-	Event.String
-
-code.gitea.io/gitea/modules/forgefed
-	GetItemByType
-	JSONUnmarshalerFn
-	NotEmpty
-	ToRepository
-	OnRepository
-
-code.gitea.io/gitea/modules/git
-	AllowLFSFiltersArgs
-	AddChanges
-	AddChangesWithArgs
-	CommitChanges
-	CommitChangesWithArgs
-	IsErrExecTimeout
-	ErrExecTimeout.Error
-	ErrUnsupportedVersion.Error
-	SetUpdateHook
-	openRepositoryWithDefaultContext
-	IsTagExist
-	ToEntryMode
-	LimitedReaderCloser.Read
-	LimitedReaderCloser.Close
-
-code.gitea.io/gitea/modules/gitgraph
-	Parser.Reset
-
-code.gitea.io/gitea/modules/gitrepo
-	GetBranchCommitID
-	GetWikiDefaultBranch
-
-code.gitea.io/gitea/modules/graceful
-	Manager.TerminateContext
-	Manager.Err
-	Manager.Value
-	Manager.Deadline
-
-code.gitea.io/gitea/modules/hcaptcha
-	WithHTTP
-
-code.gitea.io/gitea/modules/json
-	StdJSON.Marshal
-	StdJSON.Unmarshal
-	StdJSON.NewEncoder
-	StdJSON.NewDecoder
-	StdJSON.Indent
-
-code.gitea.io/gitea/modules/markup
-	GetRendererByType
-	RenderString
-	IsMarkupFile
-
-code.gitea.io/gitea/modules/markup/console
-	Render
-	RenderString
-
-code.gitea.io/gitea/modules/markup/markdown
-	IsDetails
-	IsSummary
-	IsTaskCheckBoxListItem
-	IsIcon
-	RenderRawString
-
-code.gitea.io/gitea/modules/markup/markdown/math
-	WithInlineDollarParser
-	WithBlockDollarParser
-
-code.gitea.io/gitea/modules/markup/mdstripper
-	stripRenderer.AddOptions
-	StripMarkdown
-
-code.gitea.io/gitea/modules/markup/orgmode
-	RenderString
-
-code.gitea.io/gitea/modules/private
-	ActionsRunnerRegister
-
-code.gitea.io/gitea/modules/process
-	Manager.ExecTimeout
-
-code.gitea.io/gitea/modules/queue
-	newBaseChannelSimple
-	newBaseChannelUnique
-	newBaseRedisSimple
-	newBaseRedisUnique
-	testStateRecorder.Records
-	testStateRecorder.Reset
-	newWorkerPoolQueueForTest
-
-code.gitea.io/gitea/modules/queue/lqinternal
-	QueueItemIDBytes
-	QueueItemKeyBytes
-	ListLevelQueueKeys
-
-code.gitea.io/gitea/modules/setting
-	NewConfigProviderFromData
-	GitConfigType.GetOption
-	InitLoggersForTest
-
-code.gitea.io/gitea/modules/storage
-	ErrInvalidConfiguration.Error
-	IsErrInvalidConfiguration
-
-code.gitea.io/gitea/modules/structs
-	ParseCreateHook
-	ParsePushHook
-
-code.gitea.io/gitea/modules/sync
-	StatusTable.Start
-	StatusTable.IsRunning
-
-code.gitea.io/gitea/modules/testlogger
-	testLoggerWriterCloser.pushT
-	testLoggerWriterCloser.Log
-	testLoggerWriterCloser.recordError
-	testLoggerWriterCloser.printMsg
-	testLoggerWriterCloser.popT
-	testLoggerWriterCloser.Reset
-	PrintCurrentTest
-	Printf
-	NewTestLoggerWriter
-	TestLogEventWriter.Base
-	TestLogEventWriter.GetLevel
-	TestLogEventWriter.GetWriterName
-	TestLogEventWriter.GetWriterType
-	TestLogEventWriter.Run
-
-code.gitea.io/gitea/modules/timeutil
-	GetExecutableModTime
-	MockSet
-	MockUnset
-
-code.gitea.io/gitea/modules/translation
-	MockLocale.Language
-	MockLocale.TrString
-	MockLocale.Tr
-	MockLocale.TrN
-	MockLocale.TrSize
-	MockLocale.PrettyNumber
-
-code.gitea.io/gitea/modules/util/filebuffer
-	CreateFromReader
-
-code.gitea.io/gitea/modules/validation
-	IsErrNotValid
-
-code.gitea.io/gitea/modules/web
-	RouteMock
-	RouteMockReset
-
-code.gitea.io/gitea/modules/web/middleware
-	DeleteLocaleCookie
-
-code.gitea.io/gitea/routers/web
-	NotFound
-
-code.gitea.io/gitea/routers/web/org
-	MustEnableProjects
-
-code.gitea.io/gitea/services/context
-	GetPrivateContext
-
-code.gitea.io/gitea/services/convert
-	ToSecret
-
-code.gitea.io/gitea/services/forms
-	DeadlineForm.Validate
-
-code.gitea.io/gitea/services/pull
-	IsCommitStatusContextSuccess
-
-code.gitea.io/gitea/services/repository
-	IsErrForkAlreadyExist
-
-code.gitea.io/gitea/services/repository/archiver
-	ArchiveRepository
-
-code.gitea.io/gitea/services/repository/files
-	ContentType.String
-	GetFileResponseFromCommit
-	TemporaryUploadRepository.GetLastCommit
-	TemporaryUploadRepository.GetLastCommitByRef
-
-code.gitea.io/gitea/services/webhook
-	NewNotifier
+package "code.gitea.io/gitea/cmd"
+	func NoMainListener
+
+package "code.gitea.io/gitea/cmd/forgejo"
+	func ContextSetNoInit
+	func ContextSetNoExit
+	func ContextSetStderr
+	func ContextGetStderr
+	func ContextSetStdout
+	func ContextSetStdin
+
+package "code.gitea.io/gitea/models"
+	func IsErrUpdateTaskNotExist
+	func (ErrUpdateTaskNotExist).Error
+	func (ErrUpdateTaskNotExist).Unwrap
+	func IsErrSHANotFound
+	func IsErrMergeDivergingFastForwardOnly
+	func GetYamlFixturesAccess
+
+package "code.gitea.io/gitea/models/actions"
+	func (ScheduleList).GetUserIDs
+	func (ScheduleList).GetRepoIDs
+	func (ScheduleList).LoadTriggerUser
+	func (ScheduleList).LoadRepos
+	func GetVariableByID
+
+package "code.gitea.io/gitea/models/asymkey"
+	func (ErrGPGKeyAccessDenied).Error
+	func (ErrGPGKeyAccessDenied).Unwrap
+	func HasDeployKey
+
+package "code.gitea.io/gitea/models/auth"
+	func GetSourceByName
+	func GetWebAuthnCredentialByID
+	func WebAuthnCredentials
+
+package "code.gitea.io/gitea/models/db"
+	func TruncateBeans
+	func InTransaction
+	func DumpTables
+
+package "code.gitea.io/gitea/models/dbfs"
+	func (*file).renameTo
+	func Create
+	func Rename
+
+package "code.gitea.io/gitea/models/forgejo/semver"
+	func GetVersion
+	func SetVersionString
+	func SetVersion
+
+package "code.gitea.io/gitea/models/git"
+	func RemoveDeletedBranchByID
+
+package "code.gitea.io/gitea/models/issues"
+	func IsErrUnknownDependencyType
+	func (ErrNewIssueInsert).Error
+	func IsErrIssueWasClosed
+	func ChangeMilestoneStatus
+
+package "code.gitea.io/gitea/models/migrations/base"
+	func removeAllWithRetry
+	func newXORMEngine
+	func deleteDB
+	func PrepareTestEnv
+	func MainTest
+
+package "code.gitea.io/gitea/models/organization"
+	func GetTeamNamesByID
+	func UpdateTeamUnits
+	func (SearchMembersOptions).ToConds
+	func UsersInTeamsCount
+
+package "code.gitea.io/gitea/models/perm/access"
+	func GetRepoWriters
+
+package "code.gitea.io/gitea/models/project"
+	func UpdateBoardSorting
+	func ChangeProjectStatus
+
+package "code.gitea.io/gitea/models/repo"
+	func DeleteAttachmentsByIssue
+	func (*releaseSorter).Len
+	func (*releaseSorter).Less
+	func (*releaseSorter).Swap
+	func SortReleases
+	func FindReposMapByIDs
+	func (SearchOrderBy).String
+	func IsErrTopicNotExist
+	func (ErrTopicNotExist).Error
+	func (ErrTopicNotExist).Unwrap
+	func GetTopicByName
+	func WatchRepoMode
+
+package "code.gitea.io/gitea/models/unittest"
+	func CheckConsistencyFor
+	func checkForConsistency
+	func GetXORMEngine
+	func OverrideFixtures
+	func InitFixtures
+	func LoadFixtures
+	func Copy
+	func CopyDir
+	func NewMockWebServer
+	func NormalizedFullPath
+	func FixturesDir
+	func fatalTestError
+	func InitSettings
+	func MainTest
+	func CreateTestEngine
+	func PrepareTestDatabase
+	func PrepareTestEnv
+	func Cond
+	func OrderBy
+	func LoadBeanIfExists
+	func BeanExists
+	func AssertExistsAndLoadBean
+	func GetCount
+	func AssertNotExistsBean
+	func AssertExistsIf
+	func AssertSuccessfulInsert
+	func AssertCount
+	func AssertInt64InRange
+
+package "code.gitea.io/gitea/models/user"
+	func IsErrPrimaryEmailCannotDelete
+	func (ErrUserInactive).Error
+	func (ErrUserInactive).Unwrap
+	func IsErrExternalLoginUserAlreadyExist
+	func IsErrExternalLoginUserNotExist
+	func IsErrUserSettingIsNotExist
+	func GetUserAllSettings
+	func DeleteUserSetting
+	func GetUserEmailsByNames
+	func GetUserNamesByIDs
+
+package "code.gitea.io/gitea/modules/activitypub"
+	func CurrentTime
+	func containsRequiredHTTPHeaders
+	func NewClient
+	func (*Client).NewRequest
+	func (*Client).Post
+	func GetPrivateKey
+
+package "code.gitea.io/gitea/modules/assetfs"
+	func Bindata
+
+package "code.gitea.io/gitea/modules/auth/password/hash"
+	func (*DummyHasher).HashWithSaltBytes
+	func NewDummyHasher
+
+package "code.gitea.io/gitea/modules/auth/password/pwn"
+	func WithHTTP
+
+package "code.gitea.io/gitea/modules/base"
+	func SetupGiteaRoot
+
+package "code.gitea.io/gitea/modules/cache"
+	func GetInt
+	func WithNoCacheContext
+	func RemoveContextData
+
+package "code.gitea.io/gitea/modules/charset"
+	func (*BreakWriter).Write
+
+package "code.gitea.io/gitea/modules/emoji"
+	func ReplaceCodes
+
+package "code.gitea.io/gitea/modules/eventsource"
+	func (*Event).String
+
+package "code.gitea.io/gitea/modules/git"
+	func AllowLFSFiltersArgs
+	func AddChanges
+	func AddChangesWithArgs
+	func CommitChanges
+	func CommitChangesWithArgs
+	func IsErrExecTimeout
+	func (ErrExecTimeout).Error
+	func (ErrUnsupportedVersion).Error
+	func SetUpdateHook
+	func openRepositoryWithDefaultContext
+	func IsTagExist
+	func ToEntryMode
+	func (*LimitedReaderCloser).Read
+	func (*LimitedReaderCloser).Close
+
+package "code.gitea.io/gitea/modules/gitgraph"
+	func (*Parser).Reset
+
+package "code.gitea.io/gitea/modules/gitrepo"
+	func GetBranchCommitID
+	func GetWikiDefaultBranch
+
+package "code.gitea.io/gitea/modules/graceful"
+	func (*Manager).TerminateContext
+	func (*Manager).Err
+	func (*Manager).Value
+	func (*Manager).Deadline
+
+package "code.gitea.io/gitea/modules/hcaptcha"
+	func WithHTTP
+
+package "code.gitea.io/gitea/modules/json"
+	func (StdJSON).Marshal
+	func (StdJSON).Unmarshal
+	func (StdJSON).NewEncoder
+	func (StdJSON).NewDecoder
+	func (StdJSON).Indent
+
+package "code.gitea.io/gitea/modules/markup"
+	func IsSameDomain
+	func GetRendererByType
+	func RenderString
+	func IsMarkupFile
+
+package "code.gitea.io/gitea/modules/markup/console"
+	func Render
+	func RenderString
+
+package "code.gitea.io/gitea/modules/markup/markdown"
+	func IsDetails
+	func IsSummary
+	func IsTaskCheckBoxListItem
+	func IsIcon
+	func RenderRawString
+
+package "code.gitea.io/gitea/modules/markup/markdown/math"
+	func WithInlineDollarParser
+	func WithBlockDollarParser
+
+package "code.gitea.io/gitea/modules/markup/mdstripper"
+	func StripMarkdown
+
+package "code.gitea.io/gitea/modules/markup/orgmode"
+	func RenderString
+
+package "code.gitea.io/gitea/modules/private"
+	func ActionsRunnerRegister
+
+package "code.gitea.io/gitea/modules/process"
+	func (*Manager).ExecTimeout
+
+package "code.gitea.io/gitea/modules/queue"
+	func newBaseChannelSimple
+	func newBaseChannelUnique
+	func newBaseRedisSimple
+	func newBaseRedisUnique
+	func newWorkerPoolQueueForTest
+
+package "code.gitea.io/gitea/modules/queue/lqinternal"
+	func QueueItemIDBytes
+	func QueueItemKeyBytes
+	func ListLevelQueueKeys
+
+package "code.gitea.io/gitea/modules/setting"
+	func NewConfigProviderFromData
+	func (*GitConfigType).GetOption
+	func InitLoggersForTest
+
+package "code.gitea.io/gitea/modules/storage"
+	func (ErrInvalidConfiguration).Error
+	func IsErrInvalidConfiguration
+
+package "code.gitea.io/gitea/modules/structs"
+	func ParseCreateHook
+	func ParsePushHook
+
+package "code.gitea.io/gitea/modules/sync"
+	func (*StatusTable).Start
+	func (*StatusTable).IsRunning
+
+package "code.gitea.io/gitea/modules/testlogger"
+	func (*testLoggerWriterCloser).pushT
+	func (*testLoggerWriterCloser).Log
+	func (*testLoggerWriterCloser).recordError
+	func (*testLoggerWriterCloser).printMsg
+	func (*testLoggerWriterCloser).popT
+	func (*testLoggerWriterCloser).Reset
+	func PrintCurrentTest
+	func Printf
+	func NewTestLoggerWriter
+	func (*TestLogEventWriter).Base
+	func (*TestLogEventWriter).GetLevel
+	func (*TestLogEventWriter).GetWriterName
+	func (*TestLogEventWriter).GetWriterType
+	func (*TestLogEventWriter).Run
+
+package "code.gitea.io/gitea/modules/timeutil"
+	func GetExecutableModTime
+	func MockSet
+	func MockUnset
+
+package "code.gitea.io/gitea/modules/translation"
+	func (MockLocale).Language
+	func (MockLocale).TrString
+	func (MockLocale).Tr
+	func (MockLocale).TrN
+	func (MockLocale).TrSize
+	func (MockLocale).PrettyNumber
+
+package "code.gitea.io/gitea/modules/util/filebuffer"
+	func CreateFromReader
+
+package "code.gitea.io/gitea/modules/web"
+	func RouteMock
+	func RouteMockReset
+
+package "code.gitea.io/gitea/modules/web/middleware"
+	func DeleteLocaleCookie
+
+package "code.gitea.io/gitea/routers/web"
+	func NotFound
+
+package "code.gitea.io/gitea/routers/web/org"
+	func MustEnableProjects
+
+package "code.gitea.io/gitea/services/context"
+	func GetPrivateContext
+
+package "code.gitea.io/gitea/services/convert"
+	func ToSecret
+
+package "code.gitea.io/gitea/services/forms"
+	func (*DeadlineForm).Validate
+
+package "code.gitea.io/gitea/services/pull"
+	func IsCommitStatusContextSuccess
+
+package "code.gitea.io/gitea/services/repository"
+	func IsErrForkAlreadyExist
+
+package "code.gitea.io/gitea/services/repository/archiver"
+	func ArchiveRepository
+
+package "code.gitea.io/gitea/services/repository/files"
+	func (*ContentType).String
+	func GetFileResponseFromCommit
+	func (*TemporaryUploadRepository).GetLastCommit
+	func (*TemporaryUploadRepository).GetLastCommitByRef
+
+package "code.gitea.io/gitea/services/webhook"
+	func NewNotifier

--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,17 +1,16 @@
 {
  "name": "Gitea DevContainer",
-  "image": "mcr.microsoft.com/devcontainers/go:1.22-bullseye",
+  "image": "mcr.microsoft.com/devcontainers/go:1.21-bullseye",
  "features": {
    // installs nodejs into container
    "ghcr.io/devcontainers/features/node:1": {
      "version": "20"
    },
-    "ghcr.io/devcontainers/features/git-lfs:1.2.1": {},
+    "ghcr.io/devcontainers/features/git-lfs:1.1.0": {},
    "ghcr.io/devcontainers-contrib/features/poetry:2": {},
    "ghcr.io/devcontainers/features/python:1": {
      "version": "3.12"
-    },
-    "ghcr.io/warrenbuckley/codespace-features/sqlite:1": {}
+    }
  },
  "customizations": {
    "vscode": {
@ -26,9 +25,8 @@
        "Vue.volar",
        "ms-azuretools.vscode-docker",
        "vitest.explorer",
-        "cweijan.vscode-database-client2",
-        "GitHub.vscode-pull-request-github",
-        "Azurite.azurite"
+        "qwtel.sqlite-viewer",
+        "GitHub.vscode-pull-request-github"
      ]
    }
  },
--- a/.dockerignore
+++ b/.dockerignore
@ -77,6 +77,7 @@ cpu.out
 /public/assets/css
 /public/assets/fonts
 /public/assets/img/avatar
+/public/assets/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
@ -94,9 +95,6 @@ cpu.out
 /.air
 /.go-licenses

-# Files and folders that were previously generated
-/public/assets/img/webpack
-
 # Snapcraft
 snap/.snapcraft/
 parts/
--- a/.editorconfig
+++ b/.editorconfig
@ -9,7 +9,7 @@ charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true

-[{*.{go,tmpl,html},Makefile,go.mod}]
+[*.{go,tmpl,html}]
 indent_style = tab

 [templates/custom/*.tmpl]
@ -21,6 +21,9 @@ indent_style = space
 [templates/user/auth/oidc_wellknown.tmpl]
 indent_style = space

+[Makefile]
+indent_style = tab
+
 [*.svg]
 insert_final_newline = false

--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@ -3,8 +3,6 @@ reportUnusedDisableDirectives: true

 ignorePatterns:
  - /web_src/js/vendor
-  - /web_src/fomantic
-  - /public/assets/js

 parserOptions:
  sourceType: module
@ -311,7 +309,7 @@ rules:
  jquery/no-merge: [2]
  jquery/no-param: [2]
  jquery/no-parent: [0]
-  jquery/no-parents: [2]
+  jquery/no-parents: [0]
  jquery/no-parse-html: [2]
  jquery/no-prop: [2]
  jquery/no-proxy: [2]
@ -320,8 +318,8 @@ rules:
  jquery/no-show: [2]
  jquery/no-size: [2]
  jquery/no-sizzle: [0]
-  jquery/no-slide: [2]
-  jquery/no-submit: [2]
+  jquery/no-slide: [0]
+  jquery/no-submit: [0]
  jquery/no-text: [0]
  jquery/no-toggle: [2]
  jquery/no-trigger: [0]
@ -459,7 +457,7 @@ rules:
  no-jquery/no-other-utils: [2]
  no-jquery/no-param: [2]
  no-jquery/no-parent: [0]
-  no-jquery/no-parents: [2]
+  no-jquery/no-parents: [0]
  no-jquery/no-parse-html-literal: [0]
  no-jquery/no-parse-html: [2]
  no-jquery/no-parse-json: [2]
@ -538,7 +536,7 @@ rules:
  no-underscore-dangle: [0]
  no-unexpected-multiline: [2]
  no-unmodified-loop-condition: [2]
-  no-unneeded-ternary: [2]
+  no-unneeded-ternary: [0]
  no-unreachable-loop: [2]
  no-unreachable: [2]
  no-unsafe-finally: [2]
@ -717,14 +715,12 @@ rules:
  unicorn/import-style: [0]
  unicorn/new-for-builtins: [2]
  unicorn/no-abusive-eslint-disable: [0]
-  unicorn/no-anonymous-default-export: [0]
  unicorn/no-array-callback-reference: [0]
  unicorn/no-array-for-each: [2]
  unicorn/no-array-method-this-argument: [2]
  unicorn/no-array-push-push: [2]
  unicorn/no-array-reduce: [2]
  unicorn/no-await-expression-member: [0]
-  unicorn/no-await-in-promise-methods: [2]
  unicorn/no-console-spaces: [0]
  unicorn/no-document-cookie: [2]
  unicorn/no-empty-file: [2]
@ -741,7 +737,6 @@ rules:
  unicorn/no-null: [0]
  unicorn/no-object-as-default-parameter: [0]
  unicorn/no-process-exit: [0]
-  unicorn/no-single-promise-in-promise-methods: [2]
  unicorn/no-static-only-class: [2]
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
--- a/.forgejo/testdata/build-release/Dockerfile
+++ b/.forgejo/testdata/build-release/Dockerfile
@ -1,4 +1,4 @@
-FROM code.forgejo.org/oci/alpine:3.20
+FROM code.forgejo.org/oci/alpine:3.19
 ARG RELEASE_VERSION=unkown
 LABEL maintainer="contact@forgejo.org" \
      org.opencontainers.image.version="${RELEASE_VERSION}"
--- a/.forgejo/workflows/backport.yml
+++ b/.forgejo/workflows/backport.yml
@ -45,13 +45,39 @@ jobs:
          cat <<'EOF'
          ${{ toJSON(github) }}
          EOF
-      - uses: https://code.forgejo.org/actions/git-backporting@v4.8.0
+      - name: Fetch labels
+        id: fetch-labels
+        shell: bash
+        run: |
+          set -x
+          echo "Labels retrieved below"
+          export DEBIAN_FRONTEND=noninteractive
+          apt-get update -qq
+          apt-get -q install -qq -y jq
+          filtered_labels=$(echo "$LABELS" | jq -c 'map(select(.name | startswith("backport/v")))')
+          echo "FILTERED_LABELS=${filtered_labels}" >> $GITHUB_ENV
+        env:
+          LABELS: ${{ toJSON(github.event.pull_request.labels) }}
+      - name: Extract targets
+        id: extract-targets
+        shell: bash
+        run: |
+          set -x
+          targets="$(echo $FILTERED_LABELS | jq -c '[.[] | .name | sub("backport/"; "")]')"
+          echo "targets=$(echo $targets)" >> $GITHUB_OUTPUT
+
+      - name: Printing info
+        shell: bash
+        run: |
+          echo "targets: ${{ steps.extract-targets.outputs.targets }}"
+          echo "target-branch: ${{ fromJSON(steps.extract-targets.outputs.targets)[0] }}"
+          echo "pull-request: ${{ github.event.pull_request.url }}"
+
+      - uses: https://code.forgejo.org/actions/git-backporting@v4.6.0
        with:
-          target-branch-pattern: "^backport/(?<target>(v.*))$"
+          target-branch: ${{ fromJSON(steps.extract-targets.outputs.targets)[0] }}/forgejo
          strategy: ort
          strategy-option: find-renames
-          cherry-pick-options: -x
+          no-squash: true
          auth: ${{ secrets.BACKPORT_TOKEN }}
          pull-request: ${{ github.event.pull_request.url }}
-          auto-no-squash: true
-          enable-err-notification: true
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@ -1,8 +1,3 @@
-#
-# Runs every 2 hours, but Renovate is limited to create new PR before 4am.
-# See renovate.json for more settings.
-# Automerge is enabled for Renovate PR's but need to be approved before.
-#
 name: renovate

 on:
@ -10,7 +5,7 @@ on:
    branches:
      - 'renovate/**' # self-test updates
  schedule:
-    - cron: '0 0/2 * * *'
+    - cron: '*/30 * * * *'

 env:
  RENOVATE_DRY_RUN: ${{ (github.event_name != 'schedule' && github.ref_name != github.event.repository.default_branch) && 'full' || '' }}
@ -22,22 +17,18 @@ jobs:

    runs-on: docker
    container:
-      image: ghcr.io/visualon/renovate:37.414.1
+      image: ghcr.io/visualon/renovate:37.272.0

    steps:
-      - name: Load renovate repo cache
-        uses: https://code.forgejo.org/actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      - uses: https://code.forgejo.org/actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
        with:
          path: |
            .tmp/cache/renovate/repository
-            .tmp/cache/renovate/renovate-cache-sqlite
-            .tmp/osv
          key: repo-cache-${{ github.run_id }}
          restore-keys: |
            repo-cache-

-      - name: Run renovate
-        run: renovate
+      - run: renovate
        env:
          GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
          LOG_LEVEL: debug
@ -48,21 +39,15 @@ jobs:
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          RENOVATE_GIT_AUTHOR: 'Renovate Bot <forgejo-renovate-action@forgejo.org>'

-          RENOVATE_X_SQLITE_PACKAGE_CACHE: true
-
          GIT_AUTHOR_NAME: 'Renovate Bot'
          GIT_AUTHOR_EMAIL: 'forgejo-renovate-action@forgejo.org'
          GIT_COMMITTER_NAME: 'Renovate Bot'
          GIT_COMMITTER_EMAIL: 'forgejo-renovate-action@forgejo.org'

-          OSV_OFFLINE_ROOT_DIR: ${{ github.workspace }}/.tmp/osv
-
      - name: Save renovate repo cache
-        if: always() && env.RENOVATE_DRY_RUN != 'full'
+        if: always() && env.RENOVATE_DRY_RUN == 'true'
        uses: https://code.forgejo.org/actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
        with:
          path: |
            .tmp/cache/renovate/repository
-            .tmp/cache/renovate/renovate-cache-sqlite
-            .tmp/osv
          key: repo-cache-${{ github.run_id }}
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@ -36,7 +36,7 @@ jobs:
      - run: make deps-frontend
      - run: make lint-frontend
      - run: make checks-frontend
-      - run: make test-frontend-coverage
+      - run: make test-frontend
      - run: make frontend
  test-unit:
    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
@ -45,12 +45,8 @@ jobs:
    container:
      image: 'docker.io/node:20-bookworm'
    services:
-      elasticsearch:
-        image: elasticsearch:7.17.22
-        env:
-          discovery.type: single-node
      minio:
-        image: bitnami/minio:2024.3.30
+        image: bitnami/minio:2024.2.26
        options: >-
          --hostname gitea.minio
        env:
@ -86,59 +82,6 @@ jobs:
        env:
          RACE_ENABLED: 'true'
          TAGS: bindata
-          TEST_ELASTICSEARCH_URL: http://elasticsearch:9200
-  test-remote-cacher:
-    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
-    runs-on: docker
-    needs: [backend-checks, frontend-checks]
-    container:
-      image: 'docker.io/node:20-bookworm'
-    strategy:
-      matrix:
-        cacher:
-          # redis
-          - image: redis:7.2
-            port: 6379
-          # redict
-          - image: registry.redict.io/redict:7.3.0-scratch
-            port: 6379
-          # garnet
-          - image: ghcr.io/microsoft/garnet-alpine:1.0.14
-            port: 6379
-    services:
-      cacher:
-        image: ${{ matrix.cacher.image }}
-        options: ${{ matrix.cacher.options }}
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
-      - uses: https://code.forgejo.org/actions/setup-go@v4
-        with:
-          go-version: "1.22"
-      - run: |
-          git config --add safe.directory '*'
-          adduser --quiet --comment forgejo --disabled-password forgejo
-          chown -R forgejo:forgejo .
-      - name: install git >= 2.42
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          echo deb http://deb.debian.org/debian/ testing  main > /etc/apt/sources.list.d/testing.list
-          apt-get update -qq
-          apt-get -q install -qq -y git
-          rm /etc/apt/sources.list.d/testing.list
-          apt-get update -qq
-      - run: |
-          su forgejo -c 'make deps-backend'
-      - run: |
-          su forgejo -c 'make backend'
-        env:
-          TAGS: bindata
-      - run: |
-          su forgejo -c 'make test-remote-cacher test-check'
-        timeout-minutes: 50
-        env:
-          RACE_ENABLED: 'true'
-          TAGS: bindata
-          TEST_REDIS_SERVER: cacher:${{ matrix.cacher.port }}
  test-mysql:
    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
    runs-on: docker
@ -193,12 +136,10 @@ jobs:
      image: 'docker.io/node:20-bookworm'
    services:
      minio:
-        image: bitnami/minio:2024.3.30
+        image: bitnami/minio:2024.2.26
        env:
          MINIO_ROOT_USER: 123456
          MINIO_ROOT_PASSWORD: 12345678
-      ldap:
-        image: docker.io/gitea/test-openldap:latest
      pgsql:
        image: 'docker.io/postgres:15'
        env:
@ -235,7 +176,6 @@ jobs:
          TAGS: bindata
          RACE_ENABLED: true
          USE_REPO_TEST_DIR: 1
-          TEST_LDAP: 1
  test-sqlite:
    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
    runs-on: docker
--- a/.gitattributes
+++ b/.gitattributes
@ -1,6 +1,5 @@
 * text=auto eol=lf
 *.tmpl linguist-language=go-html-template
-*.pb.go linguist-generated
 /assets/*.json linguist-generated
 /public/assets/img/svg/*.svg linguist-generated
 /templates/swagger/v1_json.tmpl linguist-generated
--- a/.gitea/issue_template/bug-report.yaml
+++ b/.gitea/issue_template/bug-report.yaml
@ -87,3 +87,4 @@ body:
    - SQLite
    - PostgreSQL
    - MySQL
+    - MSSQL
--- a/.gitignore
+++ b/.gitignore
@ -83,6 +83,7 @@ cpu.out
 /public/assets/css
 /public/assets/fonts
 /public/assets/licenses.txt
+/public/assets/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
@ -101,9 +102,6 @@ cpu.out
 /.go-licenses
 /.cur-deadcode-out

-# Files and folders that were previously generated
-/public/assets/img/webpack
-
 # Snapcraft
 /gitea_a*.txt
 snap/.snapcraft/
--- a/.gitpod.yml
+++ b/.gitpod.yml
@ -43,7 +43,7 @@ vscode:
    - Vue.volar
    - ms-azuretools.vscode-docker
    - vitest.explorer
-    - cweijan.vscode-database-client2
+    - qwtel.sqlite-viewer
    - GitHub.vscode-pull-request-github

 ports:
--- a/.golangci.yml
+++ b/.golangci.yml
@ -1,14 +1,13 @@
 linters:
-  enable-all: false
-  disable-all: true
-  fast: false
  enable:
    - bidichk
+    # - deadcode # deprecated - https://github.com/golangci/golangci-lint/issues/1841
    - depguard
    - dupl
    - errcheck
    - forbidigo
    - gocritic
+    # - gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
    - gofumpt
    - gosimple
@ -18,12 +17,16 @@ linters:
    - nolintlint
    - revive
    - staticcheck
+    # - structcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
    - stylecheck
    - typecheck
    - unconvert
    - unused
-    - unparam
+    # - varcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
    - wastedassign
+  enable-all: false
+  disable-all: true
+  fast: false

 run:
  timeout: 10m
@ -32,11 +35,6 @@ run:
    - public
    - web_src

-output:
-  sort-results: true
-  sort-order: [file]
-  show-stats: true
-
 linters-settings:
  stylecheck:
    checks: ["all", "-ST1005", "-ST1003"]
@ -47,39 +45,33 @@ linters-settings:
      - ifElseChain
      - singleCaseSwitch # Every time this occurred in the code, there  was no other way.
  revive:
-    severity: error
+    ignore-generated-header: false
+    severity: warning
+    confidence: 0.8
+    errorCode: 1
+    warningCode: 1
    rules:
-      - name: atomic
-      - name: bare-return
      - name: blank-imports
-      - name: constant-logical-expr
      - name: context-as-argument
      - name: context-keys-type
      - name: dot-imports
-      - name: duplicated-imports
-      - name: empty-lines
-      - name: error-naming
      - name: error-return
      - name: error-strings
-      - name: errorf
+      - name: error-naming
      - name: exported
-      - name: identical-branches
      - name: if-return
      - name: increment-decrement
-      - name: indent-error-flow
-      - name: modifies-value-receiver
+      - name: var-naming
+      - name: var-declaration
      - name: package-comments
      - name: range
      - name: receiver-naming
-      - name: redefines-builtin-id
-      - name: string-of-int
-      - name: superfluous-else
      - name: time-naming
-      - name: unconditional-recursion
      - name: unexported-return
-      - name: unreachable-code
-      - name: var-declaration
-      - name: var-naming
+      - name: indent-error-flow
+      - name: errorf
+      - name: duplicated-imports
+      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
  depguard:
@ -104,12 +96,8 @@ linters-settings:
 issues:
  max-issues-per-linter: 0
  max-same-issues: 0
-  exclude-dirs: [node_modules, public, web_src]
-  exclude-case-sensitive: true
  exclude-rules:
-    - path: models/db/sql_postgres_with_schema.go
-      linters:
-        - nolintlint
+    # Exclude some linters from running on tests files.
    - path: _test\.go
      linters:
        - gocyclo
@ -127,19 +115,19 @@ issues:
    - path: cmd
      linters:
        - forbidigo
-    - text: "webhook"
-      linters:
+    - linters:
        - dupl
-    - text: "`ID' should not be capitalized"
-      linters:
+      text: "webhook"
+    - linters:
        - gocritic
-    - text: "swagger"
-      linters:
+      text: "`ID' should not be capitalized"
+    - linters:
        - unused
        - deadcode
-    - text: "argument x is overwritten before first use"
-      linters:
+      text: "swagger"
+    - linters:
        - staticcheck
+      text: "argument x is overwritten before first use"
    - text: "commentFormatting: put a space between `//` and comment text"
      linters:
        - gocritic
--- a/.ignore
+++ b/.ignore
@ -4,8 +4,6 @@
 /modules/options/bindata.go
 /modules/public/bindata.go
 /modules/templates/bindata.go
-/options/gitignore
-/options/license
-/public/assets
 /vendor
+/public/assets
 node_modules
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@ -0,0 +1,223 @@
+plugins:
+  - stylelint-declaration-strict-value
+  - stylelint-declaration-block-no-ignored-properties
+  - "@stylistic/stylelint-plugin"
+
+ignoreFiles:
+  - "**/*.go"
+
+overrides:
+  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console.css", "font_i18n.css"]
+    rules:
+      scale-unlimited/declaration-strict-value: null
+  - files: ["**/chroma/*", "**/codemirror/*"]
+    rules:
+      block-no-empty: null
+  - files: ["**/*.vue"]
+    customSyntax: postcss-html
+
+rules:
+  "@stylistic/at-rule-name-case": null
+  "@stylistic/at-rule-name-newline-after": null
+  "@stylistic/at-rule-name-space-after": null
+  "@stylistic/at-rule-semicolon-newline-after": null
+  "@stylistic/at-rule-semicolon-space-before": null
+  "@stylistic/block-closing-brace-empty-line-before": null
+  "@stylistic/block-closing-brace-newline-after": null
+  "@stylistic/block-closing-brace-newline-before": null
+  "@stylistic/block-closing-brace-space-after": null
+  "@stylistic/block-closing-brace-space-before": null
+  "@stylistic/block-opening-brace-newline-after": null
+  "@stylistic/block-opening-brace-newline-before": null
+  "@stylistic/block-opening-brace-space-after": null
+  "@stylistic/block-opening-brace-space-before": always
+  "@stylistic/color-hex-case": lower
+  "@stylistic/declaration-bang-space-after": never
+  "@stylistic/declaration-bang-space-before": null
+  "@stylistic/declaration-block-semicolon-newline-after": null
+  "@stylistic/declaration-block-semicolon-newline-before": null
+  "@stylistic/declaration-block-semicolon-space-after": null
+  "@stylistic/declaration-block-semicolon-space-before": never
+  "@stylistic/declaration-block-trailing-semicolon": null
+  "@stylistic/declaration-colon-newline-after": null
+  "@stylistic/declaration-colon-space-after": null
+  "@stylistic/declaration-colon-space-before": never
+  "@stylistic/function-comma-newline-after": null
+  "@stylistic/function-comma-newline-before": null
+  "@stylistic/function-comma-space-after": null
+  "@stylistic/function-comma-space-before": null
+  "@stylistic/function-max-empty-lines": 0
+  "@stylistic/function-parentheses-newline-inside": never-multi-line
+  "@stylistic/function-parentheses-space-inside": null
+  "@stylistic/function-whitespace-after": null
+  "@stylistic/indentation": 2
+  "@stylistic/linebreaks": null
+  "@stylistic/max-empty-lines": 1
+  "@stylistic/max-line-length": null
+  "@stylistic/media-feature-colon-space-after": null
+  "@stylistic/media-feature-colon-space-before": never
+  "@stylistic/media-feature-name-case": null
+  "@stylistic/media-feature-parentheses-space-inside": null
+  "@stylistic/media-feature-range-operator-space-after": always
+  "@stylistic/media-feature-range-operator-space-before": always
+  "@stylistic/media-query-list-comma-newline-after": null
+  "@stylistic/media-query-list-comma-newline-before": null
+  "@stylistic/media-query-list-comma-space-after": null
+  "@stylistic/media-query-list-comma-space-before": null
+  "@stylistic/named-grid-areas-alignment": null
+  "@stylistic/no-empty-first-line": null
+  "@stylistic/no-eol-whitespace": true
+  "@stylistic/no-extra-semicolons": true
+  "@stylistic/no-missing-end-of-source-newline": null
+  "@stylistic/number-leading-zero": null
+  "@stylistic/number-no-trailing-zeros": null
+  "@stylistic/property-case": lower
+  "@stylistic/selector-attribute-brackets-space-inside": null
+  "@stylistic/selector-attribute-operator-space-after": null
+  "@stylistic/selector-attribute-operator-space-before": null
+  "@stylistic/selector-combinator-space-after": null
+  "@stylistic/selector-combinator-space-before": null
+  "@stylistic/selector-descendant-combinator-no-non-space": null
+  "@stylistic/selector-list-comma-newline-after": null
+  "@stylistic/selector-list-comma-newline-before": null
+  "@stylistic/selector-list-comma-space-after": always-single-line
+  "@stylistic/selector-list-comma-space-before": never-single-line
+  "@stylistic/selector-max-empty-lines": 0
+  "@stylistic/selector-pseudo-class-case": lower
+  "@stylistic/selector-pseudo-class-parentheses-space-inside": never
+  "@stylistic/selector-pseudo-element-case": lower
+  "@stylistic/string-quotes": double
+  "@stylistic/unicode-bom": null
+  "@stylistic/unit-case": lower
+  "@stylistic/value-list-comma-newline-after": null
+  "@stylistic/value-list-comma-newline-before": null
+  "@stylistic/value-list-comma-space-after": null
+  "@stylistic/value-list-comma-space-before": null
+  "@stylistic/value-list-max-empty-lines": 0
+  alpha-value-notation: null
+  annotation-no-unknown: true
+  at-rule-allowed-list: null
+  at-rule-disallowed-list: null
+  at-rule-empty-line-before: null
+  at-rule-no-unknown: [true, {ignoreAtRules: [tailwind]}]
+  at-rule-no-vendor-prefix: true
+  at-rule-property-required-list: null
+  block-no-empty: true
+  color-function-notation: null
+  color-hex-alpha: null
+  color-hex-length: null
+  color-named: null
+  color-no-hex: null
+  color-no-invalid-hex: true
+  comment-empty-line-before: null
+  comment-no-empty: true
+  comment-pattern: null
+  comment-whitespace-inside: null
+  comment-word-disallowed-list: null
+  custom-media-pattern: null
+  custom-property-empty-line-before: null
+  custom-property-no-missing-var-function: true
+  custom-property-pattern: null
+  declaration-block-no-duplicate-custom-properties: true
+  declaration-block-no-duplicate-properties: [true, {ignore: [consecutive-duplicates-with-different-values]}]
+  declaration-block-no-redundant-longhand-properties: null
+  declaration-block-no-shorthand-property-overrides: null
+  declaration-block-single-line-max-declarations: null
+  declaration-empty-line-before: null
+  declaration-no-important: null
+  declaration-property-max-values: null
+  declaration-property-unit-allowed-list: null
+  declaration-property-unit-disallowed-list: {line-height: [em]}
+  declaration-property-value-allowed-list: null
+  declaration-property-value-disallowed-list: null
+  declaration-property-value-no-unknown: true
+  font-family-name-quotes: always-where-recommended
+  font-family-no-duplicate-names: true
+  font-family-no-missing-generic-family-keyword: true
+  font-weight-notation: null
+  function-allowed-list: null
+  function-calc-no-unspaced-operator: true
+  function-disallowed-list: null
+  function-linear-gradient-no-nonstandard-direction: true
+  function-name-case: lower
+  function-no-unknown: true
+  function-url-no-scheme-relative: null
+  function-url-quotes: always
+  function-url-scheme-allowed-list: null
+  function-url-scheme-disallowed-list: null
+  hue-degree-notation: null
+  import-notation: string
+  keyframe-block-no-duplicate-selectors: true
+  keyframe-declaration-no-important: true
+  keyframe-selector-notation: null
+  keyframes-name-pattern: null
+  length-zero-no-unit: [true, ignore: [custom-properties], ignoreFunctions: [var]]
+  max-nesting-depth: null
+  media-feature-name-allowed-list: null
+  media-feature-name-disallowed-list: null
+  media-feature-name-no-unknown: true
+  media-feature-name-no-vendor-prefix: true
+  media-feature-name-unit-allowed-list: null
+  media-feature-name-value-allowed-list: null
+  media-feature-name-value-no-unknown: true
+  media-feature-range-notation: null
+  media-query-no-invalid: true
+  named-grid-areas-no-invalid: true
+  no-descending-specificity: null
+  no-duplicate-at-import-rules: true
+  no-duplicate-selectors: true
+  no-empty-source: true
+  no-invalid-double-slash-comments: true
+  no-invalid-position-at-import-rule: [true, ignoreAtRules: [tailwind]]
+  no-irregular-whitespace: true
+  no-unknown-animations: null
+  no-unknown-custom-properties: null
+  number-max-precision: null
+  plugin/declaration-block-no-ignored-properties: true
+  property-allowed-list: null
+  property-disallowed-list: null
+  property-no-unknown: true
+  property-no-vendor-prefix: null
+  rule-empty-line-before: null
+  rule-selector-property-disallowed-list: null
+  scale-unlimited/declaration-strict-value: [[/color$/, font-weight], {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor|none)$/, ignoreFunctions: false, disableFix: true, expandShorthand: true}]
+  selector-anb-no-unmatchable: true
+  selector-attribute-name-disallowed-list: null
+  selector-attribute-operator-allowed-list: null
+  selector-attribute-operator-disallowed-list: null
+  selector-attribute-quotes: always
+  selector-class-pattern: null
+  selector-combinator-allowed-list: null
+  selector-combinator-disallowed-list: null
+  selector-disallowed-list: null
+  selector-id-pattern: null
+  selector-max-attribute: null
+  selector-max-class: null
+  selector-max-combinators: null
+  selector-max-compound-selectors: null
+  selector-max-id: null
+  selector-max-pseudo-class: null
+  selector-max-specificity: null
+  selector-max-type: null
+  selector-max-universal: null
+  selector-nested-pattern: null
+  selector-no-qualifying-type: null
+  selector-no-vendor-prefix: true
+  selector-not-notation: null
+  selector-pseudo-class-allowed-list: null
+  selector-pseudo-class-disallowed-list: null
+  selector-pseudo-class-no-unknown: true
+  selector-pseudo-element-allowed-list: null
+  selector-pseudo-element-colon-notation: double
+  selector-pseudo-element-disallowed-list: null
+  selector-pseudo-element-no-unknown: true
+  selector-type-case: lower
+  selector-type-no-unknown: [true, {ignore: [custom-elements]}]
+  shorthand-property-no-redundant-values: true
+  string-no-newline: true
+  time-min-milliseconds: null
+  unit-allowed-list: null
+  unit-disallowed-list: null
+  unit-no-unknown: true
+  value-keyword-case: null
+  value-no-vendor-prefix: [true, {ignoreValues: [box, inline-box]}]
--- a/8
+++ b/8
@ -16,8 +16,6 @@ web_src/.* @caesar @crystal @gusted

 # HTML templates used by the backend.
 templates/.* @caesar @crystal @gusted
-## the issue sidebar was touched by fnetx
-templates/repo/issue/view_content/sidebar.* @fnetx

 # Files related to Go development.

@ -32,9 +30,3 @@ models/.* @dachary @earl-warren @gusted
 # of how Forgejo comes together. It's tedious to write good integration testing
 # for code that lives in here.
 routers/.* @dachary @earl-warren @gusted
-
-# Let new strings be checked by the translation team.
-options/locale/locale_en-US.ini @0ko
-
-# Personal interest
-.*/webhook.* @oliverpool
--- a/12
+++ b/12
@ -1,13 +1,13 @@
 FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx

-FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.20 as build-env
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22-alpine3.19 as build-env

 ARG GOPROXY
-ENV GOPROXY=${GOPROXY:-direct}
+ENV GOPROXY ${GOPROXY:-direct}

 ARG RELEASE_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS="bindata timetzdata $TAGS"
+ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

 #
@ -51,7 +51,7 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \
              /go/src/code.gitea.io/gitea/environment-to-ini
 RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete

-FROM code.forgejo.org/oci/golang:1.22-alpine3.20
+FROM docker.io/library/alpine:3.19
 ARG RELEASE_VERSION
 LABEL maintainer="contact@forgejo.org" \
      org.opencontainers.image.authors="Forgejo" \
@ -92,8 +92,8 @@ RUN addgroup \
    git && \
  echo "git:*" | chpasswd -e

-ENV USER=git
-ENV GITEA_CUSTOM=/data/gitea
+ENV USER git
+ENV GITEA_CUSTOM /data/gitea

 VOLUME ["/data"]

--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,13 +1,13 @@
 FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx

-FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.20 as build-env
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22-alpine3.19 as build-env

 ARG GOPROXY
-ENV GOPROXY=${GOPROXY:-direct}
+ENV GOPROXY ${GOPROXY:-direct}

 ARG RELEASE_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS="bindata timetzdata $TAGS"
+ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

 #
@ -49,7 +49,7 @@ RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
              /go/src/code.gitea.io/gitea/environment-to-ini
 RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete

-FROM code.forgejo.org/oci/golang:1.22-alpine3.20
+FROM docker.io/library/alpine:3.19
 LABEL maintainer="contact@forgejo.org" \
      org.opencontainers.image.authors="Forgejo" \
      org.opencontainers.image.url="https://forgejo.org" \
@ -95,17 +95,14 @@ COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_au

 #git:git
 USER 1000:1000
-ENV GITEA_WORK_DIR=/var/lib/gitea
-ENV GITEA_CUSTOM=/var/lib/gitea/custom
-ENV GITEA_TEMP=/tmp/gitea
-ENV TMPDIR=/tmp/gitea
+ENV GITEA_WORK_DIR /var/lib/gitea
+ENV GITEA_CUSTOM /var/lib/gitea/custom
+ENV GITEA_TEMP /tmp/gitea
+ENV TMPDIR /tmp/gitea

-# Legacy config file for backwards compatibility
-# TODO: remove on next major version release
-ENV GITEA_APP_INI_LEGACY=/etc/gitea/app.ini
-
-ENV GITEA_APP_INI=${GITEA_CUSTOM}/conf/app.ini
-ENV HOME="/var/lib/gitea/git"
+#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
+ENV GITEA_APP_INI /etc/gitea/app.ini
+ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
 WORKDIR /var/lib/gitea

--- a/61
+++ b/61
@ -0,0 +1,61 @@
+Alexey Makhov <amakhov@avito.ru> (@makhov)
+Bo-Yi Wu <appleboy.tw@gmail.com> (@appleboy)
+Ethan Koenig <ethantkoenig@gmail.com> (@ethantkoenig)
+Kees de Vries <bouwko@gmail.com> (@Bwko)
+Kim Carlbäcker <kim.carlbacker@gmail.com> (@bkcsoft)
+LefsFlare <nobody@nobody.tld> (@LefsFlarey)
+Lunny Xiao <xiaolunwen@gmail.com> (@lunny)
+Rachid Zarouali <nobody@nobody.tld> (@xinity)
+Rémy Boulanouar <admin@dblk.org> (@DblK)
+Sandro Santilli <strk@kbt.io> (@strk)
+Thibault Meyer <meyer.thibault@gmail.com> (@0xbaadf00d)
+Thomas Boerger <thomas@webhippie.de> (@tboerger)
+Patrick G <geek1011@outlook.com> (@geek1011)
+Antoine Girard <sapk@sapk.fr> (@sapk)
+Lauris Bukšis-Haberkorns <lauris@nix.lv> (@lafriks)
+Jonas Östanbäck <jonas.ostanback@gmail.com> (@cez81)
+David Schneiderbauer <dschneiderbauer@gmail.com> (@daviian)
+Peter Žeby <morlinest@gmail.com> (@morlinest)
+Matti Ranta <techknowlogick@gitea.io> (@techknowlogick)
+Jonas Franz <info@jonasfranz.software> (@jonasfranz)
+Alexey Terentyev <axifnx@gmail.com> (@axifive)
+Lanre Adelowo <yo@lanre.wtf> (@adelowo)
+Konrad Langenberg <k@knt.li> (@kolaente)
+He-Long Zhang <outman99@hotmail.com> (@BetaCat0)
+Andrew Thornton <art27@cantab.net> (@zeripath)
+John Olheiser <john.olheiser@gmail.com> (@jolheiser)
+Richard Mahn <rich.mahn@unfoldingword.org> (@richmahn)
+Mrsdizzie <info@mrsdizzie.com> (@mrsdizzie)
+silverwind <me@silverwind.io> (@silverwind)
+Gary Kim <gary@garykim.dev> (@gary-kim)
+Guillermo Prandi <gitea.maint@mailfilter.com.ar> (@guillep2k)
+Mura Li <typeless@ctli.io> (@typeless)
+6543 <6543@obermui.de> (@6543)
+jaqra <jaqra@hotmail.com> (@jaqra)
+David Svantesson <davidsvantesson@gmail.com> (@davidsvantesson)
+a1012112796 <1012112796@qq.com> (@a1012112796)
+Karl Heinz Marbaise <kama@soebes.de> (@khmarbaise)
+Norwin Roosen <git@nroo.de> (@noerw)
+Kyle Dumont <kdumontnu@gmail.com> (@kdumontnu)
+Patrick Schratz <patrick.schratz@gmail.com> (@pat-s)
+Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
+Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
+Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
+Leon Hofmeister <dev.lh@web.de> (@delvh)
+Wim <wim@42.be> (@42wim)
+Jason Song <i@wolfogre.com> (@wolfogre)
+Yarden Shoham <git@yardenshoham.com> (@yardenshoham)
+Yu Tian <zettat123@gmail.com> (@Zettat123)
+Eddie Yang <576951401@qq.com> (@yp05327)
+Dong Ge <gedong_1994@163.com> (@sillyguodong)
+Xinyi Gong <hestergong@gmail.com> (@HesterG)
+wxiaoguang <wxiaoguang@gmail.com> (@wxiaoguang)
+Gary Moon <gary@garymoon.net> (@garymoon)
+Philip Peterson <philip.c.peterson@gmail.com> (@philip-peterson)
+Denys Konovalov <kontakt@denyskon.de> (@denyskon)
+Punit Inani <punitinani1@gmail.com> (@puni9869)
+CaiCandong  <1290147055@qq.com> (@caicandong)
+Rui Chen  <rui@chenrui.dev> (@chenrui333)
+Nanguan Lin <nanguanlin6@gmail.com> (@lng2020)
+kerwin612 <kerwin612@qq.com> (@kerwin612)
+Gary Wang <git@blumia.net> (@BLumia)
--- a/196
+++ b/196
@ -26,20 +26,18 @@ DIFF ?= diff --unified

 XGO_VERSION := go-1.21.x

-AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker@2.8.0 # renovate: datasource=go
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.6.0 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.59.1 # renovate: datasource=go
-GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11 # renovate: datasource=go
-MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.6.0 # renovate: datasource=go
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 # renovate: datasource=go
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.49.0
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker@2.8.0
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.6.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.56.1
+GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
+MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.4.1
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.6-0.20240201115257-bcc7c78b7786
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
-GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.22.0 # renovate: datasource=go
-GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.4.0 # renovate: datasource=go
-GOPLS_PACKAGE ?= golang.org/x/tools/gopls@v0.15.3 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@37.414.1 # renovate: datasource=docker packageName=ghcr.io/visualon/renovate
+GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0
+GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1.0.3
+ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.6.26
+DEADCODE_PACKAGE ?= golang.org/x/tools/internal/cmd/deadcode@v0.14.0

 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
@ -84,7 +82,7 @@ endif
 STORED_VERSION_FILE := VERSION
 HUGO_VERSION ?= 0.111.3

-GITEA_COMPATIBILITY ?= gitea-1.22.0
+GITEA_COMPATIBILITY ?= gitea-1.21.11

 STORED_VERSION=$(shell cat $(STORED_VERSION_FILE) 2>/dev/null)
 ifneq ($(STORED_VERSION),)
@ -125,15 +123,13 @@ LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64
 ifeq ($(HAS_GO), yes)
 	GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) $(shell $(GO) list code.gitea.io/gitea/models/forgejo_migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
 endif
-REMOTE_CACHER_MODULES ?= cache nosql session queue
-GO_TEST_REMOTE_CACHER_PACKAGES ?= $(addprefix code.gitea.io/gitea/modules/,$(REMOTE_CACHER_MODULES))

 FOMANTIC_WORK_DIR := web_src/fomantic

 WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f)
 WEBPACK_CONFIGS := webpack.config.js tailwind.config.js
 WEBPACK_DEST := public/assets/js/index.js public/assets/css/index.css
-WEBPACK_DEST_ENTRIES := public/assets/js public/assets/css public/assets/fonts
+WEBPACK_DEST_ENTRIES := public/assets/js public/assets/css public/assets/fonts public/assets/img/webpack

 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))
@ -158,9 +154,9 @@ TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMAN
 GO_DIRS := build cmd models modules routers services tests
 WEB_DIRS := web_src/js web_src/css

-ESLINT_FILES := web_src/js tools *.js tests/e2e
+ESLINT_FILES := web_src/js tools *.config.js tests/e2e
 STYLELINT_FILES := web_src/css web_src/js/components/*.vue
-SPELLCHECK_FILES := $(GO_DIRS) $(WEB_DIRS) docs/content templates options/locale/locale_en-US.ini .github $(wildcard *.go *.js *.md *.yml *.yaml *.toml)
+SPELLCHECK_FILES := $(GO_DIRS) $(WEB_DIRS) docs/content templates options/locale/locale_en-US.ini .github

 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/options/bindata.go ! -path modules/public/bindata.go ! -path modules/templates/bindata.go)
@ -199,6 +195,10 @@ TEST_PGSQL_DBNAME ?= testgitea
 TEST_PGSQL_USERNAME ?= postgres
 TEST_PGSQL_PASSWORD ?= postgres
 TEST_PGSQL_SCHEMA ?= gtestschema
+TEST_MSSQL_HOST ?= mssql:1433
+TEST_MSSQL_DBNAME ?= gitea
+TEST_MSSQL_USERNAME ?= sa
+TEST_MSSQL_PASSWORD ?= MwantsaSecurePassword1

 .PHONY: all
 all: build
@ -222,17 +222,14 @@ help:
 	@echo " - deps-py                          install python dependencies"
 	@echo " - lint                             lint everything"
 	@echo " - lint-fix                         lint everything and fix issues"
+	@echo " - lint-actions                     lint action workflow files"
 	@echo " - lint-frontend                    lint frontend files"
 	@echo " - lint-frontend-fix                lint frontend files and fix issues"
 	@echo " - lint-backend                     lint backend files"
 	@echo " - lint-backend-fix                 lint backend files and fix issues"
-	@echo " - lint-codespell                   lint typos"
-	@echo " - lint-codespell-fix               lint typos and fix them automatically"
-	@echo " - lint-codespell-fix-i             lint typos and fix them interactively"
 	@echo " - lint-go                          lint go files"
 	@echo " - lint-go-fix                      lint go files and fix issues"
 	@echo " - lint-go-vet                      lint go files with vet"
-	@echo " - lint-go-gopls                    lint go files with gopls"
 	@echo " - lint-js                          lint js files"
 	@echo " - lint-js-fix                      lint js files and fix issues"
 	@echo " - lint-css                         lint css files"
@ -240,7 +237,6 @@ help:
 	@echo " - lint-md                          lint markdown files"
 	@echo " - lint-swagger                     lint swagger files"
 	@echo " - lint-templates                   lint template files"
-	@echo " - lint-renovate                    lint renovate files"
 	@echo " - lint-yaml                        lint yaml files"
 	@echo " - lint-spell                       lint spelling"
 	@echo " - lint-spell-fix                   lint spelling and fix issues"
@ -251,10 +247,11 @@ help:
 	@echo " - show-version-full                show the same version as the API endpoint"
 	@echo " - show-version-major               show major release number only"
 	@echo " - test-frontend                    test frontend files"
-	@echo " - test-frontend-coverage           test frontend files and display code coverage"
 	@echo " - test-backend                     test backend files"
-	@echo " - test-remote-cacher               test backend files that use a remote cache"
-	@echo " - test-e2e-sqlite[\#name.test.e2e] test end to end using playwright and sqlite"
+	@echo " - test-e2e[\#TestSpecificName]     test end to end using playwright"
+	@echo " - update                           update js and py dependencies"
+	@echo " - update-js                        update js dependencies"
+	@echo " - update-py                        update py dependencies"
 	@echo " - webpack                          build webpack files"
 	@echo " - svg                              build svg files"
 	@echo " - fomantic                         build fomantic files"
@ -263,7 +260,6 @@ help:
 	@echo " - generate-license                 update license files"
 	@echo " - generate-gitignore               update gitignore files"
 	@echo " - generate-manpage                 generate manpage"
-	@echo " - generate-gomock                  generate gomock files"
 	@echo " - generate-forgejo-api             generate the forgejo API from spec"
 	@echo " - forgejo-api-validate             check if the forgejo API matches the specs"
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
@ -312,14 +308,14 @@ clean:
 		e2e*.test \
 		tests/integration/gitea-integration-* \
 		tests/integration/indexers-* \
-		tests/mysql.ini tests/pgsql.ini man/ \
+		tests/mysql.ini tests/pgsql.ini tests/mssql.ini man/ \
 		tests/e2e/gitea-e2e-*/ \
 		tests/e2e/indexers-*/ \
 		tests/e2e/reports/ tests/e2e/test-artifacts/ tests/e2e/test-snapshots/

 .PHONY: fmt
 fmt:
-	@GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
+	GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
 	$(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl'))
 	@# strip whitespace after '{{' or '(' and before '}}' or ')' unless there is only
 	@# whitespace before it
@ -401,23 +397,11 @@ lint-frontend: lint-js lint-css
 lint-frontend-fix: lint-js-fix lint-css-fix

 .PHONY: lint-backend
-lint-backend: lint-go lint-go-vet lint-editorconfig lint-renovate
+lint-backend: lint-go lint-go-vet lint-editorconfig

 .PHONY: lint-backend-fix
 lint-backend-fix: lint-go-fix lint-go-vet lint-editorconfig

-.PHONY: lint-codespell
-lint-codespell:
-	codespell
-
-.PHONY: lint-codespell-fix
-lint-codespell-fix:
-	codespell -w
-
-.PHONY: lint-codespell-fix-i
-lint-codespell-fix-i:
-	codespell -w -i 3 -C 2
-
 .PHONY: lint-js
 lint-js: node_modules
 	npx eslint --color --max-warnings=0 --ext js,vue $(ESLINT_FILES)
@ -438,37 +422,29 @@ lint-css-fix: node_modules
 lint-swagger: node_modules
 	npx spectral lint -q -F hint $(SWAGGER_SPEC)

-.PHONY: lint-renovate
-lint-renovate: node_modules
-	npx --yes --package $(RENOVATE_NPM_PACKAGE) -- renovate-config-validator --strict > .lint-renovate 2>&1 || true
-	@if grep --quiet --extended-regexp -e '^( WARN:|ERROR:)' .lint-renovate ; then cat .lint-renovate ; rm .lint-renovate ; exit 1 ; fi
-	@rm .lint-renovate
-
 .PHONY: lint-md
 lint-md: node_modules
 	npx markdownlint docs *.md

 .PHONY: lint-spell
-lint-spell: lint-codespell
+lint-spell:
 	@go run $(MISSPELL_PACKAGE) -error $(SPELLCHECK_FILES)

 .PHONY: lint-spell-fix
-lint-spell-fix: lint-codespell-fix
+lint-spell-fix:
 	@go run $(MISSPELL_PACKAGE) -w $(SPELLCHECK_FILES)

-RUN_DEADCODE = $(GO) run $(DEADCODE_PACKAGE) -generated=false -f='{{println .Path}}{{range .Funcs}}{{printf "\t%s\n" .Name}}{{end}}{{println}}' -test code.gitea.io/gitea
-
 .PHONY: lint-go
 lint-go:
 	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS)
-	$(RUN_DEADCODE) > .cur-deadcode-out
+	$(GO) run $(DEADCODE_PACKAGE) -generated=false -test code.gitea.io/gitea > .cur-deadcode-out
 	@$(DIFF) .deadcode-out .cur-deadcode-out \
 	|| (code=$$?; echo "Please run 'make lint-go-fix' and commit the result"; exit $${code})

 .PHONY: lint-go-fix
 lint-go-fix:
 	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS) --fix
-	$(RUN_DEADCODE) > .deadcode-out
+	$(GO) run $(DEADCODE_PACKAGE) -generated=false -test code.gitea.io/gitea > .deadcode-out

 # workaround step for the lint-go-windows CI task because 'go run' can not
 # have distinct GOOS/GOARCH for its build and run steps
@ -482,15 +458,14 @@ lint-go-vet:
 	@echo "Running go vet..."
 	@$(GO) vet ./...

-.PHONY: lint-go-gopls
-lint-go-gopls:
-	@echo "Running gopls check..."
-	@GO=$(GO) GOPLS_PACKAGE=$(GOPLS_PACKAGE) tools/lint-go-gopls.sh $(GO_SOURCES_NO_BINDATA)
-
 .PHONY: lint-editorconfig
 lint-editorconfig:
 	$(GO) run $(EDITORCONFIG_CHECKER_PACKAGE) templates .forgejo/workflows

+.PHONY: lint-actions
+lint-actions:
+	$(GO) run $(ACTIONLINT_PACKAGE)
+
 .PHONY: lint-templates
 lint-templates: .venv node_modules
 	@node tools/lint-templates-svg.js
@ -521,19 +496,10 @@ test-backend:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
 	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)

-.PHONY: test-remote-cacher
-test-remote-cacher:
-	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_REMOTE_CACHER_PACKAGES)
-
 .PHONY: test-frontend
 test-frontend: node_modules
 	npx vitest

-.PHONY: test-frontend-coverage
-test-frontend-coverage: node_modules
-	npx vitest --coverage --coverage.include 'web_src/**'
-
 .PHONY: test-check
 test-check:
 	@echo "Running test-check...";
@ -645,6 +611,27 @@ test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
 .PHONY: test-pgsql-migration
 test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test

+generate-ini-mssql:
+	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
+		-e 's|{{TEST_MSSQL_DBNAME}}|${TEST_MSSQL_DBNAME}|g' \
+		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
+		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
+		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
+		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
+			tests/mssql.ini.tmpl > tests/mssql.ini
+
+.PHONY: test-mssql
+test-mssql: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test
+
+.PHONY: test-mssql\#%
+test-mssql\#%: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
+
+.PHONY: test-mssql-migration
+test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test
+
 .PHONY: playwright
 playwright: deps-frontend
 	npx playwright install $(PLAYWRIGHT_FLAGS)
@ -665,10 +652,6 @@ test-e2e-sqlite: playwright e2e.sqlite.test generate-ini-sqlite
 test-e2e-sqlite\#%: playwright e2e.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test -test.run TestE2e/$*

-.PHONY: test-e2e-sqlite-firefox\#%
-test-e2e-sqlite-firefox\#%: playwright e2e.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini PLAYWRIGHT_PROJECT=firefox ./e2e.sqlite.test -test.run TestE2e/$*
-
 .PHONY: test-e2e-mysql
 test-e2e-mysql: playwright e2e.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test -test.run TestE2e
@ -685,6 +668,14 @@ test-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql
 test-e2e-pgsql\#%: playwright e2e.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test -test.run TestE2e/$*

+.PHONY: test-e2e-mssql
+test-e2e-mssql: playwright e2e.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test -test.run TestE2e
+
+.PHONY: test-e2e-mssql\#%
+test-e2e-mssql\#%: playwright e2e.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test -test.run TestE2e/$*
+
 .PHONY: test-e2e-debugserver
 test-e2e-debugserver: e2e.sqlite.test generate-ini-sqlite
 	sed -i s/3003/3000/g tests/sqlite.ini
@ -698,6 +689,10 @@ bench-sqlite: integrations.sqlite.test generate-ini-sqlite
 bench-mysql: integrations.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

+.PHONY: bench-mssql
+bench-mssql: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+
 .PHONY: bench-pgsql
 bench-pgsql: integrations.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
@ -716,6 +711,9 @@ integrations.mysql.test: git-check $(GO_SOURCES)
 integrations.pgsql.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test

+integrations.mssql.test: git-check $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mssql.test
+
 integrations.sqlite.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'

@ -735,6 +733,11 @@ migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test

+.PHONY: migrations.mssql.test
+migrations.mssql.test: $(GO_SOURCES) generate-ini-mssql
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mssql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test
+
 .PHONY: migrations.sqlite.test
 migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
@ -760,6 +763,17 @@ migrations.individual.pgsql.test: $(GO_SOURCES)
 migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*

+
+.PHONY: migrations.individual.mssql.test
+migrations.individual.mssql.test: $(GO_SOURCES) generate-ini-mssql
+	for pkg in $(MIGRATION_PACKAGES); do \
+		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' -test.failfast $$pkg || exit 1; \
+	done
+
+.PHONY: migrations.individual.mssql.test\#%
+migrations.individual.mssql.test\#%: $(GO_SOURCES) generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+
 .PHONY: migrations.individual.sqlite.test
 migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
 	for pkg in $(MIGRATION_PACKAGES); do \
@ -776,6 +790,9 @@ e2e.mysql.test: $(GO_SOURCES)
 e2e.pgsql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test

+e2e.mssql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mssql.test
+
 e2e.sqlite.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)'

@ -805,7 +822,7 @@ generate-backend: $(TAGS_PREREQ) generate-go
 .PHONY: generate-go
 generate-go: $(TAGS_PREREQ)
 	@echo "Running go generate..."
-	@CC= GOOS= GOARCH= CGO_ENABLED=0 $(GO) generate -tags '$(TAGS)' ./...
+	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' ./...

 .PHONY: merge-locales
 merge-locales:
@ -906,15 +923,31 @@ deps-tools:
 	$(GO) install $(XGO_PACKAGE)
 	$(GO) install $(GO_LICENSES_PACKAGE)
 	$(GO) install $(GOVULNCHECK_PACKAGE)
-	$(GO) install $(GOMOCK_PACKAGE)
-	$(GO) install $(GOPLS_PACKAGE)
+	$(GO) install $(ACTIONLINT_PACKAGE)

 node_modules: package-lock.json
 	npm install --no-save
 	@touch node_modules

 .venv: poetry.lock
-	poetry install
+	poetry install --no-root
+	@touch .venv
+
+.PHONY: update
+update: update-js update-py
+
+.PHONY: update-js
+update-js: node-check | node_modules
+	npx updates -u -f package.json
+	rm -rf node_modules package-lock.json
+	npm install --package-lock
+	@touch node_modules
+
+.PHONY: update-py
+update-py: node-check | node_modules
+	npx updates -u -f pyproject.toml
+	rm -rf .venv poetry.lock
+	poetry install --no-root
 	@touch .venv

 .PHONY: fomantic
@ -935,9 +968,8 @@ webpack: $(WEBPACK_DEST)

 $(WEBPACK_DEST): $(WEBPACK_SOURCES) $(WEBPACK_CONFIGS) package-lock.json
 	@$(MAKE) -s node-check node_modules
-	@rm -rf $(WEBPACK_DEST_ENTRIES)
-	@echo "Running webpack..."
-	@BROWSERSLIST_IGNORE_OLD_DATA=true npx webpack
+	rm -rf $(WEBPACK_DEST_ENTRIES)
+	npx webpack
 	@touch $(WEBPACK_DEST)

 .PHONY: svg
@ -975,10 +1007,6 @@ generate-license:
 generate-gitignore:
 	$(GO) run build/generate-gitignores.go

-.PHONY: generate-gomock
-generate-gomock:
-	$(GO) run $(GOMOCK_PACKAGE) -package mock -destination ./modules/queue/mock/redisuniversalclient.go  github.com/redis/go-redis/v9 UniversalClient
-
 .PHONY: generate-images
 generate-images: | node_modules
 	npm install --no-save fabric@6.0.0-beta20 imagemin-zopfli@7
--- a/README.md
+++ b/README.md
@ -1,4 +1,3 @@
-
 <div align="center">
    <img src="./assets/logo.svg" alt="" width="192" align="center" />
    <h1 align="center">Welcome to Forgejo</h1>
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@ -1,45 +1,9 @@
 # Release Notes

-A minor or major Forgejo release is published every [three months](https://forgejo.org/docs/latest/developer/release/#release-cycle), with more patch releases in between depending on the severity of the bug and security fixes it contains.
+A minor or major Forgejo release is published every [three months](https://forgejo.org/docs/latest/user/versions/), with more patch releases in between depending on the severity of the bug and security fixes it contains.

 A [patch or minor release](https://semver.org/spec/v2.0.0.html) (e.g. upgrading from v7.0.0 to v7.0.1 or v7.1.0) does not require manual intervention. But [major releases](https://semver.org/spec/v2.0.0.html#spec-item-8) where the first version number changes (e.g. upgrading from v1.21 to v7.0) contain breaking changes and the release notes explain how to deal with them.

-## Upcoming releases (not available yet)
-
- [8.0.0](release-notes/8.0.0/)
-
-## 7.0.4
-
-This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/).
-
-In addition to the following notable bug fixes, you can browse the [full list of commits](https://codeberg.org/forgejo/forgejo/compare/v7.0.3...v7.0.4) included in this release.
-
-* **Security:**
-  * [PR](https://codeberg.org/forgejo/forgejo/pulls/4054). Fixed: [CVE-2024-24789](https://pkg.go.dev/vuln/GO-2024-2888): the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file.
-  * [PR](https://codeberg.org/forgejo/forgejo/pulls/3639) - ([fix](https://codeberg.org/forgejo/forgejo/commit/1b088fade6c69e63843d1bdf402454c363b22ce2) & [test](https://codeberg.org/forgejo/forgejo/pulls/4032)). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of [RFC 6749 Section 10.2](https://datatracker.ietf.org/doc/html/rfc6749#section-10.2). A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential.
-
-* **Bug fixes:**
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4086) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4085). Fixed: `forgejo migrate-storage --type actions-artifacts` always fails because it picks the wrong path.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4017) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4015). Fixed: avatar files can be found in storage while they do not exist in the database.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3997) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3976). Fixed: repository admins are always denied the right to force merge and instance admins are subject to restrictions to merge that must only apply to repository admins.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3946) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3615). Fixed: non conformance with the [Nix tarball fetcher immutable link protocol](https://github.com/nixos/nix/blob/56763ff918eb308db23080e560ed2ea3e00c80a7/doc/manual/src/protocols/tarball-fetcher.md).
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3936) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3935). Fixed: migrated activities (such as reviews) are mapped to the user who initiated the migration rather than the Ghost user, if the external user cannot be mapped to a local one. This mapping mismatch leads to internal server errors in some cases.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3906) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3904). Fixed: a v7.0.0 regression causes `[admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true` to always be ignored.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3888) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3865). Fixed: using a subquery for user deletion is a performance bottleneck when using mariadb 10 because only mariadb 11 takes advantage of the available index.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3887) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3885). Fixed: a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3881) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3864). Fixed: SourceHut Builds webhook fail when the `triggers` field is used.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3877) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3242). Fixed: the label list rendering in the issue and pull request timeline is displayed on multiple lines instead of a single one.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4084) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4083) - [commit](https://codeberg.org/forgejo/forgejo/commit/c6e04c3c9eddfa6c4bec541f681c8d300b157cdb). Fixed: NuGet Package fails `choco info pkgname` when `pkgname` is also a substring of another package Id.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4004) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3989) - [commit](https://codeberg.org/forgejo/forgejo/commit/62448bfb931882859388b2fd472cb89428c25323). Fixed: "Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/7d7ea45465d6cd1ea0ec549a71f67b4a8ff930cf). Fixed: automerge does not happen when the approval count reaches the required threshold.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/a649610d6175d1994b838f5672261400df9fdb92). Fixed: the `FORCE_PRIVATE=true` setting is not consistently enforced.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3859) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3838) - [commit](https://codeberg.org/forgejo/forgejo/commit/193ac67176afc72e9d108bc1730c354bfbf9a442). Fixed: CSRF validation errors when OAuth is not enabled.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4107) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4076). Fixed: headlines in rendered org-mode do not have a margin on the top
-
-* **Localization:**
-  * Improvements to English locale: [[1]](https://codeberg.org/forgejo/forgejo/pulls/3914), [[2]](https://codeberg.org/forgejo/forgejo/pulls/4114).
-  * Translation updates: [[1]](https://codeberg.org/forgejo/forgejo/pulls/3907), [[2]](https://codeberg.org/forgejo/forgejo/pulls/3990), [[3]](https://codeberg.org/forgejo/forgejo/pulls/4099).
-
 ## 7.0.3

 This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/).
@ -576,28 +540,6 @@ $ git -C forgejo log --oneline --no-merges origin/v1.21/forgejo..origin/v7.0/for
  * [Align ISSUE_TEMPLATE with the new label system](https://codeberg.org/forgejo/forgejo/commit/248b7ee850ecdb538b22ddcfbe80b6f91be32b70).
  * [Improve the list header in milestone page](https://codeberg.org/forgejo/forgejo/commit/8abc1aae4ab5b03be0bcbdd390bb903b54ccd21a).

-## 1.21.11-2
-
-[The complete list of new commits included in the Forgejo v1.21.11-2 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.11-1...v1.21.11-2), or from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo
-$ git -C forgejo log --oneline --no-merges v1.21.11-1..v1.21.11-2
-```
-
-This stable release contains a **security fix**.
-
-* Recommended Action
-
-  We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/)
-
-  The semantic version was updated to `6.0.13+0-gitea-1.21.10`
-
-* Security fix
-  * [PR](https://codeberg.org/forgejo/forgejo/pulls/4047). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of [RFC 6749 Section 10.2](https://datatracker.ietf.org/doc/html/rfc6749#section-10.2). A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential.
-
 ## 1.21.11-1

 This stable release contains a single bug fix for a regression introduced in v1.21.11-0 by which creating a tag via the API would fail with error 500 on a repository a where Forgejo Actions workflow triggered by tags exists.
@ -616,7 +558,7 @@ This stable release contains a single bug fix for a regression introduced in v1.

 ## 1.21.11-0

-[The complete list of new commits included in the Forgejo v1.21.11-0 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.10-0...v1.21.11-0), or from the command line with:
+[The complete list of new commits included in the Forgejo v1.21.11-0 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.10-0...v1.21.11-0), or from the comand line with:

 ```shell
 $ git clone https://codeberg.org/forgejo/forgejo
@ -684,7 +626,7 @@ Note that there is no `Forgejo v1.21.9-0` release. The release numbering of the
  * [Fix paths when finding files via the web interface that were not escaped](https://codeberg.org/forgejo/forgejo/commit/b22be0c03fa4814c1b8b892346de5d4547782ce7).
  * [Respect `DEFAULT_ORG_MEMBER_VISIBLE` setting when adding creator to org](https://codeberg.org/forgejo/forgejo/commit/5e5574c7b328e2c500d497517047b8d1fd0ca478).
  * [Fix duplicate migrated milestones](https://codeberg.org/forgejo/forgejo/commit/706ff7aa9fcfe4c43893dc12e27d064064e80635).
-  * [Fix inline math blocks can't be preceded/followed by alphanumerical characters](https://codeberg.org/forgejo/forgejo/commit/0d3f446460b22a29c259e7d42ed89f90fd216ca7).
+  * [Fix inline math blocks can't be preceeded/followed by alphanumerical characters](https://codeberg.org/forgejo/forgejo/commit/0d3f446460b22a29c259e7d42ed89f90fd216ca7).

 ## 1.21.8-0

@ -791,7 +733,7 @@ This stable release contains bug fixes and a **security fix**, as explained in t
  * [Fix push to create with capitalize repo name](https://codeberg.org/forgejo/forgejo/commit/8782275c9c66ad6fc7c44503d7df9dae7196aa65).
  * In Markdown [don't try to make the link absolute if the link has a schema that's defined in `[markdown].CUSTOM_URL_SCHEMES`](https://codeberg.org/forgejo/forgejo/commit/6c100083c29fb0ccf0cc52e8767e540a260d9468), because they can't be made absolute.
  * [Fix Ctrl+Enter on submitting review comment](https://codeberg.org/forgejo/forgejo/commit/1c3a31d85112d10fb948d6f0b763191ed6f68e90).
-  * In Git version v2.43.1, the behavior of `GIT_FLUSH` was accidentally flipped. This causes Forgejo to hang on the `check-attr` command, because no output was being flushed. [Workaround this by detecting if Git v2.43.1 is used and set `GIT_FLUSH=0` thus getting the correct behavior](https://codeberg.org/forgejo/forgejo/commit/ff468ab5e426582b068586ce13d5a5348365e783).
+  * In Git version v2.43.1, the behavior of `GIT_FLUSH` was accidentially flipped. This causes Forgejo to hang on the `check-attr` command, because no output was being flushed. [Workaround this by detecting if Git v2.43.1 is used and set `GIT_FLUSH=0` thus getting the correct behavior](https://codeberg.org/forgejo/forgejo/commit/ff468ab5e426582b068586ce13d5a5348365e783).
  * [When setting `url.host` on a URL object with no port specified (like is the case of default port), the resulting URL's port will not change. Workaround this quirk in the URL standard by explicitly setting port for the http and https protocols](https://codeberg.org/forgejo/forgejo/commit/628e1036cfbcfae442cb6494249fe11410447056).
  * [Fix elasticsearch Request Entity Too Large](https://codeberg.org/forgejo/forgejo/commit/e6f59f6e1489d63d53de0da1de406a7a71a82adb).
  * [Do not send update/delete release notifications when it is in a draft state](https://codeberg.org/forgejo/forgejo/commit/3c54a1dbf62e56d948feb1008512900140033737).
@ -881,7 +823,7 @@ This stable release includes security and bug fixes as well as documentation imp
  * [Gracefully handle missing branches](https://codeberg.org/forgejo/forgejo/commit/c2fa9c308f5cdb08dd84fb8ec6623a57e75d5152) when a branch is missing from Git but still lingering in the database.
  * [Fix panic in `canSoftDeleteContentHistory`](https://codeberg.org/forgejo/forgejo/commit/ab1ccc55dca7fd05e59a01343e6dfe53be6195d0)
  * [Check for Commit in opengraph](https://codeberg.org/forgejo/forgejo/commit/b473a44a2bb59591f3e24bfcdeed1d8fbb0f9204)
-  * [Handle non-existent commit in Archive request](https://codeberg.org/forgejo/forgejo/commit/0fbf761d1930f9336be6da8d17ae6032203a9381)
+  * [Handle non-existant commit in Archive request](https://codeberg.org/forgejo/forgejo/commit/0fbf761d1930f9336be6da8d17ae6032203a9381)
  * [Fix NPE in `ToPullReviewList`](https://codeberg.org/forgejo/forgejo/commit/f5349b66b78968301d7dc4c45e8e08b46910aa6e)
  * [Fix URL in the mail to include the host](https://codeberg.org/forgejo/forgejo/commit/ac889d42903b2ce2129a02ace620a10a6f940920)
  * [Fix the event of a scheduled action](https://codeberg.org/forgejo/forgejo/commit/892a8e1f4a5cc09cc3136e0b0e6487c154c5ed2b) to be "schedule" instead of a semi-random event from the default branch.
@ -992,7 +934,7 @@ $ git clone https://codeberg.org/forgejo/forgejo/
 $ git -C forgejo log --oneline --no-merges v1.21.1-0..v1.21.2-0
 ```

-This stable release includes bug fixes. It was built with Go v1.21.5 that fixes [CVE-2023-39326](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) which a malicious HTTP client can exploit to cause a server to automatically read a large amount of data. It allows for memory exhaustion in the situation that HTTP chunked encoding requests can reach Forgejo.
+This stable release includes bug fixes. It was built with Go v1.21.5 that fixes [CVE-2023-39326](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) which a malicious HTTP client can exploit to cause a server to automatically read a large amount of data. It allows for memory exhaustion in the situation that HTTP chuncked encoding requests can reach Forgejo.

 * Recommended Action

@ -1057,7 +999,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.20/forgejo..origin/v1.21/fo
  - [Add](https://codeberg.org/forgejo/forgejo/commit/0d55f64e6cd3de2e1e5c0ee795605823efb14231) support for [recurring actions similar to cron jobs](https://forgejo.org/docs/v1.21/user/actions/#onschedule).
  - [Add](https://codeberg.org/forgejo/forgejo/commit/19872063a3c14256a1d89b2a104d63e7538a3a28) the possibility to [disable workflows from the user interface](https://forgejo.org/docs/v1.21/user/actions/#list-of-runners-and-their-tasks).
  - [Add](https://codeberg.org/forgejo/forgejo/commit/460a2b0edffe71d9e64633beaa1071fcf4a33369) automatic [cleanup of artificats](https://forgejo.org/docs/v1.21/user/actions/#artifacts).
-  - [Add](https://codeberg.org/forgejo/forgejo/commit/44781f9f5c4ede618660d8cfe42437f0e8dc22a0) automatic cancellation [of jobs when pushing new commits](https://forgejo.org/docs/v1.21/user/actions/#auto-cancellation-of-workflows) to a PR.
+  - [Add](https://codeberg.org/forgejo/forgejo/commit/44781f9f5c4ede618660d8cfe42437f0e8dc22a0) automatic cancelation [of jobs when pushing new commits](https://forgejo.org/docs/v1.21/user/actions/#auto-cancelation-of-workflows) to a PR.
  - [Add](https://codeberg.org/forgejo/forgejo/commit/f3d293d2bbe0b2eab047bdd403046069cffbc0c4) support for [uploading multiple artificats](https://forgejo.org/docs/v1.21/user/actions/#artifacts).
  - [Add](https://codeberg.org/forgejo/forgejo/commit/48e5a74f215d78813a816c57fc5a85a909a003d5) support for the [`pull_request_target` event](https://forgejo.org/docs/v1.21/user/actions/#onpull_request_target) which has access to secrets because it runs using the workflows from the base branch instead of the pull request.
  - [Add](https://codeberg.org/forgejo/forgejo/commit/8228751c55d6a4263f0fec2932ca16181c09c97d) support for reading labels from the runner [instead of specifying them during registration](https://forgejo.org/docs/v1.21/admin/actions/#registration).
@ -1372,7 +1314,7 @@ this situation, [follow the instructions in the companion blog post](https://for
  * [The CLI exit code now is different from zero when an error occurs](https://codeberg.org/forgejo/forgejo/commit/089af9ab1)
  * [Fix error when a Debian package has a double newline character at the end of the control block](https://codeberg.org/forgejo/forgejo/commit/dd7180846)
  * [Fix a condition that would cause git related tasks to hang for longer than necessary in the queues and use too many resources as a result](https://codeberg.org/forgejo/forgejo/commit/36f8fbe1b)
-  * [Fix the topic validation rule and support dots](https://codeberg.org/forgejo/forgejo/commit/a578b75d7)
+  * [Fix the topic validation rule and suport dots](https://codeberg.org/forgejo/forgejo/commit/a578b75d7)
  * [Fix pull request check list when there are more than 30](https://codeberg.org/forgejo/forgejo/commit/e226b9646)
  * [Fix attachment clipboard copy on insecure origin](https://codeberg.org/forgejo/forgejo/commit/12ac84c26)
  * [Fix the profile README rendering](https://codeberg.org/forgejo/forgejo/commit/84c3b60a4) that [was inconsistent with other markdown files renderings](https://codeberg.org/forgejo/forgejo/issues/833)
@ -1401,7 +1343,7 @@ This stable release includes bug fixes and displays [warnings in the administrat

  The most prominent ones are described here, others can be found in the list of commits included in the release as described above.

-  * [Add missing assets to the Forgejo sources tarball](https://codeberg.org/forgejo/forgejo/commit/e14d239005)
+  * [Add missing assets to the Forgejo sources tarbal](https://codeberg.org/forgejo/forgejo/commit/e14d239005)
  * [Fix user type selection error when creating a user](https://codeberg.org/forgejo/forgejo/commit/268569b462) and selecting `public` or `private`.
  * [Fix access check for org-level project](https://codeberg.org/forgejo/forgejo/commit/5afb0294f4)
  * [Warn instead of reporting an error when a webhook cannot be found](https://codeberg.org/forgejo/forgejo/commit/4c3dcdf815)
@ -1456,7 +1398,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/fo
  - The storage settings were [refactored](https://codeberg.org/forgejo/forgejo/commit/d6dd6d641b593c54fe1a1041c153111ce81dbc20). Read more about [storage settings](https://forgejo.org/docs/v1.20/admin/storage/).
  - [The [repository.editor] PREVIEWABLE_FILE_MODES setting was removed](https://codeberg.org/forgejo/forgejo/commit/84daddc2fa74393cdc13371b0cc44f0444cfdae0). This setting served no practical purpose and was not working correctly. Instead a preview tab is always shown in the file editor when supported.
  - In addition to the already deprecated options inside [queue], many options have been dropped as well. Those are WRAP_IF_NECESSARY, MAX_ATTEMPTS, TIMEOUT, WORKERS, BLOCK_TIMEOUT, BOOST_TIMEOUT, BOOST_WORKERS. You can remove them from your app.ini now. Additionally, some default values have changed in this section.
-  - The default CSS and templates included in Forgejo were heavily refactored and a large number of variables renamed. These changes are not documented and there is a very high chance that a template extracted and modified for a particular Forgejo instance will no longer work as it did. Browsing through the git history of the template in the sources is the best way to figure out how and why it was modified.
+  - The default CSS and templates included in Forgejo were heavily refactored and a large number of variables renamed. These changes are not documented and there is a very high chance that a tempate extracted and modified for a particular Forgejo instance will no longer work as it did. Browsing through the git history of the template in the sources is the best way to figure out how and why it was modified.
 - **Moderation:**
  Blocking another user is desirable if they are acting maliciously or are spamming your repository. When you block a user, Forgejo does not explicitly notify them, but they may learn through an interaction with you that is blocked. [Read more about blocking users](https://forgejo.org/docs/v1.20/user/blocking-user/).
 - **Package:**
@ -1464,7 +1406,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/fo
 - **Accessibility:**
  numerous improvements for [issue comments](https://codeberg.org/forgejo/forgejo/commit/6c354546547cd3a9595a7db119a6480d9cd506a7), [the menu on the navbar](https://codeberg.org/forgejo/forgejo/commit/a78e0b7dade16bc6509b943fe86e74962f1b95b6), [scoped labels](https://codeberg.org/forgejo/forgejo/commit/e8935606f5f1fff3c59222ebca6d4615ab06fb0b), [checkboxes and dropdowns](https://codeberg.org/forgejo/forgejo/commit/d4f35bd681af0632da988e15306f330e020422b2), [RTL rendering support to Markdown](https://codeberg.org/forgejo/forgejo/commit/32d9c47ec7706d8f06e09b42e09a28d7a0e3c526), [file (re-)views](https://codeberg.org/forgejo/forgejo/commit/e95b42e187cde9ac4bd541cd714bdb4f5c1fd8bc), [interactive tooltips](https://codeberg.org/forgejo/forgejo/commit/87f0f7e670c6c0e6aeab8c4458bfdb9d954eacec), [using a button element](https://codeberg.org/forgejo/forgejo/commit/81fe5d61851c0e586af7d32c29171ceff9a571bb), [repository list](https://codeberg.org/forgejo/forgejo/commit/e82f1b15c7120ad13fd3b67cf7e2c6cb9915c22d) and more.
 - **Time:**
-  The display and localization of time was improved for [tooltips](https://codeberg.org/forgejo/forgejo/commit/b7b58348317cbe0145dc453d45c886b8e2764b4c), [milestones](https://codeberg.org/forgejo/forgejo/commit/97176754beb4de23fa0f68df715c4737919c93b0), [due date and translations that contain dates](https://codeberg.org/forgejo/forgejo/commit/70bb4984cdad9a15d676708bd345b590aa42d72a), [commit graphs](https://codeberg.org/forgejo/forgejo/commit/5bc9f7fcf9aece92c3fa2a0ea56e5585261a7f28), [runners](https://codeberg.org/forgejo/forgejo/commit/62ca5825f73ad5a25ffeb6c3ef66f0eaf5d30cdf), [webhooks](https://codeberg.org/forgejo/forgejo/commit/dbb37367854d108ebfffcac27837c0afac199a8e), [tests](https://codeberg.org/forgejo/forgejo/commit/3d266dd0f3dbae7e417c0e790e266aebc0078814) and more. Previously each rendered timestamp would be static, now the real time since an event happened is show. If a comment was added 2 minutes before the page rendered it would show as "2 minutes ago" on the initial render and if another 8 minutes have passed, without a page refresh you'd see "10 minutes ago".
+  The display and localization of time was improved for [tooltips](https://codeberg.org/forgejo/forgejo/commit/b7b58348317cbe0145dc453d45c886b8e2764b4c), [milestones](https://codeberg.org/forgejo/forgejo/commit/97176754beb4de23fa0f68df715c4737919c93b0), [due date and translations that contain dates](https://codeberg.org/forgejo/forgejo/commit/70bb4984cdad9a15d676708bd345b590aa42d72a), [commit graphs](https://codeberg.org/forgejo/forgejo/commit/5bc9f7fcf9aece92c3fa2a0ea56e5585261a7f28), [runners](https://codeberg.org/forgejo/forgejo/commit/62ca5825f73ad5a25ffeb6c3ef66f0eaf5d30cdf), [webhooks](https://codeberg.org/forgejo/forgejo/commit/dbb37367854d108ebfffcac27837c0afac199a8e), [tests](https://codeberg.org/forgejo/forgejo/commit/3d266dd0f3dbae7e417c0e790e266aebc0078814) and more. Previously each rendered timestamp would be static, now the real time since an event happend is show. If a comment was added 2 minutes before the page rendered it would show as "2 minutes ago" on the initial render and if another 8 minutes have passed, without a page refresh you'd see "10 minutes ago".
 - **[Wiki](https://forgejo.org/docs/v1.20/user/wiki/)**
  - Improve the [display of the table of content](https://codeberg.org/forgejo/forgejo/commit/1ab16e48cccc086e7f97fb3ae8a293fe47a3a452)
  - Fixed a bug [preventing team users who have wiki write permission from deleting a page](https://codeberg.org/forgejo/forgejo/commit/284b41f45244bbe46fc8feee15bbfdf66d150e79)
@ -1805,7 +1747,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/fo

    Forgejo access token, used with the [API](https://forgejo.org/docs/v1.19/admin/api-usage/) can now have a "scope" that limits what it can access. Existing tokens stored in the database and created before Forgejo v1.19 had unlimited access. For backward compatibility, their access will remain the same and they will continue to work as before. However, **newly created token that do not specify a scope will now only have read-only access to public user profile and public repositories**.

-    For instance, the `/users/{username}/tokens` API endpoint will require the `scopes: ['all', 'sudo']` parameter and the `forgejo admin user generate-access-token` will require the `--scopes all,sudo` argument obtain tokens with unlimited access as before for admin users.
+    For instance, the `/users/{username}/tokens` API endpoint will require the `scopes: ['all', 'sudo']` parameter and the `forgejo admin user generate-access-token` will require the `--scopes all,sudo` argument obtain tokens with ulimited access as before for admin users.

    [Read more about the scoped tokens](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens).

@ -1922,7 +1864,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/fo

    It appears for the first time in this Forgejo release but is not yet fit for production. It is not fully implemented and may be insecure. However, as long as it is not enabled, it presents no risk to existing Forgejo instances.

-    If a repository has a file such as `.forgejo/workflows/test.yml`, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continuous Deployment). The syntax is similar to GitHub Actions and the jobs can be controlled from the Forgejo web interface.
+    If a repository has a file such as `.forgejo/workflows/test.yml`, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continous Deployment). The syntax is similar to GitHub Actions and the jobs can be controled from the Forgejo web interface.

    [Read more about Forgejo Actions](https://forgejo.codeberg.page/2023-02-27-forgejo-actions/)

--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build/backport-locales.go
+++ b/build/backport-locales.go
@ -18,8 +18,8 @@ import (

 func main() {
 	if len(os.Args) != 2 {
-		fmt.Println("usage: backport-locales <to-ref>")
-		fmt.Println("eg: backport-locales release/v1.19")
+		println("usage: backport-locales <to-ref>")
+		println("eg: backport-locales release/v1.19")
 		os.Exit(1)
 	}

--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@ -69,7 +69,6 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))

 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`\.pb\.go$`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/gitea-repositories-meta`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/integration/migration-test`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
@ -204,6 +203,17 @@ Example:
 `, "file-batch-exec")
 }

+func getGoVersion() string {
+	goModFile, err := os.ReadFile("go.mod")
+	if err != nil {
+		log.Fatalf(`Faild to read "go.mod": %v`, err)
+		os.Exit(1)
+	}
+	goModVersionRegex := regexp.MustCompile(`go \d+\.\d+`)
+	goModVersionLine := goModVersionRegex.Find(goModFile)
+	return string(goModVersionLine[3:])
+}
+
 func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
 	fileFilter := mainOptions["file-filter"]
 	if fileFilter == "" {
@ -268,8 +278,7 @@ func main() {
 				log.Print("the -d option is not supported by gitea-fmt")
 			}
 			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-w")))
-			cmdErrors = append(cmdErrors, passThroughCmd("gofmt", append([]string{"-w", "-r", "interface{} -> any"}, substArgs...)))
-			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra"}, substArgs...)))
+			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", getGoVersion()}, substArgs...)))
 		default:
 			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
 		}
--- a/cmd/admin_auth.go
+++ b/cmd/admin_auth.go
@ -4,7 +4,6 @@
 package cmd

 import (
-	"errors"
 	"fmt"
 	"os"
 	"text/tabwriter"
@ -92,7 +91,7 @@ func runListAuth(c *cli.Context) error {

 func runDeleteAuth(c *cli.Context) error {
 	if !c.IsSet("id") {
-		return errors.New("--id flag is missing")
+		return fmt.Errorf("--id flag is missing")
 	}

 	ctx, cancel := installSignals()
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@ -4,7 +4,6 @@
 package cmd

 import (
-	"errors"
 	"fmt"
 	"net/url"

@ -194,7 +193,7 @@ func runAddOauth(c *cli.Context) error {

 func runUpdateOauth(c *cli.Context) error {
 	if !c.IsSet("id") {
-		return errors.New("--id flag is missing")
+		return fmt.Errorf("--id flag is missing")
 	}

 	ctx, cancel := installSignals()
--- a/cmd/admin_auth_stmp.go
+++ b/cmd/admin_auth_stmp.go
@ -5,6 +5,7 @@ package cmd

 import (
 	"errors"
+	"fmt"
 	"strings"

 	auth_model "code.gitea.io/gitea/models/auth"
@ -165,7 +166,7 @@ func runAddSMTP(c *cli.Context) error {

 func runUpdateSMTP(c *cli.Context) error {
 	if !c.IsSet("id") {
-		return errors.New("--id flag is missing")
+		return fmt.Errorf("--id flag is missing")
 	}

 	ctx, cancel := installSignals()
--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@ -4,7 +4,6 @@
 package cmd

 import (
-	"errors"
 	"fmt"
 	"strings"

@ -43,7 +42,7 @@ var microcmdUserDelete = &cli.Command{

 func runDeleteUser(c *cli.Context) error {
 	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
-		return errors.New("You must provide the id, username or email of a user to delete")
+		return fmt.Errorf("You must provide the id, username or email of a user to delete")
 	}

 	ctx, cancel := installSignals()
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@ -4,7 +4,6 @@
 package cmd

 import (
-	"errors"
 	"fmt"

 	auth_model "code.gitea.io/gitea/models/auth"
@ -43,7 +42,7 @@ var microcmdUserGenerateAccessToken = &cli.Command{

 func runGenerateAccessToken(c *cli.Context) error {
 	if !c.IsSet("username") {
-		return errors.New("You must provide a username to generate a token for")
+		return fmt.Errorf("You must provide a username to generate a token for")
 	}

 	ctx, cancel := installSignals()
@ -69,7 +68,7 @@ func runGenerateAccessToken(c *cli.Context) error {
 		return err
 	}
 	if exist {
-		return errors.New("access token name has been used already")
+		return fmt.Errorf("access token name has been used already")
 	}

 	// make sure the scopes are valid
--- a/cmd/doctor_convert.go
+++ b/cmd/doctor_convert.go
@ -17,7 +17,7 @@ import (
 var cmdDoctorConvert = &cli.Command{
 	Name:        "convert",
 	Usage:       "Convert the database",
-	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
+	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4 or MSSQL database from varchar to nvarchar",
 	Action:      runDoctorConvert,
 }

@ -35,14 +35,21 @@ func runDoctorConvert(ctx *cli.Context) error {
 	log.Info("Log path: %s", setting.Log.RootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

-	if setting.Database.Type.IsMySQL() {
+	switch {
+	case setting.Database.Type.IsMySQL():
 		if err := db.ConvertDatabaseTable(); err != nil {
 			log.Fatal("Failed to convert database & table: %v", err)
 			return err
 		}
 		fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
-	} else {
-		fmt.Println("This command can only be used with a MySQL database")
+	case setting.Database.Type.IsMSSQL():
+		if err := db.ConvertVarcharToNVarchar(); err != nil {
+			log.Fatal("Failed to convert database from varchar to nvarchar: %v", err)
+			return err
+		}
+		fmt.Println("Converted successfully, please confirm your database's all columns character is NVARCHAR now")
+	default:
+		fmt.Println("This command can only be used with a MySQL or MSSQL database")
 	}

 	return nil
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -128,7 +128,7 @@ It can be used for backup and capture Forgejo server image to send to maintainer
 		&cli.StringFlag{
 			Name:    "database",
 			Aliases: []string{"d"},
-			Usage:   "Specify the database SQL syntax: sqlite3, mysql, postgres",
+			Usage:   "Specify the database SQL syntax: sqlite3, mysql, mssql, postgres",
 		},
 		&cli.BoolFlag{
 			Name:    "skip-repository",
--- a/cmd/dump_test.go
+++ b/cmd/dump_test.go
@ -50,7 +50,7 @@ func TestAddRecursiveExclude(t *testing.T) {
 			err = addRecursiveExclude(archiver, "", dir, nil, false)
 			assert.NoError(t, err)
 			assert.Len(t, archiver.addedFiles, 1)
-			assert.Contains(t, archiver.addedFiles, "example")
+			assert.EqualValues(t, "example", archiver.addedFiles[0])
 		})

 		t.Run("With exclude", func(t *testing.T) {
@ -77,11 +77,11 @@ func TestAddRecursiveExclude(t *testing.T) {
 			err = addRecursiveExclude(archiver, "", dir, nil, false)
 			assert.NoError(t, err)
 			assert.Len(t, archiver.addedFiles, 5)
-			assert.Contains(t, archiver.addedFiles, "deep")
-			assert.Contains(t, archiver.addedFiles, "deep/nested")
-			assert.Contains(t, archiver.addedFiles, "deep/nested/folder")
-			assert.Contains(t, archiver.addedFiles, "deep/nested/folder/example")
-			assert.Contains(t, archiver.addedFiles, "deep/nested/folder/another-file")
+			assert.EqualValues(t, "deep", archiver.addedFiles[0])
+			assert.EqualValues(t, "deep/nested", archiver.addedFiles[1])
+			assert.EqualValues(t, "deep/nested/folder", archiver.addedFiles[2])
+			assert.EqualValues(t, "deep/nested/folder/example", archiver.addedFiles[3])
+			assert.EqualValues(t, "deep/nested/folder/another-file", archiver.addedFiles[4])
 		})

 		t.Run("Exclude first directory", func(t *testing.T) {
@ -98,8 +98,8 @@ func TestAddRecursiveExclude(t *testing.T) {
 			err = addRecursiveExclude(archiver, "", dir, []string{dir + "/deep/nested/folder"}, false)
 			assert.NoError(t, err)
 			assert.Len(t, archiver.addedFiles, 2)
-			assert.Contains(t, archiver.addedFiles, "deep")
-			assert.Contains(t, archiver.addedFiles, "deep/nested")
+			assert.EqualValues(t, "deep", archiver.addedFiles[0])
+			assert.EqualValues(t, "deep/nested", archiver.addedFiles[1])
 		})

 		t.Run("Exclude file", func(t *testing.T) {
@ -108,10 +108,10 @@ func TestAddRecursiveExclude(t *testing.T) {
 			err = addRecursiveExclude(archiver, "", dir, []string{dir + "/deep/nested/folder/example"}, false)
 			assert.NoError(t, err)
 			assert.Len(t, archiver.addedFiles, 4)
-			assert.Contains(t, archiver.addedFiles, "deep")
-			assert.Contains(t, archiver.addedFiles, "deep/nested")
-			assert.Contains(t, archiver.addedFiles, "deep/nested/folder")
-			assert.Contains(t, archiver.addedFiles, "deep/nested/folder/another-file")
+			assert.EqualValues(t, "deep", archiver.addedFiles[0])
+			assert.EqualValues(t, "deep/nested", archiver.addedFiles[1])
+			assert.EqualValues(t, "deep/nested/folder", archiver.addedFiles[2])
+			assert.EqualValues(t, "deep/nested/folder/another-file", archiver.addedFiles[3])
 		})
 	})
 }
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@ -157,9 +157,9 @@ func runViewDo(c *cli.Context) error {
 	}

 	if len(matchedAssetFiles) == 0 {
-		return errors.New("no files matched the given pattern")
+		return fmt.Errorf("no files matched the given pattern")
 	} else if len(matchedAssetFiles) > 1 {
-		return errors.New("too many files matched the given pattern, try to be more specific")
+		return fmt.Errorf("too many files matched the given pattern, try to be more specific")
 	}

 	data, err := matchedAssetFiles[0].fs.ReadFile(matchedAssetFiles[0].name)
@ -180,7 +180,7 @@ func runExtractDo(c *cli.Context) error {
 	}

 	if c.NArg() == 0 {
-		return errors.New("a list of pattern of files to extract is mandatory (e.g. '**' for all)")
+		return fmt.Errorf("a list of pattern of files to extract is mandatory (e.g. '**' for all)")
 	}

 	destdir := "."
--- a/cmd/forgejo/actions.go
+++ b/cmd/forgejo/actions.go
@ -134,8 +134,8 @@ func validateSecret(secret string) error {
 }

 func RunRegister(ctx context.Context, cliCtx *cli.Context) error {
-	var cancel context.CancelFunc
 	if !ContextGetNoInit(ctx) {
+		var cancel context.CancelFunc
 		ctx, cancel = installSignals(ctx)
 		defer cancel()

--- a/cmd/forgejo/f3.go
+++ b/cmd/forgejo/f3.go
@ -1,77 +0,0 @@
-// Copyright Earl Warren <contact@earl-warren.org>
-// Copyright Loïc Dachary <loic@dachary.org>
-// SPDX-License-Identifier: MIT
-
-package forgejo
-
-import (
-	"context"
-	"errors"
-
-	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/storage"
-	"code.gitea.io/gitea/services/f3/util"
-
-	_ "code.gitea.io/gitea/services/f3/driver" // register the driver
-
-	f3_cmd "code.forgejo.org/f3/gof3/v3/cmd"
-	f3_logger "code.forgejo.org/f3/gof3/v3/logger"
-	f3_util "code.forgejo.org/f3/gof3/v3/util"
-	"github.com/urfave/cli/v2"
-)
-
-func CmdF3(ctx context.Context) *cli.Command {
-	ctx = f3_logger.ContextSetLogger(ctx, util.NewF3Logger(nil, log.GetLogger(log.DEFAULT)))
-	return &cli.Command{
-		Name:  "f3",
-		Usage: "F3",
-		Subcommands: []*cli.Command{
-			SubcmdF3Mirror(ctx),
-		},
-	}
-}
-
-func SubcmdF3Mirror(ctx context.Context) *cli.Command {
-	mirrorCmd := f3_cmd.CreateCmdMirror(ctx)
-	mirrorCmd.Before = prepareWorkPathAndCustomConf(ctx)
-	f3Action := mirrorCmd.Action
-	mirrorCmd.Action = func(c *cli.Context) error { return runMirror(ctx, c, f3Action) }
-	return mirrorCmd
-}
-
-func runMirror(ctx context.Context, c *cli.Context, action cli.ActionFunc) error {
-	setting.LoadF3Setting()
-	if !setting.F3.Enabled {
-		return errors.New("F3 is disabled, it is not ready to be used and is only present for development purposes")
-	}
-
-	var cancel context.CancelFunc
-	if !ContextGetNoInit(ctx) {
-		ctx, cancel = installSignals(ctx)
-		defer cancel()
-
-		if err := initDB(ctx); err != nil {
-			return err
-		}
-
-		if err := storage.Init(); err != nil {
-			return err
-		}
-
-		if err := git.InitSimple(ctx); err != nil {
-			return err
-		}
-		if err := models.Init(ctx); err != nil {
-			return err
-		}
-	}
-
-	err := action(c)
-	if panicError, ok := err.(f3_util.PanicError); ok {
-		log.Debug("F3 Stack trace\n%s", panicError.Stack())
-	}
-	return err
-}
--- a/cmd/forgejo/forgejo.go
+++ b/cmd/forgejo/forgejo.go
@ -36,7 +36,6 @@ func CmdForgejo(ctx context.Context) *cli.Command {
 		Flags: []cli.Flag{},
 		Subcommands: []*cli.Command{
 			CmdActions(ctx),
-			CmdF3(ctx),
 		},
 	}
 }
--- a/cmd/hook.go
+++ b/cmd/hook.go
@ -484,7 +484,7 @@ func hookPrintResults(results []private.HookPostReceiveBranchResult) {
 			fmt.Fprintf(os.Stderr, "  %s\n", res.URL)
 		}
 		fmt.Fprintln(os.Stderr, "")
-		_ = os.Stderr.Sync()
+		os.Stderr.Sync()
 	}
 }

@ -783,7 +783,7 @@ func writeFlushPktLine(ctx context.Context, out io.Writer) error {
 	return nil
 }

-// Write an Pkt-Line based on `data` to `out` according to the specification.
+// Write an Pkt-Line based on `data` to `out` according to the specifcation.
 // https://git-scm.com/docs/protocol-common
 func writeDataPktLine(ctx context.Context, out io.Writer, data []byte) error {
 	// Implementations SHOULD NOT send an empty pkt-line ("0004").
--- a/cmd/main.go
+++ b/cmd/main.go
@ -124,7 +124,6 @@ func NewMainApp(version, versionExtra string) *cli.App {

 	var subCmdsStandalone []*cli.Command = make([]*cli.Command, 0, 10)
 	var subCmdWithConfig []*cli.Command = make([]*cli.Command, 0, 10)
-	var globalFlags []cli.Flag = make([]cli.Flag, 0, 10)

 	//
 	// If the executable is forgejo-cli, provide a Forgejo specific CLI
@ -132,15 +131,6 @@ func NewMainApp(version, versionExtra string) *cli.App {
 	//
 	if executable == "forgejo-cli" {
 		subCmdsStandalone = append(subCmdsStandalone, forgejo.CmdActions(context.Background()))
-		subCmdWithConfig = append(subCmdWithConfig, forgejo.CmdF3(context.Background()))
-		globalFlags = append(globalFlags, []cli.Flag{
-			&cli.BoolFlag{
-				Name: "quiet",
-			},
-			&cli.BoolFlag{
-				Name: "verbose",
-			},
-		}...)
 	} else {
 		//
 		// Otherwise provide a Gitea compatible CLI which includes Forgejo
@ -152,10 +142,10 @@ func NewMainApp(version, versionExtra string) *cli.App {
 		subCmdWithConfig = append(subCmdWithConfig, CmdActions)
 	}

-	return innerNewMainApp(version, versionExtra, subCmdsStandalone, subCmdWithConfig, globalFlags)
+	return innerNewMainApp(version, versionExtra, subCmdsStandalone, subCmdWithConfig)
 }

-func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmdWithConfigArgs []*cli.Command, globalFlagsArgs []cli.Flag) *cli.App {
+func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmdWithConfigArgs []*cli.Command) *cli.App {
 	app := cli.NewApp()
 	app.HelpName = "forgejo"
 	app.Name = "Forgejo"
@ -195,7 +185,6 @@ func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmd
 	app.DefaultCommand = CmdWeb.Name

 	globalFlags := appGlobalFlags()
-	globalFlags = append(globalFlags, globalFlagsArgs...)
 	app.Flags = append(app.Flags, cli.VersionFlag)
 	app.Flags = append(app.Flags, globalFlags...)
 	app.HideHelp = true // use our own help action to show helps (with more information like default config)
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@ -4,7 +4,6 @@
 package cmd

 import (
-	"errors"
 	"fmt"
 	"os"

@ -250,7 +249,7 @@ func runAddFileLogger(c *cli.Context) error {
 	if c.IsSet("filename") {
 		vals["filename"] = c.String("filename")
 	} else {
-		return errors.New("filename must be set when creating a file logger")
+		return fmt.Errorf("filename must be set when creating a file logger")
 	}
 	if c.IsSet("rotate") {
 		vals["rotate"] = c.Bool("rotate")
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -136,7 +136,7 @@ func runServ(c *cli.Context) error {
 	setup(ctx, c.Bool("debug"))

 	if setting.SSH.Disabled {
-		fmt.Println("Forgejo: SSH has been disabled")
+		println("Forgejo: SSH has been disabled")
 		return nil
 	}

@ -164,13 +164,13 @@ func runServ(c *cli.Context) error {
 		}
 		switch key.Type {
 		case asymkey_model.KeyTypeDeploy:
-			fmt.Println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Forgejo does not provide shell access.")
+			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Forgejo does not provide shell access.")
 		case asymkey_model.KeyTypePrincipal:
-			fmt.Println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Forgejo does not provide shell access.")
+			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Forgejo does not provide shell access.")
 		default:
-			fmt.Println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Forgejo does not provide shell access.")
+			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Forgejo does not provide shell access.")
 		}
-		fmt.Println("If this is unexpected, please log in with password and setup Forgejo under another user.")
+		println("If this is unexpected, please log in with password and setup Forgejo under another user.")
 		return nil
 	} else if c.Bool("debug") {
 		log.Debug("SSH_ORIGINAL_COMMAND: %s", os.Getenv("SSH_ORIGINAL_COMMAND"))
--- a/contrib/backport/README
+++ b/contrib/backport/README
@ -11,7 +11,7 @@ The default version will read from `docs/config.yml`. You can override this
 using the option `--version`.

 The upstream branches will be fetched, using the remote `origin`. This can
-be overridden using `--upstream`, and fetching can be avoided using
+be overrided using `--upstream`, and fetching can be avoided using
 `--no-fetch`.

 By default the branch created will be called `backport-$PR-$VERSION`. You
--- a/contrib/legal/privacy.html.sample
+++ b/contrib/legal/privacy.html.sample
@ -150,7 +150,7 @@

   <p>In general, Your Gitea Instance retains User Personal Information for as long as your account is active, or as needed to provide you service.</p>

-   <p>If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request. Feel free to contact our support to request erasure of the data we process on the basis of consent within 30 days.</p>
+   <p>If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request. Feel free to contact our support to request erasure of the data we process on the bassis of consent within 30 days.</p>

   <p>After an account has been deleted, certain data, such as contributions to other Users' repositories and comments in others' issues, will remain. However, we will delete or de-identify your User Personal Information, including your username and email address, from the author field of issues, pull requests, and comments by associating them with a ghost user.</p>

--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -1,10 +1,10 @@
-; This file lists the default values used by Forgejo
+; This file lists the default values used by Gitea
 ;; Copy required sections to your own app.ini (default is custom/conf/app.ini)
 ;; and modify as needed.
 ;; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes.
 ;; If you don't know what a setting is you should not set it.
 ;;
-;; see https://forgejo.org/docs/next/admin/config-cheat-sheet for additional documentation.
+;; see https://docs.gitea.com/administration/config-cheat-sheet for additional documentation.


 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -41,14 +41,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; App name that shows in every page title
-APP_NAME = ; Forgejo: Beyond coding. We Forge.
-;;
-;; APP_SLOGAN shows a slogan near the App name in every page title.
-;APP_SLOGAN =
-;;
-;; APP_DISPLAY_NAME_FORMAT defines how the AppDisplayName should be presented
-;; It is used only if APP_SLOGAN is set.
-;APP_DISPLAY_NAME_FORMAT = {APP_NAME}: {APP_SLOGAN}
+APP_NAME = ; Gitea: Git with a cup of tea
 ;;
 ;; RUN_USER will automatically detect the current user - but you can set it here change it if you run locally
 RUN_USER = ; git
@ -420,8 +413,8 @@ USER = root
 ;; Database connection max idle time, 0 prevents closing due to idle time.
 ;CONN_MAX_IDLETIME = 0
 ;;
-;; Database maximum number of open connections, default is 100 which is the lowest default from Postgres (MariaDB + MySQL default to 151). Ensure you only increase the value if you configured your database server accordingly.
-;MAX_OPEN_CONNS = 100
+;; Database maximum number of open connections, default is 0 meaning no maximum
+;MAX_OPEN_CONNS = 0
 ;;
 ;; Whether execute database models migrations automatically
 ;AUTO_MIGRATION = true
@ -984,7 +977,7 @@ LEVEL = Info
 ;ACCESS_CONTROL_ALLOW_ORIGIN =
 ;;
 ;; Force ssh:// clone url instead of scp-style uri when default SSH port is used
-;USE_COMPAT_SSH_URI = true
+;USE_COMPAT_SSH_URI = false
 ;;
 ;; Value for the "go get" request returns the repository url as https or ssh, default is https
 ;GO_GET_CLONE_URL_PROTOCOL = https
@ -1349,9 +1342,9 @@ LEVEL = Info
 ;[ui.meta]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;AUTHOR = Forgejo – Beyond coding. We forge.
-;DESCRIPTION = Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.
-;KEYWORDS = git,forge,forgejo
+;AUTHOR = Gitea - Git with a cup of tea
+;DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
+;KEYWORDS = go,git,self-hosted,gitea

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1387,9 +1380,6 @@ LEVEL = Info
 ;;
 ;; Maximum allowed file size in bytes to render CSV files as table. (Set to 0 for no limit).
 ;MAX_FILE_SIZE = 524288
-;;
-;; Maximum allowed rows to render CSV files. (Set to 0 for no limit)
-;MAX_ROWS = 2500

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1517,7 +1507,7 @@ LEVEL = Info
 ;; Batch size to send for batched queues
 ;BATCH_LENGTH = 20
 ;;
-;; Connection string for redis queues this will store the redis (or Redis cluster) connection string.
+;; Connection string for redis queues this will store the redis or redis-cluster connection string.
 ;; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
 ;; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
 ;CONN_STR = "redis://127.0.0.1:6379/0"
@ -1549,11 +1539,6 @@ LEVEL = Info
 ;; - manage_ssh_keys: a user cannot configure ssh keys
 ;; - manage_gpg_keys: a user cannot configure gpg keys
 ;USER_DISABLED_FEATURES =
-;; Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior.
-;; - deletion: a user cannot delete their own account
-;; - manage_ssh_keys: a user cannot configure ssh keys
-;; - manage_gpg_keys: a user cannot configure gpg keys
-;;EXTERNAL_USER_DISABLE_FEATURES =

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1749,16 +1734,6 @@ LEVEL = Info
 ;; convert \r\n to \n for Sendmail
 ;SENDMAIL_CONVERT_CRLF = true

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[mailer.override_header]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; This is empty by default, use it only if you know what you need it for.
-;Reply-To = test@example.com, test2@example.com
-;Content-Type = text/html; charset=utf-8
-;In-Reply-To =
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[email.incoming]
@ -1812,8 +1787,9 @@ LEVEL = Info
 ;; For "memory" only, GC interval in seconds, default is 60
 ;INTERVAL = 60
 ;;
-;; For "redis" and "memcache", connection host address
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` (or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for a Redis cluster)
+;; For "redis", "redis-cluster" and "memcache", connection host address
+;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis-cluster: `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
 ;; memcache: `127.0.0.1:11211`
 ;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
 ;HOST =
@ -1843,14 +1819,15 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
+;; Either "memory", "file", "redis", "redis-cluster", "db", "mysql", "couchbase", "memcache" or "postgres"
 ;; Default is "memory". "db" will reuse the configuration in [database]
 ;PROVIDER = memory
 ;;
 ;; Provider config options
 ;; memory: doesn't have any config yet
 ;; file: session file path, e.g. `data/sessions`
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` (or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for a Redis cluster)
+;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis-cluster: `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
 ;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
 ;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
 ;;
@ -1944,10 +1921,7 @@ LEVEL = Info
 ;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
 ;MINIO_ENDPOINT = localhost:9000
 ;;
-;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`.
-;; If not provided and STORAGE_TYPE is `minio`, will search for credentials in known
-;; environment variables (MINIO_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID), credentials files
-;; (~/.mc/config.json, ~/.aws/credentials), and EC2 instance metadata.
+;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
 ;MINIO_ACCESS_KEY_ID =
 ;;
 ;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
@ -2407,8 +2381,6 @@ LEVEL = Info
 ;SHOW_FOOTER_VERSION = true
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
-;; Show the "powered by" text in the footer
-;SHOW_FOOTER_POWERED_BY = true
 ;; Generate sitemap. Defaults to `true`.
 ;ENABLE_SITEMAP = true
 ;; Enable/Disable RSS/Atom feed
@ -2499,15 +2471,6 @@ LEVEL = Info
 ;; If set to true, completely ignores server certificate validation errors. This option is unsafe.
 ;SKIP_TLS_VERIFY = false

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[F3]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Enable/Disable Friendly Forge Format (F3)
-;ENABLED = false
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[federation]
@ -2665,10 +2628,7 @@ LEVEL = Info
 ;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
 ;MINIO_ENDPOINT = localhost:9000
 ;;
-;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`.
-;; If not provided and STORAGE_TYPE is `minio`, will search for credentials in known
-;; environment variables (MINIO_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID), credentials files
-;; (~/.mc/config.json, ~/.aws/credentials), and EC2 instance metadata.
+;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
 ;MINIO_ACCESS_KEY_ID =
 ;;
 ;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
--- a/docker/rootless/usr/local/bin/docker-entrypoint.sh
+++ b/docker/rootless/usr/local/bin/docker-entrypoint.sh
@ -13,10 +13,5 @@ fi
 if [ $# -gt 0 ]; then
    exec "$@"
 else
-    # TODO: remove on next major version release
-    # Honour legacy config file if existing
-    if [ -f ${GITEA_APP_INI_LEGACY} ]; then
-        GITEA_APP_INI=${GITEA_APP_INI_LEGACY}
-    fi
    exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web
 fi
--- a/docker/rootless/usr/local/bin/docker-setup.sh
+++ b/docker/rootless/usr/local/bin/docker-setup.sh
@ -11,18 +11,6 @@ mkdir -p ${GITEA_CUSTOM} && chmod 0700 ${GITEA_CUSTOM}
 mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
 if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi

-# TODO: remove on next major version release
-# Honour legacy config file if existing, but inform the user
-if [ -f ${GITEA_APP_INI_LEGACY} ] && [ ${GITEA_APP_INI} != ${GITEA_APP_INI_LEGACY} ]; then
-    GITEA_APP_INI_DEFAULT=/var/lib/gitea/custom/conf/app.ini
-    echo -e \
-      "\033[33mWARNING\033[0m: detected configuration file in deprecated default path ${GITEA_APP_INI_LEGACY}." \
-      "The new default is ${GITEA_APP_INI_DEFAULT}. To remove this warning, choose one of the options:\n" \
-      "* Move ${GITEA_APP_INI_LEGACY} to ${GITEA_APP_INI_DEFAULT} (or to \$GITEA_APP_INI if you want to override this variable)\n" \
-      "* Explicitly override GITEA_APP_INI=${GITEA_APP_INI_LEGACY} in the container environment"
-    GITEA_APP_INI=${GITEA_APP_INI_LEGACY}
-fi
-
 #Prepare config file
 if [ ! -f ${GITEA_APP_INI} ]; then

--- a/flake.lock
+++ b/flake.lock
@ -1,61 +0,0 @@
-{
-  "nodes": {
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1717974879,
-        "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
--- a/flake.nix
+++ b/flake.nix
@ -1,38 +0,0 @@
-{
-  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
-    flake-utils.url = "github:numtide/flake-utils";
-  };
-  outputs =
-    { nixpkgs, flake-utils, ... }:
-    flake-utils.lib.eachDefaultSystem (
-      system:
-      let
-        pkgs = nixpkgs.legacyPackages.${system};
-      in
-      {
-        devShells.default = pkgs.mkShell {
-          buildInputs = with pkgs; [
-            # generic
-            git
-            git-lfs
-            gnumake
-            gnused
-            gnutar
-            gzip
-
-            # frontend
-            nodejs_20
-
-            # linting
-            python312
-            poetry
-
-            # backend
-            go_1_22
-            gofumpt
-          ];
-        };
-      }
-    );
-}
--- a/go.mod
+++ b/go.mod
@ -1,17 +1,14 @@
 module code.gitea.io/gitea

-go 1.22.0
-
-toolchain go1.22.4
+go 1.22.3

 require (
-	code.forgejo.org/f3/gof3/v3 v3.4.0
-	code.forgejo.org/forgejo/reply v1.0.2
+	code.forgejo.org/forgejo/reply v1.0.1
 	code.gitea.io/actions-proto-go v0.4.0
 	code.gitea.io/gitea-vet v0.2.3
 	code.gitea.io/sdk/gitea v0.17.1
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
-	connectrpc.com/connect v1.16.2
+	connectrpc.com/connect v1.15.0
 	gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed
 	gitea.com/go-chi/cache v0.2.0
 	gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098
@ -19,19 +16,19 @@ require (
 	gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
-	github.com/ProtonMail/go-crypto v1.0.0
-	github.com/PuerkitoBio/goquery v1.9.2
-	github.com/alecthomas/chroma/v2 v2.14.0
+	github.com/PuerkitoBio/goquery v1.8.1
+	github.com/alecthomas/chroma/v2 v2.13.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
-	github.com/blevesearch/bleve/v2 v2.4.0
+	github.com/blevesearch/bleve/v2 v2.3.10
 	github.com/buildkite/terminal-to-html/v3 v3.10.1
-	github.com/caddyserver/certmagic v0.21.0
+	github.com/caddyserver/certmagic v0.20.0
 	github.com/chi-middleware/proxy v1.1.1
+	github.com/denisenkom/go-mssqldb v0.12.3
 	github.com/djherbis/buffer v1.2.0
 	github.com/djherbis/nio/v3 v3.0.1
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5
 	github.com/dustin/go-humanize v1.0.1
-	github.com/editorconfig/editorconfig-core-go/v2 v2.6.2
+	github.com/editorconfig/editorconfig-core-go/v2 v2.6.1
 	github.com/emersion/go-imap v1.2.1
 	github.com/emirpasic/gods v1.18.1
 	github.com/felixge/fgprof v0.9.4
@ -39,46 +36,45 @@ require (
 	github.com/gliderlabs/ssh v0.3.7
 	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
 	github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73
-	github.com/go-chi/chi/v5 v5.0.14
+	github.com/go-chi/chi/v5 v5.0.11
 	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
-	github.com/go-enry/go-enry/v2 v2.8.8
+	github.com/go-enry/go-enry/v2 v2.8.7
 	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
 	github.com/go-git/go-billy/v5 v5.5.0
 	github.com/go-git/go-git/v5 v5.11.0
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/go-sql-driver/mysql v1.8.1
 	github.com/go-swagger/go-swagger v0.30.5
-	github.com/go-testfixtures/testfixtures/v3 v3.11.0
+	github.com/go-testfixtures/testfixtures/v3 v3.10.0
 	github.com/go-webauthn/webauthn v0.10.0
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
 	github.com/golang-jwt/jwt/v5 v5.2.0
 	github.com/google/go-github/v57 v57.0.0
-	github.com/google/pprof v0.0.0-20240528025155-186aa0362fba
+	github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7
 	github.com/google/uuid v1.6.0
-	github.com/gorilla/feeds v1.2.0
+	github.com/gorilla/feeds v1.1.2
 	github.com/gorilla/sessions v1.2.2
-	github.com/h2non/gock v1.2.0
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
-	github.com/huandu/xstrings v1.5.0
+	github.com/huandu/xstrings v1.4.0
 	github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056
-	github.com/jhillyerd/enmime v1.2.0
+	github.com/jhillyerd/enmime v1.1.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
-	github.com/klauspost/compress v1.17.9
-	github.com/klauspost/cpuid/v2 v2.2.7
+	github.com/klauspost/compress v1.17.7
+	github.com/klauspost/cpuid/v2 v2.2.6
 	github.com/lib/pq v1.10.9
-	github.com/markbates/goth v1.80.0
+	github.com/markbates/goth v1.78.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-sqlite3 v1.14.22
 	github.com/meilisearch/meilisearch-go v0.26.1
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.26
-	github.com/minio/minio-go/v7 v7.0.70
+	github.com/minio/minio-go/v7 v7.0.69
 	github.com/msteinert/pam v1.2.0
 	github.com/nektos/act v0.2.52
 	github.com/niklasfasching/go-org v1.7.0
@ -88,30 +84,29 @@ require (
 	github.com/pquerna/otp v1.4.0
 	github.com/prometheus/client_golang v1.18.0
 	github.com/quasoft/websspi v1.1.2
-	github.com/redis/go-redis/v9 v9.5.2
+	github.com/redis/go-redis/v9 v9.4.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/sassoftware/go-rpmutils v0.2.1-0.20240124161140-277b154961dd
 	github.com/sergi/go-diff v1.3.1
 	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.8.4
 	github.com/syndtr/goleveldb v1.0.0
+	github.com/tstranex/u2f v1.0.0
 	github.com/ulikunitz/xz v0.5.11
-	github.com/urfave/cli/v2 v2.27.2
-	github.com/valyala/fastjson v1.6.4
+	github.com/urfave/cli/v2 v2.27.1
 	github.com/xanzy/go-gitlab v0.96.0
 	github.com/yohcop/openid-go v1.0.1
-	github.com/yuin/goldmark v1.7.4
+	github.com/yuin/goldmark v1.6.0
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	github.com/yuin/goldmark-meta v1.1.0
-	go.uber.org/mock v0.4.0
-	golang.org/x/crypto v0.24.0
-	golang.org/x/image v0.18.0
-	golang.org/x/net v0.26.0
-	golang.org/x/oauth2 v0.21.0
-	golang.org/x/sys v0.21.0
-	golang.org/x/text v0.16.0
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
+	golang.org/x/crypto v0.21.0
+	golang.org/x/image v0.15.0
+	golang.org/x/net v0.23.0
+	golang.org/x/oauth2 v0.16.0
+	golang.org/x/sys v0.18.0
+	golang.org/x/text v0.14.0
+	golang.org/x/tools v0.17.0
 	google.golang.org/grpc v1.60.1
 	google.golang.org/protobuf v1.33.0
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
@ -124,17 +119,19 @@ require (
 )

 require (
-	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
-	github.com/ClickHouse/ch-go v0.61.5 // indirect
-	github.com/ClickHouse/clickhouse-go/v2 v2.24.0 // indirect
+	github.com/ClickHouse/ch-go v0.61.1 // indirect
+	github.com/ClickHouse/clickhouse-go/v2 v2.18.0 // indirect
 	github.com/DataDog/zstd v1.5.5 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/RoaringBitmap/roaring v1.7.0 // indirect
 	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
@ -143,13 +140,12 @@ require (
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.13.0 // indirect
-	github.com/blevesearch/bleve_index_api v1.1.6 // indirect
-	github.com/blevesearch/geo v0.1.20 // indirect
-	github.com/blevesearch/go-faiss v1.0.13 // indirect
+	github.com/blevesearch/bleve_index_api v1.1.5 // indirect
+	github.com/blevesearch/geo v0.1.19 // indirect
 	github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
 	github.com/blevesearch/gtreap v0.1.1 // indirect
 	github.com/blevesearch/mmap-go v1.0.4 // indirect
-	github.com/blevesearch/scorch_segment_api/v2 v2.2.9 // indirect
+	github.com/blevesearch/scorch_segment_api/v2 v2.2.6 // indirect
 	github.com/blevesearch/segment v0.9.1 // indirect
 	github.com/blevesearch/snowballstem v0.9.0 // indirect
 	github.com/blevesearch/upsidedown_store_api v1.0.2 // indirect
@ -159,17 +155,15 @@ require (
 	github.com/blevesearch/zapx/v13 v13.3.10 // indirect
 	github.com/blevesearch/zapx/v14 v14.3.10 // indirect
 	github.com/blevesearch/zapx/v15 v15.3.13 // indirect
-	github.com/blevesearch/zapx/v16 v16.0.12 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
-	github.com/caddyserver/zerossl v0.1.2 // indirect
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/couchbase/go-couchbase v0.1.1 // indirect
 	github.com/couchbase/gomemcached v0.3.0 // indirect
 	github.com/couchbase/goutils v0.1.2 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidmz/go-pageant v1.0.2 // indirect
@ -199,11 +193,12 @@ require (
 	github.com/go-webauthn/x v0.1.6 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
+	github.com/golang-sql/sqlexp v0.1.0 // indirect
 	github.com/golang/geo v0.0.0-20230421003525-6adc56603217 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/go-tpm v0.9.0 // indirect
 	github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 // indirect
@ -211,9 +206,8 @@ require (
 	github.com/gorilla/handlers v1.5.2 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@ -223,15 +217,16 @@ require (
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/libdns/libdns v0.2.2 // indirect
+	github.com/libdns/libdns v0.2.1 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/markbates/going v1.0.3 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
-	github.com/mholt/acmez/v2 v2.0.1 // indirect
-	github.com/miekg/dns v1.1.59 // indirect
+	github.com/mholt/acmez v1.2.0 // indirect
+	github.com/miekg/dns v1.1.58 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
@ -252,16 +247,15 @@ require (
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.46.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/rhysd/actionlint v1.6.27 // indirect
-	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rhysd/actionlint v1.6.26 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/rs/xid v1.5.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
-	github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
-	github.com/shopspring/decimal v1.4.0 // indirect
+	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.2.1 // indirect
@ -276,22 +270,24 @@ require (
 	github.com/unknwon/com v1.0.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.51.0 // indirect
+	github.com/valyala/fastjson v1.6.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
-	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
+	github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e // indirect
 	github.com/zeebo/blake3 v0.2.3 // indirect
-	go.etcd.io/bbolt v1.3.9 // indirect
+	go.etcd.io/bbolt v1.3.8 // indirect
 	go.mongodb.org/mongo-driver v1.13.1 // indirect
-	go.opentelemetry.io/otel v1.26.0 // indirect
-	go.opentelemetry.io/otel/trace v1.26.0 // indirect
+	go.opentelemetry.io/otel v1.22.0 // indirect
+	go.opentelemetry.io/otel/trace v1.22.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
-	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
@ -302,7 +298,9 @@ replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1

 replace github.com/shurcooL/vfsgen => github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0

-replace github.com/nektos/act => gitea.com/gitea/act v0.261.1
+replace github.com/nektos/act => gitea.com/gitea/act v0.259.1
+
+replace github.com/gorilla/feeds => github.com/yardenshoham/feeds v0.0.0-20240110072658-f3d0c21c0bd5

 exclude github.com/gofrs/uuid v3.2.0+incompatible

--- a/go.sum
+++ b/go.sum
--- a/models/actions/main_test.go
+++ b/models/actions/main_test.go
@ -12,7 +12,6 @@ import (
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		FixtureFiles: []string{
-			"action_runner.yml",
 			"action_runner_token.yml",
 		},
 	})
--- a/models/actions/run.go
+++ b/models/actions/run.go
@ -98,10 +98,13 @@ func (run *ActionRun) LoadAttributes(ctx context.Context) error {
 		return nil
 	}

-	if err := run.LoadRepo(ctx); err != nil {
-		return err
+	if run.Repo == nil {
+		repo, err := repo_model.GetRepositoryByID(ctx, run.RepoID)
+		if err != nil {
+			return err
+		}
+		run.Repo = repo
 	}
-
 	if err := run.Repo.LoadAttributes(ctx); err != nil {
 		return err
 	}
@ -117,19 +120,6 @@ func (run *ActionRun) LoadAttributes(ctx context.Context) error {
 	return nil
 }

-func (run *ActionRun) LoadRepo(ctx context.Context) error {
-	if run == nil || run.Repo != nil {
-		return nil
-	}
-
-	repo, err := repo_model.GetRepositoryByID(ctx, run.RepoID)
-	if err != nil {
-		return err
-	}
-	run.Repo = repo
-	return nil
-}
-
 func (run *ActionRun) Duration() time.Duration {
 	return calculateDuration(run.Started, run.Stopped, run.Status) + run.PreviousDuration
 }
--- a/models/actions/run_job_list.go
+++ b/models/actions/run_job_list.go
@ -16,9 +16,14 @@ import (
 type ActionJobList []*ActionRunJob

 func (jobs ActionJobList) GetRunIDs() []int64 {
-	return container.FilterSlice(jobs, func(j *ActionRunJob) (int64, bool) {
-		return j.RunID, j.RunID != 0
-	})
+	ids := make(container.Set[int64], len(jobs))
+	for _, j := range jobs {
+		if j.RunID == 0 {
+			continue
+		}
+		ids.Add(j.RunID)
+	}
+	return ids.Values()
 }

 func (jobs ActionJobList) LoadRuns(ctx context.Context, withRepo bool) error {
--- a/models/actions/run_list.go
+++ b/models/actions/run_list.go
@ -19,15 +19,19 @@ type RunList []*ActionRun

 // GetUserIDs returns a slice of user's id
 func (runs RunList) GetUserIDs() []int64 {
-	return container.FilterSlice(runs, func(run *ActionRun) (int64, bool) {
-		return run.TriggerUserID, true
-	})
+	ids := make(container.Set[int64], len(runs))
+	for _, run := range runs {
+		ids.Add(run.TriggerUserID)
+	}
+	return ids.Values()
 }

 func (runs RunList) GetRepoIDs() []int64 {
-	return container.FilterSlice(runs, func(run *ActionRun) (int64, bool) {
-		return run.RepoID, true
-	})
+	ids := make(container.Set[int64], len(runs))
+	for _, run := range runs {
+		ids.Add(run.RepoID)
+	}
+	return ids.Values()
 }

 func (runs RunList) LoadTriggerUser(ctx context.Context) error {
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@ -5,7 +5,6 @@ package actions

 import (
 	"context"
-	"encoding/binary"
 	"fmt"
 	"strings"
 	"time"
@ -254,26 +253,11 @@ func UpdateRunner(ctx context.Context, r *ActionRunner, cols ...string) error {

 // DeleteRunner deletes a runner by given ID.
 func DeleteRunner(ctx context.Context, id int64) error {
-	runner, err := GetRunnerByID(ctx, id)
-	if err != nil {
+	if _, err := GetRunnerByID(ctx, id); err != nil {
 		return err
 	}

-	// Replace the UUID, which was either based on the secret's first 16 bytes or an UUIDv4,
-	// with a sequence of 8 0xff bytes followed by the little-endian version of the record's
-	// identifier. This will prevent the deleted record's identifier from colliding with any
-	// new record.
-	b := make([]byte, 8)
-	binary.LittleEndian.PutUint64(b, uint64(id))
-	runner.UUID = fmt.Sprintf("ffffffff-ffff-ffff-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x",
-		b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7])
-
-	err = UpdateRunner(ctx, runner, "UUID")
-	if err != nil {
-		return err
-	}
-
-	_, err = db.DeleteByID[ActionRunner](ctx, id)
+	_, err := db.DeleteByID[ActionRunner](ctx, id)
 	return err
 }

@ -286,7 +270,7 @@ func CountRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 	// Only affect action runners were a owner ID is set, as actions runners
 	// could also be created on a repository.
 	return db.GetEngine(ctx).Table("action_runner").
-		Join("LEFT", "`user`", "`action_runner`.owner_id = `user`.id").
+		Join("LEFT", "user", "`action_runner`.owner_id = `user`.id").
 		Where("`action_runner`.owner_id != ?", 0).
 		And(builder.IsNull{"`user`.id"}).
 		Count(new(ActionRunner))
@ -295,7 +279,7 @@ func CountRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 func FixRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 	subQuery := builder.Select("`action_runner`.id").
 		From("`action_runner`").
-		Join("LEFT", "`user`", "`action_runner`.owner_id = `user`.id").
+		Join("LEFT", "user", "`action_runner`.owner_id = `user`.id").
 		Where(builder.Neq{"`action_runner`.owner_id": 0}).
 		And(builder.IsNull{"`user`.id"})
 	b := builder.Delete(builder.In("id", subQuery)).From("`action_runner`")
@ -305,25 +289,3 @@ func FixRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 	}
 	return res.RowsAffected()
 }
-
-func CountRunnersWithoutBelongingRepo(ctx context.Context) (int64, error) {
-	return db.GetEngine(ctx).Table("action_runner").
-		Join("LEFT", "`repository`", "`action_runner`.repo_id = `repository`.id").
-		Where("`action_runner`.repo_id != ?", 0).
-		And(builder.IsNull{"`repository`.id"}).
-		Count(new(ActionRunner))
-}
-
-func FixRunnersWithoutBelongingRepo(ctx context.Context) (int64, error) {
-	subQuery := builder.Select("`action_runner`.id").
-		From("`action_runner`").
-		Join("LEFT", "`repository`", "`action_runner`.repo_id = `repository`.id").
-		Where(builder.Neq{"`action_runner`.repo_id": 0}).
-		And(builder.IsNull{"`repository`.id"})
-	b := builder.Delete(builder.In("id", subQuery)).From("`action_runner`")
-	res, err := db.GetEngine(ctx).Exec(b)
-	if err != nil {
-		return 0, err
-	}
-	return res.RowsAffected()
-}
--- a/models/actions/runner_list.go
+++ b/models/actions/runner_list.go
@ -16,9 +16,14 @@ type RunnerList []*ActionRunner

 // GetUserIDs returns a slice of user's id
 func (runners RunnerList) GetUserIDs() []int64 {
-	return container.FilterSlice(runners, func(runner *ActionRunner) (int64, bool) {
-		return runner.OwnerID, runner.OwnerID != 0
-	})
+	ids := make(container.Set[int64], len(runners))
+	for _, runner := range runners {
+		if runner.OwnerID == 0 {
+			continue
+		}
+		ids.Add(runner.OwnerID)
+	}
+	return ids.Values()
 }

 func (runners RunnerList) LoadOwners(ctx context.Context) error {
@ -36,9 +41,16 @@ func (runners RunnerList) LoadOwners(ctx context.Context) error {
 }

 func (runners RunnerList) getRepoIDs() []int64 {
-	return container.FilterSlice(runners, func(runner *ActionRunner) (int64, bool) {
-		return runner.RepoID, runner.RepoID > 0
-	})
+	repoIDs := make(container.Set[int64], len(runners))
+	for _, runner := range runners {
+		if runner.RepoID == 0 {
+			continue
+		}
+		if _, ok := repoIDs[runner.RepoID]; !ok {
+			repoIDs[runner.RepoID] = struct{}{}
+		}
+	}
+	return repoIDs.Values()
 }

 func (runners RunnerList) LoadRepos(ctx context.Context) error {
--- a/models/actions/runner_test.go
+++ b/models/actions/runner_test.go
@ -1,59 +0,0 @@
-// SPDX-License-Identifier: MIT
-
-package actions
-
-import (
-	"encoding/binary"
-	"fmt"
-	"testing"
-
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/unittest"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestDeleteRunner(t *testing.T) {
-	const recordID = 12345678
-	assert.NoError(t, unittest.PrepareTestDatabase())
-	before := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
-
-	err := DeleteRunner(db.DefaultContext, recordID)
-	assert.NoError(t, err)
-
-	var after ActionRunner
-	found, err := db.GetEngine(db.DefaultContext).ID(recordID).Unscoped().Get(&after)
-	assert.NoError(t, err)
-	assert.True(t, found)
-
-	// Most fields (namely Name, Version, OwnerID, RepoID, Description, Base, RepoRange,
-	// TokenHash, TokenSalt, LastOnline, LastActive, AgentLabels and Created) are unaffected
-	assert.Equal(t, before.Name, after.Name)
-	assert.Equal(t, before.Version, after.Version)
-	assert.Equal(t, before.OwnerID, after.OwnerID)
-	assert.Equal(t, before.RepoID, after.RepoID)
-	assert.Equal(t, before.Description, after.Description)
-	assert.Equal(t, before.Base, after.Base)
-	assert.Equal(t, before.RepoRange, after.RepoRange)
-	assert.Equal(t, before.TokenHash, after.TokenHash)
-	assert.Equal(t, before.TokenSalt, after.TokenSalt)
-	assert.Equal(t, before.LastOnline, after.LastOnline)
-	assert.Equal(t, before.LastActive, after.LastActive)
-	assert.Equal(t, before.AgentLabels, after.AgentLabels)
-	assert.Equal(t, before.Created, after.Created)
-
-	// Deleted contains a value
-	assert.NotNil(t, after.Deleted)
-
-	// UUID was modified
-	assert.NotEqual(t, before.UUID, after.UUID)
-	// UUID starts with ffffffff-ffff-ffff-
-	assert.Equal(t, "ffffffff-ffff-ffff-", after.UUID[:19])
-	// UUID ends with LE binary representation of record ID
-	idAsBinary := make([]byte, 8)
-	binary.LittleEndian.PutUint64(idAsBinary, uint64(recordID))
-	idAsHexadecimal := fmt.Sprintf("%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x", idAsBinary[0],
-		idAsBinary[1], idAsBinary[2], idAsBinary[3], idAsBinary[4], idAsBinary[5],
-		idAsBinary[6], idAsBinary[7])
-	assert.Equal(t, idAsHexadecimal, after.UUID[19:])
-}
--- a/models/actions/schedule_list.go
+++ b/models/actions/schedule_list.go
@ -18,15 +18,19 @@ type ScheduleList []*ActionSchedule

 // GetUserIDs returns a slice of user's id
 func (schedules ScheduleList) GetUserIDs() []int64 {
-	return container.FilterSlice(schedules, func(schedule *ActionSchedule) (int64, bool) {
-		return schedule.TriggerUserID, true
-	})
+	ids := make(container.Set[int64], len(schedules))
+	for _, schedule := range schedules {
+		ids.Add(schedule.TriggerUserID)
+	}
+	return ids.Values()
 }

 func (schedules ScheduleList) GetRepoIDs() []int64 {
-	return container.FilterSlice(schedules, func(schedule *ActionSchedule) (int64, bool) {
-		return schedule.RepoID, true
-	})
+	ids := make(container.Set[int64], len(schedules))
+	for _, schedule := range schedules {
+		ids.Add(schedule.RepoID)
+	}
+	return ids.Values()
 }

 func (schedules ScheduleList) LoadTriggerUser(ctx context.Context) error {
--- a/models/actions/schedule_spec_list.go
+++ b/models/actions/schedule_spec_list.go
@ -16,9 +16,11 @@ import (
 type SpecList []*ActionScheduleSpec

 func (specs SpecList) GetScheduleIDs() []int64 {
-	return container.FilterSlice(specs, func(spec *ActionScheduleSpec) (int64, bool) {
-		return spec.ScheduleID, true
-	})
+	ids := make(container.Set[int64], len(specs))
+	for _, spec := range specs {
+		ids.Add(spec.ScheduleID)
+	}
+	return ids.Values()
 }

 func (specs SpecList) LoadSchedules(ctx context.Context) error {
@ -44,9 +46,11 @@ func (specs SpecList) LoadSchedules(ctx context.Context) error {
 }

 func (specs SpecList) GetRepoIDs() []int64 {
-	return container.FilterSlice(specs, func(spec *ActionScheduleSpec) (int64, bool) {
-		return spec.RepoID, true
-	})
+	ids := make(container.Set[int64], len(specs))
+	for _, spec := range specs {
+		ids.Add(spec.RepoID)
+	}
+	return ids.Values()
 }

 func (specs SpecList) LoadRepos(ctx context.Context) error {
--- a/models/actions/task_list.go
+++ b/models/actions/task_list.go
@ -16,9 +16,14 @@ import (
 type TaskList []*ActionTask

 func (tasks TaskList) GetJobIDs() []int64 {
-	return container.FilterSlice(tasks, func(t *ActionTask) (int64, bool) {
-		return t.JobID, t.JobID != 0
-	})
+	ids := make(container.Set[int64], len(tasks))
+	for _, t := range tasks {
+		if t.JobID == 0 {
+			continue
+		}
+		ids.Add(t.JobID)
+	}
+	return ids.Values()
 }

 func (tasks TaskList) LoadJobs(ctx context.Context) error {
@ -54,6 +59,7 @@ type FindTaskOptions struct {
 	UpdatedBefore timeutil.TimeStamp
 	StartedBefore timeutil.TimeStamp
 	RunnerID      int64
+	IDOrderDesc   bool
 }

 func (opts FindTaskOptions) ToConds() builder.Cond {
@ -83,5 +89,8 @@ func (opts FindTaskOptions) ToConds() builder.Cond {
 }

 func (opts FindTaskOptions) ToOrders() string {
-	return "`id` DESC"
+	if opts.IDOrderDesc {
+		return "`id` DESC"
+	}
+	return ""
 }
--- a/models/actions/tasks_version.go
+++ b/models/actions/tasks_version.go
@ -13,7 +13,7 @@ import (

 // ActionTasksVersion
 // If both ownerID and repoID is zero, its scope is global.
-// If ownerID is not zero and repoID is zero, its scope is org (there is no user-level runner currently).
+// If ownerID is not zero and repoID is zero, its scope is org (there is no user-level runner currrently).
 // If ownerID is zero and repoID is not zero, its scope is repo.
 type ActionTasksVersion struct {
 	ID          int64 `xorm:"pk autoincr"`
--- a/models/actions/variable.go
+++ b/models/actions/variable.go
@ -6,11 +6,13 @@ package actions
 import (
 	"context"
 	"errors"
+	"fmt"
 	"strings"

 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"

 	"xorm.io/builder"
 )
@ -53,24 +55,24 @@ type FindVariablesOpts struct {
 	db.ListOptions
 	OwnerID int64
 	RepoID  int64
-	Name    string
 }

 func (opts FindVariablesOpts) ToConds() builder.Cond {
 	cond := builder.NewCond()
-	// Since we now support instance-level variables,
-	// there is no need to check for null values for `owner_id` and `repo_id`
 	cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
-
-	if opts.Name != "" {
-		cond = cond.And(builder.Eq{"name": strings.ToUpper(opts.Name)})
-	}
 	return cond
 }

-func FindVariables(ctx context.Context, opts FindVariablesOpts) ([]*ActionVariable, error) {
-	return db.Find[ActionVariable](ctx, opts)
+func GetVariableByID(ctx context.Context, variableID int64) (*ActionVariable, error) {
+	var variable ActionVariable
+	has, err := db.GetEngine(ctx).Where("id=?", variableID).Get(&variable)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, fmt.Errorf("variable with id %d: %w", variableID, util.ErrNotExist)
+	}
+	return &variable, nil
 }

 func UpdateVariable(ctx context.Context, variable *ActionVariable) (bool, error) {
@ -82,21 +84,9 @@ func UpdateVariable(ctx context.Context, variable *ActionVariable) (bool, error)
 	return count != 0, err
 }

-func DeleteVariable(ctx context.Context, id int64) error {
-	if _, err := db.DeleteByID[ActionVariable](ctx, id); err != nil {
-		return err
-	}
-	return nil
-}
-
 func GetVariablesOfRun(ctx context.Context, run *ActionRun) (map[string]string, error) {
 	variables := map[string]string{}

-	if err := run.LoadRepo(ctx); err != nil {
-		log.Error("LoadRepo: %v", err)
-		return nil, err
-	}
-
 	// Global
 	globalVariables, err := db.Find[ActionVariable](ctx, FindVariablesOpts{})
 	if err != nil {
--- a/models/activities/action_list.go
+++ b/models/activities/action_list.go
@ -22,9 +22,11 @@ import (
 type ActionList []*Action

 func (actions ActionList) getUserIDs() []int64 {
-	return container.FilterSlice(actions, func(action *Action) (int64, bool) {
-		return action.ActUserID, true
-	})
+	userIDs := make(container.Set[int64], len(actions))
+	for _, action := range actions {
+		userIDs.Add(action.ActUserID)
+	}
+	return userIDs.Values()
 }

 func (actions ActionList) LoadActUsers(ctx context.Context) (map[int64]*user_model.User, error) {
@ -48,9 +50,11 @@ func (actions ActionList) LoadActUsers(ctx context.Context) (map[int64]*user_mod
 }

 func (actions ActionList) getRepoIDs() []int64 {
-	return container.FilterSlice(actions, func(action *Action) (int64, bool) {
-		return action.RepoID, true
-	})
+	repoIDs := make(container.Set[int64], len(actions))
+	for _, action := range actions {
+		repoIDs.Add(action.RepoID)
+	}
+	return repoIDs.Values()
 }

 func (actions ActionList) LoadRepositories(ctx context.Context) error {
@ -76,19 +80,18 @@ func (actions ActionList) loadRepoOwner(ctx context.Context, userMap map[int64]*
 		userMap = make(map[int64]*user_model.User)
 	}

-	missingUserIDs := container.FilterSlice(actions, func(action *Action) (int64, bool) {
+	userSet := make(container.Set[int64], len(actions))
+	for _, action := range actions {
 		if action.Repo == nil {
-			return 0, false
+			continue
+		}
+		if _, ok := userMap[action.Repo.OwnerID]; !ok {
+			userSet.Add(action.Repo.OwnerID)
 		}
-		_, alreadyLoaded := userMap[action.Repo.OwnerID]
-		return action.Repo.OwnerID, !alreadyLoaded
-	})
-	if len(missingUserIDs) == 0 {
-		return nil
 	}

 	if err := db.GetEngine(ctx).
-		In("id", missingUserIDs).
+		In("id", userSet.Values()).
 		Find(&userMap); err != nil {
 		return fmt.Errorf("find user: %w", err)
 	}
@ -132,9 +135,6 @@ func (actions ActionList) LoadComments(ctx context.Context) error {
 			commentIDs = append(commentIDs, action.CommentID)
 		}
 	}
-	if len(commentIDs) == 0 {
-		return nil
-	}

 	commentsMap := make(map[int64]*issues_model.Comment, len(commentIDs))
 	if err := db.GetEngine(ctx).In("id", commentIDs).Find(&commentsMap); err != nil {
--- a/models/activities/notification_list.go
+++ b/models/activities/notification_list.go
@ -196,11 +196,15 @@ func (nl NotificationList) LoadAttributes(ctx context.Context) error {
 	return nil
 }

-// getPendingRepoIDs returns all the repositoty ids which haven't been loaded
 func (nl NotificationList) getPendingRepoIDs() []int64 {
-	return container.FilterSlice(nl, func(n *Notification) (int64, bool) {
-		return n.RepoID, n.Repository == nil
-	})
+	ids := make(container.Set[int64], len(nl))
+	for _, notification := range nl {
+		if notification.Repository != nil {
+			continue
+		}
+		ids.Add(notification.RepoID)
+	}
+	return ids.Values()
 }

 // LoadRepos loads repositories from database
--- a/models/activities/statistic.go
+++ b/models/activities/statistic.go
@ -30,7 +30,7 @@ type Statistic struct {
 		Mirror, Release, AuthSource, Webhook,
 		Milestone, Label, HookTask,
 		Team, UpdateTask, Project,
-		ProjectColumn, Attachment,
+		ProjectBoard, Attachment,
 		Branches, Tags, CommitStatus int64
 		IssueByLabel      []IssueByLabelCount
 		IssueByRepository []IssueByRepositoryCount
@ -115,6 +115,6 @@ func GetStatistic(ctx context.Context) (stats Statistic) {
 	stats.Counter.Team, _ = e.Count(new(organization.Team))
 	stats.Counter.Attachment, _ = e.Count(new(repo_model.Attachment))
 	stats.Counter.Project, _ = e.Count(new(project_model.Project))
-	stats.Counter.ProjectColumn, _ = e.Count(new(project_model.Column))
+	stats.Counter.ProjectBoard, _ = e.Count(new(project_model.Board))
 	return stats
 }
--- a/models/activities/user_heatmap.go
+++ b/models/activities/user_heatmap.go
@ -39,8 +39,12 @@ func getUserHeatmapData(ctx context.Context, user *user_model.User, team *organi
 	// Group by 15 minute intervals which will allow the client to accurately shift the timestamp to their timezone.
 	// The interval is based on the fact that there are timezones such as UTC +5:30 and UTC +12:45.
 	groupBy := "created_unix / 900 * 900"
-	if setting.Database.Type.IsMySQL() {
+	groupByName := "timestamp" // We need this extra case because mssql doesn't allow grouping by alias
+	switch {
+	case setting.Database.Type.IsMySQL():
 		groupBy = "created_unix DIV 900 * 900"
+	case setting.Database.Type.IsMSSQL():
+		groupByName = groupBy
 	}

 	cond, err := activityQueryCondition(ctx, GetFeedsOptions{
@ -63,7 +67,7 @@ func getUserHeatmapData(ctx context.Context, user *user_model.User, team *organi
 		Table("action").
 		Where(cond).
 		And("created_unix > ?", timeutil.TimeStampNow()-31536000).
-		GroupBy("timestamp").
+		GroupBy(groupByName).
 		OrderBy("timestamp").
 		Find(&hdata)
 }
--- a/models/asymkey/gpg_key_object_verification.go
+++ b/models/asymkey/gpg_key_object_verification.go
@ -94,6 +94,7 @@ func ParseObjectWithSignature(ctx context.Context, c *GitObject) *ObjectVerifica
 					Reason:         "gpg.error.no_committer_account",
 				}
 			}
+
 		}
 	}

--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@ -8,7 +8,6 @@ import (
 	"crypto/sha256"
 	"encoding/base32"
 	"encoding/base64"
-	"errors"
 	"fmt"
 	"net"
 	"net/url"
@ -145,11 +144,6 @@ func (app *OAuth2Application) TableName() string {

 // ContainsRedirectURI checks if redirectURI is allowed for app
 func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
-	// OAuth2 requires the redirect URI to be an exact match, no dynamic parts are allowed.
-	// https://stackoverflow.com/questions/55524480/should-dynamic-query-parameters-be-present-in-the-redirection-uri-for-an-oauth2
-	// https://www.rfc-editor.org/rfc/rfc6819#section-5.2.3.3
-	// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-	// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-12#section-3.1
 	contains := func(s string) bool {
 		s = strings.TrimSuffix(strings.ToLower(s), "/")
 		for _, u := range app.RedirectURIs {
@ -302,7 +296,7 @@ func UpdateOAuth2Application(ctx context.Context, opts UpdateOAuth2ApplicationOp
 		return nil, err
 	}
 	if app.UID != opts.UserID {
-		return nil, errors.New("UID mismatch")
+		return nil, fmt.Errorf("UID mismatch")
 	}
 	builtinApps := BuiltinApplications()
 	if _, builtin := builtinApps[app.ClientID]; builtin {
--- a/models/auth/oauth2_test.go
+++ b/models/auth/oauth2_test.go
@ -60,7 +60,7 @@ func TestOAuth2Application_ContainsRedirectURI_WithPort(t *testing.T) {
 	// not loopback
 	assert.False(t, app.ContainsRedirectURI("http://192.168.0.1:9954/"))
 	assert.False(t, app.ContainsRedirectURI("http://intranet:3456/"))
-	// unparsable
+	// unparseable
 	assert.False(t, app.ContainsRedirectURI(":"))
 }

--- a/models/auth/session_test.go
+++ b/models/auth/session_test.go
@ -85,7 +85,7 @@ func TestAuthSession(t *testing.T) {
 		err = auth.DestroySession(db.DefaultContext, key)
 		assert.NoError(t, err)

-		// Ensure it doesn't exists.
+		// Ensure it doens't exists.
 		ok, err = auth.ExistSession(db.DefaultContext, key)
 		assert.NoError(t, err)
 		assert.False(t, ok)
--- a/models/auth/source.go
+++ b/models/auth/source.go
@ -33,7 +33,6 @@ const (
 	DLDAP       // 5
 	OAuth2      // 6
 	SSPI        // 7
-	Remote      // 8
 )

 // String returns the string name of the LoginType
@ -54,7 +53,6 @@ var Names = map[Type]string{
 	PAM:    "PAM",
 	OAuth2: "OAuth2",
 	SSPI:   "SPNEGO with SSPI",
-	Remote: "Remote",
 }

 // Config represents login config as far as the db is concerned
@ -183,10 +181,6 @@ func (source *Source) IsSSPI() bool {
 	return source.Type == SSPI
 }

-func (source *Source) IsRemote() bool {
-	return source.Type == Remote
-}
-
 // HasTLS returns true of this source supports TLS.
 func (source *Source) HasTLS() bool {
 	hasTLSer, ok := source.Cfg.(HasTLSer)
--- a/models/db/collation.go
+++ b/models/db/collation.go
@ -41,6 +41,20 @@ func findAvailableCollationsMySQL(x *xorm.Engine) (ret container.Set[string], er
 	return ret, nil
 }

+func findAvailableCollationsMSSQL(x *xorm.Engine) (ret container.Set[string], err error) {
+	var res []struct {
+		Name string
+	}
+	if err = x.SQL("SELECT * FROM sys.fn_helpcollations() WHERE name LIKE '%[_]CS[_]AS%'").Find(&res); err != nil {
+		return nil, err
+	}
+	ret = make(container.Set[string], len(res))
+	for _, r := range res {
+		ret.Add(r.Name)
+	}
+	return ret, nil
+}
+
 func CheckCollations(x *xorm.Engine) (*CheckCollationsResult, error) {
 	dbTables, err := x.DBMetas()
 	if err != nil {
@ -70,6 +84,18 @@ func CheckCollations(x *xorm.Engine) (*CheckCollationsResult, error) {
 			// At the moment, it's safe to ignore the database difference, just trim the prefix and compare. It could be fixed easily if there is any problem in the future.
 			return a == b || strings.TrimPrefix(a, "utf8mb4_") == strings.TrimPrefix(b, "utf8mb4_")
 		}
+	} else if x.Dialect().URI().DBType == schemas.MSSQL {
+		if _, err = x.SQL("SELECT DATABASEPROPERTYEX(DB_NAME(), 'Collation')").Get(&res.DatabaseCollation); err != nil {
+			return nil, err
+		}
+		res.IsCollationCaseSensitive = func(s string) bool {
+			return strings.HasSuffix(s, "_CS_AS")
+		}
+		candidateCollations = []string{"Latin1_General_CS_AS"}
+		res.AvailableCollation, err = findAvailableCollationsMSSQL(x)
+		if err != nil {
+			return nil, err
+		}
 	} else {
 		return nil, nil
 	}
@ -120,6 +146,10 @@ func alterDatabaseCollation(x *xorm.Engine, collation string) error {
 	if x.Dialect().URI().DBType == schemas.MYSQL {
 		_, err := x.Exec("ALTER DATABASE CHARACTER SET utf8mb4 COLLATE " + collation)
 		return err
+	} else if x.Dialect().URI().DBType == schemas.MSSQL {
+		// TODO: MSSQL has many limitations on changing database collation, it could fail in many cases.
+		_, err := x.Exec("ALTER DATABASE CURRENT COLLATE " + collation)
+		return err
 	}
 	return errors.New("unsupported database type")
 }
@ -135,11 +165,12 @@ func preprocessDatabaseCollation(x *xorm.Engine) {
 	}

 	// try to alter database collation to expected if the database is empty, it might fail in some cases (and it isn't necessary to succeed)
-	// at the moment.
+	// at the moment, there is no "altering" solution for MSSQL, site admin should manually change the database collation
 	if !r.CollationEquals(r.DatabaseCollation, r.ExpectedCollation) && r.ExistingTableNumber == 0 {
 		if err = alterDatabaseCollation(x, r.ExpectedCollation); err != nil {
 			log.Error("Failed to change database collation to %q: %v", r.ExpectedCollation, err)
 		} else {
+			_, _ = x.Exec("SELECT 1") // after "altering", MSSQL's session becomes invalid, so make a simple query to "refresh" the session
 			if r, err = CheckCollations(x); err != nil {
 				log.Error("Failed to check database collation again after altering: %v", err) // impossible case
 				return
--- a/models/db/common.go
+++ b/models/db/common.go
@ -47,6 +47,8 @@ func BuilderDialect() string {
 		return builder.SQLITE
 	case setting.Database.Type.IsPostgreSQL():
 		return builder.POSTGRES
+	case setting.Database.Type.IsMSSQL():
+		return builder.MSSQL
 	default:
 		return ""
 	}
--- a/models/db/convert.go
+++ b/models/db/convert.go
@ -47,6 +47,33 @@ func ConvertDatabaseTable() error {
 	return nil
 }

+// ConvertVarcharToNVarchar converts database and tables from varchar to nvarchar if it's mssql
+func ConvertVarcharToNVarchar() error {
+	if x.Dialect().URI().DBType != schemas.MSSQL {
+		return nil
+	}
+
+	sess := x.NewSession()
+	defer sess.Close()
+	res, err := sess.QuerySliceString(`SELECT 'ALTER TABLE ' + OBJECT_NAME(SC.object_id) + ' MODIFY SC.name NVARCHAR(' + CONVERT(VARCHAR(5),SC.max_length) + ')'
+FROM SYS.columns SC
+JOIN SYS.types ST
+ON SC.system_type_id = ST.system_type_id
+AND SC.user_type_id = ST.user_type_id
+WHERE ST.name ='varchar'`)
+	if err != nil {
+		return err
+	}
+	for _, row := range res {
+		if len(row) == 1 {
+			if _, err = sess.Exec(row[0]); err != nil {
+				return err
+			}
+		}
+	}
+	return err
+}
+
 // Cell2Int64 converts a xorm.Cell type to int64,
 // and handles possible irregular cases.
 func Cell2Int64(val xorm.Cell) int64 {
--- a/models/db/engine.go
+++ b/models/db/engine.go
@ -22,8 +22,9 @@ import (
 	"xorm.io/xorm/names"
 	"xorm.io/xorm/schemas"

-	_ "github.com/go-sql-driver/mysql" // Needed for the MySQL driver
-	_ "github.com/lib/pq"              // Needed for the Postgresql driver
+	_ "github.com/denisenkom/go-mssqldb" // Needed for the MSSQL driver
+	_ "github.com/go-sql-driver/mysql"   // Needed for the MySQL driver
+	_ "github.com/lib/pq"                // Needed for the Postgresql driver
 )

 var (
@ -114,8 +115,10 @@ func newXORMEngine() (*xorm.Engine, error) {
 	if err != nil {
 		return nil, err
 	}
-	if setting.Database.Type.IsMySQL() {
+	if setting.Database.Type == "mysql" {
 		engine.Dialect().SetParams(map[string]string{"rowFormat": "DYNAMIC"})
+	} else if setting.Database.Type == "mssql" {
+		engine.Dialect().SetParams(map[string]string{"DEFAULT_VARCHAR": "nvarchar"})
 	}
 	engine.SetSchema(setting.Database.Schema)
 	return engine, nil
@ -237,6 +240,7 @@ func NamesToBean(names ...string) ([]any, error) {
 	// Need to map provided names to beans...
 	beanMap := make(map[string]any)
 	for _, bean := range tables {
+
 		beanMap[strings.ToLower(reflect.Indirect(reflect.ValueOf(bean)).Type().Name())] = bean
 		beanMap[strings.ToLower(x.TableName(bean))] = bean
 		beanMap[strings.ToLower(x.TableName(bean, true))] = bean
--- a/models/db/index.go
+++ b/models/db/index.go
@ -89,6 +89,33 @@ func mysqlGetNextResourceIndex(ctx context.Context, tableName string, groupID in
 	return idx, nil
 }

+func mssqlGetNextResourceIndex(ctx context.Context, tableName string, groupID int64) (int64, error) {
+	if _, err := GetEngine(ctx).Exec(fmt.Sprintf(`
+MERGE INTO %s WITH (HOLDLOCK) AS target
+USING (SELECT %d AS group_id) AS source
+(group_id)
+ON target.group_id = source.group_id
+WHEN MATCHED
+	THEN UPDATE
+			SET max_index = max_index + 1
+WHEN NOT MATCHED
+	THEN INSERT (group_id, max_index)
+			VALUES (%d, 1);
+`, tableName, groupID, groupID)); err != nil {
+		return 0, err
+	}
+
+	var idx int64
+	_, err := GetEngine(ctx).SQL(fmt.Sprintf("SELECT max_index FROM %s WHERE group_id = ?", tableName), groupID).Get(&idx)
+	if err != nil {
+		return 0, err
+	}
+	if idx == 0 {
+		return 0, errors.New("cannot get the correct index")
+	}
+	return idx, nil
+}
+
 // GetNextResourceIndex generates a resource index, it must run in the same transaction where the resource is created
 func GetNextResourceIndex(ctx context.Context, tableName string, groupID int64) (int64, error) {
 	switch {
@ -96,6 +123,8 @@ func GetNextResourceIndex(ctx context.Context, tableName string, groupID int64)
 		return postgresGetNextResourceIndex(ctx, tableName, groupID)
 	case setting.Database.Type.IsMySQL():
 		return mysqlGetNextResourceIndex(ctx, tableName, groupID)
+	case setting.Database.Type.IsMSSQL():
+		return mssqlGetNextResourceIndex(ctx, tableName, groupID)
 	}

 	e := GetEngine(ctx)
--- a/models/db/search.go
+++ b/models/db/search.go
@ -18,6 +18,12 @@ const (
 	SearchOrderByRecentUpdated         SearchOrderBy = "updated_unix DESC"
 	SearchOrderByOldest                SearchOrderBy = "created_unix ASC"
 	SearchOrderByNewest                SearchOrderBy = "created_unix DESC"
+	SearchOrderBySize                  SearchOrderBy = "size ASC"
+	SearchOrderBySizeReverse           SearchOrderBy = "size DESC"
+	SearchOrderByGitSize               SearchOrderBy = "git_size ASC"
+	SearchOrderByGitSizeReverse        SearchOrderBy = "git_size DESC"
+	SearchOrderByLFSSize               SearchOrderBy = "lfs_size ASC"
+	SearchOrderByLFSSizeReverse        SearchOrderBy = "lfs_size DESC"
 	SearchOrderByID                    SearchOrderBy = "id ASC"
 	SearchOrderByIDReverse             SearchOrderBy = "id DESC"
 	SearchOrderByStars                 SearchOrderBy = "num_stars ASC"
--- a/models/dbfs/dbfile.go
+++ b/models/dbfs/dbfile.go
@ -215,15 +215,16 @@ func fileTimestampToTime(timestamp int64) time.Time {
 	return time.UnixMicro(timestamp)
 }

-func (f *file) loadMetaByPath() error {
+func (f *file) loadMetaByPath() (*dbfsMeta, error) {
 	var fileMeta dbfsMeta
 	if ok, err := db.GetEngine(f.ctx).Where("full_path = ?", f.fullPath).Get(&fileMeta); err != nil {
-		return err
+		return nil, err
 	} else if ok {
 		f.metaID = fileMeta.ID
 		f.blockSize = fileMeta.BlockSize
+		return &fileMeta, nil
 	}
-	return nil
+	return nil, nil
 }

 func (f *file) open(flag int) (err error) {
@ -287,7 +288,10 @@ func (f *file) createEmpty() error {
 	if err != nil {
 		return err
 	}
-	return f.loadMetaByPath()
+	if _, err = f.loadMetaByPath(); err != nil {
+		return err
+	}
+	return nil
 }

 func (f *file) truncate() error {
@ -364,5 +368,8 @@ func buildPath(path string) string {
 func newDbFile(ctx context.Context, path string) (*file, error) {
 	path = buildPath(path)
 	f := &file{ctx: ctx, fullPath: path, blockSize: defaultFileBlockSize}
-	return f, f.loadMetaByPath()
+	if _, err := f.loadMetaByPath(); err != nil {
+		return nil, err
+	}
+	return f, nil
 }
--- a/models/fixtures/TestGetUnmergedPullRequestsByHeadInfoMax/pull_request.yml
+++ b/models/fixtures/TestGetUnmergedPullRequestsByHeadInfoMax/pull_request.yml
@ -1,7 +1,7 @@
 -
  id: 1001
  type: 0 # pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 1001
  index: 1001
  head_repo_id: 1
--- a/models/fixtures/action_runner.yml
+++ b/models/fixtures/action_runner.yml
@ -1,20 +0,0 @@
-
-  # A global runner
-  # Secret is 7e577e577e577e57feedfacefeedfacefeedface
-  id: 12345678
-  uuid: "37653537-3765-3537-3765-353737653537"
-  name: "test"
-  version: ""
-  owner_id: 0
-  repo_id: 0
-  description: ""
-  base: 0
-  repo_range: ""
-  token_hash: "3af8a56b850dba8848044385fedcfa4d9432e17de9f9803e4d279991394ac2945066ceb9a5e7cbe60a087d90d4bad03a8f9b"
-  token_salt: "832f8529db6151a1c3c605dd7570b58f"
-  last_online: 0
-  last_active: 0
-  agent_labels: '[""]'
-  created: 1716104432
-  updated: 1716104432
-  deleted: ~
--- a/models/fixtures/comment.yml
+++ b/models/fixtures/comment.yml
@ -83,12 +83,3 @@
  issue_id: 2 # in repo_id 1
  review_id: 20
  created_unix: 946684810
-
-
-  id: 10
-  type: 0
-  poster_id: 1
-  issue_id: 1 # in repo_id 1
-  content: "test markup light/dark-mode-only ![GitHub-Mark-Light](https://user-images.githubusercontent.com/3369400/139447912-e0f43f33-6d9f-45f8-be46-2df5bbc91289.png#gh-dark-mode-only)![GitHub-Mark-Dark](https://user-images.githubusercontent.com/3369400/139448065-39a229ba-4b06-434b-bc67-616e2ed80c8f.png#gh-light-mode-only)"
-  created_unix: 946684813
-  updated_unix: 946684813
--- a/models/fixtures/commit_status.yml
+++ b/models/fixtures/commit_status.yml
@ -15,7 +15,7 @@
  repo_id: 1
  state: "warning"
  sha: "1234123412341234123412341234123412341234"
-  target_url: https://example.com/coverage/
+  target_url: https://example.com/converage/
  description: My awesome Coverage service
  context: cov/awesomeness
  creator_id: 2
@ -26,7 +26,7 @@
  repo_id: 1
  state: "success"
  sha: "1234123412341234123412341234123412341234"
-  target_url: https://example.com/coverage/
+  target_url: https://example.com/converage/
  description: My awesome Coverage service
  context: cov/awesomeness
  creator_id: 2
--- a/models/fixtures/issue.yml
+++ b/models/fixtures/issue.yml
@ -10,7 +10,7 @@
  priority: 0
  is_closed: false
  is_pull: false
-  num_comments: 3
+  num_comments: 2
  created_unix: 946684800
  updated_unix: 978307200
  is_locked: false
--- a/models/fixtures/protected_tag.yml
+++ b/models/fixtures/protected_tag.yml
@ -1,24 +0,0 @@
-
-  id: 1
-  repo_id: 4
-  name_pattern: /v.+/
-  allowlist_user_i_ds: []
-  allowlist_team_i_ds: []
-  created_unix: 1715596037
-  updated_unix: 1715596037
-
-  id: 2
-  repo_id: 1
-  name_pattern: v-*
-  allowlist_user_i_ds: []
-  allowlist_team_i_ds: []
-  created_unix: 1715596037
-  updated_unix: 1715596037
-
-  id: 3
-  repo_id: 1
-  name_pattern: v-1.1
-  allowlist_user_i_ds: [2]
-  allowlist_team_i_ds: []
-  created_unix: 1715596037
-  updated_unix: 1715596037
--- a/models/fixtures/pull_request.yml
+++ b/models/fixtures/pull_request.yml
@ -1,7 +1,7 @@
 -
  id: 1
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 2
  index: 2
  head_repo_id: 1
@ -16,7 +16,7 @@
 -
  id: 2
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 3
  index: 3
  head_repo_id: 1
@ -29,7 +29,7 @@
 -
  id: 3
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 8
  index: 1
  head_repo_id: 11
@ -42,7 +42,7 @@
 -
  id: 4
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 9
  index: 1
  head_repo_id: 48
@ -55,7 +55,7 @@
 -
  id: 5 # this PR is outdated (one commit behind branch1 )
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 11
  index: 5
  head_repo_id: 1
@ -68,7 +68,7 @@
 -
  id: 6
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 12
  index: 2
  head_repo_id: 3
@ -81,7 +81,7 @@
 -
  id: 7
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 19
  index: 1
  head_repo_id: 58
@ -94,7 +94,7 @@
 -
  id: 8
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 20
  index: 1
  head_repo_id: 23
@ -103,7 +103,7 @@
 -
  id: 9
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 21
  index: 1
  head_repo_id: 60
@ -112,7 +112,7 @@
 -
  id: 10
  type: 0 # gitea pull request
-  status: 2 # mergeable
+  status: 2 # mergable
  issue_id: 22
  index: 1
  head_repo_id: 61
--- a/models/forgefed/federationhost.go
+++ b/models/forgefed/federationhost.go
@ -1,52 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgefed
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"code.gitea.io/gitea/modules/timeutil"
-	"code.gitea.io/gitea/modules/validation"
-)
-
-// FederationHost data type
-// swagger:model
-type FederationHost struct {
-	ID             int64              `xorm:"pk autoincr"`
-	HostFqdn       string             `xorm:"host_fqdn UNIQUE INDEX VARCHAR(255) NOT NULL"`
-	NodeInfo       NodeInfo           `xorm:"extends NOT NULL"`
-	LatestActivity time.Time          `xorm:"NOT NULL"`
-	Created        timeutil.TimeStamp `xorm:"created"`
-	Updated        timeutil.TimeStamp `xorm:"updated"`
-}
-
-// Factory function for FederationHost. Created struct is asserted to be valid.
-func NewFederationHost(nodeInfo NodeInfo, hostFqdn string) (FederationHost, error) {
-	result := FederationHost{
-		HostFqdn: strings.ToLower(hostFqdn),
-		NodeInfo: nodeInfo,
-	}
-	if valid, err := validation.IsValid(result); !valid {
-		return FederationHost{}, err
-	}
-	return result, nil
-}
-
-// Validate collects error strings in a slice and returns this
-func (host FederationHost) Validate() []string {
-	var result []string
-	result = append(result, validation.ValidateNotEmpty(host.HostFqdn, "HostFqdn")...)
-	result = append(result, validation.ValidateMaxLen(host.HostFqdn, 255, "HostFqdn")...)
-	result = append(result, host.NodeInfo.Validate()...)
-	if host.HostFqdn != strings.ToLower(host.HostFqdn) {
-		result = append(result, fmt.Sprintf("HostFqdn has to be lower case but was: %v", host.HostFqdn))
-	}
-	if !host.LatestActivity.IsZero() && host.LatestActivity.After(time.Now().Add(10*time.Minute)) {
-		result = append(result, fmt.Sprintf("Latest Activity cannot be in the far future: %v", host.LatestActivity))
-	}
-
-	return result
-}
--- a/models/forgefed/federationhost_repository.go
+++ b/models/forgefed/federationhost_repository.go
@ -1,61 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgefed
-
-import (
-	"context"
-	"fmt"
-	"strings"
-
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/validation"
-)
-
-func init() {
-	db.RegisterModel(new(FederationHost))
-}
-
-func GetFederationHost(ctx context.Context, ID int64) (*FederationHost, error) {
-	host := new(FederationHost)
-	has, err := db.GetEngine(ctx).Where("id=?", ID).Get(host)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, fmt.Errorf("FederationInfo record %v does not exist", ID)
-	}
-	if res, err := validation.IsValid(host); !res {
-		return nil, err
-	}
-	return host, nil
-}
-
-func FindFederationHostByFqdn(ctx context.Context, fqdn string) (*FederationHost, error) {
-	host := new(FederationHost)
-	has, err := db.GetEngine(ctx).Where("host_fqdn=?", strings.ToLower(fqdn)).Get(host)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, nil
-	}
-	if res, err := validation.IsValid(host); !res {
-		return nil, err
-	}
-	return host, nil
-}
-
-func CreateFederationHost(ctx context.Context, host *FederationHost) error {
-	if res, err := validation.IsValid(host); !res {
-		return err
-	}
-	_, err := db.GetEngine(ctx).Insert(host)
-	return err
-}
-
-func UpdateFederationHost(ctx context.Context, host *FederationHost) error {
-	if res, err := validation.IsValid(host); !res {
-		return err
-	}
-	_, err := db.GetEngine(ctx).ID(host.ID).Update(host)
-	return err
-}
--- a/models/forgefed/federationhost_test.go
+++ b/models/forgefed/federationhost_test.go
@ -1,78 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgefed
-
-import (
-	"strings"
-	"testing"
-	"time"
-
-	"code.gitea.io/gitea/modules/validation"
-)
-
-func Test_FederationHostValidation(t *testing.T) {
-	sut := FederationHost{
-		HostFqdn: "host.do.main",
-		NodeInfo: NodeInfo{
-			SoftwareName: "forgejo",
-		},
-		LatestActivity: time.Now(),
-	}
-	if res, err := validation.IsValid(sut); !res {
-		t.Errorf("sut should be valid but was %q", err)
-	}
-
-	sut = FederationHost{
-		HostFqdn: "",
-		NodeInfo: NodeInfo{
-			SoftwareName: "forgejo",
-		},
-		LatestActivity: time.Now(),
-	}
-	if res, _ := validation.IsValid(sut); res {
-		t.Errorf("sut should be invalid: HostFqdn empty")
-	}
-
-	sut = FederationHost{
-		HostFqdn: strings.Repeat("fill", 64),
-		NodeInfo: NodeInfo{
-			SoftwareName: "forgejo",
-		},
-		LatestActivity: time.Now(),
-	}
-	if res, _ := validation.IsValid(sut); res {
-		t.Errorf("sut should be invalid: HostFqdn too long (len=256)")
-	}
-
-	sut = FederationHost{
-		HostFqdn:       "host.do.main",
-		NodeInfo:       NodeInfo{},
-		LatestActivity: time.Now(),
-	}
-	if res, _ := validation.IsValid(sut); res {
-		t.Errorf("sut should be invalid: NodeInfo invalid")
-	}
-
-	sut = FederationHost{
-		HostFqdn: "host.do.main",
-		NodeInfo: NodeInfo{
-			SoftwareName: "forgejo",
-		},
-		LatestActivity: time.Now().Add(1 * time.Hour),
-	}
-	if res, _ := validation.IsValid(sut); res {
-		t.Errorf("sut should be invalid: Future timestamp")
-	}
-
-	sut = FederationHost{
-		HostFqdn: "hOst.do.main",
-		NodeInfo: NodeInfo{
-			SoftwareName: "forgejo",
-		},
-		LatestActivity: time.Now(),
-	}
-	if res, _ := validation.IsValid(sut); res {
-		t.Errorf("sut should be invalid: HostFqdn lower case")
-	}
-}
--- a/models/forgefed/nodeinfo.go
+++ b/models/forgefed/nodeinfo.go
@ -1,123 +0,0 @@
-// Copyright 2023 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgefed
-
-import (
-	"net/url"
-
-	"code.gitea.io/gitea/modules/validation"
-
-	"github.com/valyala/fastjson"
-)
-
-// ToDo: Search for full text SourceType and Source, also in .md files
-type (
-	SoftwareNameType string
-)
-
-const (
-	ForgejoSourceType SoftwareNameType = "forgejo"
-	GiteaSourceType   SoftwareNameType = "gitea"
-)
-
-var KnownSourceTypes = []any{
-	ForgejoSourceType, GiteaSourceType,
-}
-
-// ------------------------------------------------ NodeInfoWellKnown ------------------------------------------------
-
-// NodeInfo data type
-// swagger:model
-type NodeInfoWellKnown struct {
-	Href string
-}
-
-// Factory function for NodeInfoWellKnown. Created struct is asserted to be valid.
-func NewNodeInfoWellKnown(body []byte) (NodeInfoWellKnown, error) {
-	result, err := NodeInfoWellKnownUnmarshalJSON(body)
-	if err != nil {
-		return NodeInfoWellKnown{}, err
-	}
-
-	if valid, err := validation.IsValid(result); !valid {
-		return NodeInfoWellKnown{}, err
-	}
-
-	return result, nil
-}
-
-func NodeInfoWellKnownUnmarshalJSON(data []byte) (NodeInfoWellKnown, error) {
-	p := fastjson.Parser{}
-	val, err := p.ParseBytes(data)
-	if err != nil {
-		return NodeInfoWellKnown{}, err
-	}
-	href := string(val.GetStringBytes("links", "0", "href"))
-	return NodeInfoWellKnown{Href: href}, nil
-}
-
-// Validate collects error strings in a slice and returns this
-func (node NodeInfoWellKnown) Validate() []string {
-	var result []string
-	result = append(result, validation.ValidateNotEmpty(node.Href, "Href")...)
-
-	parsedURL, err := url.Parse(node.Href)
-	if err != nil {
-		result = append(result, err.Error())
-		return result
-	}
-
-	if parsedURL.Host == "" {
-		result = append(result, "Href has to be absolute")
-	}
-
-	result = append(result, validation.ValidateOneOf(parsedURL.Scheme, []any{"http", "https"}, "parsedURL.Scheme")...)
-
-	if parsedURL.RawQuery != "" {
-		result = append(result, "Href may not contain query")
-	}
-
-	return result
-}
-
-// ------------------------------------------------ NodeInfo ------------------------------------------------
-
-// NodeInfo data type
-// swagger:model
-type NodeInfo struct {
-	SoftwareName SoftwareNameType
-}
-
-func NodeInfoUnmarshalJSON(data []byte) (NodeInfo, error) {
-	p := fastjson.Parser{}
-	val, err := p.ParseBytes(data)
-	if err != nil {
-		return NodeInfo{}, err
-	}
-	source := string(val.GetStringBytes("software", "name"))
-	result := NodeInfo{}
-	result.SoftwareName = SoftwareNameType(source)
-	return result, nil
-}
-
-func NewNodeInfo(body []byte) (NodeInfo, error) {
-	result, err := NodeInfoUnmarshalJSON(body)
-	if err != nil {
-		return NodeInfo{}, err
-	}
-
-	if valid, err := validation.IsValid(result); !valid {
-		return NodeInfo{}, err
-	}
-	return result, nil
-}
-
-// Validate collects error strings in a slice and returns this
-func (node NodeInfo) Validate() []string {
-	var result []string
-	result = append(result, validation.ValidateNotEmpty(string(node.SoftwareName), "node.SoftwareName")...)
-	result = append(result, validation.ValidateOneOf(node.SoftwareName, KnownSourceTypes, "node.SoftwareName")...)
-
-	return result
-}
--- a/models/forgefed/nodeinfo_test.go
+++ b/models/forgefed/nodeinfo_test.go
@ -1,92 +0,0 @@
-// Copyright 2023 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgefed
-
-import (
-	"fmt"
-	"reflect"
-	"strings"
-	"testing"
-
-	"code.gitea.io/gitea/modules/validation"
-)
-
-func Test_NodeInfoWellKnownUnmarshalJSON(t *testing.T) {
-	type testPair struct {
-		item    []byte
-		want    NodeInfoWellKnown
-		wantErr error
-	}
-
-	tests := map[string]testPair{
-		"with href": {
-			item: []byte(`{"links":[{"href":"https://federated-repo.prod.meissa.de/api/v1/nodeinfo","rel":"http://nodeinfo.diaspora.software/ns/schema/2.1"}]}`),
-			want: NodeInfoWellKnown{
-				Href: "https://federated-repo.prod.meissa.de/api/v1/nodeinfo",
-			},
-		},
-		"empty": {
-			item:    []byte(``),
-			wantErr: fmt.Errorf("cannot parse JSON: cannot parse empty string; unparsed tail: \"\""),
-		},
-	}
-
-	for name, tt := range tests {
-		t.Run(name, func(t *testing.T) {
-			got, err := NodeInfoWellKnownUnmarshalJSON(tt.item)
-			if (err != nil || tt.wantErr != nil) && tt.wantErr.Error() != err.Error() {
-				t.Errorf("UnmarshalJSON() error = \"%v\", wantErr \"%v\"", err, tt.wantErr)
-				return
-			}
-			if !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("UnmarshalJSON() got = %q, want %q", got, tt.want)
-			}
-		})
-	}
-}
-
-func Test_NodeInfoWellKnownValidate(t *testing.T) {
-	sut := NodeInfoWellKnown{Href: "https://federated-repo.prod.meissa.de/api/v1/nodeinfo"}
-	if b, err := validation.IsValid(sut); !b {
-		t.Errorf("sut should be valid, %v, %v", sut, err)
-	}
-
-	sut = NodeInfoWellKnown{Href: "./federated-repo.prod.meissa.de/api/v1/nodeinfo"}
-	_, err := validation.IsValid(sut)
-	if !validation.IsErrNotValid(err) && strings.Contains(err.Error(), "Href has to be absolute\nValue  is not contained in allowed values [http https]") {
-		t.Errorf("validation error expected but was: %v\n", err)
-	}
-
-	sut = NodeInfoWellKnown{Href: "https://federated-repo.prod.meissa.de/api/v1/nodeinfo?alert=1"}
-	_, err = validation.IsValid(sut)
-	if !validation.IsErrNotValid(err) && strings.Contains(err.Error(), "Href has to be absolute\nValue  is not contained in allowed values [http https]") {
-		t.Errorf("sut should be valid, %v, %v", sut, err)
-	}
-}
-
-func Test_NewNodeInfoWellKnown(t *testing.T) {
-	sut, _ := NewNodeInfoWellKnown([]byte(`{"links":[{"href":"https://federated-repo.prod.meissa.de/api/v1/nodeinfo","rel":"http://nodeinfo.diaspora.software/ns/schema/2.1"}]}`))
-	expected := NodeInfoWellKnown{Href: "https://federated-repo.prod.meissa.de/api/v1/nodeinfo"}
-	if sut != expected {
-		t.Errorf("expected was: %v but was: %v", expected, sut)
-	}
-
-	_, err := NewNodeInfoWellKnown([]byte(`invalid`))
-	if err == nil {
-		t.Errorf("error was expected here")
-	}
-}
-
-func Test_NewNodeInfo(t *testing.T) {
-	sut, _ := NewNodeInfo([]byte(`{"version":"2.1","software":{"name":"gitea","version":"1.20.0+dev-2539-g5840cc6d3","repository":"https://github.com/go-gitea/gitea.git","homepage":"https://gitea.io/"},"protocols":["activitypub"],"services":{"inbound":[],"outbound":["rss2.0"]},"openRegistrations":true,"usage":{"users":{"total":13,"activeHalfyear":1,"activeMonth":1}},"metadata":{}}`))
-	expected := NodeInfo{SoftwareName: "gitea"}
-	if sut != expected {
-		t.Errorf("expected was: %v but was: %v", expected, sut)
-	}
-
-	_, err := NewNodeInfo([]byte(`invalid`))
-	if err == nil {
-		t.Errorf("error was expected here")
-	}
-}
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@ -59,21 +59,8 @@ var migrations = []*Migration{
 	// v9 -> v10
 	NewMigration("Add pronouns to user", forgejo_v1_22.AddPronounsToUser),
 	// v11 -> v12
+	// it is a v7.0 migration backport see https://codeberg.org/forgejo/forgejo/pulls/3165#issuecomment-1755941
 	NewMigration("Add the `created` column to the `issue` table", forgejo_v1_22.AddCreatedToIssue),
-	// v12 -> v13
-	NewMigration("Add repo_archive_download_count table", forgejo_v1_22.AddRepoArchiveDownloadCount),
-	// v13 -> v14
-	NewMigration("Add `hide_archive_links` column to `release` table", AddHideArchiveLinksToRelease),
-	// v14 -> v15
-	NewMigration("Remove Gitea-specific columns from the repository and badge tables", RemoveGiteaSpecificColumnsFromRepositoryAndBadge),
-	// v15 -> v16
-	NewMigration("Create the `federation_host` table", CreateFederationHostTable),
-	// v16 -> v17
-	NewMigration("Create the `federated_user` table", CreateFederatedUserTable),
-	// v17 -> v18
-	NewMigration("Add `normalized_federated_uri` column to `user` table", AddNormalizedFederatedURIToUser),
-	// v18 -> v19
-	NewMigration("Create the `following_repo` table", CreateFollowingRepoTable),
 }

 // GetCurrentDBVersion returns the current Forgejo database version.
--- a/models/forgejo_migrations/v13.go
+++ b/models/forgejo_migrations/v13.go
@ -1,15 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgejo_migrations //nolint:revive
-
-import "xorm.io/xorm"
-
-func AddHideArchiveLinksToRelease(x *xorm.Engine) error {
-	type Release struct {
-		ID               int64 `xorm:"pk autoincr"`
-		HideArchiveLinks bool  `xorm:"NOT NULL DEFAULT false"`
-	}
-
-	return x.Sync(&Release{})
-}
--- a/models/forgejo_migrations/v14.go
+++ b/models/forgejo_migrations/v14.go
@ -1,43 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgejo_migrations //nolint:revive
-
-import (
-	"code.gitea.io/gitea/models/migrations/base"
-
-	"xorm.io/xorm"
-)
-
-func RemoveGiteaSpecificColumnsFromRepositoryAndBadge(x *xorm.Engine) error {
-	// Make sure the columns exist before dropping them
-	type Repository struct {
-		ID                int64
-		DefaultWikiBranch string
-	}
-	if err := x.Sync(&Repository{}); err != nil {
-		return err
-	}
-
-	type Badge struct {
-		ID   int64 `xorm:"pk autoincr"`
-		Slug string
-	}
-	err := x.Sync(new(Badge))
-	if err != nil {
-		return err
-	}
-
-	sess := x.NewSession()
-	defer sess.Close()
-	if err := sess.Begin(); err != nil {
-		return err
-	}
-	if err := base.DropTableColumns(sess, "repository", "default_wiki_branch"); err != nil {
-		return err
-	}
-	if err := base.DropTableColumns(sess, "badge", "slug"); err != nil {
-		return err
-	}
-	return sess.Commit()
-}
--- a/models/forgejo_migrations/v15.go
+++ b/models/forgejo_migrations/v15.go
@ -1,33 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgejo_migrations //nolint:revive
-
-import (
-	"time"
-
-	"code.gitea.io/gitea/modules/timeutil"
-
-	"xorm.io/xorm"
-)
-
-type (
-	SoftwareNameType string
-)
-
-type NodeInfo struct {
-	SoftwareName SoftwareNameType
-}
-
-type FederationHost struct {
-	ID             int64              `xorm:"pk autoincr"`
-	HostFqdn       string             `xorm:"host_fqdn UNIQUE INDEX VARCHAR(255) NOT NULL"`
-	NodeInfo       NodeInfo           `xorm:"extends NOT NULL"`
-	LatestActivity time.Time          `xorm:"NOT NULL"`
-	Created        timeutil.TimeStamp `xorm:"created"`
-	Updated        timeutil.TimeStamp `xorm:"updated"`
-}
-
-func CreateFederationHostTable(x *xorm.Engine) error {
-	return x.Sync(new(FederationHost))
-}
--- a/models/forgejo_migrations/v16.go
+++ b/models/forgejo_migrations/v16.go
@ -1,17 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgejo_migrations //nolint:revive
-
-import "xorm.io/xorm"
-
-type FederatedUser struct {
-	ID               int64  `xorm:"pk autoincr"`
-	UserID           int64  `xorm:"NOT NULL"`
-	ExternalID       string `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
-	FederationHostID int64  `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
-}
-
-func CreateFederatedUserTable(x *xorm.Engine) error {
-	return x.Sync(new(FederatedUser))
-}
--- a/models/forgejo_migrations/v17.go
+++ b/models/forgejo_migrations/v17.go
@ -1,14 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgejo_migrations //nolint:revive
-
-import "xorm.io/xorm"
-
-func AddNormalizedFederatedURIToUser(x *xorm.Engine) error {
-	type User struct {
-		ID                     int64 `xorm:"pk autoincr"`
-		NormalizedFederatedURI string
-	}
-	return x.Sync(&User{})
-}
--- a/models/forgejo_migrations/v18.go
+++ b/models/forgejo_migrations/v18.go
@ -1,18 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package forgejo_migrations //nolint:revive
-
-import "xorm.io/xorm"
-
-type FollowingRepo struct {
-	ID               int64  `xorm:"pk autoincr"`
-	RepoID           int64  `xorm:"UNIQUE(federation_repo_mapping) NOT NULL"`
-	ExternalID       string `xorm:"UNIQUE(federation_repo_mapping) NOT NULL"`
-	FederationHostID int64  `xorm:"UNIQUE(federation_repo_mapping) NOT NULL"`
-	URI              string
-}
-
-func CreateFollowingRepoTable(x *xorm.Engine) error {
-	return x.Sync(new(FederatedUser))
-}
--- a/Show more
+++ b/Show more