bump x/net (#32896 ) (#32900 )

backport #32896
Add missing two sync feed for refs/pull (#32815 ) (#32822 )
2024-12-19 09:27:41 +08:00 · 2024-12-13 08:25:22 +00:00 · 2024-12-13 15:55:25 +08:00 · 2024-12-13 07:34:52 +00:00 · 2024-12-13 11:41:12 +08:00 · 2024-12-13 05:41:02 +08:00
680 changed files with 12338 additions and 5458 deletions
--- a/.air.toml
+++ b/.air.toml
@ -21,3 +21,6 @@ exclude_dir = [
 ]
 exclude_regex = ["_test.go$", "_gen.go$"]
 stop_on_error = true
 [log]
 main_only = true
--- a/.envrc
+++ b/.envrc
@ -0,0 +1 @@
 use flake
--- a/.gitea/issue_template.md
+++ b/.gitea/issue_template.md
@ -3,7 +3,7 @@
 <!--
    1. Please speak English, this is the language all maintainers can speak and write.
    2. Please ask questions or configuration/deploy problems on our Discord
-       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+       server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
    3. Please take a moment to check that your issue doesn't already exist.
    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
    5. Please give all relevant information below for bug reports, because
@ -21,7 +21,7 @@
  - [ ] MySQL
  - [ ] MSSQL
  - [ ] SQLite
- Can you reproduce the bug at https://try.gitea.io:
+- Can you reproduce the bug at https://demo.gitea.com:
  - [ ] Yes (provide example URL)
  - [ ] No
 - Log gist:
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@ -11,7 +11,7 @@ body:
      value: |
        1. Please speak English, this is the language all maintainers can speak and write.
        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
        3. Make sure you are using the latest release and
           take a moment to check that your issue hasn't been reported before.
        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
@ -37,7 +37,7 @@ body:
      label: Can you reproduce the bug on the Gitea demo site?
      description: |
        If so, please provide a URL in the Description field
-        URL of Gitea demo: https://try.gitea.io
+        URL of Gitea demo: https://demo.gitea.com
      options:
        - "Yes"
        - "No"
@ -74,7 +74,7 @@ body:
    attributes:
      label: How are you running Gitea?
      description: |
-        Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
+        Please include information on whether you built Gitea yourself, used one of our downloads, are using https://demo.gitea.com or are using some other package
        Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
        If you are using a package or systemd tell us what distribution you are using
    validations:
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -7,7 +7,7 @@ contact_links:
    url: https://discord.gg/Gitea
    about: Please ask questions and discuss configuration or deployment problems here.
  - name: Discourse Forum
-    url: https://discourse.gitea.io
+    url: https://forum.gitea.com
    about: Questions and configuration or deployment problems can also be discussed on our forum.
  - name: Frequently Asked Questions
    url: https://docs.gitea.com/help/faq
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@ -7,7 +7,7 @@ body:
      value: |
        1. Please speak English, this is the language all maintainers can speak and write.
        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
        3. Please take a moment to check that your feature hasn't already been suggested.
  - type: textarea
    id: description
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@ -11,7 +11,7 @@ body:
      value: |
        1. Please speak English, this is the language all maintainers can speak and write.
        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
        3. Please take a moment to check that your issue doesn't already exist.
        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
        5. Please give all relevant information below for bug reports, because
@ -46,7 +46,7 @@ body:
      label: Can you reproduce the bug on the Gitea demo site?
      description: |
        If so, please provide a URL in the Description field
-        URL of Gitea demo: https://try.gitea.io
+        URL of Gitea demo: https://demo.gitea.com
      options:
        - "Yes"
        - "No"
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@ -3,3 +3,5 @@ self-hosted-runner:
    - actuated-4cpu-8gb
    - actuated-4cpu-16gb
    - nscloud
    - namespace-profile-gitea-release-docker
    - namespace-profile-gitea-release-binary
--- a/.github/workflows/pull-db-tests.yml
+++ b/.github/workflows/pull-db-tests.yml
@ -194,7 +194,9 @@ jobs:
  test-mssql:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
-    runs-on: ubuntu-latest
+    # specifying the version of ubuntu in use as mssql fails on newer kernels
    # pending resolution from vendor
    runs-on: ubuntu-20.04
    services:
      mssql:
        image: mcr.microsoft.com/mssql/server:2017-latest
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@ -12,7 +12,7 @@ jobs:
  disk-clean:
    uses: ./.github/workflows/disk-clean.yml
  nightly-binary:
-    runs-on: nscloud
+    runs-on: namespace-profile-gitea-release-binary
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
@ -49,7 +49,7 @@ jobs:
        run: |
          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
          echo "Cleaned name is ${REF_NAME}"
-          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
+          echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
      - name: configure aws
        uses: aws-actions/configure-aws-credentials@v4
        with:
@ -60,7 +60,7 @@ jobs:
        run: |
          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
  nightly-docker-rootful:
-    runs-on: ubuntu-latest
+    runs-on: namespace-profile-gitea-release-docker
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
@ -97,7 +97,7 @@ jobs:
          push: true
          tags: gitea/gitea:${{ steps.clean_name.outputs.branch }}
  nightly-docker-rootless:
-    runs-on: ubuntu-latest
+    runs-on: namespace-profile-gitea-release-docker
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@ -11,7 +11,7 @@ concurrency:
 jobs:
  binary:
-    runs-on: nscloud
+    runs-on: namespace-profile-gitea-release-binary
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
@ -68,7 +68,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
  docker-rootful:
-    runs-on: ubuntu-latest
+    runs-on: namespace-profile-gitea-release-docker
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
@ -99,7 +99,7 @@ jobs:
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
  docker-rootless:
-    runs-on: ubuntu-latest
+    runs-on: namespace-profile-gitea-release-docker
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@ -13,7 +13,7 @@ concurrency:
 jobs:
  binary:
-    runs-on: nscloud
+    runs-on: namespace-profile-gitea-release-binary
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
@ -70,7 +70,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
  docker-rootful:
-    runs-on: ubuntu-latest
+    runs-on: namespace-profile-gitea-release-docker
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
@ -105,7 +105,7 @@ jobs:
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
  docker-rootless:
-    runs-on: ubuntu-latest
+    runs-on: namespace-profile-gitea-release-docker
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
--- a/.gitignore
+++ b/.gitignore
@ -108,6 +108,9 @@ prime/
 *_source.tar.bz2
 .DS_Store
 # nix-direnv generated files
 .direnv/
 # Make evidence files
 /.make_evidence
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,429 @@ This changelog goes through the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).
 ## [1.22.6](https://github.com/go-gitea/gitea/releases/tag/v1.22.6) - 2024-12-12
 * SECURITY
  * Fix misuse of PublicKeyCallback(#32810)
 * BUGFIXES
  * Fix lfs migration (#32812) (#32818)
  * Add missing two sync feed for refs/pull (#32815)
 * TESTING
  * Avoid MacOS keychain dialog in integration tests (#32813) (#32816)
 ## [1.22.5](https://github.com/go-gitea/gitea/releases/tag/v1.22.5) - 2024-12-11
 * SECURITY
  * Upgrade crypto library (#32791)
  * Fix delete branch perm checking (#32654) (#32707)
 * BUGFIXES
  * Add standard-compliant route to serve outdated R packages (#32783) (#32789)
  * Fix internal server error when updating labels without write permission (#32776) (#32785)
  * Add Swift login endpoint (#32693) (#32701)
  * Fix fork page branch selection (#32711) (#32725)
  * Fix word overflow in file search page (#32695) (#32699)
  * Fix gogit `GetRefCommitID` (#32705) (#32712)
  * Fix race condition in mermaid observer (#32599) (#32673)
  * Fixe a keystring misuse and refactor duplicates keystrings (#32668) (#32792)
  * Bump relative-time-element to v4.4.4 (#32739)
 * PERFORMANCE
  * Make wiki pages visit fast (#32732) (#32745)
 * MISC
  * Don't create action when syncing mirror pull refs (#32659) (#32664)
 ## [1.22.4](https://github.com/go-gitea/gitea/releases/tag/v1.22.4) - 2024-11-14
 * SECURITY
  * Fix basic auth with webauthn (#32531) (#32536)
  * Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
 * PERFORMANCE
  * Remove transaction for archive download (#32186) (#32520)
 * BUGFIXES
  * Fix `missing signature key` error when pulling Docker images with `SERVE_DIRECT` enabled (#32365) (#32397)
  * Fix get reviewers fails when selecting user without pull request permissions unit (#32415) (#32616)
  * Fix adding index files to tmp directory (#32360) (#32593)
  * Fix PR creation on forked repositories via API (#31863) (#32591)
  * Fix missing menu tabs in organization project view page (#32313) (#32592)
  * Support HTTP POST requests to `/userinfo`, aligning to OpenID Core specification (#32578) (#32594)
  * Fix debian package clean up cron job (#32351) (#32590)
  * Fix GetInactiveUsers (#32540) (#32588)
  * Allow the actions user to login via the jwt token (#32527) (#32580)
  * Fix submodule parsing (#32571) (#32577)
  * Refactor find forks and fix possible bugs that weaken permissions check (#32528) (#32547)
  * Fix some places that don't respect org full name setting (#32243) (#32550)
  * Refactor push mirror find and add check for updating push mirror (#32539) (#32549)
  * Fix basic auth with webauthn (#32531) (#32536)
  * Fix artifact v4 upload above 8MB (#31664) (#32523)
  * Fix oauth2 error handle not return immediately (#32514) (#32516)
  * Fix action not triggered when commit message is too long (#32498) (#32507)
  * Fix `GetRepoLink` nil pointer dereference on dashboard feed page when repo is deleted with actions enabled (#32501) (#32502)
  * Fix `missing signature key` error when pulling Docker images with `SERVE_DIRECT` enabled (#32397) (#32397)
  * Fix the permission check for user search API and limit the number of returned users for `/user/search` (#32310)
  * Fix SearchIssues swagger docs (#32208) (#32298)
  * Fix dropdown content overflow (#31610) (#32250)
  * Disable Oauth check if oauth disabled (#32368) (#32480)
  * Respect renamed dependencies of Cargo registry (#32430) (#32478)
  * Fix mermaid diagram height when initially hidden (#32457) (#32464)
  * Fix broken releases when re-pushing tags (#32435) (#32449)
  * Only provide the commit summary for Discord webhook push events (#32432) (#32447)
  * Only query team tables if repository is under org when getting assignees (#32414) (#32426)
  * Fix created_unix for mirroring (#32342) (#32406)
  * Respect UI.ExploreDefaultSort setting again (#32357) (#32385)
  * Fix broken image when editing comment with non-image attachments (#32319) (#32345)
  * Fix disable 2fa bug (#32320) (#32330)
  * Always update expiration time when creating an artifact (#32281) (#32285)
  * Fix null errors on conversation holder (#32258) (#32266) (#32282)
  * Only rename a user when they should receive a different name (#32247) (#32249)
  * Fix checkbox bug on private/archive filter (#32236) (#32240)
  * Add a doctor check to disable the "Actions" unit for mirrors (#32424) (#32497)
  * Quick fix milestone deadline 9999 (#32423)
  * Make `show stats` work when only one file changed (#32244) (#32268)
  * Make `owner/repo/pulls` handlers use "PR reader" permission (#32254) (#32265)
  * Update scheduled tasks even if changes are pushed by "ActionsUser" (#32246) (#32252)
 * MISC
  * Remove unnecessary code: `GetPushMirrorsByRepoID` called on all repo pages (#32560) (#32567)
  * Improve some sanitizer rules (#32534)
  * Update nix development environment vor v1.22.x (#32495)
  * Add warn log when deleting inactive users (#32318) (#32321)
  * Update github.com/go-enry/go-enry to v2.9.1 (#32295) (#32296)
  * Warn users when they try to use a non-root-url to sign in/up (#32272) (#32273)
 ## [1.22.3](https://github.com/go-gitea/gitea/releases/tag/v1.22.3) - 2024-10-08
 * SECURITY
  * Fix bug when a token is given public only (#32204) (#32218)
 * PERFORMANCE
  * Increase `cacheContextLifetime` to reduce false reports (#32011) (#32023)
  * Don't join repository when loading action table data (#32127) (#32143)
 * BUGFIXES
  * Fix javascript error when an anonymous user visits migration page (#32144) (#32179)
  * Don't init signing keys if oauth2 provider is disabled (#32177)
  * Fix wrong status of `Set up Job` when first step is skipped (#32120) (#32125)
  * Fix bug when deleting a migrated branch (#32075) (#32123)
  * Truncate commit message during Discord webhook push events (#31970) (#32121)
  * Allow to set branch protection in an empty repository (#32095) (#32119)
  * Fix panic when cloning with wrong ssh format. (#32076) (#32118)
  * Fix rename branch permission bug (#32066) (#32108)
  * Fix: database not update release when using `git push --tags --force` (#32040) (#32074)
  * Add missing comment reply handling (#32050) (#32065)
  * Do not escape relative path in RPM primary index (#32038) (#32054)
  * Fix `/repos/{owner}/{repo}/pulls/{index}/files` endpoint not populating `previous_filename` (#32017) (#32028)
  * Support allowed hosts for migrations to work with proxy (#32025) (#32026)
  * Fix the logic of finding the latest pull review commit ID (#32139) (#32165)
  * Fix bug in getting merged pull request by commit (#32079) (#32117)
  * Fix wrong last modify time (#32102) (#32104)
  * Fix incorrect `/tokens` api (#32085) (#32092)
  * Handle invalid target when creating releases using API (#31841) (#32043)
  * Check if the `due_date` is nil when editing issues (#32035) (#32042)
  * Fix container parallel upload bugs (#32022)
  * Fixed race condition when deleting documents by repoId in ElasticSearch (#32185) (#32188)
  * Refactor CSRF protector (#32057) (#32069)
  * Fix Bug in Issue/pulls list (#32081) (#32115)
  * Include collaboration repositories on dashboard source/forks/mirrors list (#31946) (#32122)
  * Add null check for responseData.invalidTopics (#32212) (#32217)
 * TESTING
  * Fix mssql ci with a new mssql version on ci (#32094)
 * MISC
  * Upgrade some dependencies include minio-go (#32166)
  * Add bin to Composer Metadata (#32099) (#32106)
  * Lazy load avatar images (#32051) (#32063)
  * Upgrade cache to v0.2.1 (#32003) (#32009)
 ## [1.22.2](https://github.com/go-gitea/gitea/releases/tag/v1.22.2) - 2024-08-28
 * Security
  * Replace v-html with v-text in search inputbox (#31966) (#31973)
  * Fix nuget/conan/container packages upload bugs (#31967) (#31982)
 * PERFORMANCE
  * Refactor the usage of batch catfile (#31754) (#31889)
 * BUGFIXES
  * Fix overflowing content in action run log (#31842) (#31853)
  * Scroll images in project issues separately from the remaining issue (#31683) (#31823)
  * Add `:focus-visible` style to buttons (#31799) (#31819)
  * Fix the display of project type for deleted projects (#31732) (#31734)
  * Fix API owner ID should be zero when created repo secret (#31715) (#31811)
  * Set owner id to zero when GetRegistrationToken for repo (#31725) (#31729)
  * Fix API endpoint for registration-token (#31722) (#31728)
  * Add permission check when creating PR (#31033) (#31720)
  * Don't return 500 if mirror url contains special chars (#31859) (#31895)
  * Fix agit automerge (#31207) (#31881)
  * Add CfTurnstileSitekey context data to all captcha templates (#31874) (#31876)
  * Avoid returning without written ctx when posting PR (#31843) (#31848)
  * Fix raw wiki links (#31825) (#31845)
  * Fix panic of ssh public key page after deletion of auth source (#31829) (#31836)
  * Fixes for unreachable project issues when transfer repository from organization (#31770) (#31828)
  * Show lock owner instead of repo owner on LFS setting page (#31788) (#31817)
  * Fix `IsObjectExist` with gogit (#31790) (#31806)
  * Fix protected branch files detection on pre_receive hook (#31778) (#31796)
  * Add `TAGS` to `TEST_TAGS` and fix bugs found with gogit (#31791) (#31795)
  * Rename head branch of pull requests when renaming a branch (#31759) (#31774)
  * Fix wiki revision pagination (#31760) (#31772)
  * Bump vue-bar-graph (#31705) (#31753)
  * Distinguish LFS object errors to ignore missing objects during migration (#31702) (#31745)
  * Make GetRepositoryByName more safer (#31712) (#31718)
  * Fix a branch divergence cache bug (#31659) (#31661)
  * Allow org team names of length 255 in create team form (#31564) (#31603)
  * Use old behavior for telegram webhook (#31588)
  * Bug fix for translation in ru (#31892)
  * Fix actions notify bug (#31866) (#31875)
  * Fix the component of access token list not mounted (#31824) (#31868)
  * Add missing repository type filter parameters to pager  (#31832) (#31837)
  * Fix dates displaying in a wrong manner when we're close to the end of… (#31750)
  * Fix "Filter by commit" Dropdown (#31695) (#31696)
  * Properly filter issue list given no assignees filter (#31522) (#31685)
  * Prevent update pull refs manually and will not affect other refs update (#31931)(#31955)
  * Fix sort order for organization home and user profile page (#31921) (#31922)
  * Fix search team (#31923) (#31942)
  * Fix 500 error when state params is set when editing issue/PR by API (#31880) (#31952)
  * Fix index too many file names bug (#31903) (#31953)
  * Add lock for parallel maven upload (#31851) (#31954)
 * MISC
  * Remove "dsa-1024" testcases from Test_SSHParsePublicKey and Test_calcFingerprint (#31905) (#31914)
  * Upgrade bleve to 2.4.2 (#31894)
  * Remove unneccessary uses of `word-break: break-all` (#31637) (#31652)
  * Return an empty string when a repo has no avatar in the repo API (#31187) (#31567)
  * Upgrade micromatch to 4.0.8 (#31944)
  * Update webpack to 5.94.0 (#31941)
 ## [1.22.1](https://github.com/go-gitea/gitea/releases/tag/v1.22.1) - 2024-07-04
 * SECURITY
  * Add replacement module for `mholt/archiver` (#31267) (#31270)
 * API
  * Fix missing images in editor preview due to wrong links (#31299) (#31393)
  * Fix duplicate sub-path for avatars (#31365) (#31368)
  * Reduce memory usage for chunked artifact uploads to MinIO (#31325) (#31338)
  * Remove sub-path from container registry realm (#31293) (#31300)
  * Fix NuGet Package API for $filter with Id equality (#31188) (#31242)
  * Add an immutable tarball link to archive download headers for Nix (#31139) (#31145)
  * Add missed return after `ctx.ServerError` (#31130) (#31133)
 * BUGFIXES
  * Fix avatar radius problem on the new issue page (#31506) (#31508)
  * Fix overflow menu flickering on mobile (#31484) (#31488)
  * Fix poor table column width due to breaking words (#31473) (#31477)
  * Support relative paths to videos from Wiki pages (#31061) (#31453)
  * Fix new issue/pr avatar (#31419) (#31424)
  * Increase max length of org team names from 30 to 255 characters (#31410) (#31421)
  * Fix line number width in code preview (#31307) (#31316)
  * Optimize runner-tags layout to enhance visual experience (#31258) (#31263)
  * Fix overflow on push notification (#31179) (#31238)
  * Fix overflow on notifications (#31178) (#31237)
  * Fix overflow in issue card (#31203) (#31225)
  * Split sanitizer functions and fine-tune some tests (#31192) (#31200)
  * use correct l10n string (#31487) (#31490)
  * Fix dropzone JS error when attachment is disabled (#31486)
  * Fix web notification icon not updated once you read all notifications (#31447) (#31466)
  * Switch to "Write" tab when edit comment again (#31445) (#31461)
  * Fix the link for .git-blame-ignore-revs bypass (#31432) (#31442)
  * Fix the wrong line number in the diff view page when expanded twice. (#31431) (#31440)
  * Fix labels and projects menu overflow on issue page (#31435) (#31439)
  * Fix Account Linking UpdateMigrationsByType  (#31428) (#31434)
  * Fix markdown math brackets render problem (#31420) (#31430)
  * Fix rendered wiki page link (#31398) (#31407)
  * Fix natural sort (#31384) (#31394)
  * Allow downloading attachments of draft releases (#31369) (#31380)
  * Fix repo graph JS (#31377)
  * Fix incorrect localization `explorer.go` (#31348) (#31350)
  * Fix hash render end with colon (#31319) (#31346)
  * Fix line number widths (#31341) (#31343)
  * Fix navbar `+` menu flashing on page load (#31281) (#31342)
  * Fix adopt repository has empty object name in database (#31333) (#31335)
  * Delete legacy cookie before setting new cookie (#31306) (#31317)
  * Fix some URLs whose sub-path is missing (#31289) (#31292)
  * Fix admin oauth2 custom URL settings (#31246) (#31247)
  * Make pasted "img" tag has the same behavior as markdown image (#31235) (#31243)
  * Fix agit checkout command line hint & fix ShowMergeInstructions checking (#31219) (#31222)
  * Fix the possible migration failure on 286 with postgres 16 (#31209) (#31218)
  * Fix branch order (#31174) (#31193)
  * Fix markup preview (#31158) (#31166)
  * Fix push multiple branches error with tests (#31151) (#31153)
  * Fix API repository object format missed (#31118) (#31132)
  * Fix missing memcache import (#31105) (#31109)
  * Upgrade `github.com/hashicorp/go-retryablehttp` (#31499)
  * Fix double border in system status table (#31363) (#31401)
  * Fix bug filtering issues which have no project (#31337) (#31367)
  * Fix #31185 try fix lfs download from bitbucket failed (#31201) (#31329)
  * Add nix flake for dev shell (#30967) (#31310)
  * Fix and clean up `ConfirmModal` (#31283) (#31291)
  * Optimize repo-list layout to enhance visual experience (#31272) (#31276)
  * fixed the dropdown menu for the top New button to expand to the left (#31273) (#31275)
  * Fix Activity Page Contributors dropdown (#31264) (#31269)
  * fix: allow actions artifacts storage migration to complete succesfully (#31251) (#31257)
  * Make blockquote attention recognize more syntaxes (#31240) (#31250)
  * Remove .segment from .project-column (#31204) (#31239)
  * Ignore FindRecentlyPushedNewBranches err (#31164) (#31171)
  * Use vertical layout for multiple code expander buttons (#31122) (#31152)
  * Remove duplicate `ProxyPreserveHost` in Apache httpd doc (#31143) (#31147)
  * Improve mobile review ui (#31091) (#31136)
  * Fix DashboardRepoList margin (#31121) (#31128)
  * Update pip related commands for docker (#31106) (#31111)
 ## [1.22.0](https://github.com/go-gitea/gitea/releases/tag/v1.22.0) - 2024-05-27
 This release stands as a monumental milestone in our development journey with a record-breaking incorporation of [1528](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+milestone%3A1.22.0+is%3Amerged) pull requests. It marks the most extensive update in Gitea's history, showcasing a plethora of new features and infrastructure improvements.
 Noteworthy advancements in this release include the introduction of `HTMX` and `Tailwind`, signaling a strategic shift as we gradually phase out `jquery` and `Fomantic UI`. These changes reflect our commitment to embracing modern technologies and enhancing the user experience.
 Key highlights of this release encompass significant changes categorized under `BREAKING`, `FEATURES`, `ENHANCEMENTS`, and `PERFORMANCE`, each contributing to a more robust and efficient Gitea platform.
 * BREAKING
  * Improve reverse proxy documents and clarify the AppURL guessing behavior (#31003) (#31020)
  * Remember log in for a month by default (#30150)
  * Breaking summary for template refactoring (#29395)
    * All custom templates need to follow these changes
  * Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)
  * Make offline mode as default to not connect external avatar service by default (#28548)
  * Include public repos in the doer's dashboard for issue search (#28304)
  * Use restricted sanitizer for repository description (#28141)
  * Support storage base path as prefix (#27827)
  * Enhanced auth token / remember me (#27606)
  * Rename the default themes to `gitea-light`, `gitea-dark`, `gitea-auto` (#27419)
    * If you didn't see the new themes, please remove the `[ui].THEMES` config option from `app.ini`
  * Require MySQL 8.0, PostgreSQL 12, MSSQL 2012 (#27337)
 * FEATURES
  * Allow everyone to read or write a wiki by a repo unit setting (#30495)
  * Use raw Wiki links for non-renderable Wiki files (#30273)
  * Render embedded code preview by permalink in markdown (#30234) (#30249)
  * Support repo code search without setting up an indexer (#29998)
  * Support pasting URLs over markdown text (#29566)
  * Allow to change primary email before account activation (#29412)
  * Customizable "Open with" applications for repository clone (#29320)
  * Allow options to disable user deletion from the interface on app.ini (#29275)
  * Extend issue template YAML engine (#29274)
  * Add support for `linguist-detectable` and `linguist-documentation` (#29267)
  * Implement code frequency graph (#29191)
  * Show commit status for releases (#29149)
  * Add user blocking (#29028)
  * Actions Artifacts v4 backend (#28965)
  * Add merge style `fast-forward-only` (#28954)
  * Retarget depending pulls when the parent branch is deleted (#28686)
  * Add global setting on how timestamps should be rendered (#28657)
  * Implement actions badge SVGs (#28102)
  * Add skip ci functionality (#28075)
  * Show latest commit for file (#28067)
  * Allow to sync tags from the admin dashboard (#28045)
  * Add Profile Readme for Organisations (#27955)
  * Implement contributors graph (#27882)
  * Artifact deletion in actions ui (#27172)
  * Add API routes to get runner registration token (#27144)
  * Add support for forking single branch (#25821)
  * Add support for sha256 repositories (#23894)
  * Add admin API route for managing user's badges (#23106)
 * ENHANCEMENTS
  * Make gitea webhooks openproject compatible (#28435) (#31081)
  * Support using label names when changing issue labels (#30943) (#30958)
  * Fix various problems around project board view (#30696) (#30902)
  * Improve context popup rendering (#30824) (#30829)
  * Allow to save empty comment (#30706)
  * Prevent allow/reject reviews on merged/closed PRs (#30686)
  * Initial support for colorblindness-friendly themes (#30625)
  * Some NuGet package enhancements (#30280) (#30324)
  * Markup color and font size fixes (#30282) (#30310)
  * Show 12 lines in markup code preview (#30255) (#30257)
  * Add `[other].SHOW_FOOTER_POWERED_BY` setting to hide `Powered by` (#30253)
  * Pulse page improvements (#30149)
  * Render code tags in commit messages (#30146)
  * Prevent re-review and dismiss review actions on closed and merged PRs (#30065)
  * Cancel previous runs of the same PR automatically (#29961)
  * Drag-and-drop improvements for projects and issue pins (#29875)
  * Add default board to new projects, remove uncategorized pseudo-board (#29874)
  * Prevent layout shift in `<overflow-menu>` items (#29831)
  * Add skip ci support for pull request title (#29774)
  * Add more stats tables (#29730)
  * Update API to return 'source_id' for users (#29718)
  * Determine fuzziness of bleve indexer by keyword length (#29706)
  * Expose fuzzy search for issues/pulls (#29701)
  * Put an edit file button on pull request files to allow a quick operation (#29697)
  * Fix action runner offline label padding (#29691)
  * Update allowed attachment types (#29688)
  * Completely style the webkit autofill (#29683)
  * Highlight archived labels (#29680)
  * Add a warning for disallowed email domains (#29658)
  * Set user's 24h preference from their current OS locale (#29651)
  * Add setting to disable user features when user login type is not plain (#29615)
  * Improve natural sort (#29611)
  * Make wiki default branch name changeable (#29603)
  * Unify search boxes (#29530)
  * Add support for API blob upload of release attachments (#29507)
  * Detect broken git hooks (#29494)
  * Sync branches to DB immediately when handling git hook calling (#29493)
  * Allow options to disable user GPG key configuration from the interface on app.ini (#29486)
  * Allow options to disable user SSH key configuration from the interface on app.ini (#29447)
  * Use relative links for commits, mentions, and issues in markdown (#29427)
  * Add `<overflow-menu>`, rename webcomponents (#29400)
  * Include resource state events in Gitlab downloads (#29382)
  * Properly migrate target branch change GitLab comment (#29340)
  * Recolor dark theme to blue shade (#29283)
  * Partially enable MSSQL case-sensitive collation support (#29238)
  * Auto-update the system status in the admin dashboard (#29163)
  * Integrate alpine `noarch` packages into other architectures index (#29137)
  * Document how the TOC election process works (#29135)
  * Tweak repo header (#29134)
  * Make blockquote border size less aggressive (#29124)
  * Downscale pasted PNG images based on metadata (#29123)
  * Show `View at this point in history` for every commit (#29122)
  * Add support for action artifact serve direct (#29120)
  * Change webhook-type in create-view (#29114)
  * Drop "@" from the email sender to avoid spam filters (#29109)
  * Allow non-admin users to delete review requests (#29057)
  * Improve user search display name (#29002)
  * Include username in email headers (#28981)
  * Show whether a PR is WIP inside popups (#28975)
  * Also match weakly validated ETags (#28957)
  * Support nuspec manifest download for Nuget packages (#28921)
  * Fix hardcoded GitHub icon used as migrated release avatar (#28910)
  * Propagate install_if and provider_priority to APKINDEX (#28899)
  * Add artifacts v4 JWT to job message and accept it (#28885)
  * Enable/disable owner and repo projects independently (#28805)
  * Add non-JS fallback for reaction tooltips (#28785)
  * Add the ability to see open and closed issues at the same time (#28757)
  * Move sign-in labels to be above inputs (#28753)
  * Display the latest sync time for pull mirrors on the repo page (#28712)
  * Show in Web UI if the file is vendored and generated (#28620)
  * Add orphaned topic consistency check (#28507)
  * Add branch protection setting for ignoring stale approvals (#28498)
  * Add option to set language in admin user view (#28449)
  * Fix incorrect run order of action jobs (#28367)
  * Add missing exclusive in advanced label options (#28322)
  * Added instance-level variables (#28115)
  * Add edit option for README.md (#28071)
  * Fix link to `Code` tab on wiki commits (#28041)
  * Allow to set explore page default sort (#27951)
  * Improve PR diff view on mobile (#27883)
  * Properly migrate automatic merge GitLab comments (#27873)
  * Display issue task list on project cards (#27865)
  * Add Index to pull_auto_merge.doer_id (#27811)
  * Fix display member unit in the menu bar if there are no hidden members in public org (#27795)
  * List all Debian package versions in `Packages` (#27786)
  * Allow pull requests Manually Merged option to be used by non-admins (#27780)
  * Only show diff file tree when more than one file changed (#27775)
  * Show placeholder email in privacy popup (#27770)
  * Revamp repo header (#27760)
  * Add `must-change-password` command line parameter (#27626)
  * Unify password changing and invalidate auth tokens (#27625)
  * Add border to file tree 'sub-items' and add padding to 'item-file' (#27593)
  * Add slow SQL query warning (#27545)
  * Pre-register OAuth application for tea (#27509)
  * Differentiate between `push` and `pull` `mirror sync in progress` (#27390)
  * Link to file from its history (#27354)
  * Add a shortcut to user's profile page to admin user details (#27299)
  * Doctor: delete action entries without existing user (#27292)
  * Show total TrackedTime on issue/pull/milestone lists (#26672)
  * Don't show the new pull request button when the page is not compare pull (#26431)
  * Add `Hide/Show all checks` button to commit status check (#26284)
  * Improvements of releases list and tags list (#25859)
 * PERFORMANCE
  * Fix package list performance (#30520) (#30616)
  * Add commit status summary table to reduce query from commit status table (#30223)
  * Refactor markup/csv: don't read all to memory (#29760)
  * Lazy load object format with command line and don't do it in OpenRepository (#29712)
  * Add cache for branch divergence on branch list page (#29577)
  * Do some performance optimization for issues list and view issue/pull (#29515)
  * Cache repository default branch commit status to reduce query on commit status table (#29444)
  * Use `crypto/sha256` (#29386)
  * Some performance optimization on the dashboard and issues page (#29010)
  * Add combined index for issue_user.uid and issue_id (#28080)
 ## [1.21.11](https://github.com/go-gitea/gitea/releases/tag/v1.21.11) - 2024-04-07
 * SECURITY
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -77,7 +77,7 @@ If your issue has not been reported yet, [open an issue](https://github.com/go-g
 and answer the questions so we can understand and reproduce the problematic behavior. \
 Please write clear and concise instructions so that we can reproduce the behavior — even if it seems obvious. \
 The more detailed and specific you are, the faster we can fix the issue. \
-It is really helpful if you can reproduce your problem on a site running on the latest commits, i.e. <https://try.gitea.io>, as perhaps your problem has already been fixed on a current version. \
+It is really helpful if you can reproduce your problem on a site running on the latest commits, i.e. <https://demo.gitea.com>, as perhaps your problem has already been fixed on a current version. \
 Please follow the guidelines described in [How to Report Bugs Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html) for your report.
 Please be kind, remember that Gitea comes at no cost to you, and you're getting free help.
@ -362,7 +362,7 @@ If you add a new feature or change an existing aspect of Gitea, the documentatio
 ## API v1
-The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [the GitHub API](https://docs.github.com/en/rest).
+The API is documented by [swagger](https://gitea.com/api/swagger) and is based on [the GitHub API](https://docs.github.com/en/rest).
 ### GitHub API compatibility
--- a/12
+++ b/12
@ -1,12 +1,12 @@
 # Build stage
-FROM docker.io/library/golang:1.22-alpine3.19 AS build-env
+FROM docker.io/library/golang:1.22-alpine3.20 AS build-env
 ARG GOPROXY
-ENV GOPROXY ${GOPROXY:-direct}
+ENV GOPROXY=${GOPROXY:-direct}
 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS "bindata timetzdata $TAGS"
+ENV TAGS="bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS
 # Build deps
@ -41,7 +41,7 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \
              /go/src/code.gitea.io/gitea/environment-to-ini
 RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
-FROM docker.io/library/alpine:3.19
+FROM docker.io/library/alpine:3.20
 LABEL maintainer="maintainers@gitea.io"
 EXPOSE 22 3000
@ -72,8 +72,8 @@ RUN addgroup \
    git && \
  echo "git:*" | chpasswd -e
-ENV USER git
+ENV USER=git
-ENV GITEA_CUSTOM /data/gitea
+ENV GITEA_CUSTOM=/data/gitea
 VOLUME ["/data"]
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,12 +1,12 @@
 # Build stage
-FROM docker.io/library/golang:1.22-alpine3.19 AS build-env
+FROM docker.io/library/golang:1.22-alpine3.20 AS build-env
 ARG GOPROXY
-ENV GOPROXY ${GOPROXY:-direct}
+ENV GOPROXY=${GOPROXY:-direct}
 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS "bindata timetzdata $TAGS"
+ENV TAGS="bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS
 #Build deps
@ -39,7 +39,7 @@ RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
              /go/src/code.gitea.io/gitea/environment-to-ini
 RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
-FROM docker.io/library/alpine:3.19
+FROM docker.io/library/alpine:3.20
 LABEL maintainer="maintainers@gitea.io"
 EXPOSE 2222 3000
@ -75,14 +75,14 @@ COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_au
 # git:git
 USER 1000:1000
-ENV GITEA_WORK_DIR /var/lib/gitea
+ENV GITEA_WORK_DIR=/var/lib/gitea
-ENV GITEA_CUSTOM /var/lib/gitea/custom
+ENV GITEA_CUSTOM=/var/lib/gitea/custom
-ENV GITEA_TEMP /tmp/gitea
+ENV GITEA_TEMP=/tmp/gitea
-ENV TMPDIR /tmp/gitea
+ENV TMPDIR=/tmp/gitea
 # TODO add to docs the ability to define the ini to load (useful to test and revert a config)
-ENV GITEA_APP_INI /etc/gitea/app.ini
+ENV GITEA_APP_INI=/etc/gitea/app.ini
-ENV HOME "/var/lib/gitea/git"
+ENV HOME="/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
 WORKDIR /var/lib/gitea
--- a/8
+++ b/8
@ -25,7 +25,7 @@ COMMA := ,
 XGO_VERSION := go-1.22.x
-AIR_PACKAGE ?= github.com/cosmtrek/air@v1
+AIR_PACKAGE ?= github.com/air-verse/air@v1
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.7.0
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.6.0
 GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.57.2
@ -88,7 +88,7 @@ ifneq ($(GITHUB_REF_TYPE),branch)
 	GITEA_VERSION ?= $(VERSION)
 else
 	ifneq ($(GITHUB_REF_NAME),)
-		VERSION ?= $(subst release/v,,$(GITHUB_REF_NAME))
+		VERSION ?= $(subst release/v,,$(GITHUB_REF_NAME))-nightly
 	else
 		VERSION ?= main
 	endif
@ -136,7 +136,7 @@ TAGS ?=
 TAGS_SPLIT := $(subst $(COMMA), ,$(TAGS))
 TAGS_EVIDENCE := $(MAKE_EVIDENCE_DIR)/tags
-TEST_TAGS ?= sqlite sqlite_unlock_notify
+TEST_TAGS ?= $(TAGS_SPLIT) sqlite sqlite_unlock_notify
 TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)
@ -778,7 +778,7 @@ generate-backend: $(TAGS_PREREQ) generate-go
 .PHONY: generate-go
 generate-go: $(TAGS_PREREQ)
 	@echo "Running go generate..."
-	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' ./...
+	@CC= GOOS= GOARCH= CGO_ENABLED=0 $(GO) generate -tags '$(TAGS)' ./...
 .PHONY: security-check
 security-check:
--- a/README.md
+++ b/README.md
@ -26,7 +26,7 @@ This project has been
 [forked](https://blog.gitea.com/welcome-to-gitea/) from
 [Gogs](https://gogs.io) since November of 2016, but a lot has changed.
-For online demonstrations, you can visit [try.gitea.io](https://try.gitea.io).
+For online demonstrations, you can visit [demo.gitea.com](https://demo.gitea.com).
 For accessing free Gitea service (with a limited number of repositories), you can visit [gitea.com](https://gitea.com/user/login).
@ -56,7 +56,7 @@ More info: https://docs.gitea.com/installation/install-from-source
    ./gitea web
 > [!NOTE]
-> If you're interested in using our APIs, we have experimental support with [documentation](https://try.gitea.io/api/swagger).
+> If you're interested in using our APIs, we have experimental support with [documentation](https://docs.gitea.com/api).
 ## Contributing
@ -80,7 +80,7 @@ https://docs.gitea.com/contributing/localization
 ## Further information
 For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.com/).
-If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
+If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://forum.gitea.com/).
 We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
--- a/README_ZH.md
+++ b/README_ZH.md
@ -18,7 +18,7 @@
 Gitea 的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用 Go 作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了 x86，amd64，还包括 ARM 和 PowerPC。
-如果你想试用在线演示，请访问 [try.gitea.io](https://try.gitea.io/)。
+如果你想试用在线演示和报告问题，请访问 [demo.gitea.com](https://demo.gitea.com/)。
 如果你想使用免费的 Gitea 服务（有仓库数量限制），请访问 [gitea.com](https://gitea.com/user/login)。
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/cmd/hook.go
+++ b/cmd/hook.go
@ -220,10 +220,7 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}
-	supportProcReceive := false
+	supportProcReceive := git.DefaultFeatures().SupportProcReceive
 	if git.CheckGitVersionAtLeast("2.29") == nil {
 		supportProcReceive = true
 	}
 	for scanner.Scan() {
 		// TODO: support news feeds for wiki
@ -293,8 +290,22 @@ Gitea or set your environment appropriately.`, "")
 	return nil
 }
 // runHookUpdate avoid to do heavy operations on update hook because it will be
 // invoked for every ref update which does not like pre-receive and post-receive
 func runHookUpdate(c *cli.Context) error {
 	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
 		return nil
 	}
 	// Update is empty and is kept only for backwards compatibility
 	if len(os.Args) < 3 {
 		return nil
 	}
 	refName := git.RefName(os.Args[len(os.Args)-3])
 	if refName.IsPull() {
 		// ignore update to refs/pull/xxx/head, so we don't need to output any information
 		os.Exit(1)
 	}
 	return nil
 }
@ -341,6 +352,7 @@ Gitea or set your environment appropriately.`, "")
 	isWiki, _ := strconv.ParseBool(os.Getenv(repo_module.EnvRepoIsWiki))
 	repoName := os.Getenv(repo_module.EnvRepoName)
 	pusherID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
 	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
 	pusherName := os.Getenv(repo_module.EnvPusherName)
 	hookOptions := private.HookOptions{
@ -350,6 +362,8 @@ Gitea or set your environment appropriately.`, "")
 		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
 		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		PushTrigger:                     repo_module.PushTrigger(os.Getenv(repo_module.EnvPushTrigger)),
 	}
 	oldCommitIDs := make([]string, hookBatchSize)
 	newCommitIDs := make([]string, hookBatchSize)
@ -497,7 +511,7 @@ Gitea or set your environment appropriately.`, "")
 		return nil
 	}
-	if git.CheckGitVersionAtLeast("2.29") != nil {
+	if !git.DefaultFeatures().SupportProcReceive {
 		return fail(ctx, "No proc-receive support", "current git version doesn't support proc-receive.")
 	}
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@ -5,7 +5,9 @@ package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"io/fs"
 	"strings"
 	actions_model "code.gitea.io/gitea/models/actions"
@ -34,7 +36,7 @@ var CmdMigrateStorage = &cli.Command{
 			Name:    "type",
 			Aliases: []string{"t"},
 			Value:   "",
-			Usage:   "Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages', 'actions-log'",
+			Usage:   "Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages', 'actions-log', 'actions-artifacts",
 		},
 		&cli.StringFlag{
 			Name:    "storage",
@ -160,6 +162,25 @@ func migrateActionsLog(ctx context.Context, dstStorage storage.ObjectStorage) er
 	})
 }
 func migrateActionsArtifacts(ctx context.Context, dstStorage storage.ObjectStorage) error {
 	return db.Iterate(ctx, nil, func(ctx context.Context, artifact *actions_model.ActionArtifact) error {
 		if artifact.Status == int64(actions_model.ArtifactStatusExpired) {
 			return nil
 		}
 		_, err := storage.Copy(dstStorage, artifact.StoragePath, storage.ActionsArtifacts, artifact.StoragePath)
 		if err != nil {
 			// ignore files that do not exist
 			if errors.Is(err, fs.ErrNotExist) {
 				return nil
 			}
 			return err
 		}
 		return nil
 	})
 }
 func runMigrateStorage(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
@ -223,13 +244,14 @@ func runMigrateStorage(ctx *cli.Context) error {
 	}
 	migratedMethods := map[string]func(context.Context, storage.ObjectStorage) error{
-		"attachments":    migrateAttachments,
+		"attachments":       migrateAttachments,
-		"lfs":            migrateLFS,
+		"lfs":               migrateLFS,
-		"avatars":        migrateAvatars,
+		"avatars":           migrateAvatars,
-		"repo-avatars":   migrateRepoAvatars,
+		"repo-avatars":      migrateRepoAvatars,
-		"repo-archivers": migrateRepoArchivers,
+		"repo-archivers":    migrateRepoArchivers,
-		"packages":       migratePackages,
+		"packages":          migratePackages,
-		"actions-log":    migrateActionsLog,
+		"actions-log":       migrateActionsLog,
 		"actions-artifacts": migrateActionsArtifacts,
 	}
 	tp := strings.ToLower(ctx.String("type"))
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -143,6 +143,12 @@ func runServ(c *cli.Context) error {
 		return nil
 	}
 	defer func() {
 		if err := recover(); err != nil {
 			_ = fail(ctx, "Internal Server Error", "Panic: %v\n%s", err, log.Stack(2))
 		}
 	}()
 	keys := strings.Split(c.Args().First(), "-")
 	if len(keys) != 2 || keys[0] != "key" {
 		return fail(ctx, "Key ID format error", "Invalid key argument: %s", c.Args().First())
@ -178,7 +184,7 @@ func runServ(c *cli.Context) error {
 	}
 	if len(words) < 2 {
-		if git.CheckGitVersionAtLeast("2.29") == nil {
+		if git.DefaultFeatures().SupportProcReceive {
 			// for AGit Flow
 			if cmd == "ssh_info" {
 				fmt.Print(`{"type":"gitea","version":1}`)
@ -189,10 +195,7 @@ func runServ(c *cli.Context) error {
 	}
 	verb := words[0]
-	repoPath := words[1]
+	repoPath := strings.TrimPrefix(words[1], "/")
 	if repoPath[0] == '/' {
 		repoPath = repoPath[1:]
 	}
 	var lfsVerb string
 	if verb == lfsAuthenticateVerb {
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -2035,6 +2035,17 @@ LEVEL = Info
 ;;   or only create new users if UPDATE_EXISTING is set to false
 ;UPDATE_EXISTING = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Cleanup expired actions assets
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cron.cleanup_actions]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = true
 ;RUN_AT_START = true
 ;SCHEDULE = @midnight
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Clean-up deleted branches
--- a/docs/README.md
+++ b/docs/README.md
@ -1,8 +1,5 @@
 # Gitea: Docs
 [![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/Gitea)
 [![](https://images.microbadger.com/badges/image/gitea/docs.svg)](http://microbadger.com/images/gitea/docs "Get your own image badge on microbadger.com")
 These docs are ingested by our [docs repo](https://gitea.com/gitea/gitea-docusaurus).
 ## Authors
@ -18,5 +15,5 @@ for the full license text.
 ## Copyright
 ```
-Copyright (c) 2016 The Gitea Authors <https://gitea.io>
+Copyright (c) 2016 The Gitea Authors
 ```
--- a/docs/README_ZH.md
+++ b/docs/README_ZH.md
@ -1,9 +1,5 @@
 # Gitea: 文档
 [![Build Status](http://drone.gitea.io/api/badges/go-gitea/docs/status.svg)](http://drone.gitea.io/go-gitea/docs)
 [![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/Gitea)
 [![](https://images.microbadger.com/badges/image/gitea/docs.svg)](http://microbadger.com/images/gitea/docs "Get your own image badge on microbadger.com")
 https://gitea.com/gitea/gitea-docusaurus
 ## 关于我们
@ -18,5 +14,5 @@ https://gitea.com/gitea/gitea-docusaurus
 ## 版权声明
 ```
-Copyright (c) 2016 The Gitea Authors <https://gitea.io>
+Copyright (c) 2016 The Gitea Authors
 ```
--- a/docs/content/administration/config-cheat-sheet.en-us.md
+++ b/docs/content/administration/config-cheat-sheet.en-us.md
@ -214,9 +214,9 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SITEMAP_PAGING_NUM`: **20**: Number of items that are displayed in a single subsitemap.
 - `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
 - `CODE_COMMENT_LINES`: **4**: Number of line of codes shown for a code comment.
- `DEFAULT_THEME`: **gitea-auto**: Set the default theme for the Gitea installation, custom themes could be provided by "{CustomPath}/public/assets/css/theme-*.css".
+- `DEFAULT_THEME`: **gitea-auto**: Set the default theme for the Gitea installation, custom themes could be provided by `{CustomPath}/public/assets/css/theme-*.css`.
 - `SHOW_USER_EMAIL`: **true**: Whether the email of the user should be shown in the Explore Users page.
- `THEMES`: **_empty_**: All available themes by "{CustomPath}/public/assets/css/theme-*.css". Allow users select personalized themes.
+- `THEMES`: **_empty_**: All available themes by `{CustomPath}/public/assets/css/theme-*.css`. Allow users select personalized themes.
 - `MAX_DISPLAY_FILE_SIZE`: **8388608**: Max size of files to be displayed (default is 8MiB)
 - `AMBIGUOUS_UNICODE_DETECTION`: **true**: Detect ambiguous unicode characters in file contents and show warnings on the UI
 - `REACTIONS`: All available reactions users can choose on issues/prs and comments
@ -974,12 +974,20 @@ Default templates for project boards:
 - `SCHEDULE`: **@midnight** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
 - `UPDATE_EXISTING`: **true**: Create new users, update existing user data and disable users that are not in external source anymore (default) or only create new users if UPDATE_EXISTING is set to false.
-## Cron - Cleanup Expired Actions Assets (`cron.cleanup_actions`)
+#### Cron - Cleanup Expired Actions Assets (`cron.cleanup_actions`)
 - `ENABLED`: **true**: Enable cleanup expired actions assets job.
 - `RUN_AT_START`: **true**: Run job at start time (if ENABLED).
 - `SCHEDULE`: **@midnight** : Cron syntax for the job.
 #### Cron - Cleanup Deleted Branches (`cron.deleted_branches_cleanup`)
 - `ENABLED`: **true**: Enable deleted branches cleanup.
 - `RUN_AT_START`: **true**: Run job at start time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to log a success message.
 - `SCHEDULE`: **@midnight**: Cron syntax for scheduling deleted branches cleanup.
 - `OLDER_THAN`: **24h**: Branches deleted OLDER_THAN ago will be cleaned up.
 ### Extended cron tasks (not enabled by default)
 #### Cron - Garbage collect all repositories (`cron.git_gc_repos`)
--- a/docs/content/administration/config-cheat-sheet.zh-cn.md
+++ b/docs/content/administration/config-cheat-sheet.zh-cn.md
@ -212,9 +212,9 @@ menu:
 - `SITEMAP_PAGING_NUM`: **20**: 在单个子SiteMap中显示的项数。
 - `GRAPH_MAX_COMMIT_NUM`: **100**: 提交图中显示的最大commit数量。
 - `CODE_COMMENT_LINES`: **4**: 在代码评论中能够显示的最大代码行数。
- `DEFAULT_THEME`: **gitea-auto**: 在Gitea安装时候设置的默认主题，自定义的主题可以通过 "{CustomPath}/public/assets/css/theme-*.css" 提供。
+- `DEFAULT_THEME`: **gitea-auto**: 在Gitea安装时候设置的默认主题，自定义的主题可以通过 `{CustomPath}/public/assets/css/theme-*.css` 提供。
 - `SHOW_USER_EMAIL`: **true**: 用户的电子邮件是否应该显示在`Explore Users`页面中。
- `THEMES`:  **_empty_**: 所有可用的主题（由 "{CustomPath}/public/assets/css/theme-*.css" 提供）。允许用户选择个性化的主题，
+- `THEMES`:  **_empty_**: 所有可用的主题（由 `{CustomPath}/public/assets/css/theme-*.css` 提供）。允许用户选择个性化的主题，
 - `MAX_DISPLAY_FILE_SIZE`: **8388608**: 能够显示文件的最大大小（默认为8MiB）。
 - `REACTIONS`: 用户可以在问题（Issue）、Pull Request（PR）以及评论中选择的所有可选的反应。
    这些值可以是表情符号别名（例如：:smile:）或Unicode表情符号。
--- a/docs/content/administration/external-renderers.en-us.md
+++ b/docs/content/administration/external-renderers.en-us.md
@ -38,12 +38,10 @@ FROM gitea/gitea:@version@
 COPY custom/app.ini /data/gitea/conf/app.ini
 [...]
-RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng libffi-dev py-pip python3-dev py3-pip py3-pyzmq
+RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng libffi-dev pandoc python3-dev py3-pyzmq pipx
 # install any other package you need for your external renderers
-RUN pip3 install --upgrade pip
+RUN pipx install jupyter docutils --include-deps
 RUN pip3 install -U setuptools
 RUN pip3 install jupyter docutils
 # add above any other python package you may need to install
 ```
--- a/docs/content/administration/external-renderers.zh-cn.md
+++ b/docs/content/administration/external-renderers.zh-cn.md
@ -37,12 +37,10 @@ FROM gitea/gitea:@version@
 COPY custom/app.ini /data/gitea/conf/app.ini
 [...]
-RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng libffi-dev py-pip python3-dev py3-pip py3-pyzmq
+RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng libffi-dev pandoc python3-dev py3-pyzmq pipx
 # 安装其他您需要的外部渲染器的软件包
-RUN pip3 install --upgrade pip
+RUN pipx install jupyter docutils --include-deps
 RUN pip3 install -U setuptools
 RUN pip3 install jupyter docutils
 # 在上面添加您需要安装的任何其他 Python 软件包
 ```
--- a/docs/content/administration/reverse-proxies.en-us.md
+++ b/docs/content/administration/reverse-proxies.en-us.md
@ -17,15 +17,35 @@ menu:
 # Reverse Proxies
 ## General configuration
 1. Set `[server] ROOT_URL = https://git.example.com/` in your `app.ini` file.
 2. Make the reverse-proxy pass `https://git.example.com/foo` to `http://gitea:3000/foo`.
 3. Make sure the reverse-proxy does not decode the URI. The request `https://git.example.com/a%2Fb` should be passed as `http://gitea:3000/a%2Fb`.
 4. Make sure `Host` and `X-Fowarded-Proto` headers are correctly passed to Gitea to make Gitea see the real URL being visited.
 ### Use a sub-path
 Usually it's **not recommended** to put Gitea in a sub-path, it's not widely used and may have some issues in rare cases.
 To make Gitea work with a sub-path (eg: `https://common.example.com/gitea/`),
 there are some extra requirements besides the general configuration above:
 1. Use `[server] ROOT_URL = https://common.example.com/gitea/` in your `app.ini` file.
 2. Make the reverse-proxy pass `https://common.example.com/gitea/foo` to `http://gitea:3000/foo`.
 3. The container registry requires a fixed sub-path `/v2` at the root level which must be configured:
   - Make the reverse-proxy pass `https://common.example.com/v2` to `http://gitea:3000/v2`.
   - Make sure the URI and headers are also correctly passed (see the general configuration above).
 ## Nginx
-If you want Nginx to serve your Gitea instance, add the following `server` section to the `http` section of `nginx.conf`:
+If you want Nginx to serve your Gitea instance, add the following `server` section to the `http` section of `nginx.conf`.
-```
+Make sure `client_max_body_size` is large enough, otherwise there would be "413 Request Entity Too Large" error when uploading large files.
 ```nginx
 server {
-    listen 80;
+    ...
    server_name git.example.com;
    location / {
        client_max_body_size 512M;
        proxy_pass http://localhost:3000;
@ -39,37 +59,35 @@ server {
 }
 ```
 ### Resolving Error: 413 Request Entity Too Large
 This error indicates nginx is configured to restrict the file upload size,
 it affects attachment uploading, form posting, package uploading and LFS pushing, etc.
 You can fine tune the `client_max_body_size` option according to [nginx document](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size).
 ## Nginx with a sub-path
-In case you already have a site, and you want Gitea to share the domain name, you can setup Nginx to serve Gitea under a sub-path by adding the following `server` section inside the `http` section of `nginx.conf`:
+In case you already have a site, and you want Gitea to share the domain name,
 you can setup Nginx to serve Gitea under a sub-path by adding the following `server` section
 into the `http` section of `nginx.conf`:
-```
+```nginx
 server {
-    listen 80;
+    ...
-    server_name git.example.com;
+    location ~ ^/(gitea|v2)($|/) {
    # Note: Trailing slash
    location /gitea/ {
        client_max_body_size 512M;
-        # make nginx use unescaped URI, keep "%2F" as is
+        # make nginx use unescaped URI, keep "%2F" as-is, remove the "/gitea" sub-path prefix, pass "/v2" as-is.
        rewrite ^ $request_uri;
-        rewrite ^/gitea(/.*) $1 break;
+        rewrite ^(/gitea)?(/.*) $2 break;
        proxy_pass http://127.0.0.1:3000$uri;
        # other common HTTP headers, see the "Nginx" config section above
-        proxy_set_header ...
+        proxy_set_header Connection $http_connection;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 }
 ```
-Then you **MUST** set something like `[server] ROOT_URL = http://git.example.com/git/` correctly in your configuration.
+Then you **MUST** set something like `[server] ROOT_URL = http://git.example.com/gitea/` correctly in your configuration.
 ## Nginx and serve static resources directly
@ -93,7 +111,7 @@ or use a cdn for the static files.
 Set `[server] STATIC_URL_PREFIX = /_/static` in your configuration.
-```apacheconf
+```nginx
 server {
    listen 80;
    server_name git.example.com;
@ -112,7 +130,7 @@ server {
 Set `[server] STATIC_URL_PREFIX = http://cdn.example.com/gitea` in your configuration.
-```apacheconf
+```nginx
 # application server running Gitea
 server {
    listen 80;
@ -124,7 +142,7 @@ server {
 }
 ```
-```apacheconf
+```nginx
 # static content delivery server
 server {
    listen 80;
@ -151,6 +169,7 @@ If you want Apache HTTPD to serve your Gitea instance, you can add the following
    ProxyRequests off
    AllowEncodedSlashes NoDecode
    ProxyPass / http://localhost:3000/ nocanon
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
 </VirtualHost>
 ```
@ -172,6 +191,8 @@ In case you already have a site, and you want Gitea to share the domain name, yo
    AllowEncodedSlashes NoDecode
    # Note: no trailing slash after either /git or port
    ProxyPass /git http://localhost:3000 nocanon
    ProxyPreserveHost On
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
 </VirtualHost>
 ```
@ -183,7 +204,7 @@ Note: The following Apache HTTPD mods must be enabled: `proxy`, `proxy_http`.
 If you want Caddy to serve your Gitea instance, you can add the following server block to your Caddyfile:
-```apacheconf
+```
 git.example.com {
    reverse_proxy localhost:3000
 }
@ -193,7 +214,7 @@ git.example.com {
 In case you already have a site, and you want Gitea to share the domain name, you can setup Caddy to serve Gitea under a sub-path by adding the following to your server block in your Caddyfile:
-```apacheconf
+```
 git.example.com {
    route /git/* {
        uri strip_prefix /git
@ -371,19 +392,3 @@ gitea:
 This config assumes that you are handling HTTPS on the traefik side and using HTTP between Gitea and traefik.
 Then you **MUST** set something like `[server] ROOT_URL = http://example.com/gitea/` correctly in your configuration.
 ## General sub-path configuration
 Usually it's not recommended to put Gitea in a sub-path, it's not widely used and may have some issues in rare cases.
 If you really need to do so, to make Gitea works with sub-path (eg: `http://example.com/gitea/`), here are the requirements:
 1. Set `[server] ROOT_URL = http://example.com/gitea/` in your `app.ini` file.
 2. Make the reverse-proxy pass `http://example.com/gitea/foo` to `http://gitea-server:3000/foo`.
 3. Make sure the reverse-proxy not decode the URI, the request `http://example.com/gitea/a%2Fb` should be passed as `http://gitea-server:3000/a%2Fb`.
 ## Docker / Container Registry
 The container registry uses a fixed sub-path `/v2` which can't be changed.
 Even if you deploy Gitea with a different sub-path, `/v2` will be used by the `docker` client.
 Therefore you may need to add an additional route to your reverse proxy configuration.
--- a/docs/content/development/api-usage.en-us.md
+++ b/docs/content/development/api-usage.en-us.md
@ -117,7 +117,7 @@ curl -v "http://localhost/api/v1/repos/search?limit=1"
 API Reference guide is auto-generated by swagger and available on:
 `https://gitea.your.host/api/swagger`
 or on the
-[Gitea demo instance](https://try.gitea.io/api/swagger)
+[Gitea instance](https://gitea.com/api/swagger)
 The OpenAPI document is at:
 `https://gitea.your.host/swagger.v1.json`
--- a/docs/content/help/faq.en-us.md
+++ b/docs/content/help/faq.en-us.md
@ -45,7 +45,7 @@ To migrate from GitHub to Gitea, you can use Gitea's built-in migration form.
 In order to migrate items such as issues, pull requests, etc. you will need to input at least your username.
-[Example (requires login)](https://try.gitea.io/repo/migrate)
+[Example (requires login)](https://demo.gitea.com/repo/migrate)
 To migrate from GitLab to Gitea, you can use this non-affiliated tool:
@ -137,9 +137,9 @@ All Gitea instances have the built-in API and there is no way to disable it comp
 You can, however, disable showing its documentation by setting `ENABLE_SWAGGER` to `false` in the `api` section of your `app.ini`.
 For more information, refer to Gitea's [API docs](development/api-usage.md).
-You can see the latest API (for example) on https://try.gitea.io/api/swagger
+You can see the latest API (for example) on https://gitea.com/api/swagger
-You can also see an example of the `swagger.json` file at https://try.gitea.io/swagger.v1.json
+You can also see an example of the `swagger.json` file at https://gitea.com/swagger.v1.json
 ## Adjusting your server for public/private use
--- a/docs/content/help/faq.zh-cn.md
+++ b/docs/content/help/faq.zh-cn.md
@ -47,7 +47,7 @@ menu:
 为了迁移诸如问题、拉取请求等项目，您需要至少输入您的用户名。
-[Example (requires login)](https://try.gitea.io/repo/migrate)
+[Example (requires login)](https://demo.gitea.com/repo/migrate)
 要从GitLab迁移到Gitea，您可以使用这个非关联的工具：
@ -141,9 +141,9 @@ Gitea不提供内置的Pages服务器。您需要一个专用的域名来提供
 但是，您可以在app.ini的api部分将ENABLE_SWAGGER设置为false，以禁用其文档显示。
 有关更多信息，请参阅Gitea的[API文档](development/api-usage.md)。
-您可以在上查看最新的API（例如）https://try.gitea.io/api/swagger
+您可以在上查看最新的API（例如）https://gitea.com/api/swagger
-您还可以在上查看`swagger.json`文件的示例 https://try.gitea.io/swagger.v1.json
+您还可以在上查看`swagger.json`文件的示例 https://gitea.com/swagger.v1.json
 ## 调整服务器用于公共/私有使用
--- a/docs/content/help/support.en-us.md
+++ b/docs/content/help/support.en-us.md
@ -19,11 +19,11 @@ menu:
 - [Paid Commercial Support](https://about.gitea.com/)
 - [Discord](https://discord.gg/Gitea)
- [Discourse Forum](https://discourse.gitea.io/)
+- [Forum](https://forum.gitea.com/)
 - [Matrix](https://matrix.to/#/#gitea-space:matrix.org)
  - NOTE: Most of the Matrix channels are bridged with their counterpart in Discord and may experience some degree of flakiness with the bridge process.
 - Chinese Support
-  - [Discourse Chinese Category](https://discourse.gitea.io/c/5-category/5)
+  - [Discourse Chinese Category](https://forum.gitea.com/c/5-category/5)
  - QQ Group 328432459
 # Bug Report
@ -39,7 +39,7 @@ If you found a bug, please [create an issue on GitHub](https://github.com/go-git
   - When using systemd, use `journalctl --lines 1000 --unit gitea` to collect logs.
   - When using docker, use `docker logs --tail 1000 <gitea-container>` to collect logs.
 4. Reproducible steps so that others could reproduce and understand the problem more quickly and easily.
-   - [try.gitea.io](https://try.gitea.io) could be used to reproduce the problem.
+   - [demo.gitea.com](https://demo.gitea.com) could be used to reproduce the problem.
 5. If you encounter slow/hanging/deadlock problems, please report the stacktrace when the problem occurs.
   Go to the "Site Admin" -> "Monitoring" -> "Stacktrace" -> "Download diagnosis report".
--- a/docs/content/help/support.zh-cn.md
+++ b/docs/content/help/support.zh-cn.md
@ -19,11 +19,11 @@ menu:
 - [付费商业支持](https://about.gitea.com/)
 - [Discord](https://discord.gg/Gitea)
- [Discourse 论坛](https://discourse.gitea.io/)
+- [论坛](https://forum.gitea.com/)
 - [Matrix](https://matrix.to/#/#gitea-space:matrix.org)
  - 注意：大多数 Matrix 频道都与 Discord 中的对应频道桥接，可能在桥接过程中会出现一定程度的不稳定性。
 - 中文支持
-  - [Discourse 中文分类](https://discourse.gitea.io/c/5-category/5)
+  - [Discourse 中文分类](https://forum.gitea.com/c/5-category/5)
  - QQ 群 328432459
 # Bug 报告
@ -39,7 +39,7 @@ menu:
   - 在使用 systemd 时，使用 `journalctl --lines 1000 --unit gitea` 收集日志。
   - 在使用 Docker 时，使用 `docker logs --tail 1000 <gitea-container>` 收集日志。
 4. 可重现的步骤，以便他人能够更快速、更容易地重现和理解问题。
-   - [try.gitea.io](https://try.gitea.io) 可用于重现问题。
+   - [demo.gitea.com](https://demo.gitea.com) 可用于重现问题。
 5. 如果遇到慢速/挂起/死锁等问题，请在出现问题时报告堆栈跟踪。
   转到 "Site Admin" -> "Monitoring" -> "Stacktrace" -> "Download diagnosis report"。
--- a/docs/content/index.en-us.md
+++ b/docs/content/index.en-us.md
@ -21,7 +21,7 @@ up a self-hosted Git service.
 With Go, this can be done platform-independently across
 **all platforms** which Go supports, including Linux, macOS, and Windows,
 on x86, amd64, ARM and PowerPC architectures.
-You can try it out using [the online demo](https://try.gitea.io/).
+You can try it out using [the online demo](https://demo.gitea.com).
 ## Features
--- a/docs/content/usage/actions/badge.en-us.md
+++ b/docs/content/usage/actions/badge.en-us.md
@ -5,11 +5,9 @@ slug: "badge"
 sidebar_position: 11
 toc: false
 draft: false
 aliases:
  - /en-us/badge
 menu:
  sidebar:
-    parent: "usage"
+    parent: "actions"
    name: "Badge"
    sidebar_position: 11
    identifier: "Badge"
@ -27,7 +25,7 @@ It is designed to be compatible with [GitHub Actions workflow badge](https://doc
 You can use the following URL to get the badge:
 ```
-https://your-gitea-instance.com/{owner}/{repo}/actions/workflows/{workflow_file}?branch={branch}&event={event}
+https://your-gitea-instance.com/{owner}/{repo}/actions/workflows/{workflow_file}/badge.svg?branch={branch}&event={event}
 ```
 - `{owner}`: The owner of the repository.
--- a/docs/content/usage/actions/comparison.en-us.md
+++ b/docs/content/usage/actions/comparison.en-us.md
@ -108,6 +108,10 @@ See [Creating an annotation for an error](https://docs.github.com/en/actions/usi
 It's ignored by Gitea Actions now.
 ### Expressions
 For [expressions](https://docs.github.com/en/actions/learn-github-actions/expressions), only [`always()`](https://docs.github.com/en/actions/learn-github-actions/expressions#always) is supported.
 ## Missing UI features
 ### Pre and Post steps
--- a/docs/content/usage/actions/comparison.zh-cn.md
+++ b/docs/content/usage/actions/comparison.zh-cn.md
@ -108,6 +108,10 @@ Gitea Actions目前不支持此功能。
 Gitea Actions目前不支持此功能。
 ### 表达式
 对于 [表达式](https://docs.github.com/en/actions/learn-github-actions/expressions), 当前仅 [`always()`](https://docs.github.com/en/actions/learn-github-actions/expressions#always) 被支持。
 ## 缺失的UI功能
 ### 预处理和后处理步骤
--- a/docs/content/usage/actions/secrets.en-us.md
+++ b/docs/content/usage/actions/secrets.en-us.md
@ -5,11 +5,9 @@ slug: "secrets"
 sidebar_position: 50
 draft: false
 toc: false
 aliases:
  - /en-us/secrets
 menu:
  sidebar:
-    parent: "usage"
+    parent: "actions"
    name: "Secrets"
    sidebar_position: 50
    identifier: "usage-secrets"
--- a/docs/content/usage/actions/secrets.zh-cn.md
+++ b/docs/content/usage/actions/secrets.zh-cn.md
@ -5,11 +5,9 @@ slug: "secrets"
 sidebar_position: 50
 draft: false
 toc: false
 aliases:
  - /zh-cn/secrets
 menu:
  sidebar:
-    parent: "usage"
+    parent: "actions"
    name: "密钥管理"
    sidebar_position: 50
    identifier: "usage-secrets"
--- a/docs/content/usage/authentication.en-us.md
+++ b/docs/content/usage/authentication.en-us.md
@ -236,7 +236,7 @@ configure this, set the fields below:
  - Restrict what domains can log in if using a public SMTP host or SMTP host
    with multiple domains.
-  - Example: `gitea.io,mydomain.com,mydomain2.com`
+  - Example: `gitea.com,mydomain.com,mydomain2.com`
 - Force SMTPS
--- a/docs/content/usage/authentication.zh-cn.md
+++ b/docs/content/usage/authentication.zh-cn.md
@ -194,7 +194,7 @@ PAM提供了一种机制，通过对用户进行PAM认证来自动将其添加
  - 如果使用公共 SMTP 主机或有多个域的 SMTP 主机，限制哪些域可以登录
    限制哪些域可以登录。
-  - 示例: `gitea.io,mydomain.com,mydomain2.com`
+  - 示例: `gitea.com,mydomain.com,mydomain2.com`
 - 强制使用 SMTPS
  - 默认情况下将使用SMTPS连接到端口465.如果您希望将smtp用于其他端口，自行设置
--- a/docs/content/usage/issue-pull-request-templates.en-us.md
+++ b/docs/content/usage/issue-pull-request-templates.en-us.md
@ -308,7 +308,7 @@ This is a example for a issue config file
 blank_issues_enabled: true
 contact_links:
  - name: Gitea
-    url: https://gitea.io
+    url: https://gitea.com
    about: Visit the Gitea Website
 ```
--- a/docs/content/usage/packages/npm.en-us.md
+++ b/docs/content/usage/packages/npm.en-us.md
@ -30,7 +30,7 @@ The following examples use the `npm` tool with the scope `@test`.
 To register the package registry you need to configure a new package source.
 ```shell
-npm config set {scope}:registry https://gitea.example.com/api/packages/{owner}/npm/
+npm config set {scope}:registry=https://gitea.example.com/api/packages/{owner}/npm/
 npm config set -- '//gitea.example.com/api/packages/{owner}/npm/:_authToken' "{token}"
 ```
@ -43,7 +43,7 @@ npm config set -- '//gitea.example.com/api/packages/{owner}/npm/:_authToken' "{t
 For example:
 ```shell
-npm config set @test:registry https://gitea.example.com/api/packages/testuser/npm/
+npm config set @test:registry=https://gitea.example.com/api/packages/testuser/npm/
 npm config set -- '//gitea.example.com/api/packages/testuser/npm/:_authToken' "personal_access_token"
 ```
--- a/docs/content/usage/packages/npm.zh-cn.md
+++ b/docs/content/usage/packages/npm.zh-cn.md
@ -30,7 +30,7 @@ menu:
 要注册软件包注册表，您需要配置一个新的软件包源。
 ```shell
-npm config set {scope}:registry https://gitea.example.com/api/packages/{owner}/npm/
+npm config set {scope}:registry=https://gitea.example.com/api/packages/{owner}/npm/
 npm config set -- '//gitea.example.com/api/packages/{owner}/npm/:_authToken' "{token}"
 ```
@ -43,7 +43,7 @@ npm config set -- '//gitea.example.com/api/packages/{owner}/npm/:_authToken' "{t
 例如：
 ```shell
-npm config set @test:registry https://gitea.example.com/api/packages/testuser/npm/
+npm config set @test:registry=https://gitea.example.com/api/packages/testuser/npm/
 npm config set -- '//gitea.example.com/api/packages/testuser/npm/:_authToken' "personal_access_token"
 ```
--- a/docs/content/usage/repo-mirror.en-us.md
+++ b/docs/content/usage/repo-mirror.en-us.md
@ -58,7 +58,7 @@ The repository now gets mirrored periodically to the remote repository. You can
 To set up a mirror from Gitea to GitHub, you need to follow these steps:
-1. Create a [GitHub personal access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) with the *public_repo* box checked. Also check the **workflow** checkbox in case your repo using act for continuous integration.
+1. Create a [GitHub personal access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) with the *public_repo* box checked. Also check the **workflow** checkbox in case your repo uses GitHub Actions for continuous integration.
 2. Create a repository with that name on GitHub. Unlike Gitea, GitHub does not support creating repositories by pushing to the remote. You can also use an existing remote repo if it has the same commit history as your Gitea repo.
 3. In the settings of your Gitea repo, fill in the **Git Remote Repository URL**: `https://github.com/<your_github_group>/<your_github_project>.git`.
 4. Fill in the **Authorization** fields with your GitHub username and the personal access token as **Password**.
@ -91,10 +91,10 @@ The repository pushes shortly thereafter. To force a push, select the **Synchron
 ### Mirror an existing ssh repository
-Currently gitea supports no ssh push mirrors. You can work around this by adding a `post-receive` hook to your gitea repository that pushes manually.
+Currently Gitea supports no ssh push mirrors. You can work around this by adding a `post-receive` hook to your Gitea repository that pushes manually.
-1. Make sure the user running gitea has access to the git repo you are trying to mirror to from shell.
+1. Make sure the user running Gitea has access to the git repo you are trying to mirror to from shell.
-2. On the Webinterface at the repository settings > git hooks add a post-receive hook for the mirror. I.e.
+2. On the web interface at the repository settings > git hooks add a post-receive hook for the mirror. I.e.
 ```
 #!/usr/bin/env bash
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,61 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1726560853,
        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1731139594,
        "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,37 @@
 {
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
  };
  outputs =
    { nixpkgs, flake-utils, ... }:
    flake-utils.lib.eachDefaultSystem (
      system:
      let
        pkgs = nixpkgs.legacyPackages.${system};
      in
      {
        devShells.default = pkgs.mkShell {
          buildInputs = with pkgs; [
            # generic
            git
            git-lfs
            gnumake
            gnused
            gnutar
            gzip
            # frontend
            nodejs_20
            # linting
            python312
            poetry
            # backend
            go_1_22
          ];
        };
      }
    );
 }
--- a/go.mod
+++ b/go.mod
@ -8,8 +8,8 @@ require (
 	code.gitea.io/sdk/gitea v0.17.1
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
 	connectrpc.com/connect v1.15.0
-	gitea.com/go-chi/binding v0.0.0-20240316035258-17450c5f3028
+	gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed
-	gitea.com/go-chi/cache v0.2.0
+	gitea.com/go-chi/cache v0.2.1
 	gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098
 	gitea.com/go-chi/session v0.0.0-20240316035857-16768d98ec96
 	gitea.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
@ -19,9 +19,9 @@ require (
 	github.com/PuerkitoBio/goquery v1.9.1
 	github.com/alecthomas/chroma/v2 v2.13.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
-	github.com/blevesearch/bleve/v2 v2.3.10
+	github.com/blevesearch/bleve/v2 v2.4.2
-	github.com/buildkite/terminal-to-html/v3 v3.11.0
+	github.com/buildkite/terminal-to-html/v3 v3.12.1
-	github.com/caddyserver/certmagic v0.20.0
+	github.com/caddyserver/certmagic v0.21.3
 	github.com/chi-middleware/proxy v1.1.1
 	github.com/dimiro1/reply v0.0.0-20200315094148-d0136a4c9e21
 	github.com/djherbis/buffer v1.2.0
@ -34,13 +34,13 @@ require (
 	github.com/ethantkoenig/rupture v1.0.1
 	github.com/felixge/fgprof v0.9.4
 	github.com/fsnotify/fsnotify v1.7.0
-	github.com/gliderlabs/ssh v0.3.6
+	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20240316125321-b61fd6a83225
 	github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73
 	github.com/go-chi/chi/v5 v5.0.12
 	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
-	github.com/go-enry/go-enry/v2 v2.8.7
+	github.com/go-enry/go-enry/v2 v2.9.1
 	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
 	github.com/go-git/go-billy/v5 v5.5.0
 	github.com/go-git/go-git/v5 v5.11.0
@ -56,7 +56,7 @@ require (
 	github.com/google/go-github/v57 v57.0.0
 	github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7
 	github.com/google/uuid v1.6.0
-	github.com/gorilla/feeds v1.1.2
+	github.com/gorilla/feeds v1.2.0
 	github.com/gorilla/sessions v1.2.2
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
@ -66,8 +66,8 @@ require (
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
-	github.com/klauspost/compress v1.17.8
+	github.com/klauspost/compress v1.17.9
-	github.com/klauspost/cpuid/v2 v2.2.7
+	github.com/klauspost/cpuid/v2 v2.2.8
 	github.com/lib/pq v1.10.9
 	github.com/markbates/goth v1.79.0
 	github.com/mattn/go-isatty v0.0.20
@ -75,8 +75,8 @@ require (
 	github.com/meilisearch/meilisearch-go v0.26.2
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.26
-	github.com/microsoft/go-mssqldb v1.7.0
+	github.com/microsoft/go-mssqldb v1.7.2
-	github.com/minio/minio-go/v7 v7.0.69
+	github.com/minio/minio-go/v7 v7.0.77
 	github.com/msteinert/pam v1.2.0
 	github.com/nektos/act v0.2.52
 	github.com/niklasfasching/go-org v1.7.0
@ -87,7 +87,7 @@ require (
 	github.com/pquerna/otp v1.4.0
 	github.com/prometheus/client_golang v1.19.0
 	github.com/quasoft/websspi v1.1.2
-	github.com/redis/go-redis/v9 v9.5.1
+	github.com/redis/go-redis/v9 v9.6.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/sassoftware/go-rpmutils v0.3.0
@ -97,20 +97,20 @@ require (
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/tstranex/u2f v1.0.0
 	github.com/ulikunitz/xz v0.5.11
-	github.com/urfave/cli/v2 v2.27.1
+	github.com/urfave/cli/v2 v2.27.2
 	github.com/xanzy/go-gitlab v0.100.0
 	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/yohcop/openid-go v1.0.1
 	github.com/yuin/goldmark v1.7.0
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	github.com/yuin/goldmark-meta v1.1.0
-	golang.org/x/crypto v0.22.0
+	golang.org/x/crypto v0.31.0
-	golang.org/x/image v0.15.0
+	golang.org/x/image v0.18.0
-	golang.org/x/net v0.24.0
+	golang.org/x/net v0.33.0
-	golang.org/x/oauth2 v0.18.0
+	golang.org/x/oauth2 v0.21.0
-	golang.org/x/sys v0.19.0
+	golang.org/x/sys v0.28.0
-	golang.org/x/text v0.14.0
+	golang.org/x/text v0.21.0
-	golang.org/x/tools v0.19.0
+	golang.org/x/tools v0.24.0
 	google.golang.org/grpc v1.62.1
 	google.golang.org/protobuf v1.33.0
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
@ -123,8 +123,7 @@ require (
 )
 require (
-	cloud.google.com/go/compute v1.25.1 // indirect
+	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
@ -136,7 +135,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
-	github.com/RoaringBitmap/roaring v1.9.0 // indirect
+	github.com/RoaringBitmap/roaring v1.9.3 // indirect
 	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
@ -144,12 +143,13 @@ require (
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.13.0 // indirect
-	github.com/blevesearch/bleve_index_api v1.1.6 // indirect
+	github.com/blevesearch/bleve_index_api v1.1.10 // indirect
 	github.com/blevesearch/geo v0.1.20 // indirect
 	github.com/blevesearch/go-faiss v1.0.20 // indirect
 	github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
 	github.com/blevesearch/gtreap v0.1.1 // indirect
 	github.com/blevesearch/mmap-go v1.0.4 // indirect
-	github.com/blevesearch/scorch_segment_api/v2 v2.2.8 // indirect
+	github.com/blevesearch/scorch_segment_api/v2 v2.2.15 // indirect
 	github.com/blevesearch/segment v0.9.1 // indirect
 	github.com/blevesearch/snowballstem v0.9.0 // indirect
 	github.com/blevesearch/upsidedown_store_api v1.0.2 // indirect
@ -159,15 +159,17 @@ require (
 	github.com/blevesearch/zapx/v13 v13.3.10 // indirect
 	github.com/blevesearch/zapx/v14 v14.3.10 // indirect
 	github.com/blevesearch/zapx/v15 v15.3.13 // indirect
 	github.com/blevesearch/zapx/v16 v16.1.5 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
 	github.com/caddyserver/zerossl v0.1.3 // indirect
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/couchbase/go-couchbase v0.1.1 // indirect
 	github.com/couchbase/gomemcached v0.3.1 // indirect
 	github.com/couchbase/goutils v0.1.2 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidmz/go-pageant v1.0.2 // indirect
@ -183,6 +185,7 @@ require (
 	github.com/go-faster/city v1.0.1 // indirect
 	github.com/go-faster/errors v0.7.1 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
 	github.com/go-openapi/errors v0.22.0 // indirect
 	github.com/go-openapi/inflect v0.21.0 // indirect
@ -195,7 +198,7 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-openapi/validate v0.24.0 // indirect
 	github.com/go-webauthn/x v0.1.9 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
 	github.com/golang-sql/sqlexp v0.1.0 // indirect
@ -210,7 +213,7 @@ require (
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@ -220,16 +223,15 @@ require (
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/libdns/libdns v0.2.1 // indirect
+	github.com/libdns/libdns v0.2.2 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/markbates/going v1.0.3 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
-	github.com/mholt/acmez v1.2.0 // indirect
+	github.com/mholt/acmez/v2 v2.0.1 // indirect
-	github.com/miekg/dns v1.1.58 // indirect
+	github.com/miekg/dns v1.1.59 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
@ -252,7 +254,7 @@ require (
 	github.com/rhysd/actionlint v1.6.27 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
-	github.com/rs/xid v1.5.0 // indirect
+	github.com/rs/xid v1.6.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
@ -288,10 +290,9 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f // indirect
-	golang.org/x/mod v0.16.0 // indirect
+	golang.org/x/mod v0.20.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
@ -304,7 +305,8 @@ replace github.com/shurcooL/vfsgen => github.com/lunny/vfsgen v0.0.0-20220105142
 replace github.com/nektos/act => gitea.com/gitea/act v0.259.1
-replace github.com/gorilla/feeds => github.com/yardenshoham/feeds v0.0.0-20240110072658-f3d0c21c0bd5
+// TODO: This could be removed after https://github.com/mholt/archiver/pull/396 merged
 replace github.com/mholt/archiver/v3 => github.com/anchore/archiver/v3 v3.5.2
 exclude github.com/gofrs/uuid v3.2.0+incompatible
--- a/go.sum
+++ b/go.sum
@ -1,7 +1,5 @@
-cloud.google.com/go/compute v1.25.1 h1:ZRpHJedLtTpKgr3RV1Fx23NuaAEN1Zfx9hw1u4aJdjU=
+cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
-cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls=
+cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU=
 code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
 code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI=
@ -20,10 +18,10 @@ git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 h1:cliQ4H
 git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078/go.mod h1:g/V2Hjas6Z1UHUp4yIx6bATpNzJ7DYtD0FG3+xARWxs=
 gitea.com/gitea/act v0.259.1 h1:8GG1o/xtUHl3qjn5f0h/2FXrT5ubBn05TJOM5ry+FBw=
 gitea.com/gitea/act v0.259.1/go.mod h1:UxZWRYqQG2Yj4+4OqfGWW5a3HELwejyWFQyU7F1jUD8=
-gitea.com/go-chi/binding v0.0.0-20240316035258-17450c5f3028 h1:6/QAx4+s0dyRwdaTFPTnhGppuiuu0OqxIH9szyTpvKw=
+gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed h1:EZZBtilMLSZNWtHHcgq2mt6NSGhJSZBuduAlinMEmso=
-gitea.com/go-chi/binding v0.0.0-20240316035258-17450c5f3028/go.mod h1:E3i3cgB04dDx0v3CytCgRTTn9Z/9x891aet3r456RVw=
+gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed/go.mod h1:E3i3cgB04dDx0v3CytCgRTTn9Z/9x891aet3r456RVw=
-gitea.com/go-chi/cache v0.2.0 h1:E0npuTfDW6CT1yD8NMDVc1SK6IeRjfmRL2zlEsCEd7w=
+gitea.com/go-chi/cache v0.2.1 h1:bfAPkvXlbcZxPCpcmDVCWoHgiBSBmZN/QosnZvEC0+g=
-gitea.com/go-chi/cache v0.2.0/go.mod h1:iQlVK2aKTZ/rE9UcHyz9pQWGvdP9i1eI2spOpzgCrtE=
+gitea.com/go-chi/cache v0.2.1/go.mod h1:Qic0HZ8hOHW62ETGbonpwz8WYypj9NieU9659wFUJ8Q=
 gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098 h1:p2ki+WK0cIeNQuqjR98IP2KZQKRzJJiV7aTeMAFwaWo=
 gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098/go.mod h1:LjzIOHlRemuUyO7WR12fmm18VZIlCAaOt9L3yKw40pk=
 gitea.com/go-chi/session v0.0.0-20240316035857-16768d98ec96 h1:IFDiMBObsP6CZIRaDLd54SR6zPYAffPXiXck5Xslu0Q=
@ -76,8 +74,8 @@ github.com/PuerkitoBio/goquery v1.9.1 h1:mTL6XjbJTZdpfL+Gwl5U2h1l9yEkJjhmlTeV9VP
 github.com/PuerkitoBio/goquery v1.9.1/go.mod h1:cW1n6TmIMDoORQU5IU/P1T3tGFunOeXEpGP2WHRwkbY=
 github.com/RoaringBitmap/roaring v0.4.23/go.mod h1:D0gp8kJQgE1A4LQ5wFLggQEyvDi06Mq5mKs52e1TwOo=
 github.com/RoaringBitmap/roaring v0.7.1/go.mod h1:jdT9ykXwHFNdJbEtxePexlFYH9LXucApeS0/+/g+p1I=
-github.com/RoaringBitmap/roaring v1.9.0 h1:lwKhr90/j0jVXJyh5X+vQN1VVn77rQFfYnh6RDRGCcE=
+github.com/RoaringBitmap/roaring v1.9.3 h1:t4EbC5qQwnisr5PrP9nt0IRhRTb9gMUgQF4t4S2OByM=
-github.com/RoaringBitmap/roaring v1.9.0/go.mod h1:6AXUsoIEzDTFFQCe1RbGA6uFONMhvejWj5rqITANK90=
+github.com/RoaringBitmap/roaring v1.9.3/go.mod h1:6AXUsoIEzDTFFQCe1RbGA6uFONMhvejWj5rqITANK90=
 github.com/alecthomas/assert/v2 v2.6.0 h1:o3WJwILtexrEUk3cUVal3oiQY2tfgr/FHWiz/v2n4FU=
 github.com/alecthomas/assert/v2 v2.6.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
@ -88,6 +86,8 @@ github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc
 github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
 github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA=
 github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/anchore/archiver/v3 v3.5.2 h1:Bjemm2NzuRhmHy3m0lRe5tNoClB9A4zYyDV58PaB6aA=
 github.com/anchore/archiver/v3 v3.5.2/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
@ -113,13 +113,15 @@ github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb h1:m935MPodAbYS46DG4pJSv7WO+VECIWUQ7OJYSoTrMh4=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
 github.com/blevesearch/bleve/v2 v2.0.5/go.mod h1:ZjWibgnbRX33c+vBRgla9QhPb4QOjD6fdVJ+R1Bk8LM=
-github.com/blevesearch/bleve/v2 v2.3.10 h1:z8V0wwGoL4rp7nG/O3qVVLYxUqCbEwskMt4iRJsPLgg=
+github.com/blevesearch/bleve/v2 v2.4.2 h1:NooYP1mb3c0StkiY9/xviiq2LGSaE8BQBCc/pirMx0U=
-github.com/blevesearch/bleve/v2 v2.3.10/go.mod h1:RJzeoeHC+vNHsoLR54+crS1HmOWpnH87fL70HAUCzIA=
+github.com/blevesearch/bleve/v2 v2.4.2/go.mod h1:ATNKj7Yl2oJv/lGuF4kx39bST2dveX6w0th2FFYLkc8=
 github.com/blevesearch/bleve_index_api v1.0.0/go.mod h1:fiwKS0xLEm+gBRgv5mumf0dhgFr2mDgZah1pqv1c1M4=
-github.com/blevesearch/bleve_index_api v1.1.6 h1:orkqDFCBuNU2oHW9hN2YEJmet+TE9orml3FCGbl1cKk=
+github.com/blevesearch/bleve_index_api v1.1.10 h1:PDLFhVjrjQWr6jCuU7TwlmByQVCSEURADHdCqVS9+g0=
-github.com/blevesearch/bleve_index_api v1.1.6/go.mod h1:PbcwjIcRmjhGbkS/lJCpfgVSMROV6TRubGGAODaK1W8=
+github.com/blevesearch/bleve_index_api v1.1.10/go.mod h1:PbcwjIcRmjhGbkS/lJCpfgVSMROV6TRubGGAODaK1W8=
 github.com/blevesearch/geo v0.1.20 h1:paaSpu2Ewh/tn5DKn/FB5SzvH0EWupxHEIwbCk/QPqM=
 github.com/blevesearch/geo v0.1.20/go.mod h1:DVG2QjwHNMFmjo+ZgzrIq2sfCh6rIHzy9d9d0B59I6w=
 github.com/blevesearch/go-faiss v1.0.20 h1:AIkdTQFWuZ5LQmKQSebgMR4RynGNw8ZseJXaan5kvtI=
 github.com/blevesearch/go-faiss v1.0.20/go.mod h1:jrxHrbl42X/RnDPI+wBoZU8joxxuRwedrxqswQ3xfU8=
 github.com/blevesearch/go-porterstemmer v1.0.3 h1:GtmsqID0aZdCSNiY8SkuPJ12pD4jI+DdXTAn4YRcHCo=
 github.com/blevesearch/go-porterstemmer v1.0.3/go.mod h1:angGc5Ht+k2xhJdZi511LtmxuEf0OVpvUUNrwmM1P7M=
 github.com/blevesearch/gtreap v0.1.1 h1:2JWigFrzDMR+42WGIN/V2p0cUvn4UP3C4Q5nmaZGW8Y=
@ -128,8 +130,8 @@ github.com/blevesearch/mmap-go v1.0.2/go.mod h1:ol2qBqYaOUsGdm7aRMRrYGgPvnwLe6Y+
 github.com/blevesearch/mmap-go v1.0.4 h1:OVhDhT5B/M1HNPpYPBKIEJaD0F3Si+CrEKULGCDPWmc=
 github.com/blevesearch/mmap-go v1.0.4/go.mod h1:EWmEAOmdAS9z/pi/+Toxu99DnsbhG1TIxUoRmJw/pSs=
 github.com/blevesearch/scorch_segment_api/v2 v2.0.1/go.mod h1:lq7yK2jQy1yQjtjTfU931aVqz7pYxEudHaDwOt1tXfU=
-github.com/blevesearch/scorch_segment_api/v2 v2.2.8 h1:+OLW38LuRKio6N6V0gIk1srwFz79FJ5v2sNqHz2HVAA=
+github.com/blevesearch/scorch_segment_api/v2 v2.2.15 h1:prV17iU/o+A8FiZi9MXmqbagd8I0bCqM7OKUYPbnb5Y=
-github.com/blevesearch/scorch_segment_api/v2 v2.2.8/go.mod h1:ckbeb7knyOOvAdZinn/ASbB7EA3HoagnJkmEV3J7+sg=
+github.com/blevesearch/scorch_segment_api/v2 v2.2.15/go.mod h1:db0cmP03bPNadXrCDuVkKLV6ywFSiRgPFT1YVrestBc=
 github.com/blevesearch/segment v0.9.0/go.mod h1:9PfHYUdQCgHktBgvtUOF4x+pc4/l8rdH0u5spnW85UQ=
 github.com/blevesearch/segment v0.9.1 h1:+dThDy+Lvgj5JMxhmOVlgFfkUtZV2kw49xax4+jTfSU=
 github.com/blevesearch/segment v0.9.1/go.mod h1:zN21iLm7+GnBHWTao9I+Au/7MBiL8pPFtJBJTsk6kQw=
@ -157,25 +159,28 @@ github.com/blevesearch/zapx/v14 v14.3.10/go.mod h1:qqyuR0u230jN1yMmE4FIAuCxmahRQ
 github.com/blevesearch/zapx/v15 v15.2.0/go.mod h1:MmQceLpWfME4n1WrBFIwplhWmaQbQqLQARpaKUEOs/A=
 github.com/blevesearch/zapx/v15 v15.3.13 h1:6EkfaZiPlAxqXz0neniq35my6S48QI94W/wyhnpDHHQ=
 github.com/blevesearch/zapx/v15 v15.3.13/go.mod h1:Turk/TNRKj9es7ZpKK95PS7f6D44Y7fAFy8F4LXQtGg=
 github.com/blevesearch/zapx/v16 v16.1.5 h1:b0sMcarqNFxuXvjoXsF8WtwVahnxyhEvBSRJi/AUHjU=
 github.com/blevesearch/zapx/v16 v16.1.5/go.mod h1:J4mSF39w1QELc11EWRSBFkPeZuO7r/NPKkHzDCoiaI8=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
 github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 h1:N7oVaKyGp8bttX0bfZGmcGkjz7DLQXhAn3DNd3T0ous=
 github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
 github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
 github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
-github.com/buildkite/terminal-to-html/v3 v3.11.0 h1:wMTpKgR61lqmxMz1FKjCaW5mq6DqeEgFZdJ+SU4hP30=
+github.com/buildkite/terminal-to-html/v3 v3.12.1 h1:Wwec2uOu35zNPEQTzDyXQPyr/VUW6lzEwiYede1CaoE=
-github.com/buildkite/terminal-to-html/v3 v3.11.0/go.mod h1:8JACDet3vmvWLsL4IBobweQYtf19W5J+EKM3LEE1c+4=
+github.com/buildkite/terminal-to-html/v3 v3.12.1/go.mod h1:PfNtCsLnMZs7X9X2gcngOutmgSp7/oGBUIpVzRnD09A=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/caddyserver/certmagic v0.20.0 h1:bTw7LcEZAh9ucYCRXyCpIrSAGplplI0vGYJ4BpCQ/Fc=
+github.com/caddyserver/certmagic v0.21.3 h1:pqRRry3yuB4CWBVq9+cUqu+Y6E2z8TswbhNx1AZeYm0=
-github.com/caddyserver/certmagic v0.20.0/go.mod h1:N4sXgpICQUskEWpj7zVzvWD41p3NYacrNoZYiRM2jTg=
+github.com/caddyserver/certmagic v0.21.3/go.mod h1:Zq6pklO9nVRl3DIFUw9gVUfXKdpc/0qwTUAQMBlfgtI=
 github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+YTAyA=
 github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4=
 github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a h1:MISbI8sU/PSK/ztvmWKFcI7UGb5/HQT7B+i3a2myKgI=
 github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a/go.mod h1:2GxOXOlEPAMFPfp014mK1SWq8G8BN8o7/dfYqJrVGn8=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chi-middleware/proxy v1.1.1 h1:4HaXUp8o2+bhHr1OhVy+VjN0+L7/07JDcn6v7YrTjrQ=
 github.com/chi-middleware/proxy v1.1.1/go.mod h1:jQwMEJct2tz9VmtCELxvnXoMfa+SOdikvbVJVHv/M+0=
 github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=
@ -199,10 +204,9 @@ github.com/couchbase/goutils v0.1.2 h1:gWr8B6XNWPIhfalHNog3qQKfGiYyh4K4VhO3P2o9B
 github.com/couchbase/goutils v0.1.2/go.mod h1:h89Ek/tiOxxqjz30nPPlwZdQbdB8BwgnuBxeoUe/ViE=
 github.com/couchbase/moss v0.1.0/go.mod h1:9MaHIaRuy9pvLPUJxB8sh8OrLfyDczECVL37grCIubs=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
-github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
-github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cupcake/rdb v0.0.0-20161107195141-43ba34106c76/go.mod h1:vYwsqCOLxGiisLwp9rITslkFNpZD5rz43tf41QFkTWY=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -235,7 +239,6 @@ github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+m
 github.com/dvyukov/go-fuzz v0.0.0-20210429054444-fca39067bc72/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.1 h1:iPCqofzMO41WVbcS/B5Ym7AwHQg9cyQ7Ie/R2XU5L3A=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.1/go.mod h1:VY4oyqUnpULFB3SCRpl24GFDIN1PmfiQIvN/G4ScSNg=
 github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/elazarl/go-bindata-assetfs v1.0.1/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
@ -266,8 +269,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fxamacker/cbor/v2 v2.6.0 h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=
 github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gliderlabs/ssh v0.3.6 h1:ZzjlDa05TcFRICb3anf/dSPN3ewz1Zx6CMLPWgkm3b8=
+github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
-github.com/gliderlabs/ssh v0.3.6/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
+github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/glycerine/go-unsnap-stream v0.0.0-20181221182339-f9677308dec2/go.mod h1:/20jfyN9Y5QPEAprSgKAUr+glWDY39ZiUEAYOEv5dsE=
 github.com/glycerine/goconvey v0.0.0-20190410193231-58a59202ab31/go.mod h1:Ogl1Tioa0aV7gstGFO7KhffUsb9M4ydbEbbxpcEDc24=
 github.com/go-ap/activitypub v0.0.0-20240316125321-b61fd6a83225 h1:OoM81OclgRX7CUch4M7MmsH0NcmLWpFiSn7rhs6Y5ZU=
@ -285,8 +288,8 @@ github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
 github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=
 github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY=
-github.com/go-enry/go-enry/v2 v2.8.7 h1:vbab0pcf5Yo1cHQLzbWZ+QomUh3EfEU8EiR5n7W0lnQ=
+github.com/go-enry/go-enry/v2 v2.9.1 h1:G9iDteJ/Mc0F4Di5NeQknf83R2OkRbwY9cAYmcqVG6U=
-github.com/go-enry/go-enry/v2 v2.8.7/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
+github.com/go-enry/go-enry/v2 v2.9.1/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
 github.com/go-enry/go-oniguruma v1.2.1/go.mod h1:bWDhYP+S6xZQgiRL7wlTScFYBe023B6ilRZbCAD5Hf4=
 github.com/go-faster/city v1.0.1 h1:4WAxSZ3V2Ws4QRDrscLEDcibJY8uf41H6AhXDrNDcGw=
@ -304,6 +307,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMj
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4=
 github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A=
 github.com/go-ldap/ldap/v3 v3.4.6/go.mod h1:IGMQANNtxpsOzj7uUAMjpGBaOVTC4DYyIy8VsTdxmtc=
 github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=
@ -328,8 +333,6 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
 github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
 github.com/go-redis/redis v6.15.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.8.0 h1:UtktXaU2Nb64z/pLiGIxY4431SJ4/dR5cjMmlVHgnT4=
 github.com/go-sql-driver/mysql v1.8.0/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/go-swagger/go-swagger v0.30.5 h1:SQ2+xSonWjjoEMOV5tcOnZJVlfyUfCBhGQGArS1b9+U=
@ -350,8 +353,8 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA
 github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
 github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
-github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
-github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f h1:3BSP1Tbs2djlpprl7wCLuiqMaUh5SJkkzI2gDs+FgLs=
 github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
@ -370,7 +373,6 @@ github.com/golang/geo v0.0.0-20230421003525-6adc56603217/go.mod h1:8wI0hitZ3a1Ix
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
@ -379,7 +381,6 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@ -410,7 +411,6 @@ github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 h1:twflg0XRTjwKpxb/jFExr4HGq6on2dEOmnL6FV+fgPw=
 github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@ -418,6 +418,8 @@ github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=
 github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0=
 github.com/gorilla/feeds v1.2.0 h1:O6pBiXJ5JHhPvqy53NsjKOThq+dNFm8+DFrxBEdzSCc=
 github.com/gorilla/feeds v1.2.0/go.mod h1:WMib8uJP3BbY+X8Szd1rA5Pzhdfh+HCCAYT2z7Fza6Y=
 github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
 github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
@ -432,11 +434,10 @@ github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTj
 github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
-github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
@ -498,13 +499,13 @@ github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.6/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
-github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
+github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
-github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
 github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
@ -521,13 +522,10 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis=
+github.com/libdns/libdns v0.2.2 h1:O6ws7bAfRPaBsgAYt8MDe2HcNBGC29hkZ9MX2eUSX3s=
-github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
+github.com/libdns/libdns v0.2.2/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
 github.com/lunny/log v0.0.0-20160921050905-7887c61bf0de/go.mod h1:3q8WtuPQsoRbatJuy3nvq/hRSvuBJrHHr+ybPPiNvHQ=
 github.com/lunny/nodb v0.0.0-20160621015157-fc1ef06ad4af/go.mod h1:Cqz6pqow14VObJ7peltM+2n3PWOz7yTrfUuGbVFkzN0=
 github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0 h1:F/3FfGmKdiKFa8kL3YrpZ7pe9H4l4AzA1pbaOUnRvPI=
 github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0/go.mod h1:JEfTc3+2DF9Z4PXhLLvXL42zexJyh8rIq3OzUj/0rAk=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@ -547,27 +545,22 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/meilisearch/meilisearch-go v0.26.2 h1:3gTlmiV1dHHumVUhYdJbvh3camiNiyqQ1hNveVsU2OE=
 github.com/meilisearch/meilisearch-go v0.26.2/go.mod h1:SxuSqDcPBIykjWz1PX+KzsYzArNLSCadQodWs8extS0=
-github.com/mholt/acmez v1.2.0 h1:1hhLxSgY5FvH5HCnGUuwbKY2VQVo8IU7rxXKSnZ7F30=
+github.com/mholt/acmez/v2 v2.0.1 h1:3/3N0u1pLjMK4sNEAFSI+bcvzbPhRpY383sy1kLHJ6k=
-github.com/mholt/acmez v1.2.0/go.mod h1:VT9YwH1xgNX1kmYY89gY8xPJC84BFAisjo8Egigt4kE=
+github.com/mholt/acmez/v2 v2.0.1/go.mod h1:fX4c9r5jYwMyMsC+7tkYRxHibkOTgta5DIFGoe67e1U=
 github.com/mholt/archiver/v3 v3.5.1 h1:rDjOBX9JSF5BvoJGvjqK479aL70qh9DIpZCl+k7Clwo=
 github.com/mholt/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
 github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
 github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
-github.com/microsoft/go-mssqldb v1.7.0 h1:sgMPW0HA6Ihd37Yx0MzHyKD726C2kY/8KJsQtXHNaAs=
+github.com/microsoft/go-mssqldb v1.7.2 h1:CHkFJiObW7ItKTJfHo1QX7QBBD1iV+mn1eOyRP3b/PA=
-github.com/microsoft/go-mssqldb v1.7.0/go.mod h1:kOvZKUdrhhFQmxLZqbwUV0rHkNkZpthMITIb2Ko1IoA=
+github.com/microsoft/go-mssqldb v1.7.2/go.mod h1:kOvZKUdrhhFQmxLZqbwUV0rHkNkZpthMITIb2Ko1IoA=
-github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
+github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs=
-github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
+github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.69 h1:l8AnsQFyY1xiwa/DaQskY4NXSLA2yrGsW5iD9nRPVS0=
+github.com/minio/minio-go/v7 v7.0.77 h1:GaGghJRg9nwDVlNbwYjSDJT1rqltQkBFDsypWX1v3Bw=
-github.com/minio/minio-go/v7 v7.0.69/go.mod h1:XAvOPJQ5Xlzk5o3o/ArO2NMbhSGkimC+bpW/ngRKDmQ=
+github.com/minio/minio-go/v7 v7.0.77/go.mod h1:AVM3IUN6WwKzmwBxVdjzhH8xq+f57JSbbvzqvUzR6eg=
 github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
 github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
@ -607,12 +600,10 @@ github.com/olivere/elastic/v7 v7.0.32 h1:R7CXvbu8Eq+WlsLgxmKVKPox0oOwAE/2T9Si5Bn
 github.com/olivere/elastic/v7 v7.0.32/go.mod h1:c7PVmLe3Fxq77PIfY/bZmxY/TAamBhCzZ8xDOE09a9k=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
@ -626,7 +617,6 @@ github.com/paulmach/orb v0.11.1 h1:3koVegMC4X/WeiXYz9iswopaTwMem53NzTJuTF20JzU=
 github.com/paulmach/orb v0.11.1/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
 github.com/paulmach/protoscan v0.2.1/go.mod h1:SpcSwydNLrxUGSDvXvO0P7g7AuhJ7lcKfDlhJCDw2gY=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
 github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
@ -656,8 +646,8 @@ github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43Z
 github.com/quasoft/websspi v1.1.2 h1:/mA4w0LxWlE3novvsoEL6BBA1WnjJATbjkh1kFrTidw=
 github.com/quasoft/websspi v1.1.2/go.mod h1:HmVdl939dQ0WIXZhyik+ARdI03M6bQzaSEKcgpFmewk=
 github.com/rcrowley/go-metrics v0.0.0-20190826022208-cac0b30c2563/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=
+github.com/redis/go-redis/v9 v9.6.0 h1:NLck+Rab3AOTHw21CGRpvQpgTrAU4sgdCswqGtlhGRA=
-github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
+github.com/redis/go-redis/v9 v9.6.0/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rhysd/actionlint v1.6.27 h1:xxwe8YmveBcC8lydW6GoHMGmB6H/MTqUU60F2p10wjw=
@ -673,8 +663,8 @@ github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc=
+github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
-github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@ -696,16 +686,11 @@ github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5g
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c h1:aqg5Vm5dwtvL+YgDpBcK1ITf3o96N/K7/wsRXQnUTEs=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c/go.mod h1:owqhoLW1qZoYLZzLnBw+QkPP9WZnjlSWihhxAJC1+/M=
 github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726/go.mod h1:3yhqj7WBBfRhbBlzyOC3gUxftwsU0u8gqevxwIHQpMw=
 github.com/siddontang/go-snappy v0.0.0-20140704025258-d8f7bb82a96d/go.mod h1:vq0tzqLRu6TS7Id0wMo2N5QzJoKedVeovOpHjnykSzY=
 github.com/siddontang/ledisdb v0.0.0-20190202134119-8ceb77e66a92/go.mod h1:mF1DpOSOUiJRMR+FDqaqu3EBqrybQtrDDszLUZ6oxPg=
 github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
 github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.1.1 h1:T/YLemO5Yp7KPzS+lVtu+WsHn8yoSwTfItdAd1r3cck=
 github.com/smartystreets/assertions v1.1.1/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
@ -764,11 +749,10 @@ github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oW
 github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/unknwon/com v0.0.0-20190804042917-757f69c95f3e/go.mod h1:tOOxU81rwgoCLoOVVPHb6T/wt8HZygqH5id+GNnlCXM=
 github.com/unknwon/com v1.0.1 h1:3d1LTxD+Lnf3soQiD4Cp/0BRB+Rsa/+RTvz8GMMzIXs=
 github.com/unknwon/com v1.0.1/go.mod h1:tOOxU81rwgoCLoOVVPHb6T/wt8HZygqH5id+GNnlCXM=
-github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=
+github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
-github.com/urfave/cli/v2 v2.27.1/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.37.1-0.20220607072126-8a320890c08d/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I=
@ -799,8 +783,6 @@ github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMx
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw=
 github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk=
 github.com/yardenshoham/feeds v0.0.0-20240110072658-f3d0c21c0bd5 h1:3seWKGVhGoc66Ht5QlhQsr4xT2caDnFegsnh2NqvENU=
 github.com/yardenshoham/feeds v0.0.0-20240110072658-f3d0c21c0bd5/go.mod h1:WMib8uJP3BbY+X8Szd1rA5Pzhdfh+HCCAYT2z7Fza6Y=
 github.com/yohcop/openid-go v1.0.1 h1:DPRd3iPO5F6O5zX2e62XpVAbPT6wV51cuucH0z9g3js=
 github.com/yohcop/openid-go v1.0.1/go.mod h1:b/AvD03P0KHj4yuihb+VtLD6bYYgsy0zqBzPCRjkCNs=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
@ -842,7 +824,6 @@ go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
@ -854,26 +835,23 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f h1:3CW0unweImhOzd5FmYuRsD4Y4oQFKZIjAnKbjV4WIrw=
 golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
-golang.org/x/image v0.15.0 h1:kOELfmgrmJlw4Cdb7g/QGuB3CvDrXbqEIww/pNtNBm8=
+golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ=
-golang.org/x/image v0.15.0/go.mod h1:HUYqC05R2ZcZ3ejNQsIHQDQiwWM4JBqmm6MKANTp4LE=
+golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
-golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@ -888,10 +866,10 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -900,15 +878,13 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190730183949-1393eb018365/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -939,8 +915,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@ -950,26 +926,23 @@ golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
@ -979,15 +952,12 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
+golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
-golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
+golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c h1:lfpJ/2rWPa/kJgxyyXM8PrNnfCzcmxJ265mADgwmvLI=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
@ -999,7 +969,6 @@ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miE
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
@ -1014,7 +983,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
 gopkg.in/ini.v1 v1.44.2/go.mod h1:M3Cogqpuv0QCi3ExAY5V4uOt4qb/R3xZubo9m8lK5wg=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
--- a/models/actions/artifact.go
+++ b/models/actions/artifact.go
@ -69,7 +69,7 @@ func CreateArtifact(ctx context.Context, t *ActionTask, artifactName, artifactPa
 			OwnerID:      t.OwnerID,
 			CommitSHA:    t.CommitSHA,
 			Status:       int64(ArtifactStatusUploadPending),
-			ExpiredUnix:  timeutil.TimeStamp(time.Now().Unix() + 3600*24*expiredDays),
+			ExpiredUnix:  timeutil.TimeStamp(time.Now().Unix() + timeutil.Day*expiredDays),
 		}
 		if _, err := db.GetEngine(ctx).Insert(artifact); err != nil {
 			return nil, err
@ -78,6 +78,13 @@ func CreateArtifact(ctx context.Context, t *ActionTask, artifactName, artifactPa
 	} else if err != nil {
 		return nil, err
 	}
 	if _, err := db.GetEngine(ctx).ID(artifact.ID).Cols("expired_unix").Update(&ActionArtifact{
 		ExpiredUnix: timeutil.TimeStamp(time.Now().Unix() + timeutil.Day*expiredDays),
 	}); err != nil {
 		return nil, err
 	}
 	return artifact, nil
 }
--- a/models/actions/run.go
+++ b/models/actions/run.go
@ -261,6 +261,7 @@ func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID strin
 }
 // InsertRun inserts a run
 // The title will be cut off at 255 characters if it's longer than 255 characters.
 func InsertRun(ctx context.Context, run *ActionRun, jobs []*jobparser.SingleWorkflow) error {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
@ -273,6 +274,7 @@ func InsertRun(ctx context.Context, run *ActionRun, jobs []*jobparser.SingleWork
 		return err
 	}
 	run.Index = index
 	run.Title, _ = util.SplitStringAtByteN(run.Title, 255)
 	if err := db.Insert(ctx, run); err != nil {
 		return err
@ -386,6 +388,7 @@ func UpdateRun(ctx context.Context, run *ActionRun, cols ...string) error {
 	if len(cols) > 0 {
 		sess.Cols(cols...)
 	}
 	run.Title, _ = util.SplitStringAtByteN(run.Title, 255)
 	affected, err := sess.Update(run)
 	if err != nil {
 		return err
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@ -242,6 +242,7 @@ func GetRunnerByID(ctx context.Context, id int64) (*ActionRunner, error) {
 // UpdateRunner updates runner's information.
 func UpdateRunner(ctx context.Context, r *ActionRunner, cols ...string) error {
 	e := db.GetEngine(ctx)
 	r.Name, _ = util.SplitStringAtByteN(r.Name, 255)
 	var err error
 	if len(cols) == 0 {
 		_, err = e.ID(r.ID).AllCols().Update(r)
@ -263,6 +264,7 @@ func DeleteRunner(ctx context.Context, id int64) error {
 // CreateRunner creates new runner.
 func CreateRunner(ctx context.Context, t *ActionRunner) error {
 	t.Name, _ = util.SplitStringAtByteN(t.Name, 255)
 	return db.Insert(ctx, t)
 }
--- a/models/actions/schedule.go
+++ b/models/actions/schedule.go
@ -12,6 +12,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 	webhook_module "code.gitea.io/gitea/modules/webhook"
 	"github.com/robfig/cron/v3"
@ -71,6 +72,7 @@ func CreateScheduleTask(ctx context.Context, rows []*ActionSchedule) error {
 	// Loop through each schedule row
 	for _, row := range rows {
 		row.Title, _ = util.SplitStringAtByteN(row.Title, 255)
 		// Create new schedule row
 		if err = db.Insert(ctx, row); err != nil {
 			return err
--- a/models/activities/action.go
+++ b/models/activities/action.go
@ -248,6 +248,9 @@ func (a *Action) GetActDisplayNameTitle(ctx context.Context) string {
 // GetRepoUserName returns the name of the action repository owner.
 func (a *Action) GetRepoUserName(ctx context.Context) string {
 	a.loadRepo(ctx)
 	if a.Repo == nil {
 		return "(non-existing-repo)"
 	}
 	return a.Repo.OwnerName
 }
@ -260,6 +263,9 @@ func (a *Action) ShortRepoUserName(ctx context.Context) string {
 // GetRepoName returns the name of the action repository.
 func (a *Action) GetRepoName(ctx context.Context) string {
 	a.loadRepo(ctx)
 	if a.Repo == nil {
 		return "(non-existing-repo)"
 	}
 	return a.Repo.Name
 }
@ -450,9 +456,7 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 		return nil, 0, err
 	}
-	sess := db.GetEngine(ctx).Where(cond).
+	sess := db.GetEngine(ctx).Where(cond)
 		Select("`action`.*"). // this line will avoid select other joined table's columns
 		Join("INNER", "repository", "`repository`.id = `action`.repo_id")
 	opts.SetDefaultValues()
 	sess = db.SetSessionPagination(sess, &opts)
@ -524,7 +528,12 @@ func activityQueryCondition(ctx context.Context, opts GetFeedsOptions) (builder.
 	}
 	if opts.RequestedRepo != nil {
-		cond = cond.And(builder.Eq{"repo_id": opts.RequestedRepo.ID})
+		// repo's actions could have duplicate items, see the comment of NotifyWatchers
 		// so here we only filter the "original items", aka: user_id == act_user_id
 		cond = cond.And(
 			builder.Eq{"`action`.repo_id": opts.RequestedRepo.ID},
 			builder.Expr("`action`.user_id = `action`.act_user_id"),
 		)
 	}
 	if opts.RequestedTeam != nil {
@ -577,6 +586,10 @@ func DeleteOldActions(ctx context.Context, olderThan time.Duration) (err error)
 }
 // NotifyWatchers creates batch of actions for every watcher.
 // It could insert duplicate actions for a repository action, like this:
 // * Original action: UserID=1 (the real actor), ActUserID=1
 // * Organization action: UserID=100 (the repo's org), ActUserID=1
 // * Watcher action: UserID=20 (a user who is watching a repo), ActUserID=1
 func NotifyWatchers(ctx context.Context, actions ...*Action) error {
 	var watchers []*repo_model.Watch
 	var repo *repo_model.Repository
--- a/models/activities/action_test.go
+++ b/models/activities/action_test.go
@ -226,6 +226,8 @@ func TestNotifyWatchers(t *testing.T) {
 }
 func TestGetFeedsCorrupted(t *testing.T) {
 	// Now we will not check for corrupted data in the feeds
 	// users should run doctor to fix their data
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 	unittest.AssertExistsAndLoadBean(t, &activities_model.Action{
@ -239,8 +241,8 @@ func TestGetFeedsCorrupted(t *testing.T) {
 		IncludePrivate: true,
 	})
 	assert.NoError(t, err)
-	assert.Len(t, actions, 0)
+	assert.Len(t, actions, 1)
-	assert.Equal(t, int64(0), count)
+	assert.Equal(t, int64(1), count)
 }
 func TestConsistencyUpdateAction(t *testing.T) {
@ -318,3 +320,24 @@ func TestDeleteIssueActions(t *testing.T) {
 	assert.NoError(t, activities_model.DeleteIssueActions(db.DefaultContext, issue.RepoID, issue.ID, issue.Index))
 	unittest.AssertCount(t, &activities_model.Action{}, 0)
 }
 func TestRepoActions(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 	_ = db.TruncateBeans(db.DefaultContext, &activities_model.Action{})
 	for i := 0; i < 3; i++ {
 		_ = db.Insert(db.DefaultContext, &activities_model.Action{
 			UserID:    2 + int64(i),
 			ActUserID: 2,
 			RepoID:    repo.ID,
 			OpType:    activities_model.ActionCommentIssue,
 		})
 	}
 	count, _ := db.Count[activities_model.Action](db.DefaultContext, &db.ListOptions{})
 	assert.EqualValues(t, 3, count)
 	actions, _, err := activities_model.GetFeeds(db.DefaultContext, activities_model.GetFeedsOptions{
 		RequestedRepo: repo,
 	})
 	assert.NoError(t, err)
 	assert.Len(t, actions, 1)
 }
--- a/models/activities/notification.go
+++ b/models/activities/notification.go
@ -286,13 +286,14 @@ type UserIDCount struct {
 	Count  int64
 }
-// GetUIDsAndNotificationCounts between the two provided times
+// GetUIDsAndNotificationCounts returns the unread counts for every user between the two provided times.
 // It must return all user IDs which appear during the period, including count=0 for users who have read all.
 func GetUIDsAndNotificationCounts(ctx context.Context, since, until timeutil.TimeStamp) ([]UserIDCount, error) {
-	sql := `SELECT user_id, count(*) AS count FROM notification ` +
+	sql := `SELECT user_id, sum(case when status= ? then 1 else 0 end) AS count FROM notification ` +
 		`WHERE user_id IN (SELECT user_id FROM notification WHERE updated_unix >= ? AND ` +
-		`updated_unix < ?) AND status = ? GROUP BY user_id`
+		`updated_unix < ?) GROUP BY user_id`
 	var res []UserIDCount
-	return res, db.GetEngine(ctx).SQL(sql, since, until, NotificationStatusUnread).Find(&res)
+	return res, db.GetEngine(ctx).SQL(sql, NotificationStatusUnread, since, until).Find(&res)
 }
 // SetIssueReadBy sets issue to be read by given user.
--- a/models/admin/task.go
+++ b/models/admin/task.go
@ -179,27 +179,6 @@ func GetMigratingTask(ctx context.Context, repoID int64) (*Task, error) {
 	return &task, nil
 }
 // GetMigratingTaskByID returns the migrating task by repo's id
 func GetMigratingTaskByID(ctx context.Context, id, doerID int64) (*Task, *migration.MigrateOptions, error) {
 	task := Task{
 		ID:     id,
 		DoerID: doerID,
 		Type:   structs.TaskTypeMigrateRepo,
 	}
 	has, err := db.GetEngine(ctx).Get(&task)
 	if err != nil {
 		return nil, nil, err
 	} else if !has {
 		return nil, nil, ErrTaskDoesNotExist{id, 0, task.Type}
 	}
 	var opts migration.MigrateOptions
 	if err := json.Unmarshal([]byte(task.PayloadContent), &opts); err != nil {
 		return nil, nil, err
 	}
 	return &task, &opts, nil
 }
 // CreateTask creates a task on database
 func CreateTask(ctx context.Context, task *Task) error {
 	return db.Insert(ctx, task)
--- a/models/asymkey/ssh_key.go
+++ b/models/asymkey/ssh_key.go
@ -229,35 +229,26 @@ func UpdatePublicKeyUpdated(ctx context.Context, id int64) error {
 // PublicKeysAreExternallyManaged returns whether the provided KeyID represents an externally managed Key
 func PublicKeysAreExternallyManaged(ctx context.Context, keys []*PublicKey) ([]bool, error) {
-	sources := make([]*auth.Source, 0, 5)
+	sourceCache := make(map[int64]*auth.Source, len(keys))
 	externals := make([]bool, len(keys))
-keyloop:
+
 	for i, key := range keys {
 		if key.LoginSourceID == 0 {
 			externals[i] = false
-			continue keyloop
+			continue
 		}
-		var source *auth.Source
+		source, ok := sourceCache[key.LoginSourceID]
-
+		if !ok {
 	sourceloop:
 		for _, s := range sources {
 			if s.ID == key.LoginSourceID {
 				source = s
 				break sourceloop
 			}
 		}
 		if source == nil {
 			var err error
 			source, err = auth.GetSourceByID(ctx, key.LoginSourceID)
 			if err != nil {
 				if auth.IsErrSourceNotExist(err) {
 					externals[i] = false
-					sources[i] = &auth.Source{
+					sourceCache[key.LoginSourceID] = &auth.Source{
 						ID: key.LoginSourceID,
 					}
-					continue keyloop
+					continue
 				}
 				return nil, err
 			}
--- a/models/asymkey/ssh_key_test.go
+++ b/models/asymkey/ssh_key_test.go
@ -12,6 +12,8 @@ import (
 	"strings"
 	"testing"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/42wim/sshsig"
@ -26,7 +28,6 @@ func Test_SSHParsePublicKey(t *testing.T) {
 		length        int
 		content       string
 	}{
 		{"dsa-1024", false, "dsa", 1024, "ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment"},
 		{"rsa-1024", false, "rsa", 1024, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n"},
 		{"rsa-2048", false, "rsa", 2048, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMZXh+1OBUwSH9D45wTaxErQIN9IoC9xl7MKJkqvTvv6O5RR9YW/IK9FbfjXgXsppYGhsCZo1hFOOsXHMnfOORqu/xMDx4yPuyvKpw4LePEcg4TDipaDFuxbWOqc/BUZRZcXu41QAWfDLrInwsltWZHSeG7hjhpacl4FrVv9V1pS6Oc5Q1NxxEzTzuNLS/8diZrTm/YAQQ/+B+mzWI3zEtF4miZjjAljWd1LTBPvU23d29DcBmmFahcZ441XZsTeAwGxG/Q6j8NgNXj9WxMeWwxXV2jeAX/EBSpZrCVlCQ1yJswT6xCp8TuBnTiGWYMBNTbOZvPC4e0WI2/yZW/s5F nocomment"},
 		{"ecdsa-256", false, "ecdsa", 256, "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFQacN3PrOll7PXmN5B/ZNVahiUIqI05nbBlZk1KXsO3d06ktAWqbNflv2vEmA38bTFTfJ2sbn2B5ksT52cDDbA= nocomment"},
@ -170,7 +171,6 @@ func Test_calcFingerprint(t *testing.T) {
 		fp            string
 		content       string
 	}{
 		{"dsa-1024", false, "SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc", "ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment"},
 		{"rsa-1024", false, "SHA256:vSnDkvRh/xM6kMxPidLgrUhq3mCN7CDaronCEm2joyQ", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n"},
 		{"rsa-2048", false, "SHA256:ZHD//a1b9VuTq9XSunAeYjKeU1xDa2tBFZYrFr2Okkg", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMZXh+1OBUwSH9D45wTaxErQIN9IoC9xl7MKJkqvTvv6O5RR9YW/IK9FbfjXgXsppYGhsCZo1hFOOsXHMnfOORqu/xMDx4yPuyvKpw4LePEcg4TDipaDFuxbWOqc/BUZRZcXu41QAWfDLrInwsltWZHSeG7hjhpacl4FrVv9V1pS6Oc5Q1NxxEzTzuNLS/8diZrTm/YAQQ/+B+mzWI3zEtF4miZjjAljWd1LTBPvU23d29DcBmmFahcZ441XZsTeAwGxG/Q6j8NgNXj9WxMeWwxXV2jeAX/EBSpZrCVlCQ1yJswT6xCp8TuBnTiGWYMBNTbOZvPC4e0WI2/yZW/s5F nocomment"},
 		{"ecdsa-256", false, "SHA256:Bqx/xgWqRKLtkZ0Lr4iZpgb+5lYsFpSwXwVZbPwuTRw", "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFQacN3PrOll7PXmN5B/ZNVahiUIqI05nbBlZk1KXsO3d06ktAWqbNflv2vEmA38bTFTfJ2sbn2B5ksT52cDDbA= nocomment"},
@ -503,3 +503,11 @@ func runErr(t *testing.T, stdin []byte, args ...string) {
 		t.Fatal("expected error")
 	}
 }
 func Test_PublicKeysAreExternallyManaged(t *testing.T) {
 	key1 := unittest.AssertExistsAndLoadBean(t, &PublicKey{ID: 1})
 	externals, err := PublicKeysAreExternallyManaged(db.DefaultContext, []*PublicKey{key1})
 	assert.NoError(t, err)
 	assert.Len(t, externals, 1)
 	assert.False(t, externals[0])
 }
--- a/models/auth/access_token_scope.go
+++ b/models/auth/access_token_scope.go
@ -309,6 +309,22 @@ func (s AccessTokenScope) HasScope(scopes ...AccessTokenScope) (bool, error) {
 	return true, nil
 }
 // HasAnyScope returns true if any of the scopes is contained in the string
 func (s AccessTokenScope) HasAnyScope(scopes ...AccessTokenScope) (bool, error) {
 	bitmap, err := s.parse()
 	if err != nil {
 		return false, err
 	}
 	for _, s := range scopes {
 		if has, err := bitmap.hasScope(s); has || err != nil {
 			return has, err
 		}
 	}
 	return false, nil
 }
 // hasScope returns true if the string has the given scope
 func (bitmap accessTokenScopeBitmap) hasScope(scope AccessTokenScope) (bool, error) {
 	expectedBits, ok := allAccessTokenScopeBits[scope]
--- a/models/db/collation.go
+++ b/models/db/collation.go
@ -68,7 +68,8 @@ func CheckCollations(x *xorm.Engine) (*CheckCollationsResult, error) {
 	var candidateCollations []string
 	if x.Dialect().URI().DBType == schemas.MYSQL {
-		if _, err = x.SQL("SELECT @@collation_database").Get(&res.DatabaseCollation); err != nil {
+		_, err = x.SQL("SELECT DEFAULT_COLLATION_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = ?", setting.Database.Name).Get(&res.DatabaseCollation)
 		if err != nil {
 			return nil, err
 		}
 		res.IsCollationCaseSensitive = func(s string) bool {
--- a/models/db/engine.go
+++ b/models/db/engine.go
@ -57,6 +57,7 @@ type Engine interface {
 	SumInt(bean any, columnName string) (res int64, err error)
 	Sync(...any) error
 	Select(string) *xorm.Session
 	SetExpr(string, any) *xorm.Session
 	NotIn(string, ...any) *xorm.Session
 	OrderBy(any, ...any) *xorm.Session
 	Exist(...any) (bool, error)
--- a/models/fixtures/action_task.yml
+++ b/models/fixtures/action_task.yml
@ -1,3 +1,22 @@
 -
  id: 46
  attempt: 3
  runner_id: 1
  status: 3 # 3 is the status code for "cancelled"
  started: 1683636528
  stopped: 1683636626
  repo_id: 4
  owner_id: 1
  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
  is_fork_pull_request: 0
  token_hash: 6d8ef48297195edcc8e22c70b3020eaa06c52976db67d39b4260c64a69a2cc1508825121b7b8394e48e00b1bf8718b2aaaaa
  token_salt: eeeeeeee
  token_last_eight: eeeeeeee
  log_filename: artifact-test2/2f/47.log
  log_in_storage: 1
  log_length: 707
  log_size: 90179
  log_expired: 0
 -
  id: 47
  job_id: 192
--- a/models/fixtures/branch.yml
+++ b/models/fixtures/branch.yml
@ -45,3 +45,39 @@
  is_deleted: false
  deleted_by_id: 0
  deleted_unix: 0
 -
  id: 5
  repo_id: 10
  name: 'master'
  commit_id: '65f1bf27bc3bf70f64657658635e66094edbcb4d'
  commit_message: 'Initial commit'
  commit_time: 1489927679
  pusher_id: 12
  is_deleted: false
  deleted_by_id: 0
  deleted_unix: 0
 -
  id: 6
  repo_id: 10
  name: 'outdated-new-branch'
  commit_id: 'cb24c347e328d83c1e0c3c908a6b2c0a2fcb8a3d'
  commit_message: 'add'
  commit_time: 1489927679
  pusher_id: 12
  is_deleted: false
  deleted_by_id: 0
  deleted_unix: 0
 -
  id: 14
  repo_id: 11
  name: 'master'
  commit_id: '65f1bf27bc3bf70f64657658635e66094edbcb4d'
  commit_message: 'Initial commit'
  commit_time: 1489927679
  pusher_id: 13
  is_deleted: false
  deleted_by_id: 0
  deleted_unix: 0
--- a/models/fixtures/comment.yml
+++ b/models/fixtures/comment.yml
@ -83,3 +83,22 @@
  issue_id: 2 # in repo_id 1
  review_id: 20
  created_unix: 946684810
 -
  id: 10
  type: 22 # review
  poster_id: 5
  issue_id: 3 # in repo_id 1
  content: "reviewed by user5"
  review_id: 21
  created_unix: 946684816
 -
  id: 11
  type: 27 # review request
  poster_id: 2
  issue_id: 3 # in repo_id 1
  content: "review request for user5"
  review_id: 22
  assignee_id: 5
  created_unix: 946684817
--- a/models/fixtures/issue_index.yml
+++ b/models/fixtures/issue_index.yml
@ -1,27 +1,35 @@
 -
  group_id: 1
  max_index: 5
 -
  group_id: 2
  max_index: 2
 -
  group_id: 3
  max_index: 2
 -
  group_id: 10
  max_index: 1
 -
  group_id: 32
  max_index: 2
 -
  group_id: 48
  max_index: 1
 -
  group_id: 42
  max_index: 1
 -
  group_id: 50
  max_index: 1
 -
  group_id: 51
  max_index: 1
--- a/models/fixtures/org_user.yml
+++ b/models/fixtures/org_user.yml
@ -117,3 +117,15 @@
  uid: 40
  org_id: 41
  is_public: true
 -
  id: 21
  uid: 12
  org_id: 25
  is_public: true
 -
  id: 22
  uid: 2
  org_id: 35
  is_public: true
--- a/models/fixtures/protected_tag.yml
+++ b/models/fixtures/protected_tag.yml
@ -0,0 +1,24 @@
 -
  id: 1
  repo_id: 4
  name_pattern: /v.+/
  allowlist_user_i_ds: []
  allowlist_team_i_ds: []
  created_unix: 1715596037
  updated_unix: 1715596037
 -
  id: 2
  repo_id: 1
  name_pattern: v-*
  allowlist_user_i_ds: []
  allowlist_team_i_ds: []
  created_unix: 1715596037
  updated_unix: 1715596037
 -
  id: 3
  repo_id: 1
  name_pattern: v-1.1
  allowlist_user_i_ds: [2]
  allowlist_team_i_ds: []
  created_unix: 1715596037
  updated_unix: 1715596037
--- a/models/fixtures/repository.yml
+++ b/models/fixtures/repository.yml
@ -26,7 +26,7 @@
  fork_id: 0
  is_template: false
  template_id: 0
-  size: 7320
+  size: 7597
  is_fsck_enabled: true
  close_issues_via_commit_in_any_branch: false
@ -327,7 +327,7 @@
  is_archived: false
  is_mirror: false
  status: 0
-  is_fork: false
+  is_fork: true
  fork_id: 10
  is_template: false
  template_id: 0
--- a/models/fixtures/review.yml
+++ b/models/fixtures/review.yml
@ -179,3 +179,22 @@
  content: "Review Comment"
  updated_unix: 946684810
  created_unix: 946684810
 -
  id: 21
  type: 2
  reviewer_id: 5
  issue_id: 3
  content: "reviewed by user5"
  commit_id: 4a357436d925b5c974181ff12a994538ddc5a269
  updated_unix: 946684816
  created_unix: 946684816
 -
  id: 22
  type: 4
  reviewer_id: 5
  issue_id: 3
  content: "review request for user5"
  updated_unix: 946684817
  created_unix: 946684817
--- a/models/fixtures/team.yml
+++ b/models/fixtures/team.yml
@ -239,3 +239,25 @@
  num_members: 2
  includes_all_repositories: false
  can_create_org_repo: false
 -
  id: 23
  org_id: 25
  lower_name: owners
  name: Owners
  authorize: 4 # owner
  num_repos: 0
  num_members: 1
  includes_all_repositories: false
  can_create_org_repo: true
 -
  id: 24
  org_id: 35
  lower_name: team24
  name: team24
  authorize: 2 # write
  num_repos: 0
  num_members: 1
  includes_all_repositories: true
  can_create_org_repo: false
--- a/models/fixtures/team_unit.yml
+++ b/models/fixtures/team_unit.yml
@ -322,3 +322,21 @@
  team_id: 22
  type: 3
  access_mode: 1
 -
  id: 55
  team_id: 18
  type: 1 # code
  access_mode: 4
 -
  id: 56
  team_id: 23
  type: 1 # code
  access_mode: 4
 -
  id: 57
  team_id: 24
  type: 1 # code
  access_mode: 2
--- a/models/fixtures/team_user.yml
+++ b/models/fixtures/team_user.yml
@ -147,3 +147,15 @@
  org_id: 41
  team_id: 22
  uid: 39
 -
  id: 26
  org_id: 25
  team_id: 23
  uid: 12
 -
  id: 27
  org_id: 35
  team_id: 24
  uid: 2
--- a/models/fixtures/user.yml
+++ b/models/fixtures/user.yml
@ -332,6 +332,7 @@
  repo_admin_change_team_access: false
  theme: ""
  keep_activity_private: false
  created_unix: 1730468968
 -
  id: 10
@ -918,8 +919,8 @@
  num_following: 0
  num_stars: 0
  num_repos: 0
-  num_teams: 1
+  num_teams: 2
-  num_members: 1
+  num_members: 2
  visibility: 0
  repo_admin_change_team_access: false
  theme: ""
@ -1289,8 +1290,8 @@
  num_following: 0
  num_stars: 0
  num_repos: 0
-  num_teams: 1
+  num_teams: 2
-  num_members: 1
+  num_members: 2
  visibility: 2
  repo_admin_change_team_access: false
  theme: ""
--- a/models/git/branch.go
+++ b/models/git/branch.go
@ -10,9 +10,11 @@ import (
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
@ -102,8 +104,9 @@ func (err ErrBranchesEqual) Unwrap() error {
 // for pagination, keyword search and filtering
 type Branch struct {
 	ID            int64
-	RepoID        int64  `xorm:"UNIQUE(s)"`
+	RepoID        int64                  `xorm:"UNIQUE(s)"`
-	Name          string `xorm:"UNIQUE(s) NOT NULL"` // git's ref-name is case-sensitive internally, however, in some databases (mssql, mysql, by default), it's case-insensitive at the moment
+	Repo          *repo_model.Repository `xorm:"-"`
 	Name          string                 `xorm:"UNIQUE(s) NOT NULL"` // git's ref-name is case-sensitive internally, however, in some databases (mssql, mysql, by default), it's case-insensitive at the moment
 	CommitID      string
 	CommitMessage string `xorm:"TEXT"` // it only stores the message summary (the first line)
 	PusherID      int64
@ -139,6 +142,14 @@ func (b *Branch) LoadPusher(ctx context.Context) (err error) {
 	return err
 }
 func (b *Branch) LoadRepo(ctx context.Context) (err error) {
 	if b.Repo != nil || b.RepoID == 0 {
 		return nil
 	}
 	b.Repo, err = repo_model.GetRepositoryByID(ctx, b.RepoID)
 	return err
 }
 func init() {
 	db.RegisterModel(new(Branch))
 	db.RegisterModel(new(RenamedBranch))
@ -381,6 +392,13 @@ func RenameBranch(ctx context.Context, repo *repo_model.Repository, from, to str
 		return err
 	}
 	// 4.1 Update all not merged pull request head branch name
 	if _, err = sess.Table("pull_request").Where("head_repo_id=? AND head_branch=? AND has_merged=?",
 		repo.ID, from, false).
 		Update(map[string]any{"head_branch": to}); err != nil {
 		return err
 	}
 	// 5. insert renamed branch record
 	renamedBranch := &RenamedBranch{
 		RepoID: repo.ID,
@ -400,24 +418,111 @@ func RenameBranch(ctx context.Context, repo *repo_model.Repository, from, to str
 	return committer.Commit()
 }
-// FindRecentlyPushedNewBranches return at most 2 new branches pushed by the user in 6 hours which has no opened PRs created
+type FindRecentlyPushedNewBranchesOptions struct {
-// except the indicate branch
+	Repo            *repo_model.Repository
-func FindRecentlyPushedNewBranches(ctx context.Context, repoID, userID int64, excludeBranchName string) (BranchList, error) {
+	BaseRepo        *repo_model.Repository
-	branches := make(BranchList, 0, 2)
+	CommitAfterUnix int64
-	subQuery := builder.Select("head_branch").From("pull_request").
+	MaxCount        int
-		InnerJoin("issue", "issue.id = pull_request.issue_id").
+}
-		Where(builder.Eq{
+
-			"pull_request.head_repo_id": repoID,
+type RecentlyPushedNewBranch struct {
-			"issue.is_closed":           false,
+	BranchDisplayName string
-		})
+	BranchLink        string
-	err := db.GetEngine(ctx).
+	BranchCompareURL  string
-		Where("pusher_id=? AND is_deleted=?", userID, false).
+	CommitTime        timeutil.TimeStamp
-		And("name <> ?", excludeBranchName).
+}
-		And("repo_id = ?", repoID).
+
-		And("commit_time >= ?", time.Now().Add(-time.Hour*6).Unix()).
+// FindRecentlyPushedNewBranches return at most 2 new branches pushed by the user in 2 hours which has no opened PRs created
-		NotIn("name", subQuery).
+// if opts.CommitAfterUnix is 0, we will find the branches that were committed to in the last 2 hours
-		OrderBy("branch.commit_time DESC").
+// if opts.ListOptions is not set, we will only display top 2 latest branch
-		Limit(2).
+func FindRecentlyPushedNewBranches(ctx context.Context, doer *user_model.User, opts *FindRecentlyPushedNewBranchesOptions) ([]*RecentlyPushedNewBranch, error) {
-		Find(&branches)
+	if doer == nil {
-	return branches, err
+		return []*RecentlyPushedNewBranch{}, nil
 	}
 	// find all related repo ids
 	repoOpts := repo_model.SearchRepoOptions{
 		Actor:      doer,
 		Private:    true,
 		AllPublic:  false, // Include also all public repositories of users and public organisations
 		AllLimited: false, // Include also all public repositories of limited organisations
 		Fork:       optional.Some(true),
 		ForkFrom:   opts.BaseRepo.ID,
 		Archived:   optional.Some(false),
 	}
 	repoCond := repo_model.SearchRepositoryCondition(&repoOpts).And(repo_model.AccessibleRepositoryCondition(doer, unit.TypeCode))
 	if opts.Repo.ID == opts.BaseRepo.ID {
 		// should also include the base repo's branches
 		repoCond = repoCond.Or(builder.Eq{"id": opts.BaseRepo.ID})
 	} else {
 		// in fork repo, we only detect the fork repo's branch
 		repoCond = repoCond.And(builder.Eq{"id": opts.Repo.ID})
 	}
 	repoIDs := builder.Select("id").From("repository").Where(repoCond)
 	if opts.CommitAfterUnix == 0 {
 		opts.CommitAfterUnix = time.Now().Add(-time.Hour * 2).Unix()
 	}
 	baseBranch, err := GetBranch(ctx, opts.BaseRepo.ID, opts.BaseRepo.DefaultBranch)
 	if err != nil {
 		return nil, err
 	}
 	// find all related branches, these branches may already created PRs, we will check later
 	var branches []*Branch
 	if err := db.GetEngine(ctx).
 		Where(builder.And(
 			builder.Eq{
 				"pusher_id":  doer.ID,
 				"is_deleted": false,
 			},
 			builder.Gte{"commit_time": opts.CommitAfterUnix},
 			builder.In("repo_id", repoIDs),
 			// newly created branch have no changes, so skip them
 			builder.Neq{"commit_id": baseBranch.CommitID},
 		)).
 		OrderBy(db.SearchOrderByRecentUpdated.String()).
 		Find(&branches); err != nil {
 		return nil, err
 	}
 	newBranches := make([]*RecentlyPushedNewBranch, 0, len(branches))
 	if opts.MaxCount == 0 {
 		// by default we display 2 recently pushed new branch
 		opts.MaxCount = 2
 	}
 	for _, branch := range branches {
 		// whether branch have already created PR
 		count, err := db.GetEngine(ctx).Table("pull_request").
 			// we should not only use branch name here, because if there are branches with same name in other repos,
 			// we can not detect them correctly
 			Where(builder.Eq{"head_repo_id": branch.RepoID, "head_branch": branch.Name}).Count()
 		if err != nil {
 			return nil, err
 		}
 		// if no PR, we add to the result
 		if count == 0 {
 			if err := branch.LoadRepo(ctx); err != nil {
 				return nil, err
 			}
 			branchDisplayName := branch.Name
 			if branch.Repo.ID != opts.BaseRepo.ID && branch.Repo.ID != opts.Repo.ID {
 				branchDisplayName = fmt.Sprintf("%s:%s", branch.Repo.FullName(), branchDisplayName)
 			}
 			newBranches = append(newBranches, &RecentlyPushedNewBranch{
 				BranchDisplayName: branchDisplayName,
 				BranchLink:        fmt.Sprintf("%s/src/branch/%s", branch.Repo.Link(), util.PathEscapeSegments(branch.Name)),
 				BranchCompareURL:  branch.Repo.ComposeBranchCompareURL(opts.BaseRepo, branch.Name),
 				CommitTime:        branch.CommitTime,
 			})
 		}
 		if len(newBranches) == opts.MaxCount {
 			break
 		}
 	}
 	return newBranches, nil
 }
--- a/models/git/branch_list.go
+++ b/models/git/branch_list.go
@ -7,6 +7,7 @@ import (
 	"context"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/optional"
@ -59,6 +60,24 @@ func (branches BranchList) LoadPusher(ctx context.Context) error {
 	return nil
 }
 func (branches BranchList) LoadRepo(ctx context.Context) error {
 	ids := container.FilterSlice(branches, func(branch *Branch) (int64, bool) {
 		return branch.RepoID, branch.RepoID > 0 && branch.Repo == nil
 	})
 	reposMap := make(map[int64]*repo_model.Repository, len(ids))
 	if err := db.GetEngine(ctx).In("id", ids).Find(&reposMap); err != nil {
 		return err
 	}
 	for _, branch := range branches {
 		if branch.RepoID <= 0 || branch.Repo != nil {
 			continue
 		}
 		branch.Repo = reposMap[branch.RepoID]
 	}
 	return nil
 }
 type FindBranchOptions struct {
 	db.ListOptions
 	RepoID             int64
@ -88,17 +107,13 @@ func (opts FindBranchOptions) ToConds() builder.Cond {
 func (opts FindBranchOptions) ToOrders() string {
 	orderBy := opts.OrderBy
 	if opts.IsDeletedBranch.ValueOrDefault(true) { // if deleted branch included, put them at the end
 		if orderBy != "" {
 			orderBy += ", "
 		}
 		orderBy += "is_deleted ASC"
 	}
 	if orderBy == "" {
 		// the commit_time might be the same, so add the "name" to make sure the order is stable
-		return "commit_time DESC, name ASC"
+		orderBy = "commit_time DESC, name ASC"
 	}
 	if opts.IsDeletedBranch.ValueOrDefault(true) { // if deleted branch included, put them at the beginning
 		orderBy = "is_deleted ASC, " + orderBy
 	}
 	return orderBy
 }
--- a/models/git/commit_status.go
+++ b/models/git/commit_status.go
@ -397,36 +397,16 @@ func GetLatestCommitStatusForRepoCommitIDs(ctx context.Context, repoID int64, co
 // FindRepoRecentCommitStatusContexts returns repository's recent commit status contexts
 func FindRepoRecentCommitStatusContexts(ctx context.Context, repoID int64, before time.Duration) ([]string, error) {
 	type result struct {
 		Index int64
 		SHA   string
 	}
 	getBase := func() *xorm.Session {
 		return db.GetEngine(ctx).Table(&CommitStatus{}).Where("repo_id = ?", repoID)
 	}
 	start := timeutil.TimeStampNow().AddDuration(-before)
 	results := make([]result, 0, 10)
-	sess := getBase().And("updated_unix >= ?", start).
+	var contexts []string
-		Select("max( `index` ) as `index`, sha").
+	if err := db.GetEngine(ctx).Table("commit_status").
-		GroupBy("context_hash, sha").OrderBy("max( `index` ) desc")
+		Where("repo_id = ?", repoID).And("updated_unix >= ?", start).
-
+		Cols("context").Distinct().Find(&contexts); err != nil {
 	err := sess.Find(&results)
 	if err != nil {
 		return nil, err
 	}
-	contexts := make([]string, 0, len(results))
+	return contexts, nil
 	if len(results) == 0 {
 		return contexts, nil
 	}
 	conds := make([]builder.Cond, 0, len(results))
 	for _, result := range results {
 		conds = append(conds, builder.Eq{"`index`": result.Index, "sha": result.SHA})
 	}
 	return contexts, getBase().And(builder.Or(conds...)).Select("context").Find(&contexts)
 }
 // NewCommitStatusOptions holds options for creating a CommitStatus
--- a/models/git/commit_status_test.go
+++ b/models/git/commit_status_test.go
@ -5,11 +5,15 @@ package git_test
 import (
 	"testing"
 	"time"
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
 	"code.gitea.io/gitea/modules/structs"
 	"github.com/stretchr/testify/assert"
@ -175,3 +179,55 @@ func Test_CalcCommitStatus(t *testing.T) {
 		assert.Equal(t, kase.expected, git_model.CalcCommitStatus(kase.statuses))
 	}
 }
 func TestFindRepoRecentCommitStatusContexts(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 	gitRepo, err := gitrepo.OpenRepository(git.DefaultContext, repo2)
 	assert.NoError(t, err)
 	defer gitRepo.Close()
 	commit, err := gitRepo.GetBranchCommit(repo2.DefaultBranch)
 	assert.NoError(t, err)
 	defer func() {
 		_, err := db.DeleteByBean(db.DefaultContext, &git_model.CommitStatus{
 			RepoID:    repo2.ID,
 			CreatorID: user2.ID,
 			SHA:       commit.ID.String(),
 		})
 		assert.NoError(t, err)
 	}()
 	err = git_model.NewCommitStatus(db.DefaultContext, git_model.NewCommitStatusOptions{
 		Repo:    repo2,
 		Creator: user2,
 		SHA:     commit.ID,
 		CommitStatus: &git_model.CommitStatus{
 			State:     structs.CommitStatusFailure,
 			TargetURL: "https://example.com/tests/",
 			Context:   "compliance/lint-backend",
 		},
 	})
 	assert.NoError(t, err)
 	err = git_model.NewCommitStatus(db.DefaultContext, git_model.NewCommitStatusOptions{
 		Repo:    repo2,
 		Creator: user2,
 		SHA:     commit.ID,
 		CommitStatus: &git_model.CommitStatus{
 			State:     structs.CommitStatusSuccess,
 			TargetURL: "https://example.com/tests/",
 			Context:   "compliance/lint-backend",
 		},
 	})
 	assert.NoError(t, err)
 	contexts, err := git_model.FindRepoRecentCommitStatusContexts(db.DefaultContext, repo2.ID, time.Hour)
 	assert.NoError(t, err)
 	if assert.Len(t, contexts, 1) {
 		assert.Equal(t, "compliance/lint-backend", contexts[0])
 	}
 }
--- a/models/git/lfs_lock.go
+++ b/models/git/lfs_lock.go
@ -6,6 +6,7 @@ package git
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strings"
 	"time"
@ -21,11 +22,12 @@ import (
 // LFSLock represents a git lfs lock of repository.
 type LFSLock struct {
-	ID      int64     `xorm:"pk autoincr"`
+	ID      int64            `xorm:"pk autoincr"`
-	RepoID  int64     `xorm:"INDEX NOT NULL"`
+	RepoID  int64            `xorm:"INDEX NOT NULL"`
-	OwnerID int64     `xorm:"INDEX NOT NULL"`
+	OwnerID int64            `xorm:"INDEX NOT NULL"`
-	Path    string    `xorm:"TEXT"`
+	Owner   *user_model.User `xorm:"-"`
-	Created time.Time `xorm:"created"`
+	Path    string           `xorm:"TEXT"`
 	Created time.Time        `xorm:"created"`
 }
 func init() {
@ -37,6 +39,35 @@ func (l *LFSLock) BeforeInsert() {
 	l.Path = util.PathJoinRel(l.Path)
 }
 // LoadAttributes loads attributes of the lock.
 func (l *LFSLock) LoadAttributes(ctx context.Context) error {
 	// Load owner
 	if err := l.LoadOwner(ctx); err != nil {
 		return fmt.Errorf("load owner: %w", err)
 	}
 	return nil
 }
 // LoadOwner loads owner of the lock.
 func (l *LFSLock) LoadOwner(ctx context.Context) error {
 	if l.Owner != nil {
 		return nil
 	}
 	owner, err := user_model.GetUserByID(ctx, l.OwnerID)
 	if err != nil {
 		if user_model.IsErrUserNotExist(err) {
 			l.Owner = user_model.NewGhostUser()
 			return nil
 		}
 		return err
 	}
 	l.Owner = owner
 	return nil
 }
 // CreateLFSLock creates a new lock.
 func CreateLFSLock(ctx context.Context, repo *repo_model.Repository, lock *LFSLock) (*LFSLock, error) {
 	dbCtx, committer, err := db.TxContext(ctx)
@ -94,7 +125,7 @@ func GetLFSLockByID(ctx context.Context, id int64) (*LFSLock, error) {
 }
 // GetLFSLockByRepoID returns a list of locks of repository.
-func GetLFSLockByRepoID(ctx context.Context, repoID int64, page, pageSize int) ([]*LFSLock, error) {
+func GetLFSLockByRepoID(ctx context.Context, repoID int64, page, pageSize int) (LFSLockList, error) {
 	e := db.GetEngine(ctx)
 	if page >= 0 && pageSize > 0 {
 		start := 0
@ -103,7 +134,7 @@ func GetLFSLockByRepoID(ctx context.Context, repoID int64, page, pageSize int) (
 		}
 		e.Limit(pageSize, start)
 	}
-	lfsLocks := make([]*LFSLock, 0, pageSize)
+	lfsLocks := make(LFSLockList, 0, pageSize)
 	return lfsLocks, e.Find(&lfsLocks, &LFSLock{RepoID: repoID})
 }
--- a/models/git/lfs_lock_list.go
+++ b/models/git/lfs_lock_list.go
@ -0,0 +1,54 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package git
 import (
 	"context"
 	"fmt"
 	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/container"
 )
 // LFSLockList is a list of LFSLock
 type LFSLockList []*LFSLock
 // LoadAttributes loads the attributes for the given locks
 func (locks LFSLockList) LoadAttributes(ctx context.Context) error {
 	if len(locks) == 0 {
 		return nil
 	}
 	if err := locks.LoadOwner(ctx); err != nil {
 		return fmt.Errorf("load owner: %w", err)
 	}
 	return nil
 }
 // LoadOwner loads the owner of the locks
 func (locks LFSLockList) LoadOwner(ctx context.Context) error {
 	if len(locks) == 0 {
 		return nil
 	}
 	usersIDs := container.FilterSlice(locks, func(lock *LFSLock) (int64, bool) {
 		return lock.OwnerID, true
 	})
 	users := make(map[int64]*user_model.User, len(usersIDs))
 	if err := db.GetEngine(ctx).
 		In("id", usersIDs).
 		Find(&users); err != nil {
 		return fmt.Errorf("find users: %w", err)
 	}
 	for _, v := range locks {
 		v.Owner = users[v.OwnerID]
 		if v.Owner == nil { // not exist
 			v.Owner = user_model.NewGhostUser()
 		}
 	}
 	return nil
 }
--- a/models/issues/issue_project.go
+++ b/models/issues/issue_project.go
@ -5,11 +5,11 @@ package issues
 import (
 	"context"
 	"fmt"
 	"code.gitea.io/gitea/models/db"
 	project_model "code.gitea.io/gitea/models/project"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/util"
 )
 // LoadProject load the project the issue was assigned to
@ -90,58 +90,73 @@ func LoadIssuesFromBoardList(ctx context.Context, bs project_model.BoardList) (m
 	return issuesMap, nil
 }
-// ChangeProjectAssign changes the project associated with an issue
+// IssueAssignOrRemoveProject changes the project associated with an issue
-func ChangeProjectAssign(ctx context.Context, issue *Issue, doer *user_model.User, newProjectID int64) error {
+// If newProjectID is 0, the issue is removed from the project
-	ctx, committer, err := db.TxContext(ctx)
+func IssueAssignOrRemoveProject(ctx context.Context, issue *Issue, doer *user_model.User, newProjectID, newColumnID int64) error {
-	if err != nil {
+	return db.WithTx(ctx, func(ctx context.Context) error {
-		return err
+		oldProjectID := issue.projectID(ctx)
 	}
 	defer committer.Close()
-	if err := addUpdateIssueProject(ctx, issue, doer, newProjectID); err != nil {
+		if err := issue.LoadRepo(ctx); err != nil {
 		return err
 	}
 	return committer.Commit()
 }
 func addUpdateIssueProject(ctx context.Context, issue *Issue, doer *user_model.User, newProjectID int64) error {
 	oldProjectID := issue.projectID(ctx)
 	if err := issue.LoadRepo(ctx); err != nil {
 		return err
 	}
 	// Only check if we add a new project and not remove it.
 	if newProjectID > 0 {
 		newProject, err := project_model.GetProjectByID(ctx, newProjectID)
 		if err != nil {
 			return err
 		}
-		if newProject.RepoID != issue.RepoID && newProject.OwnerID != issue.Repo.OwnerID {
+
-			return fmt.Errorf("issue's repository is not the same as project's repository")
+		// Only check if we add a new project and not remove it.
 		if newProjectID > 0 {
 			newProject, err := project_model.GetProjectByID(ctx, newProjectID)
 			if err != nil {
 				return err
 			}
 			if !newProject.CanBeAccessedByOwnerRepo(issue.Repo.OwnerID, issue.Repo) {
 				return util.NewPermissionDeniedErrorf("issue %d can't be accessed by project %d", issue.ID, newProject.ID)
 			}
 			if newColumnID == 0 {
 				newDefaultColumn, err := newProject.GetDefaultBoard(ctx)
 				if err != nil {
 					return err
 				}
 				newColumnID = newDefaultColumn.ID
 			}
 		}
 	}
-	if _, err := db.GetEngine(ctx).Where("project_issue.issue_id=?", issue.ID).Delete(&project_model.ProjectIssue{}); err != nil {
+		if _, err := db.GetEngine(ctx).Where("project_issue.issue_id=?", issue.ID).Delete(&project_model.ProjectIssue{}); err != nil {
 		return err
 	}
 	if oldProjectID > 0 || newProjectID > 0 {
 		if _, err := CreateComment(ctx, &CreateCommentOptions{
 			Type:         CommentTypeProject,
 			Doer:         doer,
 			Repo:         issue.Repo,
 			Issue:        issue,
 			OldProjectID: oldProjectID,
 			ProjectID:    newProjectID,
 		}); err != nil {
 			return err
 		}
 	}
-	return db.Insert(ctx, &project_model.ProjectIssue{
+		if oldProjectID > 0 || newProjectID > 0 {
-		IssueID:   issue.ID,
+			if _, err := CreateComment(ctx, &CreateCommentOptions{
-		ProjectID: newProjectID,
+				Type:         CommentTypeProject,
 				Doer:         doer,
 				Repo:         issue.Repo,
 				Issue:        issue,
 				OldProjectID: oldProjectID,
 				ProjectID:    newProjectID,
 			}); err != nil {
 				return err
 			}
 		}
 		if newProjectID == 0 {
 			return nil
 		}
 		if newColumnID == 0 {
 			panic("newColumnID must not be zero") // shouldn't happen
 		}
 		res := struct {
 			MaxSorting int64
 			IssueCount int64
 		}{}
 		if _, err := db.GetEngine(ctx).Select("max(sorting) as max_sorting, count(*) as issue_count").Table("project_issue").
 			Where("project_id=?", newProjectID).
 			And("project_board_id=?", newColumnID).
 			Get(&res); err != nil {
 			return err
 		}
 		newSorting := util.Iif(res.IssueCount > 0, res.MaxSorting+1, 0)
 		return db.Insert(ctx, &project_model.ProjectIssue{
 			IssueID:        issue.ID,
 			ProjectID:      newProjectID,
 			ProjectBoardID: newColumnID,
 			Sorting:        newSorting,
 		})
 	})
 }
--- a/models/issues/issue_update.go
+++ b/models/issues/issue_update.go
@ -21,6 +21,7 @@ import (
 	"code.gitea.io/gitea/modules/references"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 	"xorm.io/builder"
 )
@ -138,6 +139,7 @@ func ChangeIssueTitle(ctx context.Context, issue *Issue, doer *user_model.User,
 	}
 	defer committer.Close()
 	issue.Title, _ = util.SplitStringAtByteN(issue.Title, 255)
 	if err = UpdateIssueCols(ctx, issue, "name"); err != nil {
 		return fmt.Errorf("updateIssueCols: %w", err)
 	}
@ -381,6 +383,7 @@ func NewIssueWithIndex(ctx context.Context, doer *user_model.User, opts NewIssue
 }
 // NewIssue creates new issue with labels for repository.
 // The title will be cut off at 255 characters if it's longer than 255 characters.
 func NewIssue(ctx context.Context, repo *repo_model.Repository, issue *Issue, labelIDs []int64, uuids []string) (err error) {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
@ -394,6 +397,7 @@ func NewIssue(ctx context.Context, repo *repo_model.Repository, issue *Issue, la
 	}
 	issue.Index = idx
 	issue.Title, _ = util.SplitStringAtByteN(issue.Title, 255)
 	if err = NewIssueWithIndex(ctx, issue.Poster, NewIssueOptions{
 		Repo:        repo,
@ -429,62 +433,6 @@ func UpdateIssueMentions(ctx context.Context, issueID int64, mentions []*user_mo
 	return nil
 }
 // UpdateIssueByAPI updates all allowed fields of given issue.
 // If the issue status is changed a statusChangeComment is returned
 // similarly if the title is changed the titleChanged bool is set to true
 func UpdateIssueByAPI(ctx context.Context, issue *Issue, doer *user_model.User) (statusChangeComment *Comment, titleChanged bool, err error) {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return nil, false, err
 	}
 	defer committer.Close()
 	if err := issue.LoadRepo(ctx); err != nil {
 		return nil, false, fmt.Errorf("loadRepo: %w", err)
 	}
 	// Reload the issue
 	currentIssue, err := GetIssueByID(ctx, issue.ID)
 	if err != nil {
 		return nil, false, err
 	}
 	if _, err := db.GetEngine(ctx).ID(issue.ID).Cols(
 		"name", "content", "milestone_id", "priority",
 		"deadline_unix", "updated_unix", "is_locked").
 		Update(issue); err != nil {
 		return nil, false, err
 	}
 	titleChanged = currentIssue.Title != issue.Title
 	if titleChanged {
 		opts := &CreateCommentOptions{
 			Type:     CommentTypeChangeTitle,
 			Doer:     doer,
 			Repo:     issue.Repo,
 			Issue:    issue,
 			OldTitle: currentIssue.Title,
 			NewTitle: issue.Title,
 		}
 		_, err := CreateComment(ctx, opts)
 		if err != nil {
 			return nil, false, fmt.Errorf("createComment: %w", err)
 		}
 	}
 	if currentIssue.IsClosed != issue.IsClosed {
 		statusChangeComment, err = doChangeIssueStatus(ctx, issue, doer, false)
 		if err != nil {
 			return nil, false, err
 		}
 	}
 	if err := issue.AddCrossReferences(ctx, doer, true); err != nil {
 		return nil, false, err
 	}
 	return statusChangeComment, titleChanged, committer.Commit()
 }
 // UpdateIssueDeadline updates an issue deadline and adds comments. Setting a deadline to 0 means deleting it.
 func UpdateIssueDeadline(ctx context.Context, issue *Issue, deadlineUnix timeutil.TimeStamp, doer *user_model.User) (err error) {
 	// if the deadline hasn't changed do nothing
--- a/models/issues/milestone.go
+++ b/models/issues/milestone.go
@ -84,7 +84,7 @@ func (m *Milestone) BeforeUpdate() {
 // this object.
 func (m *Milestone) AfterLoad() {
 	m.NumOpenIssues = m.NumIssues - m.NumClosedIssues
-	if m.DeadlineUnix.Year() == 9999 {
+	if m.DeadlineUnix.Year() >= 9999 {
 		return
 	}
--- a/models/issues/pull.go
+++ b/models/issues/pull.go
@ -27,6 +27,8 @@ import (
 	"xorm.io/builder"
 )
 var ErrMustCollaborator = util.NewPermissionDeniedErrorf("user must be a collaborator")
 // ErrPullRequestNotExist represents a "PullRequestNotExist" kind of error.
 type ErrPullRequestNotExist struct {
 	ID         int64
@ -385,7 +387,7 @@ func (pr *PullRequest) getReviewedByLines(ctx context.Context, writer io.Writer)
 	// Note: This doesn't page as we only expect a very limited number of reviews
 	reviews, err := FindLatestReviews(ctx, FindReviewOptions{
-		Type:         ReviewTypeApprove,
+		Types:        []ReviewType{ReviewTypeApprove},
 		IssueID:      pr.IssueID,
 		OfficialOnly: setting.Repository.PullRequest.DefaultMergeMessageOfficialApproversOnly,
 	})
@ -430,6 +432,21 @@ func (pr *PullRequest) GetGitHeadBranchRefName() string {
 	return fmt.Sprintf("%s%s", git.BranchPrefix, pr.HeadBranch)
 }
 // GetReviewCommentsCount returns the number of review comments made on the diff of a PR review (not including comments on commits or issues in a PR)
 func (pr *PullRequest) GetReviewCommentsCount(ctx context.Context) int {
 	opts := FindCommentsOptions{
 		Type:    CommentTypeReview,
 		IssueID: pr.IssueID,
 	}
 	conds := opts.ToConds()
 	count, err := db.GetEngine(ctx).Where(conds).Count(new(Comment))
 	if err != nil {
 		return 0
 	}
 	return int(count)
 }
 // IsChecking returns true if this pull request is still checking conflict.
 func (pr *PullRequest) IsChecking() bool {
 	return pr.Status == PullRequestStatusChecking
@ -528,6 +545,7 @@ func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *Iss
 	}
 	issue.Index = idx
 	issue.Title, _ = util.SplitStringAtByteN(issue.Title, 255)
 	if err = NewIssueWithIndex(ctx, issue.Poster, NewIssueOptions{
 		Repo:        repo,
@ -556,6 +574,12 @@ func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *Iss
 	return nil
 }
 // ErrUserMustCollaborator represents an error that the user must be a collaborator to a given repo.
 type ErrUserMustCollaborator struct {
 	UserID   int64
 	RepoName string
 }
 // GetUnmergedPullRequest returns a pull request that is open and has not been merged
 // by given head/base and repo/branch.
 func GetUnmergedPullRequest(ctx context.Context, headRepoID, baseRepoID int64, headBranch, baseBranch string, flow PullRequestFlow) (*PullRequest, error) {
--- a/models/issues/review.go
+++ b/models/issues/review.go
@ -155,14 +155,14 @@ func (r *Review) LoadCodeComments(ctx context.Context) (err error) {
 	if r.CodeComments != nil {
 		return err
 	}
-	if err = r.loadIssue(ctx); err != nil {
+	if err = r.LoadIssue(ctx); err != nil {
 		return err
 	}
 	r.CodeComments, err = fetchCodeCommentsByReview(ctx, r.Issue, nil, r, false)
 	return err
 }
-func (r *Review) loadIssue(ctx context.Context) (err error) {
+func (r *Review) LoadIssue(ctx context.Context) (err error) {
 	if r.Issue != nil {
 		return err
 	}
@ -199,7 +199,7 @@ func (r *Review) LoadReviewerTeam(ctx context.Context) (err error) {
 // LoadAttributes loads all attributes except CodeComments
 func (r *Review) LoadAttributes(ctx context.Context) (err error) {
-	if err = r.loadIssue(ctx); err != nil {
+	if err = r.LoadIssue(ctx); err != nil {
 		return err
 	}
 	if err = r.LoadCodeComments(ctx); err != nil {
@ -364,7 +364,7 @@ func GetCurrentReview(ctx context.Context, reviewer *user_model.User, issue *Iss
 		return nil, nil
 	}
 	reviews, err := FindReviews(ctx, FindReviewOptions{
-		Type:       ReviewTypePending,
+		Types:      []ReviewType{ReviewTypePending},
 		IssueID:    issue.ID,
 		ReviewerID: reviewer.ID,
 	})
--- a/models/issues/review_list.go
+++ b/models/issues/review_list.go
@ -63,7 +63,7 @@ func (reviews ReviewList) LoadIssues(ctx context.Context) error {
 // FindReviewOptions represent possible filters to find reviews
 type FindReviewOptions struct {
 	db.ListOptions
-	Type         ReviewType
+	Types        []ReviewType
 	IssueID      int64
 	ReviewerID   int64
 	OfficialOnly bool
@ -78,8 +78,8 @@ func (opts *FindReviewOptions) toCond() builder.Cond {
 	if opts.ReviewerID > 0 {
 		cond = cond.And(builder.Eq{"reviewer_id": opts.ReviewerID})
 	}
-	if opts.Type != ReviewTypeUnknown {
+	if len(opts.Types) > 0 {
-		cond = cond.And(builder.Eq{"type": opts.Type})
+		cond = cond.And(builder.In("type", opts.Types))
 	}
 	if opts.OfficialOnly {
 		cond = cond.And(builder.Eq{"official": true})
--- a/models/issues/review_test.go
+++ b/models/issues/review_test.go
@ -63,7 +63,7 @@ func TestReviewType_Icon(t *testing.T) {
 func TestFindReviews(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	reviews, err := issues_model.FindReviews(db.DefaultContext, issues_model.FindReviewOptions{
-		Type:       issues_model.ReviewTypeApprove,
+		Types:      []issues_model.ReviewType{issues_model.ReviewTypeApprove},
 		IssueID:    2,
 		ReviewerID: 1,
 	})
@ -75,7 +75,7 @@ func TestFindReviews(t *testing.T) {
 func TestFindLatestReviews(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	reviews, err := issues_model.FindLatestReviews(db.DefaultContext, issues_model.FindReviewOptions{
-		Type:    issues_model.ReviewTypeApprove,
+		Types:   []issues_model.ReviewType{issues_model.ReviewTypeApprove},
 		IssueID: 11,
 	})
 	assert.NoError(t, err)
--- a/models/migrations/fixtures/Test_RepositoryFormat/review_state.yml
+++ b/models/migrations/fixtures/Test_RepositoryFormat/review_state.yml
@ -1,3 +1,5 @@
 -
  id: 1
  user_id: 1
  pull_id: 1
  commit_sha: 19fe5caf872476db265596eaac1dc35ad1c6422d
--- a/models/migrations/v1_21/v276.go
+++ b/models/migrations/v1_21/v276.go
@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/modules/git"
 	giturl "code.gitea.io/gitea/modules/git/url"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"xorm.io/xorm"
 )
@ -163,7 +164,9 @@ func migratePushMirrors(x *xorm.Engine) error {
 func getRemoteAddress(ownerName, repoName, remoteName string) (string, error) {
 	repoPath := filepath.Join(setting.RepoRootPath, strings.ToLower(ownerName), strings.ToLower(repoName)+".git")
-
+	if exist, _ := util.IsExist(repoPath); !exist {
 		return "", nil
 	}
 	remoteURL, err := git.GetRemoteAddress(context.Background(), repoPath, remoteName)
 	if err != nil {
 		return "", fmt.Errorf("get remote %s's address of %s/%s failed: %v", remoteName, ownerName, repoName, err)
--- a/models/migrations/v1_22/v286.go
+++ b/models/migrations/v1_22/v286.go
@ -36,9 +36,9 @@ func expandHashReferencesToSha256(x *xorm.Engine) error {
 		if setting.Database.Type.IsMSSQL() {
 			// drop indexes that need to be re-created afterwards
 			droppedIndexes := []string{
-				"DROP INDEX IF EXISTS [IDX_commit_status_context_hash] ON [commit_status]",
+				"DROP INDEX [IDX_commit_status_context_hash] ON [commit_status]",
-				"DROP INDEX IF EXISTS [UQE_review_state_pull_commit_user] ON [review_state]",
+				"DROP INDEX [UQE_review_state_pull_commit_user] ON [review_state]",
-				"DROP INDEX IF EXISTS [UQE_repo_archiver_s] ON [repo_archiver]",
+				"DROP INDEX [UQE_repo_archiver_s] ON [repo_archiver]",
 			}
 			for _, s := range droppedIndexes {
 				_, err := db.Exec(s)
@ -92,7 +92,7 @@ func addObjectFormatNameToRepository(x *xorm.Engine) error {
 	// Here to catch weird edge-cases where column constraints above are
 	// not applied by the DB backend
-	_, err := x.Exec("UPDATE repository set object_format_name = 'sha1' WHERE object_format_name = '' or object_format_name IS NULL")
+	_, err := x.Exec("UPDATE `repository` set `object_format_name` = 'sha1' WHERE `object_format_name` = '' or `object_format_name` IS NULL")
 	return err
 }
--- a/models/migrations/v1_22/v286_test.go
+++ b/models/migrations/v1_22/v286_test.go
@ -19,21 +19,21 @@ func PrepareOldRepository(t *testing.T) (*xorm.Engine, func()) {
 	type CommitStatus struct {
 		ID          int64
-		ContextHash string
+		ContextHash string `xorm:"char(40) index"`
 	}
 	type RepoArchiver struct {
 		ID       int64
-		RepoID   int64
+		RepoID   int64  `xorm:"index unique(s)"`
-		Type     int
+		Type     int    `xorm:"unique(s)"`
-		CommitID string
+		CommitID string `xorm:"VARCHAR(40) unique(s)"`
 	}
 	type ReviewState struct {
 		ID        int64
-		CommitSHA string
+		UserID    int64  `xorm:"NOT NULL UNIQUE(pull_commit_user)"`
-		UserID    int64
+		PullID    int64  `xorm:"NOT NULL INDEX UNIQUE(pull_commit_user) DEFAULT 0"`
-		PullID    int64
+		CommitSHA string `xorm:"NOT NULL VARCHAR(40) UNIQUE(pull_commit_user)"`
 	}
 	type Comment struct {
--- a/models/organization/org_user_test.go
+++ b/models/organization/org_user_test.go
@ -81,7 +81,7 @@ func TestUserListIsPublicMember(t *testing.T) {
 		{3, map[int64]bool{2: true, 4: false, 28: true}},
 		{6, map[int64]bool{5: true, 28: true}},
 		{7, map[int64]bool{5: false}},
-		{25, map[int64]bool{24: true}},
+		{25, map[int64]bool{12: true, 24: true}},
 		{22, map[int64]bool{}},
 	}
 	for _, v := range tt {
@ -108,8 +108,8 @@ func TestUserListIsUserOrgOwner(t *testing.T) {
 		{3, map[int64]bool{2: true, 4: false, 28: false}},
 		{6, map[int64]bool{5: true, 28: false}},
 		{7, map[int64]bool{5: true}},
-		{25, map[int64]bool{24: false}}, // ErrTeamNotExist
+		{25, map[int64]bool{12: true, 24: false}}, // ErrTeamNotExist
-		{22, map[int64]bool{}},          // No member
+		{22, map[int64]bool{}},                    // No member
 	}
 	for _, v := range tt {
 		t.Run(fmt.Sprintf("IsUserOrgOwnerOfOrgId%d", v.orgid), func(t *testing.T) {
--- a/models/organization/team_repo.go
+++ b/models/organization/team_repo.go
@ -9,6 +9,7 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	"xorm.io/builder"
 )
@ -83,3 +84,16 @@ func GetTeamsWithAccessToRepo(ctx context.Context, orgID, repoID int64, mode per
 		OrderBy("name").
 		Find(&teams)
 }
 // GetTeamsWithAccessToRepoUnit returns all teams in an organization that have given access level to the repository special unit.
 func GetTeamsWithAccessToRepoUnit(ctx context.Context, orgID, repoID int64, mode perm.AccessMode, unitType unit.Type) ([]*Team, error) {
 	teams := make([]*Team, 0, 5)
 	return teams, db.GetEngine(ctx).Where("team_unit.access_mode >= ?", mode).
 		Join("INNER", "team_repo", "team_repo.team_id = team.id").
 		Join("INNER", "team_unit", "team_unit.team_id = team.id").
 		And("team_repo.org_id = ?", orgID).
 		And("team_repo.repo_id = ?", repoID).
 		And("team_unit.type = ?", unitType).
 		OrderBy("name").
 		Find(&teams)
 }
--- a/models/organization/team_repo_test.go
+++ b/models/organization/team_repo_test.go
@ -0,0 +1,31 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package organization_test
 import (
 	"testing"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
 	"github.com/stretchr/testify/assert"
 )
 func TestGetTeamsWithAccessToRepoUnit(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	org41 := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 41})
 	repo61 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 61})
 	teams, err := organization.GetTeamsWithAccessToRepoUnit(db.DefaultContext, org41.ID, repo61.ID, perm.AccessModeRead, unit.TypePullRequests)
 	assert.NoError(t, err)
 	if assert.Len(t, teams, 2) {
 		assert.EqualValues(t, 21, teams[0].ID)
 		assert.EqualValues(t, 22, teams[1].ID)
 	}
 }
--- a/models/packages/debian/search.go
+++ b/models/packages/debian/search.go
@ -75,26 +75,27 @@ func ExistPackages(ctx context.Context, opts *PackageSearchOptions) (bool, error
 }
 // SearchPackages gets the packages matching the search options
-func SearchPackages(ctx context.Context, opts *PackageSearchOptions, iter func(*packages.PackageFileDescriptor)) error {
+func SearchPackages(ctx context.Context, opts *PackageSearchOptions) ([]*packages.PackageFileDescriptor, error) {
-	return db.GetEngine(ctx).
+	var pkgFiles []*packages.PackageFile
 	err := db.GetEngine(ctx).
 		Table("package_file").
 		Select("package_file.*").
 		Join("INNER", "package_version", "package_version.id = package_file.version_id").
 		Join("INNER", "package", "package.id = package_version.package_id").
 		Where(opts.toCond()).
-		Asc("package.lower_name", "package_version.created_unix").
+		Asc("package.lower_name", "package_version.created_unix").Find(&pkgFiles)
-		Iterate(new(packages.PackageFile), func(_ int, bean any) error {
+	if err != nil {
-			pf := bean.(*packages.PackageFile)
+		return nil, err
-
+	}
-			pfd, err := packages.GetPackageFileDescriptor(ctx, pf)
+	pfds := make([]*packages.PackageFileDescriptor, 0, len(pkgFiles))
-			if err != nil {
+	for _, pf := range pkgFiles {
-				return err
+		pfd, err := packages.GetPackageFileDescriptor(ctx, pf)
-			}
+		if err != nil {
-
+			return nil, err
-			iter(pfd)
+		}
-
+		pfds = append(pfds, pfd)
-			return nil
+	}
-		})
+	return pfds, nil
 }
 // GetDistributions gets all available distributions
--- a/models/project/board.go
+++ b/models/project/board.go
@ -5,12 +5,14 @@ package project
 import (
 	"context"
 	"errors"
 	"fmt"
 	"regexp"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 	"xorm.io/builder"
 )
@ -82,6 +84,17 @@ func (b *Board) NumIssues(ctx context.Context) int {
 	return int(c)
 }
 func (b *Board) GetIssues(ctx context.Context) ([]*ProjectIssue, error) {
 	issues := make([]*ProjectIssue, 0, 5)
 	if err := db.GetEngine(ctx).Where("project_id=?", b.ProjectID).
 		And("project_board_id=?", b.ID).
 		OrderBy("sorting, id").
 		Find(&issues); err != nil {
 		return nil, err
 	}
 	return issues, nil
 }
 func init() {
 	db.RegisterModel(new(Board))
 }
@ -150,12 +163,27 @@ func createBoardsForProjectsType(ctx context.Context, project *Project) error {
 	return db.Insert(ctx, boards)
 }
 // maxProjectColumns max columns allowed in a project, this should not bigger than 127
 // because sorting is int8 in database
 const maxProjectColumns = 20
 // NewBoard adds a new project board to a given project
 func NewBoard(ctx context.Context, board *Board) error {
 	if len(board.Color) != 0 && !BoardColorPattern.MatchString(board.Color) {
 		return fmt.Errorf("bad color code: %s", board.Color)
 	}
-
+	res := struct {
 		MaxSorting  int64
 		ColumnCount int64
 	}{}
 	if _, err := db.GetEngine(ctx).Select("max(sorting) as max_sorting, count(*) as column_count").Table("project_board").
 		Where("project_id=?", board.ProjectID).Get(&res); err != nil {
 		return err
 	}
 	if res.ColumnCount >= maxProjectColumns {
 		return fmt.Errorf("NewBoard: maximum number of columns reached")
 	}
 	board.Sorting = int8(util.Iif(res.ColumnCount > 0, res.MaxSorting+1, 0))
 	_, err := db.GetEngine(ctx).Insert(board)
 	return err
 }
@ -189,7 +217,17 @@ func deleteBoardByID(ctx context.Context, boardID int64) error {
 		return fmt.Errorf("deleteBoardByID: cannot delete default board")
 	}
-	if err = board.removeIssues(ctx); err != nil {
+	// move all issues to the default column
 	project, err := GetProjectByID(ctx, board.ProjectID)
 	if err != nil {
 		return err
 	}
 	defaultColumn, err := project.GetDefaultBoard(ctx)
 	if err != nil {
 		return err
 	}
 	if err = board.moveIssuesToAnotherColumn(ctx, defaultColumn); err != nil {
 		return err
 	}
@ -242,21 +280,15 @@ func UpdateBoard(ctx context.Context, board *Board) error {
 // GetBoards fetches all boards related to a project
 func (p *Project) GetBoards(ctx context.Context) (BoardList, error) {
 	boards := make([]*Board, 0, 5)
-
+	if err := db.GetEngine(ctx).Where("project_id=?", p.ID).OrderBy("sorting, id").Find(&boards); err != nil {
 	if err := db.GetEngine(ctx).Where("project_id=? AND `default`=?", p.ID, false).OrderBy("sorting").Find(&boards); err != nil {
 		return nil, err
 	}
-	defaultB, err := p.getDefaultBoard(ctx)
+	return boards, nil
 	if err != nil {
 		return nil, err
 	}
 	return append([]*Board{defaultB}, boards...), nil
 }
-// getDefaultBoard return default board and ensure only one exists
+// GetDefaultBoard return default board and ensure only one exists
-func (p *Project) getDefaultBoard(ctx context.Context) (*Board, error) {
+func (p *Project) GetDefaultBoard(ctx context.Context) (*Board, error) {
 	var board Board
 	has, err := db.GetEngine(ctx).
 		Where("project_id=? AND `default` = ?", p.ID, true).
@ -316,3 +348,42 @@ func UpdateBoardSorting(ctx context.Context, bs BoardList) error {
 		return nil
 	})
 }
 func GetColumnsByIDs(ctx context.Context, projectID int64, columnsIDs []int64) (BoardList, error) {
 	columns := make([]*Board, 0, 5)
 	if err := db.GetEngine(ctx).
 		Where("project_id =?", projectID).
 		In("id", columnsIDs).
 		OrderBy("sorting").Find(&columns); err != nil {
 		return nil, err
 	}
 	return columns, nil
 }
 // MoveColumnsOnProject sorts columns in a project
 func MoveColumnsOnProject(ctx context.Context, project *Project, sortedColumnIDs map[int64]int64) error {
 	return db.WithTx(ctx, func(ctx context.Context) error {
 		sess := db.GetEngine(ctx)
 		columnIDs := util.ValuesOfMap(sortedColumnIDs)
 		movedColumns, err := GetColumnsByIDs(ctx, project.ID, columnIDs)
 		if err != nil {
 			return err
 		}
 		if len(movedColumns) != len(sortedColumnIDs) {
 			return errors.New("some columns do not exist")
 		}
 		for _, column := range movedColumns {
 			if column.ProjectID != project.ID {
 				return fmt.Errorf("column[%d]'s projectID is not equal to project's ID [%d]", column.ProjectID, project.ID)
 			}
 		}
 		for sorting, columnID := range sortedColumnIDs {
 			if _, err := sess.Exec("UPDATE `project_board` SET sorting=? WHERE id=?", sorting, columnID); err != nil {
 				return err
 			}
 		}
 		return nil
 	})
 }
--- a/Show More
+++ b/Show More