[v12.0/forgejo] i18n: update of translations from Codeberg Translate (#8534 )

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8534 Reviewed-by: Gusted <gusted@noreply.codeberg.org>
[v12.0/forgejo] i18n: update of translations from Codeberg Translate
2025-09-14 14:57:21 +00:00 · 2025-07-16 22:14:57 +02:00 · 2025-07-16 22:49:59 +05:00 · 2025-07-16 19:33:28 +02:00 · 2025-07-16 21:54:14 +05:00 · 2025-07-16 21:52:50 +05:00
1357 changed files with 16375 additions and 36570 deletions
--- a/.deadcode-out
+++ b/.deadcode-out
@ -13,6 +13,13 @@ forgejo.org/models
 	IsErrSHANotFound
 	IsErrMergeDivergingFastForwardOnly

+forgejo.org/models/activities
+	GetActivityByID
+	NewFederatedUserActivity
+	CreateUserActivity
+	GetFollowingFeeds
+	FederatedUserActivity.loadActor
+
 forgejo.org/models/auth
 	WebAuthnCredentials

@ -20,13 +27,15 @@ forgejo.org/models/db
 	TruncateBeans
 	InTransaction
 	DumpTables
-	GetTableNames

 forgejo.org/models/dbfs
 	file.renameTo
 	Create
 	Rename

+forgejo.org/models/forgefed
+	GetFederationHost
+
 forgejo.org/models/forgejo/semver
 	GetVersion
 	SetVersionString
@ -52,10 +61,17 @@ forgejo.org/models/user
 	IsErrExternalLoginUserAlreadyExist
 	IsErrExternalLoginUserNotExist
 	NewFederatedUser
+	NewFederatedUserFollower
 	IsErrUserSettingIsNotExist
 	GetUserAllSettings
 	DeleteUserSetting
 	GetFederatedUser
+	GetFederatedUserByUserID
+	UpdateFederatedUser
+	GetFollowersForUser
+	AddFollower
+	RemoveFollower
+	IsFollowingAp

 forgejo.org/modules/activitypub
 	NewContext
@ -86,14 +102,24 @@ forgejo.org/modules/eventsource
 	Event.String

 forgejo.org/modules/forgefed
+	NewForgeFollowFromAp
 	NewForgeFollow
+	ForgeFollow.MarshalJSON
+	ForgeFollow.UnmarshalJSON
+	ForgeFollow.Validate
 	NewForgeUndoLike
 	ForgeUndoLike.UnmarshalJSON
 	ForgeUndoLike.Validate
+	NewForgeUserActivityFromAp
+	NewForgeUserActivity
+	ForgeUserActivity.Validate
 	NewPersonIDFromModel
 	GetItemByType
 	JSONUnmarshalerFn
 	NotEmpty
+	NewForgeUserActivityNoteFromAp
+	newNote
+	ForgeUserActivityNote.Validate
 	ToRepository
 	OnRepository

@ -205,6 +231,7 @@ forgejo.org/modules/util/filebuffer

 forgejo.org/modules/validation
 	IsErrNotValid
+	ValidateIDExists

 forgejo.org/modules/web
 	RouteMock
@ -221,9 +248,6 @@ forgejo.org/routers/web/org
 forgejo.org/services/context
 	GetPrivateContext

-forgejo.org/services/federation
-	FollowRemoteActor
-
 forgejo.org/services/repository
 	IsErrForkAlreadyExist

--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -6,7 +6,7 @@
    "ghcr.io/devcontainers/features/node:1": {
      "version": "22"
    },
-    "ghcr.io/devcontainers/features/git-lfs:1.2.5": {},
+    "ghcr.io/devcontainers/features/git-lfs:1.2.4": {},
    "ghcr.io/warrenbuckley/codespace-features/sqlite:1": {}
  },
  "customizations": {
--- a/.forgejo/issue_template/bug-report-ui.yaml
+++ b/.forgejo/issue_template/bug-report-ui.yaml
@ -23,9 +23,8 @@ body:
      It is running the latest development branch and will confirm the problem is not already fixed.
      If you can reproduce it, provide a URL in the description.
    options:
-    - "Yes, I've linked the repository below"
-    - "No, I've tried it and the problem is not present there"
-    - "No, I can't try it on the test instance for some reason"
+    - "Yes"
+    - "No"
  validations:
    required: true
 - type: textarea
--- a/.forgejo/issue_template/bug-report.yaml
+++ b/.forgejo/issue_template/bug-report.yaml
@ -23,9 +23,8 @@ body:
      It is running the latest development branch and will confirm the problem is not already fixed.
      If you can reproduce it, provide a URL in the description.
    options:
-    - "Yes, I've linked the repository below"
-    - "No, I've tried it and the problem is not present there"
-    - "No, I can't try it on the test instance for some reason"
+    - "Yes"
+    - "No"
  validations:
    required: true
 - type: textarea
--- a/.forgejo/workflows-composite/install-minimum-git-version/action.yaml
+++ b/.forgejo/workflows-composite/install-minimum-git-version/action.yaml
@ -1,22 +0,0 @@
-#
-# Install the minimal version of Git supported by Forgejo
-#
-runs:
-  using: "composite"
-  steps:
-    - name: install git and git-lfs
-      run: |
-        set -x
-
-        export DEBIAN_FRONTEND=noninteractive
-
-        apt-get update -qq
-        apt-get -q install -y -qq curl ca-certificates
-
-        curl -sS -o /tmp/git-man.deb http://archive.ubuntu.com/ubuntu/pool/main/g/git/git-man_2.34.1-1ubuntu1_all.deb
-        curl -sS -o /tmp/git.deb https://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.34.1-1ubuntu1_amd64.deb
-        curl -sS -o /tmp/git-lfs.deb https://archive.ubuntu.com/ubuntu/pool/universe/g/git-lfs/git-lfs_3.0.2-1_amd64.deb
-
-        apt-get -q install --allow-downgrades -y -qq /tmp/git-man.deb
-        apt-get -q install --allow-downgrades -y -qq /tmp/git.deb
-        apt-get -q install --allow-downgrades -y -qq /tmp/git-lfs.deb
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@ -28,7 +28,7 @@ jobs:
      - uses: https://data.forgejo.org/actions/checkout@v4

      - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.0.3
+        uses: https://data.forgejo.org/actions/setup-forgejo@v2.0.4
        with:
          user: root
          password: admin1234
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@ -164,7 +164,7 @@ jobs:

      - name: build container & release
        if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.4.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.3.5
        with:
          forgejo: "${{ env.GITHUB_SERVER_URL }}"
          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
@ -183,7 +183,7 @@ jobs:

      - name: build rootless container
        if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.4.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.3.5
        with:
          forgejo: "${{ env.GITHUB_SERVER_URL }}"
          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
@ -201,7 +201,7 @@ jobs:

      - name: end-to-end tests
        if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' && vars.SKIP_END_TO_END != 'true' }}
-        uses: https://data.forgejo.org/actions/cascading-pr@v2.3.0
+        uses: https://data.forgejo.org/actions/cascading-pr@v2.2.0
        with:
          origin-url: ${{ env.GITHUB_SERVER_URL }}
          origin-repo: ${{ github.repository }}
@ -212,7 +212,6 @@ jobs:
          destination-repo: forgejo/end-to-end
          destination-branch: main
          destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }}
-          close: true
          update: .forgejo/cascading-release-end-to-end

      - name: copy to experimental
--- a/.forgejo/workflows/cascade-setup-end-to-end.yml
+++ b/.forgejo/workflows/cascade-setup-end-to-end.yml
@ -41,7 +41,7 @@ jobs:
        with:
          fetch-depth: '0'
          show-progress: 'false'
-      - uses: https://data.forgejo.org/actions/cascading-pr@v2.3.0
+      - uses: https://data.forgejo.org/actions/cascading-pr@v2.2.0
        with:
          origin-url: ${{ env.GITHUB_SERVER_URL }}
          origin-repo: ${{ github.repository }}
@ -53,5 +53,5 @@ jobs:
          destination-repo: forgejo/end-to-end
          destination-branch: main
          destination-token: ${{ secrets.END_TO_END_CASCADING_PR_DESTINATION }}
-          close: true
+          close-merge: true
          update: .forgejo/cascading-pr-end-to-end
--- a/.forgejo/workflows/coverage.yml
+++ b/.forgejo/workflows/coverage.yml
@ -1,89 +0,0 @@
-name: coverage
-
-on:
-  workflow_dispatch:
-    inputs:
-      repository:
-        description: 'repository'
-        type: string
-      ref:
-        description: 'ref'
-        type: string
-      unit-tests-env:
-        description: 'COVERAGE_TEST_PACKAGES=forgejo.org/modules/actions'
-        type: string
-      integration-tests-env:
-        description: 'COVERAGE_TEST_ARGS=-run=TestAPIListRepoComments'
-        type: string
-
-jobs:
-  all:
-    runs-on: docker
-    container:
-      image: 'data.forgejo.org/oci/ci:1'
-      options: --tmpfs /tmp:exec,noatime
-    services:
-      elasticsearch:
-        image: data.forgejo.org/oci/bitnami/elasticsearch:7
-        options: --tmpfs /bitnami/elasticsearch/data
-        env:
-          discovery.type: single-node
-          ES_JAVA_OPTS: "-Xms512m -Xmx512m"
-      minio:
-        image: data.forgejo.org/oci/bitnami/minio:2024.8.17
-        options: >-
-          --hostname gitea.minio --tmpfs /bitnami/minio/data:noatime
-        env:
-          MINIO_DOMAIN: minio
-          MINIO_ROOT_USER: 123456
-          MINIO_ROOT_PASSWORD: 12345678
-      mysql:
-        image: 'data.forgejo.org/oci/bitnami/mysql:8.4'
-        env:
-          ALLOW_EMPTY_PASSWORD: yes
-          MYSQL_DATABASE: testgitea
-          #
-          # See also https://codeberg.org/forgejo/forgejo/issues/976
-          #
-          MYSQL_EXTRA_FLAGS: --innodb-adaptive-flushing=OFF --innodb-buffer-pool-size=4G --innodb-log-buffer-size=128M --innodb-flush-log-at-trx-commit=0 --innodb-flush-log-at-timeout=30 --innodb-flush-method=nosync --innodb-fsync-threshold=1000000000 --disable-log-bin
-        options: --tmpfs /bitnami/mysql/data:noatime
-      ldap:
-        image: data.forgejo.org/oci/test-openldap:latest
-      pgsql:
-        image: data.forgejo.org/oci/bitnami/postgresql:16
-        env:
-          POSTGRESQL_DATABASE: test
-          POSTGRESQL_PASSWORD: postgres
-          POSTGRESQL_FSYNC: off
-          POSTGRESQL_EXTRA_FLAGS: -c full_page_writes=off
-        options: --tmpfs /bitnami/postgresql
-      cacher:
-        image: registry.redict.io/redict:7.3.5-scratch
-        options: --tmpfs /data:noatime
-    steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
-        with:
-          repository: ${{ inputs.repository }}
-          ref: ${{ inputs.ref }}
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
-        with:
-          packages: git
-      - uses: ./.forgejo/workflows-composite/build-backend
-      - run: |
-          su forgejo -c '${{ inputs.unit-tests-env }} make coverage-run'
-          su forgejo -c '${{ inputs.integration-tests-env }} make coverage-run-pgsql'
-          su forgejo -c '${{ inputs.integration-tests-env }} make coverage-run-mysql'
-          su forgejo -c '${{ inputs.integration-tests-env }} make coverage-run-sqlite'
-          su forgejo -c 'make coverage-merge'
-        timeout-minutes: 180
-        env:
-          TEST_ELASTICSEARCH_URL: http://elasticsearch:9200
-          TEST_MINIO_ENDPOINT: minio:9000
-          TEST_LDAP: 1
-          TEST_REDIS_SERVER: cacher:6379
-      - uses: https://code.forgejo.org/forgejo/upload-artifact@v4
-        with:
-          name: coverage
-          path: ${{ forge.workspace }}/coverage/merged
--- a/.forgejo/workflows/merge-requirements.yml
+++ b/.forgejo/workflows/merge-requirements.yml
@ -1,4 +1,4 @@
-# Copyright 2025 The Forgejo Authors
+# Copyright 2024 The Forgejo Authors
 # SPDX-License-Identifier: MIT

 name: requirements
@ -13,8 +13,7 @@ on:

 jobs:
  merge-conditions:
-    if: >
-      vars.ROLE == 'forgejo-coding' && forge.event.pull_request.head.repo.full_name != 'forgejo-cascading-pr/forgejo'
+    if: vars.ROLE == 'forgejo-coding'
    runs-on: docker
    container:
      image: 'data.forgejo.org/oci/node:22-bookworm'
@ -27,9 +26,9 @@ jobs:
      - name: Missing test label
        if: >
          !(
-            contains(toJSON(forge.event.pull_request.labels), 'test/present')
-            || contains(toJSON(forge.event.pull_request.labels), 'test/not-needed')
-            || contains(toJSON(forge.event.pull_request.labels), 'test/manual')
+            contains(toJSON(github.event.pull_request.labels), 'test/present')
+            || contains(toJSON(github.event.pull_request.labels), 'test/not-needed')
+            || contains(toJSON(github.event.pull_request.labels), 'test/manual')
          )
        run: |
          echo "A team member must set the label to either 'present', 'not-needed' or 'manual'."
@ -37,8 +36,8 @@ jobs:
      - name: Missing manual test instructions
        if: >
          (
-            contains(toJSON(forge.event.pull_request.labels), 'test/manual')
-            && !contains(toJSON(forge.event.pull_request.body), '# Test')
+            contains(toJSON(github.event.pull_request.labels), 'test/manual')
+            && !contains(toJSON(github.event.pull_request.body), '# Test')
          )
        run: |
          echo "Manual test label is set. The PR description needs to contain test steps introduced by a heading like:"
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@ -44,7 +44,7 @@ jobs:
      - uses: https://data.forgejo.org/actions/checkout@v4

      - name: copy & sign
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.4.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.3.5
        with:
          from-forgejo: ${{ vars.FORGEJO }}
          to-forgejo: ${{ vars.FORGEJO }}
@ -80,7 +80,7 @@ jobs:
          label: trigger

      - name: upgrade v*.next.forgejo.org
-        uses: https://data.forgejo.org/infrastructure/next-digest@v1.2.2
+        uses: https://data.forgejo.org/infrastructure/next-digest@v1.1.0
        with:
          url: https://placeholder:${{ secrets.TOKEN_NEXT_DIGEST }}@invisible.forgejo.org/infrastructure/next-digest
          ref_name: '${{ github.ref_name }}'
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@ -5,34 +5,32 @@ on:
    - cron: '@daily'

 env:
-  RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.4.1 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.2.5 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org

 jobs:
  release-notes:
    if: vars.ROLE == 'forgejo-coding'
    runs-on: docker
    container:
-      image: 'data.forgejo.org/oci/ci:1'
+      image: 'data.forgejo.org/oci/node:22-bookworm'
    steps:
      - uses: https://data.forgejo.org/actions/checkout@v4

-      - uses: https://data.forgejo.org/actions/cache@v4
+      - uses: https://data.forgejo.org/actions/setup-go@v5
        with:
-          key: rna-${{ env.RNA_VERSION }}
-          path: ${{ env.RNA_WORKDIR }}
+          go-version-file: "go.mod"
+          cache: false

-      - name: install release-notes-assistant
+      - name: apt install jq
        run: |
-          set -x
-          wget -O /usr/local/bin/rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/${{ env.RNA_VERSION}}/release-notes-assistant
-          chmod +x /usr/local/bin/rna
+          export DEBIAN_FRONTEND=noninteractive
+          apt-get update -qq
+          apt-get -q install -y -qq jq

      - name: update open milestones
        run: |
          set -x
-          mkdir -p ${{ env.RNA_WORKDIR }}
-          curl -sS $FORGEJO_SERVER_URL/api/v1/repos/$FORGEJO_REPOSITORY/milestones?state=open | jq -r '.[] | .title' | while read forgejo version ; do
+          curl -sS $GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/milestones?state=open | jq -r '.[] | .title' | while read forgejo version ; do
            milestone="$forgejo $version"
-            rna --workdir ${{ env.RNA_WORKDIR }} --config .release-notes-assistant.yaml --storage milestone --storage-location "$milestone" --forgejo-url $FORGEJO_SERVER_URL --repository $FORGEJO_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} release $version
+            go run code.forgejo.org/forgejo/release-notes-assistant@$RNA_VERSION --config .release-notes-assistant.yaml --storage milestone --storage-location "$milestone"  --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} release $version
          done
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@ -8,7 +8,7 @@ on:
      - labeled

 env:
-  RNA_VERSION: v1.4.1 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.2.5 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org

 jobs:
  release-notes:
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@ -28,7 +28,7 @@ jobs:

    runs-on: docker
    container:
-      image: data.forgejo.org/renovate/renovate:41.76.0
+      image: data.forgejo.org/renovate/renovate:41.1.4

    steps:
      - name: Load renovate repo cache
@ -49,7 +49,7 @@ jobs:
          LOG_LEVEL: debug
          RENOVATE_BASE_DIR: ${{ github.workspace }}/.tmp
          RENOVATE_ENDPOINT: ${{ github.server_url }}
-          RENOVATE_PLATFORM: forgejo
+          RENOVATE_PLATFORM: gitea
          RENOVATE_REPOSITORY_CACHE: 'enabled'
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          RENOVATE_GIT_AUTHOR: 'Renovate Bot <forgejo-renovate-action@forgejo.org>'
@ -63,10 +63,6 @@ jobs:

          OSV_OFFLINE_ROOT_DIR: ${{ github.workspace }}/.tmp/osv

-          # use direct connection for these domains for renovate go datasource instead of the go proxy
-          # allows faster lookups
-          GONOPROXY: code.forgejo.org
-
      - name: Save renovate repo cache
        if: always() && env.RENOVATE_DRY_RUN != 'full'
        uses: https://data.forgejo.org/actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
--- a/.forgejo/workflows/testing-integration.yml
+++ b/.forgejo/workflows/testing-integration.yml
@ -1,8 +1,7 @@
 #
 # Additional integration tests designed to run once a day when
 # `mirror.yml` pushes to https://codeberg.org/forgejo-integration/forgejo
-# and send a notification via email to the contact email of the
-# organization should they fail.
+# and send a notification via email should they fail.
 #
 # For debug purposes:
 #
@ -23,8 +22,6 @@ on:
      - 'forgejo'
      - 'v*/forgejo'

-enable-email-notifications: true
-
 jobs:
  test-unit:
 #    if: vars.ROLE == 'forgejo-coding'
@ -36,8 +33,11 @@ jobs:
    steps:
      - uses: https://data.forgejo.org/actions/checkout@v4
      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install git 2.34.1 and git-lfs 3.0.2
-        uses: ./.forgejo/workflows-composite/install-minimum-git-version
+      - name: install git 2.30
+        uses: ./.forgejo/workflows-composite/apt-install-from
+        with:
+          packages: git/bullseye git-lfs/bullseye
+          release: bullseye
      - uses: ./.forgejo/workflows-composite/build-backend
      - run: |
          su forgejo -c 'make test-backend test-check'
@ -55,8 +55,11 @@ jobs:
    steps:
      - uses: https://data.forgejo.org/actions/checkout@v4
      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install git 2.34.1 and git-lfs 3.0.2
-        uses: ./.forgejo/workflows-composite/install-minimum-git-version
+      - name: install git 2.30
+        uses: ./.forgejo/workflows-composite/apt-install-from
+        with:
+          packages: git/bullseye git-lfs/bullseye
+          release: bullseye
      - uses: ./.forgejo/workflows-composite/build-backend
      - run: |
          su forgejo -c 'make test-sqlite-migration test-sqlite'
@ -66,34 +69,3 @@ jobs:
          RACE_ENABLED: true
          TEST_TAGS: sqlite sqlite_unlock_notify
          USE_REPO_TEST_DIR: 1
-  test-mariadb:
-#    if: vars.ROLE == 'forgejo-coding'
-    if: vars.ROLE == 'forgejo-integration'
-    runs-on: docker
-    name: ${{ format('test-mariadb (v{0})', matrix.version) }}
-    strategy:
-      matrix:
-        version: ['10.6', '11.8']
-    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
-      options: --tmpfs /tmp:exec,noatime
-    services:
-      mysql:
-        image: ${{ format('data.forgejo.org/oci/mariadb:{0}', matrix.version) }}
-        env:
-          MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: yes
-          MARIADB_DATABASE: testgitea
-        options: --tmpfs /var/lib/mysql:noatime
-    steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install dependencies & git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
-        with:
-          packages: git git-lfs
-      - uses: ./.forgejo/workflows-composite/build-backend
-      - run: |
-          su forgejo -c 'make test-mysql-migration test-mysql'
-        timeout-minutes: 120
-        env:
-          USE_REPO_TEST_DIR: 1
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@ -37,11 +37,7 @@ jobs:
      - run: make deps-frontend
      - run: make lint-frontend
      - run: make checks-frontend
-      - run: |
-          # Usage of `dayjs` can be impacted by local system timezone and can be sensitive to DST differences; since
-          # frontend tests are very short they're run twice with varying DST rules to reduce regression risk.
-          TZ=Europe/Berlin make test-frontend-coverage
-          TZ=America/Edmonton make test-frontend-coverage
+      - run: make test-frontend-coverage
      - run: make frontend
      - name: Install zstd for cache saving
        # works around https://github.com/actions/cache/issues/1169, because the
--- a/.gitignore
+++ b/.gitignore
@ -37,8 +37,6 @@ _testmain.go

 *coverage.out
 coverage.all
-coverage.html
-coverage.html.gz
 coverage/
 cpu.out

@ -55,8 +53,6 @@ cpu.out
 *.log
 *.log.*.gz

-/build/lint-locale/lint-locale
-/build/lint-locale-usage/lint-locale-usage
 /gitea
 /gitea-vet
 /debug
@ -133,4 +129,3 @@ prime/

 # Manpage
 /man
-tests/integration/api_activitypub_person_inbox_useractivity_test.go
--- a/.golangci.yml
+++ b/.golangci.yml
@ -42,10 +42,6 @@ linters:
              desc: do not use the ini package, use gitea's config system instead
            - pkg: github.com/minio/sha256-simd
              desc: use crypto/sha256 instead, see https://codeberg.org/forgejo/forgejo/pulls/1528
-            - pkg: github.com/go-git/go-git
-              desc: use forgejo.org/modules/git instead, see https://codeberg.org/forgejo/forgejo/pulls/4941
-            - pkg: gopkg.in/yaml.v3
-              desc: use go.yaml.in/yaml instead, see https://codeberg.org/forgejo/forgejo/pulls/8956
    gocritic:
      disabled-checks:
        - ifElseChain
@ -83,10 +79,6 @@ linters:
        - name: unreachable-code
        - name: var-declaration
        - name: var-naming
-          arguments:
-            - []
-            - []
-            - - skip-package-name-checks: true
        - name: redefines-builtin-id
          disabled: true
    staticcheck:
--- a/1
+++ b/1
@ -39,5 +39,4 @@ options/locale/.* @0ko
 options/locale_next/.* @0ko

 # Personal interest
-build/lint-locale-usage/.* @fogti
 .*/webhook.* @oliverpool
--- a/108
+++ b/108
@ -39,15 +39,15 @@ XGO_VERSION := go-1.21.x
 AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.3.0 # renovate: datasource=go
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.8.0 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.3.1 # renovate: datasource=go
-GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.6 # renovate: datasource=go
+GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11 # renovate: datasource=go
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.36.0 # renovate: datasource=go
-GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@41.76.0 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.34.0 # renovate: datasource=go
+GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.5.2 # renovate: datasource=go
+RENOVATE_NPM_PACKAGE ?= renovate@41.1.4 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate

 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...
@ -115,6 +115,9 @@ LDFLAGS := $(LDFLAGS) -X "main.ReleaseVersion=$(RELEASE_VERSION)" -X "main.MakeV

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

+ifeq ($(HAS_GO), yes)
+	GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list forgejo.org/models/migrations/...) $(shell $(GO) list forgejo.org/models/forgejo_migrations/...) forgejo.org/tests/integration/migration-test forgejo.org/tests forgejo.org/tests/integration forgejo.org/tests/e2e,$(shell $(GO) list ./...))
+endif
 REMOTE_CACHER_MODULES ?= cache nosql session queue
 GO_TEST_REMOTE_CACHER_PACKAGES ?= $(addprefix forgejo.org/modules/,$(REMOTE_CACHER_MODULES))

@ -156,6 +159,9 @@ GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/optio
 GO_SOURCES += $(GENERATED_GO_DEST)
 GO_SOURCES_NO_BINDATA := $(GO_SOURCES)

+ifeq ($(HAS_GO), yes)
+	MIGRATION_PACKAGES := $(shell $(GO) list forgejo.org/models/migrations/... forgejo.org/models/forgejo_migrations/...)
+endif

 ifeq ($(filter $(TAGS_SPLIT),bindata),bindata)
 	GO_SOURCES += $(BINDATA_DEST)
@ -232,9 +238,6 @@ help:
 	@echo " - test-frontend-coverage           test frontend files and display code coverage"
 	@echo " - test-backend                     test backend files"
 	@echo " - test-remote-cacher               test backend files that use a remote cache"
-	@echo " - coverage-run*                    test and collect coverages in the coverage/data directory"
-	@echo " - coverage-show-html               display coverage-run results in an HTML page"
-	@echo " - coverage-show-percent            display coverage-run per package coverage percentage"
 	@echo " - test-e2e-sqlite[\#name.test.e2e] test end to end using playwright and sqlite"
 	@echo " - webpack                          build webpack files"
 	@echo " - svg                              build svg files"
@ -279,24 +282,6 @@ show-version-minor: verify-version
 show-version-api: verify-version
 	@echo ${FORGEJO_VERSION_API}

-###
-# Package computation targets
-###
-
-# Target to compute GO_TEST_PACKAGES - only runs when needed
-.PHONY: compute-go-test-packages
-compute-go-test-packages:
-ifeq ($(HAS_GO), yes)
-	$(eval GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list forgejo.org/models/migrations/...) $(shell $(GO) list forgejo.org/models/forgejo_migrations/...) forgejo.org/tests/integration/migration-test forgejo.org/tests forgejo.org/tests/integration forgejo.org/tests/e2e,$(shell $(GO) list ./...)))
-endif
-
-# Target to compute MIGRATION_PACKAGES - only runs when needed
-.PHONY: compute-migration-packages
-compute-migration-packages:
-ifeq ($(HAS_GO), yes)
-	$(eval MIGRATION_PACKAGES := $(shell $(GO) list forgejo.org/models/migrations/... forgejo.org/models/forgejo_migrations/...))
-endif
-
 ###
 # Check system and environment requirements
 ###
@ -475,7 +460,7 @@ lint-locale:

 .PHONY: lint-locale-usage
 lint-locale-usage:
-	$(GO) run ./build/lint-locale-usage --allow-masked-usages-from=build/lint-locale-usage/allowed-masked-usage.txt
+	$(GO) run build/lint-locale-usage/lint-locale-usage.go

 .PHONY: lint-md
 lint-md: node_modules
@ -537,9 +522,9 @@ watch-backend: go-check
 test: test-frontend test-backend

 .PHONY: test-backend
-test-backend: | compute-go-test-packages
+test-backend:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@TZ=UTC $(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
+	@$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)

 .PHONY: test-remote-cacher
 test-remote-cacher:
@ -567,39 +552,20 @@ test-check:
 	fi

 .PHONY: test\#%
-test\#%: | compute-go-test-packages
+test\#%:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@TZ=UTC $(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
+	@$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)

-coverage-merge:
-	rm -fr coverage/merged ; mkdir -p coverage/merged
-	$(GO) tool covdata merge -i `find coverage/data -name 'covmeta.*' | sed -e 's|/covmeta.*|,|' | tr -d '\n' | sed -e 's/,$$//'` -o coverage/merged
+.PHONY: coverage
+coverage:
+	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' coverage.out > coverage-bodged.out
+	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' integration.coverage.out > integration.coverage-bodged.out
+	$(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all

-coverage-convert: coverage-merge
-	$(GO) tool covdata textfmt -i=coverage/merged -o=coverage/textfmt.out
-
-coverage-show-html: coverage-convert
-	( cd coverage ; $(GO) tool cover -html=textfmt.out -o coverage.html )
-	xdg-open coverage/coverage.html
-
-coverage-show-percentage: coverage-convert
-	go tool cover -func=coverage/textfmt.out
-
-coverage-run: | compute-go-test-packages
-	contrib/coverage-helper.sh test_packages $(COVERAGE_TEST_PACKAGES)
-
-coverage-run-%: generate-ini-% | compute-migration-packages
-  #
-  # Migration tests go first
-  #
-	$(MAKE) GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/$*.ini COVERAGE_TEST_ARGS= COVERAGE_TEST_PACKAGES=forgejo.org/tests/integration/migration-test coverage-run
-	for pkg in $(MIGRATION_PACKAGES); do \
-		$(MAKE) GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/$*.ini COVERAGE_TEST_DATABASE=$* COVERAGE_TEST_ARGS= COVERAGE_TEST_PACKAGES=$$pkg coverage-run ; \
-	done
-  #
-  # All other integration tests follow
-  #
-	$(MAKE) GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/$*.ini COVERAGE_TEST_DATABASE=$* COVERAGE_TEST_PACKAGES=forgejo.org/tests/integration coverage-run
+.PHONY: unit-test-coverage
+unit-test-coverage:
+	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
+	@$(GOTEST) $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_TEST_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1

 .PHONY: tidy
 tidy:
@ -672,7 +638,6 @@ generate-ini-pgsql:
 		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 		-e 's|{{TEST_STORAGE_TYPE}}|$(or $(TEST_STORAGE_TYPE),minio)|g' \
-		-e 's|{{TEST_S3_HOST}}|$(or $(TEST_S3_HOST),minio:9000)|g' \
 			tests/pgsql.ini.tmpl > tests/pgsql.ini

 .PHONY: test-pgsql
@ -719,7 +684,7 @@ test-e2e-mysql\#%: playwright e2e.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.mysql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e/$*

 .PHONY: test-e2e-pgsql
-GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.initest-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql
+test-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e

 .PHONY: test-e2e-pgsql\#%
@ -742,6 +707,14 @@ bench-mysql: integrations.mysql.test generate-ini-mysql
 bench-pgsql: integrations.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

+.PHONY: integration-test-coverage
+integration-test-coverage: integrations.cover.test generate-ini-mysql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
+
+.PHONY: integration-test-coverage-sqlite
+integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sqlite
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
+
 integrations.mysql.test: git-check $(GO_SOURCES)
 	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration -o integrations.mysql.test

@ -751,6 +724,12 @@ integrations.pgsql.test: git-check $(GO_SOURCES)
 integrations.sqlite.test: git-check $(GO_SOURCES)
 	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'

+integrations.cover.test: git-check $(GO_SOURCES)
+	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+
+integrations.cover.sqlite.test: git-check $(GO_SOURCES)
+	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
+
 .PHONY: migrations.mysql.test
 migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql
 	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration/migration-test -o migrations.mysql.test
@ -767,7 +746,7 @@ migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX)

 .PHONY: migrations.individual.mysql.test
-migrations.individual.mysql.test: $(GO_SOURCES) | compute-migration-packages
+migrations.individual.mysql.test: $(GO_SOURCES)
 	for pkg in $(MIGRATION_PACKAGES); do \
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1; \
 	done
@ -777,7 +756,7 @@ migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/migrations/$*

 .PHONY: migrations.individual.pgsql.test
-migrations.individual.pgsql.test: $(GO_SOURCES) | compute-migration-packages
+migrations.individual.pgsql.test: $(GO_SOURCES)
 	for pkg in $(MIGRATION_PACKAGES); do \
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1;\
 	done
@ -787,7 +766,7 @@ migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/migrations/$*

 .PHONY: migrations.individual.sqlite.test
-migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite | compute-migration-packages
+migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
 	for pkg in $(MIGRATION_PACKAGES); do \
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1; \
 	done
@ -961,7 +940,6 @@ fomantic:
 	cd $(FOMANTIC_WORK_DIR) && npm install --no-save
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
-	rm -rf $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/themes/default/modules/dropdown.overrides
 	$(SED_INPLACE) -e 's/  overrideBrowserslist\r/  overrideBrowserslist: ["defaults"]\r/g' $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/tasks/config/tasks.js
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
 	# fomantic uses "touchstart" as click event for some browsers, it's not ideal, so we force fomantic to always use "click" as click event
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@
 Hi there! Tired of big platforms playing monopoly?
 Providing Git hosting for your project, friends, company or community?
 **Forgejo** (/for'd&#865;ʒe.jo/ inspired by forĝejo – the Esperanto word for *forge*) has you covered with its intuitive interface,
-light and easy hosting and a lot of built-in functionality.
+light and easy hosting and a lot of builtin functionality.

 Forgejo was [created in 2022](https://forgejo.org/2022-12-15-hello-forgejo/)
 because we think that the project should be owned by an independent community.
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@ -4,7 +4,7 @@ A minor or major Forgejo release is published every [three months](https://forge

 A [patch or minor release](https://semver.org/spec/v2.0.0.html) (e.g. upgrading from v7.0.0 to v7.0.1 or v7.1.0) does not require manual intervention. But [major releases](https://semver.org/spec/v2.0.0.html#spec-item-8) where the first version number changes (e.g. upgrading from v1.21 to v7.0) contain breaking changes and the release notes explain how to deal with them.

-The release notes of each release [are available in the release-notes-published directory of this repository](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published), starting with [Forgejo 7.0.7](release-notes-published/7.0.7.md) and [Forgejo 8.0.1](release-notes-published/8.0.1.md).
+The release notes of each release [are available in the release-notes-published directory of this repository](release-notes-published), starting with [Forgejo 7.0.7](release-notes-published/7.0.7.md) and [Forgejo 8.0.1](release-notes-published/8.0.1.md).

 ## 9.0.2

--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build/lint-locale-usage/allowed-masked-usage.txt
+++ b/build/lint-locale-usage/allowed-masked-usage.txt
@ -1,54 +0,0 @@
-# translation tooling test keys
-meta.last_line
-translation_meta.test
-
-# models/admin/task.go: instances of $TranslatableMessage.Format
-# this also gets instantiated as a Messenger once
-repo.migrate.migrating_failed.error
-
-# models/asymkey/gpg_key_object_verification.go: $ObjectVerification.Reason
-# unfortunately, it is non-trivial to parse all the occurences
-gpg.error.extract_sign
-gpg.error.failed_retrieval_gpg_keys
-gpg.error.generate_hash
-gpg.error.no_committer_account
-
-# models/system/notice.go: func (n *Notice) TrStr() string
-admin.notices.type_1
-admin.notices.type_2
-
-# modules/setting/ui.go
-themes.names.
-
-# services/context/context.go
-relativetime.
-
-# templates/mail/issue/default.tmpl: $.locale.Tr
-mail.issue.in_tree_path
-
-# templates/package/metadata/arch.tmpl: $.locale.Tr
-packages.details.license
-
-# templates/repo/issue/view_content.tmpl: indirection via $closeTranslationKey
-repo.issues.close
-repo.pulls.close
-
-# templates/repo/issue/view_content/comments.tmpl: indirection via $refTr
-repo.issues.ref_closing_from
-repo.issues.ref_issue_from
-repo.issues.ref_pull_from
-repo.issues.ref_reopening_from
-
-# templates/repo/issue/view_content/comments.tmpl: ctx.Locale.Tr (printf "projects.type-%d.display_name" .OldProject.Type)
-projects.
-projects.type-1.display_name
-projects.type-2.display_name
-projects.type-3.display_name
-
-# templates/repo/settings/webhook/link_menu.tmpl, templates/webhook/new.tmpl: repo.settings.web_hook_name_
-# tests/integration/repo_archive_text_test.go
-repo.settings.
-
-# services/migrations/migrate.go: messenger calls
-# ToDo: give them a unique prefix
-repo.migrate.
--- a/build/lint-locale-usage/handle-go.go
+++ b/build/lint-locale-usage/handle-go.go
@ -1,217 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// Copyright 2025 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package main
-
-import (
-	"fmt"
-	"go/ast"
-	goParser "go/parser"
-	"go/token"
-	"strconv"
-	"strings"
-)
-
-func (handler Handler) handleGoTrBasicLit(fset *token.FileSet, argLit *ast.BasicLit, prefix string) {
-	if argLit.Kind == token.STRING {
-		// extract string content
-		arg, err := strconv.Unquote(argLit.Value)
-		if err != nil {
-			return
-		}
-		// found interesting strings
-		arg = prefix + arg
-		if strings.HasSuffix(arg, ".") || strings.HasSuffix(arg, "_") {
-			prep, trunc := PrepareMsgidPrefix(arg)
-			if trunc {
-				handler.OnWarning(fset, argLit.ValuePos, fmt.Sprintf("needed to truncate message id prefix: %s", arg))
-			}
-			handler.OnMsgidPrefix(fset, argLit.ValuePos, prep, trunc)
-		} else {
-			handler.OnMsgid(fset, argLit.ValuePos, arg)
-		}
-	}
-}
-
-func (handler Handler) handleGoTrArgument(fset *token.FileSet, n ast.Expr, prefix string) {
-	if argLit, ok := n.(*ast.BasicLit); ok {
-		handler.handleGoTrBasicLit(fset, argLit, prefix)
-	} else if argBinExpr, ok := n.(*ast.BinaryExpr); ok {
-		if argBinExpr.Op != token.ADD {
-			// pass
-		} else if argLit, ok := argBinExpr.X.(*ast.BasicLit); ok && argLit.Kind == token.STRING {
-			// extract string content
-			arg, err := strconv.Unquote(argLit.Value)
-			if err != nil {
-				return
-			}
-			// found interesting strings
-			arg = prefix + arg
-			prep, trunc := PrepareMsgidPrefix(arg)
-			if trunc {
-				handler.OnWarning(fset, argLit.ValuePos, fmt.Sprintf("needed to truncate message id prefix: %s", arg))
-			}
-			handler.OnMsgidPrefix(fset, argLit.ValuePos, prep, trunc)
-		}
-	}
-}
-
-func (handler Handler) handleGoCommentGroup(fset *token.FileSet, cg *ast.CommentGroup, commentPrefix string) *string {
-	if cg == nil {
-		return nil
-	}
-	var matches []token.Pos
-	matchInsPrefix := ""
-	commentPrefix = "//" + commentPrefix
-	for _, comment := range cg.List {
-		ctxt := strings.TrimSpace(comment.Text)
-		if ctxt == commentPrefix {
-			matches = append(matches, comment.Slash)
-		} else if after, found := strings.CutPrefix(ctxt, commentPrefix+"Suffix "); found {
-			matches = append(matches, comment.Slash)
-			matchInsPrefix = strings.TrimSpace(after)
-		}
-	}
-	switch len(matches) {
-	case 0:
-		return nil
-	case 1:
-		return &matchInsPrefix
-	default:
-		handler.OnWarning(
-			fset,
-			matches[0],
-			fmt.Sprintf("encountered multiple %s... directives, ignoring", strings.TrimSpace(commentPrefix)),
-		)
-		return &matchInsPrefix
-	}
-}
-
-// the `Handle*File` functions follow the following calling convention:
-// * `fname` is the name of the input file
-// * `src` is either `nil` (then the function invokes `ReadFile` to read the file)
-//   or the contents of the file as {`[]byte`, or a `string`}
-
-func (handler Handler) HandleGoFile(fname string, src any) error {
-	fset := token.NewFileSet()
-	node, err := goParser.ParseFile(fset, fname, src, goParser.SkipObjectResolution|goParser.ParseComments)
-	if err != nil {
-		return LocatedError{
-			Location: fname,
-			Kind:     "Go parser",
-			Err:      err,
-		}
-	}
-
-	ast.Inspect(node, func(n ast.Node) bool {
-		// search for function calls of the form `anything.Tr(any-string-lit, ...)`
-
-		switch n2 := n.(type) {
-		case *ast.CallExpr:
-			if len(n2.Args) == 0 {
-				return true
-			}
-			funSel, ok := n2.Fun.(*ast.SelectorExpr)
-			if !ok {
-				return true
-			}
-
-			ltf, ok := handler.LocaleTrFunctions[funSel.Sel.Name]
-			if !ok {
-				return true
-			}
-
-			var gotUnexpectedInvoke *int
-
-			for _, argNum := range ltf {
-				if len(n2.Args) <= int(argNum) {
-					argc := len(n2.Args)
-					gotUnexpectedInvoke = &argc
-				} else {
-					handler.handleGoTrArgument(fset, n2.Args[int(argNum)], "")
-				}
-			}
-
-			if gotUnexpectedInvoke != nil {
-				handler.OnUnexpectedInvoke(fset, funSel.Sel.NamePos, funSel.Sel.Name, *gotUnexpectedInvoke)
-			}
-		case *ast.CompositeLit:
-			ident, ok := n2.Type.(*ast.Ident)
-			if !ok {
-				return true
-			}
-
-			// special case: models/unit/unit.go
-			if strings.HasSuffix(fname, "unit.go") && ident.Name == "Unit" {
-				if len(n2.Elts) != 6 {
-					handler.OnWarning(fset, n2.Pos(), "unexpected initialization of 'Unit' (unexpected number of arguments)")
-				}
-				// NameKey has index 2
-				//   invoked like '{{ctx.Locale.Tr $unit.NameKey}}'
-				nameKey, ok := n2.Elts[2].(*ast.BasicLit)
-				if !ok || nameKey.Kind != token.STRING {
-					handler.OnWarning(fset, n2.Elts[2].Pos(), "unexpected initialization of 'Unit' (expected string literal as NameKey)")
-					return true
-				}
-
-				// extract string content
-				arg, err := strconv.Unquote(nameKey.Value)
-				if err == nil {
-					// found interesting strings
-					handler.OnMsgid(fset, nameKey.ValuePos, arg)
-				}
-			}
-		case *ast.FuncDecl:
-			matchInsPrefix := handler.handleGoCommentGroup(fset, n2.Doc, "llu:returnsTrKey")
-			if matchInsPrefix == nil {
-				return true
-			}
-			results := n2.Type.Results.List
-			if len(results) != 1 {
-				handler.OnWarning(fset, n2.Type.Func, fmt.Sprintf("function %s has unexpected return type; expected single return value", n2.Name.Name))
-				return true
-			}
-
-			ast.Inspect(n2.Body, func(n ast.Node) bool {
-				// search for return stmts
-				// TODO: what about nested functions?
-				if ret, ok := n.(*ast.ReturnStmt); ok {
-					for _, res := range ret.Results {
-						ast.Inspect(res, func(n ast.Node) bool {
-							if expr, ok := n.(ast.Expr); ok {
-								handler.handleGoTrArgument(fset, expr, *matchInsPrefix)
-							}
-							return true
-						})
-					}
-					return false
-				}
-				return true
-			})
-			return true
-		case *ast.GenDecl:
-			if !(n2.Tok == token.CONST || n2.Tok == token.VAR) {
-				return true
-			}
-			matchInsPrefix := handler.handleGoCommentGroup(fset, n2.Doc, " llu:TrKeys")
-			if matchInsPrefix == nil {
-				return true
-			}
-			for _, spec := range n2.Specs {
-				// interpret all contained strings as message IDs
-				ast.Inspect(spec, func(n ast.Node) bool {
-					if argLit, ok := n.(*ast.BasicLit); ok {
-						handler.handleGoTrBasicLit(fset, argLit, *matchInsPrefix)
-						return false
-					}
-					return true
-				})
-			}
-		}
-
-		return true
-	})
-
-	return nil
-}
--- a/build/lint-locale-usage/handle-tmpl.go
+++ b/build/lint-locale-usage/handle-tmpl.go
@ -1,233 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// Copyright 2025 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package main
-
-import (
-	"fmt"
-	"go/token"
-	"os"
-	"strings"
-	"text/template"
-	tmplParser "text/template/parse"
-
-	fjTemplates "forgejo.org/modules/templates"
-	"forgejo.org/modules/util"
-)
-
-// derived from source: modules/templates/scopedtmpl/scopedtmpl.go, L169-L213
-func (handler Handler) handleTemplateNode(fset *token.FileSet, node tmplParser.Node) {
-	switch node.Type() {
-	case tmplParser.NodeAction:
-		handler.handleTemplatePipeNode(fset, node.(*tmplParser.ActionNode).Pipe)
-	case tmplParser.NodeList:
-		nodeList := node.(*tmplParser.ListNode)
-		handler.handleTemplateFileNodes(fset, nodeList.Nodes)
-	case tmplParser.NodePipe:
-		handler.handleTemplatePipeNode(fset, node.(*tmplParser.PipeNode))
-	case tmplParser.NodeTemplate:
-		handler.handleTemplatePipeNode(fset, node.(*tmplParser.TemplateNode).Pipe)
-	case tmplParser.NodeIf:
-		nodeIf := node.(*tmplParser.IfNode)
-		handler.handleTemplateBranchNode(fset, nodeIf.BranchNode)
-	case tmplParser.NodeRange:
-		nodeRange := node.(*tmplParser.RangeNode)
-		handler.handleTemplateBranchNode(fset, nodeRange.BranchNode)
-	case tmplParser.NodeWith:
-		nodeWith := node.(*tmplParser.WithNode)
-		handler.handleTemplateBranchNode(fset, nodeWith.BranchNode)
-
-	case tmplParser.NodeCommand:
-		nodeCommand := node.(*tmplParser.CommandNode)
-
-		handler.handleTemplateFileNodes(fset, nodeCommand.Args)
-
-		if len(nodeCommand.Args) < 2 {
-			return
-		}
-
-		funcname := ""
-		if nodeChain, ok := nodeCommand.Args[0].(*tmplParser.ChainNode); ok {
-			if nodeIdent, ok := nodeChain.Node.(*tmplParser.IdentifierNode); ok {
-				if nodeIdent.Ident != "ctx" || len(nodeChain.Field) != 2 || nodeChain.Field[0] != "Locale" {
-					return
-				}
-				funcname = nodeChain.Field[1]
-			}
-		} else if nodeField, ok := nodeCommand.Args[0].(*tmplParser.FieldNode); ok {
-			if len(nodeField.Ident) != 2 || !(nodeField.Ident[0] == "locale" || nodeField.Ident[0] == "Locale") {
-				return
-			}
-			funcname = nodeField.Ident[1]
-		}
-
-		var gotUnexpectedInvoke *int
-		ltf, ok := handler.LocaleTrFunctions[funcname]
-		if !ok {
-			return
-		}
-
-		for _, argNum := range ltf {
-			if len(nodeCommand.Args) >= int(argNum+2) {
-				handler.handleTemplateMsgid(fset, nodeCommand.Args[int(argNum+1)])
-			} else {
-				argc := len(nodeCommand.Args) - 1
-				gotUnexpectedInvoke = &argc
-			}
-		}
-
-		if gotUnexpectedInvoke != nil {
-			handler.OnUnexpectedInvoke(fset, token.Pos(nodeCommand.Pos), funcname, *gotUnexpectedInvoke)
-		}
-
-	default:
-	}
-}
-
-func (handler Handler) handleTemplateMsgid(fset *token.FileSet, node tmplParser.Node) {
-	// the column numbers are a bit "off", but much better than nothing
-	pos := token.Pos(node.Position())
-
-	switch node.Type() {
-	case tmplParser.NodeString:
-		nodeString := node.(*tmplParser.StringNode)
-		// found interesting strings
-		handler.OnMsgid(fset, pos, nodeString.Text)
-
-	case tmplParser.NodePipe:
-		nodePipe := node.(*tmplParser.PipeNode)
-		handler.handleTemplatePipeNode(fset, nodePipe)
-
-		if len(nodePipe.Cmds) == 0 {
-			handler.OnWarning(fset, pos, fmt.Sprintf("unsupported invocation of locate function (no commands): %s", node.String()))
-		} else if len(nodePipe.Cmds) != 1 {
-			handler.OnWarning(fset, pos, fmt.Sprintf("unsupported invocation of locate function (too many commands): %s", node.String()))
-			return
-		}
-		nodeCommand := nodePipe.Cmds[0]
-		if len(nodeCommand.Args) < 2 {
-			handler.OnWarning(fset, pos, fmt.Sprintf("unsupported invocation of locate function (not enough arguments): %s", node.String()))
-			return
-		}
-
-		nodeIdent, ok := nodeCommand.Args[0].(*tmplParser.IdentifierNode)
-		if !ok || (nodeIdent.Ident != "print" && nodeIdent.Ident != "printf") {
-			// handler.OnWarning(fset, pos, fmt.Sprintf("unsupported invocation of locate function (bad command): %s", node.String()))
-			return
-		}
-
-		nodeString, ok := nodeCommand.Args[1].(*tmplParser.StringNode)
-		if !ok {
-			//handler.OnWarning(
-			//	fset,
-			//	pos,
-			//	fmt.Sprintf("unsupported invocation of locate function (string should be first argument to %s): %s", nodeIdent.Ident, node.String()),
-			//)
-			return
-		}
-
-		msgidPrefix := nodeString.Text
-		stringPos := token.Pos(nodeString.Pos)
-
-		if len(nodeCommand.Args) == 2 {
-			// found interesting strings
-			handler.OnMsgid(fset, stringPos, msgidPrefix)
-		} else {
-			if nodeIdent.Ident == "printf" {
-				parts := strings.SplitN(msgidPrefix, "%", 2)
-				if len(parts) != 2 {
-					handler.OnWarning(
-						fset,
-						stringPos,
-						fmt.Sprintf("unsupported invocation of locate function (format string doesn't match \"prefix%%smth\" pattern): %s", nodeString.String()),
-					)
-					return
-				}
-				msgidPrefix = parts[0]
-			}
-
-			msgidPrefixFin, truncated := PrepareMsgidPrefix(msgidPrefix)
-			if truncated {
-				handler.OnWarning(fset, stringPos, fmt.Sprintf("needed to truncate message id prefix: %s", msgidPrefix))
-			}
-
-			// found interesting strings
-			handler.OnMsgidPrefix(fset, stringPos, msgidPrefixFin, truncated)
-		}
-
-	default:
-		// handler.OnWarning(fset, pos, fmt.Sprintf("unknown invocation of locate function: %s", node.String()))
-	}
-}
-
-func (handler Handler) handleTemplatePipeNode(fset *token.FileSet, pipeNode *tmplParser.PipeNode) {
-	if pipeNode == nil {
-		return
-	}
-
-	// NOTE: we can't pass `pipeNode.Cmds` to handleTemplateFileNodes due to incompatible argument types
-	for _, node := range pipeNode.Cmds {
-		handler.handleTemplateNode(fset, node)
-	}
-}
-
-func (handler Handler) handleTemplateBranchNode(fset *token.FileSet, branchNode tmplParser.BranchNode) {
-	handler.handleTemplatePipeNode(fset, branchNode.Pipe)
-	handler.handleTemplateFileNodes(fset, branchNode.List.Nodes)
-	if branchNode.ElseList != nil {
-		handler.handleTemplateFileNodes(fset, branchNode.ElseList.Nodes)
-	}
-}
-
-func (handler Handler) handleTemplateFileNodes(fset *token.FileSet, nodes []tmplParser.Node) {
-	for _, node := range nodes {
-		handler.handleTemplateNode(fset, node)
-	}
-}
-
-// the `Handle*File` functions follow the following calling convention:
-// * `fname` is the name of the input file
-// * `src` is either `nil` (then the function invokes `ReadFile` to read the file)
-//   or the contents of the file as {`[]byte`, or a `string`}
-
-func (handler Handler) HandleTemplateFile(fname string, src any) error {
-	var tmplContent []byte
-	switch src2 := src.(type) {
-	case nil:
-		var err error
-		tmplContent, err = os.ReadFile(fname)
-		if err != nil {
-			return LocatedError{
-				Location: fname,
-				Kind:     "ReadFile",
-				Err:      err,
-			}
-		}
-	case []byte:
-		tmplContent = src2
-	case string:
-		// SAFETY: we do not modify tmplContent below
-		tmplContent = util.UnsafeStringToBytes(src2)
-	default:
-		panic("invalid type for 'src'")
-	}
-
-	fset := token.NewFileSet()
-	fset.AddFile(fname, 1, len(tmplContent)).SetLinesForContent(tmplContent)
-	// SAFETY: we do not modify tmplContent2 below
-	tmplContent2 := util.UnsafeBytesToString(tmplContent)
-
-	tmpl := template.New(fname)
-	tmpl.Funcs(fjTemplates.NewFuncMap())
-	tmplParsed, err := tmpl.Parse(tmplContent2)
-	if err != nil {
-		return LocatedError{
-			Location: fname,
-			Kind:     "Template parser",
-			Err:      err,
-		}
-	}
-	handler.handleTemplateFileNodes(fset, tmplParsed.Root.Nodes)
-	return nil
-}
--- a/build/lint-locale-usage/lint-locale-usage.go
+++ b/build/lint-locale-usage/lint-locale-usage.go
@ -5,19 +5,22 @@
 package main

 import (
-	"bufio"
-	"errors"
-	"flag"
 	"fmt"
+	"go/ast"
+	goParser "go/parser"
 	"go/token"
 	"io/fs"
 	"os"
 	"path/filepath"
-	"sort"
+	"strconv"
 	"strings"
+	"text/template"
+	tmplParser "text/template/parse"

 	"forgejo.org/modules/container"
+	fjTemplates "forgejo.org/modules/templates"
 	"forgejo.org/modules/translation/localeiter"
+	"forgejo.org/modules/util"
 )

 // this works by first gathering all valid source string IDs from `en-US` reference files
@ -60,180 +63,241 @@ func InitLocaleTrFunctions() map[string][]uint {

 type Handler struct {
 	OnMsgid            func(fset *token.FileSet, pos token.Pos, msgid string)
-	OnMsgidPrefix      func(fset *token.FileSet, pos token.Pos, msgidPrefix string, truncated bool)
 	OnUnexpectedInvoke func(fset *token.FileSet, pos token.Pos, funcname string, argc int)
-	OnWarning          func(fset *token.FileSet, pos token.Pos, msg string)
 	LocaleTrFunctions  map[string][]uint
 }

-type StringTrie interface {
-	Matches(key []string) bool
-}
+// the `Handle*File` functions follow the following calling convention:
+// * `fname` is the name of the input file
+// * `src` is either `nil` (then the function invokes `ReadFile` to read the file)
+//   or the contents of the file as {`[]byte`, or a `string`}

-type StringTrieMap map[string]StringTrie
-
-func (m StringTrieMap) Matches(key []string) bool {
-	if len(key) == 0 || m == nil {
-		return true
-	}
-	value, ok := m[key[0]]
-	if !ok {
-		return false
-	}
-	if value == nil {
-		return true
-	}
-	return value.Matches(key[1:])
-}
-
-func (m StringTrieMap) Insert(key []string) {
-	if m == nil {
-		return
-	}
-
-	switch len(key) {
-	case 0:
-		return
-
-	case 1:
-		m[key[0]] = nil
-
-	default:
-		if value, ok := m[key[0]]; ok {
-			if value == nil {
-				return
-			}
-		} else {
-			m[key[0]] = make(StringTrieMap)
-		}
-		m[key[0]].(StringTrieMap).Insert(key[1:])
-	}
-}
-
-func ParseAllowedMaskedUsages(fname string, usedMsgids container.Set[string], allowedMaskedPrefixes StringTrieMap, chkMsgid func(msgid string) bool) error {
-	file, err := os.Open(fname)
+func (handler Handler) HandleGoFile(fname string, src any) error {
+	fset := token.NewFileSet()
+	node, err := goParser.ParseFile(fset, fname, src, goParser.SkipObjectResolution)
 	if err != nil {
 		return LocatedError{
 			Location: fname,
-			Kind:     "Open",
+			Kind:     "Go parser",
 			Err:      err,
 		}
 	}
-	defer file.Close()

-	scanner := bufio.NewScanner(file)
-	lno := 0
-	for scanner.Scan() {
-		lno++
-		line := strings.TrimSpace(scanner.Text())
-		if line == "" || strings.HasPrefix(line, "#") {
-			continue
+	ast.Inspect(node, func(n ast.Node) bool {
+		// search for function calls of the form `anything.Tr(any-string-lit, ...)`
+
+		call, ok := n.(*ast.CallExpr)
+		if !ok || len(call.Args) < 1 {
+			return true
 		}
-		if linePrefix, found := strings.CutSuffix(line, "."); found {
-			allowedMaskedPrefixes.Insert(strings.Split(linePrefix, "."))
-		} else {
-			if !chkMsgid(line) {
-				return LocatedError{
-					Location: fmt.Sprintf("%s: line %d", fname, lno),
-					Kind:     "undefined msgid",
-					Err:      errors.New(line),
+
+		funSel, ok := call.Fun.(*ast.SelectorExpr)
+		if !ok {
+			return true
+		}
+
+		ltf, ok := handler.LocaleTrFunctions[funSel.Sel.Name]
+		if !ok {
+			return true
+		}
+
+		var gotUnexpectedInvoke *int
+
+		for _, argNum := range ltf {
+			if len(call.Args) >= int(argNum+1) {
+				argLit, ok := call.Args[int(argNum)].(*ast.BasicLit)
+				if !ok || argLit.Kind != token.STRING {
+					continue
 				}
+
+				// extract string content
+				arg, err := strconv.Unquote(argLit.Value)
+				if err == nil {
+					// found interesting strings
+					handler.OnMsgid(fset, argLit.ValuePos, arg)
+				}
+			} else {
+				argc := len(call.Args)
+				gotUnexpectedInvoke = &argc
 			}
-			usedMsgids.Add(line)
 		}
-	}
-	if err := scanner.Err(); err != nil {
-		return LocatedError{
-			Location: fname,
-			Kind:     "Scanner",
-			Err:      err,
+
+		if gotUnexpectedInvoke != nil {
+			handler.OnUnexpectedInvoke(fset, funSel.Sel.NamePos, funSel.Sel.Name, *gotUnexpectedInvoke)
 		}
-	}
+
+		return true
+	})
+
 	return nil
 }

-// Truncating a message id prefix to the last dot
-func PrepareMsgidPrefix(s string) (string, bool) {
-	index := strings.LastIndexByte(s, 0x2e)
-	if index == -1 {
-		return "", true
+// derived from source: modules/templates/scopedtmpl/scopedtmpl.go, L169-L213
+func (handler Handler) handleTemplateNode(fset *token.FileSet, node tmplParser.Node) {
+	switch node.Type() {
+	case tmplParser.NodeAction:
+		handler.handleTemplatePipeNode(fset, node.(*tmplParser.ActionNode).Pipe)
+	case tmplParser.NodeList:
+		nodeList := node.(*tmplParser.ListNode)
+		handler.handleTemplateFileNodes(fset, nodeList.Nodes)
+	case tmplParser.NodePipe:
+		handler.handleTemplatePipeNode(fset, node.(*tmplParser.PipeNode))
+	case tmplParser.NodeTemplate:
+		handler.handleTemplatePipeNode(fset, node.(*tmplParser.TemplateNode).Pipe)
+	case tmplParser.NodeIf:
+		nodeIf := node.(*tmplParser.IfNode)
+		handler.handleTemplateBranchNode(fset, nodeIf.BranchNode)
+	case tmplParser.NodeRange:
+		nodeRange := node.(*tmplParser.RangeNode)
+		handler.handleTemplateBranchNode(fset, nodeRange.BranchNode)
+	case tmplParser.NodeWith:
+		nodeWith := node.(*tmplParser.WithNode)
+		handler.handleTemplateBranchNode(fset, nodeWith.BranchNode)
+
+	case tmplParser.NodeCommand:
+		nodeCommand := node.(*tmplParser.CommandNode)
+
+		handler.handleTemplateFileNodes(fset, nodeCommand.Args)
+
+		if len(nodeCommand.Args) < 2 {
+			return
+		}
+
+		nodeChain, ok := nodeCommand.Args[0].(*tmplParser.ChainNode)
+		if !ok {
+			return
+		}
+
+		nodeIdent, ok := nodeChain.Node.(*tmplParser.IdentifierNode)
+		if !ok || nodeIdent.Ident != "ctx" || len(nodeChain.Field) != 2 || nodeChain.Field[0] != "Locale" {
+			return
+		}
+
+		ltf, ok := handler.LocaleTrFunctions[nodeChain.Field[1]]
+		if !ok {
+			return
+		}
+
+		var gotUnexpectedInvoke *int
+
+		for _, argNum := range ltf {
+			if len(nodeCommand.Args) >= int(argNum+2) {
+				nodeString, ok := nodeCommand.Args[int(argNum+1)].(*tmplParser.StringNode)
+				if ok {
+					// found interesting strings
+					// the column numbers are a bit "off", but much better than nothing
+					handler.OnMsgid(fset, token.Pos(nodeString.Pos), nodeString.Text)
+				}
+			} else {
+				argc := len(nodeCommand.Args) - 1
+				gotUnexpectedInvoke = &argc
+			}
+		}
+
+		if gotUnexpectedInvoke != nil {
+			handler.OnUnexpectedInvoke(fset, token.Pos(nodeChain.Pos), nodeChain.Field[1], *gotUnexpectedInvoke)
+		}
+
+	default:
 	}
-	return s[:index], index != len(s)-1
 }

-func Usage() {
-	outp := flag.CommandLine.Output()
-	fmt.Fprintf(outp, "Usage of %s:\n", os.Args[0])
-	flag.PrintDefaults()
-
-	fmt.Fprintf(outp, "\nThis command assumes that it gets started from the project root directory.\n")
-
-	fmt.Fprintf(outp, "\nExit codes:\n")
-	for _, i := range []string{
-		"0\tsuccess, no issues found",
-		"1\tunable to walk directory tree",
-		"2\tunable to parse locale ini/json files",
-		"3\tunable to parse go or text/template files",
-		"4\tfound missing message IDs",
-		"5\tfound unused message IDs",
-	} {
-		fmt.Fprintf(outp, "\t%s\n", i)
+func (handler Handler) handleTemplatePipeNode(fset *token.FileSet, pipeNode *tmplParser.PipeNode) {
+	if pipeNode == nil {
+		return
 	}

-	fmt.Fprintf(outp, "\nSpecial Go doc comments:\n")
-	for _, i := range []string{
-		"//llu:returnsTrKey",
-		"\tcan be used in front of functions to indicate",
-		"\tthat the function returns message IDs",
-		"\tWARNING: this currently doesn't support nested functions properly",
-		"",
-		"//llu:returnsTrKeySuffix prefix.",
-		"\tsimilar to llu:returnsTrKey, but the given prefix is prepended",
-		"\tto the found strings before interpreting them as msgids",
-		"",
-		"// llu:TrKeys",
-		"\tcan be used in front of 'const' and 'var' blocks",
-		"\tin order to mark all contained strings as message IDs",
-		"",
-		"// llu:TrKeysSuffix prefix.",
-		"\tlike llu:returnsTrKeySuffix, but for 'const' and 'var' blocks",
-	} {
-		if i == "" {
-			fmt.Fprintf(outp, "\n")
-		} else {
-			fmt.Fprintf(outp, "\t%s\n", i)
+	// NOTE: we can't pass `pipeNode.Cmds` to handleTemplateFileNodes due to incompatible argument types
+	for _, node := range pipeNode.Cmds {
+		handler.handleTemplateNode(fset, node)
+	}
+}
+
+func (handler Handler) handleTemplateBranchNode(fset *token.FileSet, branchNode tmplParser.BranchNode) {
+	handler.handleTemplatePipeNode(fset, branchNode.Pipe)
+	handler.handleTemplateFileNodes(fset, branchNode.List.Nodes)
+	if branchNode.ElseList != nil {
+		handler.handleTemplateFileNodes(fset, branchNode.ElseList.Nodes)
+	}
+}
+
+func (handler Handler) handleTemplateFileNodes(fset *token.FileSet, nodes []tmplParser.Node) {
+	for _, node := range nodes {
+		handler.handleTemplateNode(fset, node)
+	}
+}
+
+func (handler Handler) HandleTemplateFile(fname string, src any) error {
+	var tmplContent []byte
+	switch src2 := src.(type) {
+	case nil:
+		var err error
+		tmplContent, err = os.ReadFile(fname)
+		if err != nil {
+			return LocatedError{
+				Location: fname,
+				Kind:     "ReadFile",
+				Err:      err,
+			}
+		}
+	case []byte:
+		tmplContent = src2
+	case string:
+		// SAFETY: we do not modify tmplContent below
+		tmplContent = util.UnsafeStringToBytes(src2)
+	default:
+		panic("invalid type for 'src'")
+	}
+
+	fset := token.NewFileSet()
+	fset.AddFile(fname, 1, len(tmplContent)).SetLinesForContent(tmplContent)
+	// SAFETY: we do not modify tmplContent2 below
+	tmplContent2 := util.UnsafeBytesToString(tmplContent)
+
+	tmpl := template.New(fname)
+	tmpl.Funcs(fjTemplates.NewFuncMap())
+	tmplParsed, err := tmpl.Parse(tmplContent2)
+	if err != nil {
+		return LocatedError{
+			Location: fname,
+			Kind:     "Template parser",
+			Err:      err,
 		}
 	}
+	handler.handleTemplateFileNodes(fset, tmplParsed.Root.Nodes)
+	return nil
 }

+// This command assumes that we get started from the project root directory
+//
+// Possible command line flags:
+//
+//	--allow-missing-msgids        don't return an error code if missing message IDs are found
+//
+// EXIT CODES:
+//
+//	0  success, no issues found
+//	1  unable to walk directory tree
+//	2  unable to parse locale ini/json files
+//	3  unable to parse go or text/template files
+//	4  found missing message IDs
+//
 //nolint:forbidigo
 func main() {
 	allowMissingMsgids := false
-	allowUnusedMsgids := false
-	usedMsgids := make(container.Set[string])
-	allowedMaskedPrefixes := make(StringTrieMap)
-
-	// It's possible for execl to hand us an empty os.Args.
-	if len(os.Args) == 0 {
-		flag.CommandLine = flag.NewFlagSet("lint-locale-usage", flag.ExitOnError)
-	} else {
-		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
+	for _, arg := range os.Args[1:] {
+		if arg == "--allow-missing-msgids" {
+			allowMissingMsgids = true
+		}
 	}
-	flag.CommandLine.Usage = Usage
-	flag.Usage = Usage

-	flag.BoolVar(
-		&allowMissingMsgids,
-		"allow-missing-msgids",
-		false,
-		"don't return an error code if missing message IDs are found",
-	)
-	flag.BoolVar(
-		&allowUnusedMsgids,
-		"allow-unused-msgids",
-		false,
-		"don't return an error code if unused message IDs are found",
-	)
+	onError := func(err error) {
+		if err == nil {
+			return
+		}
+		fmt.Println(err.Error())
+		os.Exit(3)
+	}

 	msgids := make(container.Set[string])

@ -270,50 +334,17 @@ func main() {

 	gotAnyMsgidError := false

-	flag.Func(
-		"allow-masked-usages-from",
-		"supply a file containing a newline-separated list of allowed masked usages",
-		func(argval string) error {
-			return ParseAllowedMaskedUsages(argval, usedMsgids, allowedMaskedPrefixes, func(msgid string) bool {
-				return msgids.Contains(msgid)
-			})
-		},
-	)
-	flag.Parse()
-
-	onError := func(err error) {
-		if err == nil {
-			return
-		}
-		fmt.Println(err.Error())
-		os.Exit(3)
-	}
-
 	handler := Handler{
-		OnMsgidPrefix: func(fset *token.FileSet, pos token.Pos, msgidPrefix string, truncated bool) {
-			msgidPrefixSplit := strings.Split(msgidPrefix, ".")
-			if !truncated {
-				allowedMaskedPrefixes.Insert(msgidPrefixSplit)
-			} else if !allowedMaskedPrefixes.Matches(msgidPrefixSplit) {
-				gotAnyMsgidError = true
-				fmt.Printf("%s:\tmissing msgid prefix: %s\n", fset.Position(pos).String(), msgidPrefix)
-			}
-		},
 		OnMsgid: func(fset *token.FileSet, pos token.Pos, msgid string) {
 			if !msgids.Contains(msgid) {
 				gotAnyMsgidError = true
 				fmt.Printf("%s:\tmissing msgid: %s\n", fset.Position(pos).String(), msgid)
-			} else {
-				usedMsgids.Add(msgid)
 			}
 		},
 		OnUnexpectedInvoke: func(fset *token.FileSet, pos token.Pos, funcname string, argc int) {
 			gotAnyMsgidError = true
 			fmt.Printf("%s:\tunexpected invocation of %s with %d arguments\n", fset.Position(pos).String(), funcname, argc)
 		},
-		OnWarning: func(fset *token.FileSet, pos token.Pos, msg string) {
-			fmt.Printf("%s:\tWARNING: %s\n", fset.Position(pos).String(), msg)
-		},
 		LocaleTrFunctions: InitLocaleTrFunctions(),
 	}

@ -346,27 +377,7 @@ func main() {
 		os.Exit(1)
 	}

-	unusedMsgids := []string{}
-
-	for msgid := range msgids {
-		if !usedMsgids.Contains(msgid) && !allowedMaskedPrefixes.Matches(strings.Split(msgid, ".")) {
-			unusedMsgids = append(unusedMsgids, msgid)
-		}
-	}
-
-	sort.Strings(unusedMsgids)
-
-	if len(unusedMsgids) != 0 {
-		fmt.Printf("=== unused msgids (%d): ===\n", len(unusedMsgids))
-		for _, msgid := range unusedMsgids {
-			fmt.Printf("- %s\n", msgid)
-		}
-	}
-
 	if !allowMissingMsgids && gotAnyMsgidError {
 		os.Exit(4)
 	}
-	if !allowUnusedMsgids && len(unusedMsgids) != 0 {
-		os.Exit(5)
-	}
 }
--- a/cmd/admin_auth.go
+++ b/cmd/admin_auth.go
@ -17,15 +17,6 @@ import (
 	"github.com/urfave/cli/v3"
 )

-type (
-	authService struct {
-		initDB            func(ctx context.Context) error
-		createAuthSource  func(context.Context, *auth_model.Source) error
-		updateAuthSource  func(context.Context, *auth_model.Source) error
-		getAuthSourceByID func(ctx context.Context, id int64) (*auth_model.Source, error)
-	}
-)
-
 func microcmdAuthDelete() *cli.Command {
 	return &cli.Command{
 		Name:   "delete",
@ -69,16 +60,6 @@ func microcmdAuthList() *cli.Command {
 	}
 }

-// newAuthService creates a service with default functions.
-func newAuthService() *authService {
-	return &authService{
-		initDB:            initDB,
-		createAuthSource:  auth_model.CreateSource,
-		updateAuthSource:  auth_model.UpdateSource,
-		getAuthSourceByID: auth_model.GetSourceByID,
-	}
-}
-
 func runListAuth(ctx context.Context, c *cli.Command) error {
 	ctx, cancel := installSignals(ctx)
 	defer cancel()
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@ -14,6 +14,15 @@ import (
 	"github.com/urfave/cli/v3"
 )

+type (
+	authService struct {
+		initDB            func(ctx context.Context) error
+		createAuthSource  func(context.Context, *auth.Source) error
+		updateAuthSource  func(context.Context, *auth.Source) error
+		getAuthSourceByID func(ctx context.Context, id int64) (*auth.Source, error)
+	}
+)
+
 func commonLdapCLIFlags() []cli.Flag {
 	return []cli.Flag{
 		&cli.StringFlag{
@ -175,6 +184,16 @@ func microcmdAuthUpdateLdapSimpleAuth() *cli.Command {
 	}
 }

+// newAuthService creates a service with default functions.
+func newAuthService() *authService {
+	return &authService{
+		initDB:            initDB,
+		createAuthSource:  auth.CreateSource,
+		updateAuthSource:  auth.UpdateSource,
+		getAuthSourceByID: auth.GetSourceByID,
+	}
+}
+
 // parseAuthSource assigns values on authSource according to command line flags.
 func parseAuthSource(c *cli.Command, authSource *auth.Source) {
 	if c.IsSet("name") {
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@ -86,11 +86,6 @@ func oauthCLIFlags() []cli.Flag {
 			Value: nil,
 			Usage: "Scopes to request when to authenticate against this OAuth2 source",
 		},
-		&cli.StringFlag{
-			Name:  "attribute-ssh-public-key",
-			Value: "",
-			Usage: "Claim name providing SSH public keys for this source",
-		},
 		&cli.StringFlag{
 			Name:  "required-claim-name",
 			Value: "",
@ -125,10 +120,6 @@ func oauthCLIFlags() []cli.Flag {
 			Name:  "group-team-map-removal",
 			Usage: "Activate automatic team membership removal depending on groups",
 		},
-		&cli.BoolFlag{
-			Name:  "allow-username-change",
-			Usage: "Allow users to change their username",
-		},
 	}
 }

@ -136,7 +127,7 @@ func microcmdAuthAddOauth() *cli.Command {
 	return &cli.Command{
 		Name:   "add-oauth",
 		Usage:  "Add new Oauth authentication source",
-		Action: newAuthService().addOauth,
+		Action: runAddOauth,
 		Flags:  oauthCLIFlags(),
 	}
 }
@ -145,7 +136,7 @@ func microcmdAuthUpdateOauth() *cli.Command {
 	return &cli.Command{
 		Name:   "update-oauth",
 		Usage:  "Update existing Oauth authentication source",
-		Action: newAuthService().updateOauth,
+		Action: runUpdateOauth,
 		Flags:  append(oauthCLIFlags()[:1], append([]cli.Flag{idFlag()}, oauthCLIFlags()[1:]...)...),
 	}
 }
@ -172,7 +163,6 @@ func parseOAuth2Config(_ context.Context, c *cli.Command) *oauth2.Source {
 		IconURL:                       c.String("icon-url"),
 		SkipLocalTwoFA:                c.Bool("skip-local-2fa"),
 		Scopes:                        c.StringSlice("scopes"),
-		AttributeSSHPublicKey:         c.String("attribute-ssh-public-key"),
 		RequiredClaimName:             c.String("required-claim-name"),
 		RequiredClaimValue:            c.String("required-claim-value"),
 		GroupClaimName:                c.String("group-claim-name"),
@ -180,15 +170,14 @@ func parseOAuth2Config(_ context.Context, c *cli.Command) *oauth2.Source {
 		RestrictedGroup:               c.String("restricted-group"),
 		GroupTeamMap:                  c.String("group-team-map"),
 		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
-		AllowUsernameChange:           c.Bool("allow-username-change"),
 	}
 }

-func (a *authService) addOauth(ctx context.Context, c *cli.Command) error {
+func runAddOauth(ctx context.Context, c *cli.Command) error {
 	ctx, cancel := installSignals(ctx)
 	defer cancel()

-	if err := a.initDB(ctx); err != nil {
+	if err := initDB(ctx); err != nil {
 		return err
 	}

@ -200,7 +189,7 @@ func (a *authService) addOauth(ctx context.Context, c *cli.Command) error {
 		}
 	}

-	return a.createAuthSource(ctx, &auth_model.Source{
+	return auth_model.CreateSource(ctx, &auth_model.Source{
 		Type:     auth_model.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
@ -208,7 +197,7 @@ func (a *authService) addOauth(ctx context.Context, c *cli.Command) error {
 	})
 }

-func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
+func runUpdateOauth(ctx context.Context, c *cli.Command) error {
 	if !c.IsSet("id") {
 		return errors.New("--id flag is missing")
 	}
@ -216,11 +205,11 @@ func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
 	ctx, cancel := installSignals(ctx)
 	defer cancel()

-	if err := a.initDB(ctx); err != nil {
+	if err := initDB(ctx); err != nil {
 		return err
 	}

-	source, err := a.getAuthSourceByID(ctx, c.Int64("id"))
+	source, err := auth_model.GetSourceByID(ctx, c.Int64("id"))
 	if err != nil {
 		return err
 	}
@ -255,10 +244,6 @@ func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
 		oAuth2Config.Scopes = c.StringSlice("scopes")
 	}

-	if c.IsSet("attribute-ssh-public-key") {
-		oAuth2Config.AttributeSSHPublicKey = c.String("attribute-ssh-public-key")
-	}
-
 	if c.IsSet("required-claim-name") {
 		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
 	}
@ -282,10 +267,6 @@ func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
 		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
 	}

-	if c.IsSet("allow-username-change") {
-		oAuth2Config.AllowUsernameChange = c.Bool("allow-username-change")
-	}
-
 	// update custom URL mapping
 	customURLMapping := &oauth2.CustomURLMapping{}

@ -319,5 +300,5 @@ func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
 	oAuth2Config.CustomURLMapping = customURLMapping
 	source.Cfg = oAuth2Config

-	return a.updateAuthSource(ctx, source)
+	return auth_model.UpdateSource(ctx, source)
 }
--- a/cmd/admin_auth_oauth_test.go
+++ b/cmd/admin_auth_oauth_test.go
@ -1,706 +0,0 @@
-// Copyright 2025 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package cmd
-
-import (
-	"context"
-	"testing"
-
-	"forgejo.org/models/auth"
-	"forgejo.org/modules/test"
-	"forgejo.org/services/auth/source/oauth2"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/urfave/cli/v3"
-)
-
-func TestAddOauth(t *testing.T) {
-	// Mock cli functions to do not exit on error
-	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
-
-	// Test cases
-	cases := []struct {
-		args   []string
-		source *auth.Source
-		errMsg string
-	}{
-		// case 0
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source full",
-				"--provider", "openidConnect",
-				"--key", "client id",
-				"--secret", "client secret",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-				"--use-custom-urls", "",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-				"--icon-url", "https://example.com/icon.svg",
-				"--skip-local-2fa",
-				"--scopes", "address",
-				"--scopes", "email",
-				"--scopes", "phone",
-				"--scopes", "profile",
-				"--attribute-ssh-public-key", "ssh_public_key",
-				"--required-claim-name", "can_access",
-				"--required-claim-value", "yes",
-				"--group-claim-name", "groups",
-				"--admin-group", "admin",
-				"--restricted-group", "restricted",
-				"--group-team-map", `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-				"--group-team-map-removal",
-				"--allow-username-change",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source full",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					ClientID:                      "client id",
-					ClientSecret:                  "client secret",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					CustomURLMapping: &oauth2.CustomURLMapping{
-						AuthURL:    "https://example.com/auth",
-						TokenURL:   "https://example.com/token",
-						ProfileURL: "https://example.com/profile",
-						EmailURL:   "https://example.com/email",
-						Tenant:     "tenant id",
-					},
-					IconURL:               "https://example.com/icon.svg",
-					Scopes:                []string{"address", "email", "phone", "profile"},
-					AttributeSSHPublicKey: "ssh_public_key",
-					RequiredClaimName:     "can_access",
-					RequiredClaimValue:    "yes",
-					GroupClaimName:        "groups",
-					AdminGroup:            "admin",
-					GroupTeamMap:          `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-					GroupTeamMapRemoval:   true,
-					RestrictedGroup:       "restricted",
-					SkipLocalTwoFA:        true,
-					AllowUsernameChange:   true,
-				},
-			},
-		},
-		// case 1
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source min",
-				"--provider", "openidConnect",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source min",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					Scopes:                        []string{},
-				},
-			},
-		},
-		// case 2
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source `--use-custom-urls` required for `--custom-*` flags",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source `--use-custom-urls` required for `--custom-*` flags",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Scopes: []string{},
-				},
-			},
-		},
-		// case 3
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source `--scopes` aggregates multiple uses",
-				"--provider", "openidConnect",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-				"--scopes", "address",
-				"--scopes", "email",
-				"--scopes", "phone",
-				"--scopes", "profile",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source `--scopes` aggregates multiple uses",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					Scopes:                        []string{"address", "email", "phone", "profile"},
-				},
-			},
-		},
-		// case 4
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source `--scopes` supports commas as separators",
-				"--provider", "openidConnect",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-				"--scopes", "address,email,phone,profile",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source `--scopes` supports commas as separators",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					Scopes:                        []string{"address", "email", "phone", "profile"},
-				},
-			},
-		},
-		// case 5
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source",
-				"--provider", "openidConnect",
-			},
-			errMsg: "invalid Auto Discovery URL:  (this must be a valid URL starting with http:// or https://)",
-		},
-		// case 6
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source",
-				"--provider", "openidConnect",
-				"--auto-discover-url", "example.com",
-			},
-			errMsg: "invalid Auto Discovery URL: example.com (this must be a valid URL starting with http:// or https://)",
-		},
-	}
-
-	for n, c := range cases {
-		// Mock functions.
-		var createdAuthSource *auth.Source
-		service := &authService{
-			initDB: func(context.Context) error {
-				return nil
-			},
-			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				createdAuthSource = authSource
-				return nil
-			},
-			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				assert.FailNow(t, "should not call updateAuthSource", "case: %d", n)
-				return nil
-			},
-			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
-				assert.FailNow(t, "should not call getAuthSourceByID", "case: %d", n)
-				return nil, nil
-			},
-		}
-
-		// Create a copy of command to test
-		app := cli.Command{}
-		app.Flags = microcmdAuthAddOauth().Flags
-		app.Action = service.addOauth
-
-		// Run it
-		err := app.Run(t.Context(), c.args)
-		if c.errMsg != "" {
-			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
-		} else {
-			require.NoError(t, err, "case %d: should have no errors", n)
-			assert.Equal(t, c.source, createdAuthSource, "case %d: wrong authSource", n)
-		}
-	}
-}
-
-func TestUpdateOauth(t *testing.T) {
-	// Mock cli functions to do not exit on error
-	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
-
-	// Test cases
-	cases := []struct {
-		args               []string
-		id                 int64
-		existingAuthSource *auth.Source
-		authSource         *auth.Source
-		errMsg             string
-	}{
-		// case 0
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "23",
-				"--name", "oauth2 (via openidConnect) source full",
-				"--provider", "openidConnect",
-				"--key", "client id",
-				"--secret", "client secret",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-				"--use-custom-urls", "",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-				"--icon-url", "https://example.com/icon.svg",
-				"--skip-local-2fa",
-				"--scopes", "address",
-				"--scopes", "email",
-				"--scopes", "phone",
-				"--scopes", "profile",
-				"--attribute-ssh-public-key", "ssh_public_key",
-				"--required-claim-name", "can_access",
-				"--required-claim-value", "yes",
-				"--group-claim-name", "groups",
-				"--admin-group", "admin",
-				"--restricted-group", "restricted",
-				"--group-team-map", `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-				"--group-team-map-removal",
-			},
-			id: 23,
-			existingAuthSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg:  &oauth2.Source{},
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source full",
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					ClientID:                      "client id",
-					ClientSecret:                  "client secret",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					CustomURLMapping: &oauth2.CustomURLMapping{
-						AuthURL:    "https://example.com/auth",
-						TokenURL:   "https://example.com/token",
-						ProfileURL: "https://example.com/profile",
-						EmailURL:   "https://example.com/email",
-						Tenant:     "tenant id",
-					},
-					IconURL:               "https://example.com/icon.svg",
-					Scopes:                []string{"address", "email", "phone", "profile"},
-					AttributeSSHPublicKey: "ssh_public_key",
-					RequiredClaimName:     "can_access",
-					RequiredClaimValue:    "yes",
-					GroupClaimName:        "groups",
-					AdminGroup:            "admin",
-					GroupTeamMap:          `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-					GroupTeamMapRemoval:   true,
-					RestrictedGroup:       "restricted",
-					// `--skip-local-2fa` is currently ignored.
-					// SkipLocalTwoFA:        true,
-				},
-			},
-		},
-		// case 1
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 2
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source full",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source full",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 3
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--provider", "openidConnect",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					Provider:         "openidConnect",
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 4
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--key", "client id",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					ClientID:         "client id",
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 5
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--secret", "client secret",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					ClientSecret:     "client secret",
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 6
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					CustomURLMapping:              &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 7
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--use-custom-urls", "",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{
-						AuthURL:    "https://example.com/auth",
-						TokenURL:   "https://example.com/token",
-						ProfileURL: "https://example.com/profile",
-						EmailURL:   "https://example.com/email",
-						Tenant:     "tenant id",
-					},
-				},
-			},
-		},
-		// case 8
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source `--use-custom-urls` required for `--custom-*` flags",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source `--use-custom-urls` required for `--custom-*` flags",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 9
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--icon-url", "https://example.com/icon.svg",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					IconURL:          "https://example.com/icon.svg",
-				},
-			},
-		},
-		// case 10
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source `--skip-local-2fa` is currently ignored",
-				"--skip-local-2fa",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source `--skip-local-2fa` is currently ignored",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					// `--skip-local-2fa` is currently ignored.
-					// SkipLocalTwoFA: true,
-				},
-			},
-		},
-		// case 11
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source `--scopes` aggregates multiple uses",
-				"--scopes", "address",
-				"--scopes", "email",
-				"--scopes", "phone",
-				"--scopes", "profile",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source `--scopes` aggregates multiple uses",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					Scopes:           []string{"address", "email", "phone", "profile"},
-				},
-			},
-		},
-		// case 12
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source `--scopes` supports commas as separators",
-				"--scopes", "address,email,phone,profile",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source `--scopes` supports commas as separators",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					Scopes:           []string{"address", "email", "phone", "profile"},
-				},
-			},
-		},
-		// case 13
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--attribute-ssh-public-key", "ssh_public_key",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:      &oauth2.CustomURLMapping{},
-					AttributeSSHPublicKey: "ssh_public_key",
-				},
-			},
-		},
-		// case 14
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--required-claim-name", "can_access",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:  &oauth2.CustomURLMapping{},
-					RequiredClaimName: "can_access",
-				},
-			},
-		},
-		// case 15
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--required-claim-value", "yes",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:   &oauth2.CustomURLMapping{},
-					RequiredClaimValue: "yes",
-				},
-			},
-		},
-		// case 16
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--group-claim-name", "groups",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					GroupClaimName:   "groups",
-				},
-			},
-		},
-		// case 17
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--admin-group", "admin",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					AdminGroup:       "admin",
-				},
-			},
-		},
-		// case 18
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--restricted-group", "restricted",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					RestrictedGroup:  "restricted",
-				},
-			},
-		},
-		// case 19
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--group-team-map", `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					GroupTeamMap:     `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-				},
-			},
-		},
-		// case 20
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--group-team-map-removal",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:    &oauth2.CustomURLMapping{},
-					GroupTeamMapRemoval: true,
-				},
-			},
-		},
-		// case 21
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "23",
-				"--group-team-map-removal=false",
-			},
-			id: 23,
-			existingAuthSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					GroupTeamMapRemoval: true,
-				},
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:    &oauth2.CustomURLMapping{},
-					GroupTeamMapRemoval: false,
-				},
-			},
-		},
-		// case 22
-		{
-			args: []string{
-				"oauth-test",
-			},
-			errMsg: "--id flag is missing",
-		},
-	}
-
-	for n, c := range cases {
-		// Mock functions.
-		var updatedAuthSource *auth.Source
-		service := &authService{
-			initDB: func(context.Context) error {
-				return nil
-			},
-			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				assert.FailNow(t, "should not call createAuthSource", "case: %d", n)
-				return nil
-			},
-			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				updatedAuthSource = authSource
-				return nil
-			},
-			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
-				if c.id != 0 {
-					assert.Equal(t, c.id, id, "case %d: wrong id", n)
-				}
-				if c.existingAuthSource != nil {
-					return c.existingAuthSource, nil
-				}
-				return &auth.Source{
-					Type: auth.OAuth2,
-					Cfg:  &oauth2.Source{},
-				}, nil
-			},
-		}
-
-		// Create a copy of command to test
-		app := cli.Command{}
-		app.Flags = microcmdAuthUpdateOauth().Flags
-		app.Action = service.updateOauth
-
-		// Run it
-		err := app.Run(t.Context(), c.args)
-		if c.errMsg != "" {
-			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
-		} else {
-			require.NoError(t, err, "case %d: should have no errors", n)
-			assert.Equal(t, c.authSource, updatedAuthSource, "case %d: wrong authSource", n)
-		}
-	}
-}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -8,12 +8,11 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io/fs"
+	"io"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
-	"sync"
 	"time"

 	"forgejo.org/models/db"
@ -24,43 +23,36 @@ import (
 	"forgejo.org/modules/util"

 	"code.forgejo.org/go-chi/session"
-	"github.com/mholt/archives"
+	"github.com/mholt/archiver/v3"
 	"github.com/urfave/cli/v3"
 )

-func addObject(archiveJobs chan archives.ArchiveAsyncJob, object fs.File, customName string, verbose bool) error {
+func addReader(w archiver.Writer, r io.ReadCloser, info os.FileInfo, customName string, verbose bool) error {
 	if verbose {
 		log.Info("Adding file %s", customName)
 	}

-	info, err := object.Stat()
-	if err != nil {
-		return err
-	}
-
-	ch := make(chan error)
-
-	archiveJobs <- archives.ArchiveAsyncJob{
-		File: archives.FileInfo{
-			FileInfo:      info,
-			NameInArchive: customName,
-			Open: func() (fs.File, error) {
-				return object, nil
-			},
+	return w.Write(archiver.File{
+		FileInfo: archiver.FileInfo{
+			FileInfo:   info,
+			CustomName: customName,
 		},
-		Result: ch,
-	}
-
-	return <-ch
+		ReadCloser: r,
+	})
 }

-func addFile(archiveJobs chan archives.ArchiveAsyncJob, filePath, absPath string, verbose bool) error {
-	file, err := os.Open(absPath) // Closed by archiver
+func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
+	file, err := os.Open(absPath)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+	fileInfo, err := file.Stat()
 	if err != nil {
 		return err
 	}

-	return addObject(archiveJobs, file, filePath, verbose)
+	return addReader(w, file, fileInfo, filePath, verbose)
 }

 func isSubdir(upper, lower string) (bool, error) {
@ -109,54 +101,6 @@ var outputTypeEnum = &outputType{
 	Default: "zip",
 }

-func getArchiverByType(outType string) (archives.ArchiverAsync, error) {
-	var archiver archives.ArchiverAsync
-	switch outType {
-	case "zip":
-		archiver = archives.Zip{}
-	case "tar":
-		archiver = archives.Tar{}
-	case "tar.sz":
-		archiver = archives.CompressedArchive{
-			Archival:    archives.Tar{},
-			Compression: archives.Sz{},
-		}
-	case "tar.gz":
-		archiver = archives.CompressedArchive{
-			Archival:    archives.Tar{},
-			Compression: archives.Gz{},
-		}
-	case "tar.xz":
-		archiver = archives.CompressedArchive{
-			Archival:    archives.Tar{},
-			Compression: archives.Xz{},
-		}
-	case "tar.bz2":
-		archiver = archives.CompressedArchive{
-			Archival:    archives.Tar{},
-			Compression: archives.Bz2{},
-		}
-	case "tar.br":
-		archiver = archives.CompressedArchive{
-			Archival:    archives.Tar{},
-			Compression: archives.Brotli{},
-		}
-	case "tar.lz4":
-		archiver = archives.CompressedArchive{
-			Archival:    archives.Tar{},
-			Compression: archives.Lz4{},
-		}
-	case "tar.zst":
-		archiver = archives.CompressedArchive{
-			Archival:    archives.Tar{},
-			Compression: archives.Zstd{},
-		}
-	default:
-		return nil, fmt.Errorf("unsupported output type: %s", outType)
-	}
-	return archiver, nil
-}
-
 // CmdDump represents the available dump sub-command.
 func cmdDump() *cli.Command {
 	return &cli.Command{
@ -310,185 +254,46 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 		return err
 	}

-	archiveJobs := make(chan archives.ArchiveAsyncJob)
-	wg := sync.WaitGroup{}
-	archiver, err := getArchiverByType(outType)
+	var iface any
+	if fileName == "-" {
+		iface, err = archiver.ByExtension(fmt.Sprintf(".%s", outType))
+	} else {
+		iface, err = archiver.ByExtension(fileName)
+	}
 	if err != nil {
 		fatal("Failed to get archiver for extension: %v", err)
 	}

+	w, _ := iface.(archiver.Writer)
+	if err := w.Create(file); err != nil {
+		fatal("Creating archiver.Writer failed: %v", err)
+	}
+	defer w.Close()
+
 	if ctx.IsSet("skip-repository") && ctx.Bool("skip-repository") {
 		log.Info("Skipping local repositories")
 	} else {
 		log.Info("Dumping local repositories... %s", setting.RepoRootPath)
-		wg.Add(1)
-		go dumpRepos(ctx, archiveJobs, &wg, absFileName, verbose)
-	}
+		if err := addRecursiveExclude(w, "repos", setting.RepoRootPath, []string{absFileName}, verbose); err != nil {
+			fatal("Failed to include repositories: %v", err)
+		}

-	wg.Add(1)
-	go dumpDatabase(ctx, archiveJobs, &wg, verbose)
-
-	if len(setting.CustomConf) > 0 {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			log.Info("Adding custom configuration file from %s", setting.CustomConf)
-			if err := addFile(archiveJobs, "app.ini", setting.CustomConf, verbose); err != nil {
-				fatal("Failed to include specified app.ini: %v", err)
+		if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
+			log.Info("Skipping LFS data")
+		} else if !setting.LFS.StartServer {
+			log.Info("LFS not enabled - skipping")
+		} else if err := storage.LFS.IterateObjects("", func(objPath string, object storage.Object) error {
+			info, err := object.Stat()
+			if err != nil {
+				return err
 			}
-		}()
-	}

-	if ctx.IsSet("skip-custom-dir") && ctx.Bool("skip-custom-dir") {
-		log.Info("Skipping custom directory")
-	} else {
-		wg.Add(1)
-		go dumpCustom(archiveJobs, &wg, absFileName, verbose)
-	}
-
-	isExist, err := util.IsExist(setting.AppDataPath)
-	if err != nil {
-		log.Error("Failed to check if %s exists: %v", setting.AppDataPath, err)
-	}
-	if isExist {
-		log.Info("Packing data directory...%s", setting.AppDataPath)
-
-		wg.Add(1)
-		go dumpData(ctx, archiveJobs, &wg, absFileName, verbose)
-	}
-
-	if ctx.IsSet("skip-attachment-data") && ctx.Bool("skip-attachment-data") {
-		log.Info("Skipping attachment data")
-	} else {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			if err := storage.Attachments.IterateObjects("", func(objPath string, object storage.Object) error {
-				return addObject(archiveJobs, object, path.Join("data", "attachments", objPath), verbose)
-			}); err != nil {
-				fatal("Failed to dump attachments: %v", err)
-			}
-		}()
-	}
-
-	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
-		log.Info("Skipping package data")
-	} else if !setting.Packages.Enabled {
-		log.Info("Package registry not enabled - skipping")
-	} else {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			if err := storage.Packages.IterateObjects("", func(objPath string, object storage.Object) error {
-				return addObject(archiveJobs, object, path.Join("data", "packages", objPath), verbose)
-			}); err != nil {
-				fatal("Failed to dump packages: %v", err)
-			}
-		}()
-	}
-
-	// Doesn't check if LogRootPath exists before processing --skip-log intentionally,
-	// ensuring that it's clear the dump is skipped whether the directory's initialized
-	// yet or not.
-	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
-		log.Info("Skipping log files")
-	} else {
-		isExist, err := util.IsExist(setting.Log.RootPath)
-		if err != nil {
-			log.Error("Failed to check if %s exists: %v", setting.Log.RootPath, err)
-		}
-		if isExist {
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
-				if err := addRecursiveExclude(archiveJobs, "log", setting.Log.RootPath, []string{absFileName}, verbose); err != nil {
-					fatal("Failed to include log: %v", err)
-				}
-			}()
+			return addReader(w, object, info, path.Join("data", "lfs", objPath), verbose)
+		}); err != nil {
+			fatal("Failed to dump LFS objects: %v", err)
 		}
 	}

-	// Wait for all jobs to finish before closing the channel
-	// ArchiveAsync will only return after the channel is closed
-	go func() {
-		wg.Wait()
-		close(archiveJobs)
-	}()
-
-	if err := archiver.ArchiveAsync(stdCtx, file, archiveJobs); err != nil {
-		_ = util.Remove(fileName)
-
-		fatal("Archiving failed: %v", err)
-	}
-
-	if fileName != "-" {
-		if err := os.Chmod(fileName, 0o600); err != nil {
-			log.Info("Can't change file access permissions mask to 0600: %v", err)
-		}
-
-		log.Info("Finished dumping in file %s", fileName)
-	} else {
-		log.Info("Finished dumping to stdout")
-	}
-
-	return nil
-}
-
-func dumpData(ctx *cli.Command, archiveJobs chan archives.ArchiveAsyncJob, wg *sync.WaitGroup, absFileName string, verbose bool) {
-	defer wg.Done()
-
-	var excludes []string
-	if setting.SessionConfig.OriginalProvider == "file" {
-		var opts session.Options
-		if err := json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
-			fatal("Failed to parse session config: %v", err)
-		}
-		excludes = append(excludes, opts.ProviderConfig)
-	}
-
-	if ctx.IsSet("skip-index") && ctx.Bool("skip-index") {
-		log.Info("Skipping bleve index data")
-		excludes = append(excludes, setting.Indexer.RepoPath)
-		excludes = append(excludes, setting.Indexer.IssuePath)
-	}
-
-	if ctx.IsSet("skip-repo-archives") && ctx.Bool("skip-repo-archives") {
-		log.Info("Skipping repository archives data")
-		excludes = append(excludes, setting.RepoArchive.Storage.Path)
-	}
-
-	excludes = append(excludes, setting.RepoRootPath)
-	excludes = append(excludes, setting.LFS.Storage.Path)
-	excludes = append(excludes, setting.Attachment.Storage.Path)
-	excludes = append(excludes, setting.Packages.Storage.Path)
-	excludes = append(excludes, setting.Log.RootPath)
-	excludes = append(excludes, absFileName)
-	if err := addRecursiveExclude(archiveJobs, "data", setting.AppDataPath, excludes, verbose); err != nil {
-		fatal("Failed to include data directory: %v", err)
-	}
-}
-
-func dumpCustom(archiveJobs chan archives.ArchiveAsyncJob, wg *sync.WaitGroup, absFileName string, verbose bool) {
-	defer wg.Done()
-
-	customDir, err := os.Stat(setting.CustomPath)
-	if err == nil && customDir.IsDir() {
-		if is, _ := isSubdir(setting.AppDataPath, setting.CustomPath); !is {
-			if err := addRecursiveExclude(archiveJobs, "custom", setting.CustomPath, []string{absFileName}, verbose); err != nil {
-				fatal("Failed to include custom: %v", err)
-			}
-		} else {
-			log.Info("Custom dir %s is inside data dir %s, skipping", setting.CustomPath, setting.AppDataPath)
-		}
-	} else {
-		log.Info("Custom dir %s does not exist, skipping", setting.CustomPath)
-	}
-}
-
-func dumpDatabase(ctx *cli.Command, archiveJobs chan archives.ArchiveAsyncJob, wg *sync.WaitGroup, verbose bool) {
-	defer wg.Done()
-
-	var err error
 	tmpDir := ctx.String("tempdir")
 	if tmpDir == "" {
 		tmpDir, err = os.MkdirTemp("", "forgejo-dump-*")
@ -529,32 +334,139 @@ func dumpDatabase(ctx *cli.Command, archiveJobs chan archives.ArchiveAsyncJob, w
 		fatal("Failed to dump database: %v", err)
 	}

-	if err := addFile(archiveJobs, "forgejo-db.sql", dbDump.Name(), verbose); err != nil {
+	if err := addFile(w, "forgejo-db.sql", dbDump.Name(), verbose); err != nil {
 		fatal("Failed to include forgejo-db.sql: %v", err)
 	}
-}

-func dumpRepos(ctx *cli.Command, archiveJobs chan archives.ArchiveAsyncJob, wg *sync.WaitGroup, absFileName string, verbose bool) {
-	defer wg.Done()
-
-	if err := addRecursiveExclude(archiveJobs, "repos", setting.RepoRootPath, []string{absFileName}, verbose); err != nil {
-		fatal("Failed to include repositories: %v", err)
+	if len(setting.CustomConf) > 0 {
+		log.Info("Adding custom configuration file from %s", setting.CustomConf)
+		if err := addFile(w, "app.ini", setting.CustomConf, verbose); err != nil {
+			fatal("Failed to include specified app.ini: %v", err)
+		}
 	}

-	if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
-		log.Info("Skipping LFS data")
-	} else if !setting.LFS.StartServer {
-		log.Info("LFS not enabled - skipping")
-	} else if err := storage.LFS.IterateObjects("", func(objPath string, object storage.Object) error {
-		return addObject(archiveJobs, object, path.Join("data", "lfs", objPath), verbose)
+	if ctx.IsSet("skip-custom-dir") && ctx.Bool("skip-custom-dir") {
+		log.Info("Skipping custom directory")
+	} else {
+		customDir, err := os.Stat(setting.CustomPath)
+		if err == nil && customDir.IsDir() {
+			if is, _ := isSubdir(setting.AppDataPath, setting.CustomPath); !is {
+				if err := addRecursiveExclude(w, "custom", setting.CustomPath, []string{absFileName}, verbose); err != nil {
+					fatal("Failed to include custom: %v", err)
+				}
+			} else {
+				log.Info("Custom dir %s is inside data dir %s, skipping", setting.CustomPath, setting.AppDataPath)
+			}
+		} else {
+			log.Info("Custom dir %s does not exist, skipping", setting.CustomPath)
+		}
+	}
+
+	isExist, err := util.IsExist(setting.AppDataPath)
+	if err != nil {
+		log.Error("Failed to check if %s exists: %v", setting.AppDataPath, err)
+	}
+	if isExist {
+		log.Info("Packing data directory...%s", setting.AppDataPath)
+
+		var excludes []string
+		if setting.SessionConfig.OriginalProvider == "file" {
+			var opts session.Options
+			if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
+				return err
+			}
+			excludes = append(excludes, opts.ProviderConfig)
+		}
+
+		if ctx.IsSet("skip-index") && ctx.Bool("skip-index") {
+			log.Info("Skipping bleve index data")
+			excludes = append(excludes, setting.Indexer.RepoPath)
+			excludes = append(excludes, setting.Indexer.IssuePath)
+		}
+
+		if ctx.IsSet("skip-repo-archives") && ctx.Bool("skip-repo-archives") {
+			log.Info("Skipping repository archives data")
+			excludes = append(excludes, setting.RepoArchive.Storage.Path)
+		}
+
+		excludes = append(excludes, setting.RepoRootPath)
+		excludes = append(excludes, setting.LFS.Storage.Path)
+		excludes = append(excludes, setting.Attachment.Storage.Path)
+		excludes = append(excludes, setting.Packages.Storage.Path)
+		excludes = append(excludes, setting.Log.RootPath)
+		excludes = append(excludes, absFileName)
+		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
+			fatal("Failed to include data directory: %v", err)
+		}
+	}
+
+	if ctx.IsSet("skip-attachment-data") && ctx.Bool("skip-attachment-data") {
+		log.Info("Skipping attachment data")
+	} else if err := storage.Attachments.IterateObjects("", func(objPath string, object storage.Object) error {
+		info, err := object.Stat()
+		if err != nil {
+			return err
+		}
+
+		return addReader(w, object, info, path.Join("data", "attachments", objPath), verbose)
 	}); err != nil {
-		fatal("Failed to dump LFS objects: %v", err)
+		fatal("Failed to dump attachments: %v", err)
 	}
+
+	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
+		log.Info("Skipping package data")
+	} else if !setting.Packages.Enabled {
+		log.Info("Package registry not enabled - skipping")
+	} else if err := storage.Packages.IterateObjects("", func(objPath string, object storage.Object) error {
+		info, err := object.Stat()
+		if err != nil {
+			return err
+		}
+
+		return addReader(w, object, info, path.Join("data", "packages", objPath), verbose)
+	}); err != nil {
+		fatal("Failed to dump packages: %v", err)
+	}
+
+	// Doesn't check if LogRootPath exists before processing --skip-log intentionally,
+	// ensuring that it's clear the dump is skipped whether the directory's initialized
+	// yet or not.
+	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
+		log.Info("Skipping log files")
+	} else {
+		isExist, err := util.IsExist(setting.Log.RootPath)
+		if err != nil {
+			log.Error("Failed to check if %s exists: %v", setting.Log.RootPath, err)
+		}
+		if isExist {
+			if err := addRecursiveExclude(w, "log", setting.Log.RootPath, []string{absFileName}, verbose); err != nil {
+				fatal("Failed to include log: %v", err)
+			}
+		}
+	}
+
+	if fileName != "-" {
+		if err = w.Close(); err != nil {
+			_ = util.Remove(fileName)
+			fatal("Failed to save %s: %v", fileName, err)
+		}
+
+		if err := os.Chmod(fileName, 0o600); err != nil {
+			log.Info("Can't change file access permissions mask to 0600: %v", err)
+		}
+	}
+
+	if fileName != "-" {
+		log.Info("Finish dumping in file %s", fileName)
+	} else {
+		log.Info("Finish dumping to stdout")
+	}
+
+	return nil
 }

 // addRecursiveExclude zips absPath to specified insidePath inside writer excluding excludeAbsPath
-// archives.FilesFromDisk doesn't support excluding files, so we have to do it manually
-func addRecursiveExclude(archiveJobs chan archives.ArchiveAsyncJob, insidePath, absPath string, excludeAbsPath []string, verbose bool) error {
+func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeAbsPath []string, verbose bool) error {
 	absPath, err := filepath.Abs(absPath)
 	if err != nil {
 		return err
@ -579,11 +491,10 @@ func addRecursiveExclude(archiveJobs chan archives.ArchiveAsyncJob, insidePath,
 		}

 		if file.IsDir() {
-			if err := addFile(archiveJobs, currentInsidePath, currentAbsPath, false); err != nil {
+			if err := addFile(w, currentInsidePath, currentAbsPath, false); err != nil {
 				return err
 			}
-
-			if err := addRecursiveExclude(archiveJobs, currentInsidePath, currentAbsPath, excludeAbsPath, verbose); err != nil {
+			if err = addRecursiveExclude(w, currentInsidePath, currentAbsPath, excludeAbsPath, verbose); err != nil {
 				return err
 			}
 		} else {
@ -601,7 +512,7 @@ func addRecursiveExclude(archiveJobs chan archives.ArchiveAsyncJob, insidePath,
 				shouldAdd = targetStat.Mode().IsRegular()
 			}
 			if shouldAdd {
-				if err := addFile(archiveJobs, currentInsidePath, currentAbsPath, verbose); err != nil {
+				if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
 					return err
 				}
 			}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@ -82,11 +82,6 @@ wiki, issues, labels, releases, release_assets, milestones, pull_requests, comme
 }

 func runDumpRepository(stdCtx context.Context, ctx *cli.Command) error {
-	setupConsoleLogger(log.INFO, log.CanColorStderr, os.Stderr)
-
-	// setting.DisableLoggerInit()
-	setting.LoadSettings() // cannot access skip_tls_verify settings otherwise
-
 	stdCtx, cancel := installSignals(stdCtx)
 	defer cancel()

--- a/cmd/dump_test.go
+++ b/cmd/dump_test.go
@ -4,32 +4,40 @@
 package cmd

 import (
+	"io"
 	"os"
 	"testing"

-	"github.com/mholt/archives"
+	"github.com/mholt/archiver/v3"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

-func mockArchiverAsync(ch chan archives.ArchiveAsyncJob, files *[]string) {
-	for job := range ch {
-		*files = append(*files, job.File.NameInArchive)
-		job.Result <- nil
-	}
+type mockArchiver struct {
+	addedFiles []string
+}
+
+func (mockArchiver) Create(out io.Writer) error {
+	return nil
+}
+
+func (m *mockArchiver) Write(f archiver.File) error {
+	m.addedFiles = append(m.addedFiles, f.Name())
+	return nil
+}
+
+func (mockArchiver) Close() error {
+	return nil
 }

 func TestAddRecursiveExclude(t *testing.T) {
 	t.Run("Empty", func(t *testing.T) {
-		ch := make(chan archives.ArchiveAsyncJob)
-		var files []string
-		go mockArchiverAsync(ch, &files)
-
 		dir := t.TempDir()
+		archiver := &mockArchiver{}

-		err := addRecursiveExclude(ch, "", dir, []string{}, false)
+		err := addRecursiveExclude(archiver, "", dir, []string{}, false)
 		require.NoError(t, err)
-		assert.Empty(t, files)
+		assert.Empty(t, archiver.addedFiles)
 	})

 	t.Run("Single file", func(t *testing.T) {
@ -38,25 +46,20 @@ func TestAddRecursiveExclude(t *testing.T) {
 		require.NoError(t, err)

 		t.Run("No exclude", func(t *testing.T) {
-			ch := make(chan archives.ArchiveAsyncJob)
-			var files []string
-			go mockArchiverAsync(ch, &files)
+			archiver := &mockArchiver{}

-			err := addRecursiveExclude(ch, "", dir, nil, false)
+			err = addRecursiveExclude(archiver, "", dir, nil, false)
 			require.NoError(t, err)
-
-			assert.Len(t, files, 1)
-			assert.Contains(t, files, "example")
+			assert.Len(t, archiver.addedFiles, 1)
+			assert.Contains(t, archiver.addedFiles, "example")
 		})

 		t.Run("With exclude", func(t *testing.T) {
-			ch := make(chan archives.ArchiveAsyncJob)
-			var files []string
-			go mockArchiverAsync(ch, &files)
+			archiver := &mockArchiver{}

-			err := addRecursiveExclude(ch, "", dir, []string{dir + "/example"}, false)
+			err = addRecursiveExclude(archiver, "", dir, []string{dir + "/example"}, false)
 			require.NoError(t, err)
-			assert.Empty(t, files)
+			assert.Empty(t, archiver.addedFiles)
 		})
 	})

@ -70,57 +73,46 @@ func TestAddRecursiveExclude(t *testing.T) {
 		require.NoError(t, err)

 		t.Run("No exclude", func(t *testing.T) {
-			ch := make(chan archives.ArchiveAsyncJob)
-			var files []string
-			go mockArchiverAsync(ch, &files)
+			archiver := &mockArchiver{}

-			err := addRecursiveExclude(ch, "", dir, nil, false)
+			err = addRecursiveExclude(archiver, "", dir, nil, false)
 			require.NoError(t, err)
-			assert.Len(t, files, 5)
-
-			assert.Contains(t, files, "deep")
-			assert.Contains(t, files, "deep/nested")
-			assert.Contains(t, files, "deep/nested/folder")
-			assert.Contains(t, files, "deep/nested/folder/example")
-			assert.Contains(t, files, "deep/nested/folder/another-file")
+			assert.Len(t, archiver.addedFiles, 5)
+			assert.Contains(t, archiver.addedFiles, "deep")
+			assert.Contains(t, archiver.addedFiles, "deep/nested")
+			assert.Contains(t, archiver.addedFiles, "deep/nested/folder")
+			assert.Contains(t, archiver.addedFiles, "deep/nested/folder/example")
+			assert.Contains(t, archiver.addedFiles, "deep/nested/folder/another-file")
 		})

 		t.Run("Exclude first directory", func(t *testing.T) {
-			ch := make(chan archives.ArchiveAsyncJob)
-			var files []string
-			go mockArchiverAsync(ch, &files)
+			archiver := &mockArchiver{}

-			err := addRecursiveExclude(ch, "", dir, []string{dir + "/deep"}, false)
+			err = addRecursiveExclude(archiver, "", dir, []string{dir + "/deep"}, false)
 			require.NoError(t, err)
-			assert.Empty(t, files)
+			assert.Empty(t, archiver.addedFiles)
 		})

 		t.Run("Exclude nested directory", func(t *testing.T) {
-			ch := make(chan archives.ArchiveAsyncJob)
-			var files []string
-			go mockArchiverAsync(ch, &files)
+			archiver := &mockArchiver{}

-			err := addRecursiveExclude(ch, "", dir, []string{dir + "/deep/nested/folder"}, false)
+			err = addRecursiveExclude(archiver, "", dir, []string{dir + "/deep/nested/folder"}, false)
 			require.NoError(t, err)
-			assert.Len(t, files, 2)
-
-			assert.Contains(t, files, "deep")
-			assert.Contains(t, files, "deep/nested")
+			assert.Len(t, archiver.addedFiles, 2)
+			assert.Contains(t, archiver.addedFiles, "deep")
+			assert.Contains(t, archiver.addedFiles, "deep/nested")
 		})

 		t.Run("Exclude file", func(t *testing.T) {
-			ch := make(chan archives.ArchiveAsyncJob)
-			var files []string
-			go mockArchiverAsync(ch, &files)
+			archiver := &mockArchiver{}

-			err := addRecursiveExclude(ch, "", dir, []string{dir + "/deep/nested/folder/example"}, false)
+			err = addRecursiveExclude(archiver, "", dir, []string{dir + "/deep/nested/folder/example"}, false)
 			require.NoError(t, err)
-			assert.Len(t, files, 4)
-
-			assert.Contains(t, files, "deep")
-			assert.Contains(t, files, "deep/nested")
-			assert.Contains(t, files, "deep/nested/folder")
-			assert.Contains(t, files, "deep/nested/folder/another-file")
+			assert.Len(t, archiver.addedFiles, 4)
+			assert.Contains(t, archiver.addedFiles, "deep")
+			assert.Contains(t, archiver.addedFiles, "deep/nested")
+			assert.Contains(t, archiver.addedFiles, "deep/nested/folder")
+			assert.Contains(t, archiver.addedFiles, "deep/nested/folder/another-file")
 		})
 	})
 }
--- a/cmd/hook.go
+++ b/cmd/hook.go
@ -231,6 +231,8 @@ Forgejo or set your environment appropriately.`, "")
 		}
 	}

+	supportProcReceive := git.CheckGitVersionAtLeast("2.29") == nil
+
 	for scanner.Scan() {
 		// TODO: support news feeds for wiki
 		if isWiki {
@ -248,25 +250,31 @@ Forgejo or set your environment appropriately.`, "")
 		total++
 		lastline++

-		// All references should be checked because permission check was delayed.
-		oldCommitIDs[count] = oldCommitID
-		newCommitIDs[count] = newCommitID
-		refFullNames[count] = refFullName
-		count++
-		fmt.Fprint(out, "*")
+		// If the ref is a branch or tag, check if it's protected
+		// if supportProcReceive all ref should be checked because
+		// permission check was delayed
+		if supportProcReceive || refFullName.IsBranch() || refFullName.IsTag() {
+			oldCommitIDs[count] = oldCommitID
+			newCommitIDs[count] = newCommitID
+			refFullNames[count] = refFullName
+			count++
+			fmt.Fprint(out, "*")

-		if count >= hookBatchSize {
-			fmt.Fprintf(out, " Checking %d references\n", count)
+			if count >= hookBatchSize {
+				fmt.Fprintf(out, " Checking %d references\n", count)

-			hookOptions.OldCommitIDs = oldCommitIDs
-			hookOptions.NewCommitIDs = newCommitIDs
-			hookOptions.RefFullNames = refFullNames
-			extra := private.HookPreReceive(ctx, username, reponame, hookOptions)
-			if extra.HasError() {
-				return fail(ctx, extra.UserMsg, "HookPreReceive(batch) failed: %v", extra.Error)
+				hookOptions.OldCommitIDs = oldCommitIDs
+				hookOptions.NewCommitIDs = newCommitIDs
+				hookOptions.RefFullNames = refFullNames
+				extra := private.HookPreReceive(ctx, username, reponame, hookOptions)
+				if extra.HasError() {
+					return fail(ctx, extra.UserMsg, "HookPreReceive(batch) failed: %v", extra.Error)
+				}
+				count = 0
+				lastline = 0
 			}
-			count = 0
-			lastline = 0
+		} else {
+			fmt.Fprint(out, ".")
 		}
 		if lastline >= hookBatchSize {
 			fmt.Fprint(out, "\n")
@ -505,6 +513,10 @@ Forgejo or set your environment appropriately.`, "")
 		return nil
 	}

+	if git.CheckGitVersionAtLeast("2.29") != nil {
+		return fail(ctx, "No proc-receive support", "current git version doesn't support proc-receive.")
+	}
+
 	reader := bufio.NewReader(os.Stdin)
 	repoUser := os.Getenv(repo_module.EnvRepoUsername)
 	repoName := os.Getenv(repo_module.EnvRepoName)
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@ -44,11 +44,6 @@ func defaultLoggingFlags() []cli.Flag {
 			Aliases: []string{"e"},
 			Usage:   "Matching expression for the logger",
 		},
-		&cli.StringFlag{
-			Name:    "exclusion",
-			Aliases: []string{"x"},
-			Usage:   "Exclusion for the logger",
-		},
 		&cli.StringFlag{
 			Name:    "prefix",
 			Aliases: []string{"p"},
@ -291,9 +286,6 @@ func commonAddLogger(ctx context.Context, c *cli.Command, mode string, vals map[
 	if len(c.String("expression")) > 0 {
 		vals["expression"] = c.String("expression")
 	}
-	if len(c.String("exclusion")) > 0 {
-		vals["exclusion"] = c.String("exclusion")
-	}
 	if len(c.String("prefix")) > 0 {
 		vals["prefix"] = c.String("prefix")
 	}
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -88,14 +88,6 @@ var (
 	alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
 )

-func sshLog(ctx context.Context, level log.Level, message string) error {
-	if testing.Testing() || setting.InternalToken == "" {
-		return nil
-	}
-
-	return private.SSHLog(ctx, level, message)
-}
-
 // fail prints message to stdout, it's mainly used for git serv and git hook commands.
 // The output will be passed to git client and shown to user.
 func fail(ctx context.Context, userMessage, logMsgFmt string, args ...any) error {
@ -120,7 +112,10 @@ func fail(ctx context.Context, userMessage, logMsgFmt string, args ...any) error
 				logMsg = userMessage + ". " + logMsg
 			}
 		}
-		_ = sshLog(ctx, log.ERROR, logMsg)
+		// Don't send an log if this is done in a test and no InternalToken is set.
+		if !testing.Testing() || setting.InternalToken != "" {
+			_ = private.SSHLog(ctx, true, logMsg)
+		}
 	}
 	return cli.Exit("", 1)
 }
@ -198,10 +193,12 @@ func runServ(ctx context.Context, c *cli.Command) error {
 	}

 	if len(words) < 2 {
-		// for AGit Flow
-		if cmd == "ssh_info" {
-			fmt.Print(`{"type":"agit","version":1}`)
-			return nil
+		if git.CheckGitVersionAtLeast("2.29") == nil {
+			// for AGit Flow
+			if cmd == "ssh_info" {
+				fmt.Print(`{"type":"agit","version":1}`)
+				return nil
+			}
 		}
 		return fail(ctx, "Too few arguments", "Too few arguments in cmd: %s", cmd)
 	}
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@ -15,7 +15,6 @@ import (
 	"forgejo.org/modules/graceful"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/process"
-	"forgejo.org/modules/proxy"
 	"forgejo.org/modules/setting"

 	"github.com/caddyserver/certmagic"
@ -77,12 +76,6 @@ func runACME(listenAddr string, m http.Handler) error {
 		ListenHost:              setting.HTTPAddr,
 		AltTLSALPNPort:          altTLSALPNPort,
 		AltHTTPPort:             altHTTPPort,
-		HTTPProxy:               proxy.Proxy(),
-	}
-
-	// Preserve behavior to use Let's encrypt test CA when Let's encrypt is CA.
-	if certmagic.DefaultACME.CA == certmagic.LetsEncryptProductionCA {
-		certmagic.DefaultACME.TestCA = certmagic.LetsEncryptStagingCA
 	}

 	magic := certmagic.NewDefault()
--- a/contrib/coverage-helper.sh
+++ b/contrib/coverage-helper.sh
@ -1,50 +0,0 @@
-#!/bin/bash
-
-set -e
-#set -x
-PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}:  '
-
-#
-# Those must be explicitly required and are excluded from the full list of packages because they
-# would interfere with the testing fixtures.
-#
-excluded+='forgejo.org/models/migrations|'                # must be run before database specific tests
-excluded+='forgejo.org/models/forgejo_migrations|'        # must be run before database specific tests
-excluded+='forgejo.org/tests/integration/migration-test|' # must be run before database specific tests
-excluded+='forgejo.org/tests|'                            # only tests, no coverage to get there
-excluded+='forgejo.org/tests/e2e|'                        # JavaScript is not in scope here and if it adds coverage it should not be counted
-excluded+='FAKETERMINATOR'                                # do not modify
-
-: ${COVERAGEDIR:=$(pwd)/coverage/data}
-: ${GO:=$(go env GOROOT)/bin/go}
-
-DEFAULT_TEST_PACKAGES=$($GO list ./... | grep -E -v "$excluded")
-
-COVERED_PACKAGES=$($GO list ./...)
-COVERED_PACKAGES=$(echo $COVERED_PACKAGES | sed -e 's/ /,/g')
-
-function run_test() {
-  local package="$1"
-  if echo "$package" | grep --quiet --fixed-string ".."; then
-    echo "$package contains a suspicious .."
-    return 1
-  fi
-
-  local coverage="$COVERAGEDIR/$COVERAGE_TEST_DATABASE/$package"
-  rm -fr $coverage
-  mkdir -p $coverage
-
-  #
-  # -race cannot be used because it requires -covermode atomic which is
-  # different from the end-to-end tests and would cause issues wen merging
-  #
-  $GO test -timeout=20m -tags='sqlite sqlite_unlock_notify' -cover $package -coverpkg $COVERED_PACKAGES $COVERAGE_TEST_ARGS -args -test.gocoverdir=$coverage |& grep -v 'warning: no packages being tested depend on matches for pattern'
-}
-
-function test_packages() {
-  for package in ${@:-$DEFAULT_TEST_PACKAGES}; do
-    run_test $package
-  done
-}
-
-"$@"
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -449,9 +449,6 @@ INTERNAL_TOKEN =
 ;; How long to remember that a user is logged in before requiring relogin (in days)
 ;LOGIN_REMEMBER_DAYS = 31
 ;;
-;; Require 2FA globally for none|all|admin.
-;GLOBAL_TWO_FACTOR_REQUIREMENT = none
-;;
 ;; Name of cookie used to store authentication information.
 ;COOKIE_REMEMBER_NAME = gitea_incredible
 ;;
@ -595,10 +592,13 @@ LEVEL = Info
 ;BUFFER_LEN = 10000
 ;;
 ;; Sub logger modes, a single comma means use default MODE above, empty means disable it
-;LOGGER_ACCESS_MODE=
-;LOGGER_ROUTER_MODE=,
-;LOGGER_XORM_MODE=,
-;LOGGER_SSH_MODE= ;; SSH logs from ssh git request
+;logger.access.MODE=
+;logger.router.MODE=,
+;logger.xorm.MODE=,
+;;
+;; Collect SSH logs (Creates log from ssh git request)
+;;
+;ENABLE_SSH_LOG = false
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@ -631,7 +631,6 @@ LEVEL = Info
 ;LEVEL=
 ;FLAGS = stdflags or journald
 ;EXPRESSION =
-;EXCLUSION =
 ;PREFIX =
 ;COLORIZE = false
 ;;
@ -1586,11 +1585,6 @@ LEVEL = Info
 ;; If enabled it will be possible for users to report abusive content (new actions are added in the UI and /report_abuse route will be enabled) and a new Moderation section will be added to Admin settings where the reports can be reviewed.
 ;ENABLED = false

-;; How long to keep resolved abuse reports for.
-;; Applies to reports that have been marked as ignored or handled
-;; Can be 1 hour, 7 days etc
-;KEEP_RESOLVED_REPORTS_FOR = 0
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[openid]
@ -1773,9 +1767,6 @@ LEVEL = Info
 ;; Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;PASSWD =
 ;;
-;; Alternative location to specify mailer password. You cannot specify both this and PASSWD, and must pick one
-;PASSWD_URI = file:/etc/forgejo/mailer_passwd
-;;
 ;; Send mails only in plain text, without HTML alternative
 ;SEND_AS_PLAIN_TEXT = false
 ;;
@ -1828,9 +1819,6 @@ LEVEL = Info
 ;; Password of the receiving account
 ;PASSWORD =
 ;;
-;; Alternative location to specify password of the receiving account. You cannot specify both this and PASSWORD, and must pick one
-;PASSWORD_URI = file:/etc/forgejo/email_incoming_password
-;;
 ;; Whether the IMAP server uses TLS.
 ;USE_TLS = false
 ;;
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@ -153,7 +153,7 @@ export default tseslint.config(

      '@stylistic/quotes': [2, 'single', {
        avoidEscape: true,
-        allowTemplateLiterals: 'always',
+        allowTemplateLiterals: true,
      }],

      '@stylistic/rest-spread-spacing': [2, 'never'],
@ -799,7 +799,6 @@ export default tseslint.config(
      'unicorn/prefer-array-some': [2],
      'unicorn/prefer-at': [0],
      'unicorn/prefer-blob-reading-methods': [2],
-      'unicorn/prefer-classlist-toggle': [2],
      'unicorn/prefer-code-point': [0],
      'unicorn/prefer-date-now': [2],
      'unicorn/prefer-default-parameters': [0],
--- a/go.mod
+++ b/go.mod
@ -1,8 +1,8 @@
 module forgejo.org

-go 1.24.0
+go 1.24

-toolchain go1.24.7
+toolchain go1.24.4

 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.0
@ -10,7 +10,6 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v11 v11.0.0
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
@ -25,11 +24,11 @@ require (
 	github.com/ProtonMail/go-crypto v1.3.0
 	github.com/PuerkitoBio/goquery v1.10.3
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
-	github.com/alecthomas/chroma/v2 v2.20.0
+	github.com/alecthomas/chroma/v2 v2.18.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
 	github.com/blevesearch/bleve/v2 v2.5.2
 	github.com/buildkite/terminal-to-html/v3 v3.16.8
-	github.com/caddyserver/certmagic v0.24.0
+	github.com/caddyserver/certmagic v0.23.0
 	github.com/chi-middleware/proxy v1.1.1
 	github.com/djherbis/buffer v1.2.0
 	github.com/djherbis/nio/v3 v3.0.1
@ -41,44 +40,46 @@ require (
 	github.com/fsnotify/fsnotify v1.9.0
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
-	github.com/go-ap/jsonld v0.0.0-20250905102310-8480b0fe24d9
-	github.com/go-chi/chi/v5 v5.2.3
-	github.com/go-chi/cors v1.2.2
+	github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73
+	github.com/go-chi/chi/v5 v5.2.2
+	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.9.2
+	github.com/go-git/go-git/v5 v5.13.2
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/go-openapi/spec v0.21.0
 	github.com/go-sql-driver/mysql v1.9.3
-	github.com/go-webauthn/webauthn v0.13.4
+	github.com/go-webauthn/webauthn v0.13.0
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
-	github.com/golang-jwt/jwt/v5 v5.3.0
+	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
 	github.com/google/go-github/v64 v64.0.0
-	github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5
+	github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
 	github.com/gorilla/sessions v1.4.0
 	github.com/hashicorp/go-version v1.7.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/huandu/xstrings v1.5.0
-	github.com/inbucket/html2text v0.9.0
-	github.com/jhillyerd/enmime/v2 v2.2.0
+	github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056
+	github.com/jhillyerd/enmime/v2 v2.1.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/klauspost/compress v1.18.0
-	github.com/klauspost/cpuid/v2 v2.2.11
+	github.com/klauspost/cpuid/v2 v2.2.10
 	github.com/lib/pq v1.10.9
 	github.com/markbates/goth v1.80.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.32
-	github.com/meilisearch/meilisearch-go v0.34.0
-	github.com/mholt/archives v0.1.3
+	github.com/mattn/go-sqlite3 v1.14.28
+	github.com/meilisearch/meilisearch-go v0.31.0
+	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/minio/minio-go/v7 v7.0.95
+	github.com/minio/minio-go/v7 v7.0.94
 	github.com/msteinert/pam/v2 v2.1.0
-	github.com/niklasfasching/go-org v1.9.1
+	github.com/nektos/act v0.2.52
+	github.com/niklasfasching/go-org v1.8.0
 	github.com/olivere/elastic/v7 v7.0.32
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
@ -88,27 +89,27 @@ require (
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/sergi/go-diff v1.4.0
-	github.com/stretchr/testify v1.11.1
+	github.com/stretchr/testify v1.10.0
 	github.com/syndtr/goleveldb v1.0.0
-	github.com/ulikunitz/xz v0.5.15
-	github.com/urfave/cli/v3 v3.4.1
+	github.com/ulikunitz/xz v0.5.12
+	github.com/urfave/cli/v3 v3.3.3
 	github.com/valyala/fastjson v1.6.4
 	github.com/yohcop/openid-go v1.0.1
-	github.com/yuin/goldmark v1.7.13
+	github.com/yuin/goldmark v1.7.12
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.130.1
-	go.uber.org/mock v0.6.0
-	go.yaml.in/yaml/v3 v3.0.4
-	golang.org/x/crypto v0.42.0
-	golang.org/x/image v0.31.0
-	golang.org/x/net v0.44.0
-	golang.org/x/oauth2 v0.31.0
-	golang.org/x/sync v0.17.0
-	golang.org/x/sys v0.36.0
-	golang.org/x/text v0.29.0
-	google.golang.org/protobuf v1.36.9
+	go.uber.org/mock v0.5.2
+	golang.org/x/crypto v0.39.0
+	golang.org/x/image v0.27.0
+	golang.org/x/net v0.41.0
+	golang.org/x/oauth2 v0.30.0
+	golang.org/x/sync v0.15.0
+	golang.org/x/sys v0.33.0
+	golang.org/x/text v0.26.0
+	google.golang.org/protobuf v1.36.4
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
+	gopkg.in/yaml.v3 v3.0.1
 	mvdan.cc/xurls/v2 v2.5.0
 	xorm.io/builder v0.3.13
 	xorm.io/xorm v1.3.9
@ -116,13 +117,12 @@ require (

 require (
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
-	dario.cat/mergo v1.0.2 // indirect
+	dario.cat/mergo v1.0.0 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/RoaringBitmap/roaring/v2 v2.4.5 // indirect
-	github.com/STARRY-S/zip v0.2.1 // indirect
-	github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3 // indirect
+	github.com/andybalholm/brotli v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.3 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
@ -145,40 +145,35 @@ require (
 	github.com/blevesearch/zapx/v14 v14.4.2 // indirect
 	github.com/blevesearch/zapx/v15 v15.4.2 // indirect
 	github.com/blevesearch/zapx/v16 v16.2.4 // indirect
-	github.com/bmatcuk/doublestar/v4 v4.8.0 // indirect
-	github.com/bodgit/plumbing v1.3.0 // indirect
-	github.com/bodgit/sevenzip v1.6.0 // indirect
-	github.com/bodgit/windows v1.0.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf // indirect
 	github.com/caddyserver/zerossl v0.1.3 // indirect
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
-	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dlclark/regexp2 v1.11.5 // indirect
 	github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/fatih/color v1.18.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
+	github.com/fatih/color v1.16.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
 	github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
-	github.com/go-git/go-git/v5 v5.16.2 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.1 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.1 // indirect
-	github.com/go-webauthn/x v0.1.23 // indirect
+	github.com/go-webauthn/x v0.1.21 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
-	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
@ -188,38 +183,31 @@ require (
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
-	github.com/libdns/libdns v1.0.0 // indirect
+	github.com/libdns/libdns v1.0.0-beta.1 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/markbates/going v1.0.3 // indirect
-	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
-	github.com/mattn/go-shellwords v1.0.12 // indirect
 	github.com/mholt/acmez/v3 v3.1.2 // indirect
 	github.com/miekg/dns v1.1.63 // indirect
-	github.com/mikelolasagasti/xz v1.0.1 // indirect
-	github.com/minio/crc64nvme v1.0.2 // indirect
+	github.com/minio/crc64nvme v1.0.1 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
-	github.com/minio/minlz v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/mrjones/oauth v0.0.0-20190623134757-126b35219450 // indirect
 	github.com/mschoch/smat v0.2.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nwaples/rardecode/v2 v2.1.0 // indirect
-	github.com/olekukonko/errors v1.1.0 // indirect
-	github.com/olekukonko/ll v0.0.9 // indirect
-	github.com/olekukonko/tablewriter v1.0.7 // indirect
+	github.com/nwaples/rardecode v1.1.3 // indirect
+	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
-	github.com/philhofer/fwd v1.2.0 // indirect
+	github.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pjbgf/sha1cd v0.3.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@ -227,34 +215,35 @@ require (
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/rhysd/actionlint v1.7.7 // indirect
+	github.com/rhysd/actionlint v1.6.27 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/rs/xid v1.6.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skeema/knownhosts v1.3.1 // indirect
-	github.com/sorairolake/lzip-go v0.3.5 // indirect
+	github.com/skeema/knownhosts v1.3.0 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
 	github.com/tinylib/msgp v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/zeebo/assert v1.3.0 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
-	go.etcd.io/bbolt v1.4.3 // indirect
+	go.etcd.io/bbolt v1.4.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	go.uber.org/zap/exp v0.3.0 // indirect
-	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/mod v0.27.0 // indirect
-	golang.org/x/time v0.13.0 // indirect
-	golang.org/x/tools v0.36.0 // indirect
+	golang.org/x/mod v0.25.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	golang.org/x/tools v0.34.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

 replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1

+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.28.0
+
 replace github.com/mholt/archiver/v3 => code.forgejo.org/forgejo/archiver/v3 v3.5.1

 replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616
--- a/go.sum
+++ b/go.sum
@ -1,25 +1,13 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 code.forgejo.org/f3/gof3/v3 v3.11.0 h1:f/xToKwqTgxG6PYxvewywjDQyCcyHEEJ6sZqUitFsAE=
 code.forgejo.org/f3/gof3/v3 v3.11.0/go.mod h1:4FaRUNSQGBiD1M0DuB0yNv+Z2wMtlOeckgygHSSq4KQ=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251 h1:HTZl3CBk3ABNYtFI6TPLvJgGKFIhKT5CBk0sbOtkDKU=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
+code.forgejo.org/forgejo/act v1.28.0 h1:96njNC7C1YNyjWq5OWvLZMF/nw0PMthzIA8Nwbnn7jo=
+code.forgejo.org/forgejo/act v1.28.0/go.mod h1:dFuiwAmD5vyrzecysHB2kL/GM3wRpoVPl+WdbCTC8Bs=
+code.forgejo.org/forgejo/archiver/v3 v3.5.1 h1:UmmbA7D5550uf71SQjarmrn6yKwOGxtEjb3jaYYtmSE=
+code.forgejo.org/forgejo/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0 h1:RZGGeKt70p/WaIEL97pyT6uiiEIoN8/aLmS5Z6WmX0M=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0/go.mod h1:cg+VbgLXfrDPza9T+kBsMb3TVmmzPN4XseT6gDGLSUk=
 code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078 h1:RArF5AsF9LH4nEoJxqRxcP5r8hhRfWcId84G82YbqzA=
@ -28,8 +16,6 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v11 v11.0.0 h1:PDChRbwPzoflwP05QHn8YyvRDvnU5yVq/X3sdZojXr8=
-code.forgejo.org/forgejo/runner/v11 v11.0.0/go.mod h1:ZJokNf9nZItjsfSjC/9zHbUvf5LXYUi+On+1Bg/pO3g=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@ -48,9 +34,8 @@ codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570 h1:TXbikPqa7YRtf
 codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570/go.mod h1:IIAjsijsd8q1isWX8MACefDEgTQslQ4stk2AeeTt3kM=
 connectrpc.com/connect v1.18.1 h1:PAg7CjSAGvscaf6YZKUefjoih5Z/qYkyaTrBW8xvYPw=
 connectrpc.com/connect v1.18.1/go.mod h1:0292hj1rnx8oFrStN7cB4jjVBeqs+Yx5yDIC2prWDO8=
-dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
-dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
@ -63,8 +48,6 @@ github.com/6543/go-version v1.3.1 h1:HvOp+Telns7HWJ2Xo/05YXQSB2bE0WmVgbHqwMPZT4U
 github.com/6543/go-version v1.3.1/go.mod h1:oqFAHCwtLVUTLdhQmVZWYvaHXTdsbB4SY85at64SQEo=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
@ -74,22 +57,21 @@ github.com/PuerkitoBio/goquery v1.10.3 h1:pFYcNSqHxBD06Fpj/KsbStFRsgRATgnf3LeXiU
 github.com/PuerkitoBio/goquery v1.10.3/go.mod h1:tMUX0zDMHXYlAQk6p35XxQMqMweEKB7iK7iLNd4RH4Y=
 github.com/RoaringBitmap/roaring/v2 v2.4.5 h1:uGrrMreGjvAtTBobc0g5IrW1D5ldxDQYe2JW2gggRdg=
 github.com/RoaringBitmap/roaring/v2 v2.4.5/go.mod h1:FiJcsfkGje/nZBZgCu0ZxCPOKD/hVXDS2dXi7/eUFE0=
-github.com/STARRY-S/zip v0.2.1 h1:pWBd4tuSGm3wtpoqRZZ2EAwOmcHK6XFf7bU9qcJXyFg=
-github.com/STARRY-S/zip v0.2.1/go.mod h1:xNvshLODWtC4EJ702g7cTYn13G53o1+X9BWnPFpcWV4=
 github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2 h1:cSXom2MoKJ9KPPw29RoZtHvUETY4F4n/kXl8m9btnQ0=
 github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2/go.mod h1:JitQWJ8JuV4Y87l8VsHiiwhb3cgdyn68mX40s7NT6PA=
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
-github.com/alecthomas/chroma/v2 v2.20.0 h1:sfIHpxPyR07/Oylvmcai3X/exDlE8+FA820NTz+9sGw=
-github.com/alecthomas/chroma/v2 v2.20.0/go.mod h1:e7tViK0xh/Nf4BYHl00ycY6rV7b8iXBksI9E359yNmA=
+github.com/alecthomas/chroma/v2 v2.18.0 h1:6h53Q4hW83SuF+jcsp7CVhLsMozzvQvO8HBbKQW+gn4=
+github.com/alecthomas/chroma/v2 v2.18.0/go.mod h1:RVX6AvYm4VfYe/zsk7mjHueLDZor3aWCNE14TFlepBk=
 github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
-github.com/alecthomas/repr v0.5.1 h1:E3G4t2QbHTSNpPKBgMTln5KLkZHLOcU7r37J4pXBuIg=
-github.com/alecthomas/repr v0.5.1/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
+github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=
+github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
 github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA=
 github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
-github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3 h1:8PmGpDEZl9yDpcdEr6Odf23feCxK3LNUNMxjXg41pZQ=
-github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
+github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
+github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
+github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
 github.com/andybalholm/cascadia v1.3.3 h1:AG2YHrzJIm4BZ19iwJ/DAua6Btl3IwJX+VI4kktS1LM=
 github.com/andybalholm/cascadia v1.3.3/go.mod h1:xNd9bqTn98Ln4DwST8/nG+H0yuB8Hmgu1YHNnWw0GeA=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
@ -141,14 +123,6 @@ github.com/blevesearch/zapx/v15 v15.4.2 h1:sWxpDE0QQOTjyxYbAVjt3+0ieu8NCE0fDRaFx
 github.com/blevesearch/zapx/v15 v15.4.2/go.mod h1:1pssev/59FsuWcgSnTa0OeEpOzmhtmr/0/11H0Z8+Nw=
 github.com/blevesearch/zapx/v16 v16.2.4 h1:tGgfvleXTAkwsD5mEzgM3zCS/7pgocTCnO1oyAUjlww=
 github.com/blevesearch/zapx/v16 v16.2.4/go.mod h1:Rti/REtuuMmzwsI8/C/qIzRaEoSK/wiFYw5e5ctUKKs=
-github.com/bmatcuk/doublestar/v4 v4.8.0 h1:DSXtrypQddoug1459viM9X9D3dp1Z7993fw36I2kNcQ=
-github.com/bmatcuk/doublestar/v4 v4.8.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
-github.com/bodgit/plumbing v1.3.0 h1:pf9Itz1JOQgn7vEOE7v7nlEfBykYqvUYioC61TwWCFU=
-github.com/bodgit/plumbing v1.3.0/go.mod h1:JOTb4XiRu5xfnmdnDJo6GmSbSbtSyufrsyZFByMtKEs=
-github.com/bodgit/sevenzip v1.6.0 h1:a4R0Wu6/P1o1pP/3VV++aEOcyeBxeO/xE2Y9NSTrr6A=
-github.com/bodgit/sevenzip v1.6.0/go.mod h1:zOBh9nJUof7tcrlqJFv1koWRrhz3LbDbUNngkuZxLMc=
-github.com/bodgit/windows v1.0.1 h1:tF7K6KOluPYygXa3Z2594zxlkbKPAOvqr97etrGNIz4=
-github.com/bodgit/windows v1.0.1/go.mod h1:a6JLwrB4KrTR5hBpp8FI9/9W9jJfeQ2h4XDXU74ZCdM=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
@ -160,11 +134,10 @@ github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/buildkite/terminal-to-html/v3 v3.16.8 h1:QN/daUob6cmK8GcdKnwn9+YTlPr1vNj+oeAIiJK6fPc=
 github.com/buildkite/terminal-to-html/v3 v3.16.8/go.mod h1:+k1KVKROZocrTLsEQ9PEf9A+8+X8uaVV5iO1ZIOwKYM=
-github.com/caddyserver/certmagic v0.24.0 h1:EfXTWpxHAUKgDfOj6MHImJN8Jm4AMFfMT6ITuKhrDF0=
-github.com/caddyserver/certmagic v0.24.0/go.mod h1:xPT7dC1DuHHnS2yuEQCEyks+b89sUkMENh8dJF+InLE=
+github.com/caddyserver/certmagic v0.23.0 h1:CfpZ/50jMfG4+1J/u2LV6piJq4HOfO6ppOnOf7DkFEU=
+github.com/caddyserver/certmagic v0.23.0/go.mod h1:9mEZIWqqWoI+Gf+4Trh04MOVPD0tGSxtqsxg87hAIH4=
 github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+YTAyA=
 github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a h1:MISbI8sU/PSK/ztvmWKFcI7UGb5/HQT7B+i3a2myKgI=
 github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a/go.mod h1:2GxOXOlEPAMFPfp014mK1SWq8G8BN8o7/dfYqJrVGn8=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@ -174,18 +147,14 @@ github.com/chi-middleware/proxy v1.1.1/go.mod h1:jQwMEJct2tz9VmtCELxvnXoMfa+SOdi
 github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=
 github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs=
 github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
 github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
-github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
+github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM=
+github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@ -204,6 +173,7 @@ github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55k
 github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ=
 github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
 github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 h1:2tV76y6Q9BB+NEBasnqvs7e49aEBFI8ejC89PSnWH+4=
 github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
 github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY=
@ -211,8 +181,8 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.3 h1:XVUp6qW3BIkmM3/1EkrHpa6bL56APOynfXcZEmIgOhs=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.3/go.mod h1:ThHVc+hqbUsmE1wmK/MASpQEhCleWu1JDJDNhUOMy0c=
-github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
-github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
+github.com/elazarl/goproxy v1.4.0 h1:4GyuSbFa+s26+3rmYNSuUVsx+HgPrV1bk1jXI0l9wjM=
+github.com/elazarl/goproxy v1.4.0/go.mod h1:X/5W/t+gzDyLfHW4DrMdpjqYjpXsURlBt9lpBDxZZZQ=
 github.com/emersion/go-imap v1.2.1 h1:+s9ZjMEjOB8NzZMVTM3cCenz2JrQIGGo5j1df19WjTA=
 github.com/emersion/go-imap v1.2.1/go.mod h1:Qlx1FSx2FTxjnjWpIlVNEuX+ylerZQNFE5NsmKFSejY=
 github.com/emersion/go-message v0.15.0/go.mod h1:wQUEfE+38+7EW8p8aZ96ptg6bAb1iwdgej19uXASlE4=
@ -222,10 +192,8 @@ github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43/go.mod h1:iL2twTe
 github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594/go.mod h1:aqO8z8wPrjkscevZJFVE1wXJrLpC5LtJG7fqLOsPb2U=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
-github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/felixge/fgprof v0.9.5 h1:8+vR6yu2vvSKn08urWyEuxx75NWPEvybbkBirEpsbVY=
 github.com/felixge/fgprof v0.9.5/go.mod h1:yKl+ERSa++RYOs32d8K6WEXCB4uXdLls4ZaZPpayhMM=
 github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
@ -234,22 +202,21 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
-github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9 h1:j2TrkUG/NATGi/EQS+MvEoF79CxiRUmT16ErFroNcKI=
 github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9/go.mod h1:cJ9Ye0ZNSMN7RzZDBRY3E+8M3Bpf/R1JX22Ir9yX6WI=
 github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 h1:I2nuhyVI/48VXoRCCZR2hYBgnSXa+EuDJf/VyX06TC0=
 github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7/go.mod h1:5x8a6P/dhmMGFxWLcyYlyOuJ2lRNaHGhRv+yu8BaTSI=
+github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73 h1:GMKIYXyXPGIp+hYiWOhfqK4A023HdgisDT4YGgf99mw=
 github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73/go.mod h1:jyveZeGw5LaADntW+UEsMjl3IlIwk+DxlYNsbofQkGA=
-github.com/go-ap/jsonld v0.0.0-20250905102310-8480b0fe24d9 h1:gaBrU/E+usPHIafDIC2EwvZbehvgAEuu78Jk0zjxw5w=
-github.com/go-ap/jsonld v0.0.0-20250905102310-8480b0fe24d9/go.mod h1:4h93IBxgfnE/DEleMLgJ/XCeu/RtQ+MUh3ucANseeXA=
 github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
 github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-chi/chi/v5 v5.0.1/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
-github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE=
-github.com/go-chi/chi/v5 v5.2.3/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
-github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
-github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
+github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618=
+github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
+github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=
 github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY=
 github.com/go-enry/go-enry/v2 v2.9.2 h1:giOQAtCgBX08kosrX818DCQJTCNtKwoPBGu0qb6nKTY=
@ -264,10 +231,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN
 github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.16.2 h1:fT6ZIOjE5iEnkzKyxTHK1W4HGAsPhqEqiSAssSO77hM=
-github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-git/go-git/v5 v5.13.2 h1:7O7xvsK7K+rZPKW6AQR1YyNhfywkv7B8/FsP3ki6Zv0=
+github.com/go-git/go-git/v5 v5.13.2/go.mod h1:hWdW5P4YZRjmpGHwRH2v3zkWcNl6HeXaXQEMGb3NJ9A=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A=
@ -285,10 +250,10 @@ github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI6
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-webauthn/webauthn v0.13.4 h1:q68qusWPcqHbg9STSxBLBHnsKaLxNO0RnVKaAqMuAuQ=
-github.com/go-webauthn/webauthn v0.13.4/go.mod h1:MglN6OH9ECxvhDqoq1wMoF6P6JRYDiQpC9nc5OomQmI=
-github.com/go-webauthn/x v0.1.23 h1:9lEO0s+g8iTyz5Vszlg/rXTGrx3CjcD0RZQ1GPZCaxI=
-github.com/go-webauthn/x v0.1.23/go.mod h1:AJd3hI7NfEp/4fI6T4CHD753u91l510lglU7/NMN6+E=
+github.com/go-webauthn/webauthn v0.13.0 h1:cJIL1/1l+22UekVhipziAaSgESJxokYkowUqAIsWs0Y=
+github.com/go-webauthn/webauthn v0.13.0/go.mod h1:Oy9o2o79dbLKRPZWWgRIOdtBGAhKnDIaBp2PFkICRHs=
+github.com/go-webauthn/x v0.1.21 h1:nFbckQxudvHEJn2uy1VEi713MeSpApoAv9eRqsb9AdQ=
+github.com/go-webauthn/x v0.1.21/go.mod h1:sEYohtg1zL4An1TXIUIQ5csdmoO+WO0R4R2pGKaHYKA=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
@ -300,26 +265,16 @@ github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f h1:3BSP1Tbs2djlpprl7w
 github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
 github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85 h1:UjoPNDAQ5JPCjlxoJd6K8ALZqSDDhk2ymieAZOVaDg0=
 github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85/go.mod h1:fR6z1Ie6rtF7kl/vBYMfgD5/G5B1blui7z426/sj2DU=
+github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
 github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
-github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
-github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
@ -329,13 +284,11 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@ -353,20 +306,13 @@ github.com/google/go-tpm v0.9.5/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
-github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5 h1:xhMrHhTJ6zxu3gA4enFM9MLn9AY7613teCdFnlUVbSQ=
-github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=
@ -381,19 +327,12 @@ github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kX
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
 github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
 github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
@ -401,32 +340,30 @@ github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSo
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
-github.com/inbucket/html2text v0.9.0 h1:ULJmVcBEMAcmLE+/rN815KG1Fx6+a4HhbUxiDiN+qks=
-github.com/inbucket/html2text v0.9.0/go.mod h1:QDaumzl+/OzlSVbNohhmg+yAy5pKjUjzCKW2BMvztKE=
+github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056 h1:iCHtR9CQyktQ5+f3dMVZfwD2KWJUgm7M0gdL9NGr8KA=
+github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jhillyerd/enmime/v2 v2.2.0 h1:Pe35MB96eZK5Q0XjlvPftOgWypQpd1gcbfJKAt7rsB8=
-github.com/jhillyerd/enmime/v2 v2.2.0/go.mod h1:SOBXlCemjhiV2DvHhAKnJiWrtJGS/Ffuw4Iy7NjBTaI=
+github.com/jhillyerd/enmime/v2 v2.1.0 h1:c8Qwi5Xq5EdtMN6byQWoZ/8I2RMTo6OJ7Xay+s1oPO0=
+github.com/jhillyerd/enmime/v2 v2.1.0/go.mod h1:EJ74dcRbBcqHSP2TBu08XRoy6y3Yx0cevwb1YkGMEmQ=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
+github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.11 h1:0OwqZRYI2rFrjS4kvkDnqJkKHdHaRnCm68/DY4OxRzU=
-github.com/klauspost/cpuid/v2 v2.2.11/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
 github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@ -443,8 +380,8 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/libdns/libdns v1.0.0 h1:IvYaz07JNz6jUQ4h/fv2R4sVnRnm77J/aOuC9B+TQTA=
-github.com/libdns/libdns v1.0.0/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
+github.com/libdns/libdns v1.0.0-beta.1 h1:KIf4wLfsrEpXpZ3vmc/poM8zCATXT2klbdPe6hyOBjQ=
+github.com/libdns/libdns v1.0.0-beta.1/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
 github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
@ -452,36 +389,30 @@ github.com/markbates/going v1.0.3 h1:mY45T5TvW+Xz5A6jY7lf4+NLg9D8+iuStIHyR7M8qsE
 github.com/markbates/going v1.0.3/go.mod h1:fQiT6v6yQar9UD6bd/D4Z5Afbk9J6BBVBtLiyY4gp2o=
 github.com/markbates/goth v1.80.0 h1:NnvatczZDzOs1hn9Ug+dVYf2Viwwkp/ZDX5K+GLjan8=
 github.com/markbates/goth v1.80.0/go.mod h1:4/GYHo+W6NWisrMPZnq0Yr2Q70UntNLn7KXEFhrIdAY=
-github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
-github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
-github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/meilisearch/meilisearch-go v0.34.0 h1:P+Ohdx4/PCxXaoI5wNi0LMwPkuiNrF/kGIzBrKYS4tw=
-github.com/meilisearch/meilisearch-go v0.34.0/go.mod h1:cUVJZ2zMqTvvwIMEEAdsWH+zrHsrLpAw6gm8Lt1MXK0=
+github.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEum7A=
+github.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/meilisearch/meilisearch-go v0.31.0 h1:yZRhY1qJqdH8h6GFZALGtkDLyj8f9v5aJpsNMyrUmnY=
+github.com/meilisearch/meilisearch-go v0.31.0/go.mod h1:aNtyuwurDg/ggxQIcKqWH6G9g2ptc8GyY7PLY4zMn/g=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=
 github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
-github.com/mholt/archives v0.1.3 h1:aEAaOtNra78G+TvV5ohmXrJOAzf++dIlYeDW3N9q458=
-github.com/mholt/archives v0.1.3/go.mod h1:LUCGp++/IbV/I0Xq4SzcIR6uwgeh2yjnQWamjRQfLTU=
 github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=
 github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=
 github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY=
 github.com/miekg/dns v1.1.63/go.mod h1:6NGHfjhpmr5lt3XPLuyfDJi5AXbNIPM9PY6H6sF1Nfs=
-github.com/mikelolasagasti/xz v1.0.1 h1:Q2F2jX0RYJUG3+WsM+FJknv+6eVjsjXNDV0KJXZzkD0=
-github.com/mikelolasagasti/xz v1.0.1/go.mod h1:muAirjiOUxPRXwm9HdDtB3uoRPrGnL85XHtokL9Hcgc=
-github.com/minio/crc64nvme v1.0.2 h1:6uO1UxGAD+kwqWWp7mBFsi5gAse66C4NXO8cmcVculg=
-github.com/minio/crc64nvme v1.0.2/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
+github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY=
+github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.95 h1:ywOUPg+PebTMTzn9VDsoFJy32ZuARN9zhB+K3IYEvYU=
-github.com/minio/minio-go/v7 v7.0.95/go.mod h1:wOOX3uxS334vImCNRVyIDdXX9OsXDm89ToynKgqUKlo=
-github.com/minio/minlz v1.0.0 h1:Kj7aJZ1//LlTP1DM8Jm7lNKvvJS2m74gyyXXn3+uJWQ=
-github.com/minio/minlz v1.0.0/go.mod h1:qT0aEB35q79LLornSzeDH75LBf3aH1MV+jB5w9Wasec=
+github.com/minio/minio-go/v7 v7.0.94 h1:1ZoksIKPyaSt64AVOyaQvhDOgVC3MfZsWM6mZXRUGtM=
+github.com/minio/minio-go/v7 v7.0.94/go.mod h1:71t2CqDt3ThzESgZUlU1rBN54mksGGlkLcFgguDnnAc=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@ -497,19 +428,16 @@ github.com/msteinert/pam/v2 v2.1.0 h1:er5F9TKV5nGFuTt12ubtqPHEUdeBwReP7vd3wovidG
 github.com/msteinert/pam/v2 v2.1.0/go.mod h1:KT28NNIcDFf3PcBmNI2mIGO4zZJ+9RSs/At2PB3IDVc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/niklasfasching/go-org v1.9.1 h1:/3s4uTPOF06pImGa2Yvlp24yKXZoTYM+nsIlMzfpg/0=
-github.com/niklasfasching/go-org v1.9.1/go.mod h1:ZAGFFkWvUQcpazmi/8nHqwvARpr1xpb+Es67oUGX/48=
-github.com/nwaples/rardecode/v2 v2.1.0 h1:JQl9ZoBPDy+nIZGb1mx8+anfHp/LV3NE2MjMiv0ct/U=
-github.com/nwaples/rardecode/v2 v2.1.0/go.mod h1:7uz379lSxPe6j9nvzxUZ+n7mnJNgjsRNb6IbvGVHRmw=
+github.com/niklasfasching/go-org v1.8.0 h1:WyGLaajLLp8JbQzkmapZ1y0MOzKuKV47HkZRloi+HGY=
+github.com/niklasfasching/go-org v1.8.0/go.mod h1:e2A9zJs7cdONrEGs3gvxCcaAEpwwPNPG7csDpXckMNg=
+github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
+github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9lEc=
+github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/olekukonko/errors v1.1.0 h1:RNuGIh15QdDenh+hNvKrJkmxxjV4hcS50Db478Ou5sM=
-github.com/olekukonko/errors v1.1.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
-github.com/olekukonko/ll v0.0.9 h1:Y+1YqDfVkqMWuEQMclsF9HUR5+a82+dxJuL1HHSRpxI=
-github.com/olekukonko/ll v0.0.9/go.mod h1:En+sEW0JNETl26+K8eZ6/W4UQ7CYSrrgg/EdIYT2H8g=
-github.com/olekukonko/tablewriter v1.0.7 h1:HCC2e3MM+2g72M81ZcJU11uciw6z/p82aEnm4/ySDGw=
-github.com/olekukonko/tablewriter v1.0.7/go.mod h1:H428M+HzoUXC6JU2Abj9IT9ooRmdq9CxuDmKMtrOCMs=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/olivere/elastic/v7 v7.0.32 h1:R7CXvbu8Eq+WlsLgxmKVKPox0oOwAE/2T9Si5BnvK6E=
 github.com/olivere/elastic/v7 v7.0.32/go.mod h1:c7PVmLe3Fxq77PIfY/bZmxY/TAamBhCzZ8xDOE09a9k=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@ -527,8 +455,9 @@ github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3I
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
 github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
-github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
-github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
+github.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c h1:dAMKvw0MlJT1GshSTtih8C2gDs04w8dReiOGXrGLNoY=
+github.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
+github.com/pierrec/lz4/v4 v4.1.2/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
 github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
@ -543,7 +472,6 @@ github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
 github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk=
 github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
@ -554,21 +482,19 @@ github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhi
 github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
-github.com/rhysd/actionlint v1.7.7 h1:0KgkoNTrYY7vmOCs9BW2AHxLvvpoY9nEUzgBHiPUr0k=
-github.com/rhysd/actionlint v1.7.7/go.mod h1:AE6I6vJEkNaIfWqC2GNE5spIJNhxf8NCtLEKU4NnUXg=
+github.com/rhysd/actionlint v1.6.27 h1:xxwe8YmveBcC8lydW6GoHMGmB6H/MTqUU60F2p10wjw=
+github.com/rhysd/actionlint v1.6.27/go.mod h1:m2nFUjAnOrxCMXuOMz9evYBRCLUsMnKY2IJl/N5umbk=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
-github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
-github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
-github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd/go.mod h1:hPqNNc0+uJM6H+SuU8sEs5K5IQeKccPqeSjfgcKGgPk=
 github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ=
 github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU=
 github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs=
@ -577,10 +503,8 @@ github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepq
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8=
-github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
-github.com/sorairolake/lzip-go v0.3.5 h1:ms5Xri9o1JBIWvOFAorYtUNik6HI3HgBTkISiqu0Cwg=
-github.com/sorairolake/lzip-go v0.3.5/go.mod h1:N0KYq5iWrMXI0ZEXKXaS9hCyOjZUQdBDEIbXfoUwbdk=
+github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
+github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf h1:pvbZ0lM0XWPBqUKqFU8cmavspvIl9nulOYwdy6IFRRo=
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -595,23 +519,26 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
-github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
 github.com/tinylib/msgp v1.3.0 h1:ULuf7GPooDaIlbyvgAxBV/FI7ynli6LZ1/nVUNu+0ww=
 github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
-github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli/v3 v3.4.1 h1:1M9UOCy5bLmGnuu1yn3t3CB4rG79Rtoxuv1sPhnm6qM=
-github.com/urfave/cli/v3 v3.4.1/go.mod h1:FJSKtM/9AiiTOJL4fJ6TbMUkxBXn7GO9guZqoZtpYpo=
+github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
+github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/urfave/cli/v3 v3.3.3 h1:byCBaVdIXuLPIDm5CYZRVG6NvT7tv1ECqdU4YzlEa3I=
+github.com/urfave/cli/v3 v3.3.3/go.mod h1:FJSKtM/9AiiTOJL4fJ6TbMUkxBXn7GO9guZqoZtpYpo=
 github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
+github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/yohcop/openid-go v1.0.1 h1:DPRd3iPO5F6O5zX2e62XpVAbPT6wV51cuucH0z9g3js=
@ -619,8 +546,8 @@ github.com/yohcop/openid-go v1.0.1/go.mod h1:b/AvD03P0KHj4yuihb+VtLD6bYYgsy0zqBz
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yuin/goldmark v1.7.13 h1:GPddIs617DnBLFFVJFgpo1aBfe/4xcvMc3SB5t/D0pA=
-github.com/yuin/goldmark v1.7.13/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+github.com/yuin/goldmark v1.7.12 h1:YwGP/rrea2/CnCtUHgjuolG/PnMxdQtPMO5PvaE2/nY=
+github.com/yuin/goldmark v1.7.12/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I=
 github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
@ -631,32 +558,22 @@ github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
 github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
 gitlab.com/gitlab-org/api/client-go v0.130.1 h1:1xF5C5Zq3sFeNg3PzS2z63oqrxifne3n/OnbI7nptRc=
 gitlab.com/gitlab-org/api/client-go v0.130.1/go.mod h1:ZhSxLAWadqP6J9lMh40IAZOlOxBLPRh7yFOXR/bMJWM=
-go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
-go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.etcd.io/bbolt v1.4.0 h1:TU77id3TnN/zKr7CO/uk+fBCwF2jGcMuw2B/FMAzYIk=
+go.etcd.io/bbolt v1.4.0/go.mod h1:AsD+OCi/qPN1giOX1aiLAha3o1U8rAz65bvN4j0sRuk=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
-go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
+go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
+go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go.uber.org/zap/exp v0.3.0 h1:6JYzdifzYkGmTdRR59oYH+Ng7k49H9qVpWwNSsGJj3U=
 go.uber.org/zap/exp v0.3.0/go.mod h1:5I384qq7XGxYyByIhHm6jg5CHkGY0nsTfbDLgDDlgJQ=
-go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
-go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-go4.org v0.0.0-20230225012048-214862532bf5 h1:nifaUDeh+rPaBCMPMQHZmvJf+QdpLFnuQPwx+LxVmtc=
-go4.org v0.0.0-20230225012048-214862532bf5/go.mod h1:F57wTi5Lrj6WLyswp5EYV1ncrEbFGHD4hhz6S1ZYeaU=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
@ -666,59 +583,23 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
-golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.31.0 h1:mLChjE2MV6g1S7oqbXC0/UcKijjm5fnJLUYKIYrLESA=
-golang.org/x/image v0.31.0/go.mod h1:R9ec5Lcp96v9FTF+ajwaH3uGxPH4fKfHHAVbUILxghA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/image v0.27.0 h1:C8gA4oWU/tKkdCfYT6T2u4faJu3MeNS5O8UPWlPF61w=
+golang.org/x/image v0.27.0/go.mod h1:xbdrClrAUway1MUTEZDq9mz/UpRwYAkFFNUslZtcB+g=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
-golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@ -731,21 +612,12 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
-golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
-golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
+golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -753,25 +625,15 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -783,6 +645,7 @@ golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@ -790,8 +653,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@ -801,12 +664,9 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
-golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
@ -816,88 +676,31 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
-golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
-golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
+golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
+golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
-google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
+google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
+google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@ -925,11 +728,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 lukechampine.com/uint128 v1.2.0 h1:mBi/5l91vocEN8otkC5bDLhi2KdCticRiwbdB0O+rjI=
 lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
 modernc.org/cc/v3 v3.40.0 h1:P3g79IUS/93SYhtoeaHW+kRCIrYaxJ27MFPv+7kaTOw=
@ -952,9 +750,6 @@ modernc.org/token v1.0.1 h1:A3qvTqOwexpfZZeyI0FeGPDlSWX5pjZu9hF4lU+EKWg=
 modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 mvdan.cc/xurls/v2 v2.5.0 h1:lyBNOm8Wo71UknhUs4QTFUNNMyxy2JEIaKKo0RWOh+8=
 mvdan.cc/xurls/v2 v2.5.0/go.mod h1:yQgaGQ1rFtJUzkmKiHYSSfuQxqfYmd//X6PxvholpeE=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 xorm.io/builder v0.3.13 h1:a3jmiVVL19psGeXx8GIurTp7p0IIgqeDmwhcR6BAOAo=
 xorm.io/builder v0.3.13/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
 xorm.io/xorm v1.3.9 h1:TUovzS0ko+IQ1XnNLfs5dqK1cJl1H5uHpWbWqAQ04nU=
--- a/models/actions/artifact.go
+++ b/models/actions/artifact.go
@ -108,7 +108,6 @@ func UpdateArtifactByID(ctx context.Context, id int64, art *ActionArtifact) erro

 type FindArtifactsOptions struct {
 	db.ListOptions
-	ID           int64
 	RepoID       int64
 	RunID        int64
 	ArtifactName string
@ -117,9 +116,6 @@ type FindArtifactsOptions struct {

 func (opts FindArtifactsOptions) ToConds() builder.Cond {
 	cond := builder.NewCond()
-	if opts.ID > 0 {
-		cond = cond.And(builder.Eq{"id": opts.ID})
-	}
 	if opts.RepoID > 0 {
 		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
 	}
@ -136,13 +132,6 @@ func (opts FindArtifactsOptions) ToConds() builder.Cond {
 	return cond
 }

-var _ db.FindOptionsOrder = FindArtifactsOptions{}
-
-// ToOrders implements db.FindOptionsOrder, to have a stable order
-func (opts FindArtifactsOptions) ToOrders() string {
-	return "id"
-}
-
 // ActionArtifactMeta is the meta data of an artifact
 type ActionArtifactMeta struct {
 	ArtifactName string
--- a/models/actions/main_test.go
+++ b/models/actions/main_test.go
@ -15,10 +15,6 @@ func TestMain(m *testing.M) {
 			"action_runner.yml",
 			"repository.yml",
 			"action_runner_token.yml",
-			"user.yml",
-			"action_run.yml",
-			"action_run_job.yml",
-			"action_task.yml",
 		},
 	})
 }
--- a/models/actions/run.go
+++ b/models/actions/run.go
@ -21,7 +21,7 @@ import (
 	"forgejo.org/modules/util"
 	webhook_module "forgejo.org/modules/webhook"

-	"code.forgejo.org/forgejo/runner/v11/act/jobparser"
+	"github.com/nektos/act/pkg/jobparser"
 	"xorm.io/builder"
 )

@ -309,26 +309,15 @@ func GetLatestRunForBranchAndWorkflow(ctx context.Context, repoID int64, branch,
 }

 func GetRunByID(ctx context.Context, id int64) (*ActionRun, error) {
-	run, has, err := GetRunByIDWithHas(ctx, id)
+	var run ActionRun
+	has, err := db.GetEngine(ctx).Where("id=?", id).Get(&run)
 	if err != nil {
 		return nil, err
 	} else if !has {
 		return nil, fmt.Errorf("run with id %d: %w", id, util.ErrNotExist)
 	}

-	return run, nil
-}
-
-func GetRunByIDWithHas(ctx context.Context, id int64) (*ActionRun, bool, error) {
-	var run ActionRun
-	has, err := db.GetEngine(ctx).Where("id=?", id).Get(&run)
-	if err != nil {
-		return nil, false, err
-	} else if !has {
-		return nil, false, nil
-	}
-
-	return &run, true, nil
+	return &run, nil
 }

 func GetRunByIndex(ctx context.Context, repoID, index int64) (*ActionRun, error) {
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@ -44,38 +44,6 @@ func init() {
 	db.RegisterModel(new(ActionRunJob))
 }

-func (job *ActionRunJob) HTMLURL(ctx context.Context) (string, error) {
-	if job.Run == nil || job.Run.Repo == nil {
-		return "", fmt.Errorf("action_run_job: load run and repo before accessing HTMLURL")
-	}
-
-	// Find the "index" of the currently selected job... kinda ugly that the URL uses the index rather than some other
-	// unique identifier of the job which could actually be stored upon it.  But hard to change that now.
-	allJobs, err := GetRunJobsByRunID(ctx, job.RunID)
-	if err != nil {
-		return "", err
-	}
-	jobIndex := -1
-	for i, otherJob := range allJobs {
-		if job.ID == otherJob.ID {
-			jobIndex = i
-			break
-		}
-	}
-	if jobIndex == -1 {
-		return "", fmt.Errorf("action_run_job: unable to find job on run: %d", job.ID)
-	}
-
-	attempt := job.Attempt
-	// If a job has never been fetched by a runner yet, it will have attempt 0 -- but this attempt will never have a
-	// valid UI since attempt is incremented to 1 if it is picked up by a runner.
-	if attempt == 0 {
-		attempt = 1
-	}
-
-	return fmt.Sprintf("%s/actions/runs/%d/jobs/%d/attempt/%d", job.Run.Repo.HTMLURL(), job.Run.Index, jobIndex, attempt), nil
-}
-
 func (job *ActionRunJob) Duration() time.Duration {
 	return calculateDuration(job.Started, job.Stopped, job.Status)
 }
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@ -3,14 +3,9 @@
 package actions

 import (
-	"fmt"
 	"testing"

-	"forgejo.org/models/db"
-	"forgejo.org/models/unittest"
-
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )

 func TestActionRunJob_ItRunsOn(t *testing.T) {
@ -32,41 +27,3 @@ func TestActionRunJob_ItRunsOn(t *testing.T) {

 	assert.False(t, actionJob.ItRunsOn(agentLabels))
 }
-
-func TestActionRunJob_HTMLURL(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	tests := []struct {
-		id       int64
-		expected string
-	}{
-		{
-			id:       192,
-			expected: "https://try.gitea.io/user5/repo4/actions/runs/187/jobs/0/attempt/1",
-		},
-		{
-			id:       393,
-			expected: "https://try.gitea.io/user2/repo1/actions/runs/187/jobs/1/attempt/1",
-		},
-		{
-			id:       394,
-			expected: "https://try.gitea.io/user2/repo1/actions/runs/187/jobs/2/attempt/2",
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(fmt.Sprintf("id=%d", tt.id), func(t *testing.T) {
-			var job ActionRunJob
-			has, err := db.GetEngine(t.Context()).Where("id=?", tt.id).Get(&job)
-			require.NoError(t, err)
-			require.True(t, has, "load ActionRunJob from fixture")
-
-			err = job.LoadAttributes(t.Context())
-			require.NoError(t, err)
-
-			url, err := job.HTMLURL(t.Context())
-			require.NoError(t, err)
-			assert.Equal(t, tt.expected, url)
-		})
-	}
-}
--- a/models/actions/task.go
+++ b/models/actions/task.go
@ -17,8 +17,8 @@ import (
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"

-	"code.forgejo.org/forgejo/runner/v11/act/jobparser"
 	lru "github.com/hashicorp/golang-lru/v2"
+	"github.com/nektos/act/pkg/jobparser"
 	"xorm.io/builder"
 )

@ -148,21 +148,6 @@ func (task *ActionTask) GenerateToken() (err error) {
 	return err
 }

-// Retrieve all the attempts from the same job as the target `ActionTask`.  Limited fields are queried to avoid loading
-// the LogIndexes blob when not needed.
-func (task *ActionTask) GetAllAttempts(ctx context.Context) ([]*ActionTask, error) {
-	var attempts []*ActionTask
-	err := db.GetEngine(ctx).
-		Cols("id", "attempt", "status", "started").
-		Where("job_id=?", task.JobID).
-		Desc("attempt").
-		Find(&attempts)
-	if err != nil {
-		return nil, err
-	}
-	return attempts, nil
-}
-
 func GetTaskByID(ctx context.Context, id int64) (*ActionTask, error) {
 	var task ActionTask
 	has, err := db.GetEngine(ctx).Where("id=?", id).Get(&task)
@ -175,18 +160,6 @@ func GetTaskByID(ctx context.Context, id int64) (*ActionTask, error) {
 	return &task, nil
 }

-func GetTaskByJobAttempt(ctx context.Context, jobID, attempt int64) (*ActionTask, error) {
-	var task ActionTask
-	has, err := db.GetEngine(ctx).Where("job_id=?", jobID).Where("attempt=?", attempt).Get(&task)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, fmt.Errorf("task with job_id %d and attempt %d: %w", jobID, attempt, util.ErrNotExist)
-	}
-
-	return &task, nil
-}
-
 func GetRunningTaskByToken(ctx context.Context, token string) (*ActionTask, error) {
 	errNotExist := fmt.Errorf("task with token %q: %w", token, util.ErrNotExist)
 	if token == "" {
@ -302,7 +275,7 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
 	}

 	var workflowJob *jobparser.Job
-	if gots, err := jobparser.Parse(job.WorkflowPayload, false); err != nil {
+	if gots, err := jobparser.Parse(job.WorkflowPayload); err != nil {
 		return nil, false, fmt.Errorf("parse workflow of job %d: %w", job.ID, err)
 	} else if len(gots) != 1 {
 		return nil, false, fmt.Errorf("workflow of job %d: not single workflow", job.ID)
--- a/models/actions/task_test.go
+++ b/models/actions/task_test.go
@ -1,48 +0,0 @@
-// Copyright 2025 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package actions
-
-import (
-	"testing"
-
-	"forgejo.org/models/db"
-	"forgejo.org/models/unittest"
-	"forgejo.org/modules/timeutil"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestActionTask_GetAllAttempts(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	var task ActionTask
-	has, err := db.GetEngine(t.Context()).Where("id=?", 47).Get(&task)
-	require.NoError(t, err)
-	require.True(t, has, "load ActionTask from fixture")
-
-	allAttempts, err := task.GetAllAttempts(t.Context())
-	require.NoError(t, err)
-	require.Len(t, allAttempts, 3)
-	assert.EqualValues(t, 47, allAttempts[0].ID, "ordered by attempt, 1")
-	assert.EqualValues(t, 53, allAttempts[1].ID, "ordered by attempt, 2")
-	assert.EqualValues(t, 52, allAttempts[2].ID, "ordered by attempt, 3")
-
-	// GetAllAttempts doesn't populate all fields; so check expected fields from one of the records
-	assert.EqualValues(t, 3, allAttempts[0].Attempt, "read Attempt field")
-	assert.Equal(t, StatusRunning, allAttempts[0].Status, "read Status field")
-	assert.Equal(t, timeutil.TimeStamp(1683636528), allAttempts[0].Started, "read Started field")
-}
-
-func TestActionTask_GetTaskByJobAttempt(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	task, err := GetTaskByJobAttempt(t.Context(), 192, 2)
-	require.NoError(t, err)
-	assert.EqualValues(t, 192, task.JobID)
-	assert.EqualValues(t, 2, task.Attempt)
-
-	_, err = GetTaskByJobAttempt(t.Context(), 192, 100)
-	assert.ErrorContains(t, err, "task with job_id 192 and attempt 100: resource does not exist")
-}
--- a/models/activities/action.go
+++ b/models/activities/action.go
@ -26,7 +26,6 @@ import (
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/container"
 	"forgejo.org/modules/git"
-	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/structs"
@ -387,21 +386,8 @@ func (a *Action) IsIssueEvent() bool {

 // GetIssueInfos returns a list of associated information with the action.
 func (a *Action) GetIssueInfos() []string {
-	// Previously multiple pieces of data used to be encoded into a.Content by pipe-separating them, but this doesn't
-	// work well if some of the user-entered pieces of content (issue titles, comments, etc.) contain pipes.  The newer
-	// storage format is to json-encode a string array, which we check for and prefer... then fallback to assuming old.
-	var ret []string
-	if strings.HasPrefix(a.Content, "[") && strings.HasSuffix(a.Content, "]") {
-		ret = make([]string, 0, 3)
-		err := json.Unmarshal([]byte(a.Content), &ret)
-		if err != nil {
-			log.Error("GetIssueInfos json decoding error: %v", err)
-		}
-	} else {
-		ret = strings.SplitN(a.Content, "|", 3)
-	}
-
 	// make sure it always returns 3 elements, because there are some access to the a[1] and a[2] without checking the length
+	ret := strings.SplitN(a.Content, "|", 3)
 	for len(ret) < 3 {
 		ret = append(ret, "")
 	}
@ -487,11 +473,8 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 		return nil, 0, err
 	}

-	sess := db.GetEngine(ctx).Where(cond).
-		Select("`action`.*"). // this line will avoid select other joined table's columns
-		Join("INNER", "repository", "`repository`.id = `action`.repo_id")
-
 	opts.SetDefaultValues()
+	sess := db.GetEngine(ctx).Where(cond)
 	sess = db.SetSessionPagination(sess, &opts)

 	actions := make([]*Action, 0, opts.PageSize)
@ -784,9 +767,7 @@ func DeleteIssueActions(ctx context.Context, repoID, issueID, issueIndex int64)

 	_, err := e.Where("repo_id = ?", repoID).
 		In("op_type", ActionCreateIssue, ActionCreatePullRequest).
-		Where(builder.Or(
-			builder.Like{"content", strconv.FormatInt(issueIndex, 10) + "|%"},            // "IssueIndex|content..."
-			builder.Like{"content", "[\"" + strconv.FormatInt(issueIndex, 10) + "\"%"})). // JSON, ["IssueIndex"...
+		Where("content LIKE ?", strconv.FormatInt(issueIndex, 10)+"|%"). // "IssueIndex|content..."
 		Delete(&Action{})
 	return err
 }
--- a/models/activities/action_test.go
+++ b/models/activities/action_test.go
@ -227,24 +227,6 @@ func TestNotifyWatchers(t *testing.T) {
 	})
 }

-func TestGetFeedsCorrupted(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
-	unittest.AssertExistsAndLoadBean(t, &activities_model.Action{
-		ID:     8,
-		RepoID: 1700,
-	})
-
-	actions, count, err := activities_model.GetFeeds(db.DefaultContext, activities_model.GetFeedsOptions{
-		RequestedUser:  user,
-		Actor:          user,
-		IncludePrivate: true,
-	})
-	require.NoError(t, err)
-	assert.Empty(t, actions)
-	assert.Equal(t, int64(0), count)
-}
-
 func TestConsistencyUpdateAction(t *testing.T) {
 	if !setting.Database.Type.IsSQLite3() {
 		t.Skip("Test is only for SQLite database.")
@ -308,69 +290,14 @@ func TestDeleteIssueActions(t *testing.T) {
 	})
 	require.NoError(t, err)
 	err = db.Insert(db.DefaultContext, &activities_model.Action{
-		OpType: activities_model.ActionCreateIssue,
-		RepoID: issue.RepoID,
-		// Older Content format...
+		OpType:  activities_model.ActionCreateIssue,
+		RepoID:  issue.RepoID,
 		Content: fmt.Sprintf("%d|content...", issue.Index),
 	})
 	require.NoError(t, err)
-	err = db.Insert(db.DefaultContext, &activities_model.Action{
-		OpType: activities_model.ActionCreateIssue,
-		RepoID: issue.RepoID,
-		// JSON-encoded Content format...
-		Content: fmt.Sprintf("[\"%d\",\"content...\"]", issue.Index),
-	})
-	require.NoError(t, err)

 	// assert that the actions exist, then delete them
-	unittest.AssertCount(t, &activities_model.Action{}, 3)
+	unittest.AssertCount(t, &activities_model.Action{}, 2)
 	require.NoError(t, activities_model.DeleteIssueActions(db.DefaultContext, issue.RepoID, issue.ID, issue.Index))
 	unittest.AssertCount(t, &activities_model.Action{}, 0)
 }
-
-func TestGetIssueInfos(t *testing.T) {
-	tt := []struct {
-		content string
-		field1  string
-		field2  string
-		field3  string
-	}{
-		{
-			content: "4|",
-			field1:  "4",
-		},
-		{
-			content: "2|docs: Add README w/ template sections",
-			field1:  "2",
-			field2:  "docs: Add README w/ template sections",
-		},
-		{
-			content: "2|docs: Add README w/ template sections|Some comment...",
-			field1:  "2",
-			field2:  "docs: Add README w/ template sections",
-			field3:  "Some comment...",
-		},
-		{
-			content: "[\"4\"]",
-			field1:  "4",
-		},
-		{
-			content: "[\"2\", \"docs: Add README w/ | template sections\"]",
-			field1:  "2",
-			field2:  "docs: Add README w/ | template sections",
-		},
-		{
-			content: "[\"2\", \"docs: Add README w/ | template sections\", \"Some | comment...\"]",
-			field1:  "2",
-			field2:  "docs: Add README w/ | template sections",
-			field3:  "Some | comment...",
-		},
-	}
-	for _, test := range tt {
-		action := &activities_model.Action{Content: test.content}
-		issueInfos := action.GetIssueInfos()
-		assert.Equal(t, test.field1, issueInfos[0])
-		assert.Equal(t, test.field2, issueInfos[1])
-		assert.Equal(t, test.field3, issueInfos[2])
-	}
-}
--- a/models/asymkey/gpg_key_object_verification.go
+++ b/models/asymkey/gpg_key_object_verification.go
@ -36,7 +36,6 @@ type ObjectVerification struct {
 	TrustStatus    string
 }

-// llu:TrKeys
 const (
 	// BadSignature is used as the reason when the signature has a KeyID that is in the db
 	// but no key that has that ID verifies the signature. This is a suspicious failure.
--- a/models/asymkey/main_test.go
+++ b/models/asymkey/main_test.go
@ -15,6 +15,8 @@ func TestMain(m *testing.M) {
 			"gpg_key.yml",
 			"public_key.yml",
 			"TestParseCommitWithSSHSignature/public_key.yml",
+			"deploy_key.yml",
+			"gpg_key_import.yml",
 			"user.yml",
 			"email_address.yml",
 		},
--- a/models/db/engine.go
+++ b/models/db/engine.go
@ -15,7 +15,6 @@ import (
 	"strings"
 	"time"

-	"forgejo.org/modules/container"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"

@ -386,15 +385,6 @@ func (TracingHook) BeforeProcess(c *contexts.ContextHook) (context.Context, erro
 }

 func (TracingHook) AfterProcess(c *contexts.ContextHook) error {
-	if c.Result != nil {
-		if rowsAffected, err := c.Result.RowsAffected(); err == nil {
-			trace.Logf(c.Ctx, "rows affected", "%d", rowsAffected)
-		}
-		if lastID, err := c.Result.LastInsertId(); err == nil {
-			trace.Logf(c.Ctx, "last insert id", "%d", lastID)
-		}
-	}
-
 	c.Ctx.Value(sqlTask{}).(*trace.Task).End()
 	return nil
 }
@ -448,12 +438,3 @@ func GetMasterEngine(x Engine) (*xorm.Engine, error) {

 	return engine, nil
 }
-
-// GetTableNames returns the table name of all registered models.
-func GetTableNames() container.Set[string] {
-	names := make(container.Set[string])
-	for _, table := range tables {
-		names.Add(x.TableName(table))
-	}
-	return names
-}
--- a/models/db/index.go
+++ b/models/db/index.go
@ -72,19 +72,14 @@ func postgresGetNextResourceIndex(ctx context.Context, tableName string, groupID
 }

 func mysqlGetNextResourceIndex(ctx context.Context, tableName string, groupID int64) (int64, error) {
-	res, err := GetEngine(ctx).Query(fmt.Sprintf("INSERT INTO %s (group_id, max_index) "+
-		"VALUES (?,1) ON DUPLICATE KEY UPDATE max_index = max_index+1 /*M!100500 RETURNING max_index */",
-		tableName), groupID)
-	if err != nil {
+	if _, err := GetEngine(ctx).Exec(fmt.Sprintf("INSERT INTO %s (group_id, max_index) "+
+		"VALUES (?,1) ON DUPLICATE KEY UPDATE max_index = max_index+1",
+		tableName), groupID); err != nil {
 		return 0, err
 	}

-	if len(res) > 0 {
-		return strconv.ParseInt(string(res[0]["max_index"]), 10, 64)
-	}
-
 	var idx int64
-	_, err = GetEngine(ctx).SQL(fmt.Sprintf("SELECT max_index FROM %s WHERE group_id = ?", tableName), groupID).Get(&idx)
+	_, err := GetEngine(ctx).SQL(fmt.Sprintf("SELECT max_index FROM %s WHERE group_id = ?", tableName), groupID).Get(&idx)
 	if err != nil {
 		return 0, err
 	}
--- a/models/db/table_names_test.go
+++ b/models/db/table_names_test.go
@ -1,40 +0,0 @@
-// Copyright 2025 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package db
-
-import (
-	"slices"
-	"testing"
-
-	"forgejo.org/modules/test"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetTableNames(t *testing.T) {
-	t.Run("Simple", func(t *testing.T) {
-		defer test.MockVariableValue(&tables, []any{new(GPGKey)})()
-
-		assert.Equal(t, []string{"gpg_key"}, GetTableNames().Values())
-	})
-
-	t.Run("Multiple tables", func(t *testing.T) {
-		defer test.MockVariableValue(&tables, []any{new(GPGKey), new(User), new(BlockedUser)})()
-
-		tableNames := GetTableNames().Values()
-		slices.Sort(tableNames)
-
-		assert.Equal(t, []string{"forgejo_blocked_user", "gpg_key", "user"}, tableNames)
-	})
-}
-
-type GPGKey struct{}
-
-type User struct{}
-
-type BlockedUser struct{}
-
-func (*BlockedUser) TableName() string {
-	return "forgejo_blocked_user"
-}
--- a/models/error.go
+++ b/models/error.go
@ -121,7 +121,6 @@ type ErrInvalidCloneAddr struct {
 	IsInvalidPath      bool
 	IsProtocolInvalid  bool
 	IsPermissionDenied bool
-	HasCredentials     bool
 	LocalPath          bool
 }

@ -144,9 +143,6 @@ func (err *ErrInvalidCloneAddr) Error() string {
 	if err.IsURLError {
 		return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url is invalid", err.Host)
 	}
-	if err.HasCredentials {
-		return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url contains credentials", err.Host)
-	}

 	return fmt.Sprintf("migration/cloning from '%s' is not allowed", err.Host)
 }
--- a/models/fixtures/ModerationFeatures/abuse_report.yml
+++ b/models/fixtures/ModerationFeatures/abuse_report.yml
@ -1,21 +0,0 @@
-
-  id: 1
-  status: 1
-  reporter_id: 2  # @user2
-  content_type: 4 # Comment
-  content_id: 18  # user2/repo2/issues/2#issuecomment-18
-  category: 2     # Spam
-  remarks: The comment I'm reporting is pure SPAM.
-  shadow_copy_id: null
-  created_unix: 1752697980 # 2025-07-16 20:33:00
-
-
-  id: 2
-  status: 1        # Open
-  reporter_id: 2   # @user2
-  content_type: 1  # User (users or organizations)
-  content_id: 1002 # @alexsmith
-  category: 2      # Spam
-  remarks: This user just posted a spammy comment on my issue.
-  shadow_copy_id: null
-  created_unix: 1752698010 # 2025-07-16 20:33:30
--- a/models/fixtures/ModerationFeatures/comment.yml
+++ b/models/fixtures/ModerationFeatures/comment.yml
@ -1,7 +0,0 @@
- # This is a spam comment (abusive content), created for testing moderation functionalities.
-  id: 18
-  type: 0 # Standard comment
-  poster_id: 1002 # @alexsmith
-  issue_id: 7 # user2/repo2#2
-  content: If anyone needs help for promoting their business online using SEO, just contact me (check my profile page).
-  created_unix: 1752697860 # 2025-07-16 20:31:00
--- a/models/fixtures/ModerationFeatures/user.yml
+++ b/models/fixtures/ModerationFeatures/user.yml
@ -1,22 +0,0 @@
- # This user is a spammer and will create abusive content (for testing moderation functionalities).
-  id: 1002
-  lower_name: alexsmith
-  name: alexsmith
-  full_name: Alex Smith
-  email: alexsmith@example.org
-  keep_email_private: false
-  passwd: passwdSalt:password
-  passwd_hash_algo: dummy
-  type: 0
-  location: '@master@seo.net'
-  website: http://promote-your-business.biz
-  pronouns: SEO
-  salt: passwdSalt
-  description: I can help you promote your business online using SEO.
-  created_unix: 1752697800 # 2025-07-16 20:30:00
-  is_active: true
-  is_admin: false
-  is_restricted: false
-  avatar: avatar-hash-1002
-  avatar_email: alexsmith@example.org
-  use_custom_avatar: false
--- a/models/fixtures/action.yml
+++ b/models/fixtures/action.yml
@ -59,14 +59,6 @@
  created_unix: 1603011540 # grouped with id:7

 - id: 8
-  user_id: 1
-  op_type: 12 # close issue
-  act_user_id: 1
-  repo_id: 1700 # dangling intentional
-  is_private: false
-  created_unix: 1603011541
-
- id: 9
  user_id: 34
  op_type: 12 # close issue
  act_user_id: 34
--- a/models/fixtures/action_artifact.yml
+++ b/models/fixtures/action_artifact.yml
@ -57,7 +57,7 @@
  run_id: 792
  runner_id: 1
  repo_id: 4
-  owner_id: 5
+  owner_id: 1
  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
  storage_path: "27/5/1730330775594233150.chunk"
  file_size: 1024
--- a/models/fixtures/action_run_job.yml
+++ b/models/fixtures/action_run_job.yml
@ -106,7 +106,7 @@
  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
  is_fork_pull_request: 0
  name: job_2
-  attempt: 2
+  attempt: 1
  job_id: job_2
  task_id: 47
  status: 5
@ -128,18 +128,3 @@
  runs_on: '["fedora"]'
  started: 1683636528
  stopped: 1683636626
-
-  id: 396
-  run_id: 794
-  repo_id: 4
-  owner_id: 1
-  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
-  is_fork_pull_request: 0
-  name: job_2
-  attempt: 0
-  job_id: job_2
-  task_id: null
-  status: 5
-  runs_on: '["fedora"]'
-  started: 1683636528
-  stopped: 1683636626
--- a/models/fixtures/action_task.yml
+++ b/models/fixtures/action_task.yml
@ -117,43 +117,3 @@
  log_length: 707
  log_size: 90179
  log_expired: 0
-
-  id: 52
-  job_id: 192
-  attempt: 1
-  runner_id: 1
-  status: 1 # success
-  started: 1683636528
-  stopped: 1683636626
-  repo_id: 4
-  owner_id: 1
-  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
-  is_fork_pull_request: 0
-  token_hash: b8d3962425466b6709b9ac51446f93260c54afe8e7b6d3686e34f991fb8a8953822b0deed86fe41a103f34bc48dbc4784223
-  token_salt: ffffffffff
-  token_last_eight: ffffffff
-  log_filename: artifact-test2/2f/47.log
-  log_in_storage: 1
-  log_length: 707
-  log_size: 90179
-  log_expired: 0
-
-  id: 53
-  job_id: 192
-  attempt: 2
-  runner_id: 1
-  status: 1 # success
-  started: 1683636528
-  stopped: 1683636626
-  repo_id: 4
-  owner_id: 1
-  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
-  is_fork_pull_request: 0
-  token_hash: b8d3962425466b6709b9ac51446f93260c54afe8e7b6d3686e34f991fb8a8953822b0deed86fe41a103f34bc48dbc4784224
-  token_salt: ffffffffff
-  token_last_eight: ffffffff
-  log_filename: artifact-test2/2f/47.log
-  log_in_storage: 1
-  log_length: 707
-  log_size: 90179
-  log_expired: 0
--- a/models/fixtures/action_variable.yml
+++ b/models/fixtures/action_variable.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/deploy_key.yml
+++ b/models/fixtures/deploy_key.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/external_login_user.yml
+++ b/models/fixtures/external_login_user.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/federated_user.yml
+++ b/models/fixtures/federated_user.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/federation_host.yml
+++ b/models/fixtures/federation_host.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/gpg_key_import.yml
+++ b/models/fixtures/gpg_key_import.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/label.yml
+++ b/models/fixtures/label.yml
@ -3,7 +3,6 @@
  repo_id: 1
  org_id: 0
  name: label1
-  description: 'First label'
  color: '#abcdef'
  exclusive: false
  num_issues: 2
@ -108,26 +107,3 @@
  num_issues: 0
  num_closed_issues: 0
  archived_unix: 0
-
-
-  id: 11
-  repo_id: 3
-  org_id: 0
-  name: "  <script>malicious</script> /'?&"
-  description: "Malicious label ' <script>malicious</script>"
-  color: '#000000'
-  exclusive: true
-  num_issues: 0
-  num_closed_issues: 0
-  archived_unix: 0
-
-
-  id: 12
-  repo_id: 3
-  org_id: 0
-  name: 'archived label<>'
-  color: '#000000'
-  exclusive: false
-  num_issues: 0
-  num_closed_issues: 0
-  archived_unix: 2991092130
--- a/models/fixtures/login_source.yml
+++ b/models/fixtures/login_source.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/protected_branch.yml
+++ b/models/fixtures/protected_branch.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/pull_auto_merge.yml
+++ b/models/fixtures/pull_auto_merge.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/push_mirror.yml
+++ b/models/fixtures/push_mirror.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/repo_archiver.yml
+++ b/models/fixtures/repo_archiver.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/repo_indexer_status.yml
+++ b/models/fixtures/repo_indexer_status.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/repo_redirect.yml
+++ b/models/fixtures/repo_redirect.yml
@ -3,9 +3,3 @@
  owner_id: 2
  lower_name: oldrepo1
  redirect_repo_id: 1
-
-
-  id: 2
-  owner_id: 17
-  lower_name: oldrepo24
-  redirect_repo_id: 24
--- a/models/fixtures/repository.yml
+++ b/models/fixtures/repository.yml
@ -32,7 +32,7 @@
  created_unix: 1731254961
  updated_unix: 1731254961
  topics: '[]'
-
+  
 -
  id: 2
  owner_id: 2
--- a/models/fixtures/secret.yml
+++ b/models/fixtures/secret.yml
@ -0,0 +1 @@
+[] # empty
--- a/models/fixtures/user_redirect.yml
+++ b/models/fixtures/user_redirect.yml
@ -3,15 +3,3 @@
  lower_name: olduser1
  redirect_user_id: 1
  created_unix: 1730000000
-
-
-  id: 2
-  lower_name: oldorg22
-  redirect_user_id: 22
-  created_unix: 1730000000
-
-
-  id: 3
-  lower_name: oldorg23
-  redirect_user_id: 23
-  created_unix: 1730000000
--- a/models/forgejo_migrations/main_test.go
+++ b/models/forgejo_migrations/main_test.go
@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import (
 	"testing"
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import (
 	"context"
@ -111,14 +111,6 @@ var migrations = []*Migration{
 	NewMigration("Noop because of https://codeberg.org/forgejo/forgejo/issues/8373", NoopAddIndexToActionRunStopped),
 	// v35 -> v36
 	NewMigration("Fix wiki unit default permission", FixWikiUnitDefaultPermission),
-	// v36 -> v37
-	NewMigration("Add `branch_filter` to `push_mirror` table", AddPushMirrorBranchFilter),
-	// v37 -> v38
-	NewMigration("Add `resolved_unix` column to `abuse_report` table", AddResolvedUnixToAbuseReport),
-	// v38 -> v39
-	NewMigration("Migrate `data` column of `secret` table to store keying material", MigrateActionSecretsToKeying),
-	// v39 -> v40
-	NewMigration("Add index for release sha1", AddIndexForReleaseSha1),
 }

 // GetCurrentDBVersion returns the current Forgejo database version.
--- a/models/forgejo_migrations/migrate_test.go
+++ b/models/forgejo_migrations/migrate_test.go
@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import (
 	"testing"
--- a/models/forgejo_migrations/v13.go
+++ b/models/forgejo_migrations/v13.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import "xorm.io/xorm"

--- a/models/forgejo_migrations/v14.go
+++ b/models/forgejo_migrations/v14.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import (
 	"forgejo.org/models/migrations/base"
--- a/models/forgejo_migrations/v15.go
+++ b/models/forgejo_migrations/v15.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import (
 	"time"
--- a/models/forgejo_migrations/v16.go
+++ b/models/forgejo_migrations/v16.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import "xorm.io/xorm"

--- a/models/forgejo_migrations/v17.go
+++ b/models/forgejo_migrations/v17.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import "xorm.io/xorm"

--- a/models/forgejo_migrations/v18.go
+++ b/models/forgejo_migrations/v18.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import "xorm.io/xorm"

--- a/models/forgejo_migrations/v19.go
+++ b/models/forgejo_migrations/v19.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_migrations
+package forgejo_migrations //nolint:revive

 import "xorm.io/xorm"

--- a/models/forgejo_migrations/v1_20/v1.go
+++ b/models/forgejo_migrations/v1_20/v1.go
@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_v1_20
+package forgejo_v1_20 //nolint:revive

 import (
 	"forgejo.org/modules/timeutil"
--- a/models/forgejo_migrations/v1_20/v2.go
+++ b/models/forgejo_migrations/v1_20/v2.go
@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MIT

-package forgejo_v1_20
+package forgejo_v1_20 //nolint:revive

 import (
 	"xorm.io/xorm"
--- a/models/forgejo_migrations/v1_20/v3.go
+++ b/models/forgejo_migrations/v1_20/v3.go
@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package forgejo_v1_20
+package forgejo_v1_20 //nolint:revive

 import (
 	"forgejo.org/modules/timeutil"
--- a/models/forgejo_migrations/v1_22/main_test.go
+++ b/models/forgejo_migrations/v1_22/main_test.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package v1_22
+package v1_22 //nolint

 import (
 	"testing"
--- a/models/forgejo_migrations/v1_22/v10.go
+++ b/models/forgejo_migrations/v1_22/v10.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package v1_22
+package v1_22 //nolint

 import (
 	"xorm.io/xorm"
--- a/models/forgejo_migrations/v1_22/v11.go
+++ b/models/forgejo_migrations/v1_22/v11.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package v1_22
+package v1_22 //nolint

 import (
 	"forgejo.org/modules/timeutil"
--- a/models/forgejo_migrations/v1_22/v12.go
+++ b/models/forgejo_migrations/v1_22/v12.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package v1_22
+package v1_22 //nolint

 import "xorm.io/xorm"

--- a/models/forgejo_migrations/v1_22/v4.go
+++ b/models/forgejo_migrations/v1_22/v4.go
@ -1,7 +1,7 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-package v1_22
+package v1_22 //nolint

 import (
 	"xorm.io/xorm"
--- a/Show more
+++ b/Show more