Merge branch 'main' into lunny/issue_dev

2025-01-09 01:14:27 +00:00 · 2024-09-08 22:20:00 -07:00 · 2024-09-08 22:20:00 -07:00 · 837526aaf0
commit 837526aaf0
parent 003707ff97 972eae358d
80 changed files with 1089 additions and 374 deletions
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@ -11,7 +11,7 @@ body:
      value: |
        1. Please speak English, this is the language all maintainers can speak and write.
        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
        3. Make sure you are using the latest release and
           take a moment to check that your issue hasn't been reported before.
        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -7,7 +7,7 @@ contact_links:
    url: https://discord.gg/Gitea
    about: Please ask questions and discuss configuration or deployment problems here.
  - name: Discourse Forum
-    url: https://discourse.gitea.io
+    url: https://forum.gitea.com
    about: Questions and configuration or deployment problems can also be discussed on our forum.
  - name: Frequently Asked Questions
    url: https://docs.gitea.com/help/faq
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@ -7,7 +7,7 @@ body:
      value: |
        1. Please speak English, this is the language all maintainers can speak and write.
        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
        3. Please take a moment to check that your feature hasn't already been suggested.
  - type: textarea
    id: description
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@ -11,7 +11,7 @@ body:
      value: |
        1. Please speak English, this is the language all maintainers can speak and write.
        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
        3. Please take a moment to check that your issue doesn't already exist.
        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
        5. Please give all relevant information below for bug reports, because
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -2713,3 +2713,9 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; storage type
 ;STORAGE_TYPE = local
+
+;[global_lock]
+;; Lock service type, could be memory or redis
+;SERVICE_TYPE = memory
+;; Ignored for the "memory" type. For "redis" use something like `redis://127.0.0.1:6379/0`
+;SERVICE_CONN_STR =
--- a/go.mod
+++ b/go.mod
@ -9,11 +9,12 @@ require (
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
 	connectrpc.com/connect v1.15.0
 	gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed
-	gitea.com/go-chi/cache v0.2.0
+	gitea.com/go-chi/cache v0.2.1
 	gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098
 	gitea.com/go-chi/session v0.0.0-20240316035857-16768d98ec96
 	gitea.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
 	gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
+	github.com/42wim/httpsig v1.2.2
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2
@ -45,7 +46,6 @@ require (
 	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.8.8
-	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
 	github.com/go-git/go-billy/v5 v5.5.0
 	github.com/go-git/go-git/v5 v5.12.0
 	github.com/go-ldap/ldap/v3 v3.4.6
@ -110,12 +110,12 @@ require (
 	github.com/yuin/goldmark v1.7.2
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	github.com/yuin/goldmark-meta v1.1.0
-	golang.org/x/crypto v0.24.0
+	golang.org/x/crypto v0.26.0
 	golang.org/x/image v0.18.0
 	golang.org/x/net v0.26.0
 	golang.org/x/oauth2 v0.21.0
-	golang.org/x/sys v0.21.0
-	golang.org/x/text v0.16.0
+	golang.org/x/sys v0.23.0
+	golang.org/x/text v0.17.0
 	golang.org/x/tools v0.22.0
 	google.golang.org/grpc v1.62.1
 	google.golang.org/protobuf v1.34.2
@ -190,6 +190,7 @@ require (
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
 	github.com/go-faster/city v1.0.1 // indirect
 	github.com/go-faster/errors v0.7.1 // indirect
+	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
 	github.com/go-openapi/errors v0.22.0 // indirect
@ -300,7 +301,7 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f // indirect
 	golang.org/x/mod v0.18.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
--- a/go.sum
+++ b/go.sum
@ -20,8 +20,8 @@ gitea.com/gitea/act v0.259.1 h1:8GG1o/xtUHl3qjn5f0h/2FXrT5ubBn05TJOM5ry+FBw=
 gitea.com/gitea/act v0.259.1/go.mod h1:UxZWRYqQG2Yj4+4OqfGWW5a3HELwejyWFQyU7F1jUD8=
 gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed h1:EZZBtilMLSZNWtHHcgq2mt6NSGhJSZBuduAlinMEmso=
 gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed/go.mod h1:E3i3cgB04dDx0v3CytCgRTTn9Z/9x891aet3r456RVw=
-gitea.com/go-chi/cache v0.2.0 h1:E0npuTfDW6CT1yD8NMDVc1SK6IeRjfmRL2zlEsCEd7w=
-gitea.com/go-chi/cache v0.2.0/go.mod h1:iQlVK2aKTZ/rE9UcHyz9pQWGvdP9i1eI2spOpzgCrtE=
+gitea.com/go-chi/cache v0.2.1 h1:bfAPkvXlbcZxPCpcmDVCWoHgiBSBmZN/QosnZvEC0+g=
+gitea.com/go-chi/cache v0.2.1/go.mod h1:Qic0HZ8hOHW62ETGbonpwz8WYypj9NieU9659wFUJ8Q=
 gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098 h1:p2ki+WK0cIeNQuqjR98IP2KZQKRzJJiV7aTeMAFwaWo=
 gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098/go.mod h1:LjzIOHlRemuUyO7WR12fmm18VZIlCAaOt9L3yKw40pk=
 gitea.com/go-chi/session v0.0.0-20240316035857-16768d98ec96 h1:IFDiMBObsP6CZIRaDLd54SR6zPYAffPXiXck5Xslu0Q=
@ -32,6 +32,8 @@ gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4 h1:IFT+hup2xejHq
 gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU=
+github.com/42wim/httpsig v1.2.2 h1:ofAYoHUNs/MJOLqQ8hIxeyz2QxOz8qdSVvp3PX/oPgA=
+github.com/42wim/httpsig v1.2.2/go.mod h1:P/UYo7ytNBFwc+dg35IubuAUIs8zj5zzFIgUCEl55WY=
 github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121 h1:r3qt8PCHnfjOv9PN3H+XXKmDA1dfFMIN1AislhlA/ps=
 github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121/go.mod h1:Ock8XgA7pvULhIaHGAk/cDnRfNrF9Jey81nPcc403iU=
 github.com/6543/go-version v1.3.1 h1:HvOp+Telns7HWJ2Xo/05YXQSB2bE0WmVgbHqwMPZT4U=
@ -170,7 +172,6 @@ github.com/blevesearch/zapx/v16 v16.1.5/go.mod h1:J4mSF39w1QELc11EWRSBFkPeZuO7r/
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
 github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 h1:N7oVaKyGp8bttX0bfZGmcGkjz7DLQXhAn3DNd3T0ous=
 github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
 github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
@ -214,7 +215,6 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cupcake/rdb v0.0.0-20161107195141-43ba34106c76/go.mod h1:vYwsqCOLxGiisLwp9rITslkFNpZD5rz43tf41QFkTWY=
 github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
 github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -247,7 +247,6 @@ github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+m
 github.com/dvyukov/go-fuzz v0.0.0-20210429054444-fca39067bc72/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.2 h1:dKG8sc7n321deIVRcQtwlMNoBEra7j0qQ8RwxO8RN0w=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.2/go.mod h1:7dvD3GCm7eBw53xZ/lsiq72LqobdMg3ITbMBxnmJmqY=
-github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/elazarl/go-bindata-assetfs v1.0.1/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
@ -341,7 +340,6 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
 github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
-github.com/go-redis/redis v6.15.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg=
 github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis/v7 v7.4.1 h1:PASvf36gyUpr2zdOUS/9Zqc80GbM+9BDyiJSJDDOrTI=
@ -350,7 +348,6 @@ github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC
 github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
 github.com/go-redsync/redsync/v4 v4.13.0 h1:49X6GJfnbLGaIpBBREM/zA4uIMDXKAh1NDkvQ1EkZKA=
 github.com/go-redsync/redsync/v4 v4.13.0/go.mod h1:HMW4Q224GZQz6x1Xc7040Yfgacukdzu7ifTDAKiyErQ=
-github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/go-swagger/go-swagger v0.31.0 h1:H8eOYQnY2u7vNKWDNykv2xJP3pBhRG/R+SOCAmKrLlc=
@ -389,7 +386,6 @@ github.com/golang/geo v0.0.0-20230421003525-6adc56603217/go.mod h1:8wI0hitZ3a1Ix
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
@ -433,7 +429,6 @@ github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 h1:twflg0XRTjwKpxb/jFExr4HGq6on2dEOmnL6FV+fgPw=
 github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@ -554,13 +549,10 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
-github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/libdns/libdns v0.2.2 h1:O6ws7bAfRPaBsgAYt8MDe2HcNBGC29hkZ9MX2eUSX3s=
 github.com/libdns/libdns v0.2.2/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
-github.com/lunny/log v0.0.0-20160921050905-7887c61bf0de/go.mod h1:3q8WtuPQsoRbatJuy3nvq/hRSvuBJrHHr+ybPPiNvHQ=
-github.com/lunny/nodb v0.0.0-20160621015157-fc1ef06ad4af/go.mod h1:Cqz6pqow14VObJ7peltM+2n3PWOz7yTrfUuGbVFkzN0=
 github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0 h1:F/3FfGmKdiKFa8kL3YrpZ7pe9H4l4AzA1pbaOUnRvPI=
 github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0/go.mod h1:JEfTc3+2DF9Z4PXhLLvXL42zexJyh8rIq3OzUj/0rAk=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@ -580,7 +572,6 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/meilisearch/meilisearch-go v0.26.3 h1:EYt+C1n7IvjKzgXM3xqce5iJzNBq33F7ayZOKx96TKY=
@ -638,12 +629,10 @@ github.com/olivere/elastic/v7 v7.0.32 h1:R7CXvbu8Eq+WlsLgxmKVKPox0oOwAE/2T9Si5Bn
 github.com/olivere/elastic/v7 v7.0.32/go.mod h1:c7PVmLe3Fxq77PIfY/bZmxY/TAamBhCzZ8xDOE09a9k=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
@ -657,7 +646,6 @@ github.com/paulmach/orb v0.11.1 h1:3koVegMC4X/WeiXYz9iswopaTwMem53NzTJuTF20JzU=
 github.com/paulmach/orb v0.11.1/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
 github.com/paulmach/protoscan v0.2.1/go.mod h1:SpcSwydNLrxUGSDvXvO0P7g7AuhJ7lcKfDlhJCDw2gY=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
 github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
@ -729,16 +717,11 @@ github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c h1:aqg5Vm5dwtvL+YgDpBcK1ITf3o96N/K7/wsRXQnUTEs=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c/go.mod h1:owqhoLW1qZoYLZzLnBw+QkPP9WZnjlSWihhxAJC1+/M=
-github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726/go.mod h1:3yhqj7WBBfRhbBlzyOC3gUxftwsU0u8gqevxwIHQpMw=
-github.com/siddontang/go-snappy v0.0.0-20140704025258-d8f7bb82a96d/go.mod h1:vq0tzqLRu6TS7Id0wMo2N5QzJoKedVeovOpHjnykSzY=
-github.com/siddontang/ledisdb v0.0.0-20190202134119-8ceb77e66a92/go.mod h1:mF1DpOSOUiJRMR+FDqaqu3EBqrybQtrDDszLUZ6oxPg=
-github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
 github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.1.1 h1:T/YLemO5Yp7KPzS+lVtu+WsHn8yoSwTfItdAd1r3cck=
 github.com/smartystreets/assertions v1.1.1/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
@ -799,7 +782,6 @@ github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oW
 github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
 github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/unknwon/com v0.0.0-20190804042917-757f69c95f3e/go.mod h1:tOOxU81rwgoCLoOVVPHb6T/wt8HZygqH5id+GNnlCXM=
 github.com/unknwon/com v1.0.1 h1:3d1LTxD+Lnf3soQiD4Cp/0BRB+Rsa/+RTvz8GMMzIXs=
 github.com/unknwon/com v1.0.1/go.mod h1:tOOxU81rwgoCLoOVVPHb6T/wt8HZygqH5id+GNnlCXM=
 github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
@ -875,7 +857,6 @@ go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
@ -887,8 +868,8 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f h1:3CW0unweImhOzd5FmYuRsD4Y4oQFKZIjAnKbjV4WIrw=
 golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
 golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ=
@ -902,11 +883,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
 golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@ -933,15 +911,13 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190730183949-1393eb018365/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -972,8 +948,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
+golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@ -983,10 +959,9 @@ golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
-golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
+golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
@ -996,13 +971,11 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
@ -1018,7 +991,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c h1:lfpJ/2rWPa/kJgxyyXM8PrNnfCzcmxJ265mADgwmvLI=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
@ -1044,7 +1016,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
-gopkg.in/ini.v1 v1.44.2/go.mod h1:M3Cogqpuv0QCi3ExAY5V4uOt4qb/R3xZubo9m8lK5wg=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
--- a/models/auth/access_token_scope.go
+++ b/models/auth/access_token_scope.go
@ -309,6 +309,22 @@ func (s AccessTokenScope) HasScope(scopes ...AccessTokenScope) (bool, error) {
 	return true, nil
 }

+// HasAnyScope returns true if any of the scopes is contained in the string
+func (s AccessTokenScope) HasAnyScope(scopes ...AccessTokenScope) (bool, error) {
+	bitmap, err := s.parse()
+	if err != nil {
+		return false, err
+	}
+
+	for _, s := range scopes {
+		if has, err := bitmap.hasScope(s); has || err != nil {
+			return has, err
+		}
+	}
+
+	return false, nil
+}
+
 // hasScope returns true if the string has the given scope
 func (bitmap accessTokenScopeBitmap) hasScope(scope AccessTokenScope) (bool, error) {
 	expectedBits, ok := allAccessTokenScopeBits[scope]
--- a/models/issues/review.go
+++ b/models/issues/review.go
@ -214,9 +214,13 @@ func (r *Review) LoadAttributes(ctx context.Context) (err error) {
 	return err
 }

+// HTMLTypeColorName returns the color used in the ui indicating the review
 func (r *Review) HTMLTypeColorName() string {
 	switch r.Type {
 	case ReviewTypeApprove:
+		if !r.Official {
+			return "grey"
+		}
 		if r.Stale {
 			return "yellow"
 		}
@ -231,6 +235,27 @@ func (r *Review) HTMLTypeColorName() string {
 	return "grey"
 }

+// TooltipContent returns the locale string describing the review type
+func (r *Review) TooltipContent() string {
+	switch r.Type {
+	case ReviewTypeApprove:
+		if r.Stale {
+			return "repo.issues.review.stale"
+		}
+		if !r.Official {
+			return "repo.issues.review.unofficial"
+		}
+		return "repo.issues.review.official"
+	case ReviewTypeComment:
+		return "repo.issues.review.comment"
+	case ReviewTypeReject:
+		return "repo.issues.review.rejected"
+	case ReviewTypeRequest:
+		return "repo.issues.review.requested"
+	}
+	return ""
+}
+
 // GetReviewByID returns the review by the given ID
 func GetReviewByID(ctx context.Context, id int64) (*Review, error) {
 	review := new(Review)
--- a/modules/activitypub/client.go
+++ b/modules/activitypub/client.go
@ -18,7 +18,7 @@ import (
 	"code.gitea.io/gitea/modules/proxy"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/go-fed/httpsig"
+	"github.com/42wim/httpsig"
 )

 const (
--- a/modules/activitypub/user_settings_test.go
+++ b/modules/activitypub/user_settings_test.go
@ -10,7 +10,7 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"

-	_ "code.gitea.io/gitea/models" // https://discourse.gitea.io/t/testfixtures-could-not-clean-table-access-no-such-table-access/4137/4
+	_ "code.gitea.io/gitea/models" // https://forum.gitea.com/t/testfixtures-could-not-clean-table-access-no-such-table-access/4137/4

 	"github.com/stretchr/testify/assert"
 )
--- a/modules/globallock/globallock.go
+++ b/modules/globallock/globallock.go
@ -6,14 +6,22 @@ package globallock
 import (
 	"context"
 	"sync"
+
+	"code.gitea.io/gitea/modules/setting"
 )

 var (
 	defaultLocker Locker
 	initOnce      sync.Once
 	initFunc      = func() {
-		// TODO: read the setting and initialize the default locker.
-		//       Before implementing this, don't use it.
+		switch setting.GlobalLock.ServiceType {
+		case "redis":
+			defaultLocker = NewRedisLocker(setting.GlobalLock.ServiceConnStr)
+		case "memory":
+			fallthrough
+		default:
+			defaultLocker = NewMemoryLocker()
+		}
 	} // define initFunc as a variable to make it possible to change it in tests
 )

--- a/modules/setting/federation.go
+++ b/modules/setting/federation.go
@ -6,7 +6,7 @@ package setting
 import (
 	"code.gitea.io/gitea/modules/log"

-	"github.com/go-fed/httpsig"
+	"github.com/42wim/httpsig"
 )

 // Federation settings
--- a/modules/setting/gloabl_lock.go
+++ b/modules/setting/gloabl_lock.go
@ -0,0 +1,37 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/nosql"
+)
+
+// GlobalLock represents configuration of global lock
+var GlobalLock = struct {
+	ServiceType    string
+	ServiceConnStr string
+}{
+	ServiceType: "memory",
+}
+
+func loadGlobalLockFrom(rootCfg ConfigProvider) {
+	sec := rootCfg.Section("global_lock")
+	GlobalLock.ServiceType = sec.Key("SERVICE_TYPE").MustString("memory")
+	switch GlobalLock.ServiceType {
+	case "memory":
+	case "redis":
+		connStr := sec.Key("SERVICE_CONN_STR").String()
+		if connStr == "" {
+			log.Fatal("SERVICE_CONN_STR is empty for redis")
+		}
+		u := nosql.ToRedisURI(connStr)
+		if u == nil {
+			log.Fatal("SERVICE_CONN_STR %s is not a valid redis connection string", connStr)
+		}
+		GlobalLock.ServiceConnStr = connStr
+	default:
+		log.Fatal("Unknown sync lock service type: %s", GlobalLock.ServiceType)
+	}
+}
--- a/modules/setting/global_lock_test.go
+++ b/modules/setting/global_lock_test.go
@ -0,0 +1,35 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLoadGlobalLockConfig(t *testing.T) {
+	t.Run("DefaultGlobalLockConfig", func(t *testing.T) {
+		iniStr := ``
+		cfg, err := NewConfigProviderFromData(iniStr)
+		assert.NoError(t, err)
+
+		loadGlobalLockFrom(cfg)
+		assert.EqualValues(t, "memory", GlobalLock.ServiceType)
+	})
+
+	t.Run("RedisGlobalLockConfig", func(t *testing.T) {
+		iniStr := `
+[global_lock]
+SERVICE_TYPE = redis
+SERVICE_CONN_STR = addrs=127.0.0.1:6379 db=0
+`
+		cfg, err := NewConfigProviderFromData(iniStr)
+		assert.NoError(t, err)
+
+		loadGlobalLockFrom(cfg)
+		assert.EqualValues(t, "redis", GlobalLock.ServiceType)
+		assert.EqualValues(t, "addrs=127.0.0.1:6379 db=0", GlobalLock.ServiceConnStr)
+	})
+}
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -147,6 +147,7 @@ func loadCommonSettingsFrom(cfg ConfigProvider) error {
 	loadGitFrom(cfg)
 	loadMirrorFrom(cfg)
 	loadMarkupFrom(cfg)
+	loadGlobalLockFrom(cfg)
 	loadOtherFrom(cfg)
 	return nil
 }
--- a/modules/sync/exclusive_pool.go
+++ b/modules/sync/exclusive_pool.go
@ -1,69 +0,0 @@
-// Copyright 2016 The Gogs Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package sync
-
-import (
-	"sync"
-)
-
-// ExclusivePool is a pool of non-identical instances
-// that only one instance with same identity is in the pool at a time.
-// In other words, only instances with different identities can be in
-// the pool the same time. If another instance with same identity tries
-// to get into the pool, it hangs until previous instance left the pool.
-//
-// This pool is particularly useful for performing tasks on same resource
-// on the file system in different goroutines.
-type ExclusivePool struct {
-	lock sync.Mutex
-
-	// pool maintains locks for each instance in the pool.
-	pool map[string]*sync.Mutex
-
-	// count maintains the number of times an instance with same identity checks in
-	// to the pool, and should be reduced to 0 (removed from map) by checking out
-	// with same number of times.
-	// The purpose of count is to delete lock when count down to 0 and recycle memory
-	// from map object.
-	count map[string]int
-}
-
-// NewExclusivePool initializes and returns a new ExclusivePool object.
-func NewExclusivePool() *ExclusivePool {
-	return &ExclusivePool{
-		pool:  make(map[string]*sync.Mutex),
-		count: make(map[string]int),
-	}
-}
-
-// CheckIn checks in an instance to the pool and hangs while instance
-// with same identity is using the lock.
-func (p *ExclusivePool) CheckIn(identity string) {
-	p.lock.Lock()
-
-	lock, has := p.pool[identity]
-	if !has {
-		lock = &sync.Mutex{}
-		p.pool[identity] = lock
-	}
-	p.count[identity]++
-
-	p.lock.Unlock()
-	lock.Lock()
-}
-
-// CheckOut checks out an instance from the pool and releases the lock
-// to let other instances with same identity to grab the lock.
-func (p *ExclusivePool) CheckOut(identity string) {
-	p.lock.Lock()
-	defer p.lock.Unlock()
-
-	p.pool[identity].Unlock()
-	if p.count[identity] == 1 {
-		delete(p.pool, identity)
-		delete(p.count, identity)
-	} else {
-		p.count[identity]--
-	}
-}
--- a/options/gitignore/Hexo
+++ b/options/gitignore/Hexo
@ -0,0 +1,14 @@
+# gitignore template for Hexo sites
+# website: https://hexo.io/
+# Recommended: Node.gitignore
+
+# Ignore generated directory
+public/
+
+# Ignore temp files
+tmp/
+.tmp*
+
+# additional files
+db.json
+.deploy*/
--- a/options/gitignore/ReScript
+++ b/options/gitignore/ReScript
@ -0,0 +1,3 @@
+/node_modules/
+/lib/
+.bsb.lock
--- a/options/gitignore/Terragrunt
+++ b/options/gitignore/Terragrunt
@ -0,0 +1,3 @@
+# Ignore the default terragrunt cache directory
+# https://terragrunt.gruntwork.io/docs/features/caching/
+.terragrunt-cache
--- a/options/license/DocBook-Stylesheet
+++ b/options/license/DocBook-Stylesheet
@ -0,0 +1,13 @@
+Copyright 2005 Norman Walsh, Sun Microsystems,
+Inc., and the Organization for the Advancement
+of Structured Information Standards (OASIS).
+
+Release: $Id: db4-upgrade.xsl 8905 2010-09-12 11:47:07Z bobstayton $
+
+Permission to use, copy, modify and distribute this stylesheet
+and its accompanying documentation for any purpose and
+without fee is hereby granted in perpetuity, provided that
+the above copyright notice and this paragraph appear in
+all copies. The copyright holders make no representation
+about the suitability of the schema for any purpose. It
+is provided "as is" without expressed or implied warranty.
--- a/options/license/GPL-3.0-389-ds-base-exception
+++ b/options/license/GPL-3.0-389-ds-base-exception
@ -0,0 +1,10 @@
+Additional permission under GPLv3 section 7:
+
+If you modify this Program, or any covered work, by
+linking or combining it with OpenSSL, or a modified
+version of OpenSSL licensed under the OpenSSL license
+(https://www.openssl.org/source/license.html), the licensors of this
+Program grant you additional permission to convey the resulting work.                                                                                                   
+Corresponding Source for a non-source form of such a combination
+shall include the source code for the parts that are licensed
+under the OpenSSL license as well as that of the covered work.
--- a/options/license/MIT-Click
+++ b/options/license/MIT-Click
@ -0,0 +1,30 @@
+Portions of this software are subject to the license below.  The relevant
+source files are clearly marked; they refer to this file using the phrase
+"the Click LICENSE file". This license is an MIT license, plus a clause
+(taken from the W3C license) requiring prior written permission to use our
+names in publicity.
+
+===========================================================================
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+The name and trademarks of copyright holders may NOT be used in advertising
+or publicity pertaining to the Software without specific, written prior
+permission. Title to copyright in this Software and any associated
+documentation will at all times remain with copyright holders.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
--- a/options/license/TrustedQSL
+++ b/options/license/TrustedQSL
@ -0,0 +1,58 @@
+Copyright (C) 2001-2015 American Radio Relay League, Inc. All rights
+reserved.
+
+Portions (C) 2003-2023 The TrustedQSL Developers. Please see the AUTHORS.txt
+file for contributors.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Any redistribution of source code must retain the above copyright
+notice, this list of conditions and the disclaimer shown in
+Paragraph 5 (below).
+
+2. Redistribution in binary form must reproduce the above copyright
+notice, this list of conditions and the disclaimer shown in
+Paragraph 5 (below) in the documentation and/or other materials
+provided with the distribution.
+
+3. Products derived from or including this software may not use
+"Logbook of the World" or "LoTW" or any other American Radio Relay
+League, Incorporated trademarks or servicemarks in their names
+without prior written permission of the ARRL. See Paragraph 6
+(below) for contact information.
+
+4. Use of this software does not imply endorsement by ARRL of
+products derived from or including this software and vendors may not
+claim such endorsement. 
+
+5. Disclaimer: This software is provided "as-is" without
+representation, guarantee or warranty of any kind, either express or
+implied, including but not limited to the implied warranties of
+merchantability or of fitness for a particular purpose. The entire
+risk as to the quality and performance of the software is solely
+with you. Should the software prove defective, you (and not the
+American Radio Relay League, its officers, directors, employees or
+agents) assume the entire cost of all necessary servicing, repair or
+correction. In no event will ARRL be liable to you or to any third
+party for any damages, whether direct or indirect, including lost
+profits, lost savings, or other incidental or consequential damages
+arising out of the use or inability to use such software, regardless
+of whether ARRL has been advised of the possibility of such damages.
+
+6. Contact information:
+
+American Radio Relay League, Inc.
+Attn: Logbook of the World Manager
+225 Main St
+Newington, CT 06111
+voice: 860-594-0200
+fax: 860-594-0259
+email: logbook@arrl.org
+Worldwide Web: www.arrl.org
+
+This software consists of voluntary contributions made by many
+individuals on behalf of the ARRL. More information on the "Logbook
+of The World" project and the ARRL is available from the ARRL Web
+site at www.arrl.org.
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@ -1701,7 +1701,7 @@ issues.dependency.add_error_dep_not_same_repo=Oba úkoly musí být ve stejném
 issues.review.self.approval=Nemůžete schválit svůj pull request.
 issues.review.self.rejection=Nemůžete požadovat změny ve svém vlastním pull requestu.
 issues.review.approve=schválil tyto změny %s
-issues.review.comment=posoudil %s
+issues.review.comment=Okomentovat
 issues.review.dismissed=zamítl/a posouzení od %s %s
 issues.review.dismissed_label=Zamítnuto
 issues.review.left_comment=zanechal komentář
@ -1798,7 +1798,6 @@ pulls.is_empty=Změny na této větvi jsou již na cílové větvi. Toto bude pr
 pulls.required_status_check_failed=Některé požadované kontroly nebyly úspěšné.
 pulls.required_status_check_missing=Některé požadované kontroly chybí.
 pulls.required_status_check_administrator=Jako administrátor stále můžete sloučit tento pull request.
-pulls.blocked_by_approvals=Tento pull request ještě nemá dostatek schválení. Uděleno %d z %d schválení.
 pulls.blocked_by_rejection=Tento pull request obsahuje změny požadované oficiálním posuzovatelem.
 pulls.blocked_by_official_review_requests=Tento pull request obsahuje oficiální žádosti o posouzení.
 pulls.blocked_by_outdated_branch=Tento pull request je zablokován, protože je zastaralý.
@ -2357,7 +2356,6 @@ settings.protect_status_check_matched=Odpovídá
 settings.protect_invalid_status_check_pattern=Neplatný vzor kontroly stavu: „%s“.
 settings.protect_no_valid_status_check_patterns=Žádné platné vzory kontroly stavu.
 settings.protect_required_approvals=Požadovaná schválení:
-settings.protect_required_approvals_desc=Umožnit sloučení pouze pull requestů s dostatečným pozitivním hodnocením.
 settings.dismiss_stale_approvals=Odmítnout nekvalitní schválení
 settings.dismiss_stale_approvals_desc=Pokud budou do větve nahrány nové revize, které mění obsah tohoto pull requestu, všechna stará schválení budou zamítnuta.
 settings.ignore_stale_approvals=Ignorovat zastaralá schválení
@ -2564,7 +2562,7 @@ branch.delete_desc=Smazání větve je trvalé. Přestože zrušená větev mů
 branch.deletion_success=Větev „%s“ byla smazána.
 branch.deletion_failed=Nepodařilo se odstranit větev „%s“.
 branch.delete_branch_has_new_commits=Větev „%s“ nemůže být smazána, protože byly přidány nové commity po sloučení.
-branch.create_branch=Vytvořit větev <strong>%s</strong>
+branch.create_branch=Vytvořit větev %s
 branch.create_from=z „%s“
 branch.create_success=Větev „%s“ byla vytvořena.
 branch.branch_already_exists=Větev „%s“ již existuje v tomto repozitáři.
@ -2590,7 +2588,7 @@ branch.new_branch=Vytvořit novou větev
 branch.new_branch_from=Vytvořit novou větev z „%s“
 branch.renamed=Větev %s byla přejmenována na %s.

-tag.create_tag=Vytvořit značku <strong>%s</strong>
+tag.create_tag=Vytvořit značku %s
 tag.create_tag_operation=Vytvořit značku
 tag.confirm_create_tag=Vytvořit značku
 tag.create_tag_from=Vytvořit novou značku z „%s“
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@ -1681,7 +1681,7 @@ issues.dependency.add_error_dep_not_same_repo=Beide Issues müssen sich im selbe
 issues.review.self.approval=Du kannst nicht dein eigenen Pull-Request genehmigen.
 issues.review.self.rejection=Du kannst keine Änderungen an deinem eigenen Pull-Request anfragen.
 issues.review.approve=hat die Änderungen %s genehmigt
-issues.review.comment=hat %s überprüft
+issues.review.comment=Kommentieren
 issues.review.dismissed=verwarf %ss Review %s
 issues.review.dismissed_label=Verworfen
 issues.review.left_comment=hat einen Kommentar hinterlassen
@ -1777,7 +1777,6 @@ pulls.is_empty=Die Änderungen an diesem Branch sind bereits auf dem Zielbranch.
 pulls.required_status_check_failed=Einige erforderliche Prüfungen waren nicht erfolgreich.
 pulls.required_status_check_missing=Einige erforderliche Prüfungen fehlen.
 pulls.required_status_check_administrator=Als Administrator kannst du diesen Pull-Request weiterhin mergen.
-pulls.blocked_by_approvals=Dieser Pull-Request hat noch nicht genügend Zustimmungen. %d von %d Zustimmungen erteilt.
 pulls.blocked_by_rejection=Dieser Pull-Request hat Änderungen, die von einem offiziellen Reviewer angefragt wurden.
 pulls.blocked_by_official_review_requests=Dieser Pull Request hat offizielle Review-Anfragen.
 pulls.blocked_by_outdated_branch=Dieser Pull Request ist blockiert, da er veraltet ist.
@ -2331,7 +2330,6 @@ settings.protect_status_check_matched=Übereinstimmung
 settings.protect_invalid_status_check_pattern=Ungültiges Muster: "%s".
 settings.protect_no_valid_status_check_patterns=Keine gültigen Statuscheck-Muster.
 settings.protect_required_approvals=Erforderliche Zustimmungen:
-settings.protect_required_approvals_desc=Erlaube das Mergen des Pull-Requests nur mit genügend positiven Reviews.
 settings.dismiss_stale_approvals=Entferne alte Genehmigungen
 settings.dismiss_stale_approvals_desc=Wenn neue Commits gepusht werden, die den Inhalt des Pull-Requests ändern, werden alte Genehmigungen entfernt.
 settings.ignore_stale_approvals=Veraltete Genehmigungen ignorieren
@ -2536,7 +2534,7 @@ branch.delete_desc=Das Löschen eines Branches ist permanent. Obwohl der Branch
 branch.deletion_success=Branch "%s" wurde gelöscht.
 branch.deletion_failed=Branch "%s" konnte nicht gelöscht werden.
 branch.delete_branch_has_new_commits=Der Branch "%s" kann nicht gelöscht werden, da seit dem letzten Merge neue Commits hinzugefügt wurden.
-branch.create_branch=Erstelle Branch <strong>%s</strong>
+branch.create_branch=Erstelle Branch %s
 branch.create_from=`von "%s"`
 branch.create_success=Branch "%s" wurde erstellt.
 branch.branch_already_exists=Branch "%s" existiert bereits in diesem Repository.
@ -2562,7 +2560,7 @@ branch.new_branch=Neue Branch erstellen
 branch.new_branch_from=Neuen Branch von "%s" erstellen
 branch.renamed=Branch %s wurde in %s umbenannt.

-tag.create_tag=Tag <strong>%s</strong> erstellen
+tag.create_tag=Tag %s erstellen
 tag.create_tag_operation=Tag erstellen
 tag.confirm_create_tag=Tag erstellen
 tag.create_tag_from=Neuen Tag von "%s" erstellen
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@ -1603,7 +1603,7 @@ issues.dependency.add_error_dep_not_same_repo=Και τα δύο ζητήματ
 issues.review.self.approval=Δεν μπορείτε να εγκρίνετε το δικό σας pull request.
 issues.review.self.rejection=Δεν μπορείτε να ζητήσετε αλλαγές στο δικό σας pull request.
 issues.review.approve=ενέκρινε αυτές τις αλλαγές %s
-issues.review.comment=αξιολόγησε %s
+issues.review.comment=Σχόλιο
 issues.review.dismissed=απέρριψε την αξιολόγηση %s %s
 issues.review.dismissed_label=Απορρίφθηκε
 issues.review.left_comment=άφησε ένα σχόλιο
@ -1697,7 +1697,6 @@ pulls.is_empty=Οι αλλαγές σε αυτόν τον κλάδο είναι
 pulls.required_status_check_failed=Ορισμένοι απαιτούμενοι έλεγχοι δεν ήταν επιτυχείς.
 pulls.required_status_check_missing=Λείπουν ορισμένοι απαιτούμενοι έλεγχοι.
 pulls.required_status_check_administrator=Ως διαχειριστής, μπορείτε ακόμα να συγχωνεύσετε αυτό το pull request.
-pulls.blocked_by_approvals=Το pull request δεν έχει ακόμα αρκετές εγκρίσεις. Δόθηκαν %d από %d εγκρίσεις.
 pulls.blocked_by_rejection=Αυτό το Pull Request έχει αλλαγές που ζητούνται από έναν επίσημο εξεταστή.
 pulls.blocked_by_official_review_requests=Αυτό το Pull Request έχει επίσημες αιτήσεις αξιολόγησης.
 pulls.blocked_by_outdated_branch=Αυτό το pull request έχει αποκλειστεί επειδή είναι παρωχημένο.
@ -2238,7 +2237,6 @@ settings.protect_status_check_matched=Ταιριάζει
 settings.protect_invalid_status_check_pattern=Μη έγκυρο μοτίβο ελέγχου κατάστασης: "%s".
 settings.protect_no_valid_status_check_patterns=Μη έγκυρα μοτίβα ελέγχου κατάστασης.
 settings.protect_required_approvals=Απαιτούμενες εγκρίσεις:
-settings.protect_required_approvals_desc=Επιτρέψτε μόνο να συγχωνεύσετε pull request με αρκετές θετικές κριτικές.
 settings.dismiss_stale_approvals=Παράβλεψη καθυστερημένων εγκρίσεων
 settings.dismiss_stale_approvals_desc=Όταν οι νέες υποβολές που αλλάζουν το περιεχόμενο του pull request γίνονται push στο κλάδο, οι παλιές εγκρίσεις απορρίπτονται.
 settings.require_signed_commits=Απαιτούνται Υπογεγραμμένες Υποβολές
@ -2442,7 +2440,7 @@ branch.delete_desc=Η διαγραφή ενός κλάδου είναι μόνι
 branch.deletion_success=Ο κλάδος "%s" διαγράφηκε.
 branch.deletion_failed=Αποτυχία διαγραφής του κλάδου "%s".
 branch.delete_branch_has_new_commits=Ο κλάδος "%s" δεν μπορεί να διαγραφεί επειδή προστέθηκαν νέες υποβολές μετά τη συγχώνευση.
-branch.create_branch=Δημιουργία κλάδου <strong>%s</strong>
+branch.create_branch=Δημιουργία κλάδου %s
 branch.create_from=`από το "%s"`
 branch.create_success=Ο κλάδος "%s" δημιουργήθηκε.
 branch.branch_already_exists=Ο κλάδος "%s" υπάρχει ήδη σε αυτό το αποθετήριο.
@ -2468,7 +2466,7 @@ branch.new_branch=Δημιουργία νέου κλάδου
 branch.new_branch_from=`Δημιουργία νέου κλάδου από το "%s"`
 branch.renamed=Ο κλάδος %s μετονομάστηκε σε %s.

-tag.create_tag=Δημιουργία ετικέτας <strong>%s</strong>
+tag.create_tag=Δημιουργία ετικέτας %s
 tag.create_tag_operation=Δημιουργία ετικέτας
 tag.confirm_create_tag=Δημιουργία ετικέτας
 tag.create_tag_from=`Δημιουργία νέας ετικέτας από το "%s"`
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@ -1761,6 +1761,12 @@ issues.review.hide_resolved = Hide resolved
 issues.review.resolve_conversation = Resolve conversation
 issues.review.un_resolve_conversation = Unresolve conversation
 issues.review.resolved_by = marked this conversation as resolved
+issues.review.comment = Comment
+issues.review.official = Approved
+issues.review.requested = Review pending
+issues.review.rejected = Changes requested
+issues.review.stale = Updated since approval
+issues.review.unofficial = Uncounted approval
 issues.assignee.error = Not all assignees was added due to an unexpected error.
 issues.reference_issue.body = Body
 issues.content_history.deleted = deleted
@ -1834,7 +1840,8 @@ pulls.is_empty = "The changes on this branch are already on the target branch. T
 pulls.required_status_check_failed = Some required checks were not successful.
 pulls.required_status_check_missing = Some required checks are missing.
 pulls.required_status_check_administrator = As an administrator, you may still merge this pull request.
-pulls.blocked_by_approvals = "This pull request doesn't have enough approvals yet. %d of %d approvals granted."
+pulls.blocked_by_approvals = "This pull request doesn't have enough required approvals yet. %d of %d official approvals granted."
+pulls.blocked_by_approvals_whitelisted = "This pull request doesn't have enough required approvals yet. %d of %d approvals granted from users or teams on the allowlist."
 pulls.blocked_by_rejection = "This pull request has changes requested by an official reviewer."
 pulls.blocked_by_official_review_requests = "This pull request has official review requests."
 pulls.blocked_by_outdated_branch = "This pull request is blocked because it's outdated."
@ -2422,7 +2429,7 @@ settings.protect_status_check_matched = Matched
 settings.protect_invalid_status_check_pattern = Invalid status check pattern: "%s".
 settings.protect_no_valid_status_check_patterns = No valid status check patterns.
 settings.protect_required_approvals = Required approvals:
-settings.protect_required_approvals_desc = Allow only to merge pull request with enough positive reviews.
+settings.protect_required_approvals_desc = Allow only to merge pull request with enough required approvals. Required approvals are either from users or teams who are on the allowlist or anyone with write access.
 settings.protect_approvals_whitelist_enabled = Restrict approvals to allowlisted users or teams
 settings.protect_approvals_whitelist_enabled_desc = Only reviews from allowlisted users or teams will count to the required approvals. Without approval allowlist, reviews from anyone with write access count to the required approvals.
 settings.protect_approvals_whitelist_users = Allowlisted reviewers:
@ -2651,7 +2658,7 @@ branch.delete_desc = Deleting a branch is permanent. Although the deleted branch
 branch.deletion_success = Branch "%s" has been deleted.
 branch.deletion_failed = Failed to delete branch "%s".
 branch.delete_branch_has_new_commits = Branch "%s" cannot be deleted because new commits have been added after merging.
-branch.create_branch = Create branch <strong>%s</strong>
+branch.create_branch = Create branch %s
 branch.create_from = from "%s"
 branch.create_success = Branch "%s" has been created.
 branch.branch_already_exists = Branch "%s" already exists in this repository.
@ -2677,7 +2684,7 @@ branch.new_branch = Create new branch
 branch.new_branch_from = Create new branch from "%s"
 branch.renamed = Branch %s was renamed to %s.

-tag.create_tag = Create tag <strong>%s</strong>
+tag.create_tag = Create tag %s
 tag.create_tag_operation = Create tag
 tag.confirm_create_tag = Create tag
 tag.create_tag_from = Create new tag from "%s"
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@ -1593,7 +1593,7 @@ issues.dependency.add_error_dep_not_same_repo=Ambas incidencias deben estar en e
 issues.review.self.approval=No puede aprobar su propio pull request.
 issues.review.self.rejection=No puede sugerir cambios en su propio pull request.
 issues.review.approve=aprobado estos cambios %s
-issues.review.comment=revisado %s
+issues.review.comment=Comentario
 issues.review.dismissed=descartó la revisión de %s %s
 issues.review.dismissed_label=Descartado
 issues.review.left_comment=dejó un comentario
@ -1687,7 +1687,6 @@ pulls.is_empty=Los cambios en esta rama ya están en la rama de destino. Esto se
 pulls.required_status_check_failed=Algunos controles requeridos no han tenido éxito.
 pulls.required_status_check_missing=Faltan algunos controles necesarios.
 pulls.required_status_check_administrator=Como administrador, aún puede fusionar este Pull Request.
-pulls.blocked_by_approvals=Esta pull request aún no tiene suficientes aprobaciones. %d de %d aprobaciones concedidas.
 pulls.blocked_by_rejection=Este pull request tiene cambios solicitados por un revisor oficial.
 pulls.blocked_by_official_review_requests=Esta pull request tiene solicitudes de revisión oficiales.
 pulls.blocked_by_outdated_branch=Esta pull request está bloqueada porque está desactualizada.
@ -2221,7 +2220,6 @@ settings.protect_status_check_matched=Coincide
 settings.protect_invalid_status_check_pattern=Patrón de verificación de estado no válido: "%s".
 settings.protect_no_valid_status_check_patterns=No hay patrones de verificación de estado.
 settings.protect_required_approvals=Aprobaciones requeridas:
-settings.protect_required_approvals_desc=Permite fusionar sólo los pull request con suficientes comentarios positivos.
 settings.dismiss_stale_approvals=Descartar aprobaciones obsoletas
 settings.dismiss_stale_approvals_desc=Cuando los nuevos commits que cambien el contenido de la pull request sean empujados a la rama, se descartarán las aprobaciones antiguas.
 settings.require_signed_commits=Requiere commits firmados
@ -2423,7 +2421,7 @@ branch.delete_desc=Eliminar una rama es permanente. Aunque la rama eliminada pue
 branch.deletion_success=La rama "%s" ha sido eliminada.
 branch.deletion_failed=Error al eliminar la rama "%s".
 branch.delete_branch_has_new_commits=La rama "%s" no se puede eliminar porque se han añadido nuevos commits después de la fusión.
-branch.create_branch=Crear rama <strong>%s</strong>
+branch.create_branch=Crear rama %s
 branch.create_from=`de "%s"`
 branch.create_success=La rama "%s" ha sido creada.
 branch.branch_already_exists=La rama "%s" ya existe en este repositorio.
@ -2449,7 +2447,7 @@ branch.new_branch=Crear nueva rama
 branch.new_branch_from=`Crear nueva rama de "%s"`
 branch.renamed=La rama %s fue renombrada a %s.

-tag.create_tag=Crear etiqueta <strong>%s</strong>
+tag.create_tag=Crear etiqueta %s
 tag.create_tag_operation=Crear etiqueta
 tag.confirm_create_tag=Crear etiqueta
 tag.create_tag_from=`Crear nueva etiqueta de "%s"`
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@ -1235,7 +1235,7 @@ issues.dependency.add_error_dep_not_same_repo=هر دو موضوع باید از
 issues.review.self.approval=شما نمی‌توانید تقاضای واکشی خود را تایید کنید.
 issues.review.self.rejection=شما نمی‌توانید تقاضا تغییرات تقاضای واکشی خود را تغییر دهید.
 issues.review.approve=این تغییرات را تایید شدند %s
-issues.review.comment=بازبینی شدند %s
+issues.review.comment=دیدگاه
 issues.review.dismissed=بررسی %s %s را رد شده
 issues.review.dismissed_label=رها شده
 issues.review.left_comment=یک نظر ثبت کرد
@ -1710,7 +1710,6 @@ settings.protect_enable_push_desc=هرکسی که دسترسی به نوشتن
 settings.protect_check_status_contexts=فعال کردن حالات بررسی
 settings.protect_check_status_contexts_list=آخرین بررسی حالات این مخزن در هفته گذشته اتفاق افتاده است
 settings.protect_required_approvals=نیازمند تاییدیه:
-settings.protect_required_approvals_desc=فقط مجاز به ادغام تقاضای واکشی با بررسی های مثبت کافی می شوند.
 settings.dismiss_stale_approvals=تاییدیه های قدیمی را رد کنید
 settings.dismiss_stale_approvals_desc=وقتی commit های جدیدی که محتوای درخواست pull را تغییر می‌دهند به شاخه ارسال می‌شوند، تأییدیه‌های قدیمی رد می‌شوند.
 settings.require_signed_commits=نیاز به commit های امضا شده
@ -1876,7 +1875,7 @@ release.add_tag=فقط تگ ایجاد کنید
 branch.name=نام شاخه
 branch.delete_head=حذف
 branch.delete_html=حذف شاخه
-branch.create_branch=ساختن شاخه <strong>%s</strong>
+branch.create_branch=ساختن شاخه %s
 branch.deleted_by=حذف شده توسط %s
 branch.included_desc=این شاخه بخشی از شاخه پیش فرض است
 branch.included=مشمول شده
@ -1887,7 +1886,7 @@ branch.create_branch_operation=ایجاد شاخه
 branch.new_branch=شاخه جدید ایجاد کنید
 branch.renamed=شاخه %s قبلا به %s تغییر کرده است.

-tag.create_tag=تگ <strong>%s</strong> ایجاد کنید
+tag.create_tag=تگ %s ایجاد کنید


 topic.manage_topics=مدیریت موضوعات
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@ -950,6 +950,7 @@ issues.dependency.remove_info=Poistä tämä riippuvuus
 issues.review.self.approval=Et voi hyväksyä omia vetopyyntöjä.
 issues.review.self.rejection=Et voi pyytää muutoksia omaan vetopyyntöön.
 issues.review.approve=hyväksyi nämä muutokset %s
+issues.review.comment=Kommentoi
 issues.review.left_comment=jätti kommentin
 issues.review.pending=Odottaa
 issues.review.show_resolved=Näytä ratkaisu
@ -1280,7 +1281,7 @@ release.downloads=Lataukset

 branch.name=Haaran nimi
 branch.delete_head=Poista
-branch.create_branch=Luo haara <strong>%s</strong>
+branch.create_branch=Luo haara %s



--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@ -1705,7 +1705,7 @@ issues.dependency.add_error_dep_not_same_repo=Les deux tickets doivent être dan
 issues.review.self.approval=Vous ne pouvez approuver vos propres demandes d'ajout.
 issues.review.self.rejection=Vous ne pouvez demander de changements sur vos propres demandes de changement.
 issues.review.approve=a approuvé ces modifications %s.
-issues.review.comment=a évalué cette demande d’ajout %s.
+issues.review.comment=Commenter
 issues.review.dismissed=a révoqué l’évaluation de %s %s.
 issues.review.dismissed_label=Révoquée
 issues.review.left_comment=laisser un commentaire
@ -1803,7 +1803,6 @@ pulls.is_empty=Les changements sur cette branche sont déjà sur la branche cibl
 pulls.required_status_check_failed=Certains contrôles requis n'ont pas réussi.
 pulls.required_status_check_missing=Certains contrôles requis sont manquants.
 pulls.required_status_check_administrator=En tant qu'administrateur, vous pouvez toujours fusionner cette requête de pull.
-pulls.blocked_by_approvals=Cette demande d'ajout n’est pas suffisamment approuvée. %d approbations obtenues sur %d.
 pulls.blocked_by_rejection=Cette demande d’ajout nécessite des corrections sollicitées par un évaluateur officiel.
 pulls.blocked_by_official_review_requests=Cette demande d’ajout a des sollicitations officielles d’évaluation.
 pulls.blocked_by_outdated_branch=Cette demande d’ajout est bloquée car elle est obsolète.
@ -2378,7 +2377,6 @@ settings.protect_status_check_matched=Correspondant
 settings.protect_invalid_status_check_pattern=Motif de vérification des statuts incorrect : « %s ».
 settings.protect_no_valid_status_check_patterns=Aucun motif de vérification des statuts valide.
 settings.protect_required_approvals=Minimum d'approbations requis :
-settings.protect_required_approvals_desc=Permet de fusionner les demandes d’ajout lorsque suffisamment d’évaluation sont positives.
 settings.protect_approvals_whitelist_enabled=Restreindre les approbations aux utilisateurs ou aux équipes sur liste d’autorisés
 settings.protect_approvals_whitelist_enabled_desc=Seuls les évaluations des utilisateurs ou des équipes suivantes compteront dans les approbations requises. Si laissé vide, les évaluations de toute personne ayant un accès en écriture seront comptabilisées à la place.
 settings.protect_approvals_whitelist_users=Évaluateurs autorisés :
@ -2587,7 +2585,7 @@ branch.delete_desc=La suppression d’une branche est permanente. Bien qu’une
 branch.deletion_success=La branche "%s" a été supprimée.
 branch.deletion_failed=Impossible de supprimer la branche "%s".
 branch.delete_branch_has_new_commits=La branche "%s" ne peut être supprimé, car de nouvelles révisions ont été ajoutées après la fusion.
-branch.create_branch=Créer la branche <strong>%s</strong>
+branch.create_branch=Créer la branche %s
 branch.create_from=`de "%s"`
 branch.create_success=La branche "%s" a été créée.
 branch.branch_already_exists=La branche "%s" existe déjà dans ce dépôt.
@ -2613,7 +2611,7 @@ branch.new_branch=Créer une nouvelle branche
 branch.new_branch_from=`Créer une nouvelle branche à partir de "%s"`
 branch.renamed=La branche %s à été renommée en %s.

-tag.create_tag=Créer l'étiquette <strong>%s</strong>
+tag.create_tag=Créer l'étiquette %s
 tag.create_tag_operation=Créer une étiquette
 tag.confirm_create_tag=Créer une étiquette
 tag.create_tag_from=`Créer une nouvelle étiquette à partir de "%s"`
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@ -901,7 +901,7 @@ issues.dependency.add_error_dep_issue_not_exist=Függő hibajegy nem létezik.
 issues.dependency.add_error_dep_not_exist=A függőség nem létezik.
 issues.dependency.add_error_dep_exists=A függőség már létezik.
 issues.dependency.add_error_dep_not_same_repo=Mindkét hibajegynek ugyanabban a tárolóban kell lennie.
-issues.review.comment=Értékelve: %s
+issues.review.comment=Hozzászólás
 issues.review.reject=%s változtatások kérése
 issues.review.pending=Függőben
 issues.review.review=Értékelés
@ -1141,7 +1141,7 @@ release.download_count=Letöltések: %s

 branch.delete_head=Törlés
 branch.delete_html=Ág törlése
-branch.create_branch=Ág <strong>%s</strong> létrehozása
+branch.create_branch=Ág %s létrehozása
 branch.deleted_by=Törölve %s által


--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@ -921,7 +921,7 @@ release.downloads=Unduhan

 branch.delete_head=Hapus
 branch.delete_html=Hapus cabang
-branch.create_branch=Membuat cabang <strong>%s</strong>
+branch.create_branch=Membuat cabang %s
 branch.deleted_by=Dihapus oleh %s


--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@ -850,7 +850,7 @@ issues.dependency.remove_header=Fjarlægja Kröfu
 issues.dependency.add_error_dep_not_exist=Krafa er ekki til.
 issues.dependency.add_error_dep_exists=Krafa er nú þegar til.
 issues.review.approve=samþykkti þessar breytingar %s
-issues.review.comment=fór yfir %s
+issues.review.comment=Senda Ummæli
 issues.review.dismissed_label=Hunsað
 issues.review.left_comment=gerði ummæli
 issues.review.pending=Í bið
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@ -1331,7 +1331,7 @@ issues.dependency.add_error_dep_not_same_repo=Entrambi i problemi devono essere
 issues.review.self.approval=Non puoi approvare la tua pull request.
 issues.review.self.rejection=Non puoi richiedere modifiche sulla tua pull request.
 issues.review.approve=hanno approvato queste modifiche %s
-issues.review.comment=revisionato %s
+issues.review.comment=Commentare
 issues.review.dismissed=recensione %s di %s respinta
 issues.review.dismissed_label=Respinta
 issues.review.left_comment=lascia un commento
@ -1862,7 +1862,6 @@ settings.protect_enable_push_desc=Chiunque con accesso in scrittura sarà autori
 settings.protect_check_status_contexts=Abilita Controllo Stato
 settings.protect_check_status_contexts_list=Controlli di stato trovati nell'ultima settimana per questo repository
 settings.protect_required_approvals=Approvazioni richieste:
-settings.protect_required_approvals_desc=Permetti solo di unire la richiesta pull con abbastanza recensioni positive.
 settings.dismiss_stale_approvals=Ignora impostazione vecchie
 settings.dismiss_stale_approvals_desc=Quando i nuovi commit che cambiano il contenuto della pull request vengono pushati nel branch, le vecchie approvazioni verranno eliminate.
 settings.require_signed_commits=Richiede commit firmati
@ -2031,7 +2030,7 @@ release.add_tag=Crea Solo Branch
 branch.name=Nome branch
 branch.delete_head=Elimina
 branch.delete_html=Elimina branch
-branch.create_branch=Crea branch <strong>%s</strong>
+branch.create_branch=Crea branch %s
 branch.deleted_by=Eliminato da %s
 branch.included_desc=Questo ramo fa parte del ramo predefinito
 branch.included=Incluso
@ -2042,7 +2041,7 @@ branch.create_branch_operation=Crea ramo
 branch.new_branch=Crea nuovo ramo
 branch.renamed=Il ramo %s è stato rinominato in %s.

-tag.create_tag=Crea branch <strong>%s</strong>
+tag.create_tag=Crea branch %s
 tag.create_tag_operation=Crea etichetta
 tag.confirm_create_tag=Crea etichetta

--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@ -1715,7 +1715,7 @@ issues.dependency.add_error_dep_not_same_repo=両方とも同じリポジトリ
 issues.review.self.approval=自分のプルリクエストを承認することはできません。
 issues.review.self.rejection=自分のプルリクエストに対して修正を要求することはできません。
 issues.review.approve=が変更を承認 %s
-issues.review.comment=がレビュー %s
+issues.review.comment=コメント
 issues.review.dismissed=が %s のレビューを棄却 %s
 issues.review.dismissed_label=棄却
 issues.review.left_comment=がコメント
@ -1813,7 +1813,6 @@ pulls.is_empty=このブランチの変更は既にターゲットブランチ
 pulls.required_status_check_failed=いくつかの必要なステータスチェックが成功していません。
 pulls.required_status_check_missing=必要なチェックがいくつか抜けています。
 pulls.required_status_check_administrator=管理者であるため、このプルリクエストをマージすることは可能です。
-pulls.blocked_by_approvals=このプルリクエストはまだ承認数が足りません。 %[1]d/%[2]dの承認を得ています。
 pulls.blocked_by_rejection=このプルリクエストは公式レビューアにより変更要請されています。
 pulls.blocked_by_official_review_requests=このプルリクエストには公式レビュー依頼があります。
 pulls.blocked_by_outdated_branch=このプルリクエストは遅れのためブロックされています。
@ -2396,7 +2395,6 @@ settings.protect_status_check_matched=マッチ
 settings.protect_invalid_status_check_pattern=`不正なステータスチェックパターン: "%s"`
 settings.protect_no_valid_status_check_patterns=有効なステータスチェックパターンがありません。
 settings.protect_required_approvals=必要な承認数:
-settings.protect_required_approvals_desc=肯定的なレビューの数を満たしたプルリクエストしかマージできないようにします。
 settings.protect_approvals_whitelist_enabled=許可リストに登録したユーザーやチームに承認を制限
 settings.protect_approvals_whitelist_enabled_desc=許可リストに登録したユーザーまたはチームによるレビューのみを、必要な承認数にカウントします。 承認の許可リストが無い場合は、書き込み権限を持つ人によるレビューを必要な承認数にカウントします。
 settings.protect_approvals_whitelist_users=許可リストに含めるレビューア:
@ -2621,7 +2619,7 @@ branch.delete_desc=ブランチの削除は恒久的です。 実際に削除さ
 branch.deletion_success=ブランチ "%s" を削除しました。
 branch.deletion_failed=ブランチ "%s" の削除に失敗しました。
 branch.delete_branch_has_new_commits=マージ後に新しいコミットが追加されているため、ブランチ "%s" を削除できません。
-branch.create_branch=ブランチ <strong>%s</strong> を作成
+branch.create_branch=ブランチ %s を作成
 branch.create_from=`"%s" から`
 branch.create_success=ブランチ "%s" を作成しました。
 branch.branch_already_exists=ブランチ "%s" は、このリポジトリに既に存在します。
@ -2647,7 +2645,7 @@ branch.new_branch=新しいブランチの作成
 branch.new_branch_from=`"%s" から新しいブランチを作成`
 branch.renamed=ブランチ %s は %s にリネームされました。

-tag.create_tag=タグ <strong>%s</strong> を作成
+tag.create_tag=タグ %s を作成
 tag.create_tag_operation=タグの作成
 tag.confirm_create_tag=タグを作成
 tag.create_tag_from=`"%s" から新しいタグを作成`
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@ -818,7 +818,7 @@ issues.dependency.add_error_dep_not_same_repo=두 이슈는 같은 레포지토
 issues.review.self.approval=자신의 풀 리퀘스트를 승인할 수 없습니다.
 issues.review.self.rejection=자신의 풀 리퀘스트에 대한 변경을 요청할 수 없습니다.
 issues.review.approve="이 변경사항을 승인하였습니다. %s"
-issues.review.comment=검토됨 %s
+issues.review.comment=댓글
 issues.review.pending=보류
 issues.review.review=검토
 issues.review.reviewers=리뷰어
@ -1123,7 +1123,7 @@ release.downloads=다운로드
 branch.name=브랜치명
 branch.delete_head=삭제
 branch.delete_html=브랜치 삭제
-branch.create_branch=<strong>%s</strong> 브랜치 생성
+branch.create_branch=%s 브랜치 생성
 branch.deleted_by=%s 에 의해 삭제되었습니다.


--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@ -25,6 +25,7 @@ enable_javascript=Šai tīmekļvietnei ir nepieciešams JavaScript.
 toc=Satura rādītājs
 licenses=Licences
 return_to_gitea=Atgriezties Gitea
+more_items=Vairāk vienumu

 username=Lietotājvārds
 email=E-pasta adrese
@ -92,6 +93,7 @@ remove_all=Noņemt visus
 remove_label_str=`Noņemt ierakstu "%s"`
 edit=Labot
 view=Skatīt
+test=Pārbaudīt

 enabled=Iespējots
 disabled=Atspējots
@ -113,6 +115,7 @@ loading=Notiek ielāde…
 error=Kļūda
 error404=Lapa, ko tiek mēģināts atvērt, vai nu <strong>nepastāv</strong> vai arī <strong>nav tiesību</strong> to aplūkot.
 go_back=Atgriezties
+invalid_data=Nederīgi dati: %v

 never=Nekad
 unknown=Nezināms
@ -1606,7 +1609,7 @@ issues.dependency.add_error_dep_not_same_repo=Abām problēmām ir jābūt no vi
 issues.review.self.approval=Nevar apstiprināt savu izmaiņu pieprasījumi.
 issues.review.self.rejection=Nevar pieprasīt izmaiņas savam izmaiņu pieprasījumam.
 issues.review.approve=apstiprināja izmaiņas %s
-issues.review.comment=recenzēja %s
+issues.review.comment=Komentēt
 issues.review.dismissed=atmeta %s recenziju %s
 issues.review.dismissed_label=Atmesta
 issues.review.left_comment=atstāja komentāru
@ -1700,7 +1703,6 @@ pulls.is_empty=Mērķa atzars jau satur šī atzara izmaiņas. Šī revīzija b
 pulls.required_status_check_failed=Dažas no pārbaudēm nebija veiksmīgas.
 pulls.required_status_check_missing=Trūkst dažu obligāto pārbaužu.
 pulls.required_status_check_administrator=Kā administrators Jūs varat sapludināt šo izmaiņu pieprasījumu.
-pulls.blocked_by_approvals=Šim izmaiņu pieprasījumam vēl nav pietiekami daudz apstiprinājumu. Nodrošināti %d no %d apstiprinājumiem.
 pulls.blocked_by_rejection=Šim izmaiņu pieprasījumam oficiālais recenzents ir pieprasījis labojumus.
 pulls.blocked_by_official_review_requests=Šim izmaiņu pieprasījumam ir oficiāli recenzijas pieprasījumi.
 pulls.blocked_by_outdated_branch=Šis izmaiņu pieprasījums ir bloķēts, jo tas ir novecojis.
@ -2237,7 +2239,6 @@ settings.protect_status_check_matched=Atbilst
 settings.protect_invalid_status_check_pattern=Kļūdains statusa pārbaudes šablons: "%s".
 settings.protect_no_valid_status_check_patterns=Nav korekta statusa pārbaudes šablona.
 settings.protect_required_approvals=Vajadzīgi apstiprinājumi:
-settings.protect_required_approvals_desc=Atļaut sapludināt izmaiņu pieprasījumu tikai ar pietiekamu skaitu pozitīvu recenziju.
 settings.dismiss_stale_approvals=Pieprasīt apstiprinājumus jaunākajām izmaiņām
 settings.dismiss_stale_approvals_desc=Kad tiek iesūtītas jaunas revīzijas, kas izmaina izmaiņu pieprasījuma saturu, iepriekšējie apstiprinājumi tiks atzīmēti kā novecojuši un būs nepieciešams apstiprināt tos atkāroti.
 settings.require_signed_commits=Pieprasīt parakstītas revīzijas
@ -2439,7 +2440,7 @@ branch.delete_desc=Atzara dzēšana ir neatgriezeniska. Kaut arī izdzēstais za
 branch.deletion_success=Atzars "%s" tika izdzēsts.
 branch.deletion_failed=Neizdevās izdzēst atzaru "%s".
 branch.delete_branch_has_new_commits=Atzars "%s" nevar tik dzēsts, jo pēc sapludināšanas, tam ir pievienotas jaunas revīzijas.
-branch.create_branch=Izveidot atzaru <strong>%s</strong>
+branch.create_branch=Izveidot atzaru %s
 branch.create_from=`no "%s"`
 branch.create_success=Tika izveidots atzars "%s".
 branch.branch_already_exists=Atzars "%s" šajā repozitorijā jau eksistē.
@ -2465,7 +2466,7 @@ branch.new_branch=Izveidot jaunu atzaru
 branch.new_branch_from=`Izveidot jaunu atzaru no "%s"`
 branch.renamed=Atzars %s tika pārsaukts par %s.

-tag.create_tag=Izveidot tagu <strong>%s</strong>
+tag.create_tag=Izveidot tagu %s
 tag.create_tag_operation=Izveidot tagu
 tag.confirm_create_tag=Izveidot tagu
 tag.create_tag_from=`Izveidot tagu no "%s"`
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@ -1328,7 +1328,7 @@ issues.dependency.add_error_dep_not_same_repo=Beide kwesties moeten in dezelfde
 issues.review.self.approval=Je kan je eigen pull-aanvraag niet goedkeuren.
 issues.review.self.rejection=Je kan geen wijzigingen aanvragen op je eigen pull-aanvraag.
 issues.review.approve=heeft deze veranderingen %s goedgekeurd
-issues.review.comment=beoordeeld %s
+issues.review.comment=Opmerking
 issues.review.dismissed=%s's beoordeling afgewezen %s
 issues.review.dismissed_label=Afgewezen
 issues.review.left_comment=heeft een reactie achtergelaten
@ -1799,7 +1799,6 @@ settings.protect_enable_push_desc=Iedereen met schrijftoegang heeft toegang om t
 settings.protect_check_status_contexts=Status controle inschakelen
 settings.protect_check_status_contexts_list=Status controles gevonden in de afgelopen week voor deze repository
 settings.protect_required_approvals=Vereiste goedkeuringen:
-settings.protect_required_approvals_desc=Sta alleen toe om pull request samen te voegen met voldoende positieve beoordelingen.
 settings.dismiss_stale_approvals=Verouderde goedkeuringen afwijzen
 settings.dismiss_stale_approvals_desc=Wanneer nieuwe commits die de inhoud van het pull-verzoek veranderen, naar de branch worden gepusht, worden oude goedkeuringen verwijderd.
 settings.require_signed_commits=Ondertekende Commits vereisen
@ -1955,12 +1954,13 @@ release.download_count=Downloads: %s
 branch.name=Branch naam
 branch.delete_head=Verwijder
 branch.delete_html=Verwijder branch
-branch.create_branch=Maak branch <strong>%s</strong>
+branch.create_branch=Maak branch %s
 branch.deleted_by=Verwijderd door %s
 branch.included_desc=Deze branch maakt deel uit van de standaard branch
 branch.included=Inbegrepen
 branch.confirm_rename_branch=Hernoem branch

+tag.create_tag=Maak tag %s


 topic.manage_topics=Beheer topics
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@ -1220,7 +1220,7 @@ issues.dependency.add_error_dep_not_same_repo=Oba zgłoszenia muszą być w tym
 issues.review.self.approval=Nie możesz zatwierdzić swojego własnego Pull Requesta.
 issues.review.self.rejection=Nie możesz zażądać zmian w swoim własnym Pull Requeście.
 issues.review.approve=zatwierdza te zmiany %s
-issues.review.comment=zrecenzowano %s
+issues.review.comment=Skomentuj
 issues.review.dismissed_label=Odrzucony
 issues.review.left_comment=zostawił komentarz
 issues.review.content.empty=Musisz pozostawić komentarz o pożądanej zmianie/zmianach.
@ -1668,7 +1668,6 @@ settings.protect_enable_push_desc=Każdy użytkownik z uprawnieniem zapisu będz
 settings.protect_check_status_contexts=Włącz kontrolę stanu
 settings.protect_check_status_contexts_list=Kontrole stanów w poprzednim tygodniu dla tego repozytorium
 settings.protect_required_approvals=Wymagane zatwierdzenia:
-settings.protect_required_approvals_desc=Zezwól na scalanie Pull Requestów tylko z wystarczającą ilością pozytywnych recenzji.
 settings.dismiss_stale_approvals=Unieważnij przestarzałe zatwierdzenia
 settings.dismiss_stale_approvals_desc=Kiedy nowe commity zmieniające zawartość Pull Requesta są wypychane do gałęzi, wcześniejsze zatwierdzenia zostaną unieważnione.
 settings.require_signed_commits=Wymagaj podpisanych commitów
@ -1820,7 +1819,7 @@ release.add_tag=Utwórz tylko znacznik
 branch.name=Nazwa gałęzi
 branch.delete_head=Usuń
 branch.delete_html=Usuń gałąź
-branch.create_branch=Utwórz gałąź <strong>%s</strong>
+branch.create_branch=Utwórz gałąź %s
 branch.deleted_by=Usunięta przez %s
 branch.included_desc=Ta gałąź jest częścią domyślnej gałęzi
 branch.included=Zawarte
@ -1829,7 +1828,7 @@ branch.confirm_create_branch=Utwórz gałąź
 branch.create_branch_operation=Utwórz gałąź
 branch.new_branch=Utwórz nową gałąź

-tag.create_tag=Utwóz tag <strong>%s</strong>
+tag.create_tag=Utwóz tag %s


 topic.manage_topics=Zarządzaj tematami
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@ -1599,7 +1599,7 @@ issues.dependency.add_error_dep_not_same_repo=Ambas as issues devem estar no mes
 issues.review.self.approval=Você não pode aprovar o seu próprio pull request.
 issues.review.self.rejection=Você não pode solicitar alterações em seu próprio pull request.
 issues.review.approve=aprovou estas alterações %s
-issues.review.comment=revisou %s
+issues.review.comment=Comentar
 issues.review.dismissed=rejeitou a revisão de %s %s
 issues.review.dismissed_label=Rejeitada
 issues.review.left_comment=deixou um comentário
@ -1693,7 +1693,6 @@ pulls.is_empty=As alterações neste branch já estão na branch de destino. Est
 pulls.required_status_check_failed=Algumas verificações necessárias não foram bem sucedidas.
 pulls.required_status_check_missing=Estão faltando algumas verificações necessárias.
 pulls.required_status_check_administrator=Como administrador, você ainda pode aplicar o merge deste pull request.
-pulls.blocked_by_approvals=Este pull request ainda não tem aprovações suficientes. %d de %d aprovações concedidas.
 pulls.blocked_by_rejection=Este pull request tem alterações solicitadas por um revisor oficial.
 pulls.blocked_by_official_review_requests=Este pull request tem solicitações de revisão oficiais.
 pulls.blocked_by_outdated_branch=Este pull request está bloqueado porque está desatualizado.
@ -2206,7 +2205,6 @@ settings.protect_enable_merge=Permitir merge
 settings.protect_check_status_contexts=Habilitar verificação de status
 settings.protect_check_status_contexts_list=Verificações de status encontradas na última semana para este repositório
 settings.protect_required_approvals=Aprovações necessárias:
-settings.protect_required_approvals_desc=Permite apenas realizar merge do pull request com avaliações positivas suficientes.
 settings.dismiss_stale_approvals=Descartar aprovações obsoletas
 settings.dismiss_stale_approvals_desc=Quando novos commits que mudam o conteúdo do pull request são enviados para o branch, as antigas aprovações serão descartadas.
 settings.require_signed_commits=Exibir commits assinados
@ -2402,7 +2400,7 @@ branch.delete_html=Excluir Branch
 branch.deletion_success=Branch "%s" excluído.
 branch.deletion_failed=Falha ao excluir o branch "%s".
 branch.delete_branch_has_new_commits=O branch "%s" não pode ser excluído porque novos commits foram feitos após o merge.
-branch.create_branch=Criar branch <strong>%s</strong>
+branch.create_branch=Criar branch %s
 branch.create_from=`a partir de "%s"`
 branch.create_success=Branch "%s" criado.
 branch.branch_already_exists=Branch "%s" já existe neste repositório.
@ -2426,7 +2424,7 @@ branch.new_branch=Criar novo branch
 branch.new_branch_from=`Criar novo branch a partir de "%s"`
 branch.renamed=Branch %s foi renomeado para %s.

-tag.create_tag=Criar tag <strong>%s</strong>
+tag.create_tag=Criar tag %s
 tag.create_tag_operation=Criar tag
 tag.confirm_create_tag=Criar tag
 tag.create_tag_from=`Criar nova tag a partir de "%s"`
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@ -218,6 +218,7 @@ string.desc=Z - A

 [error]
 occurred=Ocorreu um erro
+report_message=Se acredita tratar-se de um erro do Gitea, procure questões relacionadas no <a href="%s">GitHub</a> ou abra uma nova questão, se necessário.
 missing_csrf=Pedido inválido: não há código CSRF
 invalid_csrf=Pedido inválido: código CSRF inválido
 not_found=Não foi possível encontrar o destino.
@ -226,10 +227,13 @@ network_error=Erro de rede
 [startpage]
 app_desc=Um serviço Git auto-hospedado e fácil de usar
 install=Fácil de instalar
+install_desc=Corra, simplesmente, <a target="_blank" rel="noopener noreferrer" href="%[1]s">o ficheiro binário executável</a> para a sua plataforma, despache-o com o <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>, ou obtenha-o sob a forma de <a target="_blank" rel="noopener noreferrer" href="%[3]s">pacote</a>.
 platform=Multiplataforma
+platform_desc=Gitea corre em qualquer plataforma onde possa compilar em linguagem <a target="_blank" rel="noopener noreferrer" href="%s">Go</a>: Windows, macOS, Linux, ARM, etc. Escolha a sua preferida!
 lightweight=Leve
 lightweight_desc=Gitea requer poucos recursos e pode correr num simples Raspberry Pi. Economize a energia da sua máquina!
 license=Código aberto
+license_desc=Vá buscar <a target="_blank" rel="noopener noreferrer" href="%[1]s">%[2]s</a>! Junte-se a nós dando a <a target="_blank" rel="noopener noreferrer" href="%[3]s">sua contribuição</a> para tornar este programa ainda melhor. Não se acanhe e contribua!

 [install]
 install=Instalação
@ -402,6 +406,7 @@ reset_password_mail_sent_prompt=Foi enviado um email de confirmação para <b>%s
 active_your_account=Ponha a sua conta em funcionamento
 account_activated=A conta foi posta em funcionamento
 prohibit_login=Início de sessão proibido
+prohibit_login_desc=A sua conta está proibida de iniciar sessão. Contacte o administrador.
 resent_limit_prompt=Já fez um pedido recentemente para enviar um email para pôr a conta em funcionamento. Espere 3 minutos e tente novamente.
 has_unconfirmed_mail=Olá %s, tem um endereço de email não confirmado (<b>%s</b>). Se não recebeu um email de confirmação ou precisa de o voltar a enviar, clique no botão abaixo.
 change_unconfirmed_mail_address=Se o seu endereço de email estiver errado, pode mudá-lo aqui e enviar um novo email de confirmação.
@ -413,6 +418,7 @@ invalid_code=O seu código de confirmação é inválido ou expirou.
 invalid_code_forgot_password=O seu código de confirmação é inválido ou já expirou. Clique <a href="%s">aqui</a> para iniciar uma nova sessão.
 invalid_password=A sua senha não corresponde à senha que foi usada para criar a conta.
 reset_password_helper=Recuperar conta
+reset_password_wrong_user=Tem conta iniciada como %s, mas a ligação de recuperação de conta é para %s
 password_too_short=O tamanho da senha não pode ser inferior a %d caracteres.
 non_local_account=Os utilizadores não-locais não podem alterar a sua senha através da interface web do Gitea.
 verify=Validar
@ -448,7 +454,9 @@ authorize_application_created_by=Esta aplicação foi criada por %s.
 authorize_application_description=Se conceder acesso, a aplicação terá privilégios para alterar toda a informação da conta, incluindo repositórios e organizações privados.
 authorize_title=Autorizar o acesso de "%s" à sua conta?
 authorization_failed=A autorização falhou
+authorization_failed_desc=A autorização falhou porque encontrámos um pedido inválido. Entre em contacto com o responsável pela aplicação que tentou autorizar.
 sspi_auth_failed=Falhou a autenticação SSPI
+password_pwned=A senha que escolheu está numa <a target="_blank" rel="noopener noreferrer" href="%s">lista de senhas roubadas</a> anteriormente expostas em fugas de dados públicas. Tente novamente com uma senha diferente e considere também mudar esta senha nos outros sítios.
 password_pwned_err=Não foi possível completar o pedido ao HaveIBeenPwned
 last_admin=Não pode remover o último administrador. Tem que existir pelo menos um administrador.
 signin_passkey=Iniciar sessão com uma passkey
@ -466,6 +474,7 @@ activate_account.text_1=Olá <b>%[1]s</b>, obrigado por se registar em %[2]s!
 activate_account.text_2=Clique, por favor, na ligação seguinte para activar a sua conta dentro de <b>%s</b>:

 activate_email=Valide o seu endereço de email
+activate_email.title=%s, por favor valide o seu endereço de email
 activate_email.text=Por favor clique na seguinte ligação para validar o seu endereço de email dentro de <b>%s</b>:

 register_notify=Bem-vindo(a) a %s
@ -685,9 +694,11 @@ applications=Aplicações
 orgs=Gerir organizações
 repos=Repositórios
 delete=Eliminar a conta
+twofa=Autenticação em dois passos (TOTP)
 account_link=Contas vinculadas
 organization=Organizações
 uid=UID
+webauthn=Autenticação em dois passos (Chaves de Segurança)

 public_profile=Perfil público
 biography_placeholder=Conte-nos um pouco sobre si! (Pode usar Markdown)
@ -705,6 +716,7 @@ update_language_success=O idioma foi modificado.
 update_profile_success=O seu perfil foi modificado.
 change_username=O seu nome de utilizador foi modificado.
 change_username_prompt=Note: Mudar o seu nome de utilizador também muda o URL da sua conta.
+change_username_redirect_prompt=O antigo nome de utilizador, enquanto ninguém o reivindicar, irá reencaminhar para o novo.
 continue=Continuar
 cancel=Cancelar
 language=Idioma
@ -784,6 +796,7 @@ add_email_success=O novo endereço de email foi adicionado.
 email_preference_set_success=As preferências relativas ao email foram definidas com sucesso.
 add_openid_success=O novo endereço OpenID foi adicionado.
 keep_email_private=Ocultar endereço de email
+keep_email_private_popup=Isto irá ocultar o seu endereço de email no seu perfil, assim como quando fizer um pedido de integração ou editar um ficheiro usando a interface web. Cometimentos enviados não serão modificados. Utilize %s nos cometimentos para os associar à sua conta.
 openid_desc=O OpenID permite delegar a autenticação num fornecedor externo.

 manage_ssh_keys=Gerir chaves SSH
@ -898,6 +911,8 @@ remove_oauth2_application_desc=Remover uma aplicação OAuth2 irá revogar o ace
 remove_oauth2_application_success=A aplicação foi eliminada.
 create_oauth2_application=Criar uma nova aplicação OAuth2
 create_oauth2_application_button=Criar aplicação
+create_oauth2_application_success=Criou com sucesso uma nova aplicação OAuth2.
+update_oauth2_application_success=Modificou com sucesso a aplicação OAuth2.
 oauth2_application_name=Nome da aplicação
 oauth2_confidential_client=Cliente confidencial. Escolha esta opção para aplicações que mantêm o segredo confidencial, tais como aplicações web. Não escolha esta opção para aplicações nativas, incluindo aplicações para computador e aplicações móveis.
 oauth2_skip_secondary_authorization=Saltar a autorização para clientes públicos depois de lhes ceder acesso uma vez. <strong>Pode representar um risco de segurança.</strong>
@ -910,6 +925,8 @@ oauth2_regenerate_secret_hint=Perdeu o seu segredo?
 oauth2_client_secret_hint=O segredo não voltará a ser mostrado depois de sair ou refrescar esta página. Certifique-se de que o guardou.
 oauth2_application_edit=Editar
 oauth2_application_create_description=As aplicações OAuth2 dão à sua aplicação de terceiros acesso a contas de utilizador nesta instância.
+oauth2_application_remove_description=A remoção de uma aplicação OAuth2 impedi-la-á de aceder a contas de utilizador autorizadas nesta instância. Quer continuar?
+oauth2_application_locked=O Gitea pré-regista algumas aplicações OAuth2 no arranque, se forem habilitadas na configuração. Para evitar comportamentos inesperados, estas não podem ser editadas nem removidas. Consulte a documentação sobre o OAuth2 para obter mais informações.

 authorized_oauth2_applications=Aplicações OAuth2 autorizadas
 authorized_oauth2_applications_description=Concedeu acesso à sua conta pessoal do Gitea a estas aplicações de terceiros. Por favor, revogue o acesso às aplicações que já não precisa.
@ -918,20 +935,26 @@ revoke_oauth2_grant=Revogar acesso
 revoke_oauth2_grant_description=Revogar o acesso desta aplicação de terceiros impedi-la-á de aceder aos seus dados. Tem a certeza?
 revoke_oauth2_grant_success=Acesso revogado com sucesso.

+twofa_desc=Para proteger a sua conta contra o roubo de senhas, pode usar um telemóvel ou outro dispositivo para recerber um código de utilização única baseado no tempo ("TOTP").
 twofa_recovery_tip=Se perder o seu dispositivo, poderá usar uma chave de recuperação de utilização única para voltar a ter acesso à sua conta.
 twofa_is_enrolled=A autenticação em dois passos <strong>está neste momento habilitada</strong> na sua conta.
 twofa_not_enrolled=A autenticação em dois passos não está neste momento habilitada na sua conta.
 twofa_disable=Desabilitar autenticação em dois passos
+twofa_scratch_token_regenerate=Voltar a gerar o código de recuperação de utilização única
+twofa_scratch_token_regenerated=O seu código de recuperação de utilização única agora é %s. Guarde-o num lugar seguro, uma vez que nunca mais vai ser mostrado.
 twofa_enroll=Habilitar autenticação em dois passos
 twofa_disable_note=Pode desabilitar a autenticação em dois passos, se for necessário.
 twofa_disable_desc=Desabilitar a autenticação em dois passos tornará a sua conta menos segura. Quer continuar?
+regenerate_scratch_token_desc=Se perdeu o seu código de recuperação ou já o usou para iniciar uma sessão, pode restaurá-lo aqui.
 twofa_disabled=A autenticação em dois passos foi desabilitada.
 scan_this_image=Digitalize esta imagem com a sua aplicação de autenticação:
 or_enter_secret=Ou insira o segredo: %s
 then_enter_passcode=E insira o código apresentado na aplicação:
 passcode_invalid=O código está errado. Tente de novo.
+twofa_enrolled=A sua conta foi registada com sucesso. Guarde o seu código de recuperação de utilização única (%s) num lugar seguro, uma vez que não vai ser mostrado novamente.
 twofa_failed_get_secret=Falhou a obtenção do segredo.

+webauthn_desc=Chaves de segurança são dispositivos de hardware contendo chaves criptográficas. Podem ser usadas para autenticação em dois passos. As chaves de segurança têm de suportar o standard <a rel="noreferrer" target="_blank" href="%s">Autenticador WebAuthn</a>.
 webauthn_register_key=Adicionar chave de segurança
 webauthn_nickname=Apelido
 webauthn_delete_key=Remover chave de segurança
@ -969,10 +992,12 @@ visibility=Visibilidade do utilizador
 visibility.public=Pública
 visibility.public_tooltip=Visível para todos
 visibility.limited=Limitada
+visibility.limited_tooltip=Visível apenas para utilizadores autenticados
 visibility.private=Privada
 visibility.private_tooltip=Visível apenas para membros das organizações a que se associou

 [repo]
+new_repo_helper=Um repositório contém todos os ficheiros do trabalho, incluindo o histórico das revisões. Já tem um hospedado noutro sítio? <a href="%s">Migre o repositório</a>.
 owner=Proprietário(a)
 owner_helper=Algumas organizações podem não aparecer na lista suspensa devido a um limite máximo de contagem de repositórios.
 repo_name=Nome do repositório
@ -984,6 +1009,7 @@ template_helper=Fazer do repositório um modelo
 template_description=Repositórios modelo permitem que os utilizadores gerem novos repositórios com a mesma estrutura de pastas, ficheiros e configurações opcionais.
 visibility=Visibilidade
 visibility_description=Somente o proprietário ou os membros da organização, se tiverem direitos, poderão vê-lo.
+visibility_helper=Tornar o repositório privado
 visibility_helper_forced=O administrador obriga a que os repositórios novos sejam privados.
 visibility_fork_helper=(alterar este parâmetro irá alterar também todas as derivações)
 clone_helper=Precisa de ajuda para clonar? Visite a <a target="_blank" rel="noopener noreferrer" href="%s">Ajuda</a>.
@ -1036,6 +1062,8 @@ mirror_sync=sincronizado
 mirror_sync_on_commit=Sincronizar quando forem enviados cometimentos
 mirror_address=Clonar a partir do URL
 mirror_address_desc=Coloque, na secção de autorização, as credenciais que, eventualmente, sejam necessárias.
+mirror_address_url_invalid=O URL fornecido é inválido. Tem que codificar adequadamente todos os componentes do URL.
+mirror_address_protocol_invalid=O URL fornecido é inválido. Só se pode replicar a partir de endereços http(s):// ou git://.
 mirror_lfs=Armazenamento de Ficheiros Grandes (LFS)
 mirror_lfs_desc=Habilitar a réplica de dados LFS.
 mirror_lfs_endpoint=Destino LFS
@ -1071,7 +1099,9 @@ tree_path_not_found_branch=A localização %[1]s não existe no ramo %[2]s
 tree_path_not_found_tag=A localização %[1]s não existe na etiqueta %[2]s

 transfer.accept=Aceitar transferência
+transfer.accept_desc=`Transferir para "%s"`
 transfer.reject=Rejeitar transferência
+transfer.reject_desc=`Cancelar transferência para "%s"`
 transfer.no_permission_to_accept=Você não tem permissão para aceitar esta transferência.
 transfer.no_permission_to_reject=Você não tem permissão para rejeitar esta transferência.

@ -1093,6 +1123,8 @@ template.issue_labels=Rótulos das questões
 template.one_item=Tem que escolher pelo menos um item do modelo
 template.invalid=Tem que escolher um repositório modelo

+archive.title=Este repositório está arquivado. Pode ver os seus ficheiros e cloná-lo, mas não pode fazer envios para o repositório nem lançar questões ou fazer pedidos de integração.
+archive.title_date=Este repositório foi arquivado em %s. Pode ver os ficheiros e cloná-lo, mas não pode fazer envios ou abrir questões ou pedidos de integração.
 archive.issue.nocomment=Este repositório está arquivado. Não pode comentar nas questões.
 archive.pull.nocomment=Este repositório está arquivado. Não pode comentar nos pedidos de integração.

@ -1204,6 +1236,7 @@ releases=Lançamentos
 tag=Etiqueta
 released_this=lançou isto
 tagged_this=etiquetou isto
+file.title=%s em %s
 file_raw=Em bruto
 file_history=Histórico
 file_view_source=Ver código-fonte
@ -1220,6 +1253,7 @@ ambiguous_runes_header=`Este ficheiro contém caracteres Unicode ambíguos`
 ambiguous_runes_description=`Este ficheiro contém caracteres Unicode que podem ser confundidos com outros caracteres. Se acha que é intencional, pode ignorar este aviso com segurança. Use o botão Revelar para os mostrar.`
 invisible_runes_line=`Esta linha tem caracteres unicode invisíveis`
 ambiguous_runes_line=`Esta linha tem caracteres unicode ambíguos`
+ambiguous_character=`%[1]c [U+%04[1]X] pode confundir-se com %[2]c [U+%04[2]X]`

 escape_control_characters=Revelar
 unescape_control_characters=Esconder
@ -1380,6 +1414,7 @@ projects.column.new=Nova coluna
 projects.column.set_default=Tornar predefinida
 projects.column.set_default_desc=Definir esta coluna como a predefinida para questões e pedidos de integração não categorizados
 projects.column.delete=Eliminar coluna
+projects.column.deletion_desc=Eliminar uma coluna de um planeamento faz com que todas as questões que nela constam sejam movidas para a coluna predefinida. Continuar?
 projects.column.color=Colorido
 projects.open=Abrir
 projects.close=Fechar
@ -1461,6 +1496,7 @@ issues.delete_branch_at=`eliminou o ramo <b>%s</b> %s`
 issues.filter_label=Rótulo
 issues.filter_label_exclude=`Use <code>alt</code> + <code>clique/enter</code> para excluir rótulos`
 issues.filter_label_no_select=Todos os rótulos
+issues.filter_label_select_no_label=Sem rótulo
 issues.filter_milestone=Etapa
 issues.filter_milestone_all=Todas as etapas
 issues.filter_milestone_none=Sem etapas
@ -1625,6 +1661,7 @@ issues.tracking_already_started=`Você já iniciou a contagem de tempo <a href="
 issues.stop_tracking=Parar cronómetro
 issues.stop_tracking_history=`parou de trabalhar %s`
 issues.cancel_tracking=Descartar
+issues.cancel_tracking_history=`cancelou a contagem de tempo %s`
 issues.add_time=Adicionar tempo manualmente
 issues.del_time=Eliminar este registo de tempo
 issues.add_time_short=Adicionar tempo
@ -1689,7 +1726,7 @@ issues.dependency.add_error_dep_not_same_repo=Ambas as questões têm que estar
 issues.review.self.approval=Não pode aprovar o seu próprio pedido de integração.
 issues.review.self.rejection=Não pode solicitar modificações sobre o seu próprio pedido de integração.
 issues.review.approve=aprovou estas modificações %s
-issues.review.comment=reviu %s
+issues.review.comment=Comentar
 issues.review.dismissed=descartou a revisão de %s %s
 issues.review.dismissed_label=Descartada
 issues.review.left_comment=deixou um comentário
@ -1714,6 +1751,11 @@ issues.review.hide_resolved=Ocultar os concluídos
 issues.review.resolve_conversation=Passar diálogo ao estado de resolvido
 issues.review.un_resolve_conversation=Passar diálogo ao estado de não resolvido
 issues.review.resolved_by=marcou este diálogo como estando concluído
+issues.review.official=Aprovada
+issues.review.requested=Revisão pendente
+issues.review.rejected=Modificações solicitadas
+issues.review.stale=Modificada depois da aprovação
+issues.review.unofficial=Aprovação não oficial
 issues.assignee.error=Nem todos os encarregados foram adicionados devido a um erro inesperado.
 issues.reference_issue.body=Conteúdo
 issues.content_history.deleted=eliminado
@ -1787,6 +1829,13 @@ pulls.is_empty=As modificações feitas neste ramo já existem no ramo de destin
 pulls.required_status_check_failed=Algumas das verificações obrigatórias não foram bem sucedidas.
 pulls.required_status_check_missing=Estão faltando algumas verificações necessárias.
 pulls.required_status_check_administrator=Uma vez que é administrador, ainda pode realizar a integração deste pedido.
+pulls.blocked_by_approvals=Este pedido de integração ainda não tem aprovações necessárias suficientes. Já foram concedidas %d de um total de %d aprovações oficiais.
+pulls.blocked_by_approvals_whitelisted=Este pedido de integração ainda não tem um número de aprovações suficiente. %d em %d aprovações atribuídas pelos utilizadores ou equipas da lista de permissões.
+pulls.blocked_by_rejection=Este pedido de integração tem modificações solicitadas por um revisor oficial.
+pulls.blocked_by_official_review_requests=Este pedido de integração tem pedidos de revisão oficiais.
+pulls.blocked_by_outdated_branch=Este pedido de integração foi bloqueado por ser obsoleto.
+pulls.blocked_by_changed_protected_files_1=Este pedido de integração está bloqueado porque modifica um ficheiro protegido:
+pulls.blocked_by_changed_protected_files_n=Este pedido de integração está bloqueado porque modifica ficheiros protegidos:
 pulls.can_auto_merge_desc=A integração constante neste pedido pode ser executada automaticamente.
 pulls.cannot_auto_merge_desc=A integração constante neste pedido não pode ser executada automaticamente porque existem conflitos.
 pulls.cannot_auto_merge_helper=Faça a integração manualmente para resolver os conflitos.
@ -1823,7 +1872,9 @@ pulls.unrelated_histories=A integração falhou: O topo da integração e a base
 pulls.merge_out_of_date=Falhou a integração: Enquanto estava a gerar a integração, a base foi modificada. Dica: Tente de novo.
 pulls.head_out_of_date=Falhou a integração: Enquanto estava a gerar a integração, o topo foi modificado. Dica: Tente de novo.
 pulls.has_merged=Falhou: A integração constante do pedido foi executada, não pode integrar novamente nem modificar o ramo alvo.
+pulls.push_rejected=O envio falhou: O envio foi rejeitado. Reveja os Automatismos do Git neste repositório.
 pulls.push_rejected_summary=Mensagem completa de rejeição
+pulls.push_rejected_no_message=O envio falhou: O envio foi rejeitado mas não houve qualquer mensagem remota. Reveja os Automatismos do Git para este repositório
 pulls.open_unmerged_pull_exists=`Não pode executar uma operação de reabertura porque há um pedido de integração pendente (#%d) com propriedades idênticas.`
 pulls.status_checking=Algumas verificações estão pendentes
 pulls.status_checks_success=Todas as verificações foram bem sucedidas
@ -1879,6 +1930,7 @@ milestones.no_due_date=Sem data de vencimento
 milestones.open=Abrir
 milestones.close=Fechar
 milestones.new_subheader=As etapas podem ajudar organizar as questões e a acompanhar o seu progresso.
+milestones.completeness=<strong>%d%%</strong> concluído
 milestones.create=Criar etapa
 milestones.title=Título
 milestones.desc=Descrição
@ -1949,6 +2001,7 @@ wiki.original_git_entry_tooltip=Ver o ficheiro Git original, ao invés de usar u
 activity=Trabalho
 activity.navbar.pulse=Pulso
 activity.navbar.code_frequency=Frequência de programação
+activity.navbar.contributors=Contribuidores
 activity.navbar.recent_commits=Cometimentos recentes
 activity.period.filter_label=Período:
 activity.period.daily=1 dia
@ -2100,6 +2153,7 @@ settings.pulls.default_delete_branch_after_merge=Eliminar, por norma, o ramo do
 settings.pulls.default_allow_edits_from_maintainers=Permitir, por norma, que os responsáveis editem
 settings.releases_desc=Habilitar lançamentos no repositório
 settings.packages_desc=Habilitar o registo de pacotes do repositório
+settings.projects_desc=Habilitar planeamentos
 settings.projects_mode_desc=Modo de planeamentos (tipos de planeamentos a mostrar)
 settings.projects_mode_repo=Apenas planeamentos de repositórios
 settings.projects_mode_owner=Apenas planeamentos de utilizadores ou de organizações
@ -2132,6 +2186,7 @@ settings.transfer.success=A transferência do repositório foi bem sucedida.
 settings.transfer.blocked_user=Não foi possível transferir o repositório porque foi bloqueado/a pelo/a novo/a proprietário/a.
 settings.transfer_abort=Cancelar a transferência
 settings.transfer_abort_invalid=Não pode cancelar a transferência de um repositório inexistente.
+settings.transfer_abort_success=A transferência de repositório para %s foi cancelada com sucesso.
 settings.transfer_desc=Transferir este repositório para um utilizador ou para uma organização na qual você tenha direitos de administrador.
 settings.transfer_form_title=Insira o nome do repositório para confirmar:
 settings.transfer_in_progress=Está a ser feita uma transferência. Cancele-a, por favor, se quiser transferir este repositório para outro utilizador.
@ -2275,6 +2330,7 @@ settings.event_pull_request_merge=Integração constante no pedido
 settings.event_package=Pacote
 settings.event_package_desc=Pacote criado ou eliminado num repositório.
 settings.branch_filter=Filtro de ramos
+settings.branch_filter_desc=Lista dos ramos a serem considerados nos eventos de envio e de criação e eliminação de ramos, especificada como um padrão glob. Se estiver em branco ou for <code>*</code>, serão reportados eventos para todos os ramos. Veja a <a href="%[1]s">documentação</a> para ver os detalhes da sintaxe. Exemplos: <code>main</code>, <code>{main,release*}</code>.
 settings.authorization_header=Cabeçalho de Autorização
 settings.authorization_header_desc=Será incluído como cabeçalho de autorização para pedidos, quando estiver presente. Exemplos: %s.
 settings.active=Em funcionamento
@ -2325,6 +2381,7 @@ settings.protected_branch.save_rule=Guardar regra
 settings.protected_branch.delete_rule=Eliminar regra
 settings.protected_branch_can_push=Permitir envios?
 settings.protected_branch_can_push_yes=Pode enviar
+settings.protected_branch_can_push_no=Não pode enviar
 settings.branch_protection=Regras de salvaguarda do ramo '<b>%s</b>'
 settings.protect_this_branch=Habilitar salvaguarda do ramo
 settings.protect_this_branch_desc=Impede a eliminação e restringe envios e integrações do Git no ramo.
@ -2355,12 +2412,13 @@ settings.protect_merge_whitelist_teams=Equipas com permissão para executar inte
 settings.protect_check_status_contexts=Habilitar verificação de estado
 settings.protect_status_check_patterns=Padrões de verificação de estado:
 settings.protect_status_check_patterns_desc=Insira padrões para especificar que verificações de estado têm de passar antes que os ramos possam ser integrados num ramo correspondente a esta regra. Cada linha especifíca um padrão. Os padrões não podem estar em branco.
+settings.protect_check_status_contexts_desc=Exigir que as verificações de estado passem antes de ser aplicada a integração. Quando habilitado, os cometimentos primeiro têm de ser enviados para outro ramo, depois integrados ou enviados imediatamente para um ramo que corresponda a esta regra, após terem passado as verificações de estado. Se não houver correspondência com quaisquer contextos, o último cometimento tem que ser bem sucedido, independentemente do contexto.
 settings.protect_check_status_contexts_list=Verificações de estado encontradas na última semana para este repositório
 settings.protect_status_check_matched=Correspondido
 settings.protect_invalid_status_check_pattern=Padrão de verificação de estado inválido: "%s".
 settings.protect_no_valid_status_check_patterns=Não existem padrões de verificação de estado válidos.
 settings.protect_required_approvals=Aprovações necessárias:
-settings.protect_required_approvals_desc=Permitir somente a integração constante de pedidos que tenham revisões positivas suficientes.
+settings.protect_required_approvals_desc=Permitir somente a integração constante de pedidos que tenham aprovações exigidas suficientes. Aprovações exigidas são as dos utilizadores ou das equipas ou de qualquer pessoa que esteja na lista de permissão com acesso de escrita.
 settings.protect_approvals_whitelist_enabled=Restringir aprovações a utilizadores ou equipas da lista de permissão
 settings.protect_approvals_whitelist_enabled_desc=Somente as revisões dos utilizadores ou equipas da lista de permissão irão contar para as aprovações necessárias. Se não houver uma lista de permissão de aprovações, revisões de qualquer pessoa com acesso de escrita contam para as aprovações necessárias.
 settings.protect_approvals_whitelist_users=Revisores com permissão:
@ -2372,14 +2430,18 @@ settings.ignore_stale_approvals_desc=Não contar as aprovações feitas em comet
 settings.require_signed_commits=Exigir cometimentos assinados
 settings.require_signed_commits_desc=Rejeitar envios para este ramo que não estejam assinados ou que não sejam validáveis.
 settings.protect_branch_name_pattern=Padrão do nome do ramo protegido
+settings.protect_branch_name_pattern_desc=Padrões de nomes de ramos protegidos. Consulte <a href="%s">a documentação</a> para ver a sintaxe dos padrões. Exemplos: main, release/**
 settings.protect_patterns=Padrões
 settings.protect_protected_file_patterns=Padrões de ficheiros protegidos (separados com ponto e vírgula ';'):
+settings.protect_protected_file_patterns_desc=Ficheiros protegidos não podem ser modificados imediatamente, mesmo que o utilizador tenha direitos para adicionar, editar ou eliminar ficheiros neste ramo. Múltiplos padrões podem ser separados com ponto e vírgula (';'). Veja a documentação <a href='%[1]s'>%[2]s</a> para ver a sintaxe. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Padrões de ficheiros desprotegidos (separados com ponto e vírgula ';'):
+settings.protect_unprotected_file_patterns_desc=Ficheiros desprotegidos que podem ser modificados imediatamente se o utilizador tiver direitos de escrita, contornando a restrição no envio. Padrões múltiplos podem ser separados com ponto e vírgula (';'). Veja a documentação <a href='%[1]s'>%[2]s</a> para ver a sintaxe. Exemplos: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.add_protected_branch=Habilitar salvaguarda
 settings.delete_protected_branch=Desabilitar salvaguarda
 settings.update_protect_branch_success=A salvaguarda do ramo "%s" foi modificada.
 settings.remove_protected_branch_success=A salvaguarda do ramo "%s" foi removida.
 settings.remove_protected_branch_failed=A remoção da regra "%s" de salvaguarda do ramo falhou.
+settings.protected_branch_deletion=Eliminar salvaguarda do ramo
 settings.protected_branch_deletion_desc=Desabilitar a salvaguarda do ramo irá permitir que os utilizadores que tenham permissão de escrita enviem para o ramo. Quer continuar?
 settings.block_rejected_reviews=Bloquear a integração quando há revisões rejeitadas
 settings.block_rejected_reviews_desc=A integração não será possível quando as modificações forem pedidas pelos revisores oficiais, mesmo que haja aprovações suficientes.
@ -2405,6 +2467,7 @@ settings.tags.protection.allowed.teams=Equipas com permissão
 settings.tags.protection.allowed.noone=Ninguém
 settings.tags.protection.create=Proteger etiqueta
 settings.tags.protection.none=Não há etiquetas protegidas.
+settings.tags.protection.pattern.description=Pode usar um só nome ou um padrão glob ou uma expressão regular para corresponder a várias etiquetas. Para mais informações leia o <a target="_blank" rel="noopener" href="%s">guia das etiquetas protegidas</a>.
 settings.bot_token=Código do bot
 settings.chat_id=ID do diálogo
 settings.thread_id=ID da discussão
@ -2432,6 +2495,11 @@ settings.archive.error_ismirror=Não pode arquivar um repositório que tenha sid
 settings.archive.branchsettings_unavailable=As configurações dos ramos não estão disponíveis quando o repositório está arquivado.
 settings.archive.tagsettings_unavailable=As configurações sobre etiquetas não estão disponíveis quando o repositório está arquivado.
 settings.archive.mirrors_unavailable=As réplicas não estão disponíveis se o repositório estiver arquivado.
+settings.unarchive.button=Desarquivar repositório
+settings.unarchive.header=Desarquivar este repositório
+settings.unarchive.text=Desarquivar o repositório irá restaurar a capacidade de receber cometimentos e envios, assim como novas questões e pedidos de integração.
+settings.unarchive.success=O repositório foi desarquivado com sucesso.
+settings.unarchive.error=Ocorreu um erro enquanto decorria o processo de desarquivar o repositório. Veja os registos para obter mais detalhes.
 settings.update_avatar_success=O avatar do repositório foi modificado.
 settings.lfs=LFS
 settings.lfs_filelist=Ficheiros LFS armazenados neste repositório
@ -2493,6 +2561,7 @@ diff.file_image_height=Altura
 diff.file_byte_size=Tamanho
 diff.file_suppressed=A apresentação das diferenças no ficheiro foi suprimida por ser demasiado grande
 diff.file_suppressed_line_too_long=A apresentação das diferenças entre ficheiros foi suprimida porque há linhas demasiado longas
+diff.too_many_files=Alguns ficheiros não foram mostrados porque foram modificados demasiados ficheiros neste diff
 diff.show_more=Mostrar mais
 diff.load=Carregar diff
 diff.generated=gerado
@ -2578,7 +2647,7 @@ branch.delete_desc=Eliminar um ramo é algo permanente. Embora o ramo eliminado
 branch.deletion_success=O ramo "%s" foi eliminado.
 branch.deletion_failed=Falhou a eliminação do ramo "%s".
 branch.delete_branch_has_new_commits=O ramo "%s" não pode ser eliminado porque foram adicionados novos cometimentos após a integração.
-branch.create_branch=Criar ramo <strong>%s</strong>
+branch.create_branch=Criar ramo %s
 branch.create_from=`a partir de "%s"`
 branch.create_success=O ramo "%s" foi criado.
 branch.branch_already_exists=O ramo "%s" já existe neste repositório.
@ -2604,7 +2673,7 @@ branch.new_branch=Criar um novo ramo
 branch.new_branch_from=`Criar um novo ramo a partir do ramo "%s"`
 branch.renamed=O ramo %s foi renomeado para %s.

-tag.create_tag=Criar etiqueta <strong>%s</strong>
+tag.create_tag=Criar etiqueta %s
 tag.create_tag_operation=Criar etiqueta
 tag.confirm_create_tag=Criar etiqueta
 tag.create_tag_from=`Criar uma etiqueta nova a partir do ramo "%s"`
@ -2613,6 +2682,7 @@ tag.create_success=A etiqueta "%s" foi criada.

 topic.manage_topics=Gerir tópicos
 topic.done=Concluído
+topic.count_prompt=Não pode escolher mais do que 25 tópicos
 topic.format_prompt=Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') ou pontos ('.') e podem ter até 35 caracteres. As letras têm que ser minúsculas.

 find_file.go_to_file=Ir para o ficheiro
@ -2752,6 +2822,7 @@ teams.all_repositories_helper=A equipa tem acesso a todos os repositórios. Esco
 teams.all_repositories_read_permission_desc=Esta equipa atribui o acesso de <strong>leitura</strong> a <strong>todos os repositórios</strong>: os seus membros podem ver e clonar os repositórios.
 teams.all_repositories_write_permission_desc=Esta equipa atribui o acesso de <strong>escrita</strong> a <strong>todos os repositórios</strong>: os seus membros podem ler de, e enviar para os repositórios.
 teams.all_repositories_admin_permission_desc=Esta equipa atribui o acesso de <strong>administração</strong> a <strong>todos os repositórios</strong>: os seus membros podem ler de, enviar para, e adicionar colaboradores aos repositórios.
+teams.invite.title=Foi-lhe feito um convite para se juntar à equipa <strong>%s</strong> na organização<strong>%s</strong>.
 teams.invite.by=Convidado(a) por %s
 teams.invite.description=Clique no botão abaixo para se juntar à equipa.

@ -2778,6 +2849,7 @@ last_page=Última
 total=total: %d
 settings=Configurações de administração

+dashboard.new_version_hint=O Gitea %s está disponível, você está a correr a versão %s. Verifique <a target="_blank" rel="noreferrer" href="%s">o blog</a> para mais detalhes.
 dashboard.statistic=Resumo
 dashboard.maintenance_operations=Operações de manutenção
 dashboard.system_status=Estado do sistema
@ -2788,6 +2860,7 @@ dashboard.clean_unbind_oauth=Limpar conexões OAuth não vinculadas
 dashboard.clean_unbind_oauth_success=Todas as conexões OAuth não vinculadas foram eliminadas.
 dashboard.task.started=Tarefa iniciada: %[1]s
 dashboard.task.process=Tarefa: %[1]s
+dashboard.task.cancelled=Tarefa: %[1]s cancelada: %[3]s
 dashboard.task.error=Erro na tarefa: %[1]s: %[3]s
 dashboard.task.finished=Tarefa: %[1]s iniciada por %[2]s foi concluída
 dashboard.task.unknown=Tarefa desconhecida: %[1]s
@ -2931,6 +3004,7 @@ emails.updated=Email modificado
 emails.not_updated=Falhou a modificação do endereço de email solicitado: %v
 emails.duplicate_active=Este endereço de email já está a ser usado por outro utilizador.
 emails.change_email_header=Modificar propriedades do email
+emails.change_email_text=Tem a certeza que quer modificar este endereço de email?
 emails.delete=Eliminar email
 emails.delete_desc=Tem a certeza que quer eliminar este endereço de email?
 emails.deletion_success=O endereço de email foi eliminado.
@ -2967,10 +3041,12 @@ packages.size=Tamanho
 packages.published=Publicado

 defaulthooks=Automatismos web predefinidos
+defaulthooks.desc=Os automatismos web fazem pedidos HTTP POST automaticamente a um servidor quando são despoletados determinados eventos do Gitea. Os automatismos web definidos aqui são os predefinidos e serão copiados para todos os novos repositórios. Leia mais no <a target="_blank" rel="noopener" href="%s">guia de automatismos web</a>.
 defaulthooks.add_webhook=Adicionar automatismo web predefinido
 defaulthooks.update_webhook=Modificar automatismo web predefinido

 systemhooks=Automatismos web do sistema
+systemhooks.desc=Os automatismos web fazem pedidos HTTP POST automaticamente a um servidor quando são despoletados determinados eventos do Gitea. Os automatismos web definidos aqui irão operar em todos os repositórios deste sistema, por isso tenha em consideração quaisquer implicações de desempenho que isso possa ter. Leia mais no <a target="_blank" rel="noopener" href="%s">guia de automatismos web</a>.
 systemhooks.add_webhook=Adicionar automatismo web do sistema
 systemhooks.update_webhook=Modificar automatismo web do sistema

@ -3065,8 +3141,18 @@ auths.tips=Dicas
 auths.tips.oauth2.general=Autenticação OAuth2
 auths.tips.oauth2.general.tip=Ao registar uma nova autenticação OAuth2, o URL da ligação de retorno ou do reencaminhamento deve ser:
 auths.tip.oauth2_provider=Fornecedor OAuth2
+auths.tip.bitbucket=Registe um novo consumidor de OAuth em %s e adicione a permissão 'Account' - 'Read'
 auths.tip.nextcloud=`Registe um novo consumidor OAuth na sua instância usando o seguinte menu "Configurações → Segurança → Cliente OAuth 2.0"`
+auths.tip.dropbox=Crie uma nova aplicação em %s
+auths.tip.facebook=`Registe uma nova aplicação em %s e adicione o produto "Facebook Login"`
+auths.tip.github=Registe uma nova aplicação OAuth em %s
+auths.tip.gitlab_new=Registe uma nova aplicação em %s
+auths.tip.google_plus=Obtenha credenciais de cliente OAuth2 a partir da consola do Google API em %s
 auths.tip.openid_connect=Use o URL da descoberta de conexão OpenID "https://{server}/.well-known/openid-configuration" para especificar os extremos
+auths.tip.twitter=`Vá a %s, crie uma aplicação e certifique-se de que está habilitada a opção "Allow this application to be used to Sign in with Twitter"`
+auths.tip.discord=Registe uma nova aplicação em %s
+auths.tip.gitea=Registe uma nova aplicação OAuth2. O guia pode ser encontrado em %s
+auths.tip.yandex=`Crie uma nova aplicação em %s. Escolha as seguintes permissões da secção "Yandex.Passport API": "Acesso ao endereço de email", "Acesso ao avatar do utilizador" e "Acesso ao nome de utilizador, nome e sobrenome, género"`
 auths.tip.mastodon=Insira o URL de uma instância personalizada para a instância do mastodon com que se pretende autenticar (ou então use a predefinida)
 auths.edit=Editar fonte de autenticação
 auths.activated=Esta fonte de autenticação está em funcionamento
@ -3232,6 +3318,7 @@ monitor.next=Próxima execução
 monitor.previous=Execução anterior
 monitor.execute_times=Execuções
 monitor.process=Processos em execução
+monitor.stacktrace=Vestígios da pilha
 monitor.processes_count=%d processos
 monitor.download_diagnosis_report=Descarregar relatório de diagnóstico
 monitor.desc=Descrição
@ -3239,6 +3326,8 @@ monitor.start=Início
 monitor.execute_time=Tempo de execução
 monitor.last_execution_result=Resultado
 monitor.process.cancel=Cancelar processo
+monitor.process.cancel_desc=Cancelar um processo pode resultar na perda de dados
+monitor.process.cancel_notices=Cancelar: <strong>%s</strong>?
 monitor.process.children=Descendentes

 monitor.queues=Filas
@ -3340,6 +3429,7 @@ raw_minutes=minutos

 [dropzone]
 default_message=Largue os ficheiros aqui ou clique aqui para os carregar.
+invalid_input_type=Não pode carregar ficheiros deste tipo.
 file_too_big=O tamanho do ficheiro ({{filesize}} MB) excede o tamanho máximo de ({{maxFilesize}} MB).
 remove_file=Remover ficheiro

@ -3487,6 +3577,7 @@ settings.link=Vincular este pacote a um repositório
 settings.link.description=Se você vincular um pacote a um repositório, o pacote será listado na lista de pacotes do repositório.
 settings.link.select=Escolha o repositório
 settings.link.button=Modificar vínculo ao repositório
+settings.link.success=A ligação ao repositório foi modificada com sucesso.
 settings.link.error=Falhou a modificação do vínculo ao repositório.
 settings.delete=Eliminar pacote
 settings.delete.description=Eliminar o pacote é permanente e não pode ser desfeito.
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@ -1578,7 +1578,7 @@ issues.dependency.add_error_dep_not_same_repo=Обе задачи должны
 issues.review.self.approval=Вы не можете одобрить собственный запрос на слияние.
 issues.review.self.rejection=Невозможно запрашивать изменения своего запроса на слияние.
 issues.review.approve=одобрил(а) эти изменения %s
-issues.review.comment=рассмотрел(а) изменения %s
+issues.review.comment=Комментировать
 issues.review.dismissed=отклонен отзыв %s %s
 issues.review.dismissed_label=Отклонено
 issues.review.left_comment=оставил комментарий
@ -1669,7 +1669,6 @@ pulls.is_empty=Изменения из этой ветки уже есть в ц
 pulls.required_status_check_failed=Некоторые необходимые проверки не были пройдены.
 pulls.required_status_check_missing=Отсутствуют некоторые обязательные проверки.
 pulls.required_status_check_administrator=Как администратор, вы все равно можете принять этот запрос на слияние.
-pulls.blocked_by_approvals=Этот запрос на слияние пока не имеет достаточного количества одобрений. Получено %d из %d одобрений.
 pulls.blocked_by_rejection=Официальный рецензент запросил изменения к этому запросу на слияние.
 pulls.can_auto_merge_desc=Этот запрос на слияние может быть объединён автоматически.
 pulls.cannot_auto_merge_desc=Этот запрос на слияние не может быть объединён автоматически.
@ -2193,7 +2192,6 @@ settings.protect_status_check_matched=Совпало
 settings.protect_invalid_status_check_pattern=Неверный шаблон проверки состояния: «%s».
 settings.protect_no_valid_status_check_patterns=Нет допустимых шаблонов проверки состояния.
 settings.protect_required_approvals=Необходимые одобрения:
-settings.protect_required_approvals_desc=Разрешить принятие запроса на слияние только с достаточным количеством положительных отзывов.
 settings.dismiss_stale_approvals=Отклонить устаревшие разрешения
 settings.dismiss_stale_approvals_desc=Когда новые коммиты, изменяющие содержимое запроса на слияние, отправляются в ветку, старые разрешения будут отклонены.
 settings.require_signed_commits=Требовать подписанные коммиты
@ -2390,7 +2388,7 @@ branch.delete_desc=Удаление ветки необратимо. Несмо
 branch.deletion_success=Ветка «%s» удалена.
 branch.deletion_failed=Не удалось удалить ветку «%s».
 branch.delete_branch_has_new_commits=Ветку «%s» нельзя удалить, поскольку после слияния были добавлены новые коммиты.
-branch.create_branch=Создать ветку <strong>%s</strong>
+branch.create_branch=Создать ветку %s
 branch.create_from=от «%s»
 branch.create_success=Ветка «%s» создана.
 branch.branch_already_exists=Ветка «%s» уже существует в этом репозитории.
@ -2416,7 +2414,7 @@ branch.new_branch=Создать новую ветку
 branch.new_branch_from=Создать новую ветку из «%s»
 branch.renamed=Ветка %s была переименована в %s.

-tag.create_tag=Создать тег <strong>%s</strong>
+tag.create_tag=Создать тег %s
 tag.create_tag_operation=Создать тег
 tag.confirm_create_tag=Создать тег
 tag.create_tag_from=Создать новый тег из «%s»
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@ -1200,7 +1200,7 @@ issues.dependency.add_error_dep_not_same_repo=මෙම ගැටළු දෙ
 issues.review.self.approval=ඔබ ඔබේ ම අදින්න ඉල්ලීම අනුමත කළ නොහැක.
 issues.review.self.rejection=ඔබ ඔබේ ම අදින්න ඉල්ලීම මත වෙනස්කම් ඉල්ලා සිටිය නොහැක.
 issues.review.approve=මෙම වෙනස්කම් අනුමත %s
-issues.review.comment=සමාලෝචනය %s
+issues.review.comment=අදහස
 issues.review.dismissed=%sහි සමාලෝචනය %sප්රතික්ෂේප කරන ලද
 issues.review.dismissed_label=බැහැර
 issues.review.left_comment=අදහසක් හැරගියා
@ -1674,7 +1674,6 @@ settings.protect_enable_push_desc=ලිවීමේ ප්රවේශය ඇ
 settings.protect_check_status_contexts=තත්වය පරීක්‍ෂාව සබල කරන්න
 settings.protect_check_status_contexts_list=මෙම ගබඩාව සඳහා පසුගිය සතියේ හමු වූ තත්ව පරීක්ෂාවන්
 settings.protect_required_approvals=අවශ්ය අනුමැතිය:
-settings.protect_required_approvals_desc=ප්රමාණවත් ධනාත්මක සමාලෝචන සමඟ අදින්න ඉල්ලීම ඒකාබද්ධ කිරීමට පමණක් ඉඩ දෙන්න.
 settings.dismiss_stale_approvals=ස්ථාවර අනුමැතිය බැහැර
 settings.dismiss_stale_approvals_desc=අදින්න ඉල්ලීමෙහි අන්තර්ගතය වෙනස් කරන නව විවරයන් ශාඛාවට තල්ලු කරන විට, පැරණි අනුමත කිරීම් නිෂ්ප්රභා කරනු ලැබේ.
 settings.require_signed_commits=අත්සන් කළ යුතු
@ -1838,7 +1837,7 @@ release.add_tag=ටැග පමණක් සාදන්න
 branch.name=ශාඛාවේ නම
 branch.delete_head=මකන්න
 branch.delete_html=ශාඛාව මකන්න
-branch.create_branch=<strong>%s</strong> ශාඛාව සාදන්න
+branch.create_branch=%s ශාඛාව සාදන්න
 branch.deleted_by=%sවිසින් මකා දමන ලදි
 branch.included_desc=මෙම ශාඛාව පෙරනිමි ශාඛාවේ කොටසකි
 branch.included=ඇතුළත්
@ -1849,7 +1848,7 @@ branch.create_branch_operation=ශාඛාව සාදන්න
 branch.new_branch=නව ශාඛාවක් සාදන්න
 branch.renamed=ශාඛාව %s %sලෙස නම් කරන ලදී.

-tag.create_tag=ටැගය නිර්මාණය <strong>%s</strong>
+tag.create_tag=ටැගය නිර්මාණය %s


 topic.manage_topics=මාතෘකා කළමනාකරණය
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@ -1076,7 +1076,6 @@ issues.save=Uložiť
 issues.cancel_tracking=Zahodiť
 issues.add_time_cancel=Zrušiť
 issues.dependency.cancel=Zrušiť
-issues.review.comment=revidoval %s
 issues.review.dismissed=zamietol revíziu od %s %s
 issues.review.wait=bol požiadaný o revidovanie %s
 issues.review.add_review_request=požiadal o revidovanie od %s %s
@ -1187,7 +1186,6 @@ settings.delete_webhook=Odstrániť webhook
 settings.slack_token=Token
 settings.web_hook_name_gitea=Gitea
 settings.packagist_api_token=API token
-settings.protect_required_approvals_desc=Umožniť merge iba žiadostiam o natiahnutie s dostatočným počtom pozitívnych revízií.
 settings.require_signed_commits=Vyžadovať podpísané commity
 settings.block_rejected_reviews=Zablokovať zlúčenie pri zamietavých revíziách
 settings.block_rejected_reviews_desc=Zlúčenie nebude možné v prípade že oficiálni revidenti požadujú zmeny, aj keď je k dispozícii dostatok schválení.
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@ -1039,7 +1039,7 @@ issues.dependency.add_error_dep_not_same_repo=Båda ärendena måste vara i samm
 issues.review.self.approval=Du kan inte godkänna din egen pull-begäran.
 issues.review.self.rejection=Du kan inte begära ändringar för din egna pull-förfrågan.
 issues.review.approve=godkände dessa ändringar %s
-issues.review.comment=granskad av %s
+issues.review.comment=Kommentar
 issues.review.left_comment=lämnade en kommentar
 issues.review.content.empty=Du måste skriva en kommentar som anger de önskade ändringarna.
 issues.review.reject=begärda ändringar %s
@ -1489,7 +1489,7 @@ release.download_count=Nedladdningar: %s
 branch.name=Branch namn
 branch.delete_head=Radera
 branch.delete_html=Radera branch
-branch.create_branch=Skapa branchen <strong>%s</strong>
+branch.create_branch=Skapa branchen %s
 branch.deleted_by=Raderad av %s


--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@ -1704,7 +1704,7 @@ issues.dependency.add_error_dep_not_same_repo=Her iki konu da aynı depoda olmal
 issues.review.self.approval=Kendi değişiklik isteğinizi onaylayamazsınız.
 issues.review.self.rejection=Kendi değişiklik isteğinizde değişiklik isteyemezsiniz.
 issues.review.approve=%s bu değişiklikleri onayladı
-issues.review.comment=%s incelendi
+issues.review.comment=Yorum Yap
 issues.review.dismissed=%s incelemesini %s reddetti
 issues.review.dismissed_label=Reddedildi
 issues.review.left_comment=bir yorum yaptı
@ -1802,7 +1802,6 @@ pulls.is_empty=Bu daldaki değişiklikler zaten hedef dalda mevcut. Bu boş bir
 pulls.required_status_check_failed=Bazı gerekli denetimler başarılı olmadı.
 pulls.required_status_check_missing=Gerekli bazı kontroller eksik.
 pulls.required_status_check_administrator=Yönetici olarak, bu değişiklik isteğini yine de birleştirebilirsiniz.
-pulls.blocked_by_approvals=Bu değişiklik isteğinin henüz yeterli onayı yok. %d onay var, %d onay gerekiyor.
 pulls.blocked_by_rejection=Bu değişiklik isteğinde resmi bir gözden geçiren tarafından istenen değişiklikler var.
 pulls.blocked_by_official_review_requests=Bu değişiklik isteğinde resmi inceleme istekleri var.
 pulls.blocked_by_outdated_branch=Bu değişiklik isteği eskidiği için engellendi.
@ -2378,7 +2377,6 @@ settings.protect_status_check_matched=Eşleşen
 settings.protect_invalid_status_check_pattern=Hatalı durum denetleme deseni: "%s".
 settings.protect_no_valid_status_check_patterns=Geçerli durum denetleme deseni yok.
 settings.protect_required_approvals=Gerekli onaylar:
-settings.protect_required_approvals_desc=Değişiklik isteğini yalnızca yeterince olumlu yorumla birleştirmeye izin ver.
 settings.protect_approvals_whitelist_enabled=Onayları izin listesine giren kullanıcılar veya takımlar için kısıtla
 settings.protect_approvals_whitelist_enabled_desc=Yalnızca izin listesindeki kullanıcıların veya takımların gözden geçirmeleri gerekli onaylar için dikkate alınır. Onaylı izin listesi olmadan, yazma erişimi olan herkesin gözden geçirmeleri gerekli onaylar için dikkate alınır.
 settings.protect_approvals_whitelist_users=İzin listesindeki gözden geçirenler:
@ -2587,7 +2585,7 @@ branch.delete_desc=Bir dalı silmek kalıcıdır. Her ne kadar silinen dal tamam
 branch.deletion_success=`"%s" dalı silindi.`
 branch.deletion_failed=`"%s" dalı silinemedi.`
 branch.delete_branch_has_new_commits=`"%s" dalı silinemedi çünkü birleştirme sonrasında yeni işlemeler eklendi.`
-branch.create_branch=<strong>%s</strong> dalı oluştur
+branch.create_branch=%s dalı oluştur
 branch.create_from=`"%s"den`
 branch.create_success=`"%s" dalı oluşturuldu.`
 branch.branch_already_exists=Bu depoda "%s" dalı zaten var.
@ -2613,7 +2611,7 @@ branch.new_branch=Yeni dal oluştur
 branch.new_branch_from=`"%s" dalından yeni dal oluştur`
 branch.renamed=%s dalının adı %s olarak değiştirildi.

-tag.create_tag=<strong>%s</strong> etiketi oluştur
+tag.create_tag=%s etiketi oluştur
 tag.create_tag_operation=Etiket oluştur
 tag.confirm_create_tag=Etiket oluştur
 tag.create_tag_from=`"%s" kullanarak yeni etiket oluştur`
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@ -1245,7 +1245,7 @@ issues.dependency.add_error_dep_not_same_repo=Обидві задачі пови
 issues.review.self.approval=Ви не можете схвалити власний пулл-реквест.
 issues.review.self.rejection=Ви не можете надіслати запит на зміну на власний пулл-реквест.
 issues.review.approve=зміни затверджено %s
-issues.review.comment=рецензовано %s
+issues.review.comment=Коментар
 issues.review.dismissed=відхилено відгук %s %s
 issues.review.dismissed_label=Відхилено
 issues.review.left_comment=додав коментар
@ -1720,7 +1720,6 @@ settings.protect_enable_push_desc=Будь-хто із правом запису
 settings.protect_check_status_contexts=Увімкнути перевірку стану
 settings.protect_check_status_contexts_list=Перевірки статусу знайдено для репозитарію за минулий тиждень
 settings.protect_required_approvals=Необхідно схвалення:
-settings.protect_required_approvals_desc=Дозволити об'єднання запитів на злиття лише із достатньою кількістю позитивних рецензій.
 settings.dismiss_stale_approvals=Відхилити застарілі погодження
 settings.dismiss_stale_approvals_desc=Коли нові коміти що змінюють вміст пулл-запиту відправляються в гілку, старі погодження будуть відхилені.
 settings.require_signed_commits=Потрібно підписані коміти
@ -1886,7 +1885,7 @@ release.add_tag=Створити тільки мітку
 branch.name=Ім'я гілки
 branch.delete_head=Видалити
 branch.delete_html=Видалити гілку
-branch.create_branch=Створити гілку <strong>%s</strong>
+branch.create_branch=Створити гілку %s
 branch.deleted_by=Видалено %s
 branch.included_desc=Ця гілка є частиною типової гілки
 branch.included=Включено
@ -1897,7 +1896,7 @@ branch.create_branch_operation=Створити гілку
 branch.new_branch=Створити нову гілку
 branch.renamed=Гілку %s перейменовано на %s.

-tag.create_tag=Створити тег <strong>%s</strong>
+tag.create_tag=Створити тег %s


 topic.manage_topics=Керувати тематичними мітками
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@ -1692,7 +1692,7 @@ issues.dependency.add_error_dep_not_same_repo=这两个工单必须在同一仓
 issues.review.self.approval=您不能批准您自己的合并请求。
 issues.review.self.rejection=您不能请求对您自己的合并请求进行更改。
 issues.review.approve=于 %s 批准此合并请求
-issues.review.comment=评审于 %s
+issues.review.comment=评论
 issues.review.dismissed=于 %[2]s 取消了 %[1]s 的评审
 issues.review.dismissed_label=已取消
 issues.review.left_comment=留下了一条评论
@ -1791,6 +1791,7 @@ pulls.required_status_check_failed=一些必要的检查没有成功
 pulls.required_status_check_missing=缺少一些必要的检查。
 pulls.required_status_check_administrator=作为管理员，您仍可合并此合并请求
 pulls.blocked_by_approvals=此合并请求还没有足够的批准。已获批准数 %d 个，需获批准数 %d 个。
+pulls.blocked_by_approvals_whitelisted=此合并请求还没有足够的批准。%[2]d 中的 %[1]d 个已由允许名单中的用户或团队批准。
 pulls.blocked_by_rejection=此合并请求有官方审核员请求的更改。
 pulls.blocked_by_official_review_requests=此合并请求需要官方评审。
 pulls.blocked_by_outdated_branch=此合并请求因过期而被阻止。
@ -2347,7 +2348,6 @@ settings.protect_status_check_matched=匹配
 settings.protect_invalid_status_check_pattern=无效的状态检查规则：“%s”。
 settings.protect_no_valid_status_check_patterns=没有有效的状态检查规则。
 settings.protect_required_approvals=所需的批准：
-settings.protect_required_approvals_desc=只允许合并有足够审核人数的合并请求。
 settings.dismiss_stale_approvals=取消过时的批准
 settings.dismiss_stale_approvals_desc=当新的提交更改合并请求内容被推送到分支时，旧的批准将被撤销。
 settings.ignore_stale_approvals=忽略过期批准
@ -2552,7 +2552,7 @@ branch.delete_desc=删除分支是永久的。虽然已删除的分支在实际
 branch.deletion_success=分支 %s 已被删除。
 branch.deletion_failed=删除分支 %s 失败。
 branch.delete_branch_has_new_commits=因为合并之后有新的提交，分支 %s 无法被删除。
-branch.create_branch=创建分支 <strong>%s</strong>
+branch.create_branch=创建分支 %s
 branch.create_from=从 %s
 branch.create_success=分支 '%s' 已创建。
 branch.branch_already_exists=此仓库已存在名为 %s 的分支。
@ -2578,7 +2578,7 @@ branch.new_branch=创建新分支
 branch.new_branch_from=基于"%s"创建新分支
 branch.renamed=分支 %s 被重命名为 %s。

-tag.create_tag=创建标签 <strong>%s</strong>
+tag.create_tag=创建标签 %s
 tag.create_tag_operation=创建标签
 tag.confirm_create_tag=创建标签
 tag.create_tag_from=基于"%s"创建新标签
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@ -1467,7 +1467,7 @@ issues.dependency.add_error_dep_not_same_repo=這兩個問題必須在同一個
 issues.review.self.approval=您不能核可自己的合併請求。
 issues.review.self.rejection=您不能對自己的合併請求提出請求變更。
 issues.review.approve=核可了這些變更 %s
-issues.review.comment=已審核 %s
+issues.review.comment=留言
 issues.review.dismissed=取消 %s 的審核 %s
 issues.review.dismissed_label=已取消
 issues.review.left_comment=留下了回應
@ -2022,7 +2022,6 @@ settings.protect_enable_merge_desc=任何有寫入權限的人都可將合併請
 settings.protect_check_status_contexts=啟用狀態檢查
 settings.protect_check_status_contexts_list=此儲存庫一週內曾進行過狀態檢查
 settings.protect_required_approvals=需要的核可數量：
-settings.protect_required_approvals_desc=只有在獲得足夠數量的核可後才能進行合併。
 settings.dismiss_stale_approvals=捨棄過時的核可
 settings.dismiss_stale_approvals_desc=當新的提交有修改到合併請求的內容，並被推送到此分支時，將捨棄舊的核可。
 settings.require_signed_commits=僅接受經簽署的提交
@ -2209,7 +2208,7 @@ branch.delete_html=刪除分支
 branch.deletion_success=已刪除分支「%s」。
 branch.deletion_failed=刪除分支「%s」失敗。
 branch.delete_branch_has_new_commits=因為合併後已加入了新的提交，「%s」分支無法被刪除。
-branch.create_branch=建立分支 <strong>%s</strong>
+branch.create_branch=建立分支 %s
 branch.create_from=從「%s」
 branch.create_success=已建立分支「%s」。
 branch.branch_already_exists=此儲存庫已有名為「%s」的分支。
@ -2231,7 +2230,7 @@ branch.new_branch=建立新分支
 branch.new_branch_from=從「%s」建立新分支
 branch.renamed=分支 %s 被重新命名為 %s。

-tag.create_tag=建立標籤 <strong>%s</strong>
+tag.create_tag=建立標籤 %s
 tag.create_tag_operation=建立標籤
 tag.confirm_create_tag=建立標籤
 tag.create_tag_from=從「%s」建立新標籤
--- a/routers/api/packages/conan/auth.go
+++ b/routers/api/packages/conan/auth.go
@ -22,21 +22,25 @@ func (a *Auth) Name() string {

 // Verify extracts the user from the Bearer token
 func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
-	uid, err := packages.ParseAuthorizationToken(req)
+	packageMeta, err := packages.ParseAuthorizationRequest(req)
 	if err != nil {
 		log.Trace("ParseAuthorizationToken: %v", err)
 		return nil, err
 	}

-	if uid == 0 {
+	if packageMeta == nil || packageMeta.UserID == 0 {
 		return nil, nil
 	}

-	u, err := user_model.GetUserByID(req.Context(), uid)
+	u, err := user_model.GetUserByID(req.Context(), packageMeta.UserID)
 	if err != nil {
 		log.Error("GetUserByID:  %v", err)
 		return nil, err
 	}
+	if packageMeta.Scope != "" {
+		store.GetData()["IsApiToken"] = true
+		store.GetData()["ApiTokenScope"] = packageMeta.Scope
+	}

 	return u, nil
 }
--- a/routers/api/packages/conan/conan.go
+++ b/routers/api/packages/conan/conan.go
@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"

+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	packages_model "code.gitea.io/gitea/models/packages"
 	conan_model "code.gitea.io/gitea/models/packages/conan"
@ -21,6 +22,7 @@ import (
 	conan_module "code.gitea.io/gitea/modules/packages/conan"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers/api/packages/helper"
+	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/context"
 	notify_service "code.gitea.io/gitea/services/notify"
 	packages_service "code.gitea.io/gitea/services/packages"
@ -117,7 +119,20 @@ func Authenticate(ctx *context.Context) {
 		return
 	}

-	token, err := packages_service.CreateAuthorizationToken(ctx.Doer)
+	packageScope := auth_service.GetAccessScope(ctx.Data)
+	if has, err := packageScope.HasAnyScope(
+		auth_model.AccessTokenScopeReadPackage,
+		auth_model.AccessTokenScopeWritePackage,
+		auth_model.AccessTokenScopeAll,
+	); !has {
+		if err != nil {
+			log.Error("Error checking access scope: %v", err)
+		}
+		apiError(ctx, http.StatusForbidden, nil)
+		return
+	}
+
+	token, err := packages_service.CreateAuthorizationToken(ctx.Doer, packageScope)
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
@ -130,9 +145,23 @@ func Authenticate(ctx *context.Context) {
 func CheckCredentials(ctx *context.Context) {
 	if ctx.Doer == nil {
 		ctx.Status(http.StatusUnauthorized)
-	} else {
-		ctx.Status(http.StatusOK)
+		return
 	}
+
+	packageScope := auth_service.GetAccessScope(ctx.Data)
+	if has, err := packageScope.HasAnyScope(
+		auth_model.AccessTokenScopeReadPackage,
+		auth_model.AccessTokenScopeWritePackage,
+		auth_model.AccessTokenScopeAll,
+	); !has {
+		if err != nil {
+			log.Error("Error checking access scope: %v", err)
+		}
+		ctx.Status(http.StatusForbidden)
+		return
+	}
+
+	ctx.Status(http.StatusOK)
 }

 // RecipeSnapshot displays the recipe files with their md5 hash
--- a/routers/api/packages/container/auth.go
+++ b/routers/api/packages/container/auth.go
@ -23,21 +23,26 @@ func (a *Auth) Name() string {
 // Verify extracts the user from the Bearer token
 // If it's an anonymous session a ghost user is returned
 func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
-	uid, err := packages.ParseAuthorizationToken(req)
+	packageMeta, err := packages.ParseAuthorizationRequest(req)
 	if err != nil {
 		log.Trace("ParseAuthorizationToken: %v", err)
 		return nil, err
 	}

-	if uid == 0 {
+	if packageMeta == nil || packageMeta.UserID == 0 {
 		return nil, nil
 	}

-	u, err := user_model.GetPossibleUserByID(req.Context(), uid)
+	u, err := user_model.GetPossibleUserByID(req.Context(), packageMeta.UserID)
 	if err != nil {
 		log.Error("GetPossibleUserByID:  %v", err)
 		return nil, err
 	}

+	if packageMeta.Scope != "" {
+		store.GetData()["IsApiToken"] = true
+		store.GetData()["ApiTokenScope"] = packageMeta.Scope
+	}
+
 	return u, nil
 }
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@ -14,6 +14,7 @@ import (
 	"strconv"
 	"strings"

+	auth_model "code.gitea.io/gitea/models/auth"
 	packages_model "code.gitea.io/gitea/models/packages"
 	container_model "code.gitea.io/gitea/models/packages/container"
 	user_model "code.gitea.io/gitea/models/user"
@ -25,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers/api/packages/helper"
+	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/context"
 	packages_service "code.gitea.io/gitea/services/packages"
 	container_service "code.gitea.io/gitea/services/packages/container"
@ -148,6 +150,7 @@ func DetermineSupport(ctx *context.Context) {
 // If the current user is anonymous, the ghost user is used unless RequireSignInView is enabled.
 func Authenticate(ctx *context.Context) {
 	u := ctx.Doer
+	packageScope := auth_service.GetAccessScope(ctx.Data)
 	if u == nil {
 		if setting.Service.RequireSignInView {
 			apiUnauthorizedError(ctx)
@ -155,9 +158,21 @@ func Authenticate(ctx *context.Context) {
 		}

 		u = user_model.NewGhostUser()
+	} else {
+		if has, err := packageScope.HasAnyScope(
+			auth_model.AccessTokenScopeReadPackage,
+			auth_model.AccessTokenScopeWritePackage,
+			auth_model.AccessTokenScopeAll,
+		); !has {
+			if err != nil {
+				log.Error("Error checking access scope: %v", err)
+			}
+			apiUnauthorizedError(ctx)
+			return
+		}
 	}

-	token, err := packages_service.CreateAuthorizationToken(u)
+	token, err := packages_service.CreateAuthorizationToken(u, packageScope)
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
--- a/routers/api/packages/nuget/auth.go
+++ b/routers/api/packages/nuget/auth.go
@ -43,5 +43,8 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 		log.Error("UpdateAccessToken:  %v", err)
 	}

+	store.GetData()["IsApiToken"] = true
+	store.GetData()["ApiToken"] = token
+
 	return u, nil
 }
--- a/routers/api/v1/activitypub/reqsignature.go
+++ b/routers/api/v1/activitypub/reqsignature.go
@ -17,8 +17,8 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	gitea_context "code.gitea.io/gitea/services/context"

+	"github.com/42wim/httpsig"
 	ap "github.com/go-ap/activitypub"
-	"github.com/go-fed/httpsig"
 )

 func getPublicKeyFromResponse(b []byte, keyID *url.URL) (p crypto.PublicKey, err error) {
--- a/routers/api/v1/repo/commits.go
+++ b/routers/api/v1/repo/commits.go
@ -195,7 +195,7 @@ func GetAllCommits(ctx *context.APIContext) {
 			// get commit specified by sha
 			baseCommit, err = ctx.Repo.GitRepo.GetCommit(sha)
 			if err != nil {
-				ctx.Error(http.StatusInternalServerError, "GetCommit", err)
+				ctx.NotFoundOrServerError("GetCommit", git.IsErrNotExist, err)
 				return
 			}
 		}
--- a/routers/web/explore/repo.go
+++ b/routers/web/explore/repo.go
@ -6,7 +6,6 @@ package explore
 import (
 	"fmt"
 	"net/http"
-	"strings"

 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
@ -58,7 +57,7 @@ func RenderRepoSearch(ctx *context.Context, opts *RepoSearchOptions) {
 		orderBy db.SearchOrderBy
 	)

-	sortOrder := strings.ToLower(ctx.FormString("sort"))
+	sortOrder := ctx.FormString("sort")
 	if sortOrder == "" {
 		sortOrder = setting.UI.ExploreDefaultSort
 	}
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@ -1940,6 +1940,7 @@ func ViewIssue(ctx *context.Context) {
 			ctx.Data["ChangedProtectedFiles"] = pull.ChangedProtectedFiles
 			ctx.Data["IsBlockedByChangedProtectedFiles"] = len(pull.ChangedProtectedFiles) != 0
 			ctx.Data["ChangedProtectedFilesNum"] = len(pull.ChangedProtectedFiles)
+			ctx.Data["RequireApprovalsWhitelist"] = pb.EnableApprovalsWhitelist
 		}
 		ctx.Data["WillSign"] = false
 		if ctx.Doer != nil {
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@ -25,7 +25,12 @@ var (
 )

 // BasicMethodName is the constant name of the basic authentication method
-const BasicMethodName = "basic"
+const (
+	BasicMethodName       = "basic"
+	AccessTokenMethodName = "access_token"
+	OAuth2TokenMethodName = "oauth2_token"
+	ActionTokenMethodName = "action_token"
+)

 // Basic implements the Auth interface and authenticates requests (API requests
 // only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization"
@ -82,6 +87,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			return nil, err
 		}

+		store.GetData()["LoginMethod"] = OAuth2TokenMethodName
 		store.GetData()["IsApiToken"] = true
 		return u, nil
 	}
@ -101,6 +107,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			log.Error("UpdateAccessToken:  %v", err)
 		}

+		store.GetData()["LoginMethod"] = AccessTokenMethodName
 		store.GetData()["IsApiToken"] = true
 		store.GetData()["ApiTokenScope"] = token.Scope
 		return u, nil
@ -113,6 +120,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	if err == nil && task != nil {
 		log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)

+		store.GetData()["LoginMethod"] = ActionTokenMethodName
 		store.GetData()["IsActionsToken"] = true
 		store.GetData()["ActionsTaskID"] = task.ID

@ -138,6 +146,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 		}
 	}

+	store.GetData()["LoginMethod"] = BasicMethodName
 	log.Trace("Basic Authorization: Logged in user %-v", u)

 	return u, nil
@ -159,3 +168,19 @@ func validateTOTP(req *http.Request, u *user_model.User) error {
 	}
 	return nil
 }
+
+func GetAccessScope(store DataStore) auth_model.AccessTokenScope {
+	if v, ok := store.GetData()["ApiTokenScope"]; ok {
+		return v.(auth_model.AccessTokenScope)
+	}
+	switch store.GetData()["LoginMethod"] {
+	case OAuth2TokenMethodName:
+		fallthrough
+	case BasicMethodName, AccessTokenMethodName:
+		return auth_model.AccessTokenScopeAll
+	case ActionTokenMethodName:
+		fallthrough
+	default:
+		return ""
+	}
+}
--- a/services/auth/httpsign.go
+++ b/services/auth/httpsign.go
@ -17,7 +17,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/go-fed/httpsig"
+	"github.com/42wim/httpsig"
 	"golang.org/x/crypto/ssh"
 )

@ -205,7 +205,7 @@ func doVerify(verifier httpsig.Verifier, sshPublicKeys []ssh.PublicKey) error {
 		case strings.HasPrefix(publicKey.Type(), "ssh-ed25519"):
 			algos = []httpsig.Algorithm{httpsig.ED25519}
 		case strings.HasPrefix(publicKey.Type(), "ssh-rsa"):
-			algos = []httpsig.Algorithm{httpsig.RSA_SHA1, httpsig.RSA_SHA256, httpsig.RSA_SHA512}
+			algos = []httpsig.Algorithm{httpsig.RSA_SHA256, httpsig.RSA_SHA512}
 		}
 		for _, algo := range algos {
 			if err := verifier.Verify(cryptoPubkey, algo); err == nil {
--- a/services/packages/auth.go
+++ b/services/packages/auth.go
@ -9,6 +9,7 @@ import (
 	"strings"
 	"time"

+	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@ -18,10 +19,14 @@ import (

 type packageClaims struct {
 	jwt.RegisteredClaims
+	PackageMeta
+}
+type PackageMeta struct {
 	UserID int64
+	Scope  auth_model.AccessTokenScope
 }

-func CreateAuthorizationToken(u *user_model.User) (string, error) {
+func CreateAuthorizationToken(u *user_model.User, packageScope auth_model.AccessTokenScope) (string, error) {
 	now := time.Now()

 	claims := packageClaims{
@ -29,7 +34,10 @@ func CreateAuthorizationToken(u *user_model.User) (string, error) {
 			ExpiresAt: jwt.NewNumericDate(now.Add(24 * time.Hour)),
 			NotBefore: jwt.NewNumericDate(now),
 		},
-		UserID: u.ID,
+		PackageMeta: PackageMeta{
+			UserID: u.ID,
+			Scope:  packageScope,
+		},
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

@ -41,32 +49,36 @@ func CreateAuthorizationToken(u *user_model.User) (string, error) {
 	return tokenString, nil
 }

-func ParseAuthorizationToken(req *http.Request) (int64, error) {
+func ParseAuthorizationRequest(req *http.Request) (*PackageMeta, error) {
 	h := req.Header.Get("Authorization")
 	if h == "" {
-		return 0, nil
+		return nil, nil
 	}

 	parts := strings.SplitN(h, " ", 2)
 	if len(parts) != 2 {
 		log.Error("split token failed: %s", h)
-		return 0, fmt.Errorf("split token failed")
+		return nil, fmt.Errorf("split token failed")
 	}

-	token, err := jwt.ParseWithClaims(parts[1], &packageClaims{}, func(t *jwt.Token) (any, error) {
+	return ParseAuthorizationToken(parts[1])
+}
+
+func ParseAuthorizationToken(tokenStr string) (*PackageMeta, error) {
+	token, err := jwt.ParseWithClaims(tokenStr, &packageClaims{}, func(t *jwt.Token) (any, error) {
 		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
 		}
 		return setting.GetGeneralTokenSigningSecret(), nil
 	})
 	if err != nil {
-		return 0, err
+		return nil, err
 	}

 	c, ok := token.Claims.(*packageClaims)
 	if !token.Valid || !ok {
-		return 0, fmt.Errorf("invalid token claim")
+		return nil, fmt.Errorf("invalid token claim")
 	}

-	return c.UserID, nil
+	return &c.PackageMeta, nil
 }
--- a/services/pull/check.go
+++ b/services/pull/check.go
@ -21,6 +21,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
@ -334,9 +335,15 @@ func handler(items ...string) []string {
 }

 func testPR(id int64) {
-	pullWorkingPool.CheckIn(fmt.Sprint(id))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(id))
-	ctx, _, finished := process.GetManager().AddContext(graceful.GetManager().HammerContext(), fmt.Sprintf("Test PR[%d] from patch checking queue", id))
+	ctx := graceful.GetManager().HammerContext()
+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(id))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return
+	}
+	defer releaser()
+
+	ctx, _, finished := process.GetManager().AddContext(ctx, fmt.Sprintf("Test PR[%d] from patch checking queue", id))
 	defer finished()

 	pr, err := issues_model.GetPullRequestByID(ctx, id)
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@ -23,6 +23,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/httplib"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/references"
@ -169,9 +170,6 @@ func Merge(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.U
 		return fmt.Errorf("unable to load head repo: %w", err)
 	}

-	pullWorkingPool.CheckIn(fmt.Sprint(pr.ID))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(pr.ID))
-
 	prUnit, err := pr.BaseRepo.GetUnit(ctx, unit.TypePullRequests)
 	if err != nil {
 		log.Error("pr.BaseRepo.GetUnit(unit.TypePullRequests): %v", err)
@ -184,11 +182,18 @@ func Merge(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.U
 		return models.ErrInvalidMergeStyle{ID: pr.BaseRepo.ID, Style: mergeStyle}
 	}

+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(pr.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()
 	defer func() {
 		go AddTestPullRequestTask(doer, pr.BaseRepo.ID, pr.BaseBranch, false, "", "")
 	}()

 	_, err = doMergeAndPush(ctx, pr, doer, mergeStyle, expectedHeadCommitID, message, repo_module.PushTriggerPRMergeToBase)
+	releaser()
 	if err != nil {
 		return err
 	}
@ -487,10 +492,14 @@ func CheckPullBranchProtections(ctx context.Context, pr *issues_model.PullReques

 // MergedManually mark pr as merged manually
 func MergedManually(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.User, baseGitRepo *git.Repository, commitID string) error {
-	pullWorkingPool.CheckIn(fmt.Sprint(pr.ID))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(pr.ID))
+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(pr.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()

-	if err := db.WithTx(ctx, func(ctx context.Context) error {
+	err = db.WithTx(ctx, func(ctx context.Context) error {
 		if err := pr.LoadBaseRepo(ctx); err != nil {
 			return err
 		}
@ -540,7 +549,9 @@ func MergedManually(ctx context.Context, pr *issues_model.PullRequest, doer *use
 			return fmt.Errorf("SetMerged failed")
 		}
 		return nil
-	}); err != nil {
+	})
+	releaser()
+	if err != nil {
 		return err
 	}

--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@ -26,20 +26,21 @@ import (
 	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/sync"
 	"code.gitea.io/gitea/modules/util"
 	gitea_context "code.gitea.io/gitea/services/context"
 	issue_service "code.gitea.io/gitea/services/issue"
 	notify_service "code.gitea.io/gitea/services/notify"
 )

-// TODO: use clustered lock (unique queue? or *abuse* cache)
-var pullWorkingPool = sync.NewExclusivePool()
+func getPullWorkingLockKey(prID int64) string {
+	return fmt.Sprintf("pull_working_%d", prID)
+}

 // NewPullRequest creates new pull request with labels for repository.
 func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *issues_model.Issue, labelIDs []int64, uuids []string, pr *issues_model.PullRequest, assigneeIDs []int64) error {
@ -220,8 +221,12 @@ func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *iss

 // ChangeTargetBranch changes the target branch of this pull request, as the given user.
 func ChangeTargetBranch(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.User, targetBranch string) (err error) {
-	pullWorkingPool.CheckIn(fmt.Sprint(pr.ID))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(pr.ID))
+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(pr.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()

 	// Current target branch is already the same
 	if pr.BaseBranch == targetBranch {
--- a/services/pull/update.go
+++ b/services/pull/update.go
@ -14,6 +14,7 @@ import (
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/repository"
 )
@ -25,8 +26,12 @@ func Update(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.
 		return fmt.Errorf("update of agit flow pull request's head branch is unsupported")
 	}

-	pullWorkingPool.CheckIn(fmt.Sprint(pr.ID))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(pr.ID))
+	releaser, err := globallock.Lock(ctx, getPullWorkingLockKey(pr.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()

 	diffCount, err := GetDiverging(ctx, pr)
 	if err != nil {
--- a/services/repository/transfer.go
+++ b/services/repository/transfer.go
@ -18,16 +18,16 @@ import (
 	project_model "code.gitea.io/gitea/models/project"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/log"
 	repo_module "code.gitea.io/gitea/modules/repository"
-	"code.gitea.io/gitea/modules/sync"
 	"code.gitea.io/gitea/modules/util"
 	notify_service "code.gitea.io/gitea/services/notify"
 )

-// repoWorkingPool represents a working pool to order the parallel changes to the same repository
-// TODO: use clustered lock (unique queue? or *abuse* cache)
-var repoWorkingPool = sync.NewExclusivePool()
+func getRepoWorkingLockKey(repoID int64) string {
+	return fmt.Sprintf("repo_working_%d", repoID)
+}

 // TransferOwnership transfers all corresponding setting from old user to new one.
 func TransferOwnership(ctx context.Context, doer, newOwner *user_model.User, repo *repo_model.Repository, teams []*organization.Team) error {
@ -42,12 +42,17 @@ func TransferOwnership(ctx context.Context, doer, newOwner *user_model.User, rep

 	oldOwner := repo.Owner

-	repoWorkingPool.CheckIn(fmt.Sprint(repo.ID))
+	releaser, err := globallock.Lock(ctx, getRepoWorkingLockKey(repo.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()
+
 	if err := transferOwnership(ctx, doer, newOwner.Name, repo); err != nil {
-		repoWorkingPool.CheckOut(fmt.Sprint(repo.ID))
 		return err
 	}
-	repoWorkingPool.CheckOut(fmt.Sprint(repo.ID))
+	releaser()

 	newRepo, err := repo_model.GetRepositoryByID(ctx, repo.ID)
 	if err != nil {
@ -360,15 +365,20 @@ func ChangeRepositoryName(ctx context.Context, doer *user_model.User, repo *repo
 	oldRepoName := repo.Name

 	// Change repository directory name. We must lock the local copy of the
-	// repo so that we can atomically rename the repo path and updates the
+	// repo so that we can automatically rename the repo path and updates the
 	// local copy's origin accordingly.

-	repoWorkingPool.CheckIn(fmt.Sprint(repo.ID))
+	releaser, err := globallock.Lock(ctx, getRepoWorkingLockKey(repo.ID))
+	if err != nil {
+		log.Error("lock.Lock(): %v", err)
+		return fmt.Errorf("lock.Lock: %w", err)
+	}
+	defer releaser()
+
 	if err := changeRepositoryName(ctx, repo, newRepoName); err != nil {
-		repoWorkingPool.CheckOut(fmt.Sprint(repo.ID))
 		return err
 	}
-	repoWorkingPool.CheckOut(fmt.Sprint(repo.ID))
+	releaser()

 	repo.Name = newRepoName
 	notify_service.RenameRepository(ctx, doer, repo, oldRepoName)
--- a/services/wiki/wiki.go
+++ b/services/wiki/wiki.go
@ -18,19 +18,20 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
+	"code.gitea.io/gitea/modules/globallock"
 	"code.gitea.io/gitea/modules/log"
 	repo_module "code.gitea.io/gitea/modules/repository"
-	"code.gitea.io/gitea/modules/sync"
 	"code.gitea.io/gitea/modules/util"
 	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	repo_service "code.gitea.io/gitea/services/repository"
 )

-// TODO: use clustered lock (unique queue? or *abuse* cache)
-var wikiWorkingPool = sync.NewExclusivePool()
-
 const DefaultRemote = "origin"

+func getWikiWorkingLockKey(repoID int64) string {
+	return fmt.Sprintf("wiki_working_%d", repoID)
+}
+
 // InitWiki initializes a wiki for repository,
 // it does nothing when repository already has wiki.
 func InitWiki(ctx context.Context, repo *repo_model.Repository) error {
@ -89,8 +90,11 @@ func updateWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model
 	if err = validateWebPath(newWikiName); err != nil {
 		return err
 	}
-	wikiWorkingPool.CheckIn(fmt.Sprint(repo.ID))
-	defer wikiWorkingPool.CheckOut(fmt.Sprint(repo.ID))
+	releaser, err := globallock.Lock(ctx, getWikiWorkingLockKey(repo.ID))
+	if err != nil {
+		return err
+	}
+	defer releaser()

 	if err = InitWiki(ctx, repo); err != nil {
 		return fmt.Errorf("InitWiki: %w", err)
@ -250,8 +254,11 @@ func DeleteWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model
 		return err
 	}

-	wikiWorkingPool.CheckIn(fmt.Sprint(repo.ID))
-	defer wikiWorkingPool.CheckOut(fmt.Sprint(repo.ID))
+	releaser, err := globallock.Lock(ctx, getWikiWorkingLockKey(repo.ID))
+	if err != nil {
+		return err
+	}
+	defer releaser()

 	if err = InitWiki(ctx, repo); err != nil {
 		return fmt.Errorf("InitWiki: %w", err)
--- a/templates/install.tmpl
+++ b/templates/install.tmpl
@ -124,7 +124,7 @@
 					</div>
 					<div class="inline required field">
 						<label for="domain">{{ctx.Locale.Tr "install.domain"}}</label>
-						<input id="domain" name="domain" value="{{.domain}}" placeholder="try.gitea.io" required>
+						<input id="domain" name="domain" value="{{.domain}}" placeholder="demo.gitea.com" required>
 						<span class="help">{{ctx.Locale.Tr "install.domain_helper"}}</span>
 					</div>
 					<div class="inline field">
@ -139,7 +139,7 @@
 					</div>
 					<div class="inline required field">
 						<label for="app_url">{{ctx.Locale.Tr "install.app_url"}}</label>
-						<input id="app_url" name="app_url" value="{{.app_url}}" placeholder="https://try.gitea.io" required>
+						<input id="app_url" name="app_url" value="{{.app_url}}" placeholder="https://demo.gitea.com" required>
 						<span class="help">{{ctx.Locale.Tr "install.app_url_helper"}}</span>
 					</div>
 					<div class="inline required field">
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@ -380,7 +380,7 @@
 						{{ctx.AvatarUtils.Avatar .Poster 40}}
 					</a>
 					{{end}}
-					<span class="badge{{if eq $reviewType 1}} tw-bg-green tw-text-white{{else if eq $reviewType 3}} tw-bg-red tw-text-white{{end}}">
+					<span class="badge tw-text-white{{if eq $reviewType 1}}{{if .Review.Official}} tw-bg-green {{else}} tw-bg-grey{{end}}{{else if eq $reviewType 3}} tw-bg-red{{end}}">
 						{{if .Review}}{{svg (printf "octicon-%s" .Review.Type.Icon)}}{{end}}
 					</span>
 					<span class="text grey muted-links">
--- a/templates/repo/issue/view_content/pull.tmpl
+++ b/templates/repo/issue/view_content/pull.tmpl
@ -109,7 +109,11 @@
 				{{if .IsBlockedByApprovals}}
 					<div class="item">
 						{{svg "octicon-x"}}
-						{{ctx.Locale.Tr "repo.pulls.blocked_by_approvals" .GrantedApprovals .ProtectedBranch.RequiredApprovals}}
+						{{if .RequireApprovalsWhitelist}}
+							{{ctx.Locale.Tr "repo.pulls.blocked_by_approvals_whitelisted" .GrantedApprovals .ProtectedBranch.RequiredApprovals}}
+						{{else}}
+							{{ctx.Locale.Tr "repo.pulls.blocked_by_approvals" .GrantedApprovals .ProtectedBranch.RequiredApprovals}}
+						{{end}}
 					</div>
 				{{else if .IsBlockedByRejection}}
 					<div class="item">
--- a/templates/repo/issue/view_content/sidebar.tmpl
+++ b/templates/repo/issue/view_content/sidebar.tmpl
@ -94,7 +94,9 @@
 							{{if and .CanChange (or .Checked (and (not $.Issue.IsClosed) (not $.Issue.PullRequest.HasMerged)))}}
 								<a href="#" class="ui muted icon re-request-review{{if .Checked}} checked{{end}}" data-tooltip-content="{{if .Checked}}{{ctx.Locale.Tr "repo.issues.remove_request_review"}}{{else}}{{ctx.Locale.Tr "repo.issues.re_request_review"}}{{end}}" data-issue-id="{{$.Issue.ID}}" data-id="{{.ItemID}}" data-update-url="{{$.RepoLink}}/issues/request_review">{{svg (Iif .Checked "octicon-trash" "octicon-sync")}}</a>
 							{{end}}
-							{{svg (printf "octicon-%s" .Review.Type.Icon) 16 (printf "text %s" (.Review.HTMLTypeColorName))}}
+							<span {{if .Review.TooltipContent}}data-tooltip-content="{{ctx.Locale.Tr .Review.TooltipContent}}"{{end}}>
+								{{svg (printf "octicon-%s" .Review.Type.Icon) 16 (printf "text %s" (.Review.HTMLTypeColorName))}}
+							</span>
 						</div>
 					</div>
 				{{end}}
@ -107,7 +109,9 @@
 							</a>
 						</div>
 						<div class="tw-flex tw-items-center tw-gap-2">
-							{{svg (printf "octicon-%s" .Type.Icon) 16 (printf "text %s" (.HTMLTypeColorName))}}
+							<span {{if .Review.TooltipContent}}data-tooltip-content="{{ctx.Locale.Tr .Review.TooltipContent}}"{{end}}>
+								{{svg (printf "octicon-%s" .Type.Icon) 16 (printf "text %s" (.HTMLTypeColorName))}}
+							</span>
 						</div>
 					</div>
 				{{end}}
--- a/tests/integration/api_httpsig_test.go
+++ b/tests/integration/api_httpsig_test.go
@ -15,7 +15,7 @@ import (
 	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/tests"

-	"github.com/go-fed/httpsig"
+	"github.com/42wim/httpsig"
 	"golang.org/x/crypto/ssh"
 )

--- a/tests/integration/api_packages_conan_test.go
+++ b/tests/integration/api_packages_conan_test.go
@ -11,6 +11,7 @@ import (
 	"testing"
 	"time"

+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/packages"
 	conan_model "code.gitea.io/gitea/models/packages/conan"
@ -19,6 +20,7 @@ import (
 	conan_module "code.gitea.io/gitea/modules/packages/conan"
 	"code.gitea.io/gitea/modules/setting"
 	conan_router "code.gitea.io/gitea/routers/api/packages/conan"
+	package_service "code.gitea.io/gitea/services/packages"
 	"code.gitea.io/gitea/tests"

 	"github.com/stretchr/testify/assert"
@ -225,7 +227,7 @@ func TestPackageConan(t *testing.T) {

 		token := ""

-		t.Run("Authenticate", func(t *testing.T) {
+		t.Run("UserName/Password Authenticate", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()

 			req := NewRequest(t, "GET", fmt.Sprintf("%s/v1/users/authenticate", url)).
@ -234,6 +236,73 @@ func TestPackageConan(t *testing.T) {

 			token = resp.Body.String()
 			assert.NotEmpty(t, token)
+
+			pkgMeta, err := package_service.ParseAuthorizationToken(token)
+			assert.NoError(t, err)
+			assert.Equal(t, user.ID, pkgMeta.UserID)
+			assert.Equal(t, auth_model.AccessTokenScopeAll, pkgMeta.Scope)
+		})
+
+		badToken := ""
+		t.Run("Token Scope Authentication", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, user.Name)
+
+			badToken = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadNotification)
+
+			testCase := func(t *testing.T, scope auth_model.AccessTokenScope, expectedAuthStatusCode, expectedStatusCode int) {
+				t.Helper()
+
+				token := getTokenForLoggedInUser(t, session, scope)
+
+				req := NewRequest(t, "GET", fmt.Sprintf("%s/v1/users/authenticate", url)).
+					AddTokenAuth(token)
+				resp := MakeRequest(t, req, expectedAuthStatusCode)
+				if expectedAuthStatusCode != http.StatusOK {
+					return
+				}
+
+				body := resp.Body.String()
+				assert.NotEmpty(t, body)
+
+				pkgMeta, err := package_service.ParseAuthorizationToken(body)
+				assert.NoError(t, err)
+				assert.Equal(t, user.ID, pkgMeta.UserID)
+				assert.Equal(t, scope, pkgMeta.Scope)
+
+				recipeURL := fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s", url, "TestScope", version1, "testing", channel1)
+
+				req = NewRequestWithJSON(t, "POST", fmt.Sprintf("%s/upload_urls", recipeURL), map[string]int64{
+					conanfileName: 64,
+					"removed.txt": 0,
+				}).AddTokenAuth(token)
+				MakeRequest(t, req, expectedStatusCode)
+			}
+
+			t.Run("No Package permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeReadNotification, http.StatusUnauthorized, http.StatusForbidden)
+			})
+
+			t.Run("Package Read permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeReadPackage, http.StatusOK, http.StatusUnauthorized)
+			})
+
+			t.Run("Package Write permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeWritePackage, http.StatusOK, http.StatusOK)
+			})
+
+			t.Run("All permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeAll, http.StatusOK, http.StatusOK)
+			})
 		})

 		t.Run("CheckCredentials", func(t *testing.T) {
@ -431,6 +500,11 @@ func TestPackageConan(t *testing.T) {

 					req := NewRequestWithJSON(t, "POST", fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s/packages/delete", url, name, version1, user1, c.Channel), map[string][]string{
 						"package_ids": c.References,
+					}).AddTokenAuth(badToken)
+					MakeRequest(t, req, http.StatusUnauthorized)
+
+					req = NewRequestWithJSON(t, "POST", fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s/packages/delete", url, name, version1, user1, c.Channel), map[string][]string{
+						"package_ids": c.References,
 					}).AddTokenAuth(token)
 					MakeRequest(t, req, http.StatusOK)

@ -457,6 +531,10 @@ func TestPackageConan(t *testing.T) {
 					assert.NotEmpty(t, revisions)

 					req := NewRequest(t, "DELETE", fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s", url, name, version1, user1, c.Channel)).
+						AddTokenAuth(badToken)
+					MakeRequest(t, req, http.StatusUnauthorized)
+
+					req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v1/conans/%s/%s/%s/%s", url, name, version1, user1, c.Channel)).
 						AddTokenAuth(token)
 					MakeRequest(t, req, http.StatusOK)

@ -480,7 +558,7 @@ func TestPackageConan(t *testing.T) {

 		token := ""

-		t.Run("Authenticate", func(t *testing.T) {
+		t.Run("UserName/Password Authenticate", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()

 			req := NewRequest(t, "GET", fmt.Sprintf("%s/v2/users/authenticate", url)).
@ -490,9 +568,75 @@ func TestPackageConan(t *testing.T) {
 			body := resp.Body.String()
 			assert.NotEmpty(t, body)

+			pkgMeta, err := package_service.ParseAuthorizationToken(body)
+			assert.NoError(t, err)
+			assert.Equal(t, user.ID, pkgMeta.UserID)
+			assert.Equal(t, auth_model.AccessTokenScopeAll, pkgMeta.Scope)
+
 			token = fmt.Sprintf("Bearer %s", body)
 		})

+		badToken := ""
+
+		t.Run("Token Scope Authentication", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, user.Name)
+
+			badToken = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadNotification)
+
+			testCase := func(t *testing.T, scope auth_model.AccessTokenScope, expectedAuthStatusCode, expectedStatusCode int) {
+				t.Helper()
+
+				token := getTokenForLoggedInUser(t, session, scope)
+
+				req := NewRequest(t, "GET", fmt.Sprintf("%s/v2/users/authenticate", url)).
+					AddTokenAuth(token)
+				resp := MakeRequest(t, req, expectedAuthStatusCode)
+				if expectedAuthStatusCode != http.StatusOK {
+					return
+				}
+
+				body := resp.Body.String()
+				assert.NotEmpty(t, body)
+
+				pkgMeta, err := package_service.ParseAuthorizationToken(body)
+				assert.NoError(t, err)
+				assert.Equal(t, user.ID, pkgMeta.UserID)
+				assert.Equal(t, scope, pkgMeta.Scope)
+
+				recipeURL := fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s", url, "TestScope", version1, "testing", channel1, revision1)
+
+				req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/files/%s", recipeURL, conanfileName), strings.NewReader("Demo Conan file")).
+					AddTokenAuth(token)
+				MakeRequest(t, req, expectedStatusCode)
+			}
+
+			t.Run("No Package permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeReadNotification, http.StatusUnauthorized, http.StatusUnauthorized)
+			})
+
+			t.Run("Package Read permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeReadPackage, http.StatusOK, http.StatusUnauthorized)
+			})
+
+			t.Run("Package Write permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeWritePackage, http.StatusOK, http.StatusCreated)
+			})
+
+			t.Run("All permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeAll, http.StatusOK, http.StatusCreated)
+			})
+		})
+
 		t.Run("CheckCredentials", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()

@ -511,7 +655,7 @@ func TestPackageConan(t *testing.T) {

 				pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeConan)
 				assert.NoError(t, err)
-				assert.Len(t, pvs, 2)
+				assert.Len(t, pvs, 3)
 			})
 		})

@ -663,11 +807,19 @@ func TestPackageConan(t *testing.T) {
 				checkPackageRevisionCount(2)

 				req := NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages/%s/revisions/%s", url, name, version1, user1, channel1, revision1, conanPackageReference, revision1)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages/%s/revisions/%s", url, name, version1, user1, channel1, revision1, conanPackageReference, revision1)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)

 				checkPackageRevisionCount(1)

+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages/%s", url, name, version1, user1, channel1, revision1, conanPackageReference)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
 				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages/%s", url, name, version1, user1, channel1, revision1, conanPackageReference)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)
@ -678,6 +830,10 @@ func TestPackageConan(t *testing.T) {

 				checkPackageReferenceCount(1)

+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages", url, name, version1, user1, channel1, revision2)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
 				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s/packages", url, name, version1, user1, channel1, revision2)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)
@ -699,11 +855,19 @@ func TestPackageConan(t *testing.T) {
 				checkRecipeRevisionCount(2)

 				req := NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s", url, name, version1, user1, channel1, revision1)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s", url, name, version1, user1, channel1, revision1)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)

 				checkRecipeRevisionCount(1)

+				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s", url, name, version1, user1, channel1)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
 				req = NewRequest(t, "DELETE", fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s", url, name, version1, user1, channel1)).
 					AddTokenAuth(token)
 				MakeRequest(t, req, http.StatusOK)
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@ -23,6 +23,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/test"
+	package_service "code.gitea.io/gitea/services/packages"
 	"code.gitea.io/gitea/tests"

 	oci "github.com/opencontainers/image-spec/specs-go/v1"
@ -78,6 +79,8 @@ func TestPackageContainer(t *testing.T) {

 	anonymousToken := ""
 	userToken := ""
+	readToken := ""
+	badToken := ""

 	t.Run("Authenticate", func(t *testing.T) {
 		type TokenResponse struct {
@ -123,7 +126,7 @@ func TestPackageContainer(t *testing.T) {
 			assert.Equal(t, `Bearer realm="https://domain:8443/v2/token",service="container_registry",scope="*"`, resp.Header().Get("WWW-Authenticate"))
 		})

-		t.Run("User", func(t *testing.T) {
+		t.Run("UserName/Password", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()

 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
@ -139,6 +142,10 @@ func TestPackageContainer(t *testing.T) {
 			DecodeJSON(t, resp, &tokenResponse)

 			assert.NotEmpty(t, tokenResponse.Token)
+			pkgMeta, err := package_service.ParseAuthorizationToken(tokenResponse.Token)
+			assert.NoError(t, err)
+			assert.Equal(t, user.ID, pkgMeta.UserID)
+			assert.Equal(t, auth_model.AccessTokenScopeAll, pkgMeta.Scope)

 			userToken = fmt.Sprintf("Bearer %s", tokenResponse.Token)

@ -146,6 +153,52 @@ func TestPackageContainer(t *testing.T) {
 				AddTokenAuth(userToken)
 			MakeRequest(t, req, http.StatusOK)
 		})
+
+		// Token that should enforce the read scope.
+		t.Run("AccessToken", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, user.Name)
+
+			readToken = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadPackage)
+			req := NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
+			req.Request.SetBasicAuth(user.Name, readToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			tokenResponse := &TokenResponse{}
+			DecodeJSON(t, resp, &tokenResponse)
+
+			readToken = fmt.Sprintf("Bearer %s", tokenResponse.Token)
+
+			badToken = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadNotification)
+			req = NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
+			req.Request.SetBasicAuth(user.Name, badToken)
+			MakeRequest(t, req, http.StatusUnauthorized)
+
+			testCase := func(scope auth_model.AccessTokenScope, expectedAuthStatus, expectedStatus int) {
+				token := getTokenForLoggedInUser(t, session, scope)
+
+				req := NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
+				req.SetBasicAuth(user.Name, token)
+
+				resp := MakeRequest(t, req, expectedAuthStatus)
+				if expectedAuthStatus != http.StatusOK {
+					return
+				}
+
+				tokenResponse := &TokenResponse{}
+				DecodeJSON(t, resp, &tokenResponse)
+
+				assert.NotEmpty(t, tokenResponse.Token)
+
+				req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL)).
+					AddTokenAuth(fmt.Sprintf("Bearer %s", tokenResponse.Token))
+				MakeRequest(t, req, expectedStatus)
+			}
+			testCase(auth_model.AccessTokenScopeReadPackage, http.StatusOK, http.StatusOK)
+			testCase(auth_model.AccessTokenScopeAll, http.StatusOK, http.StatusOK)
+			testCase(auth_model.AccessTokenScopeReadNotification, http.StatusUnauthorized, http.StatusUnauthorized)
+			testCase(auth_model.AccessTokenScopeWritePackage, http.StatusOK, http.StatusOK)
+		})
 	})

 	t.Run("DetermineSupport", func(t *testing.T) {
@ -155,6 +208,15 @@ func TestPackageContainer(t *testing.T) {
 			AddTokenAuth(userToken)
 		resp := MakeRequest(t, req, http.StatusOK)
 		assert.Equal(t, "registry/2.0", resp.Header().Get("Docker-Distribution-Api-Version"))
+
+		req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL)).
+			AddTokenAuth(readToken)
+		resp = MakeRequest(t, req, http.StatusOK)
+		assert.Equal(t, "registry/2.0", resp.Header().Get("Docker-Distribution-Api-Version"))
+
+		req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL)).
+			AddTokenAuth(badToken)
+		MakeRequest(t, req, http.StatusUnauthorized)
 	})

 	for _, image := range images {
@ -168,6 +230,14 @@ func TestPackageContainer(t *testing.T) {
 					AddTokenAuth(anonymousToken)
 				MakeRequest(t, req, http.StatusUnauthorized)

+				req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
+					AddTokenAuth(readToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
 				req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", url, unknownDigest), bytes.NewReader(blobContent)).
 					AddTokenAuth(userToken)
 				MakeRequest(t, req, http.StatusBadRequest)
@ -195,6 +265,14 @@ func TestPackageContainer(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()

 				req := NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
+					AddTokenAuth(readToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
+					AddTokenAuth(badToken)
+				MakeRequest(t, req, http.StatusUnauthorized)
+
+				req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url)).
 					AddTokenAuth(userToken)
 				resp := MakeRequest(t, req, http.StatusAccepted)

--- a/tests/integration/api_packages_nuget_test.go
+++ b/tests/integration/api_packages_nuget_test.go
@ -26,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/routers/api/packages/nuget"
+	packageService "code.gitea.io/gitea/services/packages"
 	"code.gitea.io/gitea/tests"

 	"github.com/stretchr/testify/assert"
@ -81,7 +82,9 @@ func TestPackageNuGet(t *testing.T) {
 	}

 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	token := getUserToken(t, user.Name, auth_model.AccessTokenScopeWritePackage)
+	writeToken := getUserToken(t, user.Name, auth_model.AccessTokenScopeWritePackage)
+	readToken := getUserToken(t, user.Name, auth_model.AccessTokenScopeReadPackage)
+	badToken := getUserToken(t, user.Name, auth_model.AccessTokenScopeReadNotification)

 	packageName := "test.package"
 	packageVersion := "1.0.3"
@ -127,34 +130,44 @@ func TestPackageNuGet(t *testing.T) {
 			privateUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Visibility: structs.VisibleTypePrivate})

 			cases := []struct {
-				Owner        string
-				UseBasicAuth bool
-				UseTokenAuth bool
+				Owner          string
+				UseBasicAuth   bool
+				token          string
+				expectedStatus int
 			}{
-				{privateUser.Name, false, false},
-				{privateUser.Name, true, false},
-				{privateUser.Name, false, true},
-				{user.Name, false, false},
-				{user.Name, true, false},
-				{user.Name, false, true},
+				{privateUser.Name, false, "", http.StatusOK},
+				{privateUser.Name, true, "", http.StatusOK},
+				{privateUser.Name, false, writeToken, http.StatusOK},
+				{privateUser.Name, false, readToken, http.StatusOK},
+				{privateUser.Name, false, badToken, http.StatusOK},
+				{user.Name, false, "", http.StatusOK},
+				{user.Name, true, "", http.StatusOK},
+				{user.Name, false, writeToken, http.StatusOK},
+				{user.Name, false, readToken, http.StatusOK},
+				{user.Name, false, badToken, http.StatusOK},
 			}

 			for _, c := range cases {
-				url := fmt.Sprintf("/api/packages/%s/nuget", c.Owner)
+				t.Run(c.Owner, func(t *testing.T) {
+					url := fmt.Sprintf("/api/packages/%s/nuget", c.Owner)

-				req := NewRequest(t, "GET", url)
-				if c.UseBasicAuth {
-					req.AddBasicAuth(user.Name)
-				} else if c.UseTokenAuth {
-					addNuGetAPIKeyHeader(req, token)
-				}
-				resp := MakeRequest(t, req, http.StatusOK)
+					req := NewRequest(t, "GET", url)
+					if c.UseBasicAuth {
+						req.AddBasicAuth(user.Name)
+					} else if c.token != "" {
+						addNuGetAPIKeyHeader(req, c.token)
+					}
+					resp := MakeRequest(t, req, c.expectedStatus)
+					if c.expectedStatus != http.StatusOK {
+						return
+					}

-				var result nuget.ServiceIndexResponseV2
-				decodeXML(t, resp, &result)
+					var result nuget.ServiceIndexResponseV2
+					decodeXML(t, resp, &result)

-				assert.Equal(t, setting.AppURL+url[1:], result.Base)
-				assert.Equal(t, "Packages", result.Workspace.Collection.Href)
+					assert.Equal(t, setting.AppURL+url[1:], result.Base)
+					assert.Equal(t, "Packages", result.Workspace.Collection.Href)
+				})
 			}
 		})

@ -164,56 +177,67 @@ func TestPackageNuGet(t *testing.T) {
 			privateUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Visibility: structs.VisibleTypePrivate})

 			cases := []struct {
-				Owner        string
-				UseBasicAuth bool
-				UseTokenAuth bool
+				Owner          string
+				UseBasicAuth   bool
+				token          string
+				expectedStatus int
 			}{
-				{privateUser.Name, false, false},
-				{privateUser.Name, true, false},
-				{privateUser.Name, false, true},
-				{user.Name, false, false},
-				{user.Name, true, false},
-				{user.Name, false, true},
+				{privateUser.Name, false, "", http.StatusOK},
+				{privateUser.Name, true, "", http.StatusOK},
+				{privateUser.Name, false, writeToken, http.StatusOK},
+				{privateUser.Name, false, readToken, http.StatusOK},
+				{privateUser.Name, false, badToken, http.StatusOK},
+				{user.Name, false, "", http.StatusOK},
+				{user.Name, true, "", http.StatusOK},
+				{user.Name, false, writeToken, http.StatusOK},
+				{user.Name, false, readToken, http.StatusOK},
+				{user.Name, false, badToken, http.StatusOK},
 			}

 			for _, c := range cases {
-				url := fmt.Sprintf("/api/packages/%s/nuget", c.Owner)
+				t.Run(c.Owner, func(t *testing.T) {
+					url := fmt.Sprintf("/api/packages/%s/nuget", c.Owner)

-				req := NewRequest(t, "GET", fmt.Sprintf("%s/index.json", url))
-				if c.UseBasicAuth {
-					req.AddBasicAuth(user.Name)
-				} else if c.UseTokenAuth {
-					addNuGetAPIKeyHeader(req, token)
-				}
-				resp := MakeRequest(t, req, http.StatusOK)
-
-				var result nuget.ServiceIndexResponseV3
-				DecodeJSON(t, resp, &result)
-
-				assert.Equal(t, "3.0.0", result.Version)
-				assert.NotEmpty(t, result.Resources)
-
-				root := setting.AppURL + url[1:]
-				for _, r := range result.Resources {
-					switch r.Type {
-					case "SearchQueryService":
-						fallthrough
-					case "SearchQueryService/3.0.0-beta":
-						fallthrough
-					case "SearchQueryService/3.0.0-rc":
-						assert.Equal(t, root+"/query", r.ID)
-					case "RegistrationsBaseUrl":
-						fallthrough
-					case "RegistrationsBaseUrl/3.0.0-beta":
-						fallthrough
-					case "RegistrationsBaseUrl/3.0.0-rc":
-						assert.Equal(t, root+"/registration", r.ID)
-					case "PackageBaseAddress/3.0.0":
-						assert.Equal(t, root+"/package", r.ID)
-					case "PackagePublish/2.0.0":
-						assert.Equal(t, root, r.ID)
+					req := NewRequest(t, "GET", fmt.Sprintf("%s/index.json", url))
+					if c.UseBasicAuth {
+						req.AddBasicAuth(user.Name)
+					} else if c.token != "" {
+						addNuGetAPIKeyHeader(req, c.token)
 					}
-				}
+					resp := MakeRequest(t, req, c.expectedStatus)
+
+					if c.expectedStatus != http.StatusOK {
+						return
+					}
+
+					var result nuget.ServiceIndexResponseV3
+					DecodeJSON(t, resp, &result)
+
+					assert.Equal(t, "3.0.0", result.Version)
+					assert.NotEmpty(t, result.Resources)
+
+					root := setting.AppURL + url[1:]
+					for _, r := range result.Resources {
+						switch r.Type {
+						case "SearchQueryService":
+							fallthrough
+						case "SearchQueryService/3.0.0-beta":
+							fallthrough
+						case "SearchQueryService/3.0.0-rc":
+							assert.Equal(t, root+"/query", r.ID)
+						case "RegistrationsBaseUrl":
+							fallthrough
+						case "RegistrationsBaseUrl/3.0.0-beta":
+							fallthrough
+						case "RegistrationsBaseUrl/3.0.0-rc":
+							assert.Equal(t, root+"/registration", r.ID)
+						case "PackageBaseAddress/3.0.0":
+							assert.Equal(t, root+"/package", r.ID)
+						case "PackagePublish/2.0.0":
+							assert.Equal(t, root, r.ID)
+						}
+					}
+				})
 			}
 		})
 	})
@ -222,6 +246,7 @@ func TestPackageNuGet(t *testing.T) {
 		t.Run("DependencyPackage", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()

+			// create with username/password
 			req := NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusCreated)
@ -258,6 +283,52 @@ func TestPackageNuGet(t *testing.T) {
 			req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusConflict)
+
+			// delete the package
+			assert.NoError(t, packageService.DeletePackageVersionAndReferences(db.DefaultContext, pvs[0]))
+
+			// create failure with token without write access
+			req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
+				AddTokenAuth(readToken)
+			MakeRequest(t, req, http.StatusUnauthorized)
+
+			// create with token
+			req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
+				AddTokenAuth(writeToken)
+			MakeRequest(t, req, http.StatusCreated)
+
+			pvs, err = packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeNuGet)
+			assert.NoError(t, err)
+			assert.Len(t, pvs, 1, "Should have one version")
+
+			pd, err = packages.GetPackageDescriptor(db.DefaultContext, pvs[0])
+			assert.NoError(t, err)
+			assert.NotNil(t, pd.SemVer)
+			assert.IsType(t, &nuget_module.Metadata{}, pd.Metadata)
+			assert.Equal(t, packageName, pd.Package.Name)
+			assert.Equal(t, packageVersion, pd.Version.Version)
+
+			pfs, err = packages.GetFilesByVersionID(db.DefaultContext, pvs[0].ID)
+			assert.NoError(t, err)
+			assert.Len(t, pfs, 2, "Should have 2 files: nuget and nuspec")
+			for _, pf := range pfs {
+				switch pf.Name {
+				case fmt.Sprintf("%s.%s.nupkg", packageName, packageVersion):
+					assert.True(t, pf.IsLead)
+
+					pb, err := packages.GetBlobByID(db.DefaultContext, pf.BlobID)
+					assert.NoError(t, err)
+					assert.Equal(t, int64(len(content)), pb.Size)
+				case fmt.Sprintf("%s.nuspec", packageName):
+					assert.False(t, pf.IsLead)
+				default:
+					assert.Fail(t, "unexpected filename: %v", pf.Name)
+				}
+			}
+
+			req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
+				AddBasicAuth(user.Name)
+			MakeRequest(t, req, http.StatusConflict)
 		})

 		t.Run("SymbolPackage", func(t *testing.T) {
--- a/web_src/css/themes/theme-gitea-auto-protanopia-deuteranopia.css
+++ b/web_src/css/themes/theme-gitea-auto-protanopia-deuteranopia.css
@ -0,0 +1,2 @@
+@import "./theme-gitea-light-protanopia-deuteranopia.css" (prefers-color-scheme: light);
+@import "./theme-gitea-dark-protanopia-deuteranopia.css" (prefers-color-scheme: dark);
--- a/web_src/js/components/RepoBranchTagSelector.vue
+++ b/web_src/js/components/RepoBranchTagSelector.vue
@ -289,13 +289,11 @@ export default sfc; // activate IDE's Vue plugin
          <a href="#" @click="createNewBranch()">
            <div v-show="shouldCreateTag">
              <i class="reference tags icon"/>
-              <!-- eslint-disable-next-line vue/no-v-html -->
-              <span v-html="textCreateTag.replace('%s', searchTerm)"/>
+              <span v-text="textCreateTag.replace('%s', searchTerm)"/>
            </div>
            <div v-show="!shouldCreateTag">
              <svg-icon name="octicon-git-branch"/>
-              <!-- eslint-disable-next-line vue/no-v-html -->
-              <span v-html="textCreateBranch.replace('%s', searchTerm)"/>
+              <span v-text="textCreateBranch.replace('%s', searchTerm)"/>
            </div>
            <div class="text small">
              <span v-if="isViewBranch || release">{{ textCreateBranchFrom.replace('%s', branchName) }}</span>