Merge branch 'forgejo' into fix-context-timeout

2025-10-10 19:32:02 +00:00 · 2025-07-23 07:47:16 +02:00 · 2025-07-23 07:47:16 +02:00 · 58aa244691
commit 58aa244691
parent 71cd14b207 f3ccfc4969
82 changed files with 2007 additions and 351 deletions
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@ -6,7 +6,7 @@ on:
 env:
  RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.3.1 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.3.3 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 jobs:
  release-notes:
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@ -8,7 +8,7 @@ on:
      - labeled
 env:
-  RNA_VERSION: v1.3.1 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.3.3 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 jobs:
  release-notes:
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@ -28,7 +28,7 @@ jobs:
    runs-on: docker
    container:
-      image: data.forgejo.org/renovate/renovate:41.40.0
+      image: data.forgejo.org/renovate/renovate:41.42.5
    steps:
      - name: Load renovate repo cache
--- a/2
+++ b/2
@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.35.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.5.2 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@41.40.0 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@41.42.5 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...
--- a/go.mod
+++ b/go.mod
@ -48,7 +48,7 @@ require (
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/go-openapi/spec v0.21.0
 	github.com/go-sql-driver/mysql v1.9.3
-	github.com/go-webauthn/webauthn v0.13.3
+	github.com/go-webauthn/webauthn v0.13.4
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
@ -94,7 +94,7 @@ require (
 	github.com/urfave/cli/v3 v3.3.3
 	github.com/valyala/fastjson v1.6.4
 	github.com/yohcop/openid-go v1.0.1
-	github.com/yuin/goldmark v1.7.12
+	github.com/yuin/goldmark v1.7.13
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.130.1
 	go.uber.org/mock v0.5.2
@ -158,7 +158,7 @@ require (
 	github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fatih/color v1.18.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
@ -244,7 +244,7 @@ require (
 replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.29.0
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.32.0
 replace github.com/mholt/archiver/v3 => code.forgejo.org/forgejo/archiver/v3 v3.5.1
--- a/go.sum
+++ b/go.sum
@ -4,8 +4,8 @@ code.forgejo.org/f3/gof3/v3 v3.11.0 h1:f/xToKwqTgxG6PYxvewywjDQyCcyHEEJ6sZqUitFs
 code.forgejo.org/f3/gof3/v3 v3.11.0/go.mod h1:4FaRUNSQGBiD1M0DuB0yNv+Z2wMtlOeckgygHSSq4KQ=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251 h1:HTZl3CBk3ABNYtFI6TPLvJgGKFIhKT5CBk0sbOtkDKU=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
-code.forgejo.org/forgejo/act v1.29.0 h1:CPiI0LRPU0f6gUdQj1ZVax0ySc8CfegY4hiRsymdZU0=
+code.forgejo.org/forgejo/act v1.32.0 h1:hns2WvrJs6qWCmvzoSllNGNzSvcDMcSvJvVtQj3FaQc=
-code.forgejo.org/forgejo/act v1.29.0/go.mod h1:RPqtuaI2FkC1SVOaYCRODo5jIfoMTBVgEOOP3Sdiuh4=
+code.forgejo.org/forgejo/act v1.32.0/go.mod h1:WkmxVBteC4zoyQGYp8ZFZY7Xb+jat+b7ChvqW6TxqF8=
 code.forgejo.org/forgejo/archiver/v3 v3.5.1 h1:UmmbA7D5550uf71SQjarmrn6yKwOGxtEjb3jaYYtmSE=
 code.forgejo.org/forgejo/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0 h1:RZGGeKt70p/WaIEL97pyT6uiiEIoN8/aLmS5Z6WmX0M=
@ -202,8 +202,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
-github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9 h1:j2TrkUG/NATGi/EQS+MvEoF79CxiRUmT16ErFroNcKI=
 github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9/go.mod h1:cJ9Ye0ZNSMN7RzZDBRY3E+8M3Bpf/R1JX22Ir9yX6WI=
 github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 h1:I2nuhyVI/48VXoRCCZR2hYBgnSXa+EuDJf/VyX06TC0=
@ -250,8 +250,8 @@ github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI6
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-webauthn/webauthn v0.13.3 h1:rvX539Gy9U4xAuFQRFJtkgoH5E1GEUyIVbHUDC89Mo4=
+github.com/go-webauthn/webauthn v0.13.4 h1:q68qusWPcqHbg9STSxBLBHnsKaLxNO0RnVKaAqMuAuQ=
-github.com/go-webauthn/webauthn v0.13.3/go.mod h1:H9EdVnxXFMMJyx8Nd/OL3aFFEop3Rb+Af1naR0IbuUQ=
+github.com/go-webauthn/webauthn v0.13.4/go.mod h1:MglN6OH9ECxvhDqoq1wMoF6P6JRYDiQpC9nc5OomQmI=
 github.com/go-webauthn/x v0.1.23 h1:9lEO0s+g8iTyz5Vszlg/rXTGrx3CjcD0RZQ1GPZCaxI=
 github.com/go-webauthn/x v0.1.23/go.mod h1:AJd3hI7NfEp/4fI6T4CHD753u91l510lglU7/NMN6+E=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
@ -548,8 +548,8 @@ github.com/yohcop/openid-go v1.0.1/go.mod h1:b/AvD03P0KHj4yuihb+VtLD6bYYgsy0zqBz
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yuin/goldmark v1.7.12 h1:YwGP/rrea2/CnCtUHgjuolG/PnMxdQtPMO5PvaE2/nY=
+github.com/yuin/goldmark v1.7.13 h1:GPddIs617DnBLFFVJFgpo1aBfe/4xcvMc3SB5t/D0pA=
-github.com/yuin/goldmark v1.7.12/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+github.com/yuin/goldmark v1.7.13/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I=
 github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
--- a/models/actions/task.go
+++ b/models/actions/task.go
@ -275,7 +275,7 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
 	}
 	var workflowJob *jobparser.Job
-	if gots, err := jobparser.Parse(job.WorkflowPayload); err != nil {
+	if gots, err := jobparser.Parse(job.WorkflowPayload, false); err != nil {
 		return nil, false, fmt.Errorf("parse workflow of job %d: %w", job.ID, err)
 	} else if len(gots) != 1 {
 		return nil, false, fmt.Errorf("workflow of job %d: not single workflow", job.ID)
--- a/models/activities/action.go
+++ b/models/activities/action.go
@ -473,8 +473,11 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 		return nil, 0, err
 	}
 	sess := db.GetEngine(ctx).Where(cond).
 		Select("`action`.*"). // this line will avoid select other joined table's columns
 		Join("INNER", "repository", "`repository`.id = `action`.repo_id")
 	opts.SetDefaultValues()
 	sess := db.GetEngine(ctx).Where(cond)
 	sess = db.SetSessionPagination(sess, &opts)
 	actions := make([]*Action, 0, opts.PageSize)
--- a/models/activities/action_test.go
+++ b/models/activities/action_test.go
@ -227,6 +227,24 @@ func TestNotifyWatchers(t *testing.T) {
 	})
 }
 func TestGetFeedsCorrupted(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 	unittest.AssertExistsAndLoadBean(t, &activities_model.Action{
 		ID:     8,
 		RepoID: 1700,
 	})
 	actions, count, err := activities_model.GetFeeds(db.DefaultContext, activities_model.GetFeedsOptions{
 		RequestedUser:  user,
 		Actor:          user,
 		IncludePrivate: true,
 	})
 	require.NoError(t, err)
 	assert.Empty(t, actions)
 	assert.Equal(t, int64(0), count)
 }
 func TestConsistencyUpdateAction(t *testing.T) {
 	if !setting.Database.Type.IsSQLite3() {
 		t.Skip("Test is only for SQLite database.")
--- a/models/fixtures/action.yml
+++ b/models/fixtures/action.yml
@ -59,6 +59,14 @@
  created_unix: 1603011540 # grouped with id:7
 - id: 8
  user_id: 1
  op_type: 12 # close issue
  act_user_id: 1
  repo_id: 1700 # dangling intentional
  is_private: false
  created_unix: 1603011541
 - id: 9
  user_id: 34
  op_type: 12 # close issue
  act_user_id: 34
--- a/models/forgejo_migrations/v32.go
+++ b/models/forgejo_migrations/v32.go
@ -12,6 +12,7 @@ import (
 	"strconv"
 	"strings"
 	"forgejo.org/models/db"
 	"forgejo.org/models/packages"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
@ -52,16 +53,10 @@ type mavenPackageResult struct {
 // ChangeMavenArtifactConcatenation resolves old dash-concatenated Maven coordinates and regenerates metadata.
 // Note: runs per-owner in a single transaction; failures roll back all owners.
 func ChangeMavenArtifactConcatenation(x *xorm.Engine) error {
-	sess := x.NewSession()
+	return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
 	defer sess.Close()
 	if err := sess.Begin(); err != nil {
 		return err
 	}
 		// get unique owner IDs of Maven packages
 		var ownerIDs []*int64
-	if err := sess.
+		if err := db.GetEngine(ctx).
 			Table("package").
 			Select("package.owner_id").
 			Where("package.type = 'maven'").
@ -72,35 +67,36 @@ func ChangeMavenArtifactConcatenation(x *xorm.Engine) error {
 		}
 		for _, id := range ownerIDs {
-		if err := fixMavenArtifactPerOwner(sess, id); err != nil {
+			if err := fixMavenArtifactPerOwner(ctx, id); err != nil {
 				log.Error("owner %d migration failed: %v", id, err)
 				return err // rollback all
 			}
 		}
-	return sess.Commit()
+		return nil
 	})
 }
-func fixMavenArtifactPerOwner(sess *xorm.Session, ownerID *int64) error {
+func fixMavenArtifactPerOwner(ctx context.Context, ownerID *int64) error {
-	results, err := getMavenPackageResultsToUpdate(sess, ownerID)
+	results, err := getMavenPackageResultsToUpdate(ctx, ownerID)
 	if err != nil {
 		return err
 	}
-	if err = resolvePackageCollisions(results, sess); err != nil {
+	if err = resolvePackageCollisions(ctx, results); err != nil {
 		return err
 	}
-	if err = processPackageVersions(results, sess); err != nil {
+	if err = processPackageVersions(ctx, results); err != nil {
 		return err
 	}
-	return processPackageFiles(results, sess)
+	return processPackageFiles(ctx, results)
 }
 // processPackageFiles updates Maven package files and versions in the database
 // Returns an error if any database or processing operation fails.
-func processPackageFiles(results []*mavenPackageResult, sess *xorm.Session) error {
+func processPackageFiles(ctx context.Context, results []*mavenPackageResult) error {
 	processedVersion := make(map[string][]*mavenPackageResult)
 	for _, r := range results {
@ -113,7 +109,7 @@ func processPackageFiles(results []*mavenPackageResult, sess *xorm.Session) erro
 		if r.PackageVersion.ID != r.PackageFile.VersionID {
 			pattern := strings.TrimSuffix(r.PackageFile.Name, ".pom") + "%"
 			// Per routers/api/packages/maven/maven.go:338, POM files already have the `IsLead`, so no update needed for this prop
-			if _, err := sess.Exec("UPDATE package_file SET version_id = ? WHERE version_id = ? and name like ?", r.PackageVersion.ID, r.PackageFile.VersionID, pattern); err != nil {
+			if _, err := db.GetEngine(ctx).Exec("UPDATE package_file SET version_id = ? WHERE version_id = ? and name like ?", r.PackageVersion.ID, r.PackageFile.VersionID, pattern); err != nil {
 				return err
 			}
 		}
@ -128,14 +124,14 @@ func processPackageFiles(results []*mavenPackageResult, sess *xorm.Session) erro
 		rs := packageResults[0]
-		pf, md, err := parseMetadata(sess, rs)
+		pf, md, err := parseMetadata(ctx, rs)
 		if err != nil {
 			return err
 		}
 		if pf != nil && md != nil && md.GroupID == rs.GroupID && md.ArtifactID == rs.ArtifactID {
 			if pf.VersionID != rs.PackageFile.VersionID {
-				if _, err := sess.ID(pf.ID).Cols("version_id").Update(pf); err != nil {
+				if _, err := db.GetEngine(ctx).ID(pf.ID).Cols("version_id").Update(pf); err != nil {
 					return err
 				}
 			}
@ -150,11 +146,9 @@ func processPackageFiles(results []*mavenPackageResult, sess *xorm.Session) erro
 // parseMetadata retrieves metadata for a Maven package file from the database and decodes it into a Metadata object.
 // Returns the associated PackageFile, Metadata, and any error encountered during processing.
-func parseMetadata(sess *xorm.Session, snapshot *mavenPackageResult) (*packages.PackageFile, *Metadata, error) {
+func parseMetadata(ctx context.Context, snapshot *mavenPackageResult) (*packages.PackageFile, *Metadata, error) {
 	ctx := context.Background()
 	var pf packages.PackageFile
-	found, err := sess.Table(pf).
+	found, err := db.GetEngine(ctx).Table(pf).
 		Where("version_id = ?", snapshot.PackageFile.VersionID). // still the old id
 		And("lower_name = ?", "maven-metadata.xml").
 		Get(&pf)
@ -183,7 +177,7 @@ func parseMetadata(sess *xorm.Session, snapshot *mavenPackageResult) (*packages.
 // processPackageVersions processes Maven package versions by updating metadata or inserting new records as necessary.
 // It avoids redundant updates by tracking already processed versions using a map. Returns an error on failure.
-func processPackageVersions(results []*mavenPackageResult, sess *xorm.Session) error {
+func processPackageVersions(ctx context.Context, results []*mavenPackageResult) error {
 	processedVersion := make(map[string]int64)
 	for _, r := range results {
@ -196,14 +190,14 @@ func processPackageVersions(results []*mavenPackageResult, sess *xorm.Session) e
 		// for non collisions, just update the metadata
 		if r.PackageVersion.PackageID == r.Package.ID {
-			if _, err := sess.ID(r.PackageVersion.ID).Cols("metadata_json").Update(r.PackageVersion); err != nil {
+			if _, err := db.GetEngine(ctx).ID(r.PackageVersion.ID).Cols("metadata_json").Update(r.PackageVersion); err != nil {
 				return err
 			}
 		} else {
 			log.Info("Create new maven package version for %s:%s", r.PackageName, r.PackageVersion.Version)
 			r.PackageVersion.ID = 0
 			r.PackageVersion.PackageID = r.Package.ID
-			if _, err := sess.Insert(r.PackageVersion); err != nil {
+			if _, err := db.GetEngine(ctx).Insert(r.PackageVersion); err != nil {
 				return err
 			}
 		}
@ -216,10 +210,9 @@ func processPackageVersions(results []*mavenPackageResult, sess *xorm.Session) e
 // getMavenPackageResultsToUpdate retrieves Maven package results that need updates based on the owner ID.
 // It processes POM metadata, fixes package inconsistencies, and filters corrupted package versions.
-func getMavenPackageResultsToUpdate(sess *xorm.Session, ownerID *int64) ([]*mavenPackageResult, error) {
+func getMavenPackageResultsToUpdate(ctx context.Context, ownerID *int64) ([]*mavenPackageResult, error) {
 	ctx := context.Background()
 	var candidates []*mavenPackageResult
-	if err := sess.
+	if err := db.GetEngine(ctx).
 		Table("package_file").
 		Select("package_file.*, package_version.*, package.*").
 		Join("INNER", "package_version", "package_version.id = package_file.version_id").
@ -265,7 +258,7 @@ func getMavenPackageResultsToUpdate(sess *xorm.Session, ownerID *int64) ([]*mave
 // resolvePackageCollisions handles name collisions by keeping the first existing record and inserting new Package records for subsequent collisions.
 // Returns a map from PackageName to its resolved Package.ID.
-func resolvePackageCollisions(results []*mavenPackageResult, sess *xorm.Session) error {
+func resolvePackageCollisions(ctx context.Context, results []*mavenPackageResult) error {
 	// Group new names by lowerName
 	collisions := make(map[string][]string)
 	for _, r := range results {
@ -292,7 +285,7 @@ func resolvePackageCollisions(results []*mavenPackageResult, sess *xorm.Session)
 		} else if list[0] == r.PackageName {
 			pkgIDByName[r.PackageName] = r.Package.ID
-			if _, err = sess.ID(r.Package.ID).Cols("name", "lower_name").Update(r.Package); err != nil {
+			if _, err = db.GetEngine(ctx).ID(r.Package.ID).Cols("name", "lower_name").Update(r.Package); err != nil {
 				return err
 			}
 			// create a new entry
@ -300,7 +293,7 @@ func resolvePackageCollisions(results []*mavenPackageResult, sess *xorm.Session)
 			log.Info("Create new maven package for %s", r.Package.Name)
 			r.Package.ID = 0
-			if _, err = sess.Insert(r.Package); err != nil {
+			if _, err = db.GetEngine(ctx).Insert(r.Package); err != nil {
 				return err
 			}
--- a/models/issues/action_aggregator.go
+++ b/models/issues/action_aggregator.go
@ -4,6 +4,7 @@
 package issues
 import (
 	"context"
 	"slices"
 	"forgejo.org/models/organization"
@ -374,3 +375,10 @@ func (t *RequestReviewTarget) Type() string {
 	}
 	return "team"
 }
 func (t *RequestReviewTarget) Link(ctx context.Context) string {
 	if t.User != nil {
 		return t.User.HomeLink()
 	}
 	return t.Team.Link(ctx)
 }
--- a/models/issues/action_aggregator_test.go
+++ b/models/issues/action_aggregator_test.go
@ -0,0 +1,37 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 package issues
 import (
 	"testing"
 	"forgejo.org/models/db"
 	org_model "forgejo.org/models/organization"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"github.com/stretchr/testify/assert"
 )
 func TestRequestReviewTarget(t *testing.T) {
 	unittest.PrepareTestEnv(t)
 	target := RequestReviewTarget{User: &user_model.User{ID: 1, Name: "user1"}}
 	assert.Equal(t, int64(1), target.ID())
 	assert.Equal(t, "user1", target.Name())
 	assert.Equal(t, "user", target.Type())
 	assert.Equal(t, "/user1", target.Link(db.DefaultContext))
 	target = RequestReviewTarget{Team: &org_model.Team{ID: 2, Name: "Collaborators", OrgID: 3}}
 	assert.Equal(t, int64(2), target.ID())
 	assert.Equal(t, "Collaborators", target.Name())
 	assert.Equal(t, "team", target.Type())
 	assert.Equal(t, "/org/org3/teams/Collaborators", target.Link(db.DefaultContext))
 	target = RequestReviewTarget{Team: org_model.NewGhostTeam()}
 	assert.Equal(t, int64(-1), target.ID())
 	assert.Equal(t, "Ghost team", target.Name())
 	assert.Equal(t, "team", target.Type())
 	assert.Empty(t, target.Link(db.DefaultContext))
 }
--- a/models/issues/moderation.go
+++ b/models/issues/moderation.go
@ -5,6 +5,7 @@ package issues
 import (
 	"context"
 	"strconv"
 	"forgejo.org/models/moderation"
 	"forgejo.org/modules/json"
@ -24,6 +25,21 @@ type IssueData struct {
 	UpdatedUnix    timeutil.TimeStamp
 }
 // Implements GetFieldsMap() from ShadowCopyData interface, returning a list of <key, value> pairs
 // to be used when rendering the shadow copy for admins reviewing the corresponding abuse report(s).
 func (cd IssueData) GetFieldsMap() []moderation.ShadowCopyField {
 	return []moderation.ShadowCopyField{
 		{Key: "RepoID", Value: strconv.FormatInt(cd.RepoID, 10)},
 		{Key: "Index", Value: strconv.FormatInt(cd.Index, 10)},
 		{Key: "PosterID", Value: strconv.FormatInt(cd.PosterID, 10)},
 		{Key: "Title", Value: cd.Title},
 		{Key: "Content", Value: cd.Content},
 		{Key: "ContentVersion", Value: strconv.Itoa(cd.ContentVersion)},
 		{Key: "CreatedUnix", Value: cd.CreatedUnix.AsLocalTime().String()},
 		{Key: "UpdatedUnix", Value: cd.UpdatedUnix.AsLocalTime().String()},
 	}
 }
 // newIssueData creates a trimmed down issue to be used just to create a JSON structure
 // (keeping only the fields relevant for moderation purposes)
 func newIssueData(issue *Issue) IssueData {
@ -31,8 +47,8 @@ func newIssueData(issue *Issue) IssueData {
 		RepoID:         issue.RepoID,
 		Index:          issue.Index,
 		PosterID:       issue.PosterID,
 		Content:        issue.Content,
 		Title:          issue.Title,
 		Content:        issue.Content,
 		ContentVersion: issue.ContentVersion,
 		CreatedUnix:    issue.CreatedUnix,
 		UpdatedUnix:    issue.UpdatedUnix,
@ -50,6 +66,19 @@ type CommentData struct {
 	UpdatedUnix    timeutil.TimeStamp
 }
 // Implements GetFieldsMap() from ShadowCopyData interface, returning a list of <key, value> pairs
 // to be used when rendering the shadow copy for admins reviewing the corresponding abuse report(s).
 func (cd CommentData) GetFieldsMap() []moderation.ShadowCopyField {
 	return []moderation.ShadowCopyField{
 		{Key: "PosterID", Value: strconv.FormatInt(cd.PosterID, 10)},
 		{Key: "IssueID", Value: strconv.FormatInt(cd.IssueID, 10)},
 		{Key: "Content", Value: cd.Content},
 		{Key: "ContentVersion", Value: strconv.Itoa(cd.ContentVersion)},
 		{Key: "CreatedUnix", Value: cd.CreatedUnix.AsLocalTime().String()},
 		{Key: "UpdatedUnix", Value: cd.UpdatedUnix.AsLocalTime().String()},
 	}
 }
 // newCommentData creates a trimmed down comment to be used just to create a JSON structure
 // (keeping only the fields relevant for moderation purposes)
 func newCommentData(comment *Comment) CommentData {
--- a/models/issues/moderation_test.go
+++ b/models/issues/moderation_test.go
@ -0,0 +1,70 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 package issues_test
 import (
 	"testing"
 	"forgejo.org/models/issues"
 	"forgejo.org/models/moderation"
 	"forgejo.org/modules/timeutil"
 	"github.com/stretchr/testify/assert"
 )
 const (
 	tsCreated timeutil.TimeStamp = timeutil.TimeStamp(1753093500) // 2025-07-21 10:25:00 UTC
 	tsUpdated timeutil.TimeStamp = timeutil.TimeStamp(1753093525) // 2025-07-21 10:25:25 UTC
 )
 func testShadowCopyField(t *testing.T, scField moderation.ShadowCopyField, key, value string) {
 	assert.Equal(t, key, scField.Key)
 	assert.Equal(t, value, scField.Value)
 }
 func TestIssueDataGetFieldsMap(t *testing.T) {
 	id := issues.IssueData{
 		RepoID:         2001,
 		Index:          2,
 		PosterID:       1002,
 		Title:          "Professional marketing services",
 		Content:        "Visit my website at promote-your-business.biz for a list of available services.",
 		ContentVersion: 0,
 		CreatedUnix:    tsCreated,
 		UpdatedUnix:    tsUpdated,
 	}
 	scFields := id.GetFieldsMap()
 	if assert.Len(t, scFields, 8) {
 		testShadowCopyField(t, scFields[0], "RepoID", "2001")
 		testShadowCopyField(t, scFields[1], "Index", "2")
 		testShadowCopyField(t, scFields[2], "PosterID", "1002")
 		testShadowCopyField(t, scFields[3], "Title", "Professional marketing services")
 		testShadowCopyField(t, scFields[4], "Content", "Visit my website at promote-your-business.biz for a list of available services.")
 		testShadowCopyField(t, scFields[5], "ContentVersion", "0")
 		testShadowCopyField(t, scFields[6], "CreatedUnix", tsCreated.AsLocalTime().String())
 		testShadowCopyField(t, scFields[7], "UpdatedUnix", tsUpdated.AsLocalTime().String())
 	}
 }
 func TestCommentDataGetFieldsMap(t *testing.T) {
 	cd := issues.CommentData{
 		PosterID:       1002,
 		IssueID:        3001,
 		Content:        "Check out [alexsmith/website](/alexsmith/website)",
 		ContentVersion: 0,
 		CreatedUnix:    tsCreated,
 		UpdatedUnix:    tsUpdated,
 	}
 	scFields := cd.GetFieldsMap()
 	if assert.Len(t, scFields, 6) {
 		testShadowCopyField(t, scFields[0], "PosterID", "1002")
 		testShadowCopyField(t, scFields[1], "IssueID", "3001")
 		testShadowCopyField(t, scFields[2], "Content", "Check out [alexsmith/website](/alexsmith/website)")
 		testShadowCopyField(t, scFields[3], "ContentVersion", "0")
 		testShadowCopyField(t, scFields[4], "CreatedUnix", tsCreated.AsLocalTime().String())
 		testShadowCopyField(t, scFields[5], "UpdatedUnix", tsUpdated.AsLocalTime().String())
 	}
 }
--- a/models/moderation/abuse_report.go
+++ b/models/moderation/abuse_report.go
@ -47,14 +47,21 @@ const (
 	AbuseCategoryTypeIllegalContent                              // 4
 )
 var AbuseCategoriesTranslationKeys = map[AbuseCategoryType]string{
 	AbuseCategoryTypeSpam:           "moderation.abuse_category.spam",
 	AbuseCategoryTypeMalware:        "moderation.abuse_category.malware",
 	AbuseCategoryTypeIllegalContent: "moderation.abuse_category.illegal_content",
 	AbuseCategoryTypeOther:          "moderation.abuse_category.other_violations",
 }
 // GetAbuseCategoriesList returns a list of pairs with the available abuse category types
 // and their corresponding translation keys
 func GetAbuseCategoriesList() []AbuseCategoryItem {
 	return []AbuseCategoryItem{
-		{AbuseCategoryTypeSpam, "moderation.abuse_category.spam"},
+		{AbuseCategoryTypeSpam, AbuseCategoriesTranslationKeys[AbuseCategoryTypeSpam]},
-		{AbuseCategoryTypeMalware, "moderation.abuse_category.malware"},
+		{AbuseCategoryTypeMalware, AbuseCategoriesTranslationKeys[AbuseCategoryTypeMalware]},
-		{AbuseCategoryTypeIllegalContent, "moderation.abuse_category.illegal_content"},
+		{AbuseCategoryTypeIllegalContent, AbuseCategoriesTranslationKeys[AbuseCategoryTypeIllegalContent]},
-		{AbuseCategoryTypeOther, "moderation.abuse_category.other_violations"},
+		{AbuseCategoryTypeOther, AbuseCategoriesTranslationKeys[AbuseCategoryTypeOther]},
 	}
 }
--- a/models/moderation/abuse_report_detailed.go
+++ b/models/moderation/abuse_report_detailed.go
@ -0,0 +1,135 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 package moderation
 import (
 	"context"
 	"fmt"
 	"strings"
 	"forgejo.org/models/db"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/timeutil"
 	"xorm.io/builder"
 )
 type AbuseReportDetailed struct {
 	AbuseReport        `xorm:"extends"`
 	ReportedTimes      int // only for overview
 	ReporterName       string
 	ContentReference   string
 	ShadowCopyDate     timeutil.TimeStamp // only for details
 	ShadowCopyRawValue string             // only for details
 }
 func (ard AbuseReportDetailed) ContentTypeIconName() string {
 	switch ard.ContentType {
 	case ReportedContentTypeUser:
 		return "octicon-person"
 	case ReportedContentTypeRepository:
 		return "octicon-repo"
 	case ReportedContentTypeIssue:
 		return "octicon-issue-opened"
 	case ReportedContentTypeComment:
 		return "octicon-comment"
 	default:
 		return "octicon-question"
 	}
 }
 func (ard AbuseReportDetailed) ContentURL() string {
 	switch ard.ContentType {
 	case ReportedContentTypeUser:
 		return strings.TrimLeft(ard.ContentReference, "@")
 	case ReportedContentTypeIssue:
 		return strings.ReplaceAll(ard.ContentReference, "#", "/issues/")
 	default:
 		return ard.ContentReference
 	}
 }
 func GetOpenReports(ctx context.Context) ([]*AbuseReportDetailed, error) {
 	var reports []*AbuseReportDetailed
 	// - For PostgreSQL user table name should be escaped.
 	//   - Escaping can be done with double quotes (") but this doesn't work for MariaDB.
 	// - For SQLite index column name should be escaped.
 	//   - Escaping can be done with double quotes (") or backticks (`).
 	// - For MariaDB/MySQL there is no need to escape the above.
 	// - Therefore we will use double quotes (") but only for PostgreSQL and SQLite.
 	identifierEscapeChar := ``
 	if setting.Database.Type.IsPostgreSQL() || setting.Database.Type.IsSQLite3() {
 		identifierEscapeChar = `"`
 	}
 	err := db.GetEngine(ctx).SQL(fmt.Sprintf(`SELECT AR.*, ARD.reported_times, U.name AS reporter_name, REFS.ref AS content_reference
 		FROM abuse_report AR
 		INNER JOIN (
 			SELECT min(id) AS id, count(id) AS reported_times
 			FROM abuse_report
 			WHERE status = %[2]d
 			GROUP BY content_type, content_id
 		) ARD ON ARD.id = AR.id
 		LEFT JOIN %[1]suser%[1]s U ON U.id = AR.reporter_id
 		LEFT JOIN (
 			SELECT %[3]d AS type, id, concat('@', name) AS "ref"
 			FROM %[1]suser%[1]s WHERE id IN (
 				SELECT content_id FROM abuse_report WHERE status = %[2]d AND content_type = %[3]d
 			)
 			UNION
 			SELECT %[4]d AS "type", id, concat(owner_name, '/', name) AS "ref"
 			FROM repository WHERE id IN (
 				SELECT content_id FROM abuse_report WHERE status = %[2]d AND content_type = %[4]d
 			)
 			UNION
 			SELECT %[5]d AS "type", I.id, concat(IR.owner_name, '/', IR.name, '#', I.%[1]sindex%[1]s) AS "ref"
 			FROM issue I
 			LEFT JOIN repository IR ON IR.id = I.repo_id
 			WHERE I.id IN (
 				SELECT content_id FROM abuse_report WHERE status = %[2]d AND content_type = %[5]d
 			)
 			UNION
 			SELECT %[6]d AS "type", C.id, concat(CIR.owner_name, '/', CIR.name, '/issues/', CI.%[1]sindex%[1]s, '#issuecomment-', C.id) AS "ref"
 			FROM comment C
 			LEFT JOIN issue CI ON CI.id = C.issue_id
 			LEFT JOIN repository CIR ON CIR.id = CI.repo_id
 			WHERE C.id IN (
 				SELECT content_id FROM abuse_report WHERE status = %[2]d AND content_type = %[6]d
 			)
 		) REFS ON REFS.type = AR.content_type AND REFS.id = AR.content_id
 		ORDER BY AR.created_unix ASC`, identifierEscapeChar, ReportStatusTypeOpen,
 		ReportedContentTypeUser, ReportedContentTypeRepository, ReportedContentTypeIssue, ReportedContentTypeComment)).
 		Find(&reports)
 	if err != nil {
 		return nil, err
 	}
 	return reports, nil
 }
 func GetOpenReportsByTypeAndContentID(ctx context.Context, contentType ReportedContentType, contentID int64) ([]*AbuseReportDetailed, error) {
 	var reports []*AbuseReportDetailed
 	// Some remarks concerning PostgreSQL:
 	// - user table should be escaped (e.g. `user`);
 	// - tried to use aliases for table names but errors like 'invalid reference to FROM-clause entry'
 	//   or 'missing FROM-clause entry' were returned;
 	err := db.GetEngine(ctx).
 		Select("abuse_report.*, `user`.name AS reporter_name, abuse_report_shadow_copy.created_unix AS shadow_copy_date, abuse_report_shadow_copy.raw_value AS shadow_copy_raw_value").
 		Table("abuse_report").
 		Join("LEFT", "user", "`user`.id = abuse_report.reporter_id").
 		Join("LEFT", "abuse_report_shadow_copy", "abuse_report_shadow_copy.id = abuse_report.shadow_copy_id").
 		Where(builder.Eq{
 			"content_type": contentType,
 			"content_id":   contentID,
 			"status":       ReportStatusTypeOpen,
 		}).
 		Asc("abuse_report.created_unix").
 		Find(&reports)
 	if err != nil {
 		return nil, err
 	}
 	return reports, nil
 }
--- a/models/moderation/shadow_copy.go
+++ b/models/moderation/shadow_copy.go
@ -26,6 +26,22 @@ func (sc AbuseReportShadowCopy) NullableID() sql.NullInt64 {
 	return sql.NullInt64{Int64: sc.ID, Valid: sc.ID > 0}
 }
 // ShadowCopyField defines a pair of a value stored within the shadow copy
 // (of some content reported as abusive) and a corresponding key (caption).
 // A list of such pairs is used when rendering shadow copies for admins reviewing abuse reports.
 type ShadowCopyField struct {
 	Key   string
 	Value string
 }
 // ShadowCopyData interface should be implemented by the type structs used for marshaling/unmarshaling the fields
 // preserved as shadow copies for abusive content reports (i.e. UserData, RepositoryData, IssueData, CommentData).
 type ShadowCopyData interface {
 	// GetFieldsMap returns a list of <key, value> pairs with the fields stored within shadow copies
 	// of content reported as abusive, to be used when rendering a shadow copy in the admin UI.
 	GetFieldsMap() []ShadowCopyField
 }
 func init() {
 	// RegisterModel will create the table if does not already exist
 	// or any missing columns if the table was previously created.
--- a/models/organization/org.go
+++ b/models/organization/org.go
@ -186,6 +186,11 @@ func (org *Organization) CanCreateRepo() bool {
 	return org.AsUser().CanCreateRepo()
 }
 // IsGhost returns if the organization is a ghost
 func (org *Organization) IsGhost() bool {
 	return org.AsUser().IsGhost()
 }
 // FindOrgMembersOpts represensts find org members conditions
 type FindOrgMembersOpts struct {
 	db.ListOptions
--- a/models/organization/team.go
+++ b/models/organization/team.go
@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2018 The Gitea Authors. All rights reserved.
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package organization
@ -7,6 +8,7 @@ package organization
 import (
 	"context"
 	"fmt"
 	"net/url"
 	"strings"
 	"forgejo.org/models/db"
@ -20,13 +22,6 @@ import (
 	"xorm.io/builder"
 )
 // ___________
 // \__    ___/___ _____    _____
 //   |    |_/ __ \\__  \  /     \
 //   |    |\  ___/ / __ \|  Y Y  \
 //   |____| \___  >____  /__|_|  /
 //              \/     \/      \/
 // ErrTeamAlreadyExist represents a "TeamAlreadyExist" kind of error.
 type ErrTeamAlreadyExist struct {
 	OrgID int64
@ -193,6 +188,27 @@ func (t *Team) UnitAccessMode(ctx context.Context, tp unit.Type) perm.AccessMode
 	return perm.AccessModeNone
 }
 // GetOrg returns the team's organization
 func (t *Team) GetOrg(ctx context.Context) *Organization {
 	org, err := GetOrgByID(ctx, t.OrgID)
 	if err != nil {
 		return OrgFromUser(user_model.NewGhostUser())
 	}
 	return org
 }
 // Link returns the team's page link
 func (t *Team) Link(ctx context.Context) string {
 	if t.IsGhost() {
 		return ""
 	}
 	org := t.GetOrg(ctx)
 	if org.IsGhost() {
 		return ""
 	}
 	return org.OrganisationLink() + "/teams/" + url.PathEscape(t.Name)
 }
 // IsUsableTeamName tests if a name could be as team name
 func IsUsableTeamName(name string) error {
 	switch name {
@ -293,10 +309,22 @@ func FixInconsistentOwnerTeams(ctx context.Context) (int64, error) {
 	return int64(len(teamIDs)), nil
 }
 const (
 	GhostTeamID        = -1
 	GhostTeamName      = "Ghost team"
 	GhostTeamLowerName = "ghost team"
 )
 // NewGhostTeam creates ghost team (for deleted team)
 func NewGhostTeam() *Team {
 	return &Team{
-		ID:        -1,
+		ID:        GhostTeamID,
-		Name:      "Ghost team",
+		Name:      GhostTeamName,
-		LowerName: "ghost team",
+		LowerName: GhostTeamLowerName,
 	}
 }
 // IsGhost returns if a team is a ghost team
 func (t *Team) IsGhost() bool {
 	return t.ID == GhostTeamID
 }
--- a/models/organization/team_test.go
+++ b/models/organization/team_test.go
@ -1,4 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package organization_test
@ -15,14 +16,33 @@ import (
 	"github.com/stretchr/testify/require"
 )
-func TestTeam_IsOwnerTeam(t *testing.T) {
+func TestTeam(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
-	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 1})
+	owners := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 1})
-	assert.True(t, team.IsOwnerTeam())
+	assert.Equal(t, int64(3), owners.GetOrg(db.DefaultContext).ID)
 	assert.Equal(t, "/org/org3/teams/Owners", owners.Link(db.DefaultContext))
 	assert.False(t, owners.IsGhost())
 	assert.True(t, owners.IsOwnerTeam())
-	team = unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})
+	team1 := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})
-	assert.False(t, team.IsOwnerTeam())
+	assert.Equal(t, int64(3), team1.GetOrg(db.DefaultContext).ID)
 	assert.Equal(t, "/org/org3/teams/team1", team1.Link(db.DefaultContext))
 	assert.False(t, team1.IsGhost())
 	assert.False(t, team1.IsOwnerTeam())
 	ghost := organization.NewGhostTeam()
 	assert.Equal(t, int64(-1), ghost.ID)
 	assert.Equal(t, int64(-1), ghost.GetOrg(db.DefaultContext).ID)
 	assert.Empty(t, ghost.Link(db.DefaultContext))
 	assert.True(t, ghost.IsGhost())
 	assert.False(t, ghost.IsOwnerTeam())
 	ghosted := organization.Team{ID: 10, Name: "Ghosted"}
 	assert.Equal(t, int64(-1), ghosted.GetOrg(db.DefaultContext).ID)
 	assert.Empty(t, ghosted.Link(db.DefaultContext))
 	assert.False(t, ghosted.IsGhost())
 	assert.False(t, ghosted.IsOwnerTeam())
 }
 func TestTeam_IsMember(t *testing.T) {
--- a/models/repo/moderation.go
+++ b/models/repo/moderation.go
@ -5,6 +5,8 @@ package repo
 import (
 	"context"
 	"strconv"
 	"strings"
 	"forgejo.org/models/moderation"
 	"forgejo.org/modules/json"
@ -25,6 +27,22 @@ type RepositoryData struct {
 	UpdatedUnix timeutil.TimeStamp
 }
 // Implements GetFieldsMap() from ShadowCopyData interface, returning a list of <key, value> pairs
 // to be used when rendering the shadow copy for admins reviewing the corresponding abuse report(s).
 func (rd RepositoryData) GetFieldsMap() []moderation.ShadowCopyField {
 	return []moderation.ShadowCopyField{
 		{Key: "OwnerID", Value: strconv.FormatInt(rd.OwnerID, 10)},
 		{Key: "OwnerName", Value: rd.OwnerName},
 		{Key: "Name", Value: rd.Name},
 		{Key: "Description", Value: rd.Description},
 		{Key: "Website", Value: rd.Website},
 		{Key: "Topics", Value: strings.Join(rd.Topics, ", ")},
 		{Key: "Avatar", Value: rd.Avatar},
 		{Key: "CreatedUnix", Value: rd.CreatedUnix.AsLocalTime().String()},
 		{Key: "UpdatedUnix", Value: rd.UpdatedUnix.AsLocalTime().String()},
 	}
 }
 // newRepositoryData creates a trimmed down repository to be used just to create a JSON structure
 // (keeping only the fields relevant for moderation purposes)
 func newRepositoryData(repo *Repository) RepositoryData {
--- a/models/repo/moderation_test.go
+++ b/models/repo/moderation_test.go
@ -0,0 +1,51 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 package repo_test
 import (
 	"testing"
 	"forgejo.org/models/moderation"
 	"forgejo.org/models/repo"
 	"forgejo.org/modules/timeutil"
 	"github.com/stretchr/testify/assert"
 )
 const (
 	tsCreated timeutil.TimeStamp = timeutil.TimeStamp(1753093500) // 2025-07-21 10:25:00 UTC
 	tsUpdated timeutil.TimeStamp = timeutil.TimeStamp(1753093525) // 2025-07-21 10:25:25 UTC
 )
 func testShadowCopyField(t *testing.T, scField moderation.ShadowCopyField, key, value string) {
 	assert.Equal(t, key, scField.Key)
 	assert.Equal(t, value, scField.Value)
 }
 func TestRepositoryDataGetFieldsMap(t *testing.T) {
 	rd := repo.RepositoryData{
 		OwnerID:     1002,
 		OwnerName:   "alexsmith",
 		Name:        "website",
 		Description: "My static website.",
 		Website:     "http://promote-your-business.biz",
 		Topics:      []string{"bulk-email", "email-services"},
 		Avatar:      "avatar-hash-repo-2002",
 		CreatedUnix: tsCreated,
 		UpdatedUnix: tsUpdated,
 	}
 	scFields := rd.GetFieldsMap()
 	if assert.Len(t, scFields, 9) {
 		testShadowCopyField(t, scFields[0], "OwnerID", "1002")
 		testShadowCopyField(t, scFields[1], "OwnerName", "alexsmith")
 		testShadowCopyField(t, scFields[2], "Name", "website")
 		testShadowCopyField(t, scFields[3], "Description", "My static website.")
 		testShadowCopyField(t, scFields[4], "Website", "http://promote-your-business.biz")
 		testShadowCopyField(t, scFields[5], "Topics", "bulk-email, email-services")
 		testShadowCopyField(t, scFields[6], "Avatar", "avatar-hash-repo-2002")
 		testShadowCopyField(t, scFields[7], "CreatedUnix", tsCreated.AsLocalTime().String())
 		testShadowCopyField(t, scFields[8], "UpdatedUnix", tsUpdated.AsLocalTime().String())
 	}
 }
--- a/models/user/moderation.go
+++ b/models/user/moderation.go
@ -37,6 +37,26 @@ type UserData struct { //revive:disable-line:exported
 	AvatarEmail string
 }
 // Implements GetFieldsMap() from ShadowCopyData interface, returning a list of <key, value> pairs
 // to be used when rendering the shadow copy for admins reviewing the corresponding abuse report(s).
 func (ud UserData) GetFieldsMap() []moderation.ShadowCopyField {
 	return []moderation.ShadowCopyField{
 		{Key: "Name", Value: ud.Name},
 		{Key: "FullName", Value: ud.FullName},
 		{Key: "Email", Value: ud.Email},
 		{Key: "LoginName", Value: ud.LoginName},
 		{Key: "Location", Value: ud.Location},
 		{Key: "Website", Value: ud.Website},
 		{Key: "Pronouns", Value: ud.Pronouns},
 		{Key: "Description", Value: ud.Description},
 		{Key: "CreatedUnix", Value: ud.CreatedUnix.AsLocalTime().String()},
 		{Key: "UpdatedUnix", Value: ud.UpdatedUnix.AsLocalTime().String()},
 		{Key: "LastLogin", Value: ud.LastLogin.AsLocalTime().String()},
 		{Key: "Avatar", Value: ud.Avatar},
 		{Key: "AvatarEmail", Value: ud.AvatarEmail},
 	}
 }
 // newUserData creates a trimmed down user to be used just to create a JSON structure
 // (keeping only the fields relevant for moderation purposes)
 func newUserData(user *User) UserData {
--- a/models/user/moderation_test.go
+++ b/models/user/moderation_test.go
@ -0,0 +1,60 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 package user_test
 import (
 	"testing"
 	"forgejo.org/models/moderation"
 	"forgejo.org/models/user"
 	"forgejo.org/modules/timeutil"
 	"github.com/stretchr/testify/assert"
 )
 const (
 	tsCreated   timeutil.TimeStamp = timeutil.TimeStamp(1753093200) // 2025-07-21 10:20:00 UTC
 	tsUpdated   timeutil.TimeStamp = timeutil.TimeStamp(1753093320) // 2025-07-21 10:22:00 UTC
 	tsLastLogin timeutil.TimeStamp = timeutil.TimeStamp(1753093800) // 2025-07-21 10:30:00 UTC
 )
 func testShadowCopyField(t *testing.T, scField moderation.ShadowCopyField, key, value string) {
 	assert.Equal(t, key, scField.Key)
 	assert.Equal(t, value, scField.Value)
 }
 func TestUserDataGetFieldsMap(t *testing.T) {
 	ud := user.UserData{
 		Name:        "alexsmith",
 		FullName:    "Alex Smith",
 		Email:       "alexsmith@example.org",
 		LoginName:   "",
 		Location:    "@master@seo.net",
 		Website:     "http://promote-your-business.biz",
 		Pronouns:    "SEO",
 		Description: "I can help you promote your business online using SEO.",
 		CreatedUnix: tsCreated,
 		UpdatedUnix: tsUpdated,
 		LastLogin:   tsLastLogin,
 		Avatar:      "avatar-hash-user-1002",
 		AvatarEmail: "alexsmith@example.org",
 	}
 	scFields := ud.GetFieldsMap()
 	if assert.Len(t, scFields, 13) {
 		testShadowCopyField(t, scFields[0], "Name", "alexsmith")
 		testShadowCopyField(t, scFields[1], "FullName", "Alex Smith")
 		testShadowCopyField(t, scFields[2], "Email", "alexsmith@example.org")
 		testShadowCopyField(t, scFields[3], "LoginName", "")
 		testShadowCopyField(t, scFields[4], "Location", "@master@seo.net")
 		testShadowCopyField(t, scFields[5], "Website", "http://promote-your-business.biz")
 		testShadowCopyField(t, scFields[6], "Pronouns", "SEO")
 		testShadowCopyField(t, scFields[7], "Description", "I can help you promote your business online using SEO.")
 		testShadowCopyField(t, scFields[8], "CreatedUnix", tsCreated.AsLocalTime().String())
 		testShadowCopyField(t, scFields[9], "UpdatedUnix", tsUpdated.AsLocalTime().String())
 		testShadowCopyField(t, scFields[10], "LastLogin", tsLastLogin.AsLocalTime().String())
 		testShadowCopyField(t, scFields[11], "Avatar", "avatar-hash-user-1002")
 		testShadowCopyField(t, scFields[12], "AvatarEmail", "alexsmith@example.org")
 	}
 }
--- a/models/user/user.go
+++ b/models/user/user.go
@ -296,6 +296,9 @@ func (u *User) CanImportLocal() bool {
 // DashboardLink returns the user dashboard page link.
 func (u *User) DashboardLink() string {
 	if u.IsGhost() {
 		return ""
 	}
 	if u.IsOrganization() {
 		return u.OrganisationLink() + "/dashboard"
 	}
@ -304,16 +307,25 @@ func (u *User) DashboardLink() string {
 // HomeLink returns the user or organization home page link.
 func (u *User) HomeLink() string {
 	if u.IsGhost() {
 		return ""
 	}
 	return setting.AppSubURL + "/" + url.PathEscape(u.Name)
 }
 // HTMLURL returns the user or organization's full link.
 func (u *User) HTMLURL() string {
 	if u.IsGhost() {
 		return ""
 	}
 	return setting.AppURL + url.PathEscape(u.Name)
 }
 // OrganisationLink returns the organization sub page link.
 func (u *User) OrganisationLink() string {
 	if u.IsGhost() || !u.IsOrganization() {
 		return ""
 	}
 	return setting.AppSubURL + "/org/" + url.PathEscape(u.Name)
 }
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@ -46,6 +46,28 @@ func TestIsValidUserID(t *testing.T) {
 	assert.True(t, user_model.IsValidUserID(200))
 }
 func TestUserLinks(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 	assert.Equal(t, "/", user1.DashboardLink())
 	assert.Equal(t, "/user1", user1.HomeLink())
 	assert.Equal(t, "https://try.gitea.io/user1", user1.HTMLURL())
 	assert.Empty(t, user1.OrganisationLink())
 	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})
 	assert.Equal(t, "/org/org3/dashboard", org3.DashboardLink())
 	assert.Equal(t, "/org3", org3.HomeLink())
 	assert.Equal(t, "https://try.gitea.io/org3", org3.HTMLURL())
 	assert.Equal(t, "/org/org3", org3.OrganisationLink())
 	ghost := user_model.NewGhostUser()
 	assert.Empty(t, ghost.DashboardLink())
 	assert.Empty(t, ghost.HomeLink())
 	assert.Empty(t, ghost.HTMLURL())
 	assert.Empty(t, ghost.OrganisationLink())
 }
 func TestGetUserFromMap(t *testing.T) {
 	id := int64(200)
 	idMap := map[int64]*user_model.User{
--- a/modules/actions/workflows.go
+++ b/modules/actions/workflows.go
@ -86,7 +86,7 @@ func GetContentFromEntry(entry *git.TreeEntry) ([]byte, error) {
 }
 func GetEventsFromContent(content []byte) ([]*jobparser.Event, error) {
-	workflow, err := model.ReadWorkflow(bytes.NewReader(content))
+	workflow, err := model.ReadWorkflow(bytes.NewReader(content), false)
 	if err != nil {
 		return nil, err
 	}
--- a/modules/assetfs/layered.go
+++ b/modules/assetfs/layered.go
@ -56,14 +56,7 @@ func Local(name, base string, sub ...string) *Layer {
 		panic(fmt.Sprintf("Unable to get absolute path for %q: %v", base, err))
 	}
 	root := util.FilePathJoinAbs(base, sub...)
-	fsRoot, err := os.OpenRoot(root)
+	return &Layer{name: name, fs: os.DirFS(root), localPath: root}
 	if err != nil {
 		if errors.Is(err, fs.ErrNotExist) {
 			return nil
 		}
 		panic(fmt.Sprintf("Unable to open layer %q", err))
 	}
 	return &Layer{name: name, fs: fsRoot.FS(), localPath: root}
 }
 // Bindata returns a new Layer with the given name, it serves files from the given bindata asset.
@ -80,7 +73,7 @@ type LayeredFS struct {
 // Layered returns a new LayeredFS with the given layers. The first layer is the top layer.
 func Layered(layers ...*Layer) *LayeredFS {
-	return &LayeredFS{layers: slices.DeleteFunc(layers, func(layer *Layer) bool { return layer == nil })}
+	return &LayeredFS{layers: layers}
 }
 // Open opens the named file. The caller is responsible for closing the file.
--- a/modules/assetfs/layered_test.go
+++ b/modules/assetfs/layered_test.go
@ -1,4 +1,5 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package assetfs
@ -108,3 +109,30 @@ func TestLayered(t *testing.T) {
 	assert.Equal(t, "l1", assets.GetFileLayerName("f1"))
 	assert.Equal(t, "l2", assets.GetFileLayerName("f2"))
 }
 // Allow layers to read symlink outside the layer root.
 func TestLayeredSymlink(t *testing.T) {
 	dir := t.TempDir()
 	dirl1 := filepath.Join(dir, "l1")
 	require.NoError(t, os.MkdirAll(dirl1, 0o755))
 	// Open layer in dir/l1
 	layer := Local("l1", dirl1)
 	// Create a file in dir/outside
 	fileContents := []byte("I am outside the layer")
 	require.NoError(t, os.WriteFile(filepath.Join(dir, "outside"), fileContents, 0o600))
 	// Symlink dir/l1/outside to dir/outside
 	require.NoError(t, os.Symlink(filepath.Join(dir, "outside"), filepath.Join(dirl1, "outside")))
 	// Open dir/l1/outside.
 	f, err := layer.Open("outside")
 	require.NoError(t, err)
 	defer f.Close()
 	// Confirm it contains the output of dir/outside
 	contents, err := io.ReadAll(f)
 	require.NoError(t, err)
 	assert.Equal(t, fileContents, contents)
 }
--- a/modules/templates/util_render.go
+++ b/modules/templates/util_render.go
@ -275,10 +275,18 @@ func RenderUser(ctx context.Context, user user_model.User) template.HTML {
 		html.EscapeString(user.GetDisplayName())))
 }
-func RenderReviewRequest(users []issues_model.RequestReviewTarget) template.HTML {
+func RenderReviewRequest(ctx context.Context, users []issues_model.RequestReviewTarget) template.HTML {
 	usernames := make([]string, 0, len(users))
 	for _, user := range users {
-		usernames = append(usernames, html.EscapeString(user.Name()))
+		if user.ID() > 0 {
 			usernames = append(usernames, fmt.Sprintf(
 				"<a href='%s' rel='nofollow'><strong>%s</strong></a>",
 				user.Link(ctx), html.EscapeString(user.Name())))
 		} else {
 			usernames = append(usernames, fmt.Sprintf(
 				"<strong>%s</strong>",
 				html.EscapeString(user.Name())))
 		}
 	}
 	htmlCode := `<span class="review-request-list">`
--- a/modules/templates/util_render_test.go
+++ b/modules/templates/util_render_test.go
@ -10,6 +10,7 @@ import (
 	"forgejo.org/models/db"
 	issues_model "forgejo.org/models/issues"
 	org_model "forgejo.org/models/organization"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/setting"
@ -266,3 +267,19 @@ func TestRenderUser(t *testing.T) {
 	assert.Contains(t, RenderUser(db.DefaultContext, *ghost),
 		"<strong>Ghost</strong>")
 }
 func TestRenderReviewRequest(t *testing.T) {
 	unittest.PrepareTestEnv(t)
 	target1 := issues_model.RequestReviewTarget{User: &user_model.User{ID: 1, Name: "user1", FullName: "User <One>"}}
 	target2 := issues_model.RequestReviewTarget{Team: &org_model.Team{ID: 2, Name: "Team2", OrgID: 3}}
 	target3 := issues_model.RequestReviewTarget{Team: org_model.NewGhostTeam()}
 	assert.Contains(t, RenderReviewRequest(db.DefaultContext, []issues_model.RequestReviewTarget{target1, target2, target3}),
 		"<a href='/user1' rel='nofollow'><strong>user1</strong></a>, "+
 			"<a href='/org/org3/teams/Team2' rel='nofollow'><strong>Team2</strong></a>, "+
 			"<strong>Ghost team</strong>")
 	defer test.MockVariableValue(&setting.UI.DefaultShowFullName, true)()
 	assert.Contains(t, RenderReviewRequest(db.DefaultContext, []issues_model.RequestReviewTarget{target1}),
 		"<a href='/user1' rel='nofollow'><strong>User &lt;One&gt;</strong></a>")
 }
--- a/modules/translation/plural_rules.go
+++ b/modules/translation/plural_rules.go
@ -2,6 +2,7 @@
 // SPDX-License-Identifier: MIT
 // Some useful links:
 // https://codeberg.org/forgejo/forgejo/src/branch/forgejo/web_src/js/webcomponents/relative-time.js
 // https://www.unicode.org/cldr/charts/46/supplemental/language_plural_rules.html
 // https://translate.codeberg.org/languages/$LANGUAGE_CODE/#information
 // https://github.com/WeblateOrg/language-data/blob/main/languages.csv
@ -16,7 +17,7 @@ import (
 	"forgejo.org/modules/translation/i18n"
 )
-// The constants refer to indices below in `PluralRules` and also in i18n.js, keep them in sync!
+// The constants refer to indices below in `PluralRules` and also in web_src/js/webcomponents/relative-time.js, keep them in sync!
 const (
 	PluralRuleDefault    = 0
 	PluralRuleBengali    = 1
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@ -372,7 +372,7 @@ no_reply_address = Hidden email domain
 no_reply_address_helper = Domain name for users with a hidden email address. For example, the username "joe" will be logged in Git as "joe@noreply.example.org" if the hidden email domain is set to "noreply.example.org".
 password_algorithm = Password hash algorithm
 invalid_password_algorithm = Invalid password hash algorithm
-password_algorithm_helper = Set the password hashing algorithm. Algorithms have differing requirements and strength. The argon2 algorithm is rather secure but uses a lot of memory and may be inappropriate for small systems.
+password_algorithm_helper = Set the password hashing algorithm. Algorithms have differing requirements and strengths. The argon2 algorithm is rather secure but uses a lot of memory and may be inappropriate for small systems.
 enable_update_checker = Enable update checker
 env_config_keys = Environment Configuration
 env_config_keys_prompt = The following environment variables will also be applied to your configuration file:
@ -479,7 +479,7 @@ email_domain_blacklisted = You cannot register with your email address.
 authorize_application = Authorize Application
 authorize_redirect_notice = You will be redirected to %s if you authorize this application.
 authorize_application_created_by = This application was created by %s.
-authorize_application_description = If you grant the access, it will be able to access and write to all your account information, including private repos and organizations.
+authorize_application_description = If you grant access, it will be able to access and write to all your account information, including private repos and organizations.
 authorize_title = Authorize "%s" to access your account?
 authorization_failed = Authorization failed
 authorization_failed_desc = The authorization failed because we detected an invalid request. Please contact the maintainer of the app you have tried to authorize.
@ -838,7 +838,7 @@ activations_pending = Activations pending
 can_not_add_email_activations_pending = There is a pending activation, try again in a few minutes if you want to add a new email.
 delete_email = Remove
 email_deletion = Remove email address
-email_deletion_desc = The email address and related information will be removed from your account. Git commits by this email address will remain unchanged. Continue?
+email_deletion_desc = This email address and related information will be removed from your account. Git commits by this email address will remain unchanged. Continue?
 email_deletion_success = The email address has been removed.
 theme_update_success = Your theme was updated.
 theme_update_error = The selected theme does not exist.
@ -1056,7 +1056,7 @@ user_block_success = The user has been blocked successfully.
 user_block_yourself = You cannot block yourself.
 quota.applies_to_user = The following quota rules apply to your account
-quota.applies_to_org = The following quota rules apply to this organisation
+quota.applies_to_org = The following quota rules apply to this organization
 quota.rule.exceeded = Exceeded
 quota.rule.exceeded.helper = The total size of objects for this rule has exceeded the quota.
 quota.rule.no_limit = Unlimited
@ -1153,7 +1153,7 @@ mirror_sync = synced
 mirror_sync_on_commit = Sync when commits are pushed
 mirror_address = Clone from URL
 mirror_address_desc = Put any required credentials in the Authorization section.
-mirror_address_url_invalid = The provided URL is invalid. You must escape all components of the URL correctly.
+mirror_address_url_invalid = The provided URL is invalid. Make sure that components of the URL are escaped correctly.
 mirror_address_protocol_invalid = The provided URL is invalid. Only http(s):// or git:// locations can be used for mirroring.
 mirror_lfs = Large File Storage (LFS)
 mirror_lfs_desc = Activate mirroring of LFS data.
@ -1251,7 +1251,7 @@ migrate_repo = Migrate repository
 migrate.repo_desc_helper = Leave empty to import existing description
 migrate.clone_address = Migrate / Clone from URL
 migrate.clone_address_desc = The HTTP(S) or Git "clone" URL of an existing repository
-migrate.github_token_desc = You can put one or more tokens with comma separated here to make migrating faster because of GitHub API rate limit. WARN: Abusing this feature may violate the service provider's policy and lead to account blocking.
+migrate.github_token_desc = You can put one or more tokens here separated by commas to make migrating faster by circumventing the GitHub API rate limit. WARNING: Abusing this feature may violate the service provider's policy and may lead to getting your account(s) blocked.
 migrate.clone_local_path = or a local server path
 migrate.permission_denied = You are not allowed to import local repositories.
 migrate.permission_denied_blocked = You cannot import from disallowed hosts, please ask the admin to check ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS settings.
@ -1919,7 +1919,7 @@ pulls.select_commit_hold_shift_for_range = Select commit. Hold shift + click to
 pulls.review_only_possible_for_full_diff = Review is only possible when viewing the full diff
 pulls.filter_changes_by_commit = Filter by commit
 pulls.nothing_to_compare = These branches are equal. There is no need to create a pull request.
-pulls.nothing_to_compare_have_tag = The selected branch/tag are equal.
+pulls.nothing_to_compare_have_tag = The selected branches/tags are equal.
 pulls.nothing_to_compare_and_allow_empty_pr = These branches are equal. This PR will be empty.
 pulls.has_pull_request = `A pull request between these branches already exists: <a href="%[1]s">%[2]s#%[3]d</a>`
 pulls.create = Create pull request
@ -2088,7 +2088,7 @@ milestones.filter_sort.most_issues = Most issues
 milestones.filter_sort.least_issues = Least issues
 signing.will_sign = This commit will be signed with key "%s".
-signing.wont_sign.error = There was an error whilst checking if the commit could be signed.
+signing.wont_sign.error = There was an error while checking if the commit could be signed.
 signing.wont_sign.nokey = This instance has no key to sign this commit with.
 signing.wont_sign.never = Commits are never signed.
 signing.wont_sign.always = Commits are always signed.
@ -3797,7 +3797,7 @@ owner.settings.cargo.initialize.success = The Cargo index was successfully creat
 owner.settings.cargo.rebuild = Rebuild index
 owner.settings.cargo.rebuild.description = Rebuilding can be useful if the index is not synchronized with the stored Cargo packages.
 owner.settings.cargo.rebuild.error = Failed to rebuild Cargo index: %v
-owner.settings.cargo.rebuild.success = The Cargo index was successfully rebuild.
+owner.settings.cargo.rebuild.success = The Cargo index was successfully rebuilt.
 owner.settings.cargo.rebuild.no_index = Cannot rebuild, no index is initialized.
 owner.settings.cleanuprules.title = Cleanup rules
 owner.settings.cleanuprules.add = Add cleanup rule
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@ -71,6 +71,10 @@
    "keys.ssh.link": "SSH keys",
    "keys.gpg.link": "GPG keys",
    "admin.config.moderation_config": "Moderation configuration",
    "admin.moderation.moderation_reports": "Moderation reports",
    "admin.moderation.reports": "Reports",
    "admin.moderation.no_open_reports": "There are currently no open reports.",
    "admin.moderation.deleted_content_ref": "Reported content with type %[1]v and id %[2]d no longer exists",
    "moderation.report_abuse": "Report abuse",
    "moderation.report_content": "Report content",
    "moderation.report_abuse_form.header": "Report abuse to administrator",
@ -103,7 +107,7 @@
    "editor.textarea.tab_hint": "Line already indented. Press <kbd>Tab</kbd> again or <kbd>Escape</kbd> to leave the editor.",
    "editor.textarea.shift_tab_hint": "No indentation on this line. Press <kbd>Shift</kbd> + <kbd>Tab</kbd> again or <kbd>Escape</kbd> to leave the editor.",
    "admin.dashboard.cleanup_offline_runners": "Cleanup offline runners",
-    "settings.visibility.description": "Profile visibility affects others' ability to access your non-private repositories. <a href=\"%s\" target=\"_blank\">Learn more</a>",
+    "settings.visibility.description": "Profile visibility affects others' ability to access your non-private repositories. <a href=\"%s\" target=\"_blank\">Learn more</a>.",
    "avatar.constraints_hint": "Custom avatar may not exceed %[1]s in size or be larger than %[2]dx%[3]d pixels",
    "og.repo.summary_card.alt_description": "Summary card of repository %[1]s, described as: %[2]s",
    "meta.last_line": "Thank you for translating Forgejo! This line isn't seen by the users but it serves other purposes in the translation management. You can place a fun fact in the translation instead of translating it."
--- a/package-lock.json
+++ b/package-lock.json
@ -52,7 +52,7 @@
        "tributejs": "5.1.3",
        "uint8-to-base64": "0.2.0",
        "vanilla-colorful": "0.7.2",
-        "vue": "3.5.16",
+        "vue": "3.5.18",
        "vue-chartjs": "5.3.1",
        "vue-loader": "17.4.2",
        "vue3-calendar-heatmap": "2.0.5",
@ -4342,42 +4342,42 @@
      }
    },
    "node_modules/@vue/compiler-core": {
-      "version": "3.5.16",
+      "version": "3.5.18",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.18.tgz",
-      "integrity": "sha512-AOQS2eaQOaaZQoL1u+2rCJIKDruNXVBZSiUD3chnUrsoX5ZTQMaCvXlWNIfxBJuU15r1o7+mpo5223KVtIhAgQ==",
+      "integrity": "sha512-3slwjQrrV1TO8MoXgy3aynDQ7lslj5UqDxuHnrzHtpON5CBinhWjJETciPngpin/T3OuW3tXUf86tEurusnztw==",
      "license": "MIT",
      "dependencies": {
-        "@babel/parser": "^7.27.2",
+        "@babel/parser": "^7.28.0",
-        "@vue/shared": "3.5.16",
+        "@vue/shared": "3.5.18",
        "entities": "^4.5.0",
        "estree-walker": "^2.0.2",
        "source-map-js": "^1.2.1"
      }
    },
    "node_modules/@vue/compiler-dom": {
-      "version": "3.5.16",
+      "version": "3.5.18",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.18.tgz",
-      "integrity": "sha512-SSJIhBr/teipXiXjmWOVWLnxjNGo65Oj/8wTEQz0nqwQeP75jWZ0n4sF24Zxoht1cuJoWopwj0J0exYwCJ0dCQ==",
+      "integrity": "sha512-RMbU6NTU70++B1JyVJbNbeFkK+A+Q7y9XKE2EM4NLGm2WFR8x9MbAtWxPPLdm0wUkuZv9trpwfSlL6tjdIa1+A==",
      "license": "MIT",
      "dependencies": {
-        "@vue/compiler-core": "3.5.16",
+        "@vue/compiler-core": "3.5.18",
-        "@vue/shared": "3.5.16"
+        "@vue/shared": "3.5.18"
      }
    },
    "node_modules/@vue/compiler-sfc": {
-      "version": "3.5.16",
+      "version": "3.5.18",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.18.tgz",
-      "integrity": "sha512-rQR6VSFNpiinDy/DVUE0vHoIDUF++6p910cgcZoaAUm3POxgNOOdS/xgoll3rNdKYTYPnnbARDCZOyZ+QSe6Pw==",
+      "integrity": "sha512-5aBjvGqsWs+MoxswZPoTB9nSDb3dhd1x30xrrltKujlCxo48j8HGDNj3QPhF4VIS0VQDUrA1xUfp2hEa+FNyXA==",
      "license": "MIT",
      "dependencies": {
-        "@babel/parser": "^7.27.2",
+        "@babel/parser": "^7.28.0",
-        "@vue/compiler-core": "3.5.16",
+        "@vue/compiler-core": "3.5.18",
-        "@vue/compiler-dom": "3.5.16",
+        "@vue/compiler-dom": "3.5.18",
-        "@vue/compiler-ssr": "3.5.16",
+        "@vue/compiler-ssr": "3.5.18",
-        "@vue/shared": "3.5.16",
+        "@vue/shared": "3.5.18",
        "estree-walker": "^2.0.2",
        "magic-string": "^0.30.17",
-        "postcss": "^8.5.3",
+        "postcss": "^8.5.6",
        "source-map-js": "^1.2.1"
      }
    },
@ -4390,64 +4390,92 @@
        "@jridgewell/sourcemap-codec": "^1.5.0"
      }
    },
-    "node_modules/@vue/compiler-ssr": {
+    "node_modules/@vue/compiler-sfc/node_modules/postcss": {
-      "version": "3.5.16",
+      "version": "8.5.6",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
-      "integrity": "sha512-d2V7kfxbdsjrDSGlJE7my1ZzCXViEcqN6w14DOsDrUCHEA6vbnVCpRFfrc4ryCP/lCKzX2eS1YtnLE/BuC9f/A==",
+      "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
      "funding": [
        {
          "type": "opencollective",
          "url": "https://opencollective.com/postcss/"
        },
        {
          "type": "tidelift",
          "url": "https://tidelift.com/funding/github/npm/postcss"
        },
        {
          "type": "github",
          "url": "https://github.com/sponsors/ai"
        }
      ],
      "license": "MIT",
      "dependencies": {
-        "@vue/compiler-dom": "3.5.16",
+        "nanoid": "^3.3.11",
-        "@vue/shared": "3.5.16"
+        "picocolors": "^1.1.1",
        "source-map-js": "^1.2.1"
      },
      "engines": {
        "node": "^10 || ^12 || >=14"
      }
    },
    "node_modules/@vue/compiler-ssr": {
      "version": "3.5.18",
      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.18.tgz",
      "integrity": "sha512-xM16Ak7rSWHkM3m22NlmcdIM+K4BMyFARAfV9hYFl+SFuRzrZ3uGMNW05kA5pmeMa0X9X963Kgou7ufdbpOP9g==",
      "license": "MIT",
      "dependencies": {
        "@vue/compiler-dom": "3.5.18",
        "@vue/shared": "3.5.18"
      }
    },
    "node_modules/@vue/reactivity": {
-      "version": "3.5.16",
+      "version": "3.5.18",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.18.tgz",
-      "integrity": "sha512-FG5Q5ee/kxhIm1p2bykPpPwqiUBV3kFySsHEQha5BJvjXdZTUfmya7wP7zC39dFuZAcf/PD5S4Lni55vGLMhvA==",
+      "integrity": "sha512-x0vPO5Imw+3sChLM5Y+B6G1zPjwdOri9e8V21NnTnlEvkxatHEH5B5KEAJcjuzQ7BsjGrKtfzuQ5eQwXh8HXBg==",
      "license": "MIT",
      "dependencies": {
-        "@vue/shared": "3.5.16"
+        "@vue/shared": "3.5.18"
      }
    },
    "node_modules/@vue/runtime-core": {
-      "version": "3.5.16",
+      "version": "3.5.18",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.18.tgz",
-      "integrity": "sha512-bw5Ykq6+JFHYxrQa7Tjr+VSzw7Dj4ldR/udyBZbq73fCdJmyy5MPIFR9IX/M5Qs+TtTjuyUTCnmK3lWWwpAcFQ==",
+      "integrity": "sha512-DUpHa1HpeOQEt6+3nheUfqVXRog2kivkXHUhoqJiKR33SO4x+a5uNOMkV487WPerQkL0vUuRvq/7JhRgLW3S+w==",
      "license": "MIT",
      "dependencies": {
-        "@vue/reactivity": "3.5.16",
+        "@vue/reactivity": "3.5.18",
-        "@vue/shared": "3.5.16"
+        "@vue/shared": "3.5.18"
      }
    },
    "node_modules/@vue/runtime-dom": {
-      "version": "3.5.16",
+      "version": "3.5.18",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.18.tgz",
-      "integrity": "sha512-T1qqYJsG2xMGhImRUV9y/RseB9d0eCYZQ4CWca9ztCuiPj/XWNNN+lkNBuzVbia5z4/cgxdL28NoQCvC0Xcfww==",
+      "integrity": "sha512-YwDj71iV05j4RnzZnZtGaXwPoUWeRsqinblgVJwR8XTXYZ9D5PbahHQgsbmzUvCWNF6x7siQ89HgnX5eWkr3mw==",
      "license": "MIT",
      "dependencies": {
-        "@vue/reactivity": "3.5.16",
+        "@vue/reactivity": "3.5.18",
-        "@vue/runtime-core": "3.5.16",
+        "@vue/runtime-core": "3.5.18",
-        "@vue/shared": "3.5.16",
+        "@vue/shared": "3.5.18",
        "csstype": "^3.1.3"
      }
    },
    "node_modules/@vue/server-renderer": {
-      "version": "3.5.16",
+      "version": "3.5.18",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.18.tgz",
-      "integrity": "sha512-BrX0qLiv/WugguGsnQUJiYOE0Fe5mZTwi6b7X/ybGB0vfrPH9z0gD/Y6WOR1sGCgX4gc25L1RYS5eYQKDMoNIg==",
+      "integrity": "sha512-PvIHLUoWgSbDG7zLHqSqaCoZvHi6NNmfVFOqO+OnwvqMz/tqQr3FuGWS8ufluNddk7ZLBJYMrjcw1c6XzR12mA==",
      "license": "MIT",
      "dependencies": {
-        "@vue/compiler-ssr": "3.5.16",
+        "@vue/compiler-ssr": "3.5.18",
-        "@vue/shared": "3.5.16"
+        "@vue/shared": "3.5.18"
      },
      "peerDependencies": {
-        "vue": "3.5.16"
+        "vue": "3.5.18"
      }
    },
    "node_modules/@vue/shared": {
-      "version": "3.5.16",
+      "version": "3.5.18",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.18.tgz",
-      "integrity": "sha512-c/0fWy3Jw6Z8L9FmTyYfkpM5zklnqqa9+a6dz3DvONRKW2NEbh46BP0FHuLFSWi2TnQEtp91Z6zOWNrU6QiyPg==",
+      "integrity": "sha512-cZy8Dq+uuIXbxCZpuLd2GJdeSO/lIzIspC2WtkqIpje5QyFbvLaI5wZtdUjLHjGZrlVX6GilejatWwVYYRc8tA==",
      "license": "MIT"
    },
    "node_modules/@vue/test-utils": {
@ -15522,16 +15550,16 @@
      "license": "MIT"
    },
    "node_modules/vue": {
-      "version": "3.5.16",
+      "version": "3.5.18",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.16.tgz",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.18.tgz",
-      "integrity": "sha512-rjOV2ecxMd5SiAmof2xzh2WxntRcigkX/He4YFJ6WdRvVUrbt6DxC1Iujh10XLl8xCDRDtGKMeO3D+pRQ1PP9w==",
+      "integrity": "sha512-7W4Y4ZbMiQ3SEo+m9lnoNpV9xG7QVMLa+/0RFwwiAVkeYoyGXqWE85jabU4pllJNUzqfLShJ5YLptewhCWUgNA==",
      "license": "MIT",
      "dependencies": {
-        "@vue/compiler-dom": "3.5.16",
+        "@vue/compiler-dom": "3.5.18",
-        "@vue/compiler-sfc": "3.5.16",
+        "@vue/compiler-sfc": "3.5.18",
-        "@vue/runtime-dom": "3.5.16",
+        "@vue/runtime-dom": "3.5.18",
-        "@vue/server-renderer": "3.5.16",
+        "@vue/server-renderer": "3.5.18",
-        "@vue/shared": "3.5.16"
+        "@vue/shared": "3.5.18"
      },
      "peerDependencies": {
        "typescript": "*"
--- a/package.json
+++ b/package.json
@ -51,7 +51,7 @@
    "tributejs": "5.1.3",
    "uint8-to-base64": "0.2.0",
    "vanilla-colorful": "0.7.2",
-    "vue": "3.5.16",
+    "vue": "3.5.18",
    "vue-chartjs": "5.3.1",
    "vue-loader": "17.4.2",
    "vue3-calendar-heatmap": "2.0.5",
--- a/release-notes/8502.md
+++ b/release-notes/8502.md
@ -0,0 +1 @@
 Forgejo Actions workflows are verified with a YAML schema and common errors such as using an incorrect context (e.g. `${{ badcontext.FORGEJO_REPOSITORY }}`) or a typo in a required keyword (e.g. `ruins-on:` instead of `runs-on:`) will be reported in the action page and the web page that displays the file in the repository. It is recommended to verify existing workflows are successfully verified prior to upgrading, [as explained in the Forgejo runner release notes](https://code.forgejo.org/forgejo/runner/src/branch/main/RELEASE-NOTES.md#8-0-0).
--- a/routers/web/admin/reports.go
+++ b/routers/web/admin/reports.go
@ -0,0 +1,157 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 package admin
 import (
 	"fmt"
 	"net/http"
 	"forgejo.org/models/issues"
 	"forgejo.org/models/moderation"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/user"
 	"forgejo.org/modules/base"
 	"forgejo.org/services/context"
 	moderation_service "forgejo.org/services/moderation"
 )
 const (
 	tplModerationReports       base.TplName = "admin/moderation/reports"
 	tplModerationReportDetails base.TplName = "admin/moderation/report_details"
 )
 // AbuseReports renders the reports overview page from admin moderation section.
 func AbuseReports(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.moderation.reports")
 	ctx.Data["PageIsAdminModerationReports"] = true
 	reports, err := moderation.GetOpenReports(ctx)
 	if err != nil {
 		ctx.ServerError("Failed to load abuse reports", err)
 		return
 	}
 	ctx.Data["Reports"] = reports
 	ctx.Data["AbuseCategories"] = moderation.AbuseCategoriesTranslationKeys
 	ctx.Data["GhostUserName"] = user.GhostUserName
 	ctx.HTML(http.StatusOK, tplModerationReports)
 }
 // AbuseReportDetails renders a report details page opened from the reports overview from admin moderation section.
 func AbuseReportDetails(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.moderation.reports")
 	ctx.Data["PageIsAdminModerationReports"] = true
 	ctx.Data["Type"] = ctx.ParamsInt64(":type")
 	ctx.Data["ID"] = ctx.ParamsInt64(":id")
 	contentType := moderation.ReportedContentType(ctx.ParamsInt64(":type"))
 	if !contentType.IsValid() {
 		ctx.Flash.Error("Invalid content type")
 		return
 	}
 	reports, err := moderation.GetOpenReportsByTypeAndContentID(ctx, contentType, ctx.ParamsInt64(":id"))
 	if err != nil {
 		ctx.ServerError("Failed to load reports", err)
 		return
 	}
 	if len(reports) == 0 {
 		// something is wrong
 		ctx.HTML(http.StatusOK, tplModerationReportDetails)
 		return
 	}
 	ctx.Data["Reports"] = reports
 	ctx.Data["AbuseCategories"] = moderation.AbuseCategoriesTranslationKeys
 	ctx.Data["GhostUserName"] = user.GhostUserName
 	ctx.Data["GetShadowCopyMap"] = moderation_service.GetShadowCopyMap
 	if err = setReportedContentDetails(ctx, reports[0]); err != nil {
 		if user.IsErrUserNotExist(err) || issues.IsErrCommentNotExist(err) || issues.IsErrIssueNotExist(err) || repo_model.IsErrRepoNotExist(err) {
 			ctx.Data["ContentReference"] = ctx.Tr("admin.moderation.deleted_content_ref", reports[0].ContentType, reports[0].ContentID)
 		} else {
 			ctx.ServerError("Failed to load reported content details", err)
 			return
 		}
 	}
 	ctx.HTML(http.StatusOK, tplModerationReportDetails)
 }
 // setReportedContentDetails adds some values into context data for the given report
 // (icon name, a reference, the URL and in case of issues and comments also the poster name).
 func setReportedContentDetails(ctx *context.Context, report *moderation.AbuseReportDetailed) error {
 	contentReference := ""
 	var contentURL string
 	var poster string
 	contentType := report.ContentType
 	contentID := report.ContentID
 	ctx.Data["ContentTypeIconName"] = report.ContentTypeIconName()
 	switch contentType {
 	case moderation.ReportedContentTypeUser:
 		reportedUser, err := user.GetUserByID(ctx, contentID)
 		if err != nil {
 			return err
 		}
 		contentReference = reportedUser.Name
 		contentURL = reportedUser.HomeLink()
 	case moderation.ReportedContentTypeRepository:
 		repo, err := repo_model.GetRepositoryByID(ctx, contentID)
 		if err != nil {
 			return err
 		}
 		contentReference = repo.FullName()
 		contentURL = repo.Link()
 	case moderation.ReportedContentTypeIssue:
 		issue, err := issues.GetIssueByID(ctx, contentID)
 		if err != nil {
 			return err
 		}
 		if err = issue.LoadRepo(ctx); err != nil {
 			return err
 		}
 		if err = issue.LoadPoster(ctx); err != nil {
 			return err
 		}
 		if issue.Poster != nil {
 			poster = issue.Poster.Name
 		}
 		contentReference = fmt.Sprintf("%s#%d", issue.Repo.FullName(), issue.Index)
 		contentURL = issue.Link()
 	case moderation.ReportedContentTypeComment:
 		comment, err := issues.GetCommentByID(ctx, contentID)
 		if err != nil {
 			return err
 		}
 		if err = comment.LoadIssue(ctx); err != nil {
 			return err
 		}
 		if err = comment.Issue.LoadRepo(ctx); err != nil {
 			return err
 		}
 		if err = comment.LoadPoster(ctx); err != nil {
 			return err
 		}
 		if comment.Poster != nil {
 			poster = comment.Poster.Name
 		}
 		contentURL = comment.Link(ctx)
 		contentReference = contentURL
 	}
 	ctx.Data["ContentReference"] = contentReference
 	ctx.Data["ContentURL"] = contentURL
 	ctx.Data["Poster"] = poster
 	return nil
 }
--- a/routers/web/repo/actions/actions.go
+++ b/routers/web/repo/actions/actions.go
@ -111,7 +111,7 @@ func List(ctx *context.Context) {
 				ctx.ServerError("GetContentFromEntry", err)
 				return
 			}
-			wf, err := model.ReadWorkflow(bytes.NewReader(content))
+			wf, err := model.ReadWorkflow(bytes.NewReader(content), true)
 			if err != nil {
 				workflow.ErrMsg = ctx.Locale.TrString("actions.runs.invalid_workflow_helper", err.Error())
 				workflows = append(workflows, workflow)
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@ -434,7 +434,7 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry) {
 		if err != nil {
 			log.Error("actions.GetContentFromEntry: %v", err)
 		}
-		_, workFlowErr := model.ReadWorkflow(bytes.NewReader(content))
+		_, workFlowErr := model.ReadWorkflow(bytes.NewReader(content), true)
 		if workFlowErr != nil {
 			ctx.Data["FileError"] = ctx.Locale.Tr("actions.runs.invalid_workflow_helper", workFlowErr.Error())
 		}
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -781,7 +781,14 @@ func registerRoutes(m *web.Route) {
 			addSettingsRunnersRoutes()
 			addSettingsVariablesRoutes()
 		})
-	}, adminReq, ctxDataSet("EnableOAuth2", setting.OAuth2.Enabled, "EnablePackages", setting.Packages.Enabled))
+
 		if setting.Moderation.Enabled {
 			m.Group("/moderation/reports", func() {
 				m.Get("", admin.AbuseReports)
 				m.Get("/type/{type:1|2|3|4}/id/{id}", admin.AbuseReportDetails)
 			})
 		}
 	}, adminReq, ctxDataSet("EnableOAuth2", setting.OAuth2.Enabled, "EnablePackages", setting.Packages.Enabled, "EnableModeration", setting.Moderation.Enabled))
 	// ***** END: Admin *****
 	m.Group("", func() {
--- a/services/actions/commit_status.go
+++ b/services/actions/commit_status.go
@ -80,7 +80,7 @@ func createCommitStatus(ctx context.Context, job *actions_model.ActionRunJob) er
 	repo := run.Repo
 	// TODO: store workflow name as a field in ActionRun to avoid parsing
 	runName := path.Base(run.WorkflowID)
-	if wfs, err := jobparser.Parse(job.WorkflowPayload); err == nil && len(wfs) > 0 {
+	if wfs, err := jobparser.Parse(job.WorkflowPayload, false); err == nil && len(wfs) > 0 {
 		runName = wfs[0].Name
 	}
 	ctxname := fmt.Sprintf("%s / %s (%s)", runName, job.Name, event)
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@ -142,7 +142,7 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 			} else {
 				// Check if the job has an "if" condition
 				hasIf := false
-				if wfJobs, _ := jobparser.Parse(r.jobMap[id].WorkflowPayload); len(wfJobs) == 1 {
+				if wfJobs, _ := jobparser.Parse(r.jobMap[id].WorkflowPayload, false); len(wfJobs) == 1 {
 					_, wfJob := wfJobs[0].Job()
 					hasIf = len(wfJob.If.Value) > 0
 				}
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@ -345,7 +345,7 @@ func handleWorkflows(
 			Status:            actions_model.StatusWaiting,
 		}
-		if workflow, err := model.ReadWorkflow(bytes.NewReader(dwf.Content)); err == nil {
+		if workflow, err := model.ReadWorkflow(bytes.NewReader(dwf.Content), false); err == nil {
 			notifications, err := workflow.Notifications()
 			if err != nil {
 				log.Error("Notifications: %w", err)
@ -372,7 +372,7 @@ func handleWorkflows(
 			continue
 		}
-		jobs, err := jobparser.Parse(dwf.Content, jobparser.WithVars(vars))
+		jobs, err := jobparser.Parse(dwf.Content, false, jobparser.WithVars(vars))
 		if err != nil {
 			run.Status = actions_model.StatusFailure
 			log.Info("jobparser.Parse: invalid workflow, setting job status to failed: %v", err)
@ -537,7 +537,7 @@ func handleSchedules(
 	crons := make([]*actions_model.ActionSchedule, 0, len(detectedWorkflows))
 	for _, dwf := range detectedWorkflows {
 		// Check cron job condition. Only working in default branch
-		workflow, err := model.ReadWorkflow(bytes.NewReader(dwf.Content))
+		workflow, err := model.ReadWorkflow(bytes.NewReader(dwf.Content), false)
 		if err != nil {
 			log.Error("ReadWorkflow: %v", err)
 			continue
--- a/services/actions/schedule_tasks.go
+++ b/services/actions/schedule_tasks.go
@ -142,7 +142,7 @@ func CreateScheduleTask(ctx context.Context, cron *actions_model.ActionSchedule)
 		return err
 	}
-	workflow, err := act_model.ReadWorkflow(bytes.NewReader(cron.Content))
+	workflow, err := act_model.ReadWorkflow(bytes.NewReader(cron.Content), false)
 	if err != nil {
 		return err
 	}
@ -153,7 +153,7 @@ func CreateScheduleTask(ctx context.Context, cron *actions_model.ActionSchedule)
 	run.NotifyEmail = notifications
 	// Parse the workflow specification from the cron schedule
-	workflows, err := jobparser.Parse(cron.Content, jobparser.WithVars(vars))
+	workflows, err := jobparser.Parse(cron.Content, false, jobparser.WithVars(vars))
 	if err != nil {
 		return err
 	}
--- a/services/actions/workflows.go
+++ b/services/actions/workflows.go
@ -56,7 +56,7 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 		return nil, nil, err
 	}
-	wf, err := act_model.ReadWorkflow(bytes.NewReader(content))
+	wf, err := act_model.ReadWorkflow(bytes.NewReader(content), false)
 	if err != nil {
 		return nil, nil, err
 	}
@ -138,7 +138,7 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 		return nil, nil, err
 	}
-	jobs, err := jobparser.Parse(content, jobparser.WithVars(vars))
+	jobs, err := jobparser.Parse(content, false, jobparser.WithVars(vars))
 	if err != nil {
 		return nil, nil, err
 	}
--- a/services/moderation/moderating.go
+++ b/services/moderation/moderating.go
@ -0,0 +1,41 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 package moderation
 import (
 	"forgejo.org/models/issues"
 	"forgejo.org/models/moderation"
 	"forgejo.org/models/repo"
 	"forgejo.org/models/user"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
 	"forgejo.org/services/context"
 )
 // GetShadowCopyMap unmarshals the shadow copy raw value of the given abuse report and returns a list of <key, value> pairs
 // (to be rendered when the report is reviewed by an admin).
 // If the report does not have a shadow copy ID or the raw value is empty, returns nil.
 // If the unmarshal fails a warning is added in the logs and returns nil.
 func GetShadowCopyMap(ctx *context.Context, ard *moderation.AbuseReportDetailed) []moderation.ShadowCopyField {
 	if ard.ShadowCopyID.Valid && len(ard.ShadowCopyRawValue) > 0 {
 		var data moderation.ShadowCopyData
 		switch ard.ContentType {
 		case moderation.ReportedContentTypeUser:
 			data = new(user.UserData)
 		case moderation.ReportedContentTypeRepository:
 			data = new(repo.RepositoryData)
 		case moderation.ReportedContentTypeIssue:
 			data = new(issues.IssueData)
 		case moderation.ReportedContentTypeComment:
 			data = new(issues.CommentData)
 		}
 		if err := json.Unmarshal([]byte(ard.ShadowCopyRawValue), &data); err != nil {
 			log.Warn("Unmarshal failed for shadow copy #%d. %v", ard.ShadowCopyID.Int64, err)
 			return nil
 		}
 		return data.GetFieldsMap()
 	}
 	return nil
 }
--- a/services/pull/merge_prepare.go
+++ b/services/pull/merge_prepare.go
@ -249,6 +249,11 @@ func rebaseTrackingOnToBase(ctx *mergeContext, mergeStyle repo_model.MergeStyle)
 	ctx.outbuf.Reset()
 	ctx.errbuf.Reset()
 	// If the pull request is zero commits behind, then no rebasing needs to be done.
 	if ctx.pr.CommitsBehind == 0 {
 		return nil
 	}
 	// Check git version for availability of git-replay. If it is available, we use
 	// it for performance and to preserve unknown commit headers like the
 	// "change-id" header used by Jujutsu and GitButler to track changes across
--- a/templates/admin/moderation/report_details.tmpl
+++ b/templates/admin/moderation/report_details.tmpl
@ -0,0 +1,65 @@
 {{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin")}}
 <div class="admin-setting-content">
 	<h4 class="ui top attached header">
 		{{ctx.Locale.Tr "admin.moderation.reports"}}
 	</h4>
 	{{if .Reports}}
 	<div class="ui attached segment">
 		<div class="flex-item tw-items-center">
 			<div class="flex-item-leading">
 				{{svg .ContentTypeIconName 24}}
 			</div>
 			<div class="flex-item-main">
 				<div class="flex-item-title">
 					{{if .ContentURL}}<a href="{{.ContentURL}}">{{.ContentReference}}</a>{{else}}<em>{{.ContentReference}}</em>{{end}}
 					{{if .Poster}}<span> — {{.Poster}}</span>{{end}}
 				</div>
 			</div>
 		</div>
 	</div>
 	{{end}}
 	<div class="ui attached segment">
 		{{if .Reports}}
 		<div class="flex-list">
 			{{range .Reports}}
 			<div class="flex-item">
 				<div class="flex-item-main">
 					<div class="flex-items-inline">
 						<span class="item tw-mr-2">
 							{{svg "octicon-calendar"}}
 							{{DateUtils.AbsoluteShort .CreatedUnix}}
 						</span>
 						<span class="item tw-mr-2">
 							{{svg "octicon-report"}}
 							{{if .ReporterName}}<a href="/{{.ReporterName}}">{{.ReporterName}}</a>{{else}}{{$.GhostUserName}}{{end}}
 						</span>
 						<span class="item ui label">
 							{{svg "octicon-tag" 12}}
 							{{ctx.Locale.Tr (index $.AbuseCategories .Category)}}
 						</span>
 					</div>
 					<pre>{{.Remarks}}</pre>
 					{{if .ShadowCopyID.Valid}}
 						<details><summary>{{DateUtils.FullTime .ShadowCopyDate}} shadow copy</summary>
 						<table class="ui very basic striped table unstackable">
 							{{range $scField := (call $.GetShadowCopyMap $.Context .)}}
 							<tr>
 								<td>{{$scField.Key}}</td>
 								<td>{{$scField.Value}}</td>
 							</tr>
 							{{end}}
 						</table>
 						</details>
 					{{end}}
 				</div>
 			</div>
 			{{end}}
 		</div>
 		{{else}}
 		<p class="tw-text-center">{{ctx.Locale.Tr "admin.moderation.no_open_reports"}}</p>
 		{{end}}
 	</div>
 </div>
 {{template "admin/layout_footer" .}}
--- a/templates/admin/moderation/reports.tmpl
+++ b/templates/admin/moderation/reports.tmpl
@ -0,0 +1,66 @@
 {{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin")}}
 <div class="admin-setting-content">
 	<h4 class="ui top attached header">
 		{{ctx.Locale.Tr "admin.moderation.reports"}}
 	</h4>
 	<div class="ui attached segment">
 		{{if .Reports}}
 		<div class="flex-list">
 			<div class="flex-item tw-items-center">
 				<div class="flex-item-leading">
 					<span class="inline">Type</span>
 				</div>
 				<div class="flex-item-main">
 					<span class="inline">Summary</span>
 				</div>
 				<div class="flex-item-trailing">
 					<span>{{ctx.Locale.Tr "admin.moderation.reports"}}</span>
 				</div>
 			</div>
 			{{range .Reports}}
 			<div class="flex-item report" id="report-{{.ID}}">
 				<div class="flex-item-leading">
 					{{svg .ContentTypeIconName 24}}
 				</div>
 				<div class="flex-item-main">
 					<div class="flex-item-title">
 						{{if .ContentReference}}
 						<a href="{{AppSubUrl}}/{{.ContentURL}}">{{.ContentReference}}</a>
 						{{else}}
 						<em>{{ctx.Locale.Tr "admin.moderation.deleted_content_ref" .ContentType .ContentID}}</em>
 						{{end}}
 					</div>
 					<div class="flex-items-inline">
 						<span class="item tw-mr-2">
 							{{svg "octicon-calendar"}}
 							{{DateUtils.TimeSince .CreatedUnix}}
 						</span>
 						<span class="item tw-mr-2">
 							{{svg "octicon-report"}}
 							{{if .ReporterName}}<a href="{{AppSubUrl}}/{{.ReporterName}}">{{.ReporterName}}</a>{{else}}{{$.GhostUserName}}{{end}}
 						</span>
 						<span class="item ui label">
 							{{svg "octicon-tag" 12}}
 							{{ctx.Locale.Tr (index $.AbuseCategories .Category)}}
 						</span>
 					</div>
 					<div class="flex-item-body">
 						<span class="text truncate">{{ctx.Locale.Tr "moderation.report_remarks"}}: <em>{{.Remarks}}</em></span>
 					</div>
 				</div>
 				<a href="{{AppSubUrl}}/admin/moderation/reports/type/{{.ContentType}}/id/{{.ContentID}}">
 				<div class="flex-item-trailing">
 						<span class="tw-text-16 tw-font-semibold">{{.ReportedTimes}}</span>{{svg "octicon-report" "tw-ml-2"}}
 				</div>
 				</a>
 			</div>
 			{{end}}
 		</div>
 		{{else}}
 			<p class="tw-text-center">{{ctx.Locale.Tr "admin.moderation.no_open_reports"}}</p>
 		{{end}}
 	</div>
 </div>
 {{template "admin/layout_footer" .}}
--- a/templates/admin/navbar.tmpl
+++ b/templates/admin/navbar.tmpl
@ -108,5 +108,10 @@
 				</a>
 			</div>
 		</details>
 		{{if .EnableModeration}}
 		<a class="{{if .PageIsAdminModerationReports}}active {{end}}item" href="{{AppSubUrl}}/admin/moderation/reports">
 			{{ctx.Locale.Tr "admin.moderation.moderation_reports"}}
 		</a>
 		{{end}}
 	</div>
 </div>
--- a/templates/org/follow_unfollow.tmpl
+++ b/templates/org/follow_unfollow.tmpl
@ -1,4 +1,4 @@
-<button class="ui basic button tw-mr-0" hx-post="{{.Org.HomeLink}}?action={{if $.IsFollowing}}unfollow{{else}}follow{{end}}">
+<button class="ui basic button" hx-post="{{.Org.HomeLink}}?action={{if $.IsFollowing}}unfollow{{else}}follow{{end}}">
 	{{if $.IsFollowing}}
 		{{ctx.Locale.Tr "user.unfollow"}}
 	{{else}}
--- a/templates/org/header.tmpl
+++ b/templates/org/header.tmpl
@ -1,33 +1,41 @@
-<div class="ui container tw-flex">
+<div class="ui container tw-flex tw-gap-x-4">
 	{{ctx.AvatarUtils.Avatar .Org 100 "org-avatar"}}
 	<div id="org-info" class="tw-flex tw-flex-col">
-		<div class="ui header">
+		<div class="org-header tw-flex">
 			<div class="org-title">
-				{{.Org.DisplayName}}
+				<h1>{{.Org.DisplayName}}</h1>
 				<span class="org-visibility">
 					{{if .Org.Visibility.IsLimited}}<span class="ui large horizontal label">{{ctx.Locale.Tr "org.settings.visibility.limited_shortname"}}</span>{{end}}
 					{{if .Org.Visibility.IsPrivate}}<span class="ui large horizontal label">{{ctx.Locale.Tr "org.settings.visibility.private_shortname"}}</span>{{end}}
 				</span>
 			</div>
-			<span class="tw-flex tw-items-center button-row tw-ml-auto tw-text-16 tw-whitespace-nowrap">
+			<span class="button-sequence tw-items-center tw-ml-auto tw-whitespace-nowrap">
 				{{if .EnableFeed}}
 					<a class="ui basic label button tw-mr-0" href="{{.Org.HomeLink}}.rss" data-tooltip-content="{{ctx.Locale.Tr "rss_feed"}}">
 						{{svg "octicon-rss" 24}}
 					</a>
 				{{end}}
 				{{if .IsSigned}}
 					{{template "org/follow_unfollow" .}}
 				{{end}}
 				{{if .IsOrganizationMember}}
-					<a class="ui basic button tw-mr-0" href="{{.OrgLink}}/dashboard">{{ctx.Locale.Tr "org.open_dashboard"}}</a>
+					<a class="ui basic button" href="{{.OrgLink}}/dashboard">{{ctx.Locale.Tr "org.open_dashboard"}}</a>
 				{{end}}
-				{{if and .IsModerationEnabled .IsSigned (not .IsOrganizationOwner)}}
+				{{$moderationEntryNeeded := and .IsModerationEnabled .IsSigned (not .IsOrganizationOwner)}}
-					<button class="ui dropdown icon button" data-tooltip-content="{{ctx.Locale.Tr "repo.more_operations"}}" aria-label="{{ctx.Locale.Tr "toggle_menu"}}">
+				{{if or .EnableFeed $moderationEntryNeeded}}
-						{{svg "octicon-kebab-horizontal" 14}}
+					<details class="dropdown dir-rtl">
-						<div class="menu top left">
+						<summary data-tooltip-content="{{ctx.Locale.Tr "profile.actions.tooltip"}}">{{svg "octicon-kebab-horizontal" 20}}</summary>
-							<a class="item context" href="{{AppSubUrl}}/report_abuse?type=org&id={{$.Org.ID}}">{{ctx.Locale.Tr "moderation.report_abuse"}}</a>
+						<ul>
-						</div>
+							{{if .EnableFeed}}
-					</button>
+								<li>
 									<a class="item" href="{{.Org.HomeLink}}.rss">{{svg "octicon-rss"}}{{ctx.Locale.Tr "rss_feed"}}</a>
 								</li>
 								<li>
 									<a class="item" href="{{.Org.HomeLink}}.atom">{{svg "octicon-rss"}}{{ctx.Locale.Tr "feed.atom.link"}}</a>
 								</li>
 							{{end}}
 							{{if $moderationEntryNeeded}}
 								<li>
 									<a class="item orange text" href="{{AppSubUrl}}/report_abuse?type=org&id={{$.Org.ID}}">{{svg "octicon-stop"}}{{ctx.Locale.Tr "moderation.report_abuse"}}</a>
 								</li>
 							{{end}}
 						</ul>
 					</details>
 				{{end}}
 			</span>
 		</div>
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@ -548,14 +548,15 @@
 					<span class="badge">{{svg "octicon-eye"}}</span>
 					{{template "shared/user/avatarlink" dict "user" .Poster}}
 					<span class="text grey muted-links">
 						{{template "shared/user/authorlink" .Poster}}
 						{{if and (eq (len .RemovedRequestReview) 1) (eq (len .AddedRequestReview) 0) (eq ((index .RemovedRequestReview 0).ID) .PosterID) (eq ((index .RemovedRequestReview 0).Type) "user")}}
 							<span class="review-request-list">{{ctx.Locale.Tr "repo.issues.review.remove_review_request_self" $createdStr}}</span>
 						{{else if and .AddedRequestReview (not .RemovedRequestReview)}}
-							{{ctx.Locale.TrN (len .AddedRequestReview) "repo.issues.review.add_review_request" "repo.issues.review.add_review_requests" (RenderReviewRequest .AddedRequestReview) $createdStr}}
+							{{ctx.Locale.TrN (len .AddedRequestReview) "repo.issues.review.add_review_request" "repo.issues.review.add_review_requests" (RenderReviewRequest $.Context .AddedRequestReview) $createdStr}}
 						{{else if and (not .AddedRequestReview) .RemovedRequestReview}}
-							{{ctx.Locale.TrN (len .RemovedRequestReview) "repo.issues.review.remove_review_request" "repo.issues.review.remove_review_requests" (RenderReviewRequest .RemovedRequestReview) $createdStr}}
+							{{ctx.Locale.TrN (len .RemovedRequestReview) "repo.issues.review.remove_review_request" "repo.issues.review.remove_review_requests" (RenderReviewRequest $.Context .RemovedRequestReview) $createdStr}}
 						{{else}}
-							{{ctx.Locale.Tr "repo.issues.review.add_remove_review_requests" (RenderReviewRequest .AddedRequestReview) (RenderReviewRequest .RemovedRequestReview) $createdStr}}
+							{{ctx.Locale.Tr "repo.issues.review.add_remove_review_requests" (RenderReviewRequest $.Context .AddedRequestReview) (RenderReviewRequest $.Context .RemovedRequestReview) $createdStr}}
 						{{end}}
 					</span>
 				</div>
--- a/templates/repo/settings/lfs_file.tmpl
+++ b/templates/repo/settings/lfs_file.tmpl
@ -31,10 +31,12 @@
 									<strong>{{ctx.Locale.Tr "repo.audio_not_supported_in_browser"}}</strong>
 								</audio>
 							{{else if .IsPDFFile}}
-								<div class="pdf-content is-loading" data-src="{{$.RawFileLink}}" data-fallback-button-text="{{ctx.Locale.Tr "repo.diff.view_file"}}"></div>
+								<lazy-webc tag="pdf-object" src="{{$.RawFileLink}}">
 									<a href="{{$.RawFileLink}}" class="ui basic button">{{ctx.Locale.Tr "repo.diff.view_file"}}</a>
 								</lazy-webc>
 							{{else if .Is3DModelFile}}
 								{{if .IsGLBFile}}
-									<model-viewer src="{{$.RawFileLink}}" ar shadow-intensity="2" camera-controls touch-action="pan-y"></model-viewer>
+									<lazy-webc tag="model-viewer" src="{{$.RawFileLink}}" ar shadow-intensity="2" camera-controls touch-action="pan-y"></lazy-webc>
 								{{else}}
 									<a href="{{$.RawFileLink}}" rel="nofollow">{{ctx.Locale.Tr "repo.file_view_raw"}}!</a>
 								{{end}}
--- a/templates/repo/view_file.tmpl
+++ b/templates/repo/view_file.tmpl
@ -127,10 +127,12 @@
 							<strong>{{ctx.Locale.Tr "repo.audio_not_supported_in_browser"}}</strong>
 						</audio>
 					{{else if .IsPDFFile}}
-						<div class="pdf-content is-loading" data-src="{{$.RawFileLink}}" data-fallback-button-text="{{ctx.Locale.Tr "repo.diff.view_file"}}"></div>
+						<lazy-webc tag="pdf-object" src="{{$.RawFileLink}}">
 							<a href="{{$.RawFileLink}}" class="ui basic button">{{ctx.Locale.Tr "repo.diff.view_file"}}</a>
 						</lazy-webc>
 					{{else if .Is3DModelFile}}
 						{{if .IsGLBFile}}
-							<model-viewer src="{{$.RawFileLink}}" ar shadow-intensity="2" camera-controls touch-action="pan-y"></model-viewer>
+							<lazy-webc tag="model-viewer" src="{{$.RawFileLink}}" ar shadow-intensity="2" camera-controls touch-action="pan-y"></lazy-webc>
 						{{else}}
 							<a href="{{$.RawFileLink}}" rel="nofollow">{{ctx.Locale.Tr "repo.file_view_raw"}}</a>
 						{{end}}
--- a/tests/e2e/markup.test.e2e.ts
+++ b/tests/e2e/markup.test.e2e.ts
@ -5,7 +5,8 @@
 import {expect} from '@playwright/test';
 import {save_visual, test} from './utils_e2e.ts';
-test('markup with #xyz-mode-only', async ({page}) => {
+test('markup with #xyz-mode-only', async ({page}, workerInfo) => {
  test.skip(['webkit', 'Mobile Safari'].includes(workerInfo.project.name), 'Newest version contains a regression');
  const response = await page.goto('/user2/repo1/issues/1');
  expect(response?.status()).toBe(200);
--- a/tests/integration/admin_moderation_test.go
+++ b/tests/integration/admin_moderation_test.go
@ -0,0 +1,158 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 package integration
 import (
 	"net/http"
 	"strings"
 	"testing"
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
 	"forgejo.org/routers"
 	"forgejo.org/tests"
 	"github.com/stretchr/testify/assert"
 )
 func testReportDetails(t *testing.T, htmlDoc *HTMLDoc, reportID, contentIcon, contentRef, contentURL, category, reportsNo string) {
 	// Check icon octicon
 	icon := htmlDoc.Find("#report-" + reportID + " svg." + contentIcon)
 	assert.Equal(t, 1, icon.Length())
 	// Check content reference and URL
 	title := htmlDoc.Find("#report-" + reportID + " .flex-item-main .flex-item-title a")
 	if len(contentURL) == 0 {
 		// No URL means that the content was already deleted, so we should not find the anchor element.
 		assert.Zero(t, title.Length())
 		// Instead we should find an emphasis element.
 		title = htmlDoc.Find("#report-" + reportID + " .flex-item-main .flex-item-title em")
 		assert.Equal(t, 1, title.Length())
 		assert.Equal(t, contentRef, title.Text())
 	} else {
 		assert.Equal(t, 1, title.Length())
 		assert.Equal(t, contentRef, title.Text())
 		href, exists := title.Attr("href")
 		assert.True(t, exists)
 		assert.Equal(t, contentURL, href)
 	}
 	// Check category
 	cat := htmlDoc.Find("#report-" + reportID + " .flex-item-main .flex-items-inline .item:nth-child(3)")
 	assert.Equal(t, 1, cat.Length())
 	assert.Equal(t, category, strings.TrimSpace(cat.Text()))
 	// Check number of reports for the same content
 	count := htmlDoc.Find("#report-" + reportID + " a span")
 	assert.Equal(t, 1, count.Length())
 	assert.Equal(t, reportsNo, count.Text())
 }
 func TestAdminModerationViewReports(t *testing.T) {
 	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAdminModerationViewReports")()
 	defer tests.PrepareTestEnv(t)()
 	t.Run("Moderation enabled", func(t *testing.T) {
 		defer test.MockVariableValue(&setting.Moderation.Enabled, true)()
 		defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 		t.Run("Anonymous user", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			req := NewRequest(t, "GET", "/admin/moderation/reports")
 			MakeRequest(t, req, http.StatusSeeOther)
 			req = NewRequest(t, "GET", "/admin/moderation/reports/type/1/id/1002")
 			MakeRequest(t, req, http.StatusSeeOther)
 		})
 		t.Run("Normal user", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			session := loginUser(t, "user2")
 			req := NewRequest(t, "GET", "/admin/moderation/reports")
 			session.MakeRequest(t, req, http.StatusForbidden)
 			req = NewRequest(t, "GET", "/admin/moderation/reports/type/1/id/1002")
 			session.MakeRequest(t, req, http.StatusForbidden)
 		})
 		t.Run("Admin user", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			session := loginUser(t, "user1")
 			req := NewRequest(t, "GET", "/admin/moderation/reports")
 			resp := session.MakeRequest(t, req, http.StatusOK)
 			htmlDoc := NewHTMLParser(t, resp.Body)
 			// Check how many reports are being displayed.
 			// Reports linked to the same content (type and id) should be grouped; therefore we should see only 6 instead of 9.
 			reports := htmlDoc.Find(".admin-setting-content .flex-list .flex-item.report")
 			assert.Equal(t, 7, reports.Length())
 			// Check details for shown reports.
 			testReportDetails(t, htmlDoc, "1", "octicon-person", "@SPAM-services", "/SPAM-services", "Illegal content", "1")
 			testReportDetails(t, htmlDoc, "2", "octicon-repo", "SPAM-services/spammer-Tools", "/SPAM-services/spammer-Tools", "Illegal content", "1")
 			testReportDetails(t, htmlDoc, "3", "octicon-issue-opened", "SPAM-services/spammer-Tools#1", "/SPAM-services/spammer-Tools/issues/1", "Spam", "1")
 			// #4 is combined with #7 and #9
 			testReportDetails(t, htmlDoc, "4", "octicon-person", "@spammer01", "/spammer01", "Spam", "3")
 			// #5 is combined with #6
 			testReportDetails(t, htmlDoc, "5", "octicon-comment", "contributor/first/issues/1#issuecomment-1001", "/contributor/first/issues/1#issuecomment-1001", "Malware", "2")
 			testReportDetails(t, htmlDoc, "8", "octicon-issue-opened", "contributor/first#1", "/contributor/first/issues/1", "Other violations of platform rules", "1")
 			// #10 is for a Ghost user
 			testReportDetails(t, htmlDoc, "10", "octicon-person", "Reported content with type 1 and id 9999 no longer exists", "", "Other violations of platform rules", "1")
 			t.Run("reports details page", func(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()
 				req = NewRequest(t, "GET", "/admin/moderation/reports/type/1/id/1002")
 				resp = session.MakeRequest(t, req, http.StatusOK)
 				htmlDoc = NewHTMLParser(t, resp.Body)
 				// Check the title (content reference) and corresponding URL
 				title := htmlDoc.Find(".admin-setting-content .flex-item-main .flex-item-title a")
 				assert.Equal(t, 1, title.Length())
 				assert.Equal(t, "spammer01", title.Text())
 				href, exists := title.Attr("href")
 				assert.True(t, exists)
 				assert.Equal(t, "/spammer01", href)
 				// Check how many reports are being displayed for user 1002.
 				reports = htmlDoc.Find(".admin-setting-content .flex-list .flex-item")
 				assert.Equal(t, 3, reports.Length())
 			})
 		})
 	})
 	t.Run("Moderation disabled", func(t *testing.T) {
 		t.Run("Anonymous user", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			req := NewRequest(t, "GET", "/admin/moderation/reports")
 			MakeRequest(t, req, http.StatusNotFound)
 			req = NewRequest(t, "GET", "/admin/moderation/reports/type/1/id/1002")
 			MakeRequest(t, req, http.StatusNotFound)
 		})
 		t.Run("Normal user", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			session := loginUser(t, "user2")
 			req := NewRequest(t, "GET", "/admin/moderation/reports")
 			session.MakeRequest(t, req, http.StatusNotFound)
 			req = NewRequest(t, "GET", "/admin/moderation/reports/type/1/id/1002")
 			session.MakeRequest(t, req, http.StatusNotFound)
 		})
 		t.Run("Admin user", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			session := loginUser(t, "user1")
 			req := NewRequest(t, "GET", "/admin/moderation/reports")
 			session.MakeRequest(t, req, http.StatusNotFound)
 			req = NewRequest(t, "GET", "/admin/moderation/reports/type/1/id/1002")
 			session.MakeRequest(t, req, http.StatusNotFound)
 		})
 	})
 }
--- a/tests/integration/api_packages_cargo_test.go
+++ b/tests/integration/api_packages_cargo_test.go
@ -441,7 +441,7 @@ func TestRebuildCargo(t *testing.T) {
 			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
-			assert.Equal(t, "success%3DThe%2BCargo%2Bindex%2Bwas%2Bsuccessfully%2Brebuild.", flashCookie.Value)
+			assert.Equal(t, "success%3DThe%2BCargo%2Bindex%2Bwas%2Bsuccessfully%2Brebuilt.", flashCookie.Value)
 		})
 	})
 }
--- a/tests/integration/fixtures/TestAdminModerationViewReports/abuse_report.yml
+++ b/tests/integration/fixtures/TestAdminModerationViewReports/abuse_report.yml
@ -0,0 +1,111 @@
 -
  id: 1
  status: 1         # Open
  reporter_id: 1004 # @reporter1
  content_type: 1   # User (users or organizations)
  content_id: 1003  # @SPAM-services
  category: 4       # IllegalContent
  remarks: This organization was created for spamming.
  shadow_copy_id: null
  created_unix: 1121423460 # 2005-07-15 10:31:00
 -
  id: 2
  status: 1
  reporter_id: 1004 # @reporter1
  content_type: 2   # Repository
  content_id: 1002  # SPAM-services/spammer-tools
  category: 4       # IllegalContent
  remarks: This repository was created for building spamming tools.
  shadow_copy_id: null
  created_unix: 1121423520 # 2005-07-15 10:32:00
 -
  id: 3
  status: 1
  reporter_id: 1004 # @reporter1
  content_type: 3   # Issue (issues or pull requests)
  content_id: 1002  # SPAM-services/spammer-tools#1
  category: 2       # Spam
  remarks: This issue advertises spam services.
  shadow_copy_id: null
  created_unix: 1121423580 # 2005-07-15 10:33:00
 -
  id: 4
  status: 1
  reporter_id: 1004 # @reporter1
  content_type: 1   # User (users or organizations)
  content_id: 1002  # @spammer01
  category: 2       # Spam
  remarks: |
    This profile advertises spam services and the user already created spam content.
    I have reported some of them.
  shadow_copy_id: null
  created_unix: 1121423640 # 2005-07-15 10:34:00
 -
  id: 5
  status: 1
  reporter_id: 1004 # @reporter1
  content_type: 4   # Comment
  content_id: 1001  # contributor/first/issues/1#issuecomment-1001
  category: 3       # Malware
  remarks: This comment references a spammy issue from a spammy repository of a spammy organization created by a spammer.
  shadow_copy_id: null
  created_unix: 1121423700 # 2005-07-15 10:35:00
 -
  id: 6
  status: 1
  reporter_id: 1001 # @contributor
  content_type: 4   # Comment
  content_id: 1001  # contributor/first/issues/1#issuecomment-1001
  category: 2       # Spam
  remarks: I should delete this, since I can; but first I want to test the reporting functionality.
  shadow_copy_id: null
  created_unix: 1121423730 # 2005-07-15 10:35:30
 -
  id: 7
  status: 1
  reporter_id: 1001 # @contributor
  content_type: 1   # User (users or organizations)
  content_id: 1002  # @spammer01
  category: 1       # Other
  remarks: Should investigate the origin of this abuser.
  shadow_copy_id: null
  created_unix: 1121423760 # 2005-07-15 10:36:00
 -
  id: 8
  status: 1
  reporter_id: 1002 # @spammer01
  content_type: 3   # Issue (issues or pull requests)
  content_id: 1001  # contributor/first#1
  category: 1       # Other
  remarks: Just because you are the administrator of this Forgejo instance this doesn't mean that you should be more privileged compared to the rest of average users. I believe it is my right to post links to external websites where users can find more about myself and my own work, even if they are professional services. I strongly believe you should reconsider your totalitarian behaviour. The users of this instance deserve better, more inclusive rules that should prevent abuses from administrators or mod.
  shadow_copy_id: null
  created_unix: 1121424000 # 2005-07-15 10:40:00
 -
  id: 9
  status: 1
  reporter_id: 1005 # @reporter2
  content_type: 1   # User (users or organizations)
  content_id: 1002  # @spammer01
  category: 2       # Spam
  remarks: This user is just spamming wherever they can.
  shadow_copy_id: null
  created_unix: 1121424030 # 2005-07-15 10:40:30
 -
  id: 10
  status: 1
  reporter_id: 1005 # @reporter2
  content_type: 1   # User (users or organizations)
  content_id: 9999  # Ghost user
  category: 1       # Other
  remarks: Check this spammer as soon as possible, before they delete their account.
  shadow_copy_id: null
  created_unix: 1121424150 # 2005-07-15 10:42:30
--- a/tests/integration/fixtures/TestAdminModerationViewReports/comment.yml
+++ b/tests/integration/fixtures/TestAdminModerationViewReports/comment.yml
@ -0,0 +1,21 @@
 -
  id: 1001
  type: 0 # Standard comment
  poster_id: 1002 # @spammer01
  issue_id: 1001 # contributor/first#1
  content: And the first spammer; check SPAM-services/spammer-Tools#1
  created_unix: 1121422990 # 2005-07-15 10:23:10
 -
  id: 1002
  type: 5 # Reference from a comment
  poster_id: 1002 # @spammer01
  issue_id: 1002 # SPAM-services/spammer-tools#1
  content: ''
  content_version: 0
  created_unix: 1121422990
  ref_repo_id: 1001
  ref_issue_id: 1001
  ref_comment_id: 1001
  ref_action: 0
  ref_is_pull: false
--- a/tests/integration/fixtures/TestAdminModerationViewReports/issue.yml
+++ b/tests/integration/fixtures/TestAdminModerationViewReports/issue.yml
@ -0,0 +1,23 @@
 -
  id: 1001
  repo_id: 1001 # contributor/first
  index: 1
  poster_id: 1001
  name: first repo should have a first issue
  content: so here we go
  is_closed: false
  is_pull: false
  num_comments: 1
  created_unix: 1121422320 # 2005-07-15 10:12:00
 -
  id: 1002
  repo_id: 1002 # SPAM-services/spammer-tools
  index: 1
  poster_id: 1002
  name: Professional marketing services
  content: Visit my website at spammer.xyz/services for a list of available services.
  is_closed: false
  is_pull: false
  num_comments: 0
  created_unix: 1121422980 # 2005-07-15 10:23:00
--- a/tests/integration/fixtures/TestAdminModerationViewReports/issue_index.yml
+++ b/tests/integration/fixtures/TestAdminModerationViewReports/issue_index.yml
@ -0,0 +1,7 @@
 -
  group_id: 1001
  max_index: 1
 -
  group_id: 1002
  max_index: 1
--- a/tests/integration/fixtures/TestAdminModerationViewReports/repository.yml
+++ b/tests/integration/fixtures/TestAdminModerationViewReports/repository.yml
@ -0,0 +1,45 @@
 -
  id: 1001
  owner_id: 1001
  owner_name: contributor
  lower_name: first
  name: first
  description: ''
  website: ''
  default_branch: main
  num_watches: 1
  num_stars: 0
  num_forks: 0
  num_issues: 1
  num_closed_issues: 0
  num_pulls: 0
  num_closed_pulls: 0
  is_private: false
  is_empty: false
  is_archived: false
  size: 0
  topics: '[]'
  created_unix: 1121422260 # 2005-07-15 10:11:00
 -
  id: 1002
  owner_id: 1003
  owner_name: SPAM-services
  lower_name: spammer-tools
  name: spammer-Tools
  description: Another _place_ for abusive content.
  website: ''
  default_branch: main
  num_watches: 1
  num_stars: 0
  num_forks: 0
  num_issues: 1
  num_closed_issues: 0
  num_pulls: 0
  num_closed_pulls: 0
  is_private: false
  is_empty: false
  is_archived: false
  size: 0
  topics: "[\"bulk-email\",\"email-services\",\"spam\",\"spamservices.co\"]"
  created_unix: 1121422920 # 2005-07-15 10:22:00
--- a/tests/integration/fixtures/TestAdminModerationViewReports/user.yml
+++ b/tests/integration/fixtures/TestAdminModerationViewReports/user.yml
@ -0,0 +1,108 @@
 -
  id: 1001
  lower_name: contributor
  name: contributor
  full_name: The Contributor
  email: contributor@example.org
  keep_email_private: true
  passwd: passwdSalt:password
  passwd_hash_algo: dummy
  type: 0
  salt: passwdSalt
  description: ''
  created_unix: 1121422200 # 2005-07-15 10:10:00
  is_active: true
  is_admin: false
  is_restricted: false
  avatar: avatar-hash-1001
  avatar_email: contributor@example.org
  use_custom_avatar: false
  num_repos: 1
 -
  id: 1002
  lower_name: spammer01
  name: spammer01
  full_name: King of SPAM
  email: spammer01@example.org
  keep_email_private: false
  passwd: passwdSalt:password
  passwd_hash_algo: dummy
  type: 0
  location: '@master@smap.net'
  website: http://spammer.xyz
  pronouns: http://spam.me
  salt: passwdSalt
  description: I can help you abuse others inboxes. Updated prices on spammer.xyz/services
  created_unix: 1121422800 # 2005-07-15 10:20:00
  is_active: true
  is_admin: false
  is_restricted: false
  avatar: avatar-hash-1002
  avatar_email: spammer01@example.org
  use_custom_avatar: false
 -
  id: 1003
  lower_name: spam-services
  name: SPAM-services
  full_name: SPAM services
  email: get@spamservices.co
  keep_email_private: false
  email_notifications_preference: ''
  passwd: ''
  passwd_hash_algo: ''
  type: 1
  location: www.spamservices.co
  website: https://spamservices.co
  salt: 1888c34e04642082a791b49cf147cc88
  description: Contact us for **bulk emails** sending.
  created_unix: 1121422860 # 2005-07-15 10:21:00
  is_active: true
  is_admin: false
  is_restricted: false
  allow_create_organization: false
  avatar: avatar-hash-1003
  avatar_email: ''
  use_custom_avatar: true
  num_repos: 1
 -
  id: 1004
  lower_name: reporter1
  name: reporter1
  full_name: Reporter One
  email: reporter1@example.org
  keep_email_private: true
  passwd: passwdSalt:password
  passwd_hash_algo: dummy
  type: 0
  salt: passwdSalt
  description: ''
  created_unix: 1121423400 # 2005-07-15 10:30:00
  is_active: true
  is_admin: false
  is_restricted: false
  avatar: avatar-hash-1004
  avatar_email: reporter1@example.org
  use_custom_avatar: false
 -
  id: 1005
  lower_name: reporter2
  name: reporter2
  full_name: Reporter Two
  email: reporter2@example.org
  keep_email_private: true
  passwd: passwdSalt:password
  passwd_hash_algo: dummy
  type: 0
  salt: passwdSalt
  description: ''
  created_unix: 1121424000 # 2005-07-15 10:40:00
  is_active: true
  is_admin: false
  is_restricted: false
  avatar: avatar-hash-1005
  avatar_email: reporter2@example.org
  use_custom_avatar: false
--- a/tests/integration/issue_comment_test.go
+++ b/tests/integration/issue_comment_test.go
@ -5,13 +5,20 @@ package integration
 import (
 	"net/http"
 	"strconv"
 	"strings"
 	"testing"
 	"forgejo.org/models/db"
 	issues_model "forgejo.org/models/issues"
 	org_model "forgejo.org/models/organization"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/tests"
 	"github.com/PuerkitoBio/goquery"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 func testIssueCommentChangeEvent(t *testing.T, htmlDoc *HTMLDoc, commentID, badgeOcticon, avatarTitle, avatarLink string, texts, links []string) {
@ -238,6 +245,76 @@ func TestIssueCommentChangeAssignee(t *testing.T) {
 		[]string{"/user2"})
 }
 func TestIssueCommentChangeReviewRequest(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	pull := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 6})
 	require.NoError(t, pull.LoadIssue(db.DefaultContext))
 	issue := pull.Issue
 	require.NoError(t, issue.LoadRepo(db.DefaultContext))
 	user1, err := user_model.GetUserByID(db.DefaultContext, 1)
 	require.NoError(t, err)
 	user2, err := user_model.GetUserByID(db.DefaultContext, 2)
 	require.NoError(t, err)
 	team1, err := org_model.GetTeamByID(db.DefaultContext, 2)
 	require.NoError(t, err)
 	assert.NotNil(t, team1)
 	// Request from other
 	comment1, err := issues_model.AddReviewRequest(db.DefaultContext, issue, user2, user1)
 	require.NoError(t, err)
 	// Refuse review
 	comment2, err := issues_model.RemoveReviewRequest(db.DefaultContext, issue, user2, user2)
 	require.NoError(t, err)
 	// Request from other
 	comment3, err := issues_model.AddReviewRequest(db.DefaultContext, issue, user2, user1)
 	require.NoError(t, err)
 	// Request from team
 	comment4, err := issues_model.AddTeamReviewRequest(db.DefaultContext, issue, team1, user1)
 	require.NoError(t, err)
 	// Remove request from team
 	comment5, err := issues_model.RemoveTeamReviewRequest(db.DefaultContext, issue, team1, user2)
 	require.NoError(t, err)
 	// Request from other
 	comment6, err := issues_model.AddReviewRequest(db.DefaultContext, issue, user1, user2)
 	require.NoError(t, err)
 	session := loginUser(t, "user2")
 	req := NewRequest(t, "GET", "/org3/repo3/pulls/2")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc := NewHTMLParser(t, resp.Body)
 	// Request from other
 	testIssueCommentChangeEvent(t, htmlDoc, strconv.FormatInt(comment1.ID, 10),
 		"octicon-eye", "User One", "/user1",
 		[]string{"user1 requested review from user2"},
 		[]string{"/user1", "/user2"})
 	// Refuse review
 	testIssueCommentChangeEvent(t, htmlDoc, strconv.FormatInt(comment2.ID, 10),
 		"octicon-eye", "< U<se>r Tw<o > ><", "/user2",
 		[]string{"user2 refused to review"},
 		[]string{"/user2"})
 	// Request review from other and from team
 	testIssueCommentChangeEvent(t, htmlDoc, strconv.FormatInt(comment3.ID, 10),
 		"octicon-eye", "User One", "/user1",
 		[]string{"user1 requested reviews from user2, team1"},
 		[]string{"/user1", "/user2", "/org/org3/teams/team1"})
 	assert.Empty(t, htmlDoc.Find("#issuecomment-"+strconv.FormatInt(comment4.ID, 10)+" .text").Text())
 	// Remove and add request
 	testIssueCommentChangeEvent(t, htmlDoc, strconv.FormatInt(comment5.ID, 10),
 		"octicon-eye", "< U<se>r Tw<o > ><", "/user2",
 		[]string{"user2 requested reviews from user1 and removed review requests for team1"},
 		[]string{"/user2", "/user1", "/org/org3/teams/team1"})
 	assert.Empty(t, htmlDoc.Find("#issuecomment-"+strconv.FormatInt(comment6.ID, 10)+" .text").Text())
 }
 func TestIssueCommentChangeLock(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
--- a/tests/integration/org_profile_test.go
+++ b/tests/integration/org_profile_test.go
@ -104,5 +104,51 @@ quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequa
 				assert.NotContains(t, resp.Body.String(), "veniam")
 			})
 		})
 		t.Run("More actions - feeds only", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			defer test.MockVariableValue(&setting.Other.EnableFeed, true)()
 			defer test.MockVariableValue(&setting.Moderation.Enabled, false)()
 			// Both guests and logged in users should see the feed option
 			doc := NewHTMLParser(t, MakeRequest(t, NewRequest(t, "GET", "/org3"), http.StatusOK).Body)
 			doc.AssertElement(t, "details.dropdown a[href='/org3.rss']", true)
 			doc.AssertElement(t, "details.dropdown a[href^='/report_abuse']", false)
 			doc = NewHTMLParser(t, loginUser(t, "user10").MakeRequest(t, NewRequest(t, "GET", "/org3"), http.StatusOK).Body)
 			doc.AssertElement(t, "details.dropdown a[href='/org3.rss']", true)
 			doc.AssertElement(t, "details.dropdown a[href^='/report_abuse']", false)
 		})
 		t.Run("More actions - none", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			defer test.MockVariableValue(&setting.Other.EnableFeed, false)()
 			defer test.MockVariableValue(&setting.Moderation.Enabled, false)()
 			// The dropdown won't appear if no entries are available, for both guests and logged in users
 			doc := NewHTMLParser(t, MakeRequest(t, NewRequest(t, "GET", "/org3"), http.StatusOK).Body)
 			doc.AssertElement(t, "details.dropdown", false)
 			doc = NewHTMLParser(t, loginUser(t, "user10").MakeRequest(t, NewRequest(t, "GET", "/org3"), http.StatusOK).Body)
 			doc.AssertElement(t, "details.dropdown", false)
 		})
 		t.Run("More actions - moderation", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			defer test.MockVariableValue(&setting.Other.EnableFeed, false)()
 			defer test.MockVariableValue(&setting.Moderation.Enabled, true)()
 			// The report option shouldn't be available to a guest
 			doc := NewHTMLParser(t, MakeRequest(t, NewRequest(t, "GET", "/org3"), http.StatusOK).Body)
 			doc.AssertElement(t, "details.dropdown", false)
 			// But should be available to a logged in user
 			doc = NewHTMLParser(t, loginUser(t, "user10").MakeRequest(t, NewRequest(t, "GET", "/org3"), http.StatusOK).Body)
 			doc.AssertElement(t, "details.dropdown a[href^='/report_abuse']", true)
 			// But the org owner shouldn't see the report option
 			doc = NewHTMLParser(t, loginUser(t, "user1").MakeRequest(t, NewRequest(t, "GET", "/org3"), http.StatusOK).Body)
 			doc.AssertElement(t, "details.dropdown", false)
 		})
 	})
 }
--- a/tests/integration/pull_merge_test.go
+++ b/tests/integration/pull_merge_test.go
@ -1135,3 +1135,32 @@ func TestPullDeleteBranchPerms(t *testing.T) {
 		user4Session.MakeRequest(t, req, http.StatusOK)
 	})
 }
 // Test that rebasing only happens when its necessary.
 func TestRebaseWhenNecessary(t *testing.T) {
 	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
 		session := loginUser(t, "user1")
 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
 		testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")
 		resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master", "This is a pull title")
 		pullLink := test.RedirectURL(resp)
 		resp = session.MakeRequest(t, NewRequest(t, "GET", test.RedirectURL(resp)+"/commits"), http.StatusOK)
 		htmlDoc := NewHTMLParser(t, resp.Body)
 		commitLinkBefore, ok := htmlDoc.Find("a.sha").Attr("href")
 		assert.True(t, ok)
 		commitBefore := commitLinkBefore[strings.LastIndexByte(commitLinkBefore, '/'):]
 		elem := strings.Split(pullLink, "/")
 		testPullMerge(t, session, elem[1], elem[2], elem[4], repo_model.MergeStyleRebase, false)
 		resp = session.MakeRequest(t, NewRequest(t, "GET", "/user2/repo1"), http.StatusOK)
 		htmlDoc = NewHTMLParser(t, resp.Body)
 		commitLinkAfter, ok := htmlDoc.Find(".latest-commit a.sha").Attr("href")
 		assert.True(t, ok)
 		commitAfter := commitLinkAfter[strings.LastIndexByte(commitLinkAfter, '/'):]
 		assert.Equal(t, commitBefore, commitAfter)
 	})
 }
--- a/web_src/css/modules/animations.css
+++ b/web_src/css/modules/animations.css
@ -3,11 +3,13 @@
  100% { transform: translate(-50%, -50%) rotate(360deg); }
 }
 lazy-webc,
 .is-loading {
  pointer-events: none !important;
  position: relative !important;
 }
 lazy-webc > *,
 .is-loading > * {
  opacity: 0.3;
 }
@ -17,6 +19,7 @@
  opacity: 0;
 }
 lazy-webc::after,
 .is-loading::after {
  content: "";
  position: absolute;
@ -52,8 +55,7 @@ form.single-button-form.is-loading .button {
 }
 .markup pre.is-loading,
-.editor-loading.is-loading,
+.editor-loading.is-loading {
 .pdf-content.is-loading {
  height: var(--height-loading);
 }
--- a/web_src/css/modules/dropdown.css
+++ b/web_src/css/modules/dropdown.css
@ -99,7 +99,13 @@ details.dropdown > summary + ul > li:last-child {
 /* Note: https://css-tricks.com/css-anchor-positioning-guide/
 *  looks like a great thing but FF still doesn't support it. */
-/* Note: dropdown.dir-rtl can be implemented when needed, e.g. for navbar profile dropdown on desktop layout. */
+details.dropdown.dir-rtl > summary + ul {
  inset-inline: 0 auto;
  direction: rtl;
 }
 details.dropdown.dir-rtl > summary + ul > li {
  direction: ltr;
 }
 details.dropdown > summary + ul > li > .item {
  padding: var(--dropdown-item-padding);
--- a/web_src/css/org.css
+++ b/web_src/css/org.css
@ -89,28 +89,29 @@
  text-align: center;
 }
 .page-content.organization .org-avatar {
  margin-right: 15px;
 }
 .page-content.organization #org-info {
  overflow-wrap: anywhere;
  flex: 1;
 }
-.page-content.organization #org-info .ui.header {
+.page-content.organization #org-info .org-title {
  display: flex;
  column-gap: 1rem;
  align-items: center;
-  font-size: 36px;
+}
-  margin-bottom: 0;
+
 .page-content.organization #org-info .org-title h1 {
  margin: 0;
  font-size: 2.5rem;
 }
@media (max-width: 767.98px) {
-  .page-content.organization #org-info .ui.header {
+  .page-content.organization #org-info .org-header {
    flex-direction: column;
    margin-bottom: 1rem;
  }
  .page-content.organization #org-info .org-title {
    flex-wrap: wrap;
    width: 100%;
    margin-bottom: 0.5rem;
  }
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@ -415,12 +415,14 @@ td .commit-summary {
  max-width: 600px !important;
 }
 lazy-webc[tag="model-viewer"],
 model-viewer {
  width: 100%;
  height: 100vh;
 }
-.pdf-content {
+lazy-webc[tag="pdf-object"],
 pdf-object {
  width: 100%;
  height: 100vh;
  border: none !important;
@ -429,10 +431,6 @@ model-viewer {
  justify-content: center;
 }
 .pdf-content .pdf-fallback-button {
  margin: 50px auto;
 }
 .repository.file.list .non-diff-file-content .plain-text {
  padding: 1em 2em;
 }
--- a/web_src/js/index.js
+++ b/web_src/js/index.js
@ -22,8 +22,6 @@ import {initRepoIssueContentHistory} from './features/repo-issue-content.js';
 import {initStopwatch} from './features/stopwatch.js';
 import {initFindFileInRepo} from './features/repo-findfile.js';
 import {initCommentContent, initMarkupContent} from './markup/content.js';
 import {initPdfViewer} from './render/pdf.js';
 import {initGltfViewer} from './render/gltf.js';
 import {initUserAuthOauth2, initUserAuth} from './features/user-auth.js';
 import {
@ -189,8 +187,6 @@ onDomReady(() => {
  initUserAuthWebAuthnRegister();
  initUserAuth();
  initRepoDiffView();
  initPdfViewer();
  initGltfViewer();
  initScopedAccessTokenCategories();
  initColorPickers();
--- a/web_src/js/render/gltf.js
+++ b/web_src/js/render/gltf.js
@ -1,6 +0,0 @@
 export async function initGltfViewer() {
  const els = document.querySelectorAll('model-viewer');
  if (!els.length) return;
  await import(/* webpackChunkName: "@google/model-viewer" */'@google/model-viewer');
 }
--- a/web_src/js/render/pdf.js
+++ b/web_src/js/render/pdf.js
@ -1,19 +0,0 @@
 import {htmlEscape} from 'escape-goat';
 export async function initPdfViewer() {
  const els = document.querySelectorAll('.pdf-content');
  if (!els.length) return;
  const pdfobject = await import(/* webpackChunkName: "pdfobject" */'pdfobject');
  for (const el of els) {
    const src = el.getAttribute('data-src');
    const fallbackText = el.getAttribute('data-fallback-button-text');
    pdfobject.embed(src, el, {
      fallbackLink: htmlEscape`
        <a role="button" class="ui basic button pdf-fallback-button" href="[url]">${fallbackText}</a>
      `,
    });
    el.classList.remove('is-loading');
  }
 }
--- a/web_src/js/webcomponents/i18n.js
+++ b/web_src/js/webcomponents/i18n.js
@ -1,75 +0,0 @@
 const {pageData} = window.config;
 /**
 * A list of plural rules for all languages.
 * `plural_rules.go` defines the index for each of the 14 known plural rules.
 *
 * `pageData.PLURAL_RULE_LANG` is the index of the plural rule for the current language.
 * `pageData.PLURAL_RULE_FALLBACK` is the index of the plural rule for the default language,
 * to be used when a string is not translated in the current language.
 *
 * Each plural rule is a function that maps an amount `n` to the appropriate plural form index.
 * Which index means which rule is specific for each language and also defined in `plural_rules.go`.
 * The actual strings are in `pageData.PLURALSTRINGS_LANG` and `pageData.PLURALSTRINGS_FALLBACK`
 * respectively, which is an array indexed by the plural form index.
 *
 * Links to the language plural rule and form definitions:
 * https://codeberg.org/forgejo/forgejo/src/branch/forgejo/modules/translation/plural_rules.go
 * https://www.unicode.org/cldr/charts/46/supplemental/language_plural_rules.html
 * https://translate.codeberg.org/languages/$LANGUAGE_CODE/#information
 * https://github.com/WeblateOrg/language-data/blob/main/languages.csv
 */
 const PLURAL_RULES = [
  // [ 0] Common 2-form, e.g. English, German
  function (n) { return n !== 1 ? 1 : 0 },
  // [ 1] Bengali 2-form
  function (n) { return n > 1 ? 1 : 0 },
  // [ 2] Icelandic 2-form
  function (n) { return n % 10 !== 1 || n % 100 === 11 ? 1 : 0 },
  // [ 3] Filipino 2-form
  function (n) { return n !== 1 && n !== 2 && n !== 3 && (n % 10 === 4 || n % 10 === 6 || n % 10 === 9) ? 1 : 0 },
  // [ 4] One form
  function (_) { return 0 },
  // [ 5] Czech 3-form
  function (n) { return (n === 1) ? 0 : (n >= 2 && n <= 4) ? 1 : 2 },
  // [ 6] Russian 3-form
  function (n) { return n % 10 === 1 && n % 100 !== 11 ? 0 : n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2 },
  // [ 7] Polish 3-form
  function (n) { return n === 1 ? 0 : n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2 },
  // [ 8] Latvian 3-form
  function (n) { return (n % 10 === 0 || n % 100 >= 11 && n % 100 <= 19) ? 0 : ((n % 10 === 1 && n % 100 !== 11) ? 1 : 2) },
  // [ 9] Lithunian 3-form
  function (n) { return (n % 10 === 1 && (n % 100 < 11 || n % 100 > 19)) ? 0 : ((n % 10 >= 2 && n % 10 <= 9 && (n % 100 < 11 || n % 100 > 19)) ? 1 : 2) },
  // [10] French 3-form
  function (n) { return (n === 0 || n === 1) ? 0 : ((n !== 0 && n % 1000000 === 0) ? 1 : 2) },
  // [11] Catalan 3-form
  function (n) { return (n === 1) ? 0 : ((n !== 0 && n % 1000000 === 0) ? 1 : 2) },
  // [12] Slovenian 4-form
  function (n) { return n % 100 === 1 ? 0 : n % 100 === 2 ? 1 : n % 100 === 3 || n % 100 === 4 ? 2 : 3 },
  // [13] Arabic 6-form
  function (n) { return n === 0 ? 0 : n === 1 ? 1 : n === 2 ? 2 : n % 100 >= 3 && n % 100 <= 10 ? 3 : n % 100 >= 11 ? 4 : 5 },
 ];
 /**
 * Look up the correct localized plural form for amount `n` for the string with the translation key `key`.
 * If the current language does not contain a translation for this key, returns the text in the default language,
 * or `null` if `suppress_fallback` is set to `true`.
 */
 export function GetPluralizedString(key, n, suppress_fallback) {
  const result = pageData.PLURALSTRINGS_LANG[key]?.[PLURAL_RULES[pageData.PLURAL_RULE_LANG](n)];
  if (result || suppress_fallback) return result;
  return pageData.PLURALSTRINGS_FALLBACK[key][PLURAL_RULES[pageData.PLURAL_RULE_FALLBACK](n)];
 }
--- a/web_src/js/webcomponents/index.js
+++ b/web_src/js/webcomponents/index.js
@ -1,6 +1,5 @@
 import './polyfills.js';
 import './i18n.js';
 import './relative-time.js';
 import './origin-url.js';
 import './overflow-menu.js';
 import './absolute-date.js';
 import './lazy-webc.js'; // infrequently used components should be lazy-loaded with <lazy-webc tag="..." custom-attrs>...</>
--- a/web_src/js/webcomponents/lazy-webc.js
+++ b/web_src/js/webcomponents/lazy-webc.js
@ -0,0 +1,66 @@
 import {onDomReady} from '../utils/dom.js';
 /**
 * Lazy-load the promise (making it a singleton).
 * @param {()=>Promise} newPromise Promise factory.
 * @returns {()=>Promise} Singleton promise
 */
 function lazyPromise(newPromise) {
  /** @type {Promise?} */
  let p;
  return () => {
    p ??= newPromise();
    return p;
  };
 }
 // the following web components will only be loaded if present in the page (to reduce the bundle size for infrequently used components)
 const loadableComponents = {
  'model-viewer': lazyPromise(() => {
    return import(/* webpackChunkName: "model-viewer" */ '@google/model-viewer');
  }),
  'pdf-object': lazyPromise(() => {
    return import(/* webpackChunkName: "pdf-object" */ './pdf-object.js');
  }),
 };
 /**
 * Replace elt with an element having the given tag.
 * @param {HTMLElement} elt The element to replace.
 * @param {string} name The tagName of the new element.
 */
 function replaceTag(elt, name) {
  const successor = document.createElement(name);
  // Move the children to the successor
  while (elt.firstChild) {
    successor.append(elt.firstChild);
  }
  // Copy the attributes to the successor
  for (let index = elt.attributes.length - 1; index >= 0; --index) {
    successor.attributes.setNamedItem(elt.attributes[index].cloneNode());
  }
  // Replace elt with the successor
  elt.parentNode.replaceChild(successor, elt);
 }
 onDomReady(() => {
  // The lazy-webc component will replace itself with an element of the type given in the attribute tag.
  // This seems to be the best way without having to create a global mutationObserver.
  // See https://codeberg.org/forgejo/forgejo/pulls/8510 for discussion.
  window.customElements.define(
    'lazy-webc',
    class extends HTMLElement {
      connectedCallback() {
        const name = this.getAttribute('tag');
        if (loadableComponents[name]) {
          loadableComponents[name]().finally(() => {
            replaceTag(this, name);
          });
        } else {
          console.error('lazy-webc: unknown webcomponent:', name);
          replaceTag(this, name); // still replace it, maybe it was eagerly defined
        }
      }
    },
  );
 });
--- a/web_src/js/webcomponents/pdf-object.js
+++ b/web_src/js/webcomponents/pdf-object.js
@ -0,0 +1,14 @@
 import pdfobject from 'pdfobject';
 window.customElements.define(
  'pdf-object',
  class extends HTMLElement {
    connectedCallback() {
      // since the web-component is defined after the DOM is ready, it is safe to look at the children.
      const fallbackLink = this.innerHTML; // eslint-disable-line wc/no-child-traversal-in-connectedcallback
      pdfobject.embed(this.getAttribute('src'), this, {
        fallbackLink,
      });
    }
  },
 );
--- a/web_src/js/webcomponents/polyfills.js
+++ b/web_src/js/webcomponents/polyfills.js
@ -1,17 +0,0 @@
 try {
  // some browsers like PaleMoon don't have full support for Intl.NumberFormat, so do the minimum polyfill to support "relative-time-element"
  // https://repo.palemoon.org/MoonchildProductions/UXP/issues/2289
  new Intl.NumberFormat('en', {style: 'unit', unit: 'minute'}).format(1);
 } catch {
  const intlNumberFormat = Intl.NumberFormat;
  Intl.NumberFormat = function(locales, options) {
    if (options.style === 'unit') {
      return {
        format(value) {
          return ` ${value} ${options.unit}`;
        },
      };
    }
    return intlNumberFormat(locales, options);
  };
 }
--- a/web_src/js/webcomponents/relative-time.js
+++ b/web_src/js/webcomponents/relative-time.js
@ -1,4 +1,3 @@
 import {GetPluralizedString} from './i18n.js';
 import dayjs from 'dayjs';
 const {pageData} = window.config;
@ -17,8 +16,75 @@ const ABSOLUTE_DATETIME_FORMAT = new Intl.DateTimeFormat(navigator.language, {
 });
 const FALLBACK_DATETIME_FORMAT = new Intl.RelativeTimeFormat(navigator.language, {style: 'long'});
 /**
 * A list of plural rules for all languages.
 * `plural_rules.go` defines the index for each of the 14 known plural rules.
 *
 * `pageData.PLURAL_RULE_LANG` is the index of the plural rule for the current language.
 * `pageData.PLURAL_RULE_FALLBACK` is the index of the plural rule for the default language,
 * to be used when a string is not translated in the current language.
 *
 * Each plural rule is a function that maps an amount `n` to the appropriate plural form index.
 * Which index means which rule is specific for each language and also defined in `plural_rules.go`.
 * The actual strings are in `pageData.PLURALSTRINGS_LANG` and `pageData.PLURALSTRINGS_FALLBACK`
 * respectively, which is an array indexed by the plural form index.
 *
 * Links to the language plural rule and form definitions:
 * https://codeberg.org/forgejo/forgejo/src/branch/forgejo/modules/translation/plural_rules.go
 * https://www.unicode.org/cldr/charts/46/supplemental/language_plural_rules.html
 * https://translate.codeberg.org/languages/$LANGUAGE_CODE/#information
 * https://github.com/WeblateOrg/language-data/blob/main/languages.csv
 */
 const PLURAL_RULES = [
  // [ 0] Common 2-form, e.g. English, German
  function (n) { return n !== 1 ? 1 : 0 },
  // [ 1] Bengali 2-form
  function (n) { return n > 1 ? 1 : 0 },
  // [ 2] Icelandic 2-form
  function (n) { return n % 10 !== 1 || n % 100 === 11 ? 1 : 0 },
  // [ 3] Filipino 2-form
  function (n) { return n !== 1 && n !== 2 && n !== 3 && (n % 10 === 4 || n % 10 === 6 || n % 10 === 9) ? 1 : 0 },
  // [ 4] One form
  function (_) { return 0 },
  // [ 5] Czech 3-form
  function (n) { return (n === 1) ? 0 : (n >= 2 && n <= 4) ? 1 : 2 },
  // [ 6] Russian 3-form
  function (n) { return n % 10 === 1 && n % 100 !== 11 ? 0 : n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2 },
  // [ 7] Polish 3-form
  function (n) { return n === 1 ? 0 : n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2 },
  // [ 8] Latvian 3-form
  function (n) { return (n % 10 === 0 || n % 100 >= 11 && n % 100 <= 19) ? 0 : ((n % 10 === 1 && n % 100 !== 11) ? 1 : 2) },
  // [ 9] Lithunian 3-form
  function (n) { return (n % 10 === 1 && (n % 100 < 11 || n % 100 > 19)) ? 0 : ((n % 10 >= 2 && n % 10 <= 9 && (n % 100 < 11 || n % 100 > 19)) ? 1 : 2) },
  // [10] French 3-form
  function (n) { return (n === 0 || n === 1) ? 0 : ((n !== 0 && n % 1000000 === 0) ? 1 : 2) },
  // [11] Catalan 3-form
  function (n) { return (n === 1) ? 0 : ((n !== 0 && n % 1000000 === 0) ? 1 : 2) },
  // [12] Slovenian 4-form
  function (n) { return n % 100 === 1 ? 0 : n % 100 === 2 ? 1 : n % 100 === 3 || n % 100 === 4 ? 2 : 3 },
  // [13] Arabic 6-form
  function (n) { return n === 0 ? 0 : n === 1 ? 1 : n === 2 ? 2 : n % 100 >= 3 && n % 100 <= 10 ? 3 : n % 100 >= 11 ? 4 : 5 },
 ];
 /**
 * Look up the correct localized plural form for amount `n` for the string with the translation key `key`.
 * If the current language does not contain a translation for this key, fallback to the browser's formatting.
 */
 function GetPluralizedStringOrFallback(key, n, unit) {
-  const translation = GetPluralizedString(key, n, true);
+  const translation = pageData.PLURALSTRINGS_LANG[key]?.[PLURAL_RULES[pageData.PLURAL_RULE_LANG](n)];
  if (translation) return translation.replace('%d', n);
  return FALLBACK_DATETIME_FORMAT.format(-n, unit);
 }
		`@ -0,0 +1 @@`
							Forgejo Actions workflows are verified with a YAML schema and common errors such as using an incorrect context (e.g. `${{ badcontext.FORGEJO_REPOSITORY }}`) or a typo in a required keyword (e.g. `ruins-on:` instead of `runs-on:`) will be reported in the action page and the web page that displays the file in the repository. It is recommended to verify existing workflows are successfully verified prior to upgrading, [as explained in the Forgejo runner release notes](https://code.forgejo.org/forgejo/runner/src/branch/main/RELEASE-NOTES.md#8-0-0).