Fix embedded Postgres configuration and initialization order

Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>
Fix trailing whitespace in code review feedback
2026-02-28 09:10:57 +01:00 · 2026-02-06 01:48:00 +00:00 · 2026-02-06 01:32:05 +00:00 · 2026-02-06 01:29:34 +00:00 · 2026-02-06 01:29:19 +00:00 · 2026-02-06 01:18:32 +00:00
50 changed files with 534 additions and 491 deletions
--- a/.claude/commands/ghsa.md
+++ b/.claude/commands/ghsa.md
@@ -1,13 +0,0 @@
-Analyze and help fix the GitHub Security Advisory (GHSA) at: $ARGUMENTS
-
-Steps:
-1. Fetch the GHSA page using `gh api repos/gogs/gogs/security-advisories` and understand the vulnerability details (description, severity, affected versions, CWE).
-2. Verify the reported vulnerability actually exists, and why.
-3. Identify the affected code in this repository.
-4. Propose a fix with a clear explanation of the root cause and how the fix addresses it. Check for prior art in the codebase to stay consistent with existing patterns.
-5. Implement the fix. Only add tests when there is something meaningful to test at our layer.
-6. Run all the usual build and test commands.
-7. If a changelog entry is warranted (user will specify), add it to CHANGELOG.md with a placeholder for the PR link.
-8. Create a branch named after the GHSA ID, commit, and push.
-9. Create a pull request with a proper title and description, do not reveal too much detail and link the GHSA.
-10. If a changelog entry was added, update it with the PR link, then commit and push again.
--- a/.github/ISSUE_TEMPLATE/dev_release_minor_version.md
+++ b/.github/ISSUE_TEMPLATE/dev_release_minor_version.md
@@ -22,16 +22,14 @@ On the `main` branch:

 On the release branch:

- [ ] [Update the hard-coded version](https://github.com/gogs/gogs/commit/f17e7d5a2c36c52a1121d2315f3d75dcd8053b89) to the current release, e.g. `0.14.0+dev` -> `0.14.0`.
+- [ ] [Update the hard-coded version](https://github.com/gogs/gogs/commit/f0e3cd90f8d7695960eeef2e4e54b2e717302f6c) to the current release, e.g. `0.14.0+dev` -> `0.14.0`.
 - [ ] Wait for GitHub Actions to complete and no failed jobs.
- [ ] Publish new RC releases (e.g. `v0.14.0-rc.1`, `v0.14.0-rc.2`) to ensure Docker and release workflows both succeed.
-	- ⚠️ **Make sure the tag is created on the release branch**.
+- [ ] Publish new RC releases (e.g. `v0.14.0-rc.1`, `v0.14.0-rc.2`) ⚠️ **on the release branch** ⚠️ and ensure Docker and release workflows both succeed.
 	- [ ] Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
 	- [ ] Download one of the release archives and run through application setup to make sure nothing blows up.
- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current minor release.
-	- ⚠️ **Make sure the tag is created on the release branch**.
- [ ] [Wait for a new image tag for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
- [ ] [Push a new Docker image tag](https://github.com/gogs/gogs/blob/main/docs/dev/release/release_new_version.md#update-docker-image-tag) as `<MAJOR>.<MINOR>` to both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs), e.g.:
+- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) ⚠️ **on the release branch** ⚠️ with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current minor release.
+- [ ] [Wait for new image tags for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
+	- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
 - [ ] Download all release archives and [generate SHA256 checksum](https://github.com/gogs/gogs/blob/main/docs/dev/release/sha256.sh) for all binaries to the file `checksum_sha256.txt`.
 - [ ] Upload all archives and `checksum_sha256.txt` to https://dl.gogs.io.

@@ -39,7 +37,6 @@ On the release branch:

 On the `main` branch:

- [ ] Publish [GitHub security advisories](https://github.com/gogs/gogs/security) for security patches included in the release.
 - [ ] Update the repository mirror on [Gitee](https://gitee.com/unknwon/gogs).
 - [ ] Create a new release announcement in [Discussions](https://github.com/gogs/gogs/discussions/categories/announcements).
 - [ ] Send a tweet on the [official Twitter account](https://twitter.com/GogsHQ) for the minor release.
--- a/.github/ISSUE_TEMPLATE/dev_release_patch_version.md
+++ b/.github/ISSUE_TEMPLATE/dev_release_patch_version.md
@@ -22,19 +22,16 @@ On the release branch:

 - [ ] [Update the hard-coded version](https://github.com/gogs/gogs/commit/f0e3cd90f8d7695960eeef2e4e54b2e717302f6c) to the current release, e.g. `0.12.0` -> `0.12.1`.
 - [ ] Wait for GitHub Actions to complete and no failed jobs.
- [ ] Publish new RC releases in [GitHub release](https://github.com/gogs/gogs/releases) (e.g. `v0.12.0-rc.1`, `v0.12.0-rc.2`) to ensure Docker workflow succeeds.
-	- ⚠️ **Make sure the tag is created on the release branch**.
-	- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
+- [ ] Publish new RC releases in [GitHub release](https://github.com/gogs/gogs/releases) (e.g. `v0.12.0-rc.1`, `v0.12.0-rc.2`) ⚠️ **on the release branch** ⚠️ and ensure Docker workflow succeeds.
+	- [ ] Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
 	- [ ] Download one of the release archives and run through application setup to make sure nothing blows up.
- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current patch release and all previous releases with same minor version.
-	- ⚠️ **Make sure the tag is created on the release branch**.
+- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) ⚠️ **on the release branch** ⚠️ with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current patch release and all previous releases with same minor version.
 - [ ] Update all previous GitHub releases with same minor version with the warning:
 	```
 	**ℹ️ Heads up! There is a new patch release [0.12.1](https://github.com/gogs/gogs/releases/tag/v0.12.1) available, we recommend directly installing or upgrading to that version.**
 	```
- [ ] [Wait for a new image tag for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
+- [ ] [Wait for new image tags for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
 	- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
- [ ] [Update Docker image tag](https://www.notion.so/jcunknwon/Cheatsheet-and-playbooks-c3b053da42114411bd27285cd065b2a6?source=copy_link#1654f105c63f80958d96cd72e2f5df69) for the minor release `<MAJOR>.<MINOR>` on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
 - [ ] Download all release archives and [generate SHA256 checksum](https://github.com/gogs/gogs/blob/main/docs/dev/release/sha256.sh) for all binaries to the file `checksum_sha256.txt`.
 - [ ] Upload all archives and `checksum_sha256.txt` to https://dl.gogs.io.

--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -72,12 +72,10 @@ jobs:
        with:
          go-version: ${{ matrix.go-version }}
      - name: Run tests with coverage
-        run: go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic ./...
-      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        with:
-          file: ./coverage
-          flags: unittests
+        run: |
+          go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic -json ./... > test-report.json
+          go install github.com/mfridman/tparse@latest
+          tparse -all -file=test-report.json
      - name: Send email on failure
        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
        if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
@@ -103,11 +101,6 @@ jobs:
          go-version: ${{ matrix.go-version }}
      - name: Run tests with coverage
        run: go test -shuffle=on -v -coverprofile=coverage -covermode=atomic ./...
-      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        with:
-          file: ./coverage
-          flags: unittests
      - name: Send email on failure
        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
        if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
@@ -142,7 +135,10 @@ jobs:
        with:
          go-version: ${{ matrix.go-version }}
      - name: Run tests with coverage
-        run: go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic ./internal/database/...
+        run: |
+          go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic -json ./internal/database/... > test-report.json
+          go install github.com/mfridman/tparse@latest
+          tparse -all -file=test-report.json
        env:
          GOGS_DATABASE_TYPE: postgres
          PGPORT: 5432
@@ -168,7 +164,10 @@ jobs:
        with:
          go-version: ${{ matrix.go-version }}
      - name: Run tests with coverage
-        run: go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic ./internal/database/...
+        run: |
+          go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic -json ./internal/database/... > test-report.json
+          go install github.com/mfridman/tparse@latest
+          tparse -all -file=test-report.json
        env:
          GOGS_DATABASE_TYPE: mysql
          MYSQL_USER: root
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -50,7 +50,7 @@ jobs:
        id: version
        run: |
          if [ "${{ github.event_name }}" = "release" ]; then
-            echo "version=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
+            echo "version=${{ github.event.release.tag_name }}" | sed 's/version=v/version=/' >> "$GITHUB_OUTPUT"
            echo "release_tag=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
          elif [ "${{ github.event_name }}" = "push" ] && [ "${{ github.ref }}" = "refs/heads/main" ]; then
            echo "version=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
@@ -81,7 +81,7 @@ jobs:
              -X \"gogs.io/gogs/internal/conf.BuildCommit=$(git rev-parse HEAD)\"
            " \
            $TAGS_FLAG \
-            -trimpath -o "$BINARY_NAME"
+            -trimpath -o "$BINARY_NAME" ./cmd/gogs
      - name: Prepare archive contents
        run: |
          mkdir -p dist/gogs
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,19 +4,7 @@ All notable changes to Gogs are documented in this file.

 ## 0.15.0+dev (`main`)

-### Fixed
-
- _Security:_ Cross-repository LFS object overwrite via missing content hash verification. [#8166](https://github.com/gogs/gogs/pull/8166) - [GHSA-gmf8-978x-2fg2](https://github.com/gogs/gogs/security/advisories/GHSA-gmf8-978x-2fg2)
- _Security:_ DOM-based XSS via issue meta selection on the issue page. [#8178](https://github.com/gogs/gogs/pull/8178) - [GHSA-vgjm-2cpf-4g7c](https://github.com/gogs/gogs/security/advisories/GHSA-vgjm-2cpf-4g7c)
- Unable to update files via web editor and API. [#8184](https://github.com/gogs/gogs/pull/8184)
-
-### Removed
-
- Support for passing API access tokens via URL query parameters (`token`, `access_token`). Use the `Authorization` header instead. [#8177](https://github.com/gogs/gogs/pull/8177) - [GHSA-x9p5-w45c-7ffc](https://github.com/gogs/gogs/security/advisories/GHSA-x9p5-w45c-7ffc)
-
- Git clone via the built-in SSH server hangs. [#8132](https://github.com/gogs/gogs/issues/8132)
-
-## 0.14.0
+## 0.14.1

 ### Added

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,9 +2,9 @@

 ## Supported versions

-Only the latest minor version releases are supported (>= 0.13) for accepting vulnerability reports and patching fixes.
+Only the latest minor version releases are supported (e.g., 0.14) for patching vulnerabilities. You can find the latest minor version in the [GitHub releases](https://github.com/gogs/gogs/releases) page. 

-Existing vulnerability reports are being tracked in [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories).
+Existing vulnerability reports are being tracked in [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories). Not all accepted GHSA are published.

 ## Vulnerability lifecycle

--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -24,7 +24,7 @@ tasks:
          -X "{{.PKG_PATH}}.BuildCommit={{.BUILD_COMMIT}}"
        '
        -tags '{{.TAGS}}'
-        -trimpath -o .bin/gogs{{.BINARY_EXT}}
+        -trimpath -o .bin/gogs{{.BINARY_EXT}} ./cmd/gogs
    vars:
      PKG_PATH: gogs.io/gogs/internal/conf
      BUILD_TIME:
@@ -33,7 +33,7 @@ tasks:
        sh: git rev-parse HEAD
    sources:
      - go.mod
-      - gogs.go
+      - cmd/gogs/*.go
      - internal/**/*.go
      - conf/**/*
      - public/**/*
--- a/internal/cmd/admin.go
+++ b/internal/cmd/admin.go
@@ -1,4 +1,4 @@
-package cmd
+package main

 import (
 	"context"
@@ -14,7 +14,7 @@ import (
 )

 var (
-	Admin = cli.Command{
+	adminCommand = cli.Command{
 		Name:  "admin",
 		Usage: "Perform admin operations on command line",
 		Description: `Allow using internal logic of Gogs without hacking into the source code
--- a/internal/cmd/backup.go
+++ b/internal/cmd/backup.go
@@ -1,4 +1,4 @@
-package cmd
+package main

 import (
 	"context"
@@ -20,7 +20,7 @@ import (
 	"gogs.io/gogs/internal/osutil"
 )

-var Backup = cli.Command{
+var backupCommand = cli.Command{
 	Name:  "backup",
 	Usage: "Backup files and database",
 	Description: `Backup dumps and compresses all related files and database into zip file,
--- a/internal/cmd/cert.go
+++ b/internal/cmd/cert.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

-package cmd
+package main

 import (
 	"crypto/ecdsa"
@@ -22,7 +22,7 @@ import (
 	"github.com/urfave/cli"
 )

-var Cert = cli.Command{
+var certCommand = cli.Command{
 	Name:  "cert",
 	Usage: "Generate self-signed certificate",
 	Description: `Generate a self-signed X.509 certificate for a TLS server.
--- a/internal/cmd/cmd.go
+++ b/internal/cmd/cmd.go
@@ -1,4 +1,4 @@
-package cmd
+package main

 import (
 	"time"
@@ -21,7 +21,6 @@ func boolFlag(name, usage string) cli.BoolFlag {
 	}
 }

-//nolint:deadcode,unused
 func intFlag(name string, value int, usage string) cli.IntFlag {
 	return cli.IntFlag{
 		Name:  name,
@@ -30,7 +29,6 @@ func intFlag(name string, value int, usage string) cli.IntFlag {
 	}
 }

-//nolint:deadcode,unused
 func durationFlag(name string, value time.Duration, usage string) cli.DurationFlag {
 	return cli.DurationFlag{
 		Name:  name,
--- a/internal/cmd/hook.go
+++ b/internal/cmd/hook.go
@@ -1,4 +1,4 @@
-package cmd
+package main

 import (
 	"bufio"
@@ -24,7 +24,7 @@ import (
 )

 var (
-	Hook = cli.Command{
+	hookCommand = cli.Command{
 		Name:        "hook",
 		Usage:       "Delegate commands to corresponding Git hooks",
 		Description: "All sub-commands should only be called by Git",
--- a/internal/cmd/import.go
+++ b/internal/cmd/import.go
@@ -1,4 +1,4 @@
-package cmd
+package main

 import (
 	"bufio"
@@ -16,7 +16,7 @@ import (
 )

 var (
-	Import = cli.Command{
+	importCommand = cli.Command{
 		Name:  "import",
 		Usage: "Import portable data as local Gogs data",
 		Description: `Allow user import data from other Gogs installations to local instance
--- a/cmd/gogs/main.go
+++ b/cmd/gogs/main.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 // Gogs is a painless self-hosted Git Service.
 package main

@@ -9,12 +7,11 @@ import (
 	"github.com/urfave/cli"
 	log "unknwon.dev/clog/v2"

-	"gogs.io/gogs/internal/cmd"
 	"gogs.io/gogs/internal/conf"
 )

 func init() {
-	conf.App.Version = "0.14.2"
+	conf.App.Version = "0.15.0+dev"
 }

 func main() {
@@ -23,14 +20,14 @@ func main() {
 	app.Usage = "A painless self-hosted Git service"
 	app.Version = conf.App.Version
 	app.Commands = []cli.Command{
-		cmd.Web,
-		cmd.Serv,
-		cmd.Hook,
-		cmd.Cert,
-		cmd.Admin,
-		cmd.Import,
-		cmd.Backup,
-		cmd.Restore,
+		webCommand,
+		servCommand,
+		hookCommand,
+		certCommand,
+		adminCommand,
+		importCommand,
+		backupCommand,
+		restoreCommand,
 	}
 	if err := app.Run(os.Args); err != nil {
 		log.Fatal("Failed to start application: %v", err)
--- a/internal/cmd/restore.go
+++ b/internal/cmd/restore.go
@@ -1,4 +1,4 @@
-package cmd
+package main

 import (
 	"context"
@@ -18,7 +18,7 @@ import (
 	"gogs.io/gogs/internal/semverutil"
 )

-var Restore = cli.Command{
+var restoreCommand = cli.Command{
 	Name:  "restore",
 	Usage: "Restore files and database from backup",
 	Description: `Restore imports all related files and database from a backup archive.
--- a/internal/cmd/serv.go
+++ b/internal/cmd/serv.go
@@ -1,4 +1,4 @@
-package cmd
+package main

 import (
 	"context"
@@ -21,7 +21,7 @@ const (
 	accessDeniedMessage = "Repository does not exist or you do not have access"
 )

-var Serv = cli.Command{
+var servCommand = cli.Command{
 	Name:        "serv",
 	Usage:       "This command should only be called by SSH shell",
 	Description: `Serv provide access auth for repositories`,
--- a/internal/cmd/web.go
+++ b/internal/cmd/web.go
@@ -1,4 +1,4 @@
-package cmd
+package main

 import (
 	"crypto/tls"
@@ -30,6 +30,7 @@ import (
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/database"
+	"gogs.io/gogs/internal/embeddedpg"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/osutil"
 	"gogs.io/gogs/internal/route"
@@ -45,7 +46,7 @@ import (
 	"gogs.io/gogs/templates"
 )

-var Web = cli.Command{
+var webCommand = cli.Command{
 	Name:  "web",
 	Usage: "Start web server",
 	Description: `Gogs web server is the only thing you need to run,
@@ -54,6 +55,7 @@ and it takes care of all the other things for you`,
 	Flags: []cli.Flag{
 		stringFlag("port, p", "3000", "Temporary port number to prevent conflict"),
 		stringFlag("config, c", "", "Custom configuration file path"),
+		boolFlag("embedded-postgres", "Use embedded PostgreSQL database"),
 	},
 }

@@ -160,7 +162,29 @@ func newMacaron() *macaron.Macaron {
 }

 func runWeb(c *cli.Context) error {
-	err := route.GlobalInit(c.String("config"))
+	// Initialize configuration first to get WorkDir
+	err := conf.Init(c.String("config"))
+	if err != nil {
+		log.Fatal("Failed to initialize configuration: %v", err)
+	}
+	conf.InitLogging(false)
+
+	var localPg *embeddedpg.LocalPostgres
+
+	if c.Bool("embedded-postgres") {
+		localPg = embeddedpg.Initialize(conf.WorkDir())
+		if err := localPg.Launch(); err != nil {
+			log.Fatal("Failed to launch embedded postgres: %v", err)
+		}
+		defer func() {
+			if err := localPg.Shutdown(); err != nil {
+				log.Error("Failed to shutdown embedded postgres: %v", err)
+			}
+		}()
+		localPg.ConfigureGlobalDatabase()
+	}
+
+	err = route.GlobalInit(c.String("config"))
 	if err != nil {
 		log.Fatal("Failed to initialize application: %v", err)
 	}
--- a/codecov.yml
+++ b/codecov.yml
@@ -1,16 +0,0 @@
-coverage:
-  range: "60...95"
-  status:
-    project:
-      default:
-        threshold: 1%
-        informational: true
-    patch:
-      default:
-        only_pulls: true
-        informational: true
-
-comment:
-  layout: 'diff'
-
-github_checks: false
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -279,8 +279,6 @@ ACCESS_CONTROL_ALLOW_ORIGIN =
 STORAGE = local
 ; The root path to store LFS objects on local file system.
 OBJECTS_PATH = data/lfs-objects
-; The path to temporarily store LFS objects during upload verification.
-OBJECTS_TEMP_PATH = data/tmp/lfs-objects

 [attachment]
 ; Whether to enabled upload attachments in general.
--- a/docs-old/admin/lfs.md
+++ b/docs-old/admin/lfs.md
--- a/docs-old/admin/release_strategy.md
+++ b/docs-old/admin/release_strategy.md
--- a/docs-old/dev/database_schema.md
+++ b/docs-old/dev/database_schema.md
@@ -0,0 +1,131 @@
+# Table "access"
+
+```
+ Field  | Column  |   PostgreSQL    |         MySQL         |        SQLite3        
+--------+---------+-----------------+-----------------------+-----------------------
+ ID     | id      | BIGSERIAL       | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT 
+ UserID | user_id | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL      
+ RepoID | repo_id | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL      
+ Mode   | mode    | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL      
+
+Primary keys: id
+Indexes: 
+	"access_user_repo_unique" UNIQUE (user_id, repo_id)
+```
+
+# Table "access_token"
+
+```
+    Field    |    Column    |         PostgreSQL          |            MySQL            |           SQLite3           
+-------------+--------------+-----------------------------+-----------------------------+-----------------------------
+ ID          | id           | BIGSERIAL                   | BIGINT AUTO_INCREMENT       | INTEGER AUTOINCREMENT       
+ UserID      | uid          | BIGINT                      | BIGINT                      | INTEGER                     
+ Name        | name         | TEXT                        | LONGTEXT                    | TEXT                        
+ Sha1        | sha1         | VARCHAR(40) UNIQUE          | VARCHAR(40) UNIQUE          | VARCHAR(40) UNIQUE          
+ SHA256      | sha256       | VARCHAR(64) NOT NULL UNIQUE | VARCHAR(64) NOT NULL UNIQUE | VARCHAR(64) NOT NULL UNIQUE 
+ CreatedUnix | created_unix | BIGINT                      | BIGINT                      | INTEGER                     
+ UpdatedUnix | updated_unix | BIGINT                      | BIGINT                      | INTEGER                     
+
+Primary keys: id
+Indexes: 
+	"idx_access_token_user_id" (uid)
+```
+
+# Table "action"
+
+```
+    Field     |     Column     |           PostgreSQL           |             MySQL              |            SQLite3             
+--------------+----------------+--------------------------------+--------------------------------+--------------------------------
+ ID           | id             | BIGSERIAL                      | BIGINT AUTO_INCREMENT          | INTEGER AUTOINCREMENT          
+ UserID       | user_id        | BIGINT                         | BIGINT                         | INTEGER                        
+ OpType       | op_type        | BIGINT                         | BIGINT                         | INTEGER                        
+ ActUserID    | act_user_id    | BIGINT                         | BIGINT                         | INTEGER                        
+ ActUserName  | act_user_name  | TEXT                           | LONGTEXT                       | TEXT                           
+ RepoID       | repo_id        | BIGINT                         | BIGINT                         | INTEGER                        
+ RepoUserName | repo_user_name | TEXT                           | LONGTEXT                       | TEXT                           
+ RepoName     | repo_name      | TEXT                           | LONGTEXT                       | TEXT                           
+ RefName      | ref_name       | TEXT                           | LONGTEXT                       | TEXT                           
+ IsPrivate    | is_private     | BOOLEAN NOT NULL DEFAULT FALSE | BOOLEAN NOT NULL DEFAULT FALSE | NUMERIC NOT NULL DEFAULT FALSE 
+ Content      | content        | TEXT                           | LONGTEXT                       | TEXT                           
+ CreatedUnix  | created_unix   | BIGINT                         | BIGINT                         | INTEGER                        
+
+Primary keys: id
+Indexes: 
+	"idx_action_repo_id" (repo_id)
+	"idx_action_user_id" (user_id)
+```
+
+# Table "email_address"
+
+```
+    Field    |    Column    |           PostgreSQL           |             MySQL              |            SQLite3             
+-------------+--------------+--------------------------------+--------------------------------+--------------------------------
+ ID          | id           | BIGSERIAL                      | BIGINT AUTO_INCREMENT          | INTEGER AUTOINCREMENT          
+ UserID      | uid          | BIGINT NOT NULL                | BIGINT NOT NULL                | INTEGER NOT NULL               
+ Email       | email        | VARCHAR(254) NOT NULL          | VARCHAR(254) NOT NULL          | TEXT NOT NULL                  
+ IsActivated | is_activated | BOOLEAN NOT NULL DEFAULT FALSE | BOOLEAN NOT NULL DEFAULT FALSE | NUMERIC NOT NULL DEFAULT FALSE 
+
+Primary keys: id
+Indexes: 
+	"email_address_user_email_unique" UNIQUE (uid, email)
+	"idx_email_address_user_id" (uid)
+```
+
+# Table "follow"
+
+```
+  Field   |  Column   |   PostgreSQL    |         MySQL         |        SQLite3        
+----------+-----------+-----------------+-----------------------+-----------------------
+ ID       | id        | BIGSERIAL       | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT 
+ UserID   | user_id   | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL      
+ FollowID | follow_id | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL      
+
+Primary keys: id
+Indexes: 
+	"follow_user_follow_unique" UNIQUE (user_id, follow_id)
+```
+
+# Table "lfs_object"
+
+```
+   Field   |   Column   |      PostgreSQL      |        MySQL         |      SQLite3      
+-----------+------------+----------------------+----------------------+-------------------
+ RepoID    | repo_id    | BIGINT               | BIGINT               | INTEGER           
+ OID       | oid        | TEXT                 | VARCHAR(191)         | TEXT              
+ Size      | size       | BIGINT NOT NULL      | BIGINT NOT NULL      | INTEGER NOT NULL  
+ Storage   | storage    | TEXT NOT NULL        | LONGTEXT NOT NULL    | TEXT NOT NULL     
+ CreatedAt | created_at | TIMESTAMPTZ NOT NULL | DATETIME(3) NOT NULL | DATETIME NOT NULL 
+
+Primary keys: repo_id, oid
+```
+
+# Table "login_source"
+
+```
+    Field    |    Column    |    PostgreSQL    |         MySQL         |        SQLite3        
+-------------+--------------+------------------+-----------------------+-----------------------
+ ID          | id           | BIGSERIAL        | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT 
+ Type        | type         | BIGINT           | BIGINT                | INTEGER               
+ Name        | name         | TEXT UNIQUE      | VARCHAR(191) UNIQUE   | TEXT UNIQUE           
+ IsActived   | is_actived   | BOOLEAN NOT NULL | BOOLEAN NOT NULL      | NUMERIC NOT NULL      
+ IsDefault   | is_default   | BOOLEAN          | BOOLEAN               | NUMERIC               
+ Config      | cfg          | TEXT             | TEXT                  | TEXT                  
+ CreatedUnix | created_unix | BIGINT           | BIGINT                | INTEGER               
+ UpdatedUnix | updated_unix | BIGINT           | BIGINT                | INTEGER               
+
+Primary keys: id
+```
+
+# Table "notice"
+
+```
+    Field    |    Column    | PostgreSQL |         MySQL         |        SQLite3        
+-------------+--------------+------------+-----------------------+-----------------------
+ ID          | id           | BIGSERIAL  | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT 
+ Type        | type         | BIGINT     | BIGINT                | INTEGER               
+ Description | description  | TEXT       | TEXT                  | TEXT                  
+ CreatedUnix | created_unix | BIGINT     | BIGINT                | INTEGER               
+
+Primary keys: id
+```
+
--- a/docs-old/dev/import_locale.md
+++ b/docs-old/dev/import_locale.md
@@ -6,7 +6,7 @@
 1. Run the `import` subcommand:

    ```
-    $ ./gogs import locale --source <path to the unzipped directory> --target ./conf/locale
+    $ ./.bin/gogs import locale --source <path to the unzipped directory> --target ./conf/locale
    Locale files has been successfully imported!
    ```

--- a/docs-old/dev/local_development.md
+++ b/docs-old/dev/local_development.md
--- a/docs-old/user/lfs.md
+++ b/docs-old/user/lfs.md
--- a/docs/dev/database_schema.md
+++ b/docs/dev/database_schema.md
@@ -1,131 +0,0 @@
-# Table "access"
-
-```
-  FIELD  | COLUMN  |   POSTGRESQL    |         MYSQL         |        SQLITE3         
---------+---------+-----------------+-----------------------+------------------------
-  ID     | id      | BIGSERIAL       | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT  
-  UserID | user_id | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL       
-  RepoID | repo_id | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL       
-  Mode   | mode    | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL       
-
-Primary keys: id
-Indexes: 
-	"access_user_repo_unique" UNIQUE (user_id, repo_id)
-```
-
-# Table "access_token"
-
-```
-     FIELD    |    COLUMN    |         POSTGRESQL          |            MYSQL            |           SQLITE3            
--------------+--------------+-----------------------------+-----------------------------+------------------------------
-  ID          | id           | BIGSERIAL                   | BIGINT AUTO_INCREMENT       | INTEGER AUTOINCREMENT        
-  UserID      | uid          | BIGINT                      | BIGINT                      | INTEGER                      
-  Name        | name         | TEXT                        | LONGTEXT                    | TEXT                         
-  Sha1        | sha1         | VARCHAR(40) UNIQUE          | VARCHAR(40) UNIQUE          | VARCHAR(40) UNIQUE           
-  SHA256      | sha256       | VARCHAR(64) NOT NULL UNIQUE | VARCHAR(64) NOT NULL UNIQUE | VARCHAR(64) NOT NULL UNIQUE  
-  CreatedUnix | created_unix | BIGINT                      | BIGINT                      | INTEGER                      
-  UpdatedUnix | updated_unix | BIGINT                      | BIGINT                      | INTEGER                      
-
-Primary keys: id
-Indexes: 
-	"idx_access_token_user_id" (uid)
-```
-
-# Table "action"
-
-```
-     FIELD     |     COLUMN     |           POSTGRESQL           |             MYSQL              |            SQLITE3              
---------------+----------------+--------------------------------+--------------------------------+---------------------------------
-  ID           | id             | BIGSERIAL                      | BIGINT AUTO_INCREMENT          | INTEGER AUTOINCREMENT           
-  UserID       | user_id        | BIGINT                         | BIGINT                         | INTEGER                         
-  OpType       | op_type        | BIGINT                         | BIGINT                         | INTEGER                         
-  ActUserID    | act_user_id    | BIGINT                         | BIGINT                         | INTEGER                         
-  ActUserName  | act_user_name  | TEXT                           | LONGTEXT                       | TEXT                            
-  RepoID       | repo_id        | BIGINT                         | BIGINT                         | INTEGER                         
-  RepoUserName | repo_user_name | TEXT                           | LONGTEXT                       | TEXT                            
-  RepoName     | repo_name      | TEXT                           | LONGTEXT                       | TEXT                            
-  RefName      | ref_name       | TEXT                           | LONGTEXT                       | TEXT                            
-  IsPrivate    | is_private     | BOOLEAN NOT NULL DEFAULT FALSE | BOOLEAN NOT NULL DEFAULT FALSE | NUMERIC NOT NULL DEFAULT FALSE  
-  Content      | content        | TEXT                           | LONGTEXT                       | TEXT                            
-  CreatedUnix  | created_unix   | BIGINT                         | BIGINT                         | INTEGER                         
-
-Primary keys: id
-Indexes: 
-	"idx_action_repo_id" (repo_id)
-	"idx_action_user_id" (user_id)
-```
-
-# Table "email_address"
-
-```
-     FIELD    |    COLUMN    |           POSTGRESQL           |             MYSQL              |            SQLITE3              
--------------+--------------+--------------------------------+--------------------------------+---------------------------------
-  ID          | id           | BIGSERIAL                      | BIGINT AUTO_INCREMENT          | INTEGER AUTOINCREMENT           
-  UserID      | uid          | BIGINT NOT NULL                | BIGINT NOT NULL                | INTEGER NOT NULL                
-  Email       | email        | VARCHAR(254) NOT NULL          | VARCHAR(254) NOT NULL          | TEXT NOT NULL                   
-  IsActivated | is_activated | BOOLEAN NOT NULL DEFAULT FALSE | BOOLEAN NOT NULL DEFAULT FALSE | NUMERIC NOT NULL DEFAULT FALSE  
-
-Primary keys: id
-Indexes: 
-	"email_address_user_email_unique" UNIQUE (uid, email)
-	"idx_email_address_user_id" (uid)
-```
-
-# Table "follow"
-
-```
-   FIELD   |  COLUMN   |   POSTGRESQL    |         MYSQL         |        SQLITE3         
-----------+-----------+-----------------+-----------------------+------------------------
-  ID       | id        | BIGSERIAL       | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT  
-  UserID   | user_id   | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL       
-  FollowID | follow_id | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL       
-
-Primary keys: id
-Indexes: 
-	"follow_user_follow_unique" UNIQUE (user_id, follow_id)
-```
-
-# Table "lfs_object"
-
-```
-    FIELD   |   COLUMN   |      POSTGRESQL      |        MYSQL         |      SQLITE3       
------------+------------+----------------------+----------------------+--------------------
-  RepoID    | repo_id    | BIGINT               | BIGINT               | INTEGER            
-  OID       | oid        | TEXT                 | VARCHAR(191)         | TEXT               
-  Size      | size       | BIGINT NOT NULL      | BIGINT NOT NULL      | INTEGER NOT NULL   
-  Storage   | storage    | TEXT NOT NULL        | LONGTEXT NOT NULL    | TEXT NOT NULL      
-  CreatedAt | created_at | TIMESTAMPTZ NOT NULL | DATETIME(3) NOT NULL | DATETIME NOT NULL  
-
-Primary keys: repo_id, oid
-```
-
-# Table "login_source"
-
-```
-     FIELD    |    COLUMN    |    POSTGRESQL    |         MYSQL         |        SQLITE3         
--------------+--------------+------------------+-----------------------+------------------------
-  ID          | id           | BIGSERIAL        | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT  
-  Type        | type         | BIGINT           | BIGINT                | INTEGER                
-  Name        | name         | TEXT UNIQUE      | VARCHAR(191) UNIQUE   | TEXT UNIQUE            
-  IsActived   | is_actived   | BOOLEAN NOT NULL | BOOLEAN NOT NULL      | NUMERIC NOT NULL       
-  IsDefault   | is_default   | BOOLEAN          | BOOLEAN               | NUMERIC                
-  Config      | cfg          | TEXT             | TEXT                  | TEXT                   
-  CreatedUnix | created_unix | BIGINT           | BIGINT                | INTEGER                
-  UpdatedUnix | updated_unix | BIGINT           | BIGINT                | INTEGER                
-
-Primary keys: id
-```
-
-# Table "notice"
-
-```
-     FIELD    |    COLUMN    | POSTGRESQL |         MYSQL         |        SQLITE3         
--------------+--------------+------------+-----------------------+------------------------
-  ID          | id           | BIGSERIAL  | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT  
-  Type        | type         | BIGINT     | BIGINT                | INTEGER                
-  Description | description  | TEXT       | TEXT                  | TEXT                   
-  CreatedUnix | created_unix | BIGINT     | BIGINT                | INTEGER                
-
-Primary keys: id
-```
-
--- a/go.mod
+++ b/go.mod
@@ -6,10 +6,11 @@ require (
 	github.com/Masterminds/semver/v3 v3.4.0
 	github.com/cockroachdb/errors v1.12.0
 	github.com/derision-test/go-mockgen/v2 v2.1.1
-	github.com/editorconfig/editorconfig-core-go/v2 v2.6.3
+	github.com/editorconfig/editorconfig-core-go/v2 v2.6.4
+	github.com/fergusstrange/embedded-postgres v1.33.0
 	github.com/glebarez/go-sqlite v1.21.2
 	github.com/glebarez/sqlite v1.11.0
-	github.com/go-ldap/ldap/v3 v3.4.11
+	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-macaron/binding v1.2.0
 	github.com/go-macaron/cache v0.0.0-20190810181446-10f7c57e2196
 	github.com/go-macaron/captcha v0.2.0
@@ -20,19 +21,19 @@ require (
 	github.com/go-macaron/toolbox v0.0.0-20190813233741-94defb8383c6
 	github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561
 	github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14
-	github.com/gogs/git-module v1.8.7
+	github.com/gogs/git-module v1.8.6
 	github.com/gogs/go-gogs-client v0.0.0-20200128182646-c69cb7680fd4
 	github.com/gogs/go-libravatar v0.0.0-20191106065024-33a75213d0a0
 	github.com/gogs/minwinsvc v0.0.0-20170301035411-95be6356811a
 	github.com/google/go-github v17.0.0+incompatible
+	github.com/inbucket/html2text v1.0.0
 	github.com/issue9/identicon v1.2.1
-	github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43
 	github.com/json-iterator/go v1.1.12
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/msteinert/pam v1.2.0
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	github.com/niklasfasching/go-org v1.9.1
-	github.com/olekukonko/tablewriter v0.0.5
+	github.com/olekukonko/tablewriter v1.1.3
 	github.com/pquerna/otp v1.5.0
 	github.com/prometheus/client_golang v1.23.0
 	github.com/russross/blackfriday v1.6.0
@@ -45,9 +46,9 @@ require (
 	github.com/unknwon/i18n v0.0.0-20190805065654-5c6446a380b6
 	github.com/unknwon/paginater v0.0.0-20170405233947-45e5d631308e
 	github.com/urfave/cli v1.22.17
-	golang.org/x/crypto v0.45.0
-	golang.org/x/net v0.47.0
-	golang.org/x/text v0.31.0
+	golang.org/x/crypto v0.47.0
+	golang.org/x/net v0.48.0
+	golang.org/x/text v0.33.0
 	gopkg.in/DATA-DOG/go-sqlmock.v2 v2.0.0-20180914054222-c19298f520d0
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
@@ -70,6 +71,9 @@ require (
 	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/clipperhouse/displaywidth v0.6.2 // indirect
+	github.com/clipperhouse/stringish v0.1.1 // indirect
+	github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
 	github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b // indirect
 	github.com/cockroachdb/redact v1.1.5 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
@@ -79,7 +83,7 @@ require (
 	github.com/djherbis/buffer v1.2.0 // indirect
 	github.com/djherbis/nio/v3 v3.0.1 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/getsentry/sentry-go v0.27.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
@@ -104,10 +108,10 @@ require (
 	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/lib/pq v1.10.2 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/lib/pq v1.10.9 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.19 // indirect
 	github.com/mattn/go-sqlite3 v1.14.24 // indirect
 	github.com/mcuadros/go-version v0.0.0-20190830083331-035f6764e8d2 // indirect
 	github.com/microsoft/go-mssqldb v0.17.0 // indirect
@@ -115,24 +119,27 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect
+	github.com/olekukonko/errors v1.1.0 // indirect
+	github.com/olekukonko/ll v0.1.4-0.20260115111900-9e59c2286df0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.65.0 // indirect
 	github.com/prometheus/procfs v0.16.1 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
+	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	go.bobheadxi.dev/streamline v1.2.1 // indirect
 	go.opentelemetry.io/otel v1.11.0 // indirect
 	go.opentelemetry.io/otel/trace v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
-	golang.org/x/mod v0.29.0 // indirect
+	golang.org/x/mod v0.31.0 // indirect
 	golang.org/x/sync v0.19.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e // indirect
@@ -145,4 +152,4 @@ require (
 )

 // +heroku goVersion go1.25
-// +heroku install ./
+// +heroku install ./cmd/gogs
--- a/go.sum
+++ b/go.sum
@@ -22,8 +22,8 @@ github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWX
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
-github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
+github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
@@ -41,6 +41,12 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/clipperhouse/displaywidth v0.6.2 h1:ZDpTkFfpHOKte4RG5O/BOyf3ysnvFswpyYrV7z2uAKo=
+github.com/clipperhouse/displaywidth v0.6.2/go.mod h1:R+kHuzaYWFkTm7xoMmK1lFydbci4X2CicfbGstSGg0o=
+github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs=
+github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA=
+github.com/clipperhouse/uax29/v2 v2.3.0 h1:SNdx9DVUqMoBuBoW3iLOj4FQv3dN5mDtuqwuhIGpJy4=
+github.com/clipperhouse/uax29/v2 v2.3.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g=
 github.com/cockroachdb/errors v1.12.0 h1:d7oCs6vuIMUQRVbi6jWWWEJZahLCfJpnJSVobd1/sUo=
 github.com/cockroachdb/errors v1.12.0/go.mod h1:SvzfYNNBshAVbZ8wzNc/UPK3w1vf0dKDUP41ucAIf7g=
 github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b h1:r6VH0faHjZeQy818SGhaone5OnYfxFR/+AzdY3sf5aE=
@@ -79,12 +85,14 @@ github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+m
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/editorconfig/editorconfig-core-go/v2 v2.6.3 h1:XVUp6qW3BIkmM3/1EkrHpa6bL56APOynfXcZEmIgOhs=
-github.com/editorconfig/editorconfig-core-go/v2 v2.6.3/go.mod h1:ThHVc+hqbUsmE1wmK/MASpQEhCleWu1JDJDNhUOMy0c=
+github.com/editorconfig/editorconfig-core-go/v2 v2.6.4 h1:CHwUbBVVyKWRX9kt5A/OtwhYUJB32DrFp9xzmjR6cac=
+github.com/editorconfig/editorconfig-core-go/v2 v2.6.4/go.mod h1:JWRVKHdVW+dkv6F8p+xGCa6a+TyMrqsFbFkSs/aQkrQ=
 github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
+github.com/fergusstrange/embedded-postgres v1.33.0 h1:ka8vmRpm4IDsES7NPXQ/NThAp1fc/f+crcXYjCW7wK0=
+github.com/fergusstrange/embedded-postgres v1.33.0/go.mod h1:w0YvnCgf19o6tskInrOOACtnqfVlOvluz3hlNLY7tRk=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
@@ -101,8 +109,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:h
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
-github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM=
+github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
+github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
@@ -146,8 +154,8 @@ github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561 h1:aBzukfDxQlCTVS0NBU
 github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
 github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14 h1:yXtpJr/LV6PFu4nTLgfjQdcMdzjbqqXMEnHfq0Or6p8=
 github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14/go.mod h1:jPoNZLWDAqA5N3G5amEoiNbhVrmM+ZQEcnQvNQ2KaZk=
-github.com/gogs/git-module v1.8.7 h1:GDyfzB1Z8ytld3LajTfUE4PuIcGcuCHpWB6j8/oD7Tk=
-github.com/gogs/git-module v1.8.7/go.mod h1:IiMSJqi8XH62Kjqjt5Rw8IawSo+DHfM2dDjkSzWLjhs=
+github.com/gogs/git-module v1.8.6 h1:4Io9vWZYQyIjdIPxfKgeYZXnDKNgydc6OZTxII5xCH4=
+github.com/gogs/git-module v1.8.6/go.mod h1:IiMSJqi8XH62Kjqjt5Rw8IawSo+DHfM2dDjkSzWLjhs=
 github.com/gogs/go-gogs-client v0.0.0-20200128182646-c69cb7680fd4 h1:C7NryI/RQhsIWwC2bHN601P1wJKeuQ6U/UCOYTn3Cic=
 github.com/gogs/go-gogs-client v0.0.0-20200128182646-c69cb7680fd4/go.mod h1:fR6z1Ie6rtF7kl/vBYMfgD5/G5B1blui7z426/sj2DU=
 github.com/gogs/go-libravatar v0.0.0-20191106065024-33a75213d0a0 h1:K02vod+sn3M1OOkdqi2tPxN2+xESK4qyITVQ3JkGEv4=
@@ -223,6 +231,8 @@ github.com/hexops/valast v1.4.3 h1:oBoGERMJh6UZdRc6cduE1CTPK+VAdXA59Y1HFgu3sm0=
 github.com/hexops/valast v1.4.3/go.mod h1:Iqx2kLj3Jn47wuXpj3wX40xn6F93QNFBHuiKBerkTGA=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/inbucket/html2text v1.0.0 h1:N5kza++4uBBDJ2Z3KUnTRyPNoBcW+YfOgNiNmNB+sgs=
+github.com/inbucket/html2text v1.0.0/go.mod h1:5TrhXQKGU+LXurODaSm55Y9eXoPBRnYiOz4x2XfUoJU=
 github.com/issue9/assert/v2 v2.0.0 h1:vN7fr70g5ND6zM39tPZk/E4WCyjGMqApmFbujSTmEo0=
 github.com/issue9/assert/v2 v2.0.0/go.mod h1:rKr1eVGzXUhAo2af1thiKAhIA8uiSK9Wyn7mcZ4BzAg=
 github.com/issue9/identicon v1.2.1 h1:9RUq3DcmDJvfXAYZWJDaq/Bi45oS/Fr79W0CazbXNaY=
@@ -239,8 +249,6 @@ github.com/jackc/pgx/v5 v5.6.0 h1:SWJzexBzPL5jb0GEsrPMLIsi/3jOo7RHlzTjcAeDrPY=
 github.com/jackc/pgx/v5 v5.6.0/go.mod h1:DNZ/vlrUnhWCoFGxHAG8U2ljioxukquj7utPDgtQdTw=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
-github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43 h1:jTkyeF7NZ5oIr0ESmcrpiDgAfoidCBF4F5kJhjtaRwE=
-github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk=
 github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
@@ -282,24 +290,19 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8=
-github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lunny/log v0.0.0-20160921050905-7887c61bf0de/go.mod h1:3q8WtuPQsoRbatJuy3nvq/hRSvuBJrHHr+ybPPiNvHQ=
 github.com/lunny/nodb v0.0.0-20160621015157-fc1ef06ad4af/go.mod h1:Cqz6pqow14VObJ7peltM+2n3PWOz7yTrfUuGbVFkzN0=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
-github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw=
+github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
 github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
@@ -334,8 +337,14 @@ github.com/niklasfasching/go-org v1.9.1/go.mod h1:ZAGFFkWvUQcpazmi/8nHqwvARpr1xp
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
-github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 h1:zrbMGy9YXpIeTnGj4EljqMiZsIcE09mmF8XsD5AYOJc=
+github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6/go.mod h1:rEKTHC9roVVicUIfZK7DYrdIoM0EOr8mK1Hj5s3JjH0=
+github.com/olekukonko/errors v1.1.0 h1:RNuGIh15QdDenh+hNvKrJkmxxjV4hcS50Db478Ou5sM=
+github.com/olekukonko/errors v1.1.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
+github.com/olekukonko/ll v0.1.4-0.20260115111900-9e59c2286df0 h1:jrYnow5+hy3WRDCBypUFvVKNSPPCdqgSXIE9eJDD8LM=
+github.com/olekukonko/ll v0.1.4-0.20260115111900-9e59c2286df0/go.mod h1:b52bVQRRPObe+yyBl0TxNfhesL0nedD4Cht0/zx55Ew=
+github.com/olekukonko/tablewriter v1.1.3 h1:VSHhghXxrP0JHl+0NnKid7WoEmd9/urKRJLysb70nnA=
+github.com/olekukonko/tablewriter v1.1.3/go.mod h1:9VU0knjhmMkXjnMKrZ3+L2JhhtsQ/L38BbL3CRNE8tM=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -388,8 +397,6 @@ github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlT
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
@@ -451,6 +458,8 @@ github.com/unknwon/paginater v0.0.0-20170405233947-45e5d631308e h1:Qf3QQl/zmEbWD
 github.com/unknwon/paginater v0.0.0-20170405233947-45e5d631308e/go.mod h1:TBwoao3Q4Eb/cp+dHbXDfRTrZSsj/k7kLr2j1oWRWC0=
 github.com/urfave/cli v1.22.17 h1:SYzXoiPfQjHBbkYxbew5prZHS1TOLT3ierW8SYLqtVQ=
 github.com/urfave/cli v1.22.17/go.mod h1:b0ht0aqgH/6pBYzzxURyrM4xXNgsoT/n2ZzwQiEhNVo=
+github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
+github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
@@ -477,8 +486,8 @@ golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
@@ -487,8 +496,8 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
-golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -509,8 +518,8 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT
 golang.org/x/net v0.0.0-20210610132358-84b48f89b13b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -538,8 +547,6 @@ golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -548,26 +555,24 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220224120231-95c6836cb0e7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
-golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
+golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -581,8 +586,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/internal/conf/conf.go
+++ b/internal/conf/conf.go
@@ -346,7 +346,6 @@ func Init(customConf string) error {
 		return errors.Wrap(err, "mapping [lfs] section")
 	}
 	LFS.ObjectsPath = ensureAbs(LFS.ObjectsPath)
-	LFS.ObjectsTempPath = ensureAbs(LFS.ObjectsTempPath)

 	handleDeprecated()
 	if !HookMode {
--- a/internal/conf/static.go
+++ b/internal/conf/static.go
@@ -231,7 +231,7 @@ var (
 )

 type AppOpts struct {
-	// ⚠️ WARNING: Should only be set by the main package (i.e. "gogs.go").
+	// ⚠️ WARNING: Should only be set by the main package (i.e. "cmd/gogs/main.go").
 	Version string `ini:"-"`

 	BrandName string
@@ -361,9 +361,8 @@ type DatabaseOpts struct {
 var Database DatabaseOpts

 type LFSOpts struct {
-	Storage         string
-	ObjectsPath     string
-	ObjectsTempPath string
+	Storage     string
+	ObjectsPath string
 }

 // LFS settings
@@ -437,8 +436,6 @@ func handleDeprecated() {

 // checkInvalidOptions checks invalid (renamed/deleted) configuration sections
 // and options and returns a list of warnings.
-//
-// LEGACY [0.15]: Delete this function.
 func checkInvalidOptions(config *ini.File) (warnings []string) {
 	renamedSections := map[string]string{
 		"mailer":  "email",
@@ -455,18 +452,8 @@ func checkInvalidOptions(config *ini.File) (warnings []string) {
 		option  string
 	}
 	renamedOptionPaths := map[optionPath]optionPath{
-		{"security", "REVERSE_PROXY_AUTHENTICATION_USER"}: {"auth", "REVERSE_PROXY_AUTHENTICATION_HEADER"},
-		{"auth", "ACTIVE_CODE_LIVE_MINUTES"}:              {"auth", "ACTIVATE_CODE_LIVES"},
-		{"auth", "RESET_PASSWD_CODE_LIVE_MINUTES"}:        {"auth", "RESET_PASSWORD_CODE_LIVES"},
-		{"auth", "ENABLE_CAPTCHA"}:                        {"auth", "ENABLE_REGISTRATION_CAPTCHA"},
-		{"auth", "ENABLE_NOTIFY_MAIL"}:                    {"user", "ENABLE_EMAIL_NOTIFICATION"},
-		{"auth", "REGISTER_EMAIL_CONFIRM"}:                {"auth", "REQUIRE_EMAIL_CONFIRMATION"},
-		{"session", "GC_INTERVAL_TIME"}:                   {"session", "GC_INTERVAL"},
-		{"session", "SESSION_LIFE_TIME"}:                  {"session", "MAX_LIFE_TIME"},
-		{"server", "ROOT_URL"}:                            {"server", "EXTERNAL_URL"},
-		{"server", "LANDING_PAGE"}:                        {"server", "LANDING_URL"},
-		{"database", "DB_TYPE"}:                           {"database", "TYPE"},
-		{"database", "PASSWD"}:                            {"database", "PASSWORD"},
+		// Example:
+		// {"security", "REVERSE_PROXY_AUTHENTICATION_USER"}: {"auth", "REVERSE_PROXY_AUTHENTICATION_HEADER"},
 	}
 	for oldPath, newPath := range renamedOptionPaths {
 		if config.Section(oldPath.section).HasKey(oldPath.option) {
@@ -515,7 +502,7 @@ func checkInvalidOptions(config *ini.File) (warnings []string) {
 // HookMode indicates whether program starts as Git server-side hook callback.
 // All operations should be done synchronously to prevent program exits before finishing.
 //
-// ⚠️ WARNING: Should only be set by "internal/cmd/serv.go".
+// ⚠️ WARNING: Should only be set by "cmd/gogs/serv.go".
 var HookMode bool

 // Indicates which database backend is currently being used.
--- a/internal/conf/static_test.go
+++ b/internal/conf/static_test.go
@@ -54,20 +54,20 @@ func TestCheckInvalidOptions(t *testing.T) {
 	_, _ = cfg.Section("server").NewKey("NONEXISTENT_OPTION", "true")

 	wantWarnings := []string{
-		"option [auth] ACTIVE_CODE_LIVE_MINUTES is invalid, use [auth] ACTIVATE_CODE_LIVES instead",
-		"option [auth] ENABLE_CAPTCHA is invalid, use [auth] ENABLE_REGISTRATION_CAPTCHA instead",
-		"option [auth] ENABLE_NOTIFY_MAIL is invalid, use [user] ENABLE_EMAIL_NOTIFICATION instead",
-		"option [auth] REGISTER_EMAIL_CONFIRM is invalid, use [auth] REQUIRE_EMAIL_CONFIRMATION instead",
-		"option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is invalid, use [auth] RESET_PASSWORD_CODE_LIVES instead",
-		"option [database] DB_TYPE is invalid, use [database] TYPE instead",
-		"option [database] PASSWD is invalid, use [database] PASSWORD instead",
-		"option [security] REVERSE_PROXY_AUTHENTICATION_USER is invalid, use [auth] REVERSE_PROXY_AUTHENTICATION_HEADER instead",
-		"option [session] GC_INTERVAL_TIME is invalid, use [session] GC_INTERVAL instead",
-		"option [session] SESSION_LIFE_TIME is invalid, use [session] MAX_LIFE_TIME instead",
+		"option [auth] ACTIVE_CODE_LIVE_MINUTES is invalid",
+		"option [auth] ENABLE_CAPTCHA is invalid",
+		"option [auth] ENABLE_NOTIFY_MAIL is invalid",
+		"option [auth] REGISTER_EMAIL_CONFIRM is invalid",
+		"option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is invalid",
+		"option [database] DB_TYPE is invalid",
+		"option [database] PASSWD is invalid",
+		"option [security] REVERSE_PROXY_AUTHENTICATION_USER is invalid",
+		"option [session] GC_INTERVAL_TIME is invalid",
+		"option [session] SESSION_LIFE_TIME is invalid",
 		"section [mailer] is invalid, use [email] instead",
 		"section [service] is invalid, use [auth] instead",
-		"option [server] ROOT_URL is invalid, use [server] EXTERNAL_URL instead",
-		"option [server] LANDING_PAGE is invalid, use [server] LANDING_URL instead",
+		"option [server] ROOT_URL is invalid",
+		"option [server] LANDING_PAGE is invalid",
 		"option [server] NONEXISTENT_OPTION is invalid",
 	}

--- a/internal/context/auth.go
+++ b/internal/context/auth.go
@@ -146,12 +146,18 @@ func authenticatedUserID(store AuthStore, c *macaron.Context, sess session.Store

 	// Check access token.
 	if isAPIPath(c.Req.URL.Path) {
-		var tokenSHA string
-		auHead := c.Req.Header.Get("Authorization")
-		if auHead != "" {
-			auths := strings.Fields(auHead)
-			if len(auths) == 2 && auths[0] == "token" {
-				tokenSHA = auths[1]
+		tokenSHA := c.Query("token")
+		if len(tokenSHA) <= 0 {
+			tokenSHA = c.Query("access_token")
+		}
+		if tokenSHA == "" {
+			// Well, check with header again.
+			auHead := c.Req.Header.Get("Authorization")
+			if len(auHead) > 0 {
+				auths := strings.Fields(auHead)
+				if len(auths) == 2 && auths[0] == "token" {
+					tokenSHA = auths[1]
+				}
 			}
 		}

--- a/internal/database/release.go
+++ b/internal/database/release.go
@@ -14,6 +14,7 @@ import (
 	api "github.com/gogs/go-gogs-client"

 	"gogs.io/gogs/internal/errutil"
+	"gogs.io/gogs/internal/process"
 )

 // Release represents a release of repository.
@@ -358,13 +359,11 @@ func DeleteReleaseOfRepoByID(repoID, id int64) error {
 		return errors.Newf("GetRepositoryByID: %v", err)
 	}

-	gitRepo, err := git.Open(repo.RepoPath())
-	if err != nil {
-		return errors.Newf("open repository: %v", err)
-	}
-	err = gitRepo.DeleteTag(rel.TagName)
-	if err != nil && !strings.Contains(err.Error(), "not found") {
-		return errors.Newf("delete tag: %v", err)
+	_, stderr, err := process.ExecDir(-1, repo.RepoPath(),
+		fmt.Sprintf("DeleteReleaseByID (git tag -d): %d", rel.ID),
+		"git", "tag", "-d", rel.TagName)
+	if err != nil && !strings.Contains(stderr, "not found") {
+		return errors.Newf("git tag -d: %v - %s", err, stderr)
 	}

 	if _, err = x.Id(rel.ID).Delete(new(Release)); err != nil {
--- a/internal/database/repo.go
+++ b/internal/database/repo.go
@@ -158,7 +158,6 @@ func NewRepoContext() {
 	}

 	RemoveAllWithNotice("Clean up repository temporary data", filepath.Join(conf.Server.AppDataPath, "tmp"))
-	RemoveAllWithNotice("Clean up LFS temporary data", conf.LFS.ObjectsTempPath)
 }

 // Repository contains information of a repository.
--- a/internal/database/schemadoc/main.go
+++ b/internal/database/schemadoc/main.go
@@ -10,6 +10,8 @@ import (
 	"github.com/cockroachdb/errors"
 	"github.com/glebarez/sqlite"
 	"github.com/olekukonko/tablewriter"
+	"github.com/olekukonko/tablewriter/renderer"
+	"github.com/olekukonko/tablewriter/tw"
 	"gopkg.in/DATA-DOG/go-sqlmock.v2"
 	"gorm.io/driver/mysql"
 	"gorm.io/driver/postgres"
@@ -61,20 +63,25 @@ func main() {

 		_, _ = w.WriteString("```\n")

-		table := tablewriter.NewWriter(w)
-		table.SetHeader([]string{"Field", "Column", "PostgreSQL", "MySQL", "SQLite3"})
-		table.SetBorder(false)
+		table := tablewriter.NewTable(w,
+			tablewriter.WithRenderer(renderer.NewBlueprint(tw.Rendition{
+				Borders: tw.BorderNone,
+				Symbols: tw.NewSymbols(tw.StyleASCII),
+			})),
+			tablewriter.WithHeaderAutoFormat(tw.Off),
+		)
+		table.Header("Field", "Column", "PostgreSQL", "MySQL", "SQLite3")
 		for j, f := range ti.Fields {
 			sqlite3Type := strings.ToUpper(collected[2][i].Fields[j].Type)
 			sqlite3Type = strings.ReplaceAll(sqlite3Type, "PRIMARY KEY ", "")
-			table.Append([]string{
+			_ = table.Append([]string{
 				f.Name, f.Column,
 				strings.ToUpper(f.Type),                         // PostgreSQL
 				strings.ToUpper(collected[1][i].Fields[j].Type), // MySQL
 				sqlite3Type,
 			})
 		}
-		table.Render()
+		_ = table.Render()
 		_, _ = w.WriteString("\n")

 		_, _ = w.WriteString("Primary keys: ")
--- a/internal/email/message.go
+++ b/internal/email/message.go
@@ -10,7 +10,7 @@ import (
 	"time"

 	"github.com/cockroachdb/errors"
-	"github.com/jaytaylor/html2text"
+	"github.com/inbucket/html2text"
 	"gopkg.in/gomail.v2"
 	log "unknwon.dev/clog/v2"

--- a/internal/embeddedpg/embeddedpg.go
+++ b/internal/embeddedpg/embeddedpg.go
@@ -0,0 +1,92 @@
+package embeddedpg
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/cockroachdb/errors"
+	embpg "github.com/fergusstrange/embedded-postgres"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/conf"
+)
+
+// LocalPostgres wraps embedded PostgreSQL server functionality.
+type LocalPostgres struct {
+	srv      *embpg.EmbeddedPostgres
+	baseDir  string
+	tcpPort  uint32
+	database string
+	user     string
+	pass     string
+}
+
+// Initialize creates a LocalPostgres with default settings based on workDir.
+func Initialize(workDir string) *LocalPostgres {
+	storageBase := filepath.Join(workDir, "data", "local-postgres")
+	return &LocalPostgres{
+		baseDir:  storageBase,
+		tcpPort:  15432,
+		database: "gogs",
+		user:     "gogs",
+		pass:     "gogs",
+	}
+}
+
+// Launch starts the embedded PostgreSQL server and blocks until ready.
+func (pg *LocalPostgres) Launch() error {
+	log.Info("Launching local PostgreSQL server...")
+	log.Trace("Base directory: %s", pg.baseDir)
+
+	// Create base directory
+	if err := os.MkdirAll(pg.baseDir, 0o700); err != nil {
+		return errors.Wrap(err, "mkdir local postgres base")
+	}
+
+	opts := embpg.DefaultConfig().
+		Username(pg.user).
+		Password(pg.pass).
+		Database(pg.database).
+		Port(pg.tcpPort).
+		DataPath(pg.baseDir).
+		StartTimeout(45 * time.Second).
+		Logger(os.Stderr)
+
+	pg.srv = embpg.NewDatabase(opts)
+
+	if err := pg.srv.Start(); err != nil {
+		return errors.Wrap(err, "launch embedded pg")
+	}
+
+	log.Info("Local PostgreSQL ready on port %d", pg.tcpPort)
+	return nil
+}
+
+// Shutdown stops the embedded PostgreSQL server gracefully.
+func (pg *LocalPostgres) Shutdown() error {
+	if pg.srv == nil {
+		return nil
+	}
+
+	log.Info("Shutting down local PostgreSQL...")
+	if err := pg.srv.Stop(); err != nil {
+		return errors.Wrap(err, "shutdown embedded pg")
+	}
+
+	log.Info("Local PostgreSQL shutdown complete")
+	return nil
+}
+
+// ConfigureGlobalDatabase modifies global conf.Database to point to this instance.
+func (pg *LocalPostgres) ConfigureGlobalDatabase() {
+	conf.Database.Type = "postgres"
+	conf.Database.Host = fmt.Sprintf("localhost:%d", pg.tcpPort)
+	conf.Database.Name = pg.database
+	conf.Database.User = pg.user
+	conf.Database.Password = pg.pass
+	conf.Database.SSLMode = "disable"
+
+	log.Trace("Global database configured for local PostgreSQL")
+}
--- a/internal/embeddedpg/embeddedpg_test.go
+++ b/internal/embeddedpg/embeddedpg_test.go
@@ -0,0 +1,28 @@
+package embeddedpg
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestInitialize(t *testing.T) {
+	workDir := "/tmp/gogs-test"
+	pg := Initialize(workDir)
+
+	assert.NotNil(t, pg)
+	assert.Equal(t, filepath.Join(workDir, "data", "local-postgres"), pg.baseDir)
+	assert.Equal(t, uint32(15432), pg.tcpPort)
+	assert.Equal(t, "gogs", pg.database)
+	assert.Equal(t, "gogs", pg.user)
+	assert.Equal(t, "gogs", pg.pass)
+}
+
+func TestShutdownWithoutStart(t *testing.T) {
+	pg := Initialize("/tmp/gogs-test")
+
+	// Should not error when stopping a non-started instance
+	err := pg.Shutdown()
+	assert.NoError(t, err)
+}
--- a/internal/lfsutil/storage.go
+++ b/internal/lfsutil/storage.go
@@ -1,8 +1,6 @@
 package lfsutil

 import (
-	"crypto/sha256"
-	"encoding/hex"
 	"io"
 	"os"
 	"path/filepath"
@@ -12,10 +10,7 @@ import (
 	"gogs.io/gogs/internal/osutil"
 )

-var (
-	ErrObjectNotExist = errors.New("object does not exist")
-	ErrOIDMismatch    = errors.New("content hash does not match OID")
-)
+var ErrObjectNotExist = errors.New("Object does not exist")

 // Storager is an storage backend for uploading and downloading LFS objects.
 type Storager interface {
@@ -44,8 +39,6 @@ var _ Storager = (*LocalStorage)(nil)
 type LocalStorage struct {
 	// The root path for storing LFS objects.
 	Root string
-	// The path for storing temporary files during upload verification.
-	TempDir string
 }

 func (*LocalStorage) Storage() Storage {
@@ -65,50 +58,29 @@ func (s *LocalStorage) Upload(oid OID, rc io.ReadCloser) (int64, error) {
 		return 0, ErrInvalidOID
 	}

+	var err error
 	fpath := s.storagePath(oid)
-	dir := filepath.Dir(fpath)
+	defer func() {
+		rc.Close()

-	defer rc.Close()
+		if err != nil {
+			_ = os.Remove(fpath)
+		}
+	}()

-	if err := os.MkdirAll(dir, os.ModePerm); err != nil {
+	err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm)
+	if err != nil {
 		return 0, errors.Wrap(err, "create directories")
 	}
-
-	// If the object file already exists, skip the upload and return the
-	// existing file's size.
-	if fi, err := os.Stat(fpath); err == nil {
-		_, _ = io.Copy(io.Discard, rc)
-		return fi.Size(), nil
-	}
-
-	// Write to a temp file and verify the content hash before publishing.
-	// This ensures the final path always contains a complete, hash-verified
-	// file, even when concurrent uploads of the same OID race.
-	if err := os.MkdirAll(s.TempDir, os.ModePerm); err != nil {
-		return 0, errors.Wrap(err, "create temp directory")
-	}
-	tmp, err := os.CreateTemp(s.TempDir, "upload-*")
+	w, err := os.Create(fpath)
 	if err != nil {
-		return 0, errors.Wrap(err, "create temp file")
+		return 0, errors.Wrap(err, "create file")
 	}
-	tmpPath := tmp.Name()
-	defer os.Remove(tmpPath)
+	defer w.Close()

-	hash := sha256.New()
-	written, err := io.Copy(tmp, io.TeeReader(rc, hash))
-	if closeErr := tmp.Close(); err == nil && closeErr != nil {
-		err = closeErr
-	}
+	written, err := io.Copy(w, rc)
 	if err != nil {
-		return 0, errors.Wrap(err, "write object file")
-	}
-
-	if computed := hex.EncodeToString(hash.Sum(nil)); computed != string(oid) {
-		return 0, ErrOIDMismatch
-	}
-
-	if err := os.Rename(tmpPath, fpath); err != nil && !os.IsExist(err) {
-		return 0, errors.Wrap(err, "publish object file")
+		return 0, errors.Wrap(err, "copy file")
 	}
 	return written, nil
 }
--- a/internal/lfsutil/storage_test.go
+++ b/internal/lfsutil/storage_test.go
@@ -10,9 +10,6 @@ import (
 	"testing"

 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	"gogs.io/gogs/internal/osutil"
 )

 func TestLocalStorage_storagePath(t *testing.T) {
@@ -49,54 +46,50 @@ func TestLocalStorage_storagePath(t *testing.T) {
 }

 func TestLocalStorage_Upload(t *testing.T) {
-	base := t.TempDir()
 	s := &LocalStorage{
-		Root:    filepath.Join(base, "lfs-objects"),
-		TempDir: filepath.Join(base, "tmp", "lfs"),
+		Root: filepath.Join(os.TempDir(), "lfs-objects"),
 	}
-
-	const helloWorldOID = OID("c0535e4be2b79ffd93291305436bf889314e4a3faec05ecffcbb7df31ad9e51a") // "Hello world!"
-
-	t.Run("invalid OID", func(t *testing.T) {
-		written, err := s.Upload("bad_oid", io.NopCloser(strings.NewReader("")))
-		assert.Equal(t, int64(0), written)
-		assert.Equal(t, ErrInvalidOID, err)
+	t.Cleanup(func() {
+		_ = os.RemoveAll(s.Root)
 	})

-	t.Run("valid OID", func(t *testing.T) {
-		written, err := s.Upload(helloWorldOID, io.NopCloser(strings.NewReader("Hello world!")))
-		require.NoError(t, err)
-		assert.Equal(t, int64(12), written)
-	})
+	tests := []struct {
+		name       string
+		oid        OID
+		content    string
+		expWritten int64
+		expErr     error
+	}{
+		{
+			name:   "invalid oid",
+			oid:    "bad_oid",
+			expErr: ErrInvalidOID,
+		},

-	t.Run("valid OID but wrong content", func(t *testing.T) {
-		oid := OID("ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f")
-		written, err := s.Upload(oid, io.NopCloser(strings.NewReader("Hello world!")))
-		assert.Equal(t, int64(0), written)
-		assert.Equal(t, ErrOIDMismatch, err)
-
-		// File should have been cleaned up.
-		assert.False(t, osutil.IsFile(s.storagePath(oid)))
-	})
-
-	t.Run("duplicate upload returns existing size", func(t *testing.T) {
-		written, err := s.Upload(helloWorldOID, io.NopCloser(strings.NewReader("should be ignored")))
-		require.NoError(t, err)
-		assert.Equal(t, int64(12), written)
-
-		// Verify original content is preserved.
-		var buf bytes.Buffer
-		err = s.Download(helloWorldOID, &buf)
-		require.NoError(t, err)
-		assert.Equal(t, "Hello world!", buf.String())
-	})
+		{
+			name:       "valid oid",
+			oid:        "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f",
+			content:    "Hello world!",
+			expWritten: 12,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			written, err := s.Upload(test.oid, io.NopCloser(strings.NewReader(test.content)))
+			assert.Equal(t, test.expWritten, written)
+			assert.Equal(t, test.expErr, err)
+		})
+	}
 }

 func TestLocalStorage_Download(t *testing.T) {
 	oid := OID("ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f")
 	s := &LocalStorage{
-		Root: filepath.Join(t.TempDir(), "lfs-objects"),
+		Root: filepath.Join(os.TempDir(), "lfs-objects"),
 	}
+	t.Cleanup(func() {
+		_ = os.RemoveAll(s.Root)
+	})

 	fpath := s.storagePath(oid)
 	err := os.MkdirAll(filepath.Dir(fpath), os.ModePerm)
--- a/internal/markup/sanitizer.go
+++ b/internal/markup/sanitizer.go
@@ -1,8 +1,6 @@
 package markup

 import (
-	"net/url"
-	"strings"
 	"sync"

 	"github.com/microcosm-cc/bluemonday"
@@ -34,28 +32,14 @@ func NewSanitizer() {
 		sanitizer.policy.AllowAttrs("type").Matching(lazyregexp.New(`^checkbox$`).Regexp()).OnElements("input")
 		sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input")

-		// Only allow data URIs with safe image MIME types to prevent XSS via
-		// "data:text/html" payloads.
-		sanitizer.policy.AllowURLSchemeWithCustomPolicy("data", isSafeDataURI)
+		// Data URLs
+		sanitizer.policy.AllowURLSchemes("data")

 		// Custom URL-Schemes
 		sanitizer.policy.AllowURLSchemes(conf.Markdown.CustomURLSchemes...)
 	})
 }

-// isSafeDataURI returns whether the given data URI uses a safe image MIME type.
-func isSafeDataURI(u *url.URL) bool {
-	// The opaque data of a data URI has the form "mediatype;base64,data" or
-	// "mediatype,data". We only allow common image MIME types.
-	mediatype, _, _ := strings.Cut(u.Opaque, ";")
-	mediatype, _, _ = strings.Cut(mediatype, ",")
-	switch strings.TrimSpace(strings.ToLower(mediatype)) {
-	case "image/png", "image/jpeg", "image/gif", "image/webp", "image/x-icon":
-		return true
-	}
-	return false
-}
-
 // Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist.
 func Sanitize(s string) string {
 	return sanitizer.policy.Sanitize(s)
--- a/internal/markup/sanitizer_test.go
+++ b/internal/markup/sanitizer_test.go
@@ -26,20 +26,6 @@ func Test_Sanitizer(t *testing.T) {
 		{input: `<input type="hidden">`, expVal: ``},
 		{input: `<input type="checkbox">`, expVal: `<input type="checkbox">`},
 		{input: `<input checked disabled autofocus>`, expVal: `<input checked="" disabled="">`},
-
-		// Data URIs: safe image types should be allowed
-		{input: `<img src="data:image/png;base64,abc">`, expVal: `<img src="data:image/png;base64,abc">`},
-		{input: `<img src="data:image/jpeg;base64,abc">`, expVal: `<img src="data:image/jpeg;base64,abc">`},
-		{input: `<img src="data:image/gif;base64,abc">`, expVal: `<img src="data:image/gif;base64,abc">`},
-		{input: `<img src="data:image/webp;base64,abc">`, expVal: `<img src="data:image/webp;base64,abc">`},
-
-		// Data URIs: text/html must be stripped to prevent XSS (GHSA-xrcr-gmf5-2r8j)
-		{input: `<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=">Click</a>`, expVal: `Click`},
-		{input: `<a href="data:text/html,<script>alert(1)</script>">XSS</a>`, expVal: `XSS`},
-		{input: `<img src="data:text/html;base64,abc">`, expVal: ``},
-
-		// Data URIs: SVG must be stripped (can contain embedded JavaScript)
-		{input: `<img src="data:image/svg+xml;base64,abc">`, expVal: ``},
 	}
 	for _, test := range tests {
 		t.Run(test.input, func(t *testing.T) {
--- a/internal/route/lfs/basic.go
+++ b/internal/route/lfs/basic.go
@@ -91,7 +91,7 @@ func (h *basicHandler) serveUpload(c *macaron.Context, repo *database.Repository
 	s := h.DefaultStorager()
 	written, err := s.Upload(oid, c.Req.Request.Body)
 	if err != nil {
-		if err == lfsutil.ErrInvalidOID || err == lfsutil.ErrOIDMismatch {
+		if err == lfsutil.ErrInvalidOID {
 			responseJSON(c.Resp, http.StatusBadRequest, responseError{
 				Message: err.Error(),
 			})
@@ -105,8 +105,8 @@ func (h *basicHandler) serveUpload(c *macaron.Context, repo *database.Repository
 	err = h.store.CreateLFSObject(c.Req.Context(), repo.ID, oid, written, s.Storage())
 	if err != nil {
 		// NOTE: It is OK to leave the file when the whole operation failed
-		// with a DB error, a retry on client side will skip the upload as
-		// the file already exists on disk.
+		// with a DB error, a retry on client side can safely overwrite the
+		// same file as OID is seen as unique to every file.
 		internalServerError(c.Resp)
 		log.Error("Failed to create object [repo_id: %d, oid: %s]: %v", repo.ID, oid, err)
 		return
--- a/internal/route/lfs/route.go
+++ b/internal/route/lfs/route.go
@@ -30,7 +30,7 @@ func RegisterRoutes(r *macaron.Router) {
 				store:          store,
 				defaultStorage: lfsutil.Storage(conf.LFS.Storage),
 				storagers: map[lfsutil.Storage]lfsutil.Storager{
-					lfsutil.StorageLocal: &lfsutil.LocalStorage{Root: conf.LFS.ObjectsPath, TempDir: conf.LFS.ObjectsTempPath},
+					lfsutil.StorageLocal: &lfsutil.LocalStorage{Root: conf.LFS.ObjectsPath},
 				},
 			}
 			r.Combo("/:oid", verifyOID()).
--- a/internal/route/repo/view.go
+++ b/internal/route/repo/view.go
@@ -181,7 +181,7 @@ func renderFile(c *context.Context, entry *git.TreeEntry, treeLink, rawLink stri

 			output.Reset()
 			for i := 0; i < len(lines); i++ {
-				fmt.Fprintf(&output, `<span id="L%d">%d</span>`, i+1, i+1)
+				output.WriteString(fmt.Sprintf(`<span id="L%d">%d</span>`, i+1, i+1))
 			}
 			c.Data["LineNums"] = gotemplate.HTML(output.String())
 		}
--- a/public/js/gogs.js
+++ b/public/js/gogs.js
@@ -240,19 +240,29 @@ function initCommentForm() {
      }
      switch (input_id) {
        case "#milestone_id":
-          var $milestoneAnchor = $('<a class="item"></a>');
-          $milestoneAnchor.attr("href", $(this).data("href"));
-          $milestoneAnchor.text($(this).text());
-          $list.find(".selected").empty().append($milestoneAnchor);
+          $list
+            .find(".selected")
+            .html(
+              '<a class="item" href=' +
+                $(this).data("href") +
+                ">" +
+                $(this).text() +
+                "</a>"
+            );
          break;
        case "#assignee_id":
-          var $assigneeAnchor = $('<a class="item"></a>');
-          $assigneeAnchor.attr("href", $(this).data("href"));
-          $assigneeAnchor.append(
-            $('<img class="ui avatar image">').attr("src", $(this).data("avatar"))
-          );
-          $assigneeAnchor.append($("<span></span>").text($(this).text()));
-          $list.find(".selected").empty().append($assigneeAnchor);
+          $list
+            .find(".selected")
+            .html(
+              '<a class="item" href=' +
+                $(this).data("href") +
+                ">" +
+                '<img class="ui avatar image" src=' +
+                $(this).data("avatar") +
+                ">" +
+                $(this).text() +
+                "</a>"
+            );
      }
      $(".ui" + select_id + ".list .no-select").addClass("hide");
      $(input_id).val($(this).data("id"));
--- a/templates/repo/branches/all.tmpl
+++ b/templates/repo/branches/all.tmpl
@@ -14,7 +14,7 @@
 					<div class="ui eleven wide column">
 						{{if .IsProtected}}<i class="octicon octicon-shield"></i> {{end}}<a class="markdown" href="{{$.RepoLink}}/src/{{EscapePound .Name}}"><code>{{.Name}}</code></a>
 						{{$timeSince := TimeSince .Commit.Committer.When $.Lang}}
-						<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .Commit.Committer.Name) | Safe}}</span>
+						<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince .Commit.Committer.Name | Safe}}</span>
 					</div>
 					<div class="ui four wide column">
 						{{if and (and (eq $.BranchName .Name) $.IsRepositoryAdmin) (not $.Repository.IsMirror)}}
--- a/templates/repo/branches/overview.tmpl
+++ b/templates/repo/branches/overview.tmpl
@@ -13,7 +13,7 @@
 				<div class="ui eleven wide column">
 					{{if .DefaultBranch.IsProtected}}<i class="octicon octicon-shield"></i> {{end}}<a class="markdown" href="{{$.RepoLink}}/src/{{EscapePound .DefaultBranch.Name}}"><code>{{.DefaultBranch.Name}}</code></a>
 					{{$timeSince := TimeSince .DefaultBranch.Commit.Committer.When $.Lang}}
-					<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .DefaultBranch.Commit.Committer.Name) | Safe}}</span>
+					<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince .DefaultBranch.Commit.Committer.Name | Safe}}</span>
 				</div>
 				{{if and $.IsRepositoryAdmin (not $.Repository.IsMirror)}}
 					<div class="ui four wide column">
@@ -33,7 +33,7 @@
 						<div class="ui eleven wide column">
 							{{if .IsProtected}}<i class="octicon octicon-shield"></i> {{end}}<a class="markdown" href="{{$.RepoLink}}/src/{{EscapePound .Name}}"><code>{{.Name}}</code></a>
 							{{$timeSince := TimeSince .Commit.Committer.When $.Lang}}
-							<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .Commit.Committer.Name) | Safe}}</span>
+							<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince .Commit.Committer.Name | Safe}}</span>
 						</div>
 						{{if and $.IsRepositoryWriter $.AllowPullRequest}}
 							<div class="ui four wide column">
@@ -55,7 +55,7 @@
 						<div class="ui eleven wide column">
 							{{if .IsProtected}}<i class="octicon octicon-shield"></i> {{end}}<a class="markdown" href="{{$.RepoLink}}/src/{{EscapePound .Name}}"><code>{{.Name}}</code></a>
 							{{$timeSince := TimeSince .Commit.Committer.When $.Lang}}
-							<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .Commit.Committer.Name) | Safe}}</span>
+							<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince .Commit.Committer.Name | Safe}}</span>
 						</div>
 						{{if and $.IsRepositoryWriter $.AllowPullRequest}}
 							<div class="ui four wide column">
--- a/templates/repo/wiki/view.tmpl
+++ b/templates/repo/wiki/view.tmpl
@@ -58,7 +58,7 @@
 			{{end}}
 			<div class="ui sub header">
 				{{$timeSince := TimeSince .Author.When $.Lang}}
-				{{.i18n.Tr "repo.wiki.last_commit_info" (Sanitize .Author.Name) $timeSince | Safe}}
+				{{.i18n.Tr "repo.wiki.last_commit_info" .Author.Name $timeSince | Safe}}
 			</div>
 		</div>
 		<div class="markdown has-emoji">
Author	SHA1	Message	Date
copilot-swe-agent[bot]	76f3497e3b	Fix embedded Postgres configuration and initialization order Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>	2026-02-06 01:48:00 +00:00
copilot-swe-agent[bot]	74d4d9a262	Fix trailing whitespace in code review feedback Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>	2026-02-06 01:32:05 +00:00
deepsource-autofix[bot]	f5daceef55	style: format code with Go fmt and Gofumpt This commit fixes the style issues introduced in `4616bd6` according to the output from Go fmt and Gofumpt. Details: https://github.com/gogs/gogs/pull/8150	2026-02-06 01:29:34 +00:00
copilot-swe-agent[bot]	4616bd64dd	Add embedded PostgreSQL support via --embedded-postgres flag Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>	2026-02-06 01:29:19 +00:00
copilot-swe-agent[bot]	39b27c3503	Initial plan	2026-02-06 01:18:32 +00:00
Joe Chen	ed5d02e036	chore: free up "docs/" subdir for Mintlify [skip ci]	2026-02-01 23:15:47 -05:00
dependabot[bot]	5874791a57	mod: bump golang.org/x/crypto from 0.45.0 to 0.47.0 (#8141 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-01 09:20:24 -05:00
ᴊᴏᴇ ᴄʜᴇɴ	17ad3d3425	pkgr: fix up install main package path (#8146 )	2026-02-01 09:12:12 -05:00
dependabot[bot]	9b2a967e45	mod: bump github.com/editorconfig/editorconfig-core-go/v2 from 2.6.3 to 2.6.4 (#8143 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-01 09:01:09 -05:00
dependabot[bot]	e80635a449	mod: bump github.com/go-ldap/ldap/v3 from 3.4.11 to 3.4.12 (#8144 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-01 09:00:50 -05:00
Joe Chen	47bccf292d	pkgr: fix up install path [skip ci]	2026-02-01 08:53:52 -05:00
ᴊᴏᴇ ᴄʜᴇɴ	38def73489	Update security policy for version support and advisories [skip ci]	2026-02-01 08:16:22 -05:00
Copilot	6cf6422b88	Remove codecov config and upload in CI (#8145 ) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>	2026-02-01 08:10:55 -05:00
dependabot[bot]	8d8d66ec1d	mod: bump github.com/olekukonko/tablewriter from 1.1.0 to 1.1.3 (#8140 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-01 07:45:08 -05:00
ᴊᴏᴇ ᴄʜᴇɴ	7ea2c4093f	refactor: move main package from root to cmd/gogs (#8139 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 23:28:48 -05:00
dependabot[bot]	7ebfb202e4	mod: bump github.com/olekukonko/tablewriter from 0.0.5 to 1.1.0 (#8039 ) Co-authored-by: Joe Chen <jc@unknwon.io> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 23:11:08 -05:00
ᴊᴏᴇ ᴄʜᴇɴ	7b8c560f15	ci(go): use tparse for test output in non-Windows jobs (#8138 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 22:58:41 -05:00
ᴊᴏᴇ ᴄʜᴇɴ	a636dcf678	fix(release): remove "v" prefix from archive names (#8137 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 22:42:45 -05:00
ᴊᴏᴇ ᴄʜᴇɴ	3dcb74be39	release: cut CHANGELOG entries for 0.14.1 [skip ci]	2026-01-31 22:23:09 -05:00
ᴊᴏᴇ ᴄʜᴇɴ	7ad425025e	fix(ssh): git clone via built-in SSH server hangs (#8135 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 22:20:43 -05:00
ᴊᴏᴇ ᴄʜᴇɴ	85abee4b9b	chore: update release templates (#8134 ) [skip ci]	2026-01-31 20:08:38 -05:00
Joe Chen	997c3c5eab	chore: take care of legacy code	2026-01-31 20:07:49 -05:00
Joe Chen	a5ddb2665e	chore: bump dev version to 0.15 [skip ci]	2026-01-31 20:04:55 -05:00