chore: fixup for lint

Signed-off-by: Josh <josh.t.richards@gmail.com>
fix(storage/local): avoid unsafe fallback on case-only rename
2026-01-08 10:55:22 -05:00 · 2026-01-07 22:33:55 -05:00 · 2026-01-07 20:30:04 -05:00 · 2026-01-08 00:13:49 +00:00 · 2026-01-07 19:05:41 +01:00 · 2026-01-07 19:05:19 +01:00
3729 changed files with 81556 additions and 58084 deletions
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -3,48 +3,43 @@ name: 🚀 Feature request
 about: Suggest an idea for this project
 labels: enhancement, 0. Needs triage
 type: "Enhancement"
-
 ---

 <!--
-Thanks for reporting issues back to Nextcloud!
-
-Note: This is the **issue tracker of Nextcloud**, please do NOT use this to get answers to your questions or get help for fixing your installation. This is a place to report bugs to developers, after your server has been debugged. You can find help debugging your system on our home user forums: https://help.nextcloud.com or, if you use Nextcloud in a large organization, ask our engineers on https://portal.nextcloud.com. See also  https://nextcloud.com/support for support options.
-
-Nextcloud is an open source project backed by Nextcloud GmbH. Most of our volunteers are home users and thus primarily care about issues that affect home users. Our paid engineers prioritize issues of our customers. If you are neither a home user nor a customer, consider paying somebody to fix your issue, do it yourself or become a customer.
-
-Guidelines for submitting issues:
-
-* Please search the existing issues first, it's likely that your issue was already reported or even fixed.
-    - Go to https://github.com/nextcloud and type any word in the top search/command bar. You probably see something like "We couldn’t find any repositories matching ..." then click "Issues" in the left navigation.
-    - You can also filter by appending e. g. "state:open" to the search string.
-    - More info on search syntax within github: https://help.github.com/articles/searching-issues
-    
-* This repository https://github.com/nextcloud/server/issues is *only* for issues within the Nextcloud Server code. This also includes the apps: files, encryption, external storage, sharing, deleted files, versions, LDAP, and WebDAV Auth
-  
-* SECURITY: Report any potential security bug to us via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/) instead of filing an issue in our bug tracker.  
-
-* The issues in other components should be reported in their respective repositories: You will find them in our GitHub Organization (https://github.com/nextcloud/)
+Have a security concern? Please report potential security issues via our HackerOne program (https://hackerone.com/nextcloud) instead of filing a public GitHub issue. See our security policy: https://nextcloud.com/security/
 -->

+<!--
+Thanks for taking the time to suggest improvements to Nextcloud! Use this form to request features or propose enhancements.

-<!--- Please keep this note for other contributors -->
+Guidelines:

-### How to use GitHub
-
-* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are interested into the same feature.
-* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
-* Subscribe to receive notifications on status change and new comments. 
+* Please search existing issues first; your idea may already have been discussed or implemented.
+* This repository (https://github.com/nextcloud/server/issues) is only for issues within the Nextcloud Server code. This includes shipped apps such as Files, DAV, Encryption, External Storage, Sharing, Deleted Files, Versions, Federation, and LDAP.
+* Issues for other components should be reported in their respective repositories in the Nextcloud GitHub organization: https://github.com/nextcloud/
+* Nextcloud is an open source project backed by Nextcloud GmbH. Many contributors are volunteers and primarily focus on issues affecting home users. Paid engineers prioritize customer-reported issues and critical defects.
+* This is the development issue tracker. Please do NOT use it for support questions or help diagnosing your installation.
+  - For community/user help: https://help.nextcloud.com
+  - For professional / large deployment support options: https://nextcloud.com/support
+-->

+<!-- Please keep the note below for other contributors -->
+> [!TIP]
+> ### Help move this idea forward
+> * Use the 👍 reaction to show support for this feature.
+> * Avoid commenting unless you have relevant information to add; unnecessary comments create noise for subscribers.
+> * Subscribe to receive notifications about status changes and new comments.
+---
+<!-- DO NOT EDIT ABOVE THIS LINE -->

 **Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+<!-- Provide a clear and concise description of the problem. For example: “I'm always frustrated when …” -->

 **Describe the solution you'd like**
-A clear and concise description of what you want to happen.
+<!-- Provide a clear and concise description of what you want to happen. -->

 **Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
+<!-- Provide a clear and concise description of any alternative solutions or features you've considered. -->

 **Additional context**
-Add any other context or screenshots about the feature request here.
+<!-- Add any other context or screenshots related to the feature request here. -->
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -53,6 +53,15 @@ updates:
    - "feature: dependencies"
  # Disable automatic rebasing because without a build CI will likely fail anyway
  rebase-strategy: "disabled"
+  groups:
+    vite:
+      patterns:
+        - "vite"
+        - "@nextcloud/vite-config"
+    vitest:
+      patterns:
+        - "vitest"
+        - "@vitest/*"

 # Latest stable release
 # Composer dependencies for linting and testing
@@ -60,7 +69,7 @@ updates:
  target-branch: stable32
  directories:
    - "/"
-    - "/build/integration"
+    - "/vendor-bin/behat"
    - "/vendor-bin/cs-fixer"
    - "/vendor-bin/openapi-extractor"
    - "/vendor-bin/phpunit"
--- a/.github/workflows/autocheckers.yml
+++ b/.github/workflows/autocheckers.yml
@@ -52,13 +52,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
@@ -81,13 +81,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
--- a/.github/workflows/block-merge-eol.yml
+++ b/.github/workflows/block-merge-eol.yml
@@ -27,7 +27,7 @@ jobs:

    steps:
      - name: Set server major version environment
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
@@ -37,13 +37,13 @@ jobs:
            if (match) {
              console.log('Setting server_major to ' + match[1]);
              core.exportVariable('server_major', match[1]);
-              console.log('Setting current_month to ' + (new Date()).toISOString().substr(0, 7));
-              core.exportVariable('current_month', (new Date()).toISOString().substr(0, 7));
+              console.log('Setting current_day to ' + (new Date()).toISOString().substr(0, 10));
+              core.exportVariable('current_day', (new Date()).toISOString().substr(0, 10));
            }

      - name: Checking if server ${{ env.server_major }} is EOL
        if: ${{ env.server_major != '' }}
        run: |
          curl -s https://raw.githubusercontent.com/nextcloud-releases/updater_server/production/config/major_versions.json \
-            | jq '.["${{ env.server_major }}"]["eol"] // "9999-99" | . >= "${{ env.current_month }}"' \
+            | jq '.["${{ env.server_major }}"]["eol"] // "9999-99-99" | . >= "${{ env.current_day }}"' \
            | grep -q true
--- a/.github/workflows/block-merge-freeze.yml
+++ b/.github/workflows/block-merge-freeze.yml
@@ -29,7 +29,7 @@ jobs:

    steps:
      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
--- a/.github/workflows/block-outdated-3rdparty.yml
+++ b/.github/workflows/block-outdated-3rdparty.yml
@@ -31,7 +31,7 @@ jobs:
              - 'version.php'

      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

@@ -41,7 +41,7 @@ jobs:
          echo "commit=$(git submodule status | grep ' 3rdparty' | egrep -o '[a-f0-9]{40}')" >> "$GITHUB_OUTPUT"

      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
--- a/.github/workflows/block-unconventional-commits.yml
+++ b/.github/workflows/block-unconventional-commits.yml
@@ -27,7 +27,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,18 +32,18 @@ jobs:
          build-mode: none
    steps:
    - name: Checkout repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        persist-credentials: false

    - name: Initialize CodeQL
-      uses: github/codeql-action/init@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2
+      uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
      with:
        languages: ${{ matrix.language }}
        build-mode: ${{ matrix.build-mode }}
        config-file: ./.github/codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2
+      uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/command-compile.yml
+++ b/.github/workflows/command-compile.yml
@@ -30,7 +30,7 @@ jobs:

    steps:
      - name: Get repository from pull request comment
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        id: get-repository
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
@@ -57,7 +57,7 @@ jobs:
          require: write

      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
@@ -83,7 +83,7 @@ jobs:
        id: comment-branch

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
@@ -103,7 +103,7 @@ jobs:
          key: git-repo

      - name: Checkout ${{ needs.init.outputs.head_ref }}
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          # Needed to allow force push later
          persist-credentials: true
@@ -120,11 +120,11 @@ jobs:
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: package-engines-versions
        with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
          cache: npm
@@ -136,26 +136,26 @@ jobs:
        if: ${{ contains(needs.init.outputs.arg1, 'rebase') }}
        run: |
          git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}'
-          
+
          # Start the rebase
          git rebase 'origin/${{ needs.init.outputs.base_ref }}' || {
            # Handle rebase conflicts in a loop
            while [ -d .git/rebase-merge ] || [ -d .git/rebase-apply ]; do
              echo "Handling rebase conflict..."
-              
+
              # Remove and checkout /dist and /js folders from the base branch
              if [ -d "dist" ]; then
                rm -rf dist
                git checkout origin/${{ needs.init.outputs.base_ref }} -- dist/ 2>/dev/null || echo "No dist folder in base branch"
              fi
              if [ -d "js" ]; then
-                rm -rf js  
+                rm -rf js
                git checkout origin/${{ needs.init.outputs.base_ref }} -- js/ 2>/dev/null || echo "No js folder in base branch"
              fi
-              
+
              # Stage all changes
              git add .
-              
+
              # Check if there are any changes after resolving conflicts
              if git diff --cached --quiet; then
                echo "No changes after conflict resolution, skipping commit"
@@ -164,7 +164,7 @@ jobs:
                echo "Changes found, continuing rebase without editing commit message"
                git -c core.editor=true rebase --continue
              fi
-              
+
              # Break if rebase is complete
              if [ ! -d .git/rebase-merge ] && [ ! -d .git/rebase-apply ]; then
                break
@@ -213,7 +213,7 @@ jobs:
        run: git push --force-with-lease origin "$HEAD_REF"

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
--- a/.github/workflows/command-pull-3rdparty.yml
+++ b/.github/workflows/command-pull-3rdparty.yml
@@ -20,7 +20,7 @@ jobs:

    steps:
      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
@@ -38,7 +38,7 @@ jobs:
        id: comment-branch

      - name: Checkout ${{ steps.comment-branch.outputs.head_ref }}
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          fetch-depth: 0
@@ -46,7 +46,7 @@ jobs:
          ref: ${{ steps.comment-branch.outputs.head_ref }}

      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
@@ -71,7 +71,7 @@ jobs:
          git config --local user.name 'nextcloud-command'

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
        if: ${{ env.server_ref == '' }}
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
@@ -91,7 +91,7 @@ jobs:
          git push

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -22,7 +22,7 @@ env:
  # Usually it's the base branch of the PR, but for pushes it's the branch itself.
  # e.g. 'main', 'stable27' or 'feature/my-feature'
  # n.b. server will use head_ref, as we want to test the PR branch.
-  BRANCH: ${{ github.head_ref || github.ref_name }}
+  BRANCH: ${{ github.base_ref || github.ref_name }}


 permissions:
@@ -48,7 +48,7 @@ jobs:
          exit 1

      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          # We need to checkout submodules for 3rdparty
@@ -58,7 +58,7 @@ jobs:
        id: check_composer
        uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
        with:
-          files: "composer.json"
+          files: 'composer.json'

      - name: Install composer dependencies
        if: steps.check_composer.outputs.files_exists == 'true'
@@ -68,11 +68,11 @@ jobs:
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: "^20"
-          fallbackNpm: "^10"
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -84,9 +84,6 @@ jobs:
          npm ci
          TESTING=true npm run build --if-present

-      - name: Show cypress version
-        run: npm run cypress:version
-
      - name: Save context
        uses: buildjet/cache/save@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
        with:
@@ -163,7 +160,7 @@ jobs:
          path: ./

      - name: Set up node ${{ needs.init.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: ${{ needs.init.outputs.nodeVersion }}

@@ -174,7 +171,7 @@ jobs:
        run: ./node_modules/cypress/bin/cypress install

      - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests
-        uses: cypress-io/github-action@b8ba51a856ba5f4c15cf39007636d4ab04f23e3c # v6.10.2
+        uses: cypress-io/github-action@7ef72e250a9e564efb4ed4c2433971ada4cc38b4 # v6.10.4
        with:
          # We already installed the dependencies in the init job
          install: false
@@ -198,10 +195,10 @@ jobs:
          SETUP_TESTING: ${{ matrix.containers == 'setup' && 'true' || '' }}

      - name: Upload snapshots and videos
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        if: always()
        with:
-          name: snapshots_videos_${{ matrix.containers }}
+          name: snapshots_${{ matrix.containers }}
          path: |
            cypress/snapshots
            cypress/videos
@@ -220,8 +217,8 @@ jobs:
        if: failure() && matrix.containers != 'component'
        run: docker exec nextcloud-e2e-test-server_${{ env.APP_NAME }} tar -cvjf - data > data.tar

-      - name: Upload data dir archive
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - name: Upload data archive
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        if: failure() && matrix.containers != 'component'
        with:
          name: nc_data_${{ matrix.containers }}
--- a/.github/workflows/dependabot-approve-merge.yml
+++ b/.github/workflows/dependabot-approve-merge.yml
@@ -3,10 +3,10 @@
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
 #
-# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: MIT

-name: Dependabot
+name: Auto approve Dependabot PRs

 on:
  pull_request_target: # zizmor: ignore[dangerous-triggers]
@@ -29,6 +29,8 @@ jobs:
    permissions:
      # for hmarr/auto-approve-action to approve PRs
      pull-requests: write
+      # for alexwilson/enable-github-automerge-action to approve PRs
+      contents: write

    steps:
      - name: Disabled on forks
@@ -37,13 +39,20 @@ jobs:
          echo 'Can not approve PRs from forks'
          exit 1

+      - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
+        id: branchname
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
      # GitHub actions bot approve
-      - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
+      - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
+        if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

-      # Nextcloud bot approve and merge request
-      - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2
+      # Enable GitHub auto merge
+      - name: Auto merge
+        uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0
+        if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
        with:
-          target: minor
-          github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/files-external-ftp.yml
+++ b/.github/workflows/files-external-ftp.yml
@@ -55,7 +55,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true
@@ -71,7 +71,7 @@ jobs:
          if [[ "${{ matrix.ftpd }}" == 'pure-ftpd' ]]; then docker run --name ftp -d --net host -e "PUBLICHOST=localhost" -e FTP_USER_NAME=test -e FTP_USER_PASS=test -e FTP_USER_HOME=/home/test -v /tmp/ftp:/home/test -v /tmp/ftp:/etc/pure-ftpd/passwd stilliard/pure-ftpd; fi

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -104,7 +104,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-ftp
--- a/.github/workflows/files-external-s3.yml
+++ b/.github/workflows/files-external-s3.yml
@@ -64,13 +64,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -104,7 +104,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-s3
@@ -152,13 +152,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -185,7 +185,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-s3
--- a/.github/workflows/files-external-sftp.yml
+++ b/.github/workflows/files-external-sftp.yml
@@ -55,7 +55,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true
@@ -67,7 +67,7 @@ jobs:
          if [[ '${{ matrix.sftpd }}' == 'openssh' ]]; then docker run -p 2222:22 --name sftp -d -v /tmp/sftp:/home/test atmoz/sftp 'test:test:::data'; fi

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -93,7 +93,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-sftp
--- a/.github/workflows/files-external-smb-kerberos.yml
+++ b/.github/workflows/files-external-smb-kerberos.yml
@@ -46,13 +46,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Checkout user_saml
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          repository: nextcloud/user_saml
--- a/.github/workflows/files-external-smb.yml
+++ b/.github/workflows/files-external-smb.yml
@@ -59,13 +59,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -99,7 +99,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-smb
--- a/.github/workflows/files-external-webdav.yml
+++ b/.github/workflows/files-external-webdav.yml
@@ -60,13 +60,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -97,7 +97,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-webdav
--- a/.github/workflows/files-external.yml
+++ b/.github/workflows/files-external.yml
@@ -53,13 +53,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -85,7 +85,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-generic
--- a/.github/workflows/generate-release-changelog.yml
+++ b/.github/workflows/generate-release-changelog.yml
@@ -24,14 +24,14 @@ jobs:
          require: write

      - name: Checkout github_helper
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          repository: nextcloud/github_helper
          path: github_helper

      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          path: server
@@ -73,7 +73,7 @@ jobs:
         fi

      - name: Set up php 8.2
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
          php-version: 8.2
          coverage: none
--- a/.github/workflows/integration-dav.yml
+++ b/.github/workflows/integration-dav.yml
@@ -53,13 +53,13 @@ jobs:

    steps:
        - name: Checkout server
-          uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+          uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
          with:
            persist-credentials: false
            submodules: true

        - name: Set up php ${{ matrix.php-versions }}
-          uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+          uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
          with:
            php-version: ${{ matrix.php-versions }}
            # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -70,7 +70,7 @@ jobs:
            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

        - name: Set up Python
-          uses: LizardByte/actions/actions/setup_python@bff0a193747a3ac7930a665fc1d4b23eba583b99 # v2025.814.40518
+          uses: LizardByte/actions/actions/setup_python@329b1bcefe1cbe1ef289177471c9f2b2af98e6ca # v2025.1028.23217
          with:
            python-version: '2.7'

--- a/.github/workflows/integration-litmus.yml
+++ b/.github/workflows/integration-litmus.yml
@@ -52,13 +52,13 @@ jobs:

    steps:
        - name: Checkout server
-          uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+          uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
          with:
            persist-credentials: false
            submodules: true

        - name: Set up php ${{ matrix.php-versions }}
-          uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+          uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
          with:
            php-version: ${{ matrix.php-versions }}
            # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
--- a/.github/workflows/integration-s3-primary.yml
+++ b/.github/workflows/integration-s3-primary.yml
@@ -67,13 +67,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -90,6 +90,7 @@ jobs:

      - name: Set up Nextcloud
        run: |
+          composer install
          mkdir data
          echo '<?php $CONFIG=["${{ matrix.key }}" => ["class" => "OC\Files\ObjectStore\S3", "arguments" => ["bucket" => "nextcloud", "autocreate" => true, "key" => "nextcloud", "secret" => "bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=", "hostname" => "localhost", "port" => 9000, "use_ssl" => false, "use_path_style" => true, "uploadPartSize" => 52428800]]];' > config/config.php
          echo '<?php $CONFIG=["redis" => ["host" => "localhost", "port" => 6379], "memcache.local" => "\OC\Memcache\Redis", "memcache.distributed" => "\OC\Memcache\Redis"];' > config/redis.config.php
--- a/.github/workflows/integration-sqlite.yml
+++ b/.github/workflows/integration-sqlite.yml
@@ -62,6 +62,7 @@ jobs:
          - '--tags ~@large files_features'
          - 'filesdrop_features'
          - 'file_conversions'
+          - 'files_reminders'
          - 'openldap_features'
          - 'openldap_numerical_features'
          - 'ldap_features'
@@ -96,14 +97,14 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Checkout Talk app
        if: ${{ matrix.test-suite == 'videoverification_features' }}
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          repository: nextcloud/spreed
@@ -112,7 +113,7 @@ jobs:

      - name: Checkout Activity app
        if: ${{ matrix.test-suite == 'sharing_features' }}
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          repository: nextcloud/activity
@@ -120,7 +121,7 @@ jobs:
          ref: ${{ matrix.activity-versions }}

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -130,12 +131,9 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

-      - name: Set up production dependencies
-        run: composer i --no-dev
-
-      - name: Set up behat dependencies
-        working-directory: build/integration
-        run: composer i
+      - name: Set up dependencies
+        run: |
+          composer install

      - name: Set up Talk dependencies
        if: ${{ matrix.test-suite == 'videoverification_features' }}
--- a/.github/workflows/lint-eslint.yml
+++ b/.github/workflows/lint-eslint.yml
@@ -56,7 +56,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

@@ -64,11 +64,11 @@ jobs:
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

--- a/.github/workflows/lint-php-cs.yml
+++ b/.github/workflows/lint-php-cs.yml
@@ -44,18 +44,18 @@ jobs:
  lint:
    runs-on: ubuntu-latest

-    name: PHP CS fixer lint
+    name: php-cs

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

-      - name: Set up php8.1
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+      - name: Set up php
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
-          php-version: 8.1
+          php-version: 8.2
          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
          coverage: none
          ini-file: development
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -47,20 +47,21 @@ jobs:

    strategy:
      matrix:
-        php-versions: [ '8.2', '8.3', '8.4' ]
+        php-versions: [ '8.2', '8.3', '8.4', '8.5' ]

    name: php-lint

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
          coverage: none
          ini-file: development
        env:
--- a/.github/workflows/lint-stylelint.yml
+++ b/.github/workflows/lint-stylelint.yml
@@ -25,7 +25,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

@@ -33,11 +33,11 @@ jobs:
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

--- a/.github/workflows/node-test-handlebars.yml
+++ b/.github/workflows/node-test-handlebars.yml
@@ -0,0 +1,99 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Node handlebars tests
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: node-tests-handlebars-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  changes:
+    runs-on: ubuntu-latest-low
+    permissions:
+      contents: read
+      pull-requests: read
+
+    outputs:
+      src: ${{ steps.changes.outputs.src }}
+
+    steps:
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: changes
+        continue-on-error: true
+        with:
+          filters: |
+            src:
+              - '.github/workflows/**'
+              - '**/__tests__/**'
+              - '**/__mocks__/**'
+              - 'apps/*/src/**'
+              - 'apps/*/appinfo/info.xml'
+              - 'core/src/**'
+              - 'package.json'
+              - '**/package-lock.json'
+              - 'tsconfig.json'
+              - '**.js'
+              - '**.ts'
+              - '**.vue'
+
+  handlebars:
+    runs-on: ubuntu-latest
+    needs: [changes]
+    if: needs.changes.outputs.src != 'false'
+
+    env:
+      CYPRESS_INSTALL_BINARY: 0
+      PUPPETEER_SKIP_DOWNLOAD: true
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          persist-credentials: false
+
+      - name: Read package.json node and npm engines version
+        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
+        id: versions
+        with:
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'
+
+      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        with:
+          node-version: ${{ steps.versions.outputs.nodeVersion }}
+
+      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
+        run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run compile
+        run: ./build/compile-handlebars-templates.sh
+
+  summary:
+    permissions:
+      contents: none
+    runs-on: ubuntu-latest-low
+    needs: [changes, handlebars]
+
+    if: always()
+
+    name: test-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.changes.outputs.src != 'false' && needs.handlebars.result != 'success' }}; then exit 1; fi
--- a/.github/workflows/node-test.yml
+++ b/.github/workflows/node-test.yml
@@ -44,25 +44,21 @@ jobs:
              - 'apps/*/appinfo/info.xml'
              - 'core/src/**'
              - 'package.json'
-              - 'package-lock.json'
+              - '**/package-lock.json'
              - 'tsconfig.json'
              - '**.js'
              - '**.ts'
              - '**.vue'

-  versions:
-    runs-on: ubuntu-latest-low
+  test:
+    runs-on: ubuntu-latest
+
    needs: changes
-
-    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}
-
-    outputs:
-      nodeVersion: ${{ steps.versions.outputs.nodeVersion }}
-      npmVersion: ${{ steps.versions.outputs.npmVersion }}
+    if: needs.changes.outputs.src != 'false'

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

@@ -70,85 +66,39 @@ jobs:
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'

-  test:
-    runs-on: ubuntu-latest
-    needs: [versions, changes]
-
-    if: ${{ needs.versions.result != 'failure' && needs.changes.outputs.src != 'false' }}
-
-    env:
-      CYPRESS_INSTALL_BINARY: 0
-      PUPPETEER_SKIP_DOWNLOAD: true
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
-          persist-credentials: false
+          node-version: ${{ steps.versions.outputs.nodeVersion }}

-      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
-        with:
-          node-version: ${{ needs.versions.outputs.nodeVersion }}
-
-      - name: Set up npm ${{ needs.versions.outputs.npmVersion }}
-        run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'
-
-      - name: Install dependencies & build
-        run: |
-          npm ci
-          npm run build --if-present
-
-      - name: Test and process coverage
-        run: npm run test:coverage --if-present
-
-      - name: Collect coverage
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
-        with:
-          files: ./coverage/lcov.info
-
-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@47f89e9acb64b76debcd5ea40642d25a4adced9f # v1.1.1
-
-  handlebars:
-    runs-on: ubuntu-latest
-    needs: [versions, changes]
-
-    if: ${{ needs.versions.result != 'failure' && needs.changes.outputs.src != 'false' }}
-
-    env:
-      CYPRESS_INSTALL_BINARY: 0
-      PUPPETEER_SKIP_DOWNLOAD: true
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-
-      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
-        with:
-          node-version: ${{ needs.versions.outputs.nodeVersion }}
-
-      - name: Set up npm ${{ needs.versions.outputs.npmVersion }}
-        run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'
+      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
+        run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'

      - name: Install dependencies
-        run: npm ci
+        env:
+          CYPRESS_INSTALL_BINARY: 0
+        run: |
+          npm ci

-      - name: Run compile
-        run: ./build/compile-handlebars-templates.sh
+#      - name: Test
+#        run: npm run test --if-present
+
+      - name: Test and process coverage
+        run: npm run test:coverage
+
+      - name: Collect coverage
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        with:
+          files: ./coverage/lcov.info,./coverage/legacy/lcov.info

  summary:
    permissions:
      contents: none
    runs-on: ubuntu-latest-low
-    needs: [changes, test, handlebars]
+    needs: [changes, test]

    if: always()

@@ -156,4 +106,4 @@ jobs:

    steps:
      - name: Summary status
-        run: if ${{ needs.changes.outputs.src != 'false' && (needs.test.result != 'success' || needs.handlebars.result != 'success') }}; then exit 1; fi
+        run: if ${{ needs.changes.outputs.src != 'false' && needs.test.result != 'success' }}; then exit 1; fi
--- a/.github/workflows/node.yml
+++ b/.github/workflows/node.yml
@@ -37,14 +37,14 @@ jobs:
              - '.github/workflows/**'
              - '**/src/**'
              - '**/appinfo/info.xml'
+              - 'core/css/*'
+              - 'core/img/**'
              - 'package.json'
-              - 'package-lock.json'
+              - '**/package-lock.json'
              - 'tsconfig.json'
              - '**.js'
              - '**.ts'
              - '**.vue'
-              - 'core/css/*'
-              - 'core/img/**'
              - 'version.php'

  build:
@@ -56,7 +56,7 @@ jobs:
    name: NPM build
    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

@@ -64,17 +64,24 @@ jobs:
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
        run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'

+      # This does not work on server as we have some git dependencies that "npm-package-lock-add-resolved" cannot handle
+      # - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460
+      #   run: |
+      #     npm i -g npm-package-lock-add-resolved@1.1.4
+      #     npm-package-lock-add-resolved
+      #     git --no-pager diff --exit-code
+
      - name: Install dependencies & build
        env:
          CYPRESS_INSTALL_BINARY: 0
@@ -83,7 +90,7 @@ jobs:
          npm ci
          npm run build --if-present

-      - name: Check webpack build changes
+      - name: Check build changes
        run: |
          bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)"

--- a/.github/workflows/npm-audit-fix.yml
+++ b/.github/workflows/npm-audit-fix.yml
@@ -24,14 +24,17 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        branches: ['main', 'master', 'stable32', 'stable31', 'stable30']
+        branches:
+          - ${{ github.event.repository.default_branch }}
+          - 'stable32'
+          - 'stable31'

    name: npm-audit-fix-${{ matrix.branches }}

    steps:
      - name: Checkout
        id: checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          ref: ${{ matrix.branches }}
@@ -41,11 +44,11 @@ jobs:
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -66,7 +69,7 @@ jobs:

      - name: Create Pull Request
        if: steps.checkout.outcome == 'success'
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(deps): Fix npm audit'
--- a/.github/workflows/object-storage-azure.yml
+++ b/.github/workflows/object-storage-azure.yml
@@ -73,13 +73,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -110,7 +110,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-azure
--- a/.github/workflows/object-storage-s3.yml
+++ b/.github/workflows/object-storage-s3.yml
@@ -74,13 +74,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -116,7 +116,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-s3
--- a/.github/workflows/object-storage-swift.yml
+++ b/.github/workflows/object-storage-swift.yml
@@ -71,13 +71,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -106,7 +106,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-swift
--- a/.github/workflows/openapi.yml
+++ b/.github/workflows/openapi.yml
@@ -26,12 +26,12 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

      - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
          php-version: '8.2'
          extensions: ctype, curl, dom, fileinfo, gd, json, libxml, mbstring, openssl, pcntl, pdo, posix, session, simplexml, xml, xmlreader, xmlwriter, zip, zlib
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@@ -35,14 +35,14 @@ jobs:
          exit 1

      - name: Checkout server before PR
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true
          ref: ${{ github.event.pull_request.base.ref }}

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
@@ -98,14 +98,14 @@ jobs:

      - name: Upload profiles
        if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
        with:
          name: profiles
          path: |
            before.json
            after.json

-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v7
        if: failure() && steps.compare.outcome == 'failure'
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
--- a/.github/workflows/phpunit-32bits.yml
+++ b/.github/workflows/phpunit-32bits.yml
@@ -26,46 +26,34 @@ jobs:

    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

-    container: shivammathur/node:latest-i386
-
    strategy:
      fail-fast: false
      matrix:
-        php-versions: ["8.2", "8.3", "8.4"]
+        php-versions: ["8.4"]

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

-      - name: Install tools
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y ffmpeg imagemagick libmagickcore-6.q16-3-extra
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
-        with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, imagick, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite, apcu, ldap
-          coverage: none
-          ini-file: development
-          ini-values: apc.enabled=on, apc.enable_cli=on, disable_functions= # https://github.com/shivammathur/setup-php/discussions/573
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
      - name: Set up dependencies
-        run: composer i
+        uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest
+        with:
+          args: /bin/sh -c "
+            git config --global --add safe.directory /github/workspace &&
+            composer install --no-interaction"

      - name: Set up Nextcloud
-        env:
-          DB_PORT: 4444
-        run: |
-          mkdir data
-          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=autotest --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+        uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest
+        with:
+          args: /bin/sh -c "
+            mkdir data &&
+            ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-user=autotest --database-pass=rootpassword --admin-user admin --admin-pass admin &&
+            php -f tests/enable_all.php"

      - name: PHPUnit
-        run: composer run test -- --exclude-group PRIMARY-azure,PRIMARY-s3,PRIMARY-swift,Memcached,Redis,RoutingWeirdness
+        uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest
+        with:
+          args: /bin/sh -c "composer run test -- --exclude-group PRIMARY-azure,PRIMARY-s3,PRIMARY-swift,Memcached,Redis,RoutingWeirdness"
--- a/.github/workflows/phpunit-mariadb.yml
+++ b/.github/workflows/phpunit-mariadb.yml
@@ -60,13 +60,15 @@ jobs:
      fail-fast: false
      matrix:
        php-versions: ['8.2']
-        mariadb-versions: ['10.3', '10.6', '10.11', '11.4', '11.8']
+        mariadb-versions: ['10.6', '10.11', '11.4', '11.8']
        include:
          - php-versions: '8.3'
            mariadb-versions: '10.11'
            coverage: ${{ github.event_name != 'pull_request' }}
          - php-versions: '8.4'
            mariadb-versions: '11.8'
+          - php-versions: '8.5'
+            mariadb-versions: '11.8'

    name: MariaDB ${{ matrix.mariadb-versions }} (PHP ${{ matrix.php-versions }}) - database tests

@@ -90,13 +92,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -129,7 +131,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.db.xml
          flags: phpunit-mariadb
--- a/.github/workflows/phpunit-memcached.yml
+++ b/.github/workflows/phpunit-memcached.yml
@@ -56,7 +56,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: ['8.3', '8.4']
+        php-versions: ['8.3', '8.4', '8.5']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -72,13 +72,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -99,11 +99,11 @@ jobs:
          php -f tests/enable_all.php

      - name: PHPUnit memcached tests
-        run: composer run test -- --group Memcache,Memcached --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test -- --group Memcache --group Memcached --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.xml
          flags: phpunit-memcached
--- a/.github/workflows/phpunit-mysql-sharding.yml
+++ b/.github/workflows/phpunit-mysql-sharding.yml
@@ -121,13 +121,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -161,7 +161,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.db.xml
          flags: phpunit-mysql
--- a/.github/workflows/phpunit-mysql.yml
+++ b/.github/workflows/phpunit-mysql.yml
@@ -67,6 +67,8 @@ jobs:
            coverage: ${{ github.event_name != 'pull_request' }}
          - mysql-versions: '8.4'
            php-versions: '8.4'
+          - mysql-versions: '8.4'
+            php-versions: '8.5'

    name: MySQL ${{ matrix.mysql-versions }} (PHP ${{ matrix.php-versions }}) - database tests

@@ -90,13 +92,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -129,7 +131,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.db.xml
          flags: phpunit-mysql
--- a/.github/workflows/phpunit-nodb.yml
+++ b/.github/workflows/phpunit-nodb.yml
@@ -59,7 +59,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: ['8.3', '8.4']
+        php-versions: ['8.3', '8.4', '8.5']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -75,13 +75,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -105,11 +105,11 @@ jobs:
          php -f tests/enable_all.php

      - name: PHPUnit nodb testsuite
-        run: composer run test -- --exclude-group DB,SLOWDB --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.nodb.xml' || '' }}
+        run: composer run test -- --exclude-group DB --exclude-group SLOWDB --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.nodb.xml' || '' }}

      - name: Upload nodb code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.nodb.xml
          flags: phpunit-nodb
--- a/.github/workflows/phpunit-object-store-primary.yml
+++ b/.github/workflows/phpunit-object-store-primary.yml
@@ -72,13 +72,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
--- a/.github/workflows/phpunit-oci.yml
+++ b/.github/workflows/phpunit-oci.yml
@@ -60,8 +60,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - oracle-versions: '11'
-            php-versions: '8.2'
          - oracle-versions: '18'
            php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -71,6 +69,8 @@ jobs:
            php-versions: '8.3'
          - oracle-versions: '23'
            php-versions: '8.4'
+          - oracle-versions: '23'
+            php-versions: '8.5'

    name: Oracle ${{ matrix.oracle-versions }} (PHP ${{ matrix.php-versions }}) - database tests

@@ -101,13 +101,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -133,7 +133,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.db.xml
          flags: phpunit-oci
--- a/.github/workflows/phpunit-pgsql.yml
+++ b/.github/workflows/phpunit-pgsql.yml
@@ -61,13 +61,15 @@ jobs:
      matrix:
        php-versions: ['8.2']
        # To keep the matrix smaller we ignore PostgreSQL versions in between as we already test the minimum and the maximum
-        postgres-versions: ['13', '17']
+        postgres-versions: ['14', '18']
        include:
          - php-versions: '8.3'
-            postgres-versions: '17'
+            postgres-versions: '18'
            coverage: ${{ github.event_name != 'pull_request' }}
          - php-versions: '8.4'
-            postgres-versions: '17'
+            postgres-versions: '18'
+          - php-versions: '8.5'
+            postgres-versions: '18'

    name: PostgreSQL ${{ matrix.postgres-versions }} (PHP ${{ matrix.php-versions }}) - database tests

@@ -86,17 +88,17 @@ jobs:
          POSTGRES_USER: root
          POSTGRES_PASSWORD: rootpassword
          POSTGRES_DB: nextcloud
-        options: --mount type=tmpfs,destination=/var/lib/postgresql/data --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
+        options: --mount type=tmpfs,destination=/var/lib/postgresql --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -124,7 +126,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.db.xml
          flags: phpunit-postgres
--- a/.github/workflows/phpunit-sqlite.yml
+++ b/.github/workflows/phpunit-sqlite.yml
@@ -59,7 +59,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: ['8.3', '8.4']
+        php-versions: ['8.3', '8.4', '8.5']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -75,13 +75,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -110,7 +110,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          files: ./clover.db.xml
          flags: phpunit-sqlite
--- a/.github/workflows/pr-feedback.yml
+++ b/.github/workflows/pr-feedback.yml
@@ -36,7 +36,7 @@ jobs:
          blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -)
          echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT"

-      - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main
+      - uses: nextcloud/pr-feedback-action@f0cab224dea8e1f282f9451de322f323c78fc7a5 # main
        with:
          feedback-message: |
            Hello there,
@@ -50,6 +50,6 @@ jobs:

            (If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).)
          days-before-feedback: 14
-          start-date: '2024-04-30'
+          start-date: '2025-06-12'
          exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }}'
          exempt-bots: true
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -19,9 +19,9 @@ jobs:
    runs-on: ubuntu-latest-low
    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

      - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0
+        uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -20,7 +20,7 @@ jobs:
      issues: write

    steps:
-    - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v9
+    - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v9
      with:
        repo-token: ${{ secrets.COMMAND_BOT_PAT }}
        stale-issue-message: >
--- a/.github/workflows/static-code-analysis.yml
+++ b/.github/workflows/static-code-analysis.yml
@@ -15,6 +15,7 @@ on:

 permissions:
  contents: read
+  security-events: write

 concurrency:
  group: static-code-analysis-${{ github.head_ref || github.run_id }}
@@ -28,13 +29,13 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: '8.2'
          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
@@ -59,13 +60,13 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: '8.2'
          extensions: ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
@@ -83,7 +84,7 @@ jobs:

      - name: Upload Security Analysis results to GitHub
        if: always()
-        uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3
+        uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3
        with:
          sarif_file: results.sarif

@@ -94,13 +95,13 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: '8.2'
          extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
@@ -125,13 +126,13 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
        with:
          persist-credentials: false
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
        with:
          php-version: '8.2'
          extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
--- a/.github/workflows/update-cacert-bundle.yml
+++ b/.github/workflows/update-cacert-bundle.yml
@@ -22,7 +22,7 @@ jobs:
    name: update-ca-certificate-bundle-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          ref: ${{ matrix.branches }}
@@ -32,7 +32,7 @@ jobs:
        run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update CA certificate bundle'
--- a/.github/workflows/update-code-signing-crl.yml
+++ b/.github/workflows/update-code-signing-crl.yml
@@ -22,7 +22,7 @@ jobs:
    name: update-code-signing-crl-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          ref: ${{ matrix.branches }}
@@ -35,7 +35,7 @@ jobs:
        run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update code signing revocation list'
--- a/.github/workflows/update-min-supported-desktop.yml
+++ b/.github/workflows/update-min-supported-desktop.yml
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest-low

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false
          submodules: true
@@ -107,7 +107,7 @@ jobs:
          fi

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412
        if: steps.update-files.outputs.CHANGES_MADE == 'true'
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
--- a/.github/workflows/update-stable-titles.yml
+++ b/.github/workflows/update-stable-titles.yml
@@ -24,7 +24,7 @@ jobs:
        run: sleep 15

      - name: Get PR details and update title
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
--- a/.htaccess
+++ b/.htaccess
@@ -1,100 +1,178 @@
 <IfModule mod_headers.c>
-  <IfModule mod_setenvif.c>
-    <IfModule mod_fcgid.c>
-       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
-       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
+    <IfModule mod_setenvif.c>
+        <IfModule mod_fcgid.c>
+            SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
+            RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
+        </IfModule>
+        <IfModule mod_proxy_fcgi.c>
+            SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
+        </IfModule>
+        <IfModule mod_lsapi.c>
+            SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
+            RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
+        </IfModule>
    </IfModule>
-    <IfModule mod_proxy_fcgi.c>
-       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
+
+    <IfModule mod_env.c>
+        # Add security and privacy related headers
+        # Avoid doubled headers by unsetting headers in "onsuccess" table,
+        # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
+
+        <If "%{REQUEST_URI} =~ m#/login$#">
+            # Only on the login page we need any Origin or Referer header set.
+            Header onsuccess unset Referrer-Policy
+            Header always set Referrer-Policy "same-origin"
+        </If>
+        <Else>
+            Header onsuccess unset Referrer-Policy
+            Header always set Referrer-Policy "no-referrer"
+        </Else>
+
+        Header onsuccess unset X-Content-Type-Options
+        Header always set X-Content-Type-Options "nosniff"
+
+        Header onsuccess unset X-Frame-Options
+        Header always set X-Frame-Options "SAMEORIGIN"
+
+        Header onsuccess unset X-Permitted-Cross-Domain-Policies
+        Header always set X-Permitted-Cross-Domain-Policies "none"
+
+        Header onsuccess unset X-Robots-Tag
+        Header always set X-Robots-Tag "noindex, nofollow"
+
+        SetEnv modHeadersAvailable true
    </IfModule>
-    <IfModule mod_lsapi.c>
-      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
-      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
-    </IfModule>
-  </IfModule>

-  <IfModule mod_env.c>
-    # Add security and privacy related headers
-    # Avoid doubled headers by unsetting headers in "onsuccess" table,
-    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
+    # Add cache control for static resources
+    <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|webp|ico|wasm|tflite)$">
+        <If "%{QUERY_STRING} =~ /(^|&)v=/">
+            Header set Cache-Control "max-age=15778463, immutable"
+        </If>
+        <Else>
+            Header set Cache-Control "max-age=15778463"
+        </Else>
+    </FilesMatch>

-    <If "%{REQUEST_URI} =~ m#/login$#">
-      # Only on the login page we need any Origin or Referer header set.
-      Header onsuccess unset Referrer-Policy
-      Header always set Referrer-Policy "same-origin"
-    </If>
-    <Else>
-      Header onsuccess unset Referrer-Policy
-      Header always set Referrer-Policy "no-referrer"
-    </Else>
-
-    Header onsuccess unset X-Content-Type-Options
-    Header always set X-Content-Type-Options "nosniff"
-
-    Header onsuccess unset X-Frame-Options
-    Header always set X-Frame-Options "SAMEORIGIN"
-
-    Header onsuccess unset X-Permitted-Cross-Domain-Policies
-    Header always set X-Permitted-Cross-Domain-Policies "none"
-
-    Header onsuccess unset X-Robots-Tag
-    Header always set X-Robots-Tag "noindex, nofollow"
-
-    SetEnv modHeadersAvailable true
-  </IfModule>
-
-  # Add cache control for static resources
-  <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|webp|ico|wasm|tflite)$">
-    <If "%{QUERY_STRING} =~ /(^|&)v=/">
-      Header set Cache-Control "max-age=15778463, immutable"
-    </If>
-    <Else>
-      Header set Cache-Control "max-age=15778463"
-    </Else>
-  </FilesMatch>
-
-  # Let browsers cache OTF and WOFF files for a week
-  <FilesMatch "\.(otf|woff2?)$">
-    Header set Cache-Control "max-age=604800"
-  </FilesMatch>
+    # Let browsers cache OTF and WOFF files for a week
+    <FilesMatch "\.(otf|woff2?)$">
+        Header set Cache-Control "max-age=604800"
+    </FilesMatch>
 </IfModule>

 <IfModule mod_php.c>
-  php_value default_charset 'UTF-8'
-  php_value output_buffering 0
-  <IfModule mod_env.c>
-    SetEnv htaccessWorking true
-  </IfModule>
+    php_value default_charset 'UTF-8'
+    php_value output_buffering 0
+    <IfModule mod_env.c>
+        SetEnv htaccessWorking true
+    </IfModule>
 </IfModule>

 <IfModule mod_mime.c>
-  AddType image/svg+xml svg svgz
-  AddType application/wasm wasm
-  AddEncoding gzip svgz
-  # Serve ESM javascript files (.mjs) with correct mime type
-  AddType text/javascript js mjs
+    AddType image/svg+xml svg svgz
+    AddType application/wasm wasm
+    AddEncoding gzip svgz
+    # Serve ESM javascript files (.mjs) with correct mime type
+    AddType text/javascript js mjs
 </IfModule>

 <IfModule mod_dir.c>
-  DirectoryIndex index.php index.html
+    DirectoryIndex index.php index.html
 </IfModule>

 <IfModule pagespeed_module>
-  ModPagespeed Off
+    ModPagespeed Off
 </IfModule>

+#############
+#### Rewrites
+#############
+
 <IfModule mod_rewrite.c>
-  RewriteEngine on
-  RewriteCond %{HTTP_USER_AGENT} DavClnt
-  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
-  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
-  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
-  RewriteRule ^remote/(.*) remote.php [QSA,L]
-  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
-  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
-  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
-  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
+    RewriteEngine on
+
+##
+## Rule: Workaround for WebDAV with apache+php-cgi
+##
+## Context:
+##    - Sets the environment variable `HTTP_AUTHORIZATION` to the value of the `Authorization` request header
+##    - Always executed before and along with other rules (no `L` used)
+##    - XXX: *May* be replaced with an equivalent SetEnvIf in theory
+##    - XXX: SetEnvIf approach is already in use above for mod_proxy_cgi / mod_lsapi / mod_fcgid
+##
+
+    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+##
+## Rule: Workaround for WebDAV with MS DavClnt
+##
+## Context: 
+##    - DavClnt attempts an OPTIONS request against `/` instead of the specified endpoint
+##    - Redirects the client to the endpoint rather than the login page (which confuses DavClnt)
+##
+
+    RewriteCond %{HTTP_USER_AGENT} DavClnt
+    RewriteRule ^$ /remote.php/webdav/ [L,R=302]
+
+##
+## Rule: Map the RFC 8615 / RFC 6764 compliant well-known URI for CardDAV to our Remote DAV endpoint
+##
+
+    RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
+
+##
+## Rule: Map the RFC 8615 / RFC 6764 compliant well-known URI for CalDAV to our Remote DAV endpoint
+##
+
+    RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
+
+##
+## Rule: Map /remote* --> /remote.php* including the query string
+##
+## Context:
+##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
+##    - XXX: Is this even used anymore? Seems a relic from <NC12
+##
+
+    RewriteRule ^remote/(.*) remote.php [QSA,L]
+
+##
+## Rule: Prevent access to non-public files
+##
+
+    RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
+
+##
+## Rule: Maps most RFC 8615 compliant well-known URIs to our main frontend controller (/index.php) by default
+##
+## Context:
+##    - Intentionally excludes URIs used for HTTPS certificate verifications
+##        - RFC 8555 / ACME HTTP Challenges (acme-challenge) 
+##        - File-based Validations (pki-validation)
+##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
+##    - XXX: Sometimes we are using `/index.php` and other times `index.php` as our replacement URI; this may be incorrect
+##
+
+    RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
+
+##
+## Rule: Map the ocm-provider handling to our main frontend controller (/index.php)
+##
+## Context:
+##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
+##    - XXX: Sometimes we are using `/index.php` and other times `index.php` as our replacement URI; this may be incorrect
+##
+
+    RewriteRule ^ocm-provider/?$ index.php [QSA,L]
+
+##
+## Rule: Prevent access to more non-public files
+##
+## Context:
+##    - XXX It may make sense to merge some of these with the others (i.e. the ones that don't need to be last)
+##
+
+    RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
+
 </IfModule>

 # Clients like xDavv5 on Android, or Cyberduck, use chunked requests.
@@ -105,16 +183,18 @@
 # Here are more information about the issue:
 #  - https://docs.cyberduck.io/mountainduck/issues/fastcgi/
 #  - https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#troubleshooting-webdav
+
 <IfModule mod_setenvif.c>
-  SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1
+    SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1
 </IfModule>

 # Apache disabled the sending of the server-side content-length header
 # in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.
 # Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.
 # See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973
+
 <IfModule mod_env.c>
-  SetEnv ap_trust_cgilike_cl
+    SetEnv ap_trust_cgilike_cl
 </IfModule>

 AddDefaultCharset utf-8
--- a/2
+++ b/2
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -256,7 +256,7 @@ SPDX-FileCopyrightText = "2025 Nextcloud GmbH and Nextcloud contributors"
 SPDX-License-Identifier = "AGPL-3.0-or-later"

 [[annotations]]
-path = ["composer.json", "composer.lock", ".github/CODEOWNERS", "__tests__/tsconfig.json", "tsconfig.json", "build/integration/composer.**", "vendor-bin/**/composer.json", "vendor-bin/**/composer.lock", "apps/**/composer/composer.json", "apps/**/composer/composer.lock", "apps/**/composer/composer/installed.json"]
+path = ["composer.json", "composer.lock", ".github/CODEOWNERS", "__tests__/tsconfig.json", "tsconfig.json", "apps/**/composer/composer.json", "apps/**/composer/composer.lock", "apps/**/composer/composer/installed.json"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2011-2016 ownCloud, Inc., 2016-2024 Nextcloud GmbH and Nextcloud contributors"
 SPDX-License-Identifier = "AGPL-3.0-only OR AGPL-3.0-or-later"
@@ -400,7 +400,7 @@ SPDX-FileCopyrightText = "2019 Fabian Wiktor <https://www.pexels.com/photo/green
 SPDX-License-Identifier = "CC0-1.0"

 [[annotations]]
-path = ["openapi.json", ".envrc", "flake.nix", "flake.lock", "build/eslint-baseline.json"]
+path = ["openapi.json", ".envrc", "flake.nix", "flake.lock", "build/eslint-baseline.json", "build/eslint-baseline-legacy.json"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2025 Nextcloud GmbH and Nextcloud contributors"
 SPDX-License-Identifier = "AGPL-3.0-or-later"
--- a/1
+++ b/1
@@ -0,0 +1 @@
+build/frontend/__mocks__
--- a/1
+++ b/1
@@ -0,0 +1 @@
+build/frontend/__tests__
--- a/apps/admin_audit/composer/composer/autoload_classmap.php
+++ b/apps/admin_audit/composer/composer/autoload_classmap.php
@@ -19,6 +19,7 @@ return array(
    'OCA\\AdminAudit\\IAuditLogger' => $baseDir . '/../lib/IAuditLogger.php',
    'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => $baseDir . '/../lib/Listener/AppManagementEventListener.php',
    'OCA\\AdminAudit\\Listener\\AuthEventListener' => $baseDir . '/../lib/Listener/AuthEventListener.php',
+    'OCA\\AdminAudit\\Listener\\CacheEventListener' => $baseDir . '/../lib/Listener/CacheEventListener.php',
    'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => $baseDir . '/../lib/Listener/ConsoleEventListener.php',
    'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => $baseDir . '/../lib/Listener/CriticalActionPerformedEventListener.php',
    'OCA\\AdminAudit\\Listener\\FileEventListener' => $baseDir . '/../lib/Listener/FileEventListener.php',
--- a/apps/admin_audit/composer/composer/autoload_static.php
+++ b/apps/admin_audit/composer/composer/autoload_static.php
@@ -7,14 +7,14 @@ namespace Composer\Autoload;
 class ComposerStaticInitAdminAudit
 {
    public static $prefixLengthsPsr4 = array (
-        'O' => 
+        'O' =>
        array (
            'OCA\\AdminAudit\\' => 15,
        ),
    );

    public static $prefixDirsPsr4 = array (
-        'OCA\\AdminAudit\\' => 
+        'OCA\\AdminAudit\\' =>
        array (
            0 => __DIR__ . '/..' . '/../lib',
        ),
@@ -34,6 +34,7 @@ class ComposerStaticInitAdminAudit
        'OCA\\AdminAudit\\IAuditLogger' => __DIR__ . '/..' . '/../lib/IAuditLogger.php',
        'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => __DIR__ . '/..' . '/../lib/Listener/AppManagementEventListener.php',
        'OCA\\AdminAudit\\Listener\\AuthEventListener' => __DIR__ . '/..' . '/../lib/Listener/AuthEventListener.php',
+        'OCA\\AdminAudit\\Listener\\CacheEventListener' => __DIR__ . '/..' . '/../lib/Listener/CacheEventListener.php',
        'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => __DIR__ . '/..' . '/../lib/Listener/ConsoleEventListener.php',
        'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => __DIR__ . '/..' . '/../lib/Listener/CriticalActionPerformedEventListener.php',
        'OCA\\AdminAudit\\Listener\\FileEventListener' => __DIR__ . '/..' . '/../lib/Listener/FileEventListener.php',
--- a/apps/admin_audit/l10n/lo.js
+++ b/apps/admin_audit/l10n/lo.js
@@ -0,0 +1,7 @@
+OC.L10N.register(
+    "admin_audit",
+    {
+    "Auditing / Logging" : "ການກວດສອບ / ການບັນທຶກ",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "ສະໜອງຄວາມສາມາດໃນການບັນທຶກສຳລັບ Nextcloud ເຊັ່ນ ການບັນທຶກການເຂົ້າເຖິງໄຟລ໌ ຫຼື ການກະທຳອື່ນໆທີ່ອ່ອນໄຫວ."
+},
+"nplurals=1; plural=0;");
--- a/apps/admin_audit/l10n/lo.json
+++ b/apps/admin_audit/l10n/lo.json
@@ -0,0 +1,5 @@
+{ "translations": {
+    "Auditing / Logging" : "ການກວດສອບ / ການບັນທຶກ",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "ສະໜອງຄວາມສາມາດໃນການບັນທຶກສຳລັບ Nextcloud ເຊັ່ນ ການບັນທຶກການເຂົ້າເຖິງໄຟລ໌ ຫຼື ການກະທຳອື່ນໆທີ່ອ່ອນໄຫວ."
+},"pluralForm" :"nplurals=1; plural=0;"
+}
--- a/apps/admin_audit/lib/AppInfo/Application.php
+++ b/apps/admin_audit/lib/AppInfo/Application.php
@@ -20,6 +20,7 @@ use OCA\AdminAudit\AuditLogger;
 use OCA\AdminAudit\IAuditLogger;
 use OCA\AdminAudit\Listener\AppManagementEventListener;
 use OCA\AdminAudit\Listener\AuthEventListener;
+use OCA\AdminAudit\Listener\CacheEventListener;
 use OCA\AdminAudit\Listener\ConsoleEventListener;
 use OCA\AdminAudit\Listener\CriticalActionPerformedEventListener;
 use OCA\AdminAudit\Listener\FileEventListener;
@@ -40,6 +41,8 @@ use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
 use OCP\Console\ConsoleEvent;
 use OCP\EventDispatcher\IEventDispatcher;
+use OCP\Files\Cache\CacheEntryInsertedEvent;
+use OCP\Files\Cache\CacheEntryRemovedEvent;
 use OCP\Files\Events\Node\BeforeNodeDeletedEvent;
 use OCP\Files\Events\Node\BeforeNodeReadEvent;
 use OCP\Files\Events\Node\NodeCopiedEvent;
@@ -123,6 +126,10 @@ class Application extends App implements IBootstrap {

 		// Console events
 		$context->registerEventListener(ConsoleEvent::class, ConsoleEventListener::class);
+
+		// Cache events
+		$context->registerEventListener(CacheEntryInsertedEvent::class, CacheEventListener::class);
+		$context->registerEventListener(CacheEntryRemovedEvent::class, CacheEventListener::class);
 	}

 	public function boot(IBootContext $context): void {
--- a/apps/admin_audit/lib/Listener/CacheEventListener.php
+++ b/apps/admin_audit/lib/Listener/CacheEventListener.php
@@ -0,0 +1,51 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\AdminAudit\Listener;
+
+use OCA\AdminAudit\Actions\Action;
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\Files\Cache\CacheEntryInsertedEvent;
+use OCP\Files\Cache\CacheEntryRemovedEvent;
+
+/**
+ * @template-implements IEventListener<CacheEntryInsertedEvent|CacheEntryRemovedEvent>
+ */
+class CacheEventListener extends Action implements IEventListener {
+	public function handle(Event $event): void {
+		if ($event instanceof CacheEntryInsertedEvent) {
+			$this->entryInserted($event);
+		} elseif ($event instanceof CacheEntryRemovedEvent) {
+			$this->entryRemoved($event);
+		}
+	}
+
+	private function entryInserted(CacheEntryInsertedEvent $event): void {
+		$this->log('Cache entry inserted for fileid "%1$d", path "%2$s" on storageid "%3$d"',
+			[
+				'fileid' => $event->getFileId(),
+				'path' => $event->getPath(),
+				'storageid' => $event->getStorageId(),
+			],
+			['fileid', 'path', 'storageid']
+		);
+	}
+
+	private function entryRemoved(CacheEntryRemovedEvent $event): void {
+		$this->log('Cache entry removed for fileid "%1$d", path "%2$s" on storageid "%3$d"',
+			[
+				'fileid' => $event->getFileId(),
+				'path' => $event->getPath(),
+				'storageid' => $event->getStorageId(),
+			],
+			['fileid', 'path', 'storageid']
+		);
+	}
+}
--- a/apps/admin_audit/lib/Listener/SharingEventListener.php
+++ b/apps/admin_audit/lib/Listener/SharingEventListener.php
@@ -148,18 +148,6 @@ class SharingEventListener extends Action implements IEventListener {
 					'id',
 				]
 			),
-			IShare::TYPE_SCIENCEMESH => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the sciencemesh user "%s" with permissions "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
 			default => null
 		};
 	}
@@ -274,17 +262,6 @@ class SharingEventListener extends Action implements IEventListener {
 					'id',
 				]
 			),
-			IShare::TYPE_SCIENCEMESH => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the sciencemesh user "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
 			default => null
 		};
 	}
--- a/apps/cloud_federation_api/composer/composer/autoload_static.php
+++ b/apps/cloud_federation_api/composer/composer/autoload_static.php
@@ -7,14 +7,14 @@ namespace Composer\Autoload;
 class ComposerStaticInitCloudFederationAPI
 {
    public static $prefixLengthsPsr4 = array (
-        'O' => 
+        'O' =>
        array (
            'OCA\\CloudFederationAPI\\' => 23,
        ),
    );

    public static $prefixDirsPsr4 = array (
-        'OCA\\CloudFederationAPI\\' => 
+        'OCA\\CloudFederationAPI\\' =>
        array (
            0 => __DIR__ . '/..' . '/../lib',
        ),
--- a/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php
+++ b/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php
@@ -106,14 +106,16 @@ class RequestHandlerController extends Controller {
 	#[NoCSRFRequired]
 	#[BruteForceProtection(action: 'receiveFederatedShare')]
 	public function addShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, $protocol, $shareType, $resourceType) {
-		try {
-			// if request is signed and well signed, no exception are thrown
-			// if request is not signed and host is known for not supporting signed request, no exception are thrown
-			$signedRequest = $this->getSignedRequest();
-			$this->confirmSignedOrigin($signedRequest, 'owner', $owner);
-		} catch (IncomingRequestException $e) {
-			$this->logger->warning('incoming request exception', ['exception' => $e]);
-			return new JSONResponse(['message' => $e->getMessage(), 'validationErrors' => []], Http::STATUS_BAD_REQUEST);
+		if (!$this->appConfig->getValueBool('core', OCMSignatoryManager::APPCONFIG_SIGN_DISABLED, lazy: true)) {
+			try {
+				// if request is signed and well signed, no exception are thrown
+				// if request is not signed and host is known for not supporting signed request, no exception are thrown
+				$signedRequest = $this->getSignedRequest();
+				$this->confirmSignedOrigin($signedRequest, 'owner', $owner);
+			} catch (IncomingRequestException $e) {
+				$this->logger->warning('incoming request exception', ['exception' => $e]);
+				return new JSONResponse(['message' => $e->getMessage(), 'validationErrors' => []], Http::STATUS_BAD_REQUEST);
+			}
 		}

 		// check if all required parameters are set
@@ -354,14 +356,16 @@ class RequestHandlerController extends Controller {
 			);
 		}

-		try {
-			// if request is signed and well signed, no exception are thrown
-			// if request is not signed and host is known for not supporting signed request, no exception are thrown
-			$signedRequest = $this->getSignedRequest();
-			$this->confirmNotificationIdentity($signedRequest, $resourceType, $notification);
-		} catch (IncomingRequestException $e) {
-			$this->logger->warning('incoming request exception', ['exception' => $e]);
-			return new JSONResponse(['message' => $e->getMessage(), 'validationErrors' => []], Http::STATUS_BAD_REQUEST);
+		if (!$this->appConfig->getValueBool('core', OCMSignatoryManager::APPCONFIG_SIGN_DISABLED, lazy: true)) {
+			try {
+				// if request is signed and well signed, no exception are thrown
+				// if request is not signed and host is known for not supporting signed request, no exception are thrown
+				$signedRequest = $this->getSignedRequest();
+				$this->confirmNotificationIdentity($signedRequest, $resourceType, $notification);
+			} catch (IncomingRequestException $e) {
+				$this->logger->warning('incoming request exception', ['exception' => $e]);
+				return new JSONResponse(['message' => $e->getMessage(), 'validationErrors' => []], Http::STATUS_BAD_REQUEST);
+			}
 		}

 		try {
@@ -500,7 +504,6 @@ class RequestHandlerController extends Controller {
 	 *
 	 * @param IIncomingSignedRequest|null $signedRequest
 	 * @param string $resourceType
-	 * @param string $sharedSecret
 	 *
 	 * @throws IncomingRequestException
 	 * @throws BadRequestException
@@ -524,7 +527,7 @@ class RequestHandlerController extends Controller {
 				return;
 			}
 		} catch (\Exception $e) {
-			throw new IncomingRequestException($e->getMessage());
+			throw new IncomingRequestException($e->getMessage(), previous: $e);
 		}

 		$this->confirmNotificationEntry($signedRequest, $identity);
--- a/apps/comments/appinfo/info.xml
+++ b/apps/comments/appinfo/info.xml
@@ -38,6 +38,10 @@
 		</providers>
 	</activity>

+	<openmetrics>
+		<exporter>OCA\Comments\OpenMetrics\CommentsCountMetric</exporter>
+	</openmetrics>
+
 	<collaboration>
 		<plugins>
 			<plugin type="autocomplete-sort">OCA\Comments\Collaboration\CommentersSorter</plugin>
--- a/apps/comments/composer/composer/autoload_classmap.php
+++ b/apps/comments/composer/composer/autoload_classmap.php
@@ -22,5 +22,6 @@ return array(
    'OCA\\Comments\\MaxAutoCompleteResultsInitialState' => $baseDir . '/../lib/MaxAutoCompleteResultsInitialState.php',
    'OCA\\Comments\\Notification\\Listener' => $baseDir . '/../lib/Notification/Listener.php',
    'OCA\\Comments\\Notification\\Notifier' => $baseDir . '/../lib/Notification/Notifier.php',
+    'OCA\\Comments\\OpenMetrics\\CommentsCountMetric' => $baseDir . '/../lib/OpenMetrics/CommentsCountMetric.php',
    'OCA\\Comments\\Search\\CommentsSearchProvider' => $baseDir . '/../lib/Search/CommentsSearchProvider.php',
 );
--- a/apps/comments/composer/composer/autoload_static.php
+++ b/apps/comments/composer/composer/autoload_static.php
@@ -7,14 +7,14 @@ namespace Composer\Autoload;
 class ComposerStaticInitComments
 {
    public static $prefixLengthsPsr4 = array (
-        'O' => 
+        'O' =>
        array (
            'OCA\\Comments\\' => 13,
        ),
    );

    public static $prefixDirsPsr4 = array (
-        'OCA\\Comments\\' => 
+        'OCA\\Comments\\' =>
        array (
            0 => __DIR__ . '/..' . '/../lib',
        ),
@@ -37,6 +37,7 @@ class ComposerStaticInitComments
        'OCA\\Comments\\MaxAutoCompleteResultsInitialState' => __DIR__ . '/..' . '/../lib/MaxAutoCompleteResultsInitialState.php',
        'OCA\\Comments\\Notification\\Listener' => __DIR__ . '/..' . '/../lib/Notification/Listener.php',
        'OCA\\Comments\\Notification\\Notifier' => __DIR__ . '/..' . '/../lib/Notification/Notifier.php',
+        'OCA\\Comments\\OpenMetrics\\CommentsCountMetric' => __DIR__ . '/..' . '/../lib/OpenMetrics/CommentsCountMetric.php',
        'OCA\\Comments\\Search\\CommentsSearchProvider' => __DIR__ . '/..' . '/../lib/Search/CommentsSearchProvider.php',
    );

--- a/apps/comments/l10n/cs.js
+++ b/apps/comments/l10n/cs.js
@@ -17,7 +17,7 @@ OC.L10N.register(
    "Delete comment" : "Smazat komentář",
    "Cancel edit" : "Zrušit úpravu",
    "New comment" : "Nový komentář",
-    "Write a comment …" : "Napsat komentář …",
+    "Write a comment …" : "Napsat komentář …",
    "Post comment" : "Odeslat komentář",
    "@ for mentions, : for emoji, / for smart picker" : "@ pro zmínění, : pro emotikony, / pro inteligentní výběr",
    "Could not reload comments" : "Znovunačtení komentářů se nezdařilo",
@@ -32,6 +32,6 @@ OC.L10N.register(
    "Comment deleted" : "Komentář smazán",
    "An error occurred while trying to delete the comment" : "Došlo k chybě při pokusu o smazání komentáře",
    "An error occurred while trying to create the comment" : "Došlo k chybě při pokusu o vytvoření komentáře",
-    "Write a comment …" : "Napsat komentář…"
+    "Write a comment …" : "Napsat komentář …"
 },
 "nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;");
--- a/apps/comments/l10n/cs.json
+++ b/apps/comments/l10n/cs.json
@@ -15,7 +15,7 @@
    "Delete comment" : "Smazat komentář",
    "Cancel edit" : "Zrušit úpravu",
    "New comment" : "Nový komentář",
-    "Write a comment …" : "Napsat komentář …",
+    "Write a comment …" : "Napsat komentář …",
    "Post comment" : "Odeslat komentář",
    "@ for mentions, : for emoji, / for smart picker" : "@ pro zmínění, : pro emotikony, / pro inteligentní výběr",
    "Could not reload comments" : "Znovunačtení komentářů se nezdařilo",
@@ -30,6 +30,6 @@
    "Comment deleted" : "Komentář smazán",
    "An error occurred while trying to delete the comment" : "Došlo k chybě při pokusu o smazání komentáře",
    "An error occurred while trying to create the comment" : "Došlo k chybě při pokusu o vytvoření komentáře",
-    "Write a comment …" : "Napsat komentář…"
+    "Write a comment …" : "Napsat komentář …"
 },"pluralForm" :"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;"
 }
--- a/apps/comments/l10n/es.js
+++ b/apps/comments/l10n/es.js
@@ -17,6 +17,7 @@ OC.L10N.register(
    "Delete comment" : "Borrar comentario",
    "Cancel edit" : "Cacelar edición",
    "New comment" : "Comentario nuevo",
+    "Write a comment …" : "Escribe un comentario ….",
    "Post comment" : "Publicar comentario",
    "@ for mentions, : for emoji, / for smart picker" : "@ para menciones, : para emoji, / para selector inteligente",
    "Could not reload comments" : "No se pudieron recargar los comentarios",
--- a/apps/comments/l10n/es.json
+++ b/apps/comments/l10n/es.json
@@ -15,6 +15,7 @@
    "Delete comment" : "Borrar comentario",
    "Cancel edit" : "Cacelar edición",
    "New comment" : "Comentario nuevo",
+    "Write a comment …" : "Escribe un comentario ….",
    "Post comment" : "Publicar comentario",
    "@ for mentions, : for emoji, / for smart picker" : "@ para menciones, : para emoji, / para selector inteligente",
    "Could not reload comments" : "No se pudieron recargar los comentarios",
--- a/apps/comments/l10n/eu.js
+++ b/apps/comments/l10n/eu.js
@@ -17,6 +17,7 @@ OC.L10N.register(
    "Delete comment" : "Ezabatu iruzkina",
    "Cancel edit" : "Utzi editatzeari",
    "New comment" : "Iruzkin berria",
+    "Write a comment …" : "Idatzi iruzkin bat …",
    "Post comment" : "Argitaratu iruzkina",
    "@ for mentions, : for emoji, / for smart picker" : "@ aipamenetarako, : emojientzako, / hautatzaile adimentsurako",
    "Could not reload comments" : "Ezin izan dira iruzkinak freskatu",
--- a/apps/comments/l10n/eu.json
+++ b/apps/comments/l10n/eu.json
@@ -15,6 +15,7 @@
    "Delete comment" : "Ezabatu iruzkina",
    "Cancel edit" : "Utzi editatzeari",
    "New comment" : "Iruzkin berria",
+    "Write a comment …" : "Idatzi iruzkin bat …",
    "Post comment" : "Argitaratu iruzkina",
    "@ for mentions, : for emoji, / for smart picker" : "@ aipamenetarako, : emojientzako, / hautatzaile adimentsurako",
    "Could not reload comments" : "Ezin izan dira iruzkinak freskatu",
--- a/apps/comments/l10n/fi.js
+++ b/apps/comments/l10n/fi.js
@@ -15,6 +15,7 @@ OC.L10N.register(
    "Delete comment" : "Poista kommentti",
    "Cancel edit" : "Peruuta muokkaus",
    "New comment" : "Uusi kommentti",
+    "Write a comment …" : "Kirjoita kommentti …",
    "Post comment" : "Lähetä viesti",
    "@ for mentions, : for emoji, / for smart picker" : "@ maininnoille, : emojille, / älykkäälle valitsimelle",
    "Could not reload comments" : "Kommenttien lataus epäonnistui",
--- a/apps/comments/l10n/fi.json
+++ b/apps/comments/l10n/fi.json
@@ -13,6 +13,7 @@
    "Delete comment" : "Poista kommentti",
    "Cancel edit" : "Peruuta muokkaus",
    "New comment" : "Uusi kommentti",
+    "Write a comment …" : "Kirjoita kommentti …",
    "Post comment" : "Lähetä viesti",
    "@ for mentions, : for emoji, / for smart picker" : "@ maininnoille, : emojille, / älykkäälle valitsimelle",
    "Could not reload comments" : "Kommenttien lataus epäonnistui",
--- a/apps/comments/l10n/fr.js
+++ b/apps/comments/l10n/fr.js
@@ -17,7 +17,7 @@ OC.L10N.register(
    "Delete comment" : "Supprimer le commentaire",
    "Cancel edit" : "Annuler les modifications",
    "New comment" : "Nouveau commentaire",
-    "Write a comment …" : "Écrire un commentaire …",
+    "Write a comment …" : "Écrire un commentaire…",
    "Post comment" : "Publier le commentaire",
    "@ for mentions, : for emoji, / for smart picker" : "@ pour les mentions, : pour les émojis, / pour le sélecteur intelligent",
    "Could not reload comments" : "Impossible de recharger les commentaires",
--- a/apps/comments/l10n/fr.json
+++ b/apps/comments/l10n/fr.json
@@ -15,7 +15,7 @@
    "Delete comment" : "Supprimer le commentaire",
    "Cancel edit" : "Annuler les modifications",
    "New comment" : "Nouveau commentaire",
-    "Write a comment …" : "Écrire un commentaire …",
+    "Write a comment …" : "Écrire un commentaire…",
    "Post comment" : "Publier le commentaire",
    "@ for mentions, : for emoji, / for smart picker" : "@ pour les mentions, : pour les émojis, / pour le sélecteur intelligent",
    "Could not reload comments" : "Impossible de recharger les commentaires",
--- a/apps/comments/l10n/lo.js
+++ b/apps/comments/l10n/lo.js
@@ -0,0 +1,37 @@
+OC.L10N.register(
+    "comments",
+    {
+    "Comments" : "ຄໍາເຫັນ",
+    "You commented" : "ທ່ານໄດ້ສະແດງຄຳເຫັນ",
+    "{author} commented" : "{author} commented",
+    "You commented on %1$s" : "You commented on %1$s",
+    "You commented on {file}" : "You commented on {file}",
+    "%1$s commented on %2$s" : "%1$s commented on %2$s",
+    "{author} commented on {file}" : "{author} commented on {file}",
+    "<strong>Comments</strong> for files" : "<strong>Comments</strong> for files",
+    "Files" : "ຟາຍ",
+    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "You were mentioned on \"{file}\", in a comment by an account that has since been deleted",
+    "{user} mentioned you in a comment on \"{file}\"" : "{user} mentioned you in a comment on \"{file}\"",
+    "Files app plugin to add comments to files" : "Files app plugin to add comments to files",
+    "Edit comment" : "ແກ້ໄຂຄຳເຫັນ",
+    "Delete comment" : "ລົບຄຳເຫັນ",
+    "Cancel edit" : "Cancel edit",
+    "New comment" : "New comment",
+    "Write a comment …" : "Write a comment …",
+    "Post comment" : "Post comment",
+    "@ for mentions, : for emoji, / for smart picker" : "@ for mentions, : for emoji, / for smart picker",
+    "Could not reload comments" : "Could not reload comments",
+    "Failed to mark comments as read" : "Failed to mark comments as read",
+    "Unable to load the comments list" : "Unable to load the comments list",
+    "No comments yet, start the conversation!" : "No comments yet, start the conversation!",
+    "No more messages" : "No more messages",
+    "Retry" : "Retry",
+    "_1 new comment_::_{unread} new comments_" : ["{unread} new comments"],
+    "Comment" : "Comment",
+    "An error occurred while trying to edit the comment" : "An error occurred while trying to edit the comment",
+    "Comment deleted" : "Comment deleted",
+    "An error occurred while trying to delete the comment" : "An error occurred while trying to delete the comment",
+    "An error occurred while trying to create the comment" : "An error occurred while trying to create the comment",
+    "Write a comment …" : "Write a comment …"
+},
+"nplurals=1; plural=0;");
--- a/apps/comments/l10n/lo.json
+++ b/apps/comments/l10n/lo.json
@@ -0,0 +1,35 @@
+{ "translations": {
+    "Comments" : "ຄໍາເຫັນ",
+    "You commented" : "ທ່ານໄດ້ສະແດງຄຳເຫັນ",
+    "{author} commented" : "{author} commented",
+    "You commented on %1$s" : "You commented on %1$s",
+    "You commented on {file}" : "You commented on {file}",
+    "%1$s commented on %2$s" : "%1$s commented on %2$s",
+    "{author} commented on {file}" : "{author} commented on {file}",
+    "<strong>Comments</strong> for files" : "<strong>Comments</strong> for files",
+    "Files" : "ຟາຍ",
+    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "You were mentioned on \"{file}\", in a comment by an account that has since been deleted",
+    "{user} mentioned you in a comment on \"{file}\"" : "{user} mentioned you in a comment on \"{file}\"",
+    "Files app plugin to add comments to files" : "Files app plugin to add comments to files",
+    "Edit comment" : "ແກ້ໄຂຄຳເຫັນ",
+    "Delete comment" : "ລົບຄຳເຫັນ",
+    "Cancel edit" : "Cancel edit",
+    "New comment" : "New comment",
+    "Write a comment …" : "Write a comment …",
+    "Post comment" : "Post comment",
+    "@ for mentions, : for emoji, / for smart picker" : "@ for mentions, : for emoji, / for smart picker",
+    "Could not reload comments" : "Could not reload comments",
+    "Failed to mark comments as read" : "Failed to mark comments as read",
+    "Unable to load the comments list" : "Unable to load the comments list",
+    "No comments yet, start the conversation!" : "No comments yet, start the conversation!",
+    "No more messages" : "No more messages",
+    "Retry" : "Retry",
+    "_1 new comment_::_{unread} new comments_" : ["{unread} new comments"],
+    "Comment" : "Comment",
+    "An error occurred while trying to edit the comment" : "An error occurred while trying to edit the comment",
+    "Comment deleted" : "Comment deleted",
+    "An error occurred while trying to delete the comment" : "An error occurred while trying to delete the comment",
+    "An error occurred while trying to create the comment" : "An error occurred while trying to create the comment",
+    "Write a comment …" : "Write a comment …"
+},"pluralForm" :"nplurals=1; plural=0;"
+}
--- a/apps/comments/l10n/ug.js
+++ b/apps/comments/l10n/ug.js
@@ -4,11 +4,11 @@ OC.L10N.register(
    "Comments" : "باھا",
    "You commented" : "باھا بەردىڭىز",
    "{author} commented" : "{author} باھا بەردى",
-    "You commented on %1$s" : "سىز%1 $ s غا باھا بەردىڭىز",
+    "You commented on %1$s" : "سىز %1$s غا باھا بەردىڭىز",
    "You commented on {file}" : "سىز {file} گە باھا بەردىڭىز",
-    "%1$s commented on %2$s" : "%1 $ s%2 $ s غا باھا بەردى",
+    "%1$s commented on %2$s" : "%1$s بولسا %2$s غا باھا بەردى",
    "{author} commented on {file}" : "{author} بولسا {file} گە باھا بەردى",
-    "<strong>Comments</strong> for files" : "ھۆججەتلەر ئۈچۈن <strong> باھا </ strong>",
+    "<strong>Comments</strong> for files" : "ھۆججەتلەر ئۈچۈن <strong> باھا </strong>",
    "Files" : "ھۆججەتلەر",
    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "سىز ئۆچۈرۈلگەن ھېساباتنىڭ ئىزاھاتىدا سىز «{file}» دە تىلغا ئېلىندى",
    "{user} mentioned you in a comment on \"{file}\"" : "{user} سىزنى \"{file}\" دىكى باھادا تىلغا ئالدى",
@@ -17,6 +17,7 @@ OC.L10N.register(
    "Delete comment" : "باھانى ئۆچۈرۈڭ",
    "Cancel edit" : "تەھرىرلەشنى ئەمەلدىن قالدۇرۇڭ",
    "New comment" : "يېڭى باھا",
+    "Write a comment …" : "بىر ئىنكاس يېزىڭ  ...",
    "Post comment" : "ئىنكاس يېزىڭ",
    "@ for mentions, : for emoji, / for smart picker" : "@ تىلغا ئېلىش ئۈچۈن ،: emoji ئۈچۈن ، / ئەقلىي ئىقتىدارلىق تاللىغۇچ ئۈچۈن",
    "Could not reload comments" : "ئىنكاسلارنى قايتا يۈكلىيەلمىدى",
@@ -25,6 +26,7 @@ OC.L10N.register(
    "No comments yet, start the conversation!" : "تېخى باھا يوق ، سۆھبەتنى باشلاڭ!",
    "No more messages" : "باشقا ئۇچۇر يوق",
    "Retry" : "قايتا سىناڭ",
+    "_1 new comment_::_{unread} new comments_" : ["1 يېڭى ئىنكاس","{unread} يېڭى ئىنكاسلار"],
    "Comment" : "باھا",
    "An error occurred while trying to edit the comment" : "باھانى تەھرىرلىمەكچى بولغاندا خاتالىق كۆرۈلدى",
    "Comment deleted" : "باھا ئۆچۈرۈلدى",
--- a/apps/comments/l10n/ug.json
+++ b/apps/comments/l10n/ug.json
@@ -2,11 +2,11 @@
    "Comments" : "باھا",
    "You commented" : "باھا بەردىڭىز",
    "{author} commented" : "{author} باھا بەردى",
-    "You commented on %1$s" : "سىز%1 $ s غا باھا بەردىڭىز",
+    "You commented on %1$s" : "سىز %1$s غا باھا بەردىڭىز",
    "You commented on {file}" : "سىز {file} گە باھا بەردىڭىز",
-    "%1$s commented on %2$s" : "%1 $ s%2 $ s غا باھا بەردى",
+    "%1$s commented on %2$s" : "%1$s بولسا %2$s غا باھا بەردى",
    "{author} commented on {file}" : "{author} بولسا {file} گە باھا بەردى",
-    "<strong>Comments</strong> for files" : "ھۆججەتلەر ئۈچۈن <strong> باھا </ strong>",
+    "<strong>Comments</strong> for files" : "ھۆججەتلەر ئۈچۈن <strong> باھا </strong>",
    "Files" : "ھۆججەتلەر",
    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "سىز ئۆچۈرۈلگەن ھېساباتنىڭ ئىزاھاتىدا سىز «{file}» دە تىلغا ئېلىندى",
    "{user} mentioned you in a comment on \"{file}\"" : "{user} سىزنى \"{file}\" دىكى باھادا تىلغا ئالدى",
@@ -15,6 +15,7 @@
    "Delete comment" : "باھانى ئۆچۈرۈڭ",
    "Cancel edit" : "تەھرىرلەشنى ئەمەلدىن قالدۇرۇڭ",
    "New comment" : "يېڭى باھا",
+    "Write a comment …" : "بىر ئىنكاس يېزىڭ  ...",
    "Post comment" : "ئىنكاس يېزىڭ",
    "@ for mentions, : for emoji, / for smart picker" : "@ تىلغا ئېلىش ئۈچۈن ،: emoji ئۈچۈن ، / ئەقلىي ئىقتىدارلىق تاللىغۇچ ئۈچۈن",
    "Could not reload comments" : "ئىنكاسلارنى قايتا يۈكلىيەلمىدى",
@@ -23,6 +24,7 @@
    "No comments yet, start the conversation!" : "تېخى باھا يوق ، سۆھبەتنى باشلاڭ!",
    "No more messages" : "باشقا ئۇچۇر يوق",
    "Retry" : "قايتا سىناڭ",
+    "_1 new comment_::_{unread} new comments_" : ["1 يېڭى ئىنكاس","{unread} يېڭى ئىنكاسلار"],
    "Comment" : "باھا",
    "An error occurred while trying to edit the comment" : "باھانى تەھرىرلىمەكچى بولغاندا خاتالىق كۆرۈلدى",
    "Comment deleted" : "باھا ئۆچۈرۈلدى",
--- a/apps/comments/lib/Activity/Provider.php
+++ b/apps/comments/lib/Activity/Provider.php
@@ -18,8 +18,6 @@ use OCP\IUserManager;
 use OCP\L10N\IFactory;

 class Provider implements IProvider {
-	protected ?IL10N $l = null;
-
 	public function __construct(
 		protected IFactory $languageFactory,
 		protected IURLGenerator $url,
@@ -42,9 +40,9 @@ class Provider implements IProvider {
 			throw new UnknownActivityException();
 		}

-		$this->l = $this->languageFactory->get('comments', $language);
-
 		if ($event->getSubject() === 'add_comment_subject') {
+			$l = $this->languageFactory->get('comments', $language);
+
 			$this->parseMessage($event);
 			if ($this->activityManager->getRequirePNG()) {
 				$event->setIcon($this->url->getAbsoluteURL($this->url->imagePath('core', 'actions/comment.png')));
@@ -54,13 +52,13 @@ class Provider implements IProvider {

 			if ($this->activityManager->isFormattingFilteredObject()) {
 				try {
-					return $this->parseShortVersion($event);
+					return $this->parseShortVersion($event, $l);
 				} catch (UnknownActivityException) {
 					// Ignore and simply use the long version...
 				}
 			}

-			return $this->parseLongVersion($event);
+			return $this->parseLongVersion($event, $l);
 		}
 		throw new UnknownActivityException();

@@ -69,15 +67,15 @@ class Provider implements IProvider {
 	/**
 	 * @throws UnknownActivityException
 	 */
-	protected function parseShortVersion(IEvent $event): IEvent {
+	protected function parseShortVersion(IEvent $event, IL10N $l): IEvent {
 		$subjectParameters = $this->getSubjectParameters($event);

 		if ($event->getSubject() === 'add_comment_subject') {
 			if ($subjectParameters['actor'] === $this->activityManager->getCurrentUserId()) {
-				$event->setRichSubject($this->l->t('You commented'), []);
+				$event->setRichSubject($l->t('You commented'), []);
 			} else {
 				$author = $this->generateUserParameter($subjectParameters['actor']);
-				$event->setRichSubject($this->l->t('{author} commented'), [
+				$event->setRichSubject($l->t('{author} commented'), [
 					'author' => $author,
 				]);
 			}
@@ -91,24 +89,24 @@ class Provider implements IProvider {
 	/**
 	 * @throws UnknownActivityException
 	 */
-	protected function parseLongVersion(IEvent $event): IEvent {
+	protected function parseLongVersion(IEvent $event, IL10N $l): IEvent {
 		$subjectParameters = $this->getSubjectParameters($event);

 		if ($event->getSubject() === 'add_comment_subject') {
 			if ($subjectParameters['actor'] === $this->activityManager->getCurrentUserId()) {
-				$event->setParsedSubject($this->l->t('You commented on %1$s', [
+				$event->setParsedSubject($l->t('You commented on %1$s', [
 					$subjectParameters['filePath'],
 				]))
-					->setRichSubject($this->l->t('You commented on {file}'), [
+					->setRichSubject($l->t('You commented on {file}'), [
 						'file' => $this->generateFileParameter($subjectParameters['fileId'], $subjectParameters['filePath']),
 					]);
 			} else {
 				$author = $this->generateUserParameter($subjectParameters['actor']);
-				$event->setParsedSubject($this->l->t('%1$s commented on %2$s', [
+				$event->setParsedSubject($l->t('%1$s commented on %2$s', [
 					$author['name'],
 					$subjectParameters['filePath'],
 				]))
-					->setRichSubject($this->l->t('{author} commented on {file}'), [
+					->setRichSubject($l->t('{author} commented on {file}'), [
 						'author' => $author,
 						'file' => $this->generateFileParameter($subjectParameters['fileId'], $subjectParameters['filePath']),
 					]);
--- a/apps/comments/lib/Activity/Setting.php
+++ b/apps/comments/lib/Activity/Setting.php
@@ -11,7 +11,7 @@ use OCP\IL10N;

 class Setting extends ActivitySettings {
 	public function __construct(
-		protected IL10N $l,
+		protected readonly IL10N $l,
 	) {
 	}

@@ -23,11 +23,11 @@ class Setting extends ActivitySettings {
 		return $this->l->t('<strong>Comments</strong> for files');
 	}

-	public function getGroupIdentifier() {
+	public function getGroupIdentifier(): string {
 		return 'files';
 	}

-	public function getGroupName() {
+	public function getGroupName(): string {
 		return $this->l->t('Files');
 	}

--- a/apps/comments/lib/Listener/CommentsEntityEventListener.php
+++ b/apps/comments/lib/Listener/CommentsEntityEventListener.php
@@ -27,6 +27,10 @@ class CommentsEntityEventListener implements IEventListener {
 			return;
 		}

+		if ($this->userId === null) {
+			return;
+		}
+
 		$event->addEntityCollection('files', function ($name): bool {
 			$nodes = $this->rootFolder->getUserFolder($this->userId)->getById((int)$name);
 			return !empty($nodes);
--- a/apps/comments/lib/Listener/CommentsEventListener.php
+++ b/apps/comments/lib/Listener/CommentsEventListener.php
@@ -35,8 +35,7 @@ class CommentsEventListener implements IEventListener {
 		}

 		$eventType = $event->getEvent();
-		if ($eventType === CommentsEvent::EVENT_ADD
-		) {
+		if ($eventType === CommentsEvent::EVENT_ADD) {
 			$this->notificationHandler($event);
 			$this->activityHandler($event);
 			return;
--- a/apps/comments/lib/OpenMetrics/CommentsCountMetric.php
+++ b/apps/comments/lib/OpenMetrics/CommentsCountMetric.php
@@ -0,0 +1,52 @@
+<?php
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\Comments\OpenMetrics;
+
+use Generator;
+use OC\DB\Connection;
+use OCP\OpenMetrics\IMetricFamily;
+use OCP\OpenMetrics\Metric;
+use OCP\OpenMetrics\MetricType;
+use Override;
+
+class CommentsCountMetric implements IMetricFamily {
+	public function __construct(
+		private Connection $connection,
+	) {
+	}
+
+	#[Override]
+	public function name(): string {
+		return 'comments';
+	}
+
+	#[Override]
+	public function type(): MetricType {
+		return MetricType::gauge;
+	}
+
+	#[Override]
+	public function unit(): string {
+		return 'comments';
+	}
+
+	#[Override]
+	public function help(): string {
+		return 'Number of comments';
+	}
+
+	#[Override]
+	public function metrics(): Generator {
+		$qb = $this->connection->getQueryBuilder();
+		$result = $qb->select($qb->func()->count())
+			->from('comments')
+			->where($qb->expr()->eq('verb', $qb->expr()->literal('comment')))
+			->executeQuery();
+
+		yield new Metric($result->fetchOne(), [], time());
+	}
+}
--- a/apps/comments/src/actions/inlineUnreadCommentsAction.spec.ts
+++ b/apps/comments/src/actions/inlineUnreadCommentsAction.spec.ts
@@ -3,7 +3,7 @@
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

-import type { View } from '@nextcloud/files'
+import type { Folder, View } from '@nextcloud/files'

 import { File, FileAction, Permission } from '@nextcloud/files'
 import { describe, expect, test, vi } from 'vitest'
@@ -26,15 +26,41 @@ describe('Inline unread comments action display name tests', () => {
 			attributes: {
 				'comments-unread': 1,
 			},
+			root: '/files/admin',
 		})

 		expect(action).toBeInstanceOf(FileAction)
 		expect(action.id).toBe('comments-unread')
-		expect(action.displayName([file], view)).toBe('')
-		expect(action.title!([file], view)).toBe('1 new comment')
-		expect(action.iconSvgInline([], view)).toMatch(/<svg.+<\/svg>/)
-		expect(action.enabled!([file], view)).toBe(true)
-		expect(action.inline!(file, view)).toBe(true)
+		expect(action.displayName({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe('')
+		expect(action.title!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe('1 new comment')
+		expect(action.iconSvgInline({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toMatch(/<svg.+<\/svg>/)
+		expect(action.enabled!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe(true)
+		expect(action.inline!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe(true)
 		expect(action.default).toBeUndefined()
 		expect(action.order).toBe(-140)
 	})
@@ -49,10 +75,21 @@ describe('Inline unread comments action display name tests', () => {
 			attributes: {
 				'comments-unread': 2,
 			},
+			root: '/files/admin',
 		})

-		expect(action.displayName([file], view)).toBe('')
-		expect(action.title!([file], view)).toBe('2 new comments')
+		expect(action.displayName({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe('')
+		expect(action.title!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe('2 new comments')
 	})
 })

@@ -64,10 +101,16 @@ describe('Inline unread comments action enabled tests', () => {
 			owner: 'admin',
 			mime: 'text/plain',
 			permissions: Permission.ALL,
-			attributes: { },
+			attributes: {},
+			root: '/files/admin',
 		})

-		expect(action.enabled!([file], view)).toBe(false)
+		expect(action.enabled!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe(false)
 	})

 	test('Action is disabled when file does not have unread comments', () => {
@@ -80,9 +123,15 @@ describe('Inline unread comments action enabled tests', () => {
 			attributes: {
 				'comments-unread': 0,
 			},
+			root: '/files/admin',
 		})

-		expect(action.enabled!([file], view)).toBe(false)
+		expect(action.enabled!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe(false)
 	})

 	test('Action is enabled when file has a single unread comment', () => {
@@ -95,9 +144,15 @@ describe('Inline unread comments action enabled tests', () => {
 			attributes: {
 				'comments-unread': 1,
 			},
+			root: '/files/admin',
 		})

-		expect(action.enabled!([file], view)).toBe(true)
+		expect(action.enabled!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe(true)
 	})

 	test('Action is enabled when file has a two unread comments', () => {
@@ -110,23 +165,27 @@ describe('Inline unread comments action enabled tests', () => {
 			attributes: {
 				'comments-unread': 2,
 			},
+			root: '/files/admin',
 		})

-		expect(action.enabled!([file], view)).toBe(true)
+		expect(action.enabled!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})).toBe(true)
 	})
 })

 describe('Inline unread comments action execute tests', () => {
 	test('Action opens sidebar', async () => {
 		const openMock = vi.fn()
-		const setActiveTabMock = vi.fn()
 		window.OCA = {
 			Files: {
 				// @ts-expect-error Mocking for testing
-				Sidebar: {
+				_sidebar: () => ({
 					open: openMock,
-					setActiveTab: setActiveTabMock,
-				},
+				}),
 			},
 		}

@@ -139,27 +198,30 @@ describe('Inline unread comments action execute tests', () => {
 			attributes: {
 				'comments-unread': 1,
 			},
+			root: '/files/admin',
 		})

-		const result = await action.exec!(file, view, '/')
+		const result = await action.exec!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})

 		expect(result).toBe(null)
-		expect(setActiveTabMock).toBeCalledWith('comments')
-		expect(openMock).toBeCalledWith('/foobar.txt')
+		expect(openMock).toBeCalledWith(file, 'comments')
 	})

 	test('Action handles sidebar open failure', async () => {
 		const openMock = vi.fn(() => {
 			throw new Error('Mock error')
 		})
-		const setActiveTabMock = vi.fn()
 		window.OCA = {
 			Files: {
 				// @ts-expect-error Mocking for testing
-				Sidebar: {
+				_sidebar: () => ({
 					open: openMock,
-					setActiveTab: setActiveTabMock,
-				},
+				}),
 			},
 		}
 		vi.spyOn(logger, 'error').mockImplementation(() => vi.fn())
@@ -173,13 +235,18 @@ describe('Inline unread comments action execute tests', () => {
 			attributes: {
 				'comments-unread': 1,
 			},
+			root: '/files/admin',
 		})

-		const result = await action.exec!(file, view, '/')
+		const result = await action.exec!({
+			nodes: [file],
+			view,
+			folder: {} as Folder,
+			contents: [],
+		})

 		expect(result).toBe(false)
-		expect(setActiveTabMock).toBeCalledWith('comments')
-		expect(openMock).toBeCalledWith('/foobar.txt')
+		expect(openMock).toBeCalledWith(file, 'comments')
 		expect(logger.error).toBeCalledTimes(1)
 	})
 })
--- a/apps/comments/src/actions/inlineUnreadCommentsAction.ts
+++ b/apps/comments/src/actions/inlineUnreadCommentsAction.ts
@@ -1,21 +1,19 @@
-/**
+/*!
 * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

-import type { Node } from '@nextcloud/files'
-
 import CommentProcessingSvg from '@mdi/svg/svg/comment-processing.svg?raw'
-import { FileAction } from '@nextcloud/files'
+import { FileAction, getSidebar } from '@nextcloud/files'
 import { n, t } from '@nextcloud/l10n'
 import logger from '../logger.js'

 export const action = new FileAction({
 	id: 'comments-unread',

-	title(nodes: Node[]) {
-		const unread = nodes[0].attributes['comments-unread'] as number
-		if (unread >= 0) {
+	title({ nodes }) {
+		const unread = nodes[0]?.attributes['comments-unread'] as number | undefined
+		if (typeof unread === 'number' && unread >= 0) {
 			return n('comments', '1 new comment', '{unread} new comments', unread, { unread })
 		}
 		return t('comments', 'Comment')
@@ -26,15 +24,19 @@ export const action = new FileAction({

 	iconSvgInline: () => CommentProcessingSvg,

-	enabled(nodes: Node[]) {
-		const unread = nodes[0].attributes['comments-unread'] as number | undefined
+	enabled({ nodes }) {
+		const unread = nodes[0]?.attributes?.['comments-unread'] as number | undefined
 		return typeof unread === 'number' && unread > 0
 	},

-	async exec(node: Node) {
+	async exec({ nodes }) {
+		if (nodes.length !== 1 || !nodes[0]) {
+			return false
+		}
+
 		try {
-			window.OCA.Files.Sidebar.setActiveTab('comments')
-			await window.OCA.Files.Sidebar.open(node.path)
+			const sidebar = getSidebar()
+			sidebar.open(nodes[0], 'comments')
 			return null
 		} catch (error) {
 			logger.error('Error while opening sidebar', { error })
--- a/apps/comments/src/comments-tab.js
+++ b/apps/comments/src/comments-tab.js
@@ -1,59 +0,0 @@
-/**
- * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-import MessageReplyText from '@mdi/svg/svg/message-reply-text.svg?raw'
-import { getCSPNonce } from '@nextcloud/auth'
-import { loadState } from '@nextcloud/initial-state'
-import { registerCommentsPlugins } from './comments-activity-tab.ts'
-
-// @ts-expect-error __webpack_nonce__ is injected by webpack
-__webpack_nonce__ = getCSPNonce()
-
-if (loadState('comments', 'activityEnabled', false) && OCA?.Activity?.registerSidebarAction !== undefined) {
-	// Do not mount own tab but mount into activity
-	window.addEventListener('DOMContentLoaded', function() {
-		registerCommentsPlugins()
-	})
-} else {
-	// Init Comments tab component
-	let TabInstance = null
-	const commentTab = new OCA.Files.Sidebar.Tab({
-		id: 'comments',
-		name: t('comments', 'Comments'),
-		iconSvg: MessageReplyText,
-
-		async mount(el, fileInfo, context) {
-			if (TabInstance) {
-				TabInstance.$destroy()
-			}
-			TabInstance = new OCA.Comments.View('files', {
-				// Better integration with vue parent component
-				parent: context,
-				propsData: {
-					resourceId: fileInfo.id,
-				},
-			})
-			// Only mount after we have all the info we need
-			await TabInstance.update(fileInfo.id)
-			TabInstance.$mount(el)
-		},
-		update(fileInfo) {
-			TabInstance.update(fileInfo.id)
-		},
-		destroy() {
-			TabInstance.$destroy()
-			TabInstance = null
-		},
-		scrollBottomReached() {
-			TabInstance.onScrollBottomReached()
-		},
-	})
-
-	window.addEventListener('DOMContentLoaded', function() {
-		if (OCA.Files && OCA.Files.Sidebar) {
-			OCA.Files.Sidebar.registerTab(commentTab)
-		}
-	})
-}
--- a/apps/comments/src/components/Comment.vue
+++ b/apps/comments/src/components/Comment.vue
@@ -72,7 +72,7 @@
 						:contenteditable="!loading"
 						:label="editor ? t('comments', 'New comment') : t('comments', 'Edit comment')"
 						:placeholder="t('comments', 'Write a comment …')"
-						:value="localMessage"
+						:model-value="localMessage"
 						:user-data="userData"
 						aria-describedby="tab-comments__editor-description"
 						@update:value="updateLocalMessage"
@@ -103,6 +103,7 @@
 				:class="{ 'comment__message--expanded': expanded }"
 				:text="richContent.message"
 				:arguments="richContent.mentions"
+				use-markdown
 				@click.native="onExpand" />
 		</div>
 	</component>
@@ -376,13 +377,19 @@ $comment-padding: 10px;
 	&__message {
 		white-space: pre-wrap;
 		word-break: normal;
-		max-height: 70px;
-		overflow: hidden;
+		max-height: 200px;
+		overflow: auto;
+		scrollbar-gutter: stable;
+		scrollbar-width: thin;
 		margin-top: -6px;
 		&--expanded {
 			max-height: none;
 			overflow: visible;
 		}
+		:deep(img) {
+			max-width: 100%;
+			height: auto;
+		}
 	}
 }

--- a/apps/comments/src/files-sidebar.ts
+++ b/apps/comments/src/files-sidebar.ts
@@ -0,0 +1,57 @@
+/**
+ * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+import MessageReplyText from '@mdi/svg/svg/message-reply-text.svg?raw'
+import { getCSPNonce } from '@nextcloud/auth'
+import { registerSidebarTab } from '@nextcloud/files'
+import { loadState } from '@nextcloud/initial-state'
+import { t } from '@nextcloud/l10n'
+import wrap from '@vue/web-component-wrapper'
+import { createPinia, PiniaVuePlugin } from 'pinia'
+import Vue from 'vue'
+import FilesSidebarTab from './views/FilesSidebarTab.vue'
+import { registerCommentsPlugins } from './comments-activity-tab.ts'
+
+__webpack_nonce__ = getCSPNonce()
+
+const tagName = 'comments_files-sidebar-tab'
+
+if (loadState('comments', 'activityEnabled', false) && OCA?.Activity?.registerSidebarAction !== undefined) {
+	// Do not mount own tab but mount into activity
+	window.addEventListener('DOMContentLoaded', function() {
+		registerCommentsPlugins()
+	})
+} else {
+	registerSidebarTab({
+		id: 'comments',
+		displayName: t('comments', 'Comments'),
+		iconSvgInline: MessageReplyText,
+		order: 50,
+		tagName,
+		enabled() {
+			if (!window.customElements.get(tagName)) {
+				setupSidebarTab()
+			}
+			return true
+		},
+	})
+}
+
+/**
+ * Setup the sidebar tab as a web component
+ */
+function setupSidebarTab() {
+	Vue.use(PiniaVuePlugin)
+	Vue.mixin({ pinia: createPinia() })
+	const webComponent = wrap(Vue, FilesSidebarTab)
+	// In Vue 2, wrap doesn't support disabling shadow. Disable with a hack
+	Object.defineProperty(webComponent.prototype, 'attachShadow', {
+		value() { return this },
+	})
+	Object.defineProperty(webComponent.prototype, 'shadowRoot', {
+		get() { return this },
+	})
+	window.customElements.define(tagName, webComponent)
+}
--- a/apps/comments/src/mixins/CommentView.ts
+++ b/apps/comments/src/mixins/CommentView.ts
@@ -1,8 +1,9 @@
-import { getCurrentUser } from '@nextcloud/auth'
-/**
+/*!
 * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
+
+import { getCurrentUser } from '@nextcloud/auth'
 import axios from '@nextcloud/axios'
 import { loadState } from '@nextcloud/initial-state'
 import { generateOcsUrl } from '@nextcloud/router'
@@ -32,7 +33,7 @@ export default defineComponent({
 	},
 	methods: {
 		/**
-		 * Autocomplete @mentions
+		 * Autocomplete `@mentions`
 		 *
 		 * @param search the query
 		 * @param callback the callback to process the results with
--- a/apps/comments/src/views/FilesSidebarTab.vue
+++ b/apps/comments/src/views/FilesSidebarTab.vue
@@ -0,0 +1,40 @@
+<!--
+  - SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+  - SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+<script setup lang="ts">
+import type { IFolder, INode, IView } from '@nextcloud/files'
+
+import { computed } from 'vue'
+import Comments from './Comments.vue'
+
+const props = defineProps<{
+	node?: INode
+	// eslint-disable-next-line vue/no-unused-properties -- Required on the web component interface
+	folder?: IFolder
+	// eslint-disable-next-line vue/no-unused-properties -- Required on the web component interface
+	view?: IView
+}>()
+
+defineExpose({ setActive })
+
+const resourceId = computed(() => props.node?.fileid)
+
+/**
+ * Set this tab as active
+ *
+ * @param active - The active state
+ */
+function setActive(active: boolean) {
+	return active
+}
+</script>
+
+<template>
+	<Comments
+		v-if="resourceId !== undefined"
+		:key="resourceId"
+		:resource-id="resourceId"
+		resource-type="files" />
+</template>
--- a/apps/comments/tests/Unit/Activity/ListenerTest.php
+++ b/apps/comments/tests/Unit/Activity/ListenerTest.php
@@ -12,7 +12,7 @@ use OCA\Comments\Activity\Listener;
 use OCP\Activity\IEvent;
 use OCP\Activity\IManager;
 use OCP\App\IAppManager;
-use OCP\Comments\CommentsEvent;
+use OCP\Comments\Events\CommentAddedEvent;
 use OCP\Comments\IComment;
 use OCP\Files\Config\ICachedMountFileInfo;
 use OCP\Files\Config\IMountProviderCollection;
@@ -66,14 +66,7 @@ class ListenerTest extends TestCase {
 			->method('getObjectType')
 			->willReturn('files');

-		/** @var CommentsEvent|MockObject $event */
-		$event = $this->createMock(CommentsEvent::class);
-		$event->expects($this->any())
-			->method('getComment')
-			->willReturn($comment);
-		$event->expects($this->any())
-			->method('getEvent')
-			->willReturn(CommentsEvent::EVENT_ADD);
+		$event = new CommentAddedEvent($comment);

 		/** @var IUser|MockObject $ownerUser */
 		$ownerUser = $this->createMock(IUser::class);
--- a/apps/comments/tests/Unit/EventHandlerTest.php
+++ b/apps/comments/tests/Unit/EventHandlerTest.php
@@ -12,6 +12,10 @@ use OCA\Comments\Activity\Listener as ActivityListener;
 use OCA\Comments\Listener\CommentsEventListener;
 use OCA\Comments\Notification\Listener as NotificationListener;
 use OCP\Comments\CommentsEvent;
+use OCP\Comments\Events\BeforeCommentUpdatedEvent;
+use OCP\Comments\Events\CommentAddedEvent;
+use OCP\Comments\Events\CommentDeletedEvent;
+use OCP\Comments\Events\CommentUpdatedEvent;
 use OCP\Comments\IComment;
 use PHPUnit\Framework\MockObject\MockObject;
 use Test\TestCase;
@@ -50,10 +54,10 @@ class EventHandlerTest extends TestCase {

 	public static function handledProvider(): array {
 		return [
-			[CommentsEvent::EVENT_DELETE],
-			[CommentsEvent::EVENT_UPDATE],
-			[CommentsEvent::EVENT_PRE_UPDATE],
-			[CommentsEvent::EVENT_ADD]
+			['delete'],
+			['update'],
+			['pre_update'],
+			['add']
 		];
 	}

@@ -65,14 +69,12 @@ class EventHandlerTest extends TestCase {
 			->method('getObjectType')
 			->willReturn('files');

-		/** @var CommentsEvent|MockObject $event */
-		$event = $this->createMock(CommentsEvent::class);
-		$event->expects($this->atLeastOnce())
-			->method('getComment')
-			->willReturn($comment);
-		$event->expects($this->atLeastOnce())
-			->method('getEvent')
-			->willReturn($eventType);
+		$event = match ($eventType) {
+			'add' => new CommentAddedEvent($comment),
+			'pre_update' => new BeforeCommentUpdatedEvent($comment),
+			'update' => new CommentUpdatedEvent($comment),
+			'delete' => new CommentDeletedEvent($comment),
+		};

 		$this->notificationListener->expects($this->once())
 			->method('evaluate')
--- a/Show More
+++ b/Show More