tmp

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

.devcontainer/Dockerfile

@@ -77,11 +77,16 @@ RUN (getent passwd 1000 && userdel -r $(getent passwd 1000 | cut -d: -f1)) || tr
     (getent group 1000 && groupdel $(getent group 1000 | cut -d: -f1)) || true && \
     groupadd -g 1000 ${APACHE_RUN_GROUP} && \
     useradd -u 1000 -g 1000 -ms /bin/bash ${APACHE_RUN_USER} && \
-	adduser ${APACHE_RUN_USER} sudo && \
-	echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
+    adduser ${APACHE_RUN_USER} sudo && \
+    echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
 	sed -ri "s/^export APACHE_RUN_USER=.*$/export APACHE_RUN_USER=${APACHE_RUN_USER}/" "/etc/apache2/envvars" && \
     sed -ri "s/^export APACHE_RUN_GROUP=.*$/export APACHE_RUN_GROUP=${APACHE_RUN_GROUP}/" "/etc/apache2/envvars"
 
+# Setup HaRP proxy in Apache
+COPY apache.conf /etc/apache2/sites-enabled/000-default.conf
+RUN a2enmod proxy proxy_http headers && \
+    service apache2 restart
+
 USER devcontainer
 
 # NVM

.devcontainer/README.md

@@ -74,3 +74,14 @@ The Apache webserver is already configured to automatically try to connect to a
 listening on port `9003`. To start the VSCode debugger process, use the delivered debug profile `Listen for XDebug`.
 After you started the VSCode debugger, just navigate to the appropriate Nextcloud URL to get your
 debug hits. 
+
+## Developing with `app_api` and HaRP
+
+The Devcontainer already comes with [HaRP](https://github.com/nextcloud/HaRP) preconfigured so that you can directly
+start developing the [`app_api`](https://github.com/nextcloud/app_api) app. The only thing you need to do is execute `./.devcontainer/scripts/setup-app-api-dev.sh` once after the Devcontainer started.
+
+This script will:
+
+1. Clone the `app_api` repository into the `/var/www/html/apps` folder of the Devcontainer instance.
+2. Enable the app via CLI (`php occ app:enable app_api`).
+3. Register the HaRP daemon which fits to the Devcontainer configuration.

.devcontainer/apache.conf

@@ -0,0 +1,39 @@
+<VirtualHost *:80>
+        # The ServerName directive sets the request scheme, hostname and port that
+        # the server uses to identify itself. This is used when creating
+        # redirection URLs. In the context of virtual hosts, the ServerName
+        # specifies what hostname must appear in the request's Host: header to
+        # match this virtual host. For the default virtual host (this file) this
+        # value is not decisive as it is used as a last resort host regardless.
+        # However, you must set it for any further virtual host explicitly.
+        #ServerName www.example.com
+
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+
+        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+        # error, crit, alert, emerg.
+        # It is also possible to configure the loglevel for particular
+        # modules, e.g.
+        #LogLevel info ssl:warn
+
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+        # For most configuration files from conf-available/, which are
+        # enabled or disabled at a global level, it is possible to
+        # include a line for only one particular virtual host. For example the
+        # following line enables the CGI configuration for this host only
+        # after it has been globally disabled with "a2disconf".
+        #Include conf-available/serve-cgi-bin.conf
+
+        # Proxy HaRP
+        <Location /exapps/>
+                ProxyPreserveHost On
+                ProxyPass        http://appapi-harp:8780/exapps/ nocanon
+                ProxyPassReverse http://appapi-harp:8780/exapps/
+                RequestHeader    set X-Real-IP          expr=%{REMOTE_ADDR}
+                RequestHeader    set X-Forwarded-For    expr=%{REMOTE_ADDR}
+                RequestHeader    set X-Forwarded-Proto  expr=%{REQUEST_SCHEME}
+        </Location>
+</VirtualHost>

.devcontainer/codespace.config.php

@@ -12,9 +12,11 @@ $CONFIG = [
     'mail_smtpmode' => 'smtp',
     'mail_sendmailmode' => 'smtp',
     'mail_domain' => 'example.com',
-    'mail_smtphost' => 'localhost',
+    'mail_smtphost' => 'mailhog',
     'mail_smtpport' => '1025',
     'memcache.local' => '\OC\Memcache\APCu',
+    'trusted_domains' => ['nextclouddev'],
+    'loglevel' => 1,
 ];
 
 if(is_string($codespaceName) && !empty($codespaceName) && is_string($codespaceDomain) && !empty($codespaceDomain)) {
@@ -22,5 +24,5 @@ if(is_string($codespaceName) && !empty($codespaceName) && is_string($codespaceDo
     $CONFIG['overwritehost'] = $host;
     $CONFIG['overwrite.cli.url'] = 'https://' . $host;
     $CONFIG['overwriteprotocol'] = 'https';
-	$CONFIG['trusted_domains'] = [ $host ];
+	$CONFIG['trusted_domains'][] = $host;
 }

.devcontainer/devcontainer.json

@@ -12,11 +12,10 @@
 	"customizations": {
 		"vscode": {
 			"extensions": [
-				"felixfbecker.php-debug",
-				"felixfbecker.php-intellisense",
 				"ms-azuretools.vscode-docker",
 				"xdebug.php-debug",
-				"donjayamanne.githistory"
+				"donjayamanne.githistory",
+				"bmewburn.vscode-intelephense-client"
 			],
 			"settings": {
 				"php.suggest.basic": false

.devcontainer/docker-compose.yml

@@ -3,6 +3,7 @@
 services:
   nextclouddev:
     build: .
+    container_name: nextclouddev
     volumes:
       - .:/workspace:cached
       - /var/run/docker.sock:/var/run/docker-host.sock
@@ -10,8 +11,8 @@ services:
     command: /var/www/html/.devcontainer/entrypoint.sh
     ports:
       - 80:80
-      - 8080:8080
-      - 8025:8025
+    networks:
+      - nextclouddev-network
 
   db:
     image: postgres
@@ -21,17 +22,50 @@ services:
       PGDATA: /data/postgres
     volumes:
       - db:/data/postgres
-    network_mode: service:nextclouddev
+    ports:
+      - 5432:5432
+    networks:
+      - nextclouddev-network
 
   adminer:
     image: adminer
     restart: always
-    network_mode: service:nextclouddev
+    ports:
+      - 8080:8080
+    networks:
+      - nextclouddev-network
 
   mailhog:
     image: mailhog/mailhog
     restart: always
-    network_mode: service:nextclouddev
+    ports:
+      - 8025:8025
+    networks:
+      - nextclouddev-network
+
+  appapi-harp:
+    image: ghcr.io/nextcloud/nextcloud-appapi-harp:release
+    container_name: appapi-harp
+    restart: always
+    environment:
+      - HP_SHARED_KEY=some_very_secure_password
+      - NC_INSTANCE_URL=http://nextclouddev
+      - HP_BLACKLIST_COUNT=10000
+      - HP_BLACKLIST_WINDOW=1
+      - HP_LOG_LEVEL=DEBUG
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - certs:/certs
+    ports:
+      - 8780:8780
+      - 8782:8782
+    networks:
+      - nextclouddev-network
 
 volumes:
   db:
+  certs:
+
+networks:
+  nextclouddev-network:
+    name: nextclouddev-network

.devcontainer/scripts/setup-app-api-dev.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Clone sources
+git clone https://github.com/nextcloud/app_api.git /var/www/html/apps/app_api
+
+# Enable the app
+php /var/www/html/occ app:enable app_api
+
+# Register a default HaRP daemon
+echo "Registering default HaRP daemon"
+php occ app_api:daemon:register \
+    --set-default \
+    --net nextclouddev-network \
+    --harp \
+    --harp_frp_address "appapi-harp:8782" \
+    --harp_shared_key "some_very_secure_password" \
+    --harp_docker_socket_port 24000 \
+    "harp_proxy_docker" \
+    "HaRP Proxy (Docker)" \
+    "docker-install" \
+    "http" \
+    "appapi-harp:8780" \
+    "http://nextclouddev"

.devcontainer/setup.sh

@@ -22,7 +22,7 @@ if [[ ! $(sudo -u ${APACHE_RUN_USER} php occ status) =~ installed:[[:space:]]*tr
         --verbose \
         --database=pgsql \
         --database-name=postgres \
-        --database-host=127.0.0.1 \
+        --database-host=db \
         --database-port=5432 \
         --database-user=postgres \
         --database-pass=postgres \
@@ -30,4 +30,17 @@ if [[ ! $(sudo -u ${APACHE_RUN_USER} php occ status) =~ installed:[[:space:]]*tr
         --admin-pass admin
 fi
 
+# Query Docker daemon API via unix socket and write DOCKER_API_VERSION to .bashrc for CLI use
+if [ -S /var/run/docker.sock ]; then
+    sudo chmod 666 /var/run/docker.sock
+    json="$(curl --silent --unix-socket /var/run/docker.sock http://localhost/version || true)"
+    api="$(printf '%s' "$json" | php -r '$d=json_decode(stream_get_contents(STDIN), true); echo isset($d["ApiVersion"])?$d["ApiVersion"]:"";')"
+    if [ -n "$api" ]; then
+        echo "export DOCKER_API_VERSION=$api" >> ~/.bashrc
+        echo "Wrote DOCKER_API_VERSION=$api to ~/.bashrc"
+    else
+        echo "Warning: could not determine Docker API version after ${max_retries} attempts"
+    fi
+fi
+
 sudo service apache2 restart

.github/CODEOWNERS

@@ -31,9 +31,9 @@ package-lock.json                             @nextcloud/server-dependabot
 /apps/contactsinteraction/lib                 @kesselb @SebastianKrupinski
 /apps/contactsinteraction/tests               @kesselb @SebastianKrupinski
 /apps/dashboard/appinfo/info.xml              @julien-nc @juliusknorr
-/apps/dav/lib/CalDAV                          @st3iny @SebastianKrupinski @tcitworld
+/apps/dav/lib/CalDAV                          @ChristophWurst @SebastianKrupinski @tcitworld
 /apps/dav/lib/CardDAV                         @hamza221 @SebastianKrupinski
-/apps/dav/tests/unit/CalDAV                   @st3iny @SebastianKrupinski @tcitworld
+/apps/dav/tests/unit/CalDAV                   @ChristophWurst @SebastianKrupinski @tcitworld
 /apps/dav/tests/unit/CardDAV                  @hamza221 @SebastianKrupinski
 /apps/encryption/appinfo/info.xml             @come-nc @icewind1991
 /apps/federatedfilesharing/appinfo/info.xml   @icewind1991 @danxuliu
@@ -50,7 +50,7 @@ package-lock.json                             @nextcloud/server-dependabot
 /apps/sharebymail/appinfo/info.xml            @Altahrim @skjnldsv
 /apps/systemtags/appinfo/info.xml             @Antreesy @marcelklehr
 /apps/theming/appinfo/info.xml                @skjnldsv @juliusknorr
-/apps/twofactor_backupcodes/appinfo/info.xml  @st3iny @miaulalala @ChristophWurst
+/apps/twofactor_backupcodes/appinfo/info.xml  @miaulalala @ChristophWurst
 /apps/updatenotification/appinfo/info.xml     @JuliaKirschenheuter @sorbaugh
 /apps/user_ldap/appinfo/info.xml              @come-nc @blizzz
 /apps/user_status/appinfo/info.xml            @Antreesy @nickvergessen
@@ -72,9 +72,9 @@ package-lock.json                             @nextcloud/server-dependabot
 
 # Two-Factor Authentication
 # https://github.com/nextcloud/wg-two-factor-authentication#members
-**/TwoFactorAuth                    @ChristophWurst @miaulalala @nickvergessen @st3iny
-/apps/twofactor_backupcodes         @ChristophWurst @miaulalala @nickvergessen @st3iny
-/core/templates/twofactor*          @ChristophWurst @miaulalala @nickvergessen @st3iny
+**/TwoFactorAuth                    @ChristophWurst @miaulalala @nickvergessen
+/apps/twofactor_backupcodes         @ChristophWurst @miaulalala @nickvergessen
+/core/templates/twofactor*          @ChristophWurst @miaulalala @nickvergessen
 
 # Limit login to IP
 # Watch login routes for https://github.com/nextcloud/limit_login_to_ip
@@ -96,16 +96,16 @@ ResponseDefinitions.php             @provokateurin @nextcloud/server-backend
 */Notifications/*                   @nickvergessen @nextcloud/talk-backend
 
 # Groupware team
-/build/integration/dav_features/caldav.feature            @st3iny @SebastianKrupinski @tcitworld
+/build/integration/dav_features/caldav.feature            @ChristophWurst @SebastianKrupinski @tcitworld
 /build/integration/dav_features/carddav.feature           @hamza221 @SebastianKrupinski
-/lib/private/Calendar                                     @st3iny @SebastianKrupinski @tcitworld
+/lib/private/Calendar                                     @ChristophWurst @SebastianKrupinski @tcitworld
 /lib/private/Contacts                                     @hamza221 @SebastianKrupinski
-/lib/public/Calendar                                      @st3iny @SebastianKrupinski @tcitworld
+/lib/public/Calendar                                      @ChristophWurst @SebastianKrupinski @tcitworld
 /lib/public/Contacts                                      @hamza221 @SebastianKrupinski
 
 # Desktop client teamn
 /apps/dav/lib/Connector/Sabre/BlockLegacyClientPlugin.php @nextcloud/desktop
 
 # Personal interest
-*/Activity/*                                     @nickvergessen @nextcloud/server-backend
-/apps/workflowengine/lib                         @nickvergessen @blizzz
+*/Activity/*                                              @nickvergessen @nextcloud/server-backend
+/apps/workflowengine/lib                                  @nickvergessen @blizzz

.github/ISSUE_TEMPLATE/Feature_request.md

@@ -3,48 +3,43 @@ name: 🚀 Feature request
 about: Suggest an idea for this project
 labels: enhancement, 0. Needs triage
 type: "Enhancement"
-
 ---
 
 <!--
-Thanks for reporting issues back to Nextcloud!
-
-Note: This is the **issue tracker of Nextcloud**, please do NOT use this to get answers to your questions or get help for fixing your installation. This is a place to report bugs to developers, after your server has been debugged. You can find help debugging your system on our home user forums: https://help.nextcloud.com or, if you use Nextcloud in a large organization, ask our engineers on https://portal.nextcloud.com. See also  https://nextcloud.com/support for support options.
-
-Nextcloud is an open source project backed by Nextcloud GmbH. Most of our volunteers are home users and thus primarily care about issues that affect home users. Our paid engineers prioritize issues of our customers. If you are neither a home user nor a customer, consider paying somebody to fix your issue, do it yourself or become a customer.
-
-Guidelines for submitting issues:
-
-* Please search the existing issues first, it's likely that your issue was already reported or even fixed.
-    - Go to https://github.com/nextcloud and type any word in the top search/command bar. You probably see something like "We couldn’t find any repositories matching ..." then click "Issues" in the left navigation.
-    - You can also filter by appending e. g. "state:open" to the search string.
-    - More info on search syntax within github: https://help.github.com/articles/searching-issues
-    
-* This repository https://github.com/nextcloud/server/issues is *only* for issues within the Nextcloud Server code. This also includes the apps: files, encryption, external storage, sharing, deleted files, versions, LDAP, and WebDAV Auth
-  
-* SECURITY: Report any potential security bug to us via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/) instead of filing an issue in our bug tracker.  
-
-* The issues in other components should be reported in their respective repositories: You will find them in our GitHub Organization (https://github.com/nextcloud/)
+Have a security concern? Please report potential security issues via our HackerOne program (https://hackerone.com/nextcloud) instead of filing a public GitHub issue. See our security policy: https://nextcloud.com/security/
 -->
 
+<!--
+Thanks for taking the time to suggest improvements to Nextcloud! Use this form to request features or propose enhancements.
 
-<!--- Please keep this note for other contributors -->
+Guidelines:
 
-### How to use GitHub
-
-* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are interested into the same feature.
-* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
-* Subscribe to receive notifications on status change and new comments. 
+* Please search existing issues first; your idea may already have been discussed or implemented.
+* This repository (https://github.com/nextcloud/server/issues) is only for issues within the Nextcloud Server code. This includes shipped apps such as Files, DAV, Encryption, External Storage, Sharing, Deleted Files, Versions, Federation, and LDAP.
+* Issues for other components should be reported in their respective repositories in the Nextcloud GitHub organization: https://github.com/nextcloud/
+* Nextcloud is an open source project backed by Nextcloud GmbH. Many contributors are volunteers and primarily focus on issues affecting home users. Paid engineers prioritize customer-reported issues and critical defects.
+* This is the development issue tracker. Please do NOT use it for support questions or help diagnosing your installation.
+  - For community/user help: https://help.nextcloud.com
+  - For professional / large deployment support options: https://nextcloud.com/support
+-->
 
+<!-- Please keep the note below for other contributors -->
+> [!TIP]
+> ### Help move this idea forward
+> * Use the 👍 reaction to show support for this feature.
+> * Avoid commenting unless you have relevant information to add; unnecessary comments create noise for subscribers.
+> * Subscribe to receive notifications about status changes and new comments.
+---
+<!-- DO NOT EDIT ABOVE THIS LINE -->
 
 **Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+<!-- Provide a clear and concise description of the problem. For example: “I'm always frustrated when …” -->
 
 **Describe the solution you'd like**
-A clear and concise description of what you want to happen.
+<!-- Provide a clear and concise description of what you want to happen. -->
 
 **Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
+<!-- Provide a clear and concise description of any alternative solutions or features you've considered. -->
 
 **Additional context**
-Add any other context or screenshots about the feature request here.
+<!-- Add any other context or screenshots related to the feature request here. -->

.github/dependabot.yml

@@ -53,6 +53,15 @@ updates:
     - "feature: dependencies"
   # Disable automatic rebasing because without a build CI will likely fail anyway
   rebase-strategy: "disabled"
+  groups:
+    vite:
+      patterns:
+        - "vite"
+        - "@nextcloud/vite-config"
+    vitest:
+      patterns:
+        - "vitest"
+        - "@vitest/*"
 
 # Latest stable release
 # Composer dependencies for linting and testing
@@ -60,7 +69,7 @@ updates:
   target-branch: stable32
   directories:
     - "/"
-    - "/build/integration"
+    - "/vendor-bin/behat"
     - "/vendor-bin/cs-fixer"
     - "/vendor-bin/openapi-extractor"
     - "/vendor-bin/phpunit"
@@ -124,28 +133,6 @@ updates:
     - dependency-name: "*"
       update-types: ["version-update:semver-major", "version-update:semver-minor"]
 
-- package-ecosystem: composer
-  target-branch: stable30
-  directories:
-    - "/"
-    - "/build/integration"
-    - "/vendor-bin/cs-fixer"
-    - "/vendor-bin/openapi-extractor"
-    - "/vendor-bin/phpunit"
-    - "/vendor-bin/psalm"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "04:00"
-    timezone: Europe/Paris
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-  ignore:
-    # only patch updates on stable branches
-    - dependency-name: "*"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
-
 # frontend dependencies
 - package-ecosystem: npm
   target-branch: stable31
@@ -165,22 +152,3 @@ updates:
     # no major updates on stable branches
     - dependency-name: "*"
       update-types: ["version-update:semver-major"]
-
-- package-ecosystem: npm
-  target-branch: stable30
-  directory: "/"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "04:00"
-    timezone: Europe/Paris
-  open-pull-requests-limit: 20
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-  # Disable automatic rebasing because without a build CI will likely fail anyway
-  rebase-strategy: "disabled"
-  ignore:
-    # no major updates on stable branches
-    - dependency-name: "*"
-      update-types: ["version-update:semver-major"]

.github/workflows/autocheckers.yml

@@ -52,13 +52,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
@@ -81,13 +81,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite

.github/workflows/block-merge-eol.yml

@@ -27,7 +27,7 @@ jobs:
 
     steps:
       - name: Set server major version environment
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -37,13 +37,13 @@ jobs:
             if (match) {
               console.log('Setting server_major to ' + match[1]);
               core.exportVariable('server_major', match[1]);
-              console.log('Setting current_month to ' + (new Date()).toISOString().substr(0, 7));
-              core.exportVariable('current_month', (new Date()).toISOString().substr(0, 7));
+              console.log('Setting current_day to ' + (new Date()).toISOString().substr(0, 10));
+              core.exportVariable('current_day', (new Date()).toISOString().substr(0, 10));
             }
 
       - name: Checking if server ${{ env.server_major }} is EOL
         if: ${{ env.server_major != '' }}
         run: |
           curl -s https://raw.githubusercontent.com/nextcloud-releases/updater_server/production/config/major_versions.json \
-            | jq '.["${{ env.server_major }}"]["eol"] // "9999-99" | . >= "${{ env.current_month }}"' \
+            | jq '.["${{ env.server_major }}"]["eol"] // "9999-99-99" | . >= "${{ env.current_day }}"' \
             | grep -q true

.github/workflows/block-merge-freeze.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Register server reference to fallback to master branch
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |

.github/workflows/block-outdated-3rdparty.yml

@@ -31,7 +31,7 @@ jobs:
               - 'version.php'
 
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
@@ -41,7 +41,7 @@ jobs:
           echo "commit=$(git submodule status | grep ' 3rdparty' | egrep -o '[a-f0-9]{40}')" >> "$GITHUB_OUTPUT"
 
       - name: Register server reference to fallback to master branch
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |

.github/workflows/block-unconventional-commits.yml

@@ -27,7 +27,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 

.github/workflows/codeql.yml

@@ -32,16 +32,18 @@ jobs:
           build-mode: none
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      with:
+        persist-credentials: false
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
         config-file: ./.github/codeql-config.yml
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/command-compile.yml

@@ -30,7 +30,7 @@ jobs:
 
     steps:
       - name: Get repository from pull request comment
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         id: get-repository
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
@@ -57,7 +57,7 @@ jobs:
           require: write
 
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
@@ -83,7 +83,7 @@ jobs:
         id: comment-branch
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
@@ -103,7 +103,7 @@ jobs:
           key: git-repo
 
       - name: Checkout ${{ needs.init.outputs.head_ref }}
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           # Needed to allow force push later
           persist-credentials: true
@@ -120,11 +120,11 @@ jobs:
         uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
         id: package-engines-versions
         with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'
 
       - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
           cache: npm
@@ -136,26 +136,26 @@ jobs:
         if: ${{ contains(needs.init.outputs.arg1, 'rebase') }}
         run: |
           git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}'
-          
+
           # Start the rebase
           git rebase 'origin/${{ needs.init.outputs.base_ref }}' || {
             # Handle rebase conflicts in a loop
             while [ -d .git/rebase-merge ] || [ -d .git/rebase-apply ]; do
               echo "Handling rebase conflict..."
-              
+
               # Remove and checkout /dist and /js folders from the base branch
               if [ -d "dist" ]; then
                 rm -rf dist
                 git checkout origin/${{ needs.init.outputs.base_ref }} -- dist/ 2>/dev/null || echo "No dist folder in base branch"
               fi
               if [ -d "js" ]; then
-                rm -rf js  
+                rm -rf js
                 git checkout origin/${{ needs.init.outputs.base_ref }} -- js/ 2>/dev/null || echo "No js folder in base branch"
               fi
-              
+
               # Stage all changes
               git add .
-              
+
               # Check if there are any changes after resolving conflicts
               if git diff --cached --quiet; then
                 echo "No changes after conflict resolution, skipping commit"
@@ -164,7 +164,7 @@ jobs:
                 echo "Changes found, continuing rebase without editing commit message"
                 git -c core.editor=true rebase --continue
               fi
-              
+
               # Break if rebase is complete
               if [ ! -d .git/rebase-merge ] && [ ! -d .git/rebase-apply ]; then
                 break
@@ -213,7 +213,7 @@ jobs:
         run: git push --force-with-lease origin "$HEAD_REF"
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

.github/workflows/command-pull-3rdparty.yml

@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
@@ -38,7 +38,7 @@ jobs:
         id: comment-branch
 
       - name: Checkout ${{ steps.comment-branch.outputs.head_ref }}
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -46,7 +46,7 @@ jobs:
           ref: ${{ steps.comment-branch.outputs.head_ref }}
 
       - name: Register server reference to fallback to master branch
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -71,7 +71,7 @@ jobs:
           git config --local user.name 'nextcloud-command'
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
         if: ${{ env.server_ref == '' }}
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
@@ -91,7 +91,7 @@ jobs:
           git push
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

.github/workflows/cypress.yml

@@ -22,7 +22,7 @@ env:
   # Usually it's the base branch of the PR, but for pushes it's the branch itself.
   # e.g. 'main', 'stable27' or 'feature/my-feature'
   # n.b. server will use head_ref, as we want to test the PR branch.
-  BRANCH: ${{ github.head_ref || github.ref_name }}
+  BRANCH: ${{ github.base_ref || github.ref_name }}
 
 
 permissions:
@@ -48,7 +48,7 @@ jobs:
           exit 1
 
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           # We need to checkout submodules for 3rdparty
@@ -58,7 +58,7 @@ jobs:
         id: check_composer
         uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
         with:
-          files: "composer.json"
+          files: 'composer.json'
 
       - name: Install composer dependencies
         if: steps.check_composer.outputs.files_exists == 'true'
@@ -68,11 +68,11 @@ jobs:
         uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
         id: versions
         with:
-          fallbackNode: "^20"
-          fallbackNpm: "^10"
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'
 
       - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: ${{ steps.versions.outputs.nodeVersion }}
 
@@ -84,9 +84,6 @@ jobs:
           npm ci
           TESTING=true npm run build --if-present
 
-      - name: Show cypress version
-        run: npm run cypress:version
-
       - name: Save context
         uses: buildjet/cache/save@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
         with:
@@ -163,7 +160,7 @@ jobs:
           path: ./
 
       - name: Set up node ${{ needs.init.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: ${{ needs.init.outputs.nodeVersion }}
 
@@ -174,7 +171,7 @@ jobs:
         run: ./node_modules/cypress/bin/cypress install
 
       - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests
-        uses: cypress-io/github-action@b8ba51a856ba5f4c15cf39007636d4ab04f23e3c # v6.10.2
+        uses: cypress-io/github-action@7ef72e250a9e564efb4ed4c2433971ada4cc38b4 # v6.10.4
         with:
           # We already installed the dependencies in the init job
           install: false
@@ -194,13 +191,14 @@ jobs:
           CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
           SPLIT: ${{ matrix.total-containers }}
           SPLIT_INDEX: ${{ matrix.containers == 'component' && 0 || matrix.containers }}
+          SPLIT_RANDOM_SEED: ${{ github.run_id }}
           SETUP_TESTING: ${{ matrix.containers == 'setup' && 'true' || '' }}
 
       - name: Upload snapshots and videos
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         if: always()
         with:
-          name: snapshots_videos_${{ matrix.containers }}
+          name: snapshots_${{ matrix.containers }}
           path: |
             cypress/snapshots
             cypress/videos
@@ -219,8 +217,8 @@ jobs:
         if: failure() && matrix.containers != 'component'
         run: docker exec nextcloud-e2e-test-server_${{ env.APP_NAME }} tar -cvjf - data > data.tar
 
-      - name: Upload data dir archive
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - name: Upload data archive
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         if: failure() && matrix.containers != 'component'
         with:
           name: nc_data_${{ matrix.containers }}

.github/workflows/dependabot-approve-merge.yml

@@ -3,10 +3,10 @@
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
 #
-# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: MIT
 
-name: Dependabot
+name: Auto approve Dependabot PRs
 
 on:
   pull_request_target: # zizmor: ignore[dangerous-triggers]
@@ -29,6 +29,8 @@ jobs:
     permissions:
       # for hmarr/auto-approve-action to approve PRs
       pull-requests: write
+      # for alexwilson/enable-github-automerge-action to approve PRs
+      contents: write
 
     steps:
       - name: Disabled on forks
@@ -37,13 +39,20 @@ jobs:
           echo 'Can not approve PRs from forks'
           exit 1
 
+      - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
+        id: branchname
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
       # GitHub actions bot approve
-      - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
+      - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
+        if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
-      # Nextcloud bot approve and merge request
-      - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2
+      # Enable GitHub auto merge
+      - name: Auto merge
+        uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0
+        if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
         with:
-          target: minor
-          github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/files-external-ftp.yml

@@ -55,7 +55,7 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
@@ -71,7 +71,7 @@ jobs:
           if [[ "${{ matrix.ftpd }}" == 'pure-ftpd' ]]; then docker run --name ftp -d --net host -e "PUBLICHOST=localhost" -e FTP_USER_NAME=test -e FTP_USER_PASS=test -e FTP_USER_HOME=/home/test -v /tmp/ftp:/home/test -v /tmp/ftp:/etc/pure-ftpd/passwd stilliard/pure-ftpd; fi
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -104,7 +104,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-files-external-ftp

.github/workflows/files-external-s3.yml

@@ -64,13 +64,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -104,7 +104,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-files-external-s3
@@ -152,13 +152,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -185,7 +185,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-files-external-s3

.github/workflows/files-external-sftp.yml

@@ -55,7 +55,7 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
@@ -67,7 +67,7 @@ jobs:
           if [[ '${{ matrix.sftpd }}' == 'openssh' ]]; then docker run -p 2222:22 --name sftp -d -v /tmp/sftp:/home/test atmoz/sftp 'test:test:::data'; fi
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -93,7 +93,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-files-external-sftp

.github/workflows/files-external-smb-kerberos.yml

@@ -46,13 +46,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Checkout user_saml
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           repository: nextcloud/user_saml

.github/workflows/files-external-smb.yml

@@ -59,13 +59,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -99,7 +99,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-files-external-smb

.github/workflows/files-external-webdav.yml

@@ -60,13 +60,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -97,7 +97,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-files-external-webdav

.github/workflows/files-external.yml

@@ -53,13 +53,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -85,7 +85,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-files-external-generic

.github/workflows/generate-release-changelog.yml

@@ -24,14 +24,14 @@ jobs:
           require: write
 
       - name: Checkout github_helper
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           repository: nextcloud/github_helper
           path: github_helper
 
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           path: server
@@ -73,7 +73,7 @@ jobs:
          fi
 
       - name: Set up php 8.2
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: 8.2
           coverage: none

.github/workflows/integration-dav.yml

@@ -53,13 +53,13 @@ jobs:
 
     steps:
         - name: Checkout server
-          uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+          uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
           with:
             persist-credentials: false
             submodules: true
 
         - name: Set up php ${{ matrix.php-versions }}
-          uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+          uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
           with:
             php-version: ${{ matrix.php-versions }}
             # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -70,7 +70,7 @@ jobs:
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
         - name: Set up Python
-          uses: LizardByte/actions/actions/setup_python@bff0a193747a3ac7930a665fc1d4b23eba583b99 # v2025.814.40518
+          uses: LizardByte/actions/actions/setup_python@329b1bcefe1cbe1ef289177471c9f2b2af98e6ca # v2025.1028.23217
           with:
             python-version: '2.7'
 

.github/workflows/integration-litmus.yml

@@ -52,13 +52,13 @@ jobs:
 
     steps:
         - name: Checkout server
-          uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+          uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
           with:
             persist-credentials: false
             submodules: true
 
         - name: Set up php ${{ matrix.php-versions }}
-          uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+          uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
           with:
             php-version: ${{ matrix.php-versions }}
             # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation

.github/workflows/integration-s3-primary.yml

@@ -67,13 +67,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -90,6 +90,7 @@ jobs:
 
       - name: Set up Nextcloud
         run: |
+          composer install
           mkdir data
           echo '<?php $CONFIG=["${{ matrix.key }}" => ["class" => "OC\Files\ObjectStore\S3", "arguments" => ["bucket" => "nextcloud", "autocreate" => true, "key" => "nextcloud", "secret" => "bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=", "hostname" => "localhost", "port" => 9000, "use_ssl" => false, "use_path_style" => true, "uploadPartSize" => 52428800]]];' > config/config.php
           echo '<?php $CONFIG=["redis" => ["host" => "localhost", "port" => 6379], "memcache.local" => "\OC\Memcache\Redis", "memcache.distributed" => "\OC\Memcache\Redis"];' > config/redis.config.php

.github/workflows/integration-sqlite.yml

@@ -62,6 +62,7 @@ jobs:
           - '--tags ~@large files_features'
           - 'filesdrop_features'
           - 'file_conversions'
+          - 'files_reminders'
           - 'openldap_features'
           - 'openldap_numerical_features'
           - 'ldap_features'
@@ -96,14 +97,14 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Checkout Talk app
         if: ${{ matrix.test-suite == 'videoverification_features' }}
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           repository: nextcloud/spreed
@@ -112,7 +113,7 @@ jobs:
 
       - name: Checkout Activity app
         if: ${{ matrix.test-suite == 'sharing_features' }}
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           repository: nextcloud/activity
@@ -120,7 +121,7 @@ jobs:
           ref: ${{ matrix.activity-versions }}
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -130,12 +131,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up production dependencies
-        run: composer i --no-dev
-
-      - name: Set up behat dependencies
-        working-directory: build/integration
-        run: composer i
+      - name: Set up dependencies
+        run: |
+          composer install
 
       - name: Set up Talk dependencies
         if: ${{ matrix.test-suite == 'videoverification_features' }}

.github/workflows/lint-eslint.yml

@@ -56,7 +56,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
@@ -64,11 +64,11 @@ jobs:
         uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
         id: versions
         with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'
 
       - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: ${{ steps.versions.outputs.nodeVersion }}
 

.github/workflows/lint-php-cs.yml

@@ -44,18 +44,18 @@ jobs:
   lint:
     runs-on: ubuntu-latest
 
-    name: PHP CS fixer lint
+    name: php-cs
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
-      - name: Set up php8.1
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+      - name: Set up php
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
-          php-version: 8.1
+          php-version: 8.2
           extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
           coverage: none
           ini-file: development

.github/workflows/lint-php.yml

@@ -47,20 +47,21 @@ jobs:
 
     strategy:
       matrix:
-        php-versions: [ '8.2', '8.3', '8.4' ]
+        php-versions: [ '8.2', '8.3', '8.4', '8.5' ]
 
     name: php-lint
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
           coverage: none
           ini-file: development
         env:

.github/workflows/lint-stylelint.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
@@ -33,11 +33,11 @@ jobs:
         uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
         id: versions
         with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'
 
       - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: ${{ steps.versions.outputs.nodeVersion }}
 

.github/workflows/node-test-handlebars.yml

@@ -0,0 +1,99 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Node handlebars tests
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: node-tests-handlebars-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  changes:
+    runs-on: ubuntu-latest-low
+    permissions:
+      contents: read
+      pull-requests: read
+
+    outputs:
+      src: ${{ steps.changes.outputs.src }}
+
+    steps:
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: changes
+        continue-on-error: true
+        with:
+          filters: |
+            src:
+              - '.github/workflows/**'
+              - '**/__tests__/**'
+              - '**/__mocks__/**'
+              - 'apps/*/src/**'
+              - 'apps/*/appinfo/info.xml'
+              - 'core/src/**'
+              - 'package.json'
+              - '**/package-lock.json'
+              - 'tsconfig.json'
+              - '**.js'
+              - '**.ts'
+              - '**.vue'
+
+  handlebars:
+    runs-on: ubuntu-latest
+    needs: [changes]
+    if: needs.changes.outputs.src != 'false'
+
+    env:
+      CYPRESS_INSTALL_BINARY: 0
+      PUPPETEER_SKIP_DOWNLOAD: true
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          persist-credentials: false
+
+      - name: Read package.json node and npm engines version
+        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
+        id: versions
+        with:
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'
+
+      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        with:
+          node-version: ${{ steps.versions.outputs.nodeVersion }}
+
+      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
+        run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run compile
+        run: ./build/compile-handlebars-templates.sh
+
+  summary:
+    permissions:
+      contents: none
+    runs-on: ubuntu-latest-low
+    needs: [changes, handlebars]
+
+    if: always()
+
+    name: test-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.changes.outputs.src != 'false' && needs.handlebars.result != 'success' }}; then exit 1; fi

.github/workflows/node-test.yml

@@ -44,25 +44,21 @@ jobs:
               - 'apps/*/appinfo/info.xml'
               - 'core/src/**'
               - 'package.json'
-              - 'package-lock.json'
+              - '**/package-lock.json'
               - 'tsconfig.json'
               - '**.js'
               - '**.ts'
               - '**.vue'
 
-  versions:
-    runs-on: ubuntu-latest-low
+  test:
+    runs-on: ubuntu-latest
+
     needs: changes
-
-    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}
-
-    outputs:
-      nodeVersion: ${{ steps.versions.outputs.nodeVersion }}
-      npmVersion: ${{ steps.versions.outputs.npmVersion }}
+    if: needs.changes.outputs.src != 'false'
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
@@ -70,85 +66,39 @@ jobs:
         uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
         id: versions
         with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'
 
-  test:
-    runs-on: ubuntu-latest
-    needs: [versions, changes]
-
-    if: ${{ needs.versions.result != 'failure' && needs.changes.outputs.src != 'false' }}
-
-    env:
-      CYPRESS_INSTALL_BINARY: 0
-      PUPPETEER_SKIP_DOWNLOAD: true
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
-          persist-credentials: false
+          node-version: ${{ steps.versions.outputs.nodeVersion }}
 
-      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
-        with:
-          node-version: ${{ needs.versions.outputs.nodeVersion }}
-
-      - name: Set up npm ${{ needs.versions.outputs.npmVersion }}
-        run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'
-
-      - name: Install dependencies & build
-        run: |
-          npm ci
-          npm run build --if-present
-
-      - name: Test and process coverage
-        run: npm run test:coverage --if-present
-
-      - name: Collect coverage
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
-        with:
-          files: ./coverage/lcov.info
-
-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@47f89e9acb64b76debcd5ea40642d25a4adced9f # v1.1.1
-
-  handlebars:
-    runs-on: ubuntu-latest
-    needs: [versions, changes]
-
-    if: ${{ needs.versions.result != 'failure' && needs.changes.outputs.src != 'false' }}
-
-    env:
-      CYPRESS_INSTALL_BINARY: 0
-      PUPPETEER_SKIP_DOWNLOAD: true
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-
-      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
-        with:
-          node-version: ${{ needs.versions.outputs.nodeVersion }}
-
-      - name: Set up npm ${{ needs.versions.outputs.npmVersion }}
-        run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'
+      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
+        run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
 
       - name: Install dependencies
-        run: npm ci
+        env:
+          CYPRESS_INSTALL_BINARY: 0
+        run: |
+          npm ci
 
-      - name: Run compile
-        run: ./build/compile-handlebars-templates.sh
+#      - name: Test
+#        run: npm run test --if-present
+
+      - name: Test and process coverage
+        run: npm run test:coverage
+
+      - name: Collect coverage
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        with:
+          files: ./coverage/lcov.info,./coverage/legacy/lcov.info
 
   summary:
     permissions:
       contents: none
     runs-on: ubuntu-latest-low
-    needs: [changes, test, handlebars]
+    needs: [changes, test]
 
     if: always()
 
@@ -156,4 +106,4 @@ jobs:
 
     steps:
       - name: Summary status
-        run: if ${{ needs.changes.outputs.src != 'false' && (needs.test.result != 'success' || needs.handlebars.result != 'success') }}; then exit 1; fi
+        run: if ${{ needs.changes.outputs.src != 'false' && needs.test.result != 'success' }}; then exit 1; fi

.github/workflows/node.yml

@@ -37,14 +37,14 @@ jobs:
               - '.github/workflows/**'
               - '**/src/**'
               - '**/appinfo/info.xml'
+              - 'core/css/*'
+              - 'core/img/**'
               - 'package.json'
-              - 'package-lock.json'
+              - '**/package-lock.json'
               - 'tsconfig.json'
               - '**.js'
               - '**.ts'
               - '**.vue'
-              - 'core/css/*'
-              - 'core/img/**'
               - 'version.php'
 
   build:
@@ -56,7 +56,7 @@ jobs:
     name: NPM build
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
@@ -64,17 +64,24 @@ jobs:
         uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
         id: versions
         with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'
 
       - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: ${{ steps.versions.outputs.nodeVersion }}
 
       - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
         run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
 
+      # This does not work on server as we have some git dependencies that "npm-package-lock-add-resolved" cannot handle
+      # - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460
+      #   run: |
+      #     npm i -g npm-package-lock-add-resolved@1.1.4
+      #     npm-package-lock-add-resolved
+      #     git --no-pager diff --exit-code
+
       - name: Install dependencies & build
         env:
           CYPRESS_INSTALL_BINARY: 0
@@ -83,7 +90,7 @@ jobs:
           npm ci
           npm run build --if-present
 
-      - name: Check webpack build changes
+      - name: Check build changes
         run: |
           bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)"
 

.github/workflows/npm-audit-fix.yml

@@ -24,14 +24,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        branches: ['main', 'master', 'stable32', 'stable31', 'stable30']
+        branches:
+          - ${{ github.event.repository.default_branch }}
+          - 'stable32'
+          - 'stable31'
 
     name: npm-audit-fix-${{ matrix.branches }}
 
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           ref: ${{ matrix.branches }}
@@ -41,11 +44,11 @@ jobs:
         uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
         id: versions
         with:
-          fallbackNode: '^20'
-          fallbackNpm: '^10'
+          fallbackNode: '^24'
+          fallbackNpm: '^11.3'
 
       - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: ${{ steps.versions.outputs.nodeVersion }}
 
@@ -66,7 +69,7 @@ jobs:
 
       - name: Create Pull Request
         if: steps.checkout.outcome == 'success'
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: 'fix(deps): Fix npm audit'

.github/workflows/object-storage-azure.yml

@@ -73,13 +73,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -110,7 +110,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-azure

.github/workflows/object-storage-s3.yml

@@ -74,13 +74,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -116,7 +116,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-s3

.github/workflows/object-storage-swift.yml

@@ -71,13 +71,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -106,7 +106,7 @@ jobs:
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-swift

.github/workflows/openapi.yml

@@ -26,12 +26,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: '8.2'
           extensions: ctype, curl, dom, fileinfo, gd, json, libxml, mbstring, openssl, pcntl, pdo, posix, session, simplexml, xml, xmlreader, xmlwriter, zip, zlib

.github/workflows/performance.yml

@@ -35,14 +35,14 @@ jobs:
           exit 1
 
       - name: Checkout server before PR
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
           ref: ${{ github.event.pull_request.base.ref }}
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
@@ -98,14 +98,14 @@ jobs:
 
       - name: Upload profiles
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
         with:
           name: profiles
           path: |
             before.json
             after.json
 
-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v7
         if: failure() && steps.compare.outcome == 'failure'
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}

.github/workflows/phpunit-32bits.yml

@@ -5,9 +5,10 @@ name: PHPUnit 32bits
 on:
   pull_request:
     paths:
-      - 'version.php'
-      - '.github/workflows/phpunit-32bits.yml'
-      - 'tests/phpunit-autotest.xml'
+      - "version.php"
+      - ".github/workflows/phpunit-32bits.yml"
+      - "tests/phpunit-autotest.xml"
+      - "lib/private/Snowflake/*"
   workflow_dispatch:
   schedule:
     - cron: "15 1 * * 1-6"
@@ -25,47 +26,34 @@ jobs:
 
     if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
 
-    container: shivammathur/node:latest-i386
-
     strategy:
       fail-fast: false
       matrix:
-        php-versions: ['8.2', '8.3', '8.4']
+        php-versions: ["8.4"]
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
-      - name: Install tools
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y ffmpeg imagemagick libmagickcore-6.q16-3-extra
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
-        with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, imagick, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite, apcu, ldap
-          coverage: none
-          ini-file: development
-          ini-values:
-            apc.enabled=on, apc.enable_cli=on, disable_functions= # https://github.com/shivammathur/setup-php/discussions/573
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Set up dependencies
-        run: composer i
+        uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest
+        with:
+          args: /bin/sh -c "
+            git config --global --add safe.directory /github/workspace &&
+            composer install --no-interaction"
 
       - name: Set up Nextcloud
-        env:
-          DB_PORT: 4444
-        run: |
-          mkdir data
-          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=autotest --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+        uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest
+        with:
+          args: /bin/sh -c "
+            mkdir data &&
+            ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-user=autotest --database-pass=rootpassword --admin-user admin --admin-pass admin &&
+            php -f tests/enable_all.php"
 
       - name: PHPUnit
-        run: composer run test -- --exclude-group PRIMARY-azure,PRIMARY-s3,PRIMARY-swift,Memcached,Redis,RoutingWeirdness
+        uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest
+        with:
+          args: /bin/sh -c "composer run test -- --exclude-group PRIMARY-azure,PRIMARY-s3,PRIMARY-swift,Memcached,Redis,RoutingWeirdness"

.github/workflows/phpunit-mariadb.yml

@@ -60,13 +60,15 @@ jobs:
       fail-fast: false
       matrix:
         php-versions: ['8.2']
-        mariadb-versions: ['10.3', '10.6', '10.11', '11.4', '11.8']
+        mariadb-versions: ['10.6', '10.11', '11.4', '11.8']
         include:
           - php-versions: '8.3'
             mariadb-versions: '10.11'
             coverage: ${{ github.event_name != 'pull_request' }}
           - php-versions: '8.4'
             mariadb-versions: '11.8'
+          - php-versions: '8.5'
+            mariadb-versions: '11.8'
 
     name: MariaDB ${{ matrix.mariadb-versions }} (PHP ${{ matrix.php-versions }}) - database tests
 
@@ -90,13 +92,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -129,7 +131,7 @@ jobs:
 
       - name: Upload db code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.db.xml
           flags: phpunit-mariadb

.github/workflows/phpunit-memcached.yml

@@ -56,7 +56,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: ['8.3', '8.4']
+        php-versions: ['8.3', '8.4', '8.5']
         include:
           - php-versions: '8.2'
             coverage: ${{ github.event_name != 'pull_request' }}
@@ -72,13 +72,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -99,11 +99,11 @@ jobs:
           php -f tests/enable_all.php
 
       - name: PHPUnit memcached tests
-        run: composer run test -- --group Memcache,Memcached --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test -- --group Memcache --group Memcached --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
 
       - name: Upload code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.xml
           flags: phpunit-memcached

.github/workflows/phpunit-mysql-sharding.yml

@@ -121,13 +121,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -161,7 +161,7 @@ jobs:
 
       - name: Upload db code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.db.xml
           flags: phpunit-mysql

.github/workflows/phpunit-mysql.yml

@@ -67,6 +67,8 @@ jobs:
             coverage: ${{ github.event_name != 'pull_request' }}
           - mysql-versions: '8.4'
             php-versions: '8.4'
+          - mysql-versions: '8.4'
+            php-versions: '8.5'
 
     name: MySQL ${{ matrix.mysql-versions }} (PHP ${{ matrix.php-versions }}) - database tests
 
@@ -90,13 +92,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -129,7 +131,7 @@ jobs:
 
       - name: Upload db code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.db.xml
           flags: phpunit-mysql

.github/workflows/phpunit-nodb.yml

@@ -59,7 +59,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: ['8.3', '8.4']
+        php-versions: ['8.3', '8.4', '8.5']
         include:
           - php-versions: '8.2'
             coverage: ${{ github.event_name != 'pull_request' }}
@@ -75,13 +75,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -105,11 +105,11 @@ jobs:
           php -f tests/enable_all.php
 
       - name: PHPUnit nodb testsuite
-        run: composer run test -- --exclude-group DB,SLOWDB --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.nodb.xml' || '' }}
+        run: composer run test -- --exclude-group DB --exclude-group SLOWDB --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.nodb.xml' || '' }}
 
       - name: Upload nodb code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.nodb.xml
           flags: phpunit-nodb

.github/workflows/phpunit-object-store-primary.yml

@@ -72,13 +72,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite

.github/workflows/phpunit-oci.yml

@@ -60,8 +60,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - oracle-versions: '11'
-            php-versions: '8.2'
           - oracle-versions: '18'
             php-versions: '8.2'
             coverage: ${{ github.event_name != 'pull_request' }}
@@ -71,6 +69,8 @@ jobs:
             php-versions: '8.3'
           - oracle-versions: '23'
             php-versions: '8.4'
+          - oracle-versions: '23'
+            php-versions: '8.5'
 
     name: Oracle ${{ matrix.oracle-versions }} (PHP ${{ matrix.php-versions }}) - database tests
 
@@ -101,13 +101,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -133,7 +133,7 @@ jobs:
 
       - name: Upload db code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.db.xml
           flags: phpunit-oci

.github/workflows/phpunit-pgsql.yml

@@ -61,13 +61,15 @@ jobs:
       matrix:
         php-versions: ['8.2']
         # To keep the matrix smaller we ignore PostgreSQL versions in between as we already test the minimum and the maximum
-        postgres-versions: ['13', '17']
+        postgres-versions: ['14', '18']
         include:
           - php-versions: '8.3'
-            postgres-versions: '17'
+            postgres-versions: '18'
             coverage: ${{ github.event_name != 'pull_request' }}
           - php-versions: '8.4'
-            postgres-versions: '17'
+            postgres-versions: '18'
+          - php-versions: '8.5'
+            postgres-versions: '18'
 
     name: PostgreSQL ${{ matrix.postgres-versions }} (PHP ${{ matrix.php-versions }}) - database tests
 
@@ -86,17 +88,17 @@ jobs:
           POSTGRES_USER: root
           POSTGRES_PASSWORD: rootpassword
           POSTGRES_DB: nextcloud
-        options: --mount type=tmpfs,destination=/var/lib/postgresql/data --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
+        options: --mount type=tmpfs,destination=/var/lib/postgresql --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -124,7 +126,7 @@ jobs:
 
       - name: Upload db code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.db.xml
           flags: phpunit-postgres

.github/workflows/phpunit-sqlite.yml

@@ -59,7 +59,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: ['8.3', '8.4']
+        php-versions: ['8.3', '8.4', '8.5']
         include:
           - php-versions: '8.2'
             coverage: ${{ github.event_name != 'pull_request' }}
@@ -75,13 +75,13 @@ jobs:
 
     steps:
       - name: Checkout server
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
           # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -110,7 +110,7 @@ jobs:
 
       - name: Upload db code coverage
         if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: ./clover.db.xml
           flags: phpunit-sqlite

.github/workflows/pr-feedback.yml

@@ -36,7 +36,7 @@ jobs:
           blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -)
           echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT"
 
-      - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main
+      - uses: nextcloud/pr-feedback-action@f0cab224dea8e1f282f9451de322f323c78fc7a5 # main
         with:
           feedback-message: |
             Hello there,
@@ -50,6 +50,6 @@ jobs:
 
             (If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).)
           days-before-feedback: 14
-          start-date: '2024-04-30'
+          start-date: '2025-06-12'
           exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }}'
           exempt-bots: true

.github/workflows/reuse.yml

@@ -19,9 +19,9 @@ jobs:
     runs-on: ubuntu-latest-low
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
       - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0
+        uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0

.github/workflows/stale.yml

@@ -20,7 +20,7 @@ jobs:
       issues: write
 
     steps:
-    - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v9
+    - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v9
       with:
         repo-token: ${{ secrets.COMMAND_BOT_PAT }}
         stale-issue-message: >

.github/workflows/static-code-analysis.yml

@@ -28,13 +28,13 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: '8.2'
           extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
@@ -59,13 +59,13 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: '8.2'
           extensions: ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
@@ -83,7 +83,7 @@ jobs:
 
       - name: Upload Security Analysis results to GitHub
         if: always()
-        uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3
+        uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3
         with:
           sarif_file: results.sarif
 
@@ -94,13 +94,13 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: '8.2'
           extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
@@ -125,13 +125,13 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
         with:
           persist-credentials: false
           submodules: true
 
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 #v2.35.4
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f #v2.35.5
         with:
           php-version: '8.2'
           extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip

.github/workflows/update-cacert-bundle.yml

@@ -22,7 +22,7 @@ jobs:
     name: update-ca-certificate-bundle-${{ matrix.branches }}
 
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           ref: ${{ matrix.branches }}
@@ -32,7 +32,7 @@ jobs:
         run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: 'fix(security): Update CA certificate bundle'

.github/workflows/update-code-signing-crl.yml

@@ -22,7 +22,7 @@ jobs:
     name: update-code-signing-crl-${{ matrix.branches }}
 
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           ref: ${{ matrix.branches }}
@@ -35,7 +35,7 @@ jobs:
         run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: 'fix(security): Update code signing revocation list'

.github/workflows/update-min-supported-desktop.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest-low
 
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           submodules: true
@@ -107,7 +107,7 @@ jobs:
           fi
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412
         if: steps.update-files.outputs.CHANGES_MADE == 'true'
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

.github/workflows/update-stable-titles.yml

@@ -24,7 +24,7 @@ jobs:
         run: sleep 15
 
       - name: Get PR details and update title
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.htaccess

@@ -1,100 +1,178 @@
 <IfModule mod_headers.c>
-  <IfModule mod_setenvif.c>
-    <IfModule mod_fcgid.c>
-       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
-       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
+    <IfModule mod_setenvif.c>
+        <IfModule mod_fcgid.c>
+            SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
+            RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
+        </IfModule>
+        <IfModule mod_proxy_fcgi.c>
+            SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
+        </IfModule>
+        <IfModule mod_lsapi.c>
+            SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
+            RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
+        </IfModule>
     </IfModule>
-    <IfModule mod_proxy_fcgi.c>
-       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
+
+    <IfModule mod_env.c>
+        # Add security and privacy related headers
+        # Avoid doubled headers by unsetting headers in "onsuccess" table,
+        # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
+
+        <If "%{REQUEST_URI} =~ m#/login$#">
+            # Only on the login page we need any Origin or Referer header set.
+            Header onsuccess unset Referrer-Policy
+            Header always set Referrer-Policy "same-origin"
+        </If>
+        <Else>
+            Header onsuccess unset Referrer-Policy
+            Header always set Referrer-Policy "no-referrer"
+        </Else>
+
+        Header onsuccess unset X-Content-Type-Options
+        Header always set X-Content-Type-Options "nosniff"
+
+        Header onsuccess unset X-Frame-Options
+        Header always set X-Frame-Options "SAMEORIGIN"
+
+        Header onsuccess unset X-Permitted-Cross-Domain-Policies
+        Header always set X-Permitted-Cross-Domain-Policies "none"
+
+        Header onsuccess unset X-Robots-Tag
+        Header always set X-Robots-Tag "noindex, nofollow"
+
+        SetEnv modHeadersAvailable true
     </IfModule>
-    <IfModule mod_lsapi.c>
-      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
-      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
-    </IfModule>
-  </IfModule>
 
-  <IfModule mod_env.c>
-    # Add security and privacy related headers
-    # Avoid doubled headers by unsetting headers in "onsuccess" table,
-    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
+    # Add cache control for static resources
+    <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|webp|ico|wasm|tflite)$">
+        <If "%{QUERY_STRING} =~ /(^|&)v=/">
+            Header set Cache-Control "max-age=15778463, immutable"
+        </If>
+        <Else>
+            Header set Cache-Control "max-age=15778463"
+        </Else>
+    </FilesMatch>
 
-    <If "%{REQUEST_URI} =~ m#/login$#">
-      # Only on the login page we need any Origin or Referer header set.
-      Header onsuccess unset Referrer-Policy
-      Header always set Referrer-Policy "same-origin"
-    </If>
-    <Else>
-      Header onsuccess unset Referrer-Policy
-      Header always set Referrer-Policy "no-referrer"
-    </Else>
-
-    Header onsuccess unset X-Content-Type-Options
-    Header always set X-Content-Type-Options "nosniff"
-
-    Header onsuccess unset X-Frame-Options
-    Header always set X-Frame-Options "SAMEORIGIN"
-
-    Header onsuccess unset X-Permitted-Cross-Domain-Policies
-    Header always set X-Permitted-Cross-Domain-Policies "none"
-
-    Header onsuccess unset X-Robots-Tag
-    Header always set X-Robots-Tag "noindex, nofollow"
-
-    SetEnv modHeadersAvailable true
-  </IfModule>
-
-  # Add cache control for static resources
-  <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|webp|ico|wasm|tflite)$">
-    <If "%{QUERY_STRING} =~ /(^|&)v=/">
-      Header set Cache-Control "max-age=15778463, immutable"
-    </If>
-    <Else>
-      Header set Cache-Control "max-age=15778463"
-    </Else>
-  </FilesMatch>
-
-  # Let browsers cache OTF and WOFF files for a week
-  <FilesMatch "\.(otf|woff2?)$">
-    Header set Cache-Control "max-age=604800"
-  </FilesMatch>
+    # Let browsers cache OTF and WOFF files for a week
+    <FilesMatch "\.(otf|woff2?)$">
+        Header set Cache-Control "max-age=604800"
+    </FilesMatch>
 </IfModule>
 
 <IfModule mod_php.c>
-  php_value default_charset 'UTF-8'
-  php_value output_buffering 0
-  <IfModule mod_env.c>
-    SetEnv htaccessWorking true
-  </IfModule>
+    php_value default_charset 'UTF-8'
+    php_value output_buffering 0
+    <IfModule mod_env.c>
+        SetEnv htaccessWorking true
+    </IfModule>
 </IfModule>
 
 <IfModule mod_mime.c>
-  AddType image/svg+xml svg svgz
-  AddType application/wasm wasm
-  AddEncoding gzip svgz
-  # Serve ESM javascript files (.mjs) with correct mime type
-  AddType text/javascript js mjs
+    AddType image/svg+xml svg svgz
+    AddType application/wasm wasm
+    AddEncoding gzip svgz
+    # Serve ESM javascript files (.mjs) with correct mime type
+    AddType text/javascript js mjs
 </IfModule>
 
 <IfModule mod_dir.c>
-  DirectoryIndex index.php index.html
+    DirectoryIndex index.php index.html
 </IfModule>
 
 <IfModule pagespeed_module>
-  ModPagespeed Off
+    ModPagespeed Off
 </IfModule>
 
+#############
+#### Rewrites
+#############
+
 <IfModule mod_rewrite.c>
-  RewriteEngine on
-  RewriteCond %{HTTP_USER_AGENT} DavClnt
-  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
-  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
-  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
-  RewriteRule ^remote/(.*) remote.php [QSA,L]
-  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
-  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
-  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
-  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
+    RewriteEngine on
+
+##
+## Rule: Workaround for WebDAV with apache+php-cgi
+##
+## Context:
+##    - Sets the environment variable `HTTP_AUTHORIZATION` to the value of the `Authorization` request header
+##    - Always executed before and along with other rules (no `L` used)
+##    - XXX: *May* be replaced with an equivalent SetEnvIf in theory
+##    - XXX: SetEnvIf approach is already in use above for mod_proxy_cgi / mod_lsapi / mod_fcgid
+##
+
+    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+##
+## Rule: Workaround for WebDAV with MS DavClnt
+##
+## Context: 
+##    - DavClnt attempts an OPTIONS request against `/` instead of the specified endpoint
+##    - Redirects the client to the endpoint rather than the login page (which confuses DavClnt)
+##
+
+    RewriteCond %{HTTP_USER_AGENT} DavClnt
+    RewriteRule ^$ /remote.php/webdav/ [L,R=302]
+
+##
+## Rule: Map the RFC 8615 / RFC 6764 compliant well-known URI for CardDAV to our Remote DAV endpoint
+##
+
+    RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
+
+##
+## Rule: Map the RFC 8615 / RFC 6764 compliant well-known URI for CalDAV to our Remote DAV endpoint
+##
+
+    RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
+
+##
+## Rule: Map /remote* --> /remote.php* including the query string
+##
+## Context:
+##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
+##    - XXX: Is this even used anymore? Seems a relic from <NC12
+##
+
+    RewriteRule ^remote/(.*) remote.php [QSA,L]
+
+##
+## Rule: Prevent access to non-public files
+##
+
+    RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
+
+##
+## Rule: Maps most RFC 8615 compliant well-known URIs to our main frontend controller (/index.php) by default
+##
+## Context:
+##    - Intentionally excludes URIs used for HTTPS certificate verifications
+##        - RFC 8555 / ACME HTTP Challenges (acme-challenge) 
+##        - File-based Validations (pki-validation)
+##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
+##    - XXX: Sometimes we are using `/index.php` and other times `index.php` as our replacement URI; this may be incorrect
+##
+
+    RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
+
+##
+## Rule: Map the ocm-provider handling to our main frontend controller (/index.php)
+##
+## Context:
+##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
+##    - XXX: Sometimes we are using `/index.php` and other times `index.php` as our replacement URI; this may be incorrect
+##
+
+    RewriteRule ^ocm-provider/?$ index.php [QSA,L]
+
+##
+## Rule: Prevent access to more non-public files
+##
+## Context:
+##    - XXX It may make sense to merge some of these with the others (i.e. the ones that don't need to be last)
+##
+
+    RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
+
 </IfModule>
 
 # Clients like xDavv5 on Android, or Cyberduck, use chunked requests.
@@ -105,16 +183,18 @@
 # Here are more information about the issue:
 #  - https://docs.cyberduck.io/mountainduck/issues/fastcgi/
 #  - https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#troubleshooting-webdav
+
 <IfModule mod_setenvif.c>
-  SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1
+    SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1
 </IfModule>
 
 # Apache disabled the sending of the server-side content-length header
 # in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.
 # Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.
 # See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973
+
 <IfModule mod_env.c>
-  SetEnv ap_trust_cgilike_cl
+    SetEnv ap_trust_cgilike_cl
 </IfModule>
 
 AddDefaultCharset utf-8

REUSE.toml

@@ -256,7 +256,7 @@ SPDX-FileCopyrightText = "2025 Nextcloud GmbH and Nextcloud contributors"
 SPDX-License-Identifier = "AGPL-3.0-or-later"
 
 [[annotations]]
-path = ["composer.json", "composer.lock", ".github/CODEOWNERS", "__tests__/tsconfig.json", "tsconfig.json", "build/integration/composer.**", "vendor-bin/**/composer.json", "vendor-bin/**/composer.lock", "apps/**/composer/composer.json", "apps/**/composer/composer.lock", "apps/**/composer/composer/installed.json"]
+path = ["composer.json", "composer.lock", ".github/CODEOWNERS", "__tests__/tsconfig.json", "tsconfig.json", "apps/**/composer/composer.json", "apps/**/composer/composer.lock", "apps/**/composer/composer/installed.json"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2011-2016 ownCloud, Inc., 2016-2024 Nextcloud GmbH and Nextcloud contributors"
 SPDX-License-Identifier = "AGPL-3.0-only OR AGPL-3.0-or-later"
@@ -400,7 +400,7 @@ SPDX-FileCopyrightText = "2019 Fabian Wiktor <https://www.pexels.com/photo/green
 SPDX-License-Identifier = "CC0-1.0"
 
 [[annotations]]
-path = ["openapi.json", ".envrc", "flake.nix", "flake.lock", "build/eslint-baseline.json"]
+path = ["openapi.json", ".envrc", "flake.nix", "flake.lock", "build/eslint-baseline.json", "build/eslint-baseline-legacy.json"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2025 Nextcloud GmbH and Nextcloud contributors"
 SPDX-License-Identifier = "AGPL-3.0-or-later"

__mocks__

@@ -0,0 +1 @@
+build/frontend/__mocks__

__tests__

@@ -0,0 +1 @@
+build/frontend/__tests__

apps/admin_audit/composer/autoload.php

@@ -14,10 +14,7 @@ if (PHP_VERSION_ID < 50600) {
             echo $err;
         }
     }
-    trigger_error(
-        $err,
-        E_USER_ERROR
-    );
+    throw new RuntimeException($err);
 }
 
 require_once __DIR__ . '/composer/autoload_real.php';

apps/admin_audit/composer/composer/InstalledVersions.php

@@ -26,12 +26,23 @@ use Composer\Semver\VersionParser;
  */
 class InstalledVersions
 {
+    /**
+     * @var string|null if set (by reflection by Composer), this should be set to the path where this class is being copied to
+     * @internal
+     */
+    private static $selfDir = null;
+
     /**
      * @var mixed[]|null
      * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
      */
     private static $installed;
 
+    /**
+     * @var bool
+     */
+    private static $installedIsLocalDir;
+
     /**
      * @var bool|null
      */
@@ -309,6 +320,24 @@ class InstalledVersions
     {
         self::$installed = $data;
         self::$installedByVendor = array();
+
+        // when using reload, we disable the duplicate protection to ensure that self::$installed data is
+        // always returned, but we cannot know whether it comes from the installed.php in __DIR__ or not,
+        // so we have to assume it does not, and that may result in duplicate data being returned when listing
+        // all installed packages for example
+        self::$installedIsLocalDir = false;
+    }
+
+    /**
+     * @return string
+     */
+    private static function getSelfDir()
+    {
+        if (self::$selfDir === null) {
+            self::$selfDir = strtr(__DIR__, '\\', '/');
+        }
+
+        return self::$selfDir;
     }
 
     /**
@@ -322,19 +351,27 @@ class InstalledVersions
         }
 
         $installed = array();
+        $copiedLocalDir = false;
 
         if (self::$canGetVendors) {
+            $selfDir = self::getSelfDir();
             foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
+                $vendorDir = strtr($vendorDir, '\\', '/');
                 if (isset(self::$installedByVendor[$vendorDir])) {
                     $installed[] = self::$installedByVendor[$vendorDir];
                 } elseif (is_file($vendorDir.'/composer/installed.php')) {
                     /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
                     $required = require $vendorDir.'/composer/installed.php';
-                    $installed[] = self::$installedByVendor[$vendorDir] = $required;
-                    if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
-                        self::$installed = $installed[count($installed) - 1];
+                    self::$installedByVendor[$vendorDir] = $required;
+                    $installed[] = $required;
+                    if (self::$installed === null && $vendorDir.'/composer' === $selfDir) {
+                        self::$installed = $required;
+                        self::$installedIsLocalDir = true;
                     }
                 }
+                if (self::$installedIsLocalDir && $vendorDir.'/composer' === $selfDir) {
+                    $copiedLocalDir = true;
+                }
             }
         }
 
@@ -350,7 +387,7 @@ class InstalledVersions
             }
         }
 
-        if (self::$installed !== array()) {
+        if (self::$installed !== array() && !$copiedLocalDir) {
             $installed[] = self::$installed;
         }
 

apps/admin_audit/composer/composer/autoload_classmap.php

@@ -19,6 +19,7 @@ return array(
     'OCA\\AdminAudit\\IAuditLogger' => $baseDir . '/../lib/IAuditLogger.php',
     'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => $baseDir . '/../lib/Listener/AppManagementEventListener.php',
     'OCA\\AdminAudit\\Listener\\AuthEventListener' => $baseDir . '/../lib/Listener/AuthEventListener.php',
+    'OCA\\AdminAudit\\Listener\\CacheEventListener' => $baseDir . '/../lib/Listener/CacheEventListener.php',
     'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => $baseDir . '/../lib/Listener/ConsoleEventListener.php',
     'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => $baseDir . '/../lib/Listener/CriticalActionPerformedEventListener.php',
     'OCA\\AdminAudit\\Listener\\FileEventListener' => $baseDir . '/../lib/Listener/FileEventListener.php',

apps/admin_audit/composer/composer/autoload_static.php

@@ -7,14 +7,14 @@ namespace Composer\Autoload;
 class ComposerStaticInitAdminAudit
 {
     public static $prefixLengthsPsr4 = array (
-        'O' => 
+        'O' =>
         array (
             'OCA\\AdminAudit\\' => 15,
         ),
     );
 
     public static $prefixDirsPsr4 = array (
-        'OCA\\AdminAudit\\' => 
+        'OCA\\AdminAudit\\' =>
         array (
             0 => __DIR__ . '/..' . '/../lib',
         ),
@@ -34,6 +34,7 @@ class ComposerStaticInitAdminAudit
         'OCA\\AdminAudit\\IAuditLogger' => __DIR__ . '/..' . '/../lib/IAuditLogger.php',
         'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => __DIR__ . '/..' . '/../lib/Listener/AppManagementEventListener.php',
         'OCA\\AdminAudit\\Listener\\AuthEventListener' => __DIR__ . '/..' . '/../lib/Listener/AuthEventListener.php',
+        'OCA\\AdminAudit\\Listener\\CacheEventListener' => __DIR__ . '/..' . '/../lib/Listener/CacheEventListener.php',
         'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => __DIR__ . '/..' . '/../lib/Listener/ConsoleEventListener.php',
         'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => __DIR__ . '/..' . '/../lib/Listener/CriticalActionPerformedEventListener.php',
         'OCA\\AdminAudit\\Listener\\FileEventListener' => __DIR__ . '/..' . '/../lib/Listener/FileEventListener.php',

apps/admin_audit/l10n/lo.js

@@ -0,0 +1,7 @@
+OC.L10N.register(
+    "admin_audit",
+    {
+    "Auditing / Logging" : "ການກວດສອບ / ການບັນທຶກ",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "ສະໜອງຄວາມສາມາດໃນການບັນທຶກສຳລັບ Nextcloud ເຊັ່ນ ການບັນທຶກການເຂົ້າເຖິງໄຟລ໌ ຫຼື ການກະທຳອື່ນໆທີ່ອ່ອນໄຫວ."
+},
+"nplurals=1; plural=0;");

apps/admin_audit/l10n/lo.json

@@ -0,0 +1,5 @@
+{ "translations": {
+    "Auditing / Logging" : "ການກວດສອບ / ການບັນທຶກ",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "ສະໜອງຄວາມສາມາດໃນການບັນທຶກສຳລັບ Nextcloud ເຊັ່ນ ການບັນທຶກການເຂົ້າເຖິງໄຟລ໌ ຫຼື ການກະທຳອື່ນໆທີ່ອ່ອນໄຫວ."
+},"pluralForm" :"nplurals=1; plural=0;"
+}

apps/admin_audit/lib/AppInfo/Application.php

@@ -20,6 +20,7 @@ use OCA\AdminAudit\AuditLogger;
 use OCA\AdminAudit\IAuditLogger;
 use OCA\AdminAudit\Listener\AppManagementEventListener;
 use OCA\AdminAudit\Listener\AuthEventListener;
+use OCA\AdminAudit\Listener\CacheEventListener;
 use OCA\AdminAudit\Listener\ConsoleEventListener;
 use OCA\AdminAudit\Listener\CriticalActionPerformedEventListener;
 use OCA\AdminAudit\Listener\FileEventListener;
@@ -40,6 +41,8 @@ use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
 use OCP\Console\ConsoleEvent;
 use OCP\EventDispatcher\IEventDispatcher;
+use OCP\Files\Cache\CacheEntryInsertedEvent;
+use OCP\Files\Cache\CacheEntryRemovedEvent;
 use OCP\Files\Events\Node\BeforeNodeDeletedEvent;
 use OCP\Files\Events\Node\BeforeNodeReadEvent;
 use OCP\Files\Events\Node\NodeCopiedEvent;
@@ -123,6 +126,10 @@ class Application extends App implements IBootstrap {
 
 		// Console events
 		$context->registerEventListener(ConsoleEvent::class, ConsoleEventListener::class);
+
+		// Cache events
+		$context->registerEventListener(CacheEntryInsertedEvent::class, CacheEventListener::class);
+		$context->registerEventListener(CacheEntryRemovedEvent::class, CacheEventListener::class);
 	}
 
 	public function boot(IBootContext $context): void {

apps/admin_audit/lib/Listener/CacheEventListener.php

@@ -0,0 +1,51 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\AdminAudit\Listener;
+
+use OCA\AdminAudit\Actions\Action;
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\Files\Cache\CacheEntryInsertedEvent;
+use OCP\Files\Cache\CacheEntryRemovedEvent;
+
+/**
+ * @template-implements IEventListener<CacheEntryInsertedEvent|CacheEntryRemovedEvent>
+ */
+class CacheEventListener extends Action implements IEventListener {
+	public function handle(Event $event): void {
+		if ($event instanceof CacheEntryInsertedEvent) {
+			$this->entryInserted($event);
+		} elseif ($event instanceof CacheEntryRemovedEvent) {
+			$this->entryRemoved($event);
+		}
+	}
+
+	private function entryInserted(CacheEntryInsertedEvent $event): void {
+		$this->log('Cache entry inserted for fileid "%1$d", path "%2$s" on storageid "%3$d"',
+			[
+				'fileid' => $event->getFileId(),
+				'path' => $event->getPath(),
+				'storageid' => $event->getStorageId(),
+			],
+			['fileid', 'path', 'storageid']
+		);
+	}
+
+	private function entryRemoved(CacheEntryRemovedEvent $event): void {
+		$this->log('Cache entry removed for fileid "%1$d", path "%2$s" on storageid "%3$d"',
+			[
+				'fileid' => $event->getFileId(),
+				'path' => $event->getPath(),
+				'storageid' => $event->getStorageId(),
+			],
+			['fileid', 'path', 'storageid']
+		);
+	}
+}

apps/cloud_federation_api/composer/autoload.php

@@ -14,10 +14,7 @@ if (PHP_VERSION_ID < 50600) {
             echo $err;
         }
     }
-    trigger_error(
-        $err,
-        E_USER_ERROR
-    );
+    throw new RuntimeException($err);
 }
 
 require_once __DIR__ . '/composer/autoload_real.php';

apps/cloud_federation_api/composer/composer/InstalledVersions.php

@@ -26,12 +26,23 @@ use Composer\Semver\VersionParser;
  */
 class InstalledVersions
 {
+    /**
+     * @var string|null if set (by reflection by Composer), this should be set to the path where this class is being copied to
+     * @internal
+     */
+    private static $selfDir = null;
+
     /**
      * @var mixed[]|null
      * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
      */
     private static $installed;
 
+    /**
+     * @var bool
+     */
+    private static $installedIsLocalDir;
+
     /**
      * @var bool|null
      */
@@ -309,6 +320,24 @@ class InstalledVersions
     {
         self::$installed = $data;
         self::$installedByVendor = array();
+
+        // when using reload, we disable the duplicate protection to ensure that self::$installed data is
+        // always returned, but we cannot know whether it comes from the installed.php in __DIR__ or not,
+        // so we have to assume it does not, and that may result in duplicate data being returned when listing
+        // all installed packages for example
+        self::$installedIsLocalDir = false;
+    }
+
+    /**
+     * @return string
+     */
+    private static function getSelfDir()
+    {
+        if (self::$selfDir === null) {
+            self::$selfDir = strtr(__DIR__, '\\', '/');
+        }
+
+        return self::$selfDir;
     }
 
     /**
@@ -322,19 +351,27 @@ class InstalledVersions
         }
 
         $installed = array();
+        $copiedLocalDir = false;
 
         if (self::$canGetVendors) {
+            $selfDir = self::getSelfDir();
             foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
+                $vendorDir = strtr($vendorDir, '\\', '/');
                 if (isset(self::$installedByVendor[$vendorDir])) {
                     $installed[] = self::$installedByVendor[$vendorDir];
                 } elseif (is_file($vendorDir.'/composer/installed.php')) {
                     /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
                     $required = require $vendorDir.'/composer/installed.php';
-                    $installed[] = self::$installedByVendor[$vendorDir] = $required;
-                    if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
-                        self::$installed = $installed[count($installed) - 1];
+                    self::$installedByVendor[$vendorDir] = $required;
+                    $installed[] = $required;
+                    if (self::$installed === null && $vendorDir.'/composer' === $selfDir) {
+                        self::$installed = $required;
+                        self::$installedIsLocalDir = true;
                     }
                 }
+                if (self::$installedIsLocalDir && $vendorDir.'/composer' === $selfDir) {
+                    $copiedLocalDir = true;
+                }
             }
         }
 
@@ -350,7 +387,7 @@ class InstalledVersions
             }
         }
 
-        if (self::$installed !== array()) {
+        if (self::$installed !== array() && !$copiedLocalDir) {
             $installed[] = self::$installed;
         }
 

apps/cloud_federation_api/composer/composer/autoload_static.php

@@ -7,14 +7,14 @@ namespace Composer\Autoload;
 class ComposerStaticInitCloudFederationAPI
 {
     public static $prefixLengthsPsr4 = array (
-        'O' => 
+        'O' =>
         array (
             'OCA\\CloudFederationAPI\\' => 23,
         ),
     );
 
     public static $prefixDirsPsr4 = array (
-        'OCA\\CloudFederationAPI\\' => 
+        'OCA\\CloudFederationAPI\\' =>
         array (
             0 => __DIR__ . '/..' . '/../lib',
         ),

apps/cloud_federation_api/lib/Controller/RequestHandlerController.php

@@ -106,14 +106,16 @@ class RequestHandlerController extends Controller {
 	#[NoCSRFRequired]
 	#[BruteForceProtection(action: 'receiveFederatedShare')]
 	public function addShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, $protocol, $shareType, $resourceType) {
-		try {
-			// if request is signed and well signed, no exception are thrown
-			// if request is not signed and host is known for not supporting signed request, no exception are thrown
-			$signedRequest = $this->getSignedRequest();
-			$this->confirmSignedOrigin($signedRequest, 'owner', $owner);
-		} catch (IncomingRequestException $e) {
-			$this->logger->warning('incoming request exception', ['exception' => $e]);
-			return new JSONResponse(['message' => $e->getMessage(), 'validationErrors' => []], Http::STATUS_BAD_REQUEST);
+		if (!$this->appConfig->getValueBool('core', OCMSignatoryManager::APPCONFIG_SIGN_DISABLED, lazy: true)) {
+			try {
+				// if request is signed and well signed, no exception are thrown
+				// if request is not signed and host is known for not supporting signed request, no exception are thrown
+				$signedRequest = $this->getSignedRequest();
+				$this->confirmSignedOrigin($signedRequest, 'owner', $owner);
+			} catch (IncomingRequestException $e) {
+				$this->logger->warning('incoming request exception', ['exception' => $e]);
+				return new JSONResponse(['message' => $e->getMessage(), 'validationErrors' => []], Http::STATUS_BAD_REQUEST);
+			}
 		}
 
 		// check if all required parameters are set
@@ -236,7 +238,7 @@ class RequestHandlerController extends Controller {
 	 *
 	 * @param string $recipientProvider The address of the recipent's provider
 	 * @param string $token The token used for the invitation
-	 * @param string $userId The userId of the recipient at the recipient's provider
+	 * @param string $userID The userID of the recipient at the recipient's provider
 	 * @param string $email The email address of the recipient
 	 * @param string $name The display name of the recipient
 	 *
@@ -251,8 +253,8 @@ class RequestHandlerController extends Controller {
 	#[PublicPage]
 	#[NoCSRFRequired]
 	#[BruteForceProtection(action: 'inviteAccepted')]
-	public function inviteAccepted(string $recipientProvider, string $token, string $userId, string $email, string $name): JSONResponse {
-		$this->logger->debug('Processing share invitation for ' . $userId . ' with token ' . $token . ' and email ' . $email . ' and name ' . $name);
+	public function inviteAccepted(string $recipientProvider, string $token, string $userID, string $email, string $name): JSONResponse {
+		$this->logger->debug('Processing share invitation for ' . $userID . ' with token ' . $token . ' and email ' . $email . ' and name ' . $name);
 
 		$updated = $this->timeFactory->getTime();
 
@@ -309,7 +311,7 @@ class RequestHandlerController extends Controller {
 		$invitation->setRecipientEmail($email);
 		$invitation->setRecipientName($name);
 		$invitation->setRecipientProvider($recipientProvider);
-		$invitation->setRecipientUserId($userId);
+		$invitation->setRecipientUserId($userID);
 		$invitation->setAcceptedAt($updated);
 		$invitation = $this->federatedInviteMapper->update($invitation);
 
@@ -354,14 +356,16 @@ class RequestHandlerController extends Controller {
 			);
 		}
 
-		try {
-			// if request is signed and well signed, no exception are thrown
-			// if request is not signed and host is known for not supporting signed request, no exception are thrown
-			$signedRequest = $this->getSignedRequest();
-			$this->confirmNotificationIdentity($signedRequest, $resourceType, $notification);
-		} catch (IncomingRequestException $e) {
-			$this->logger->warning('incoming request exception', ['exception' => $e]);
-			return new JSONResponse(['message' => $e->getMessage(), 'validationErrors' => []], Http::STATUS_BAD_REQUEST);
+		if (!$this->appConfig->getValueBool('core', OCMSignatoryManager::APPCONFIG_SIGN_DISABLED, lazy: true)) {
+			try {
+				// if request is signed and well signed, no exception are thrown
+				// if request is not signed and host is known for not supporting signed request, no exception are thrown
+				$signedRequest = $this->getSignedRequest();
+				$this->confirmNotificationIdentity($signedRequest, $resourceType, $notification);
+			} catch (IncomingRequestException $e) {
+				$this->logger->warning('incoming request exception', ['exception' => $e]);
+				return new JSONResponse(['message' => $e->getMessage(), 'validationErrors' => []], Http::STATUS_BAD_REQUEST);
+			}
 		}
 
 		try {
@@ -500,7 +504,6 @@ class RequestHandlerController extends Controller {
 	 *
 	 * @param IIncomingSignedRequest|null $signedRequest
 	 * @param string $resourceType
-	 * @param string $sharedSecret
 	 *
 	 * @throws IncomingRequestException
 	 * @throws BadRequestException
@@ -524,7 +527,7 @@ class RequestHandlerController extends Controller {
 				return;
 			}
 		} catch (\Exception $e) {
-			throw new IncomingRequestException($e->getMessage());
+			throw new IncomingRequestException($e->getMessage(), previous: $e);
 		}
 
 		$this->confirmNotificationEntry($signedRequest, $identity);

apps/cloud_federation_api/openapi.json

@@ -354,7 +354,7 @@
                                 "required": [
                                     "recipientProvider",
                                     "token",
-                                    "userId",
+                                    "userID",
                                     "email",
                                     "name"
                                 ],
@@ -367,9 +367,9 @@
                                         "type": "string",
                                         "description": "The token used for the invitation"
                                     },
-                                    "userId": {
+                                    "userID": {
                                         "type": "string",
-                                        "description": "The userId of the recipient at the recipient's provider"
+                                        "description": "The userID of the recipient at the recipient's provider"
                                     },
                                     "email": {
                                         "type": "string",

apps/comments/composer/autoload.php

@@ -14,10 +14,7 @@ if (PHP_VERSION_ID < 50600) {
             echo $err;
         }
     }
-    trigger_error(
-        $err,
-        E_USER_ERROR
-    );
+    throw new RuntimeException($err);
 }
 
 require_once __DIR__ . '/composer/autoload_real.php';

apps/comments/composer/composer/InstalledVersions.php

@@ -26,12 +26,23 @@ use Composer\Semver\VersionParser;
  */
 class InstalledVersions
 {
+    /**
+     * @var string|null if set (by reflection by Composer), this should be set to the path where this class is being copied to
+     * @internal
+     */
+    private static $selfDir = null;
+
     /**
      * @var mixed[]|null
      * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
      */
     private static $installed;
 
+    /**
+     * @var bool
+     */
+    private static $installedIsLocalDir;
+
     /**
      * @var bool|null
      */
@@ -309,6 +320,24 @@ class InstalledVersions
     {
         self::$installed = $data;
         self::$installedByVendor = array();
+
+        // when using reload, we disable the duplicate protection to ensure that self::$installed data is
+        // always returned, but we cannot know whether it comes from the installed.php in __DIR__ or not,
+        // so we have to assume it does not, and that may result in duplicate data being returned when listing
+        // all installed packages for example
+        self::$installedIsLocalDir = false;
+    }
+
+    /**
+     * @return string
+     */
+    private static function getSelfDir()
+    {
+        if (self::$selfDir === null) {
+            self::$selfDir = strtr(__DIR__, '\\', '/');
+        }
+
+        return self::$selfDir;
     }
 
     /**
@@ -322,19 +351,27 @@ class InstalledVersions
         }
 
         $installed = array();
+        $copiedLocalDir = false;
 
         if (self::$canGetVendors) {
+            $selfDir = self::getSelfDir();
             foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
+                $vendorDir = strtr($vendorDir, '\\', '/');
                 if (isset(self::$installedByVendor[$vendorDir])) {
                     $installed[] = self::$installedByVendor[$vendorDir];
                 } elseif (is_file($vendorDir.'/composer/installed.php')) {
                     /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
                     $required = require $vendorDir.'/composer/installed.php';
-                    $installed[] = self::$installedByVendor[$vendorDir] = $required;
-                    if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
-                        self::$installed = $installed[count($installed) - 1];
+                    self::$installedByVendor[$vendorDir] = $required;
+                    $installed[] = $required;
+                    if (self::$installed === null && $vendorDir.'/composer' === $selfDir) {
+                        self::$installed = $required;
+                        self::$installedIsLocalDir = true;
                     }
                 }
+                if (self::$installedIsLocalDir && $vendorDir.'/composer' === $selfDir) {
+                    $copiedLocalDir = true;
+                }
             }
         }
 
@@ -350,7 +387,7 @@ class InstalledVersions
             }
         }
 
-        if (self::$installed !== array()) {
+        if (self::$installed !== array() && !$copiedLocalDir) {
             $installed[] = self::$installed;
         }
 

apps/comments/composer/composer/autoload_static.php

@@ -7,14 +7,14 @@ namespace Composer\Autoload;
 class ComposerStaticInitComments
 {
     public static $prefixLengthsPsr4 = array (
-        'O' => 
+        'O' =>
         array (
             'OCA\\Comments\\' => 13,
         ),
     );
 
     public static $prefixDirsPsr4 = array (
-        'OCA\\Comments\\' => 
+        'OCA\\Comments\\' =>
         array (
             0 => __DIR__ . '/..' . '/../lib',
         ),

apps/comments/l10n/cs.js

@@ -17,6 +17,7 @@ OC.L10N.register(
     "Delete comment" : "Smazat komentář",
     "Cancel edit" : "Zrušit úpravu",
     "New comment" : "Nový komentář",
+    "Write a comment …" : "Napsat komentář …",
     "Post comment" : "Odeslat komentář",
     "@ for mentions, : for emoji, / for smart picker" : "@ pro zmínění, : pro emotikony, / pro inteligentní výběr",
     "Could not reload comments" : "Znovunačtení komentářů se nezdařilo",
@@ -31,6 +32,6 @@ OC.L10N.register(
     "Comment deleted" : "Komentář smazán",
     "An error occurred while trying to delete the comment" : "Došlo k chybě při pokusu o smazání komentáře",
     "An error occurred while trying to create the comment" : "Došlo k chybě při pokusu o vytvoření komentáře",
-    "Write a comment …" : "Napsat komentář…"
+    "Write a comment …" : "Napsat komentář …"
 },
 "nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;");

apps/comments/l10n/cs.json

@@ -15,6 +15,7 @@
     "Delete comment" : "Smazat komentář",
     "Cancel edit" : "Zrušit úpravu",
     "New comment" : "Nový komentář",
+    "Write a comment …" : "Napsat komentář …",
     "Post comment" : "Odeslat komentář",
     "@ for mentions, : for emoji, / for smart picker" : "@ pro zmínění, : pro emotikony, / pro inteligentní výběr",
     "Could not reload comments" : "Znovunačtení komentářů se nezdařilo",
@@ -29,6 +30,6 @@
     "Comment deleted" : "Komentář smazán",
     "An error occurred while trying to delete the comment" : "Došlo k chybě při pokusu o smazání komentáře",
     "An error occurred while trying to create the comment" : "Došlo k chybě při pokusu o vytvoření komentáře",
-    "Write a comment …" : "Napsat komentář…"
+    "Write a comment …" : "Napsat komentář …"
 },"pluralForm" :"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;"
 }

apps/comments/l10n/es.js

@@ -17,6 +17,7 @@ OC.L10N.register(
     "Delete comment" : "Borrar comentario",
     "Cancel edit" : "Cacelar edición",
     "New comment" : "Comentario nuevo",
+    "Write a comment …" : "Escribe un comentario ….",
     "Post comment" : "Publicar comentario",
     "@ for mentions, : for emoji, / for smart picker" : "@ para menciones, : para emoji, / para selector inteligente",
     "Could not reload comments" : "No se pudieron recargar los comentarios",

apps/comments/l10n/es.json

@@ -15,6 +15,7 @@
     "Delete comment" : "Borrar comentario",
     "Cancel edit" : "Cacelar edición",
     "New comment" : "Comentario nuevo",
+    "Write a comment …" : "Escribe un comentario ….",
     "Post comment" : "Publicar comentario",
     "@ for mentions, : for emoji, / for smart picker" : "@ para menciones, : para emoji, / para selector inteligente",
     "Could not reload comments" : "No se pudieron recargar los comentarios",

apps/comments/l10n/fi.js

@@ -15,6 +15,7 @@ OC.L10N.register(
     "Delete comment" : "Poista kommentti",
     "Cancel edit" : "Peruuta muokkaus",
     "New comment" : "Uusi kommentti",
+    "Write a comment …" : "Kirjoita kommentti …",
     "Post comment" : "Lähetä viesti",
     "@ for mentions, : for emoji, / for smart picker" : "@ maininnoille, : emojille, / älykkäälle valitsimelle",
     "Could not reload comments" : "Kommenttien lataus epäonnistui",

apps/comments/l10n/fi.json

@@ -13,6 +13,7 @@
     "Delete comment" : "Poista kommentti",
     "Cancel edit" : "Peruuta muokkaus",
     "New comment" : "Uusi kommentti",
+    "Write a comment …" : "Kirjoita kommentti …",
     "Post comment" : "Lähetä viesti",
     "@ for mentions, : for emoji, / for smart picker" : "@ maininnoille, : emojille, / älykkäälle valitsimelle",
     "Could not reload comments" : "Kommenttien lataus epäonnistui",

apps/comments/l10n/fr.js

@@ -17,7 +17,7 @@ OC.L10N.register(
     "Delete comment" : "Supprimer le commentaire",
     "Cancel edit" : "Annuler les modifications",
     "New comment" : "Nouveau commentaire",
-    "Write a comment …" : "Écrire un commentaire …",
+    "Write a comment …" : "Écrire un commentaire…",
     "Post comment" : "Publier le commentaire",
     "@ for mentions, : for emoji, / for smart picker" : "@ pour les mentions, : pour les émojis, / pour le sélecteur intelligent",
     "Could not reload comments" : "Impossible de recharger les commentaires",

apps/comments/l10n/fr.json

@@ -15,7 +15,7 @@
     "Delete comment" : "Supprimer le commentaire",
     "Cancel edit" : "Annuler les modifications",
     "New comment" : "Nouveau commentaire",
-    "Write a comment …" : "Écrire un commentaire …",
+    "Write a comment …" : "Écrire un commentaire…",
     "Post comment" : "Publier le commentaire",
     "@ for mentions, : for emoji, / for smart picker" : "@ pour les mentions, : pour les émojis, / pour le sélecteur intelligent",
     "Could not reload comments" : "Impossible de recharger les commentaires",

apps/comments/l10n/it.js

@@ -17,6 +17,7 @@ OC.L10N.register(
     "Delete comment" : "Elimina commento",
     "Cancel edit" : "Annulla modifica",
     "New comment" : "Nuovo commento",
+    "Write a comment …" : "Scrivi un commento ...",
     "Post comment" : "Pubblica commento",
     "@ for mentions, : for emoji, / for smart picker" : "@ per menzioni, : per emoji, / per selettore intelligente",
     "Could not reload comments" : "Impossibile ricaricare i commenti",

apps/comments/l10n/it.json

@@ -15,6 +15,7 @@
     "Delete comment" : "Elimina commento",
     "Cancel edit" : "Annulla modifica",
     "New comment" : "Nuovo commento",
+    "Write a comment …" : "Scrivi un commento ...",
     "Post comment" : "Pubblica commento",
     "@ for mentions, : for emoji, / for smart picker" : "@ per menzioni, : per emoji, / per selettore intelligente",
     "Could not reload comments" : "Impossibile ricaricare i commenti",

apps/comments/l10n/lo.js

@@ -0,0 +1,37 @@
+OC.L10N.register(
+    "comments",
+    {
+    "Comments" : "ຄໍາເຫັນ",
+    "You commented" : "ທ່ານໄດ້ສະແດງຄຳເຫັນ",
+    "{author} commented" : "{author} commented",
+    "You commented on %1$s" : "You commented on %1$s",
+    "You commented on {file}" : "You commented on {file}",
+    "%1$s commented on %2$s" : "%1$s commented on %2$s",
+    "{author} commented on {file}" : "{author} commented on {file}",
+    "<strong>Comments</strong> for files" : "<strong>Comments</strong> for files",
+    "Files" : "ຟາຍ",
+    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "You were mentioned on \"{file}\", in a comment by an account that has since been deleted",
+    "{user} mentioned you in a comment on \"{file}\"" : "{user} mentioned you in a comment on \"{file}\"",
+    "Files app plugin to add comments to files" : "Files app plugin to add comments to files",
+    "Edit comment" : "ແກ້ໄຂຄຳເຫັນ",
+    "Delete comment" : "ລົບຄຳເຫັນ",
+    "Cancel edit" : "Cancel edit",
+    "New comment" : "New comment",
+    "Write a comment …" : "Write a comment …",
+    "Post comment" : "Post comment",
+    "@ for mentions, : for emoji, / for smart picker" : "@ for mentions, : for emoji, / for smart picker",
+    "Could not reload comments" : "Could not reload comments",
+    "Failed to mark comments as read" : "Failed to mark comments as read",
+    "Unable to load the comments list" : "Unable to load the comments list",
+    "No comments yet, start the conversation!" : "No comments yet, start the conversation!",
+    "No more messages" : "No more messages",
+    "Retry" : "Retry",
+    "_1 new comment_::_{unread} new comments_" : ["{unread} new comments"],
+    "Comment" : "Comment",
+    "An error occurred while trying to edit the comment" : "An error occurred while trying to edit the comment",
+    "Comment deleted" : "Comment deleted",
+    "An error occurred while trying to delete the comment" : "An error occurred while trying to delete the comment",
+    "An error occurred while trying to create the comment" : "An error occurred while trying to create the comment",
+    "Write a comment …" : "Write a comment …"
+},
+"nplurals=1; plural=0;");

apps/comments/l10n/lo.json

@@ -0,0 +1,35 @@
+{ "translations": {
+    "Comments" : "ຄໍາເຫັນ",
+    "You commented" : "ທ່ານໄດ້ສະແດງຄຳເຫັນ",
+    "{author} commented" : "{author} commented",
+    "You commented on %1$s" : "You commented on %1$s",
+    "You commented on {file}" : "You commented on {file}",
+    "%1$s commented on %2$s" : "%1$s commented on %2$s",
+    "{author} commented on {file}" : "{author} commented on {file}",
+    "<strong>Comments</strong> for files" : "<strong>Comments</strong> for files",
+    "Files" : "ຟາຍ",
+    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "You were mentioned on \"{file}\", in a comment by an account that has since been deleted",
+    "{user} mentioned you in a comment on \"{file}\"" : "{user} mentioned you in a comment on \"{file}\"",
+    "Files app plugin to add comments to files" : "Files app plugin to add comments to files",
+    "Edit comment" : "ແກ້ໄຂຄຳເຫັນ",
+    "Delete comment" : "ລົບຄຳເຫັນ",
+    "Cancel edit" : "Cancel edit",
+    "New comment" : "New comment",
+    "Write a comment …" : "Write a comment …",
+    "Post comment" : "Post comment",
+    "@ for mentions, : for emoji, / for smart picker" : "@ for mentions, : for emoji, / for smart picker",
+    "Could not reload comments" : "Could not reload comments",
+    "Failed to mark comments as read" : "Failed to mark comments as read",
+    "Unable to load the comments list" : "Unable to load the comments list",
+    "No comments yet, start the conversation!" : "No comments yet, start the conversation!",
+    "No more messages" : "No more messages",
+    "Retry" : "Retry",
+    "_1 new comment_::_{unread} new comments_" : ["{unread} new comments"],
+    "Comment" : "Comment",
+    "An error occurred while trying to edit the comment" : "An error occurred while trying to edit the comment",
+    "Comment deleted" : "Comment deleted",
+    "An error occurred while trying to delete the comment" : "An error occurred while trying to delete the comment",
+    "An error occurred while trying to create the comment" : "An error occurred while trying to create the comment",
+    "Write a comment …" : "Write a comment …"
+},"pluralForm" :"nplurals=1; plural=0;"
+}

apps/comments/l10n/ug.js

@@ -4,11 +4,11 @@ OC.L10N.register(
     "Comments" : "باھا",
     "You commented" : "باھا بەردىڭىز",
     "{author} commented" : "{author} باھا بەردى",
-    "You commented on %1$s" : "سىز%1 $ s غا باھا بەردىڭىز",
+    "You commented on %1$s" : "سىز %1$s غا باھا بەردىڭىز",
     "You commented on {file}" : "سىز {file} گە باھا بەردىڭىز",
-    "%1$s commented on %2$s" : "%1 $ s%2 $ s غا باھا بەردى",
+    "%1$s commented on %2$s" : "%1$s بولسا %2$s غا باھا بەردى",
     "{author} commented on {file}" : "{author} بولسا {file} گە باھا بەردى",
-    "<strong>Comments</strong> for files" : "ھۆججەتلەر ئۈچۈن <strong> باھا </ strong>",
+    "<strong>Comments</strong> for files" : "ھۆججەتلەر ئۈچۈن <strong> باھا </strong>",
     "Files" : "ھۆججەتلەر",
     "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "سىز ئۆچۈرۈلگەن ھېساباتنىڭ ئىزاھاتىدا سىز «{file}» دە تىلغا ئېلىندى",
     "{user} mentioned you in a comment on \"{file}\"" : "{user} سىزنى \"{file}\" دىكى باھادا تىلغا ئالدى",
@@ -17,6 +17,7 @@ OC.L10N.register(
     "Delete comment" : "باھانى ئۆچۈرۈڭ",
     "Cancel edit" : "تەھرىرلەشنى ئەمەلدىن قالدۇرۇڭ",
     "New comment" : "يېڭى باھا",
+    "Write a comment …" : "بىر ئىنكاس يېزىڭ  ...",
     "Post comment" : "ئىنكاس يېزىڭ",
     "@ for mentions, : for emoji, / for smart picker" : "@ تىلغا ئېلىش ئۈچۈن ،: emoji ئۈچۈن ، / ئەقلىي ئىقتىدارلىق تاللىغۇچ ئۈچۈن",
     "Could not reload comments" : "ئىنكاسلارنى قايتا يۈكلىيەلمىدى",
@@ -25,6 +26,7 @@ OC.L10N.register(
     "No comments yet, start the conversation!" : "تېخى باھا يوق ، سۆھبەتنى باشلاڭ!",
     "No more messages" : "باشقا ئۇچۇر يوق",
     "Retry" : "قايتا سىناڭ",
+    "_1 new comment_::_{unread} new comments_" : ["1 يېڭى ئىنكاس","{unread} يېڭى ئىنكاسلار"],
     "Comment" : "باھا",
     "An error occurred while trying to edit the comment" : "باھانى تەھرىرلىمەكچى بولغاندا خاتالىق كۆرۈلدى",
     "Comment deleted" : "باھا ئۆچۈرۈلدى",

apps/comments/l10n/ug.json

@@ -2,11 +2,11 @@
     "Comments" : "باھا",
     "You commented" : "باھا بەردىڭىز",
     "{author} commented" : "{author} باھا بەردى",
-    "You commented on %1$s" : "سىز%1 $ s غا باھا بەردىڭىز",
+    "You commented on %1$s" : "سىز %1$s غا باھا بەردىڭىز",
     "You commented on {file}" : "سىز {file} گە باھا بەردىڭىز",
-    "%1$s commented on %2$s" : "%1 $ s%2 $ s غا باھا بەردى",
+    "%1$s commented on %2$s" : "%1$s بولسا %2$s غا باھا بەردى",
     "{author} commented on {file}" : "{author} بولسا {file} گە باھا بەردى",
-    "<strong>Comments</strong> for files" : "ھۆججەتلەر ئۈچۈن <strong> باھا </ strong>",
+    "<strong>Comments</strong> for files" : "ھۆججەتلەر ئۈچۈن <strong> باھا </strong>",
     "Files" : "ھۆججەتلەر",
     "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "سىز ئۆچۈرۈلگەن ھېساباتنىڭ ئىزاھاتىدا سىز «{file}» دە تىلغا ئېلىندى",
     "{user} mentioned you in a comment on \"{file}\"" : "{user} سىزنى \"{file}\" دىكى باھادا تىلغا ئالدى",
@@ -15,6 +15,7 @@
     "Delete comment" : "باھانى ئۆچۈرۈڭ",
     "Cancel edit" : "تەھرىرلەشنى ئەمەلدىن قالدۇرۇڭ",
     "New comment" : "يېڭى باھا",
+    "Write a comment …" : "بىر ئىنكاس يېزىڭ  ...",
     "Post comment" : "ئىنكاس يېزىڭ",
     "@ for mentions, : for emoji, / for smart picker" : "@ تىلغا ئېلىش ئۈچۈن ،: emoji ئۈچۈن ، / ئەقلىي ئىقتىدارلىق تاللىغۇچ ئۈچۈن",
     "Could not reload comments" : "ئىنكاسلارنى قايتا يۈكلىيەلمىدى",
@@ -23,6 +24,7 @@
     "No comments yet, start the conversation!" : "تېخى باھا يوق ، سۆھبەتنى باشلاڭ!",
     "No more messages" : "باشقا ئۇچۇر يوق",
     "Retry" : "قايتا سىناڭ",
+    "_1 new comment_::_{unread} new comments_" : ["1 يېڭى ئىنكاس","{unread} يېڭى ئىنكاسلار"],
     "Comment" : "باھا",
     "An error occurred while trying to edit the comment" : "باھانى تەھرىرلىمەكچى بولغاندا خاتالىق كۆرۈلدى",
     "Comment deleted" : "باھا ئۆچۈرۈلدى",

apps/comments/l10n/zh_HK.js

@@ -17,6 +17,7 @@ OC.L10N.register(
     "Delete comment" : "刪除留言",
     "Cancel edit" : "取消編輯",
     "New comment" : "新評論",
+    "Write a comment …" : "發表評論 ...",
     "Post comment" : "張貼留言",
     "@ for mentions, : for emoji, / for smart picker" : "“@” 表示提及，“:” 表示表情符號，“/” 表示智慧型選擇器",
     "Could not reload comments" : "無法重新加載評論",