update docs

.devcontainer/Dockerfile

@@ -1,4 +1,4 @@
-ARG BASEIMAGE=mcr.microsoft.com/devcontainers/typescript-node:22@sha256:a20b8a3538313487ac9266875bbf733e544c1aa2091df2bb99ab592a6d4f7399
+ARG BASEIMAGE=mcr.microsoft.com/devcontainers/typescript-node:22@sha256:9791f4aa527774bc370c6bd2f6705ce5a686f1e6f204badd8dfaacce28c631ae
 FROM ${BASEIMAGE}
 
 # Flutter SDK

.gitattributes

@@ -6,9 +6,6 @@ mobile/openapi/**/*.dart linguist-generated=true
 mobile/lib/**/*.g.dart -diff -merge
 mobile/lib/**/*.g.dart linguist-generated=true
 
-mobile/lib/**/*.drift.dart -diff -merge
-mobile/lib/**/*.drift.dart linguist-generated=true
-
 open-api/typescript-sdk/fetch-client.ts -diff -merge
 open-api/typescript-sdk/fetch-client.ts linguist-generated=true
 

.github/.nvmrc

@@ -1 +0,0 @@
-22.14.0

.github/DISCUSSION_TEMPLATE/feature-request.yaml

@@ -1,5 +1,5 @@
-title: '[Feature] feature-name-goes-here'
-labels: ['feature']
+title: "[Feature] feature-name-goes-here"
+labels: ["feature"]
 
 body:
   - type: markdown
@@ -13,7 +13,7 @@ body:
     attributes:
       label: I have searched the existing feature requests, both open and closed, to make sure this is not a duplicate request.
       options:
-        - label: 'Yes'
+        - label: "Yes"
           required: true
 
   - type: textarea

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -5,7 +5,7 @@ body:
     attributes:
       label: I have searched the existing issues, both open and closed, to make sure this is not a duplicate report.
       options:
-        - label: 'Yes'
+        - label: "Yes"
           required: true
 
   - type: markdown
@@ -84,7 +84,7 @@ body:
     id: repro
     attributes:
       label: Reproduction steps
-      description: 'How do you trigger this bug? Please walk us through it step by step.'
+      description: "How do you trigger this bug? Please walk us through it step by step."
       value: |
         1.
         2.
@@ -97,13 +97,12 @@ body:
     id: logs
     attributes:
       label: Relevant log output
-      description:
-        Please copy and paste any relevant logs below. (code formatting is
+      description: Please copy and paste any relevant logs below. (code formatting is
         enabled, no need for backticks)
       render: shell
     validations:
       required: false
-
+      
   - type: textarea
     attributes:
       label: Additional information

.github/package-lock.json

@@ -1,28 +0,0 @@
-{
-  "name": ".github",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "": {
-      "devDependencies": {
-        "prettier": "^3.5.3"
-      }
-    },
-    "node_modules/prettier": {
-      "version": "3.5.3",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.5.3.tgz",
-      "integrity": "sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==",
-      "dev": true,
-      "license": "MIT",
-      "bin": {
-        "prettier": "bin/prettier.cjs"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "funding": {
-        "url": "https://github.com/prettier/prettier?sponsor=1"
-      }
-    }
-  }
-}

.github/package.json

@@ -1,9 +0,0 @@
-{
-  "scripts": {
-    "format": "prettier --check .",
-    "format:fix": "prettier --write ."
-  },
-  "devDependencies": {
-    "prettier": "^3.5.3"
-  }
-}

.github/release.yml

@@ -1,33 +1,33 @@
-changelog:
-  categories:
-    - title: 🚨 Breaking Changes
-      labels:
-        - changelog:breaking-change
-
-    - title: 🫥 Deprecated Changes
-      labels:
-        - changelog:deprecated
-
-    - title: 🔒 Security
-      labels:
-        - changelog:security
-
-    - title: 🚀 Features
-      labels:
-        - changelog:feature
-
-    - title: 🌟 Enhancements
-      labels:
-        - changelog:enhancement
-
-    - title: 🐛 Bug fixes
-      labels:
-        - changelog:bugfix
-
-    - title: 📚 Documentation
-      labels:
-        - changelog:documentation
-
-    - title: 🌐 Translations
-      labels:
-        - changelog:translation
+changelog:
+  categories:
+    - title: 🚨 Breaking Changes
+      labels:
+        - changelog:breaking-change
+
+    - title: 🫥 Deprecated Changes
+      labels:
+        - changelog:deprecated
+
+    - title: 🔒 Security
+      labels:
+        - changelog:security
+
+    - title: 🚀 Features
+      labels:
+        - changelog:feature
+
+    - title: 🌟 Enhancements
+      labels:
+        - changelog:enhancement
+
+    - title: 🐛 Bug fixes
+      labels:
+        - changelog:bugfix
+
+    - title: 📚 Documentation
+      labels:
+        - changelog:documentation
+
+    - title: 🌐 Translations
+      labels:
+        - changelog:translation

.github/workflows/build-mobile.yml

@@ -7,15 +7,6 @@ on:
       ref:
         required: false
         type: string
-    secrets:
-      KEY_JKS:
-        required: true
-      ALIAS:
-        required: true
-      ANDROID_KEY_PASSWORD:
-        required: true
-      ANDROID_STORE_PASSWORD:
-        required: true
   pull_request:
   push:
     branches: [main]
@@ -24,23 +15,16 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
-
 jobs:
   pre-job:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     outputs:
       should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
+        uses: actions/checkout@v4
       - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
+        uses: dorny/paths-filter@v3
         with:
           filters: |
             mobile:
@@ -54,26 +38,31 @@ jobs:
   build-sign-android:
     name: Build and sign Android
     needs: pre-job
-    permissions:
-      contents: read
     # Skip when PR from a fork
     if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
     runs-on: macos-14
 
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          ref: ${{ inputs.ref || github.sha }}
-          persist-credentials: false
+      - name: Determine ref
+        id: get-ref
+        run: |
+          input_ref="${{ inputs.ref }}"
+          github_ref="${{ github.sha }}"
+          ref="${input_ref:-$github_ref}"
+          echo "ref=$ref" >> $GITHUB_OUTPUT
 
-      - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.get-ref.outputs.ref }}
+
+      - uses: actions/setup-java@v4
         with:
           distribution: 'zulu'
           java-version: '17'
           cache: 'gradle'
 
       - name: Setup Flutter SDK
-        uses: subosito/flutter-action@e938fdf56512cc96ef2f93601a5a40bde3801046 # v2
+        uses: subosito/flutter-action@v2
         with:
           channel: 'stable'
           flutter-version-file: ./mobile/pubspec.yaml
@@ -89,10 +78,6 @@ jobs:
         working-directory: ./mobile
         run: flutter pub get
 
-      - name: Generate translation file
-        run: make translation
-        working-directory: ./mobile
-
       - name: Build Android App Bundle
         working-directory: ./mobile
         env:
@@ -104,7 +89,7 @@ jobs:
           flutter build apk --release --split-per-abi --target-platform android-arm,android-arm64,android-x64
 
       - name: Publish Android Artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        uses: actions/upload-artifact@v4
         with:
           name: release-apk-signed
           path: mobile/build/app/outputs/flutter-apk/*.apk

.github/workflows/cache-cleanup.yml

@@ -8,38 +8,31 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
-
 jobs:
   cleanup:
     name: Cleanup
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      actions: write
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Cleanup
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          REF: ${{ github.ref }}
         run: |
           gh extension install actions/gh-actions-cache
 
           REPO=${{ github.repository }}
+          BRANCH=${{ github.ref }}
 
           echo "Fetching list of cache keys"
-          cacheKeysForPR=$(gh actions-cache list -R $REPO -B ${REF} -L 100 | cut -f 1 )
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
 
           ## Setting this to not fail the workflow while deleting cache keys.
           set +e
           echo "Deleting caches..."
           for cacheKey in $cacheKeysForPR
           do
-              gh actions-cache delete $cacheKey -R "$REPO" -B "${REF}" --confirm
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
           done
           echo "Done"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/cli.yml

@@ -6,6 +6,7 @@ on:
       - 'cli/**'
       - '.github/workflows/cli.yml'
   pull_request:
+    branches: [main]
     paths:
       - 'cli/**'
       - '.github/workflows/cli.yml'
@@ -16,25 +17,21 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
+permissions:
+  packages: write
 
 jobs:
   publish:
     name: CLI Publish
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./cli
 
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
+      - uses: actions/checkout@v4
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+      - uses: actions/setup-node@v4
         with:
           node-version-file: './cli/.nvmrc'
           registry-url: 'https://registry.npmjs.org'
@@ -52,25 +49,20 @@ jobs:
   docker:
     name: Docker
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
     needs: publish
 
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+        uses: docker/setup-qemu-action@v3.6.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@v3.10.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@v3
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:
           registry: ghcr.io
@@ -85,7 +77,7 @@ jobs:
 
       - name: Generate docker image tags
         id: metadata
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
+        uses: docker/metadata-action@v5
         with:
           flavor: |
             latest=false
@@ -96,7 +88,7 @@ jobs:
             type=raw,value=latest,enable=${{ github.event_name == 'release' }}
 
       - name: Build and push image
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6.15.0
         with:
           file: cli/Dockerfile
           platforms: linux/amd64,linux/arm64

.github/workflows/codeql-analysis.yml

@@ -9,14 +9,14 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: 'CodeQL'
+name: "CodeQL"
 
 on:
   push:
-    branches: ['main']
+    branches: [ "main" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: ['main']
+    branches: [ "main" ]
   schedule:
     - cron: '20 13 * * 1'
 
@@ -24,8 +24,6 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
-
 jobs:
   analyze:
     name: Analyze
@@ -38,44 +36,43 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['javascript', 'python']
+        language: [ 'javascript', 'python' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+    - name: Checkout repository
+      uses: actions/checkout@v4
 
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3
-        with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
 
-          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-          # queries: security-extended,security-and-quality
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
 
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@28deaeda66b76a05916b6923827895f2b14ab387 # v3
 
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
 
-      #   If the Autobuild fails above, remove it and uncomment the following three lines.
-      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-      # - run: |
-      #   echo "Run, Build Application using script"
-      #   ./location_of_script_within_repo/buildscript.sh
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3
-        with:
-          category: '/language:${{matrix.language}}'
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/docker.yml

@@ -12,23 +12,20 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
+permissions:
+  packages: write
 
 jobs:
   pre-job:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     outputs:
       should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
       should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
       - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
+        uses: dorny/paths-filter@v3
         with:
           filters: |
             server:
@@ -48,67 +45,56 @@ jobs:
   retag_ml:
     name: Re-Tag ML
     needs: pre-job
-    permissions:
-      contents: read
-      packages: write
     if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
+        suffix: ["", "-cuda", "-openvino", "-armnn","-rknn"]
     steps:
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Re-tag image
-        env:
-          REGISTRY_NAME: 'ghcr.io'
-          REPOSITORY: ${{ github.repository_owner }}/immich-machine-learning
-          TAG_OLD: main${{ matrix.suffix }}
-          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
-          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
-        run: |
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v3
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+        - name: Re-tag image
+          run: |
+              REGISTRY_NAME="ghcr.io"
+              REPOSITORY=${{ github.repository_owner }}/immich-machine-learning
+              TAG_OLD=main${{ matrix.suffix }}
+              TAG_PR=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
+              TAG_COMMIT=commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
+              docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_PR $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
+              docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_COMMIT $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
 
   retag_server:
     name: Re-Tag Server
     needs: pre-job
-    permissions:
-      contents: read
-      packages: write
     if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        suffix: ['']
+        suffix: [""]
     steps:
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Re-tag image
-        env:
-          REGISTRY_NAME: 'ghcr.io'
-          REPOSITORY: ${{ github.repository_owner }}/immich-server
-          TAG_OLD: main${{ matrix.suffix }}
-          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
-          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
         run: |
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
+          REGISTRY_NAME="ghcr.io"
+          REPOSITORY=${{ github.repository_owner }}/immich-server
+          TAG_OLD=main${{ matrix.suffix }}
+          TAG_PR=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
+          TAG_COMMIT=commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
+          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_PR $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
+          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_COMMIT $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
 
   build_and_push_ml:
     name: Build and Push ML
     needs: pre-job
-    permissions:
-      contents: read
-      packages: write
     if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
     runs-on: ${{ matrix.runner }}
     env:
@@ -134,11 +120,6 @@ jobs:
             device: cuda
             suffix: -cuda
 
-          - platform: linux/amd64
-            runner: mich
-            device: rocm
-            suffix: -rocm
-
           - platform: linux/amd64
             runner: ubuntu-latest
             device: openvino
@@ -148,9 +129,7 @@ jobs:
             runner: ubuntu-24.04-arm
             device: armnn
             suffix: -armnn
-
-          - platform: linux/arm64
-            runner: ubuntu-24.04-arm
+          - platforms: linux/arm64
             device: rknn
             suffix: -rknn
 
@@ -161,15 +140,13 @@ jobs:
           echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
 
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@v3.10.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@v3
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:
           registry: ghcr.io
@@ -177,14 +154,11 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Generate cache key suffix
-        env:
-          REF: ${{ github.ref_name }}
         run: |
           if [[ "${{ github.event_name }}" == "pull_request" ]]; then
             echo "CACHE_KEY_SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
           else
-            SUFFIX=$(echo "${REF}" | sed 's/[^a-zA-Z0-9]/-/g')
-            echo "CACHE_KEY_SUFFIX=${SUFFIX}" >> $GITHUB_ENV
+            echo "CACHE_KEY_SUFFIX=$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/-/g')" >> $GITHUB_ENV
           fi
 
       - name: Generate cache target
@@ -194,23 +168,17 @@ jobs:
             # Essentially just ignore the cache output (forks can't write to registry cache)
             echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
           else
-            echo "cache-to=type=registry,ref=${GHCR_REPO}-build-cache:${PLATFORM_PAIR}-${{ matrix.device }}-${CACHE_KEY_SUFFIX},mode=max,compression=zstd" >> $GITHUB_OUTPUT
+            echo "cache-to=type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-${{ env.CACHE_KEY_SUFFIX }},mode=max,compression=zstd" >> $GITHUB_OUTPUT
           fi
 
-      - name: Generate docker image tags
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
-        env:
-          DOCKER_METADATA_PR_HEAD_SHA: 'true'
-
       - name: Build and push image
         id: build
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6.15.0
         with:
           context: ${{ env.context }}
           file: ${{ env.file }}
           platforms: ${{ matrix.platforms }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.metadata.outputs.labels }}
           cache-to: ${{ steps.cache-target.outputs.cache-to }}
           cache-from: |
             type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-${{ env.CACHE_KEY_SUFFIX }}
@@ -224,13 +192,13 @@ jobs:
             BUILD_SOURCE_COMMIT=${{ github.sha }}
 
       - name: Export digest
-        run: | # zizmor: ignore[template-injection]
+        run: |
           mkdir -p ${{ runner.temp }}/digests
           digest="${{ steps.build.outputs.digest }}"
           touch "${{ runner.temp }}/digests/${digest#sha256:}"
 
       - name: Upload digest
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        uses: actions/upload-artifact@v4
         with:
           name: ml-digests-${{ matrix.device }}-${{ env.PLATFORM_PAIR }}
           path: ${{ runner.temp }}/digests/*
@@ -240,10 +208,6 @@ jobs:
   merge_ml:
     name: Merge & Push ML
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      actions: read
-      packages: write
     if: ${{ needs.pre-job.outputs.should_run_ml == 'true' && !github.event.pull_request.head.repo.fork }}
     env:
       GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-machine-learning
@@ -254,19 +218,15 @@ jobs:
           - device: cpu
           - device: cuda
             suffix: -cuda
-          - device: rocm
-            suffix: -rocm
           - device: openvino
             suffix: -openvino
           - device: armnn
             suffix: -armnn
-          - device: rknn
-            suffix: -rknn
     needs:
       - build_and_push_ml
     steps:
       - name: Download digests
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+        uses: actions/download-artifact@v4
         with:
           path: ${{ runner.temp }}/digests
           pattern: ml-digests-${{ matrix.device }}-*
@@ -274,26 +234,26 @@ jobs:
 
       - name: Login to Docker Hub
         if: ${{ github.event_name == 'release' }}
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GHCR
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
+        uses: docker/setup-buildx-action@v3
 
       - name: Generate docker image tags
         id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
+        uses: docker/metadata-action@v5
         env:
-          DOCKER_METADATA_PR_HEAD_SHA: 'true'
+          DOCKER_METADATA_PR_HEAD_SHA: "true"
         with:
           flavor: |
             # Disable latest tag
@@ -316,31 +276,12 @@ jobs:
       - name: Create manifest list and push
         working-directory: ${{ runner.temp }}/digests
         run: |
-          # Process annotations
-          declare -a ANNOTATIONS=()
-          if [[ -n "$DOCKER_METADATA_OUTPUT_JSON" ]]; then
-            while IFS= read -r annotation; do
-              # Extract key and value by removing the manifest: prefix
-              if [[ "$annotation" =~ ^manifest:(.+)=(.+)$ ]]; then
-                key="${BASH_REMATCH[1]}"
-                value="${BASH_REMATCH[2]}"
-                # Use array to properly handle arguments with spaces
-                ANNOTATIONS+=(--annotation "index:$key=$value")
-              fi
-            done < <(jq -r '.annotations[]' <<< "$DOCKER_METADATA_OUTPUT_JSON")
-          fi
-
-          TAGS=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-          SOURCE_ARGS=$(printf "${GHCR_REPO}@sha256:%s " *)
-
-          docker buildx imagetools create $TAGS "${ANNOTATIONS[@]}" $SOURCE_ARGS
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
 
   build_and_push_server:
     name: Build and Push Server
     runs-on: ${{ matrix.runner }}
-    permissions:
-      contents: read
-      packages: write
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
     env:
@@ -363,15 +304,13 @@ jobs:
           echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
 
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@v3
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:
           registry: ghcr.io
@@ -379,14 +318,11 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Generate cache key suffix
-        env:
-          REF: ${{ github.ref_name }}
         run: |
           if [[ "${{ github.event_name }}" == "pull_request" ]]; then
             echo "CACHE_KEY_SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
           else
-            SUFFIX=$(echo "${REF}" | sed 's/[^a-zA-Z0-9]/-/g')
-            echo "CACHE_KEY_SUFFIX=${SUFFIX}" >> $GITHUB_ENV
+            echo "CACHE_KEY_SUFFIX=$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/-/g')" >> $GITHUB_ENV
           fi
 
       - name: Generate cache target
@@ -396,23 +332,17 @@ jobs:
             # Essentially just ignore the cache output (forks can't write to registry cache)
             echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
           else
-            echo "cache-to=type=registry,ref=${GHCR_REPO}-build-cache:${PLATFORM_PAIR}-${CACHE_KEY_SUFFIX},mode=max,compression=zstd" >> $GITHUB_OUTPUT
+            echo "cache-to=type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-${{ env.CACHE_KEY_SUFFIX }},mode=max,compression=zstd" >> $GITHUB_OUTPUT
           fi
 
-      - name: Generate docker image tags
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
-        env:
-          DOCKER_METADATA_PR_HEAD_SHA: 'true'
-
       - name: Build and push image
         id: build
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6.15.0
         with:
           context: ${{ env.context }}
           file: ${{ env.file }}
           platforms: ${{ matrix.platform }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.metadata.outputs.labels }}
           cache-to: ${{ steps.cache-target.outputs.cache-to }}
           cache-from: |
             type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ env.CACHE_KEY_SUFFIX }}
@@ -426,13 +356,13 @@ jobs:
             BUILD_SOURCE_COMMIT=${{ github.sha }}
 
       - name: Export digest
-        run: | # zizmor: ignore[template-injection]
+        run: |
           mkdir -p ${{ runner.temp }}/digests
           digest="${{ steps.build.outputs.digest }}"
           touch "${{ runner.temp }}/digests/${digest#sha256:}"
 
       - name: Upload digest
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        uses: actions/upload-artifact@v4
         with:
           name: server-digests-${{ env.PLATFORM_PAIR }}
           path: ${{ runner.temp }}/digests/*
@@ -442,10 +372,6 @@ jobs:
   merge_server:
     name: Merge & Push Server
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      actions: read
-      packages: write
     if: ${{ needs.pre-job.outputs.should_run_server == 'true' && !github.event.pull_request.head.repo.fork }}
     env:
       GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-server
@@ -454,7 +380,7 @@ jobs:
       - build_and_push_server
     steps:
       - name: Download digests
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+        uses: actions/download-artifact@v4
         with:
           path: ${{ runner.temp }}/digests
           pattern: server-digests-*
@@ -462,26 +388,26 @@ jobs:
 
       - name: Login to Docker Hub
         if: ${{ github.event_name == 'release' }}
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GHCR
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
+        uses: docker/setup-buildx-action@v3
 
       - name: Generate docker image tags
         id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
+        uses: docker/metadata-action@v5
         env:
-          DOCKER_METADATA_PR_HEAD_SHA: 'true'
+          DOCKER_METADATA_PR_HEAD_SHA: "true"
         with:
           flavor: |
             # Disable latest tag
@@ -504,29 +430,12 @@ jobs:
       - name: Create manifest list and push
         working-directory: ${{ runner.temp }}/digests
         run: |
-          # Process annotations
-          declare -a ANNOTATIONS=()
-          if [[ -n "$DOCKER_METADATA_OUTPUT_JSON" ]]; then
-            while IFS= read -r annotation; do
-              # Extract key and value by removing the manifest: prefix
-              if [[ "$annotation" =~ ^manifest:(.+)=(.+)$ ]]; then
-                key="${BASH_REMATCH[1]}"
-                value="${BASH_REMATCH[2]}"
-                # Use array to properly handle arguments with spaces
-                ANNOTATIONS+=(--annotation "index:$key=$value")
-              fi
-            done < <(jq -r '.annotations[]' <<< "$DOCKER_METADATA_OUTPUT_JSON")
-          fi
-
-          TAGS=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-          SOURCE_ARGS=$(printf "${GHCR_REPO}@sha256:%s " *)
-
-          docker buildx imagetools create $TAGS "${ANNOTATIONS[@]}" $SOURCE_ARGS
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
 
   success-check-server:
     name: Docker Build & Push Server Success
     needs: [merge_server, retag_server]
-    permissions: {}
     runs-on: ubuntu-latest
     if: always()
     steps:
@@ -535,13 +444,11 @@ jobs:
         run: exit 1
       - name: All jobs passed or skipped
         if: ${{ !(contains(needs.*.result, 'failure')) }}
-        # zizmor: ignore[template-injection]
         run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
 
   success-check-ml:
     name: Docker Build & Push ML Success
     needs: [merge_ml, retag_ml]
-    permissions: {}
     runs-on: ubuntu-latest
     if: always()
     steps:
@@ -550,5 +457,4 @@ jobs:
         run: exit 1
       - name: All jobs passed or skipped
         if: ${{ !(contains(needs.*.result, 'failure')) }}
-        # zizmor: ignore[template-injection]
-        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
+        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"

.github/workflows/docs-build.yml

@@ -3,6 +3,7 @@ on:
   push:
     branches: [main]
   pull_request:
+    branches: [main]
   release:
     types: [published]
 
@@ -10,22 +11,16 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
-
 jobs:
   pre-job:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     outputs:
       should_run: ${{ steps.found_paths.outputs.docs == 'true' ||  steps.should_force.outputs.should_force == 'true' }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
       - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
+        uses: dorny/paths-filter@v3
         with:
           filters: |
             docs:
@@ -39,8 +34,6 @@ jobs:
   build:
     name: Docs Build
     needs: pre-job
-    permissions:
-      contents: read
     if: ${{ needs.pre-job.outputs.should_run == 'true' }}
     runs-on: ubuntu-latest
     defaults:
@@ -49,12 +42,10 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './docs/.nvmrc'
 
@@ -68,9 +59,8 @@ jobs:
         run: npm run build
 
       - name: Upload build output
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        uses: actions/upload-artifact@v4
         with:
           name: docs-build-output
           path: docs/build/
-          include-hidden-files: true
           retention-days: 1

.github/workflows/docs-deploy.yml

@@ -1,7 +1,7 @@
 name: Docs deploy
 on:
-  workflow_run: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
-    workflows: ['Docs build']
+  workflow_run:
+    workflows: ["Docs build"]
     types:
       - completed
 
@@ -9,9 +9,6 @@ jobs:
   checks:
     name: Docs Deploy Checks
     runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      pull-requests: read
     outputs:
       parameters: ${{ steps.parameters.outputs.result }}
       artifact: ${{ steps.get-artifact.outputs.result }}
@@ -20,7 +17,7 @@ jobs:
         run: echo 'The triggering workflow did not succeed' && exit 1
       - name: Get artifact
         id: get-artifact
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+        uses: actions/github-script@v7
         with:
           script: |
             let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
@@ -38,9 +35,7 @@ jobs:
             return { found: true, id: matchArtifact.id };
       - name: Determine deploy parameters
         id: parameters
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
-        env:
-          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
+        uses: actions/github-script@v7
         with:
           script: |
             const eventType = context.payload.workflow_run.event;
@@ -62,8 +57,7 @@ jobs:
             } else if (eventType == "pull_request") {
               let pull_number = context.payload.workflow_run.pull_requests[0]?.number;
               if(!pull_number) {
-                const {HEAD_SHA} = process.env;
-                const response = await github.rest.search.issuesAndPullRequests({q: `repo:${{ github.repository }} is:pr sha:${HEAD_SHA}`,per_page: 1,})
+                const response = await github.rest.search.issuesAndPullRequests({q: 'repo:${{ github.repository }} is:pr sha:${{ github.event.workflow_run.head_sha }}',per_page: 1,})
                 const items = response.data.items
                 if (items.length < 1) {
                   throw new Error("No pull request found for the commit")
@@ -101,36 +95,30 @@ jobs:
     name: Docs Deploy
     runs-on: ubuntu-latest
     needs: checks
-    permissions:
-      contents: read
-      actions: read
-      pull-requests: write
     if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Load parameters
         id: parameters
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
-        env:
-          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
+        uses: actions/github-script@v7
         with:
           script: |
-            const parameters = JSON.parse(process.env.PARAM_JSON);
+            const json = `${{ needs.checks.outputs.parameters }}`;
+            const parameters = JSON.parse(json);
             core.setOutput("event", parameters.event);
             core.setOutput("name", parameters.name);
             core.setOutput("shouldDeploy", parameters.shouldDeploy);
 
+      - run: |
+          echo "Starting docs deployment for ${{ steps.parameters.outputs.event }} ${{ steps.parameters.outputs.name }}"
+
       - name: Download artifact
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
-        env:
-          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
+        uses: actions/github-script@v7
         with:
           script: |
-            let artifact = JSON.parse(process.env.ARTIFACT_JSON);
+            let artifact = ${{ needs.checks.outputs.artifact }};
             let download = await github.rest.actions.downloadArtifact({
                owner: context.repo.owner,
                repo: context.repo.repo,
@@ -150,12 +138,12 @@ jobs:
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        uses: gruntwork-io/terragrunt-action@9559e51d05873b0ea467c42bbabcb5c067642ccc # v2
+        uses: gruntwork-io/terragrunt-action@v2
         with:
-          tg_version: '0.58.12'
-          tofu_version: '1.7.1'
-          tg_dir: 'deployment/modules/cloudflare/docs'
-          tg_command: 'apply'
+          tg_version: "0.58.12"
+          tofu_version: "1.7.1"
+          tg_dir: "deployment/modules/cloudflare/docs"
+          tg_command: "apply"
 
       - name: Deploy Docs Subdomain Output
         id: docs-output
@@ -165,29 +153,27 @@ jobs:
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        uses: gruntwork-io/terragrunt-action@9559e51d05873b0ea467c42bbabcb5c067642ccc # v2
+        uses: gruntwork-io/terragrunt-action@v2
         with:
-          tg_version: '0.58.12'
-          tofu_version: '1.7.1'
-          tg_dir: 'deployment/modules/cloudflare/docs'
-          tg_command: 'output -json'
+          tg_version: "0.58.12"
+          tofu_version: "1.7.1"
+          tg_dir: "deployment/modules/cloudflare/docs"
+          tg_command: "output -json"
 
       - name: Output Cleaning
         id: clean
-        env:
-          TG_OUTPUT: ${{ steps.docs-output.outputs.tg_action_output }}
         run: |
-          CLEANED=$(echo "$TG_OUTPUT" | sed 's|%0A|\n|g ; s|%3C|<|g' | jq -c .)
-          echo "output=$CLEANED" >> $GITHUB_OUTPUT
+          TG_OUT=$(echo '${{ steps.docs-output.outputs.tg_action_output }}' | sed 's|%0A|\n|g ; s|%3C|<|g' | jq -c .)
+          echo "output=$TG_OUT" >> $GITHUB_OUTPUT
 
       - name: Publish to Cloudflare Pages
-        uses: cloudflare/pages-action@f0a1cd58cd66095dee69bfa18fa5efd1dde93bca # v1
+        uses: cloudflare/pages-action@v1
         with:
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           projectName: ${{ fromJson(steps.clean.outputs.output).pages_project_name.value }}
-          workingDirectory: 'docs'
-          directory: 'build'
+          workingDirectory: "docs"
+          directory: "build"
           branch: ${{ steps.parameters.outputs.name }}
           wranglerVersion: '3'
 
@@ -198,7 +184,7 @@ jobs:
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        uses: gruntwork-io/terragrunt-action@9559e51d05873b0ea467c42bbabcb5c067642ccc # v2
+        uses: gruntwork-io/terragrunt-action@v2
         with:
           tg_version: '0.58.12'
           tofu_version: '1.7.1'
@@ -206,7 +192,7 @@ jobs:
           tg_command: 'apply'
 
       - name: Comment
-        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3
+        uses: actions-cool/maintain-one-comment@v3
         if: ${{ steps.parameters.outputs.event == 'pr' }}
         with:
           number: ${{ fromJson(needs.checks.outputs.parameters).pr_number }}

.github/workflows/docs-destroy.yml

@@ -1,39 +1,32 @@
 name: Docs destroy
 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
+  pull_request_target:
     types: [closed]
 
-permissions: {}
-
 jobs:
   deploy:
     name: Docs Destroy
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Destroy Docs Subdomain
         env:
-          TF_VAR_prefix_name: 'pr-${{ github.event.number }}'
-          TF_VAR_prefix_event_type: 'pr'
+          TF_VAR_prefix_name: "pr-${{ github.event.number }}"
+          TF_VAR_prefix_event_type: "pr"
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        uses: gruntwork-io/terragrunt-action@9559e51d05873b0ea467c42bbabcb5c067642ccc # v2
+        uses: gruntwork-io/terragrunt-action@v2
         with:
-          tg_version: '0.58.12'
-          tofu_version: '1.7.1'
-          tg_dir: 'deployment/modules/cloudflare/docs'
-          tg_command: 'destroy -refresh=false'
+          tg_version: "0.58.12"
+          tofu_version: "1.7.1"
+          tg_dir: "deployment/modules/cloudflare/docs"
+          tg_command: "destroy -refresh=false"
 
       - name: Comment
-        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3
+        uses: actions-cool/maintain-one-comment@v3
         with:
           number: ${{ github.event.number }}
           delete: true

.github/workflows/fix-format.yml

@@ -4,32 +4,28 @@ on:
   pull_request:
     types: [labeled]
 
-permissions: {}
-
 jobs:
   fix-formatting:
     runs-on: ubuntu-latest
     if: ${{ github.event.label.name == 'fix:formatting' }}
     permissions:
-      contents: write
       pull-requests: write
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: 'Checkout'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           token: ${{ steps.generate-token.outputs.token }}
-          persist-credentials: true
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './server/.nvmrc'
 
@@ -37,13 +33,13 @@ jobs:
         run: make install-all && make format-all
 
       - name: Commit and push
-        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
+        uses: EndBug/add-and-commit@v9
         with:
           default_author: github_actions
           message: 'chore: fix formatting'
 
       - name: Remove label
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+        uses: actions/github-script@v7
         if: always()
         with:
           script: |
@@ -53,3 +49,4 @@ jobs:
               repo: context.repo.repo,
               name: 'fix:formatting'
             })
+

.github/workflows/pr-label-validation.yml

@@ -1,11 +1,9 @@
 name: PR Label Validation
 
 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
+  pull_request_target:
     types: [opened, labeled, unlabeled, synchronize]
 
-permissions: {}
-
 jobs:
   validate-release-label:
     runs-on: ubuntu-latest
@@ -14,11 +12,11 @@ jobs:
       pull-requests: write
     steps:
       - name: Require PR to have a changelog label
-        uses: mheap/github-action-required-labels@388fd6af37b34cdfe5a23b37060e763217e58b03 # v5
+        uses: mheap/github-action-required-labels@v5
         with:
           mode: exactly
           count: 1
           use_regex: true
-          labels: 'changelog:.*'
+          labels: "changelog:.*"
           add_comment: true
-          message: 'Label error. Requires {{errorString}} {{count}} of: {{ provided }}. Found: {{ applied }}. A maintainer will add the required label.'
+          message: "Label error. Requires {{errorString}} {{count}} of: {{ provided }}. Found: {{ applied }}. A maintainer will add the required label."

.github/workflows/pr-labeler.yml

@@ -1,8 +1,6 @@
-name: 'Pull Request Labeler'
+name: "Pull Request Labeler"
 on:
-  - pull_request_target # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
-
-permissions: {}
+- pull_request_target
 
 jobs:
   labeler:
@@ -11,4 +9,4 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5
+    - uses: actions/labeler@v5

.github/workflows/pr-require-conventional-commit.yml

@@ -4,16 +4,12 @@ on:
   pull_request:
     types: [opened, synchronize, reopened, edited]
 
-permissions: {}
-
 jobs:
   validate-pr-title:
     runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
     steps:
       - name: PR Conventional Commit Validation
-        uses: ytanikin/PRConventionalCommits@b628c5a234cc32513014b7bfdd1e47b532124d98 # 1.3.0
+        uses:  ytanikin/PRConventionalCommits@1.3.0
         with:
           task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
           add_label: 'false'

.github/workflows/prepare-release.yml

@@ -21,40 +21,35 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-root
   cancel-in-progress: true
 
-permissions: {}
-
 jobs:
   bump_version:
     runs-on: ubuntu-latest
+
     outputs:
       ref: ${{ steps.push-tag.outputs.commit_long_sha }}
-    permissions: {} # No job-level permissions are needed because it uses the app-token
+
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@v4
         with:
           token: ${{ steps.generate-token.outputs.token }}
-          persist-credentials: true
 
       - name: Install uv
-        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
+        uses: astral-sh/setup-uv@v5
 
       - name: Bump version
-        env:
-          SERVER_BUMP: ${{ inputs.serverBump }}
-          MOBILE_BUMP: ${{ inputs.mobileBump }}
-        run: misc/release/pump-version.sh -s "${SERVER_BUMP}" -m "${MOBILE_BUMP}"
+        run: misc/release/pump-version.sh -s "${{ inputs.serverBump }}" -m "${{ inputs.mobileBump }}"
 
       - name: Commit and tag
         id: push-tag
-        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
+        uses: EndBug/add-and-commit@v9
         with:
           default_author: github_actions
           message: 'chore: version ${{ env.IMMICH_VERSION }}'
@@ -64,47 +59,37 @@ jobs:
   build_mobile:
     uses: ./.github/workflows/build-mobile.yml
     needs: bump_version
-    permissions:
-      contents: read
-    secrets:
-      KEY_JKS: ${{ secrets.KEY_JKS }}
-      ALIAS: ${{ secrets.ALIAS }}
-      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
-      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
+    secrets: inherit
     with:
       ref: ${{ needs.bump_version.outputs.ref }}
 
   prepare_release:
     runs-on: ubuntu-latest
     needs: build_mobile
-    permissions:
-      actions: read # To download the app artifact
-      # No content permissions are needed because it uses the app-token
+
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@v4
         with:
           token: ${{ steps.generate-token.outputs.token }}
-          persist-credentials: false
 
       - name: Download APK
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+        uses: actions/download-artifact@v4
         with:
           name: release-apk-signed
 
       - name: Create draft release
-        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2
+        uses: softprops/action-gh-release@v2
         with:
           draft: true
           tag_name: ${{ env.IMMICH_VERSION }}
-          token: ${{ steps.generate-token.outputs.token }}
           generate_release_notes: true
           body_path: misc/release/notes.tmpl
           files: |

.github/workflows/preview-label.yaml

@@ -4,8 +4,6 @@ on:
   pull_request:
     types: [labeled, closed]
 
-permissions: {}
-
 jobs:
   comment-status:
     runs-on: ubuntu-latest
@@ -13,10 +11,10 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2
+      - uses: mshick/add-pr-comment@v2
         with:
-          message-id: 'preview-status'
-          message: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.cloud/'
+          message-id: "preview-status"
+          message: "Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.cloud/"
 
   remove-label:
     runs-on: ubuntu-latest
@@ -24,7 +22,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+      - uses: actions/github-script@v7
         with:
           script: |
             github.rest.issues.removeLabel({

.github/workflows/sdk.yml

@@ -4,24 +4,20 @@ on:
   release:
     types: [published]
 
-permissions: {}
+permissions:
+  packages: write
 
 jobs:
   publish:
     name: Publish `@immich/sdk`
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./open-api/typescript-sdk
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
+      - uses: actions/checkout@v4
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+      - uses: actions/setup-node@v4
         with:
           node-version-file: './open-api/typescript-sdk/.nvmrc'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/static_analysis.yml

@@ -9,22 +9,16 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
-
 jobs:
   pre-job:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     outputs:
       should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
       - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
+        uses: dorny/paths-filter@v3
         with:
           filters: |
             mobile:
@@ -39,17 +33,15 @@ jobs:
     name: Run Dart Code Analysis
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run == 'true' }}
+
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
+
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Flutter SDK
-        uses: subosito/flutter-action@e938fdf56512cc96ef2f93601a5a40bde3801046 # v2
+        uses: subosito/flutter-action@v2
         with:
           channel: 'stable'
           flutter-version-file: ./mobile/pubspec.yaml
@@ -58,16 +50,12 @@ jobs:
         run: dart pub get
         working-directory: ./mobile
 
-      - name: Generate translation file
-        run: make translation; dart format lib/generated/codegen_loader.g.dart
-        working-directory: ./mobile
-
       - name: Run Build Runner
         run: make build
         working-directory: ./mobile
 
       - name: Find file changes
-        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20
+        uses: tj-actions/verify-changed-files@v20
         id: verify-changed-files
         with:
           files: |
@@ -77,11 +65,9 @@ jobs:
 
       - name: Verify files have not changed
         if: steps.verify-changed-files.outputs.files_changed == 'true'
-        env:
-          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
         run: |
           echo "ERROR: Generated files not up to date! Run make_build inside the mobile directory"
-          echo "Changed files: ${CHANGED_FILES}"
+          echo "Changed files: ${{ steps.verify-changed-files.outputs.changed_files }}"
           exit 1
 
       - name: Run dart analyze
@@ -95,30 +81,3 @@ jobs:
       - name: Run dart custom_lint
         run: dart run custom_lint
         working-directory: ./mobile
-
-  zizmor:
-    name: zizmor
-    runs-on: ubuntu-latest
-    permissions:
-      security-events: write
-      contents: read
-      actions: read
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
-      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
-
-      - name: Run zizmor 🌈
-        run: uvx zizmor --format=sarif . > results.sarif
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3
-        with:
-          sarif_file: results.sarif
-          category: zizmor

.github/workflows/test.yml

@@ -9,13 +9,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
-
 jobs:
   pre-job:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     outputs:
       should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
       should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
@@ -25,15 +21,11 @@ jobs:
       should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
       should_run_e2e_web: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
       should_run_e2e_server_cli: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.server == 'true' || steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
-      should_run_.github: ${{ steps.found_paths.outputs['.github'] == 'true' || steps.should_force.outputs.should_force == 'true' }} # redundant to have should_force but if someone changes the trigger then this won't have to be changed
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
+        uses: actions/checkout@v4
       - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
+        uses: dorny/paths-filter@v3
         with:
           filters: |
             web:
@@ -53,8 +45,6 @@ jobs:
               - 'machine-learning/**'
             workflow:
               - '.github/workflows/test.yml'
-            .github:
-              - '.github/**'
 
       - name: Check if we should force jobs to run
         id: should_force
@@ -65,20 +55,16 @@ jobs:
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./server
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './server/.nvmrc'
 
@@ -106,20 +92,16 @@ jobs:
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./cli
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './cli/.nvmrc'
 
@@ -151,20 +133,16 @@ jobs:
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
     runs-on: windows-latest
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./cli
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './cli/.nvmrc'
 
@@ -184,25 +162,21 @@ jobs:
         run: npm run test:cov
         if: ${{ !cancelled() }}
 
-  web-lint:
-    name: Lint Web
+  web-unit-tests:
+    name: Test & Lint Web
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
-    runs-on: mich
-    permissions:
-      contents: read
+    runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ./web
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './web/.nvmrc'
 
@@ -214,7 +188,7 @@ jobs:
         run: npm ci
 
       - name: Run linter
-        run: npm run lint:p
+        run: npm run lint
         if: ${{ !cancelled() }}
 
       - name: Run formatter
@@ -225,35 +199,6 @@ jobs:
         run: npm run check:svelte
         if: ${{ !cancelled() }}
 
-  web-unit-tests:
-    name: Test Web
-    needs: pre-job
-    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    defaults:
-      run:
-        working-directory: ./web
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
-        with:
-          node-version-file: './web/.nvmrc'
-
-      - name: Run setup typescript-sdk
-        run: npm ci && npm run build
-        working-directory: ./open-api/typescript-sdk
-
-      - name: Run npm install
-        run: npm ci
-
       - name: Run tsc
         run: npm run check:typescript
         if: ${{ !cancelled() }}
@@ -267,20 +212,16 @@ jobs:
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./e2e
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './e2e/.nvmrc'
 
@@ -310,20 +251,16 @@ jobs:
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./server
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './server/.nvmrc'
 
@@ -339,21 +276,18 @@ jobs:
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
     runs-on: mich
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./e2e
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@v4
         with:
-          persist-credentials: false
           submodules: 'recursive'
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './e2e/.nvmrc'
 
@@ -384,21 +318,18 @@ jobs:
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
     runs-on: mich
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./e2e
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@v4
         with:
-          persist-credentials: false
           submodules: 'recursive'
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './e2e/.nvmrc'
 
@@ -428,15 +359,10 @@ jobs:
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
+      - uses: actions/checkout@v4
       - name: Setup Flutter SDK
-        uses: subosito/flutter-action@e938fdf56512cc96ef2f93601a5a40bde3801046 # v2
+        uses: subosito/flutter-action@v2
         with:
           channel: 'stable'
           flutter-version-file: ./mobile/pubspec.yaml
@@ -449,19 +375,14 @@ jobs:
     needs: pre-job
     if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     defaults:
       run:
         working-directory: ./machine-learning
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
+      - uses: actions/checkout@v4
       - name: Install uv
-        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
+        uses: astral-sh/setup-uv@v5
+      - uses: actions/setup-python@v5
         # TODO: add caching when supported (https://github.com/actions/setup-python/pull/818)
         # with:
         #   python-version: 3.11
@@ -471,77 +392,39 @@ jobs:
           uv sync --extra cpu
       - name: Lint with ruff
         run: |
-          uv run ruff check --output-format=github immich_ml
+          uv run ruff check --output-format=github app export
       - name: Check black formatting
         run: |
-          uv run black --check immich_ml
+          uv run black --check app export
       - name: Run mypy type checking
         run: |
-          uv run mypy --strict immich_ml/
+          uv run mypy --strict app/
       - name: Run tests and coverage
         run: |
-          uv run pytest --cov=immich_ml --cov-report term-missing
-
-  github-files-formatting:
-    name: .github Files Formatting
-    needs: pre-job
-    if: ${{ needs.pre-job.outputs['should_run_.github'] == 'true' }}
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    defaults:
-      run:
-        working-directory: ./.github
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
-        with:
-          node-version-file: './.github/.nvmrc'
-
-      - name: Run npm install
-        run: npm ci
-
-      - name: Run formatter
-        run: npm run format
-        if: ${{ !cancelled() }}
+          uv run pytest app --cov=app --cov-report term-missing
 
   shellcheck:
     name: ShellCheck
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
-
+      - uses: actions/checkout@v4
       - name: Run ShellCheck
         uses: ludeeus/action-shellcheck@master
         with:
           ignore_paths: >-
             **/open-api/**
-            **/openapi**
+            **/openapi/**
             **/node_modules/**
 
   generated-api-up-to-date:
     name: OpenAPI Clients
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './server/.nvmrc'
 
@@ -555,7 +438,7 @@ jobs:
         run: make open-api
 
       - name: Find file changes
-        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20
+        uses: tj-actions/verify-changed-files@v20
         id: verify-changed-files
         with:
           files: |
@@ -565,18 +448,14 @@ jobs:
 
       - name: Verify files have not changed
         if: steps.verify-changed-files.outputs.files_changed == 'true'
-        env:
-          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
         run: |
           echo "ERROR: Generated files not up to date!"
-          echo "Changed files: ${CHANGED_FILES}"
+          echo "Changed files: ${{ steps.verify-changed-files.outputs.changed_files }}"
           exit 1
 
   generated-typeorm-migrations-up-to-date:
     name: TypeORM Checks
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     services:
       postgres:
         image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52
@@ -597,12 +476,10 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: actions/setup-node@v4
         with:
           node-version-file: './server/.nvmrc'
 
@@ -613,29 +490,27 @@ jobs:
         run: npm run build
 
       - name: Run existing migrations
-        run: npm run migrations:run
+        run: npm run typeorm:migrations:run
 
       - name: Test npm run schema:reset command works
-        run: npm run schema:reset
+        run: npm run typeorm:schema:reset
 
       - name: Generate new migrations
         continue-on-error: true
-        run: npm run migrations:generate TestMigration
+        run: npm run typeorm:migrations:generate ./src/migrations/TestMigration
 
       - name: Find file changes
-        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20
+        uses: tj-actions/verify-changed-files@v20
         id: verify-changed-files
         with:
           files: |
-            server/src
+            server/src/migrations/
       - name: Verify migration files have not changed
         if: steps.verify-changed-files.outputs.files_changed == 'true'
-        env:
-          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
         run: |
           echo "ERROR: Generated migration files not up to date!"
-          echo "Changed files: ${CHANGED_FILES}"
-          cat ./src/*-TestMigration.ts
+          echo "Changed files: ${{ steps.verify-changed-files.outputs.changed_files }}"
+          cat ./src/migrations/*-TestMigration.ts
           exit 1
 
       - name: Run SQL generation
@@ -644,7 +519,7 @@ jobs:
           DB_URL: postgres://postgres:postgres@localhost:5432/immich
 
       - name: Find file changes
-        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20
+        uses: tj-actions/verify-changed-files@v20
         id: verify-changed-sql-files
         with:
           files: |
@@ -652,11 +527,9 @@ jobs:
 
       - name: Verify SQL files have not changed
         if: steps.verify-changed-sql-files.outputs.files_changed == 'true'
-        env:
-          CHANGED_FILES: ${{ steps.verify-changed-sql-files.outputs.changed_files }}
         run: |
           echo "ERROR: Generated SQL files not up to date!"
-          echo "Changed files: ${CHANGED_FILES}"
+          echo "Changed files: ${{ steps.verify-changed-sql-files.outputs.changed_files }}"
           exit 1
 
   # mobile-integration-tests:

.github/workflows/weblate-lock.yml

@@ -4,32 +4,30 @@ on:
   pull_request:
     branches: [main]
 
-permissions: {}
-
 jobs:
   pre-job:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     outputs:
       should_run: ${{ steps.found_paths.outputs.i18n == 'true' && github.head_ref != 'chore/translations'}}
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
       - id: found_paths
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
+        uses: dorny/paths-filter@v3
         with:
           filters: |
             i18n:
               - 'i18n/!(en)**\.json'
+      - name: Debug
+        run: |
+            echo "Should run: ${{ steps.found_paths.outputs.i18n == 'true' && github.head_ref != 'chore/translations'}}"
+            echo "Found i18n paths: ${{ steps.found_paths.outputs.i18n }}"
+            echo "Head ref: ${{ github.head_ref }}"
 
   enforce-lock:
     name: Check Weblate Lock
-    needs: [pre-job]
+    needs: [ pre-job ]
     runs-on: ubuntu-latest
-    permissions: {}
     if: ${{ needs.pre-job.outputs.should_run == 'true' }}
     steps:
       - name: Check weblate lock
@@ -38,7 +36,7 @@ jobs:
             exit 1
           fi
       - name: Find Pull Request
-        uses: juliangruber/find-pull-request-action@48b6133aa6c826f267ebd33aa2d29470f9d9e7d0 # v1
+        uses: juliangruber/find-pull-request-action@v1
         id: find-pr
         with:
           branch: chore/translations
@@ -47,9 +45,8 @@ jobs:
         run: exit 1
   success-check-lock:
     name: Weblate Lock Check Success
-    needs: [enforce-lock]
+    needs: [ enforce-lock ]
     runs-on: ubuntu-latest
-    permissions: {}
     if: always()
     steps:
       - name: Any jobs failed?
@@ -57,5 +54,4 @@ jobs:
         run: exit 1
       - name: All jobs passed or skipped
         if: ${{ !(contains(needs.*.result, 'failure')) }}
-        # zizmor: ignore[template-injection]
         run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"

.vscode/settings.json

@@ -1,63 +1,44 @@
 {
+  "editor.formatOnSave": true,
+  "[javascript]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode",
+    "editor.tabSize": 2,
+    "editor.formatOnSave": true
+  },
+  "[typescript]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode",
+    "editor.tabSize": 2,
+    "editor.formatOnSave": true
+  },
   "[css]": {
     "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true,
+    "editor.tabSize": 2,
+    "editor.formatOnSave": true
+  },
+  "[svelte]": {
+    "editor.defaultFormatter": "svelte.svelte-vscode",
     "editor.tabSize": 2
   },
+  "svelte.enable-ts-plugin": true,
+  "eslint.validate": [
+    "javascript",
+    "svelte"
+  ],
+  "typescript.preferences.importModuleSpecifier": "non-relative",
   "[dart]": {
-    "editor.defaultFormatter": "Dart-Code.dart-code",
     "editor.formatOnSave": true,
     "editor.selectionHighlight": false,
     "editor.suggest.snippetsPreventQuickSuggestions": false,
     "editor.suggestSelection": "first",
     "editor.tabCompletion": "onlySnippets",
-    "editor.wordBasedSuggestions": "off"
+    "editor.wordBasedSuggestions": "off",
+    "editor.defaultFormatter": "Dart-Code.dart-code"
   },
-  "[javascript]": {
-    "editor.codeActionsOnSave": {
-      "source.organizeImports": "explicit",
-      "source.removeUnusedImports": "explicit"
-    },
-    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true,
-    "editor.tabSize": 2
-  },
-  "[json]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true,
-    "editor.tabSize": 2
-  },
-  "[jsonc]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true,
-    "editor.tabSize": 2
-  },
-  "[svelte]": {
-    "editor.codeActionsOnSave": {
-      "source.organizeImports": "explicit",
-      "source.removeUnusedImports": "explicit"
-    },
-    "editor.defaultFormatter": "svelte.svelte-vscode",
-    "editor.formatOnSave": true,
-    "editor.tabSize": 2
-  },
-  "[typescript]": {
-    "editor.codeActionsOnSave": {
-      "source.organizeImports": "explicit",
-      "source.removeUnusedImports": "explicit"
-    },
-    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true,
-    "editor.tabSize": 2
-  },
-  "cSpell.words": ["immich"],
-  "editor.formatOnSave": true,
-  "eslint.validate": ["javascript", "svelte"],
+  "cSpell.words": [
+    "immich"
+  ],
   "explorer.fileNesting.enabled": true,
   "explorer.fileNesting.patterns": {
-    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
     "*.ts": "${capture}.spec.ts,${capture}.mock.ts"
-  },
-  "svelte.enable-ts-plugin": true,
-  "typescript.preferences.importModuleSpecifier": "non-relative"
-}
+  }
+}

Makefile

@@ -17,9 +17,6 @@ e2e:
 prod:
 	docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
 
-prod-down:
-	docker compose -f ./docker/docker-compose.prod.yml down --remove-orphans
-
 prod-scale:
 	docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
 
@@ -42,7 +39,7 @@ attach-server:
 renovate:
   LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset
 
-MODULES = e2e server web cli sdk docs .github
+MODULES = e2e server web cli sdk docs
 
 audit-%:
 	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) audit fix
@@ -80,14 +77,14 @@ test-medium:
 test-medium-dev:
 	docker exec -it immich_server /bin/sh -c "npm run test:medium"
 
-build-all: $(foreach M,$(filter-out e2e .github,$(MODULES)),build-$M) ;
+build-all: $(foreach M,$(filter-out e2e,$(MODULES)),build-$M) ;
 install-all: $(foreach M,$(MODULES),install-$M) ;
-check-all: $(foreach M,$(filter-out sdk cli docs .github,$(MODULES)),check-$M) ;
-lint-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),lint-$M) ;
+check-all: $(foreach M,$(filter-out sdk cli docs,$(MODULES)),check-$M) ;
+lint-all: $(foreach M,$(filter-out sdk docs,$(MODULES)),lint-$M) ;
 format-all: $(foreach M,$(filter-out sdk,$(MODULES)),format-$M) ;
 audit-all:  $(foreach M,$(MODULES),audit-$M) ;
 hygiene-all: lint-all format-all check-all sql audit-all;
-test-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),test-$M) ;
+test-all: $(foreach M,$(filter-out sdk docs,$(MODULES)),test-$M) ;
 
 clean:
 	find . -name "node_modules" -type d -prune -exec rm -rf '{}' +

README.md

@@ -61,7 +61,9 @@
 
 ## Demo
 
-Access the demo [here](https://demo.immich.app). For the mobile app, you can use `https://demo.immich.app` for the `Server Endpoint URL`.
+Access the demo [here](https://demo.immich.app). The demo is running on a Free-tier Oracle VM in Amsterdam with a 2.4Ghz quad-core ARM64 CPU and 24GB RAM.
+
+For the mobile app, you can use `https://demo.immich.app` for the `Server Endpoint URL`
 
 ### Login credentials
 
@@ -102,7 +104,7 @@ Access the demo [here](https://demo.immich.app). For the mobile app, you can use
 | Read-only gallery                            | Yes    | Yes |
 | Stacked Photos                               | Yes    | Yes |
 | Tags                                         | No     | Yes |
-| Folder View                                  | Yes    | Yes |
+| Folder View                                  | No     | Yes |
 
 ## Translations
 

cli/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:22.15.0-alpine3.20@sha256:686b8892b69879ef5bfd6047589666933508f9a5451c67320df3070ba0e9807b AS core
+FROM node:22.14.0-alpine3.20@sha256:40be979442621049f40b1d51a26b55e281246b5de4e5f51a18da7beb6e17e3f9 AS core
 
 WORKDIR /usr/src/open-api/typescript-sdk
 COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./

cli/eslint.config.mjs

@@ -1,29 +1,39 @@
+import { FlatCompat } from '@eslint/eslintrc';
 import js from '@eslint/js';
-import eslintPluginPrettierRecommended from 'eslint-plugin-prettier/recommended';
-import eslintPluginUnicorn from 'eslint-plugin-unicorn';
+import typescriptEslint from '@typescript-eslint/eslint-plugin';
+import tsParser from '@typescript-eslint/parser';
 import globals from 'globals';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
-import typescriptEslint from 'typescript-eslint';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
+const compat = new FlatCompat({
+  baseDirectory: __dirname,
+  recommendedConfig: js.configs.recommended,
+  allConfig: js.configs.all,
+});
 
-export default typescriptEslint.config([
-  eslintPluginUnicorn.configs.recommended,
-  eslintPluginPrettierRecommended,
-  js.configs.recommended,
-  typescriptEslint.configs.recommended,
+export default [
   {
     ignores: ['eslint.config.mjs', 'dist'],
   },
+  ...compat.extends(
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+    'plugin:unicorn/recommended',
+  ),
   {
+    plugins: {
+      '@typescript-eslint': typescriptEslint,
+    },
+
     languageOptions: {
       globals: {
         ...globals.node,
       },
 
-      parser: typescriptEslint.parser,
+      parser: tsParser,
       ecmaVersion: 5,
       sourceType: 'module',
 
@@ -48,4 +58,4 @@ export default typescriptEslint.config([
       'object-shorthand': ['error', 'always'],
     },
   },
-]);
+];

cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@immich/cli",
-  "version": "2.2.65",
+  "version": "2.2.53",
   "description": "Command Line Interface (CLI) for Immich",
   "type": "module",
   "exports": "./dist/index.js",
@@ -21,7 +21,9 @@
     "@types/lodash-es": "^4.17.12",
     "@types/micromatch": "^4.0.9",
     "@types/mock-fs": "^4.13.1",
-    "@types/node": "^22.14.1",
+    "@types/node": "^22.13.9",
+    "@typescript-eslint/eslint-plugin": "^8.15.0",
+    "@typescript-eslint/parser": "^8.15.0",
     "@vitest/coverage-v8": "^3.0.0",
     "byte-size": "^9.0.0",
     "cli-progress": "^3.12.0",
@@ -29,13 +31,12 @@
     "eslint": "^9.14.0",
     "eslint-config-prettier": "^10.0.0",
     "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^57.0.0",
+    "eslint-plugin-unicorn": "^56.0.1",
     "globals": "^16.0.0",
     "mock-fs": "^5.2.0",
     "prettier": "^3.2.5",
     "prettier-plugin-organize-imports": "^4.0.0",
     "typescript": "^5.3.3",
-    "typescript-eslint": "^8.28.0",
     "vite": "^6.0.0",
     "vite-tsconfig-paths": "^5.0.0",
     "vitest": "^3.0.0",

docker/docker-compose.dev.yml

@@ -95,12 +95,12 @@ services:
     image: immich-machine-learning-dev:latest
     # extends:
     #   file: hwaccel.ml.yml
-    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
+    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl, rknn] for accelerated inference
     build:
       context: ../machine-learning
       dockerfile: Dockerfile
       args:
-        - DEVICE=cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
+        - DEVICE=cpu # set to one of [armnn, cuda, openvino, openvino-wsl, rknn] for accelerated inference
     ports:
       - 3003:3003
     volumes:
@@ -116,7 +116,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:c855f98e09d558a0d7cc1a4e56473231206a4c54c0114ada9c485b47aeb92ec8
+    image: redis:6.2-alpine@sha256:148bb5411c184abd288d9aaed139c98123eeb8824c5d3fce03cf721db58066d8
     healthcheck:
       test: redis-cli ping || exit 1
 

docker/docker-compose.prod.yml

@@ -38,12 +38,12 @@ services:
     image: immich-machine-learning:latest
     # extends:
     #   file: hwaccel.ml.yml
-    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
+    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl, rknn] for accelerated inference
     build:
       context: ../machine-learning
       dockerfile: Dockerfile
       args:
-        - DEVICE=cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
+        - DEVICE=cpu # set to one of [armnn, cuda, openvino, openvino-wsl, rknn] for accelerated inference
     ports:
       - 3003:3003
     volumes:
@@ -56,7 +56,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:c855f98e09d558a0d7cc1a4e56473231206a4c54c0114ada9c485b47aeb92ec8
+    image: redis:6.2-alpine@sha256:148bb5411c184abd288d9aaed139c98123eeb8824c5d3fce03cf721db58066d8
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always
@@ -90,7 +90,7 @@ services:
     container_name: immich_prometheus
     ports:
       - 9090:9090
-    image: prom/prometheus@sha256:339ce86a59413be18d0e445472891d022725b4803fab609069110205e79fb2f1
+    image: prom/prometheus@sha256:6927e0919a144aa7616fd0137d4816816d42f6b816de3af269ab065250859a62
     volumes:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus-data:/prometheus
@@ -102,7 +102,7 @@ services:
     command: [ './run.sh', '-disable-reporting' ]
     ports:
       - 3000:3000
-    image: grafana/grafana:11.6.1-ubuntu@sha256:6fc273288470ef499dd3c6b36aeade093170d4f608f864c5dd3a7fabeae77b50
+    image: grafana/grafana:11.5.2-ubuntu@sha256:8b5858c447e06fd7a89006b562ba7bba7c4d5813600c7982374c41852adefaeb
     volumes:
       - grafana-data:/var/lib/grafana
 

docker/docker-compose.yml

@@ -33,12 +33,12 @@ services:
 
   immich-machine-learning:
     container_name: immich_machine_learning
-    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
+    # For hardware acceleration, add one of -[armnn, cuda, openvino, rknn] to the image tag.
     # Example tag: ${IMMICH_VERSION:-release}-cuda
     image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
     # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
     #   file: hwaccel.ml.yml
-    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
+    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
     volumes:
       - model-cache:/cache
     env_file:
@@ -49,7 +49,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:c855f98e09d558a0d7cc1a4e56473231206a4c54c0114ada9c485b47aeb92ec8
+    image: docker.io/redis:6.2-alpine@sha256:148bb5411c184abd288d9aaed139c98123eeb8824c5d3fce03cf721db58066d8
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always

docker/example.env

@@ -2,8 +2,7 @@
 
 # The location where your uploaded files are stored
 UPLOAD_LOCATION=./library
-
-# The location where your database files are stored. Network shares are not supported for the database
+# The location where your database files are stored
 DB_DATA_LOCATION=./postgres
 
 # To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List

docker/hwaccel.ml.yml

@@ -33,13 +33,6 @@ services:
               capabilities:
                 - gpu
 
-  rocm:
-    group_add:
-      - video
-    devices:
-      - /dev/dri:/dev/dri
-      - /dev/kfd:/dev/kfd
-
   openvino:
     device_cgroup_rules:
       - 'c 189:* rmw'

docs/docs/FAQ.mdx

@@ -262,7 +262,7 @@ No, this is not supported. Only models listed in the [Hugging Face][huggingface]
 
 ### I want to be able to search in other languages besides English. How can I do that?
 
-You can change to a multilingual CLIP model. See [here](/docs/features/searching#clip-models) for instructions.
+You can change to a multilingual CLIP model. See [here](/docs/features/searching#clip-model) for instructions.
 
 ### Does Immich support Facial Recognition for videos?
 

docs/docs/administration/backup-and-restore.md

@@ -23,32 +23,23 @@ Refer to the official [postgres documentation](https://www.postgresql.org/docs/c
 It is not recommended to directly backup the `DB_DATA_LOCATION` folder. Doing so while the database is running can lead to a corrupted backup that cannot be restored.
 :::
 
-### Automatic Database Dumps
+### Automatic Database Backups
 
-:::warning
-The automatic database dumps can be used to restore the database in the event of damage to the Postgres database files.
-There is no monitoring for these dumps and you will not be notified if they are unsuccessful.
-:::
+For convenience, Immich will automatically create database backups by default. The backups are stored in `UPLOAD_LOCATION/backups`.  
+As mentioned above, you should make your own backup of these together with the asset folders as noted below.  
+You can adjust the schedule and amount of kept backups in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).  
+By default, Immich will keep the last 14 backups and create a new backup every day at 2:00 AM.
 
-:::caution
-The database dumps do **NOT** contain any pictures or videos, only metadata. They are only usable with a copy of the other files in `UPLOAD_LOCATION` as outlined below.
-:::
+#### Trigger Backup
 
-For disaster-recovery purposes, Immich will automatically create database dumps. The dumps are stored in `UPLOAD_LOCATION/backups`.
-Please be sure to make your own, independent backup of the database together with the asset folders as noted below.
-You can adjust the schedule and amount of kept database dumps in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).
-By default, Immich will keep the last 14 database dumps and create a new dump every day at 2:00 AM.
-
-#### Trigger Dump
-
-You are able to trigger a database dump in the [admin job status page](http://my.immich.app/admin/jobs-status).
-Visit the page, open the "Create job" modal from the top right, select "Create Database Dump" and click "Confirm".
-A job will run and trigger a dump, you can verify this worked correctly by checking the logs or the `backups/` folder.
-This dumps will count towards the last `X` dumps that will be kept based on your settings.
+You are able to trigger a backup in the [admin job status page](http://my.immich.app/admin/jobs-status).
+Visit the page, open the "Create job" modal from the top right, select "Backup Database" and click "Confirm".
+A job will run and trigger a backup, you can verify this worked correctly by checking the logs or the backup folder.
+This backup will count towards the last X backups that will be kept based on your settings.
 
 #### Restoring
 
-We hope to make restoring simpler in future versions, for now you can find the database dumps in the `UPLOAD_LOCATION/backups` folder on your host.
+We hope to make restoring simpler in future versions, for now you can find the backups in the `UPLOAD_LOCATION/backups` folder on your host.  
 Then please follow the steps in the following section for restoring the database.
 
 ### Manual Backup and Restore

docs/docs/administration/server-commands.md

@@ -11,7 +11,6 @@ The `immich-server` docker image comes preinstalled with an administrative CLI (
 | `enable-oauth-login`     | Enable OAuth login                    |
 | `disable-oauth-login`    | Disable OAuth login                   |
 | `list-users`             | List Immich users                     |
-| `version`                | Print Immich version                  |
 
 ## How to run a command
 
@@ -81,10 +80,3 @@ immich-admin list-users
   }
 ]
 ```
-
-Print Immich Version
-
-```
-immich-admin version
-v1.129.0
-```

docs/docs/administration/user-management.mdx

@@ -31,7 +31,7 @@ Admin can send a welcome email if the Email option is set, you can learn here ho
 
 Admin can specify the storage quota for the user as the instance's admin; once the limit is reached, the user won't be able to upload to the instance anymore.
 
-In order to select a storage quota, click on the pencil icon and enter the storage quota in GiB. You can choose an unlimited quota by leaving it empty (default).
+In order to select a storage quota, click on the pencil icon and enter the storage quota in GiB. You can choose an unlimited quota using the value 0 (default).
 
 :::tip
 The system administrator can see the usage quota percentage of all users in Server Stats page.

docs/docs/developer/database-migrations.md

@@ -1,14 +1,14 @@
 # Database Migrations
 
-After making any changes in the `server/src/schema`, a database migration need to run in order to register the changes in the database. Follow the steps below to create a new migration.
+After making any changes in the `server/src/entities`, a database migration need to run in order to register the changes in the database. Follow the steps below to create a new migration.
 
 1. Run the command
 
 ```bash
-npm run migrations:generate <migration-name>
+npm run typeorm:migrations:generate <migration-name>
 ```
 
 2. Check if the migration file makes sense.
-3. Move the migration file to folder `./server/src/schema/migrations` in your code editor.
+3. Move the migration file to folder `./server/src/migrations` in your code editor.
 
 The server will automatically detect `*.ts` file changes and restart. Part of the server start-up process includes running any new migrations, so it will be applied immediately.

docs/docs/developer/setup.md

@@ -63,13 +63,6 @@ If you only want to do web development connected to an existing, remote backend,
 IMMICH_SERVER_URL=https://demo.immich.app/ npm run dev
 ```
 
-If you're using PowerShell on Windows you may need to set the env var separately like so:
-
-```powershell
-$env:IMMICH_SERVER_URL = "https://demo.immich.app/"
-npm run dev
-```
-
 #### `@immich/ui`
 
 To see local changes to `@immich/ui` in Immich, do the following:
@@ -83,20 +76,9 @@ To see local changes to `@immich/ui` in Immich, do the following:
 
 ### Mobile app
 
-#### Setup
+The mobile app `(/mobile)` will required Flutter toolchain 3.13.x and FVM to be installed on your system.
 
-1. Setup Flutter toolchain using FVM.
-2. Run `flutter pub get` to install the dependencies.
-3. Run `make translation` to generate the translation file.
-4. Run `fvm flutter run` to start the app.
-
-#### Translation
-
-To add a new translation text, enter the key-value pair in the `i18n/en.json` in the root of the immich project. Then, from the `mobile/` directory, run
-
-```bash
-make translation
-```
+Please refer to the [Flutter's official documentation](https://flutter.dev/docs/get-started/install) for more information on setting up the toolchain on your machine.
 
 The mobile app asks you what backend to connect to. You can utilize the demo backend (https://demo.immich.app/) if you don't need to change server code or upload photos. Alternatively, you can run the server yourself per the instructions above.
 

docs/docs/features/command-line-interface.md

@@ -42,12 +42,6 @@ docker run -it -v "$(pwd)":/import:ro -e IMMICH_INSTANCE_URL=https://your-immich
 
 Please modify the `IMMICH_INSTANCE_URL` and `IMMICH_API_KEY` environment variables as suitable. You can also use a Docker env file to store your sensitive API key.
 
-This `docker run` command will directly run the command `immich` inside the container. You can directly append the desired parameters (see under "usage") to the commandline like this:
-
-```bash
-docker run -it -v "$(pwd)":/import:ro -e IMMICH_INSTANCE_URL=https://your-immich-instance/api -e IMMICH_API_KEY=your-api-key ghcr.io/immich-app/immich-cli:latest upload -a -c 5 --recursive directory/
-```
-
 ## Usage
 
 <details>
@@ -118,7 +112,7 @@ You begin by authenticating to your Immich server. For instance:
 immich login http://192.168.1.216:2283/api HFEJ38DNSDUEG
 ```
 
-This will store your credentials in a `auth.yml` file in the configuration directory which defaults to `~/.config/immich/`. The directory can be set with the `-d` option or the environment variable `IMMICH_CONFIG_DIR`. Please keep the file secure, either by performing the logout command after you are done, or deleting it manually.
+This will store your credentials in a `auth.yml` file in the configuration directory which defaults to `~/.config/`. The directory can be set with the `-d` option or the environment variable `IMMICH_CONFIG_DIR`. Please keep the file secure, either by performing the logout command after you are done, or deleting it manually.
 
 Once you are authenticated, you can upload assets to your Immich server.
 

docs/docs/features/libraries.md

@@ -95,7 +95,7 @@ The `immich-server` container will need access to the gallery. Modify your docke
 +     - /mnt/nas/christmas-trip:/mnt/media/christmas-trip:ro
 +     - /home/user/old-pics:/mnt/media/old-pics:ro
 +     - /mnt/media/videos:/mnt/media/videos:ro
-+     - /mnt/media/videos2:/mnt/media/videos2 # WARNING: Immich will be able to delete the files in this folder, as it does not end with :ro
++     - /mnt/media/videos2:/mnt/media/videos2 # the files in this folder can be deleted, as it does not end with :ro
 +     - "C:/Users/user_name/Desktop/my media:/mnt/media/my-media:ro" # import path in Windows system.
 ```
 

docs/docs/features/ml-hardware-acceleration.md

@@ -11,7 +11,6 @@ You do not need to redo any machine learning jobs after enabling hardware accele
 
 - ARM NN (Mali)
 - CUDA (NVIDIA GPUs with [compute capability](https://developer.nvidia.com/cuda-gpus) 5.2 or higher)
-- ROCm (AMD GPUs)
 - OpenVINO (Intel GPUs such as Iris Xe and Arc)
 - RKNN (Rockchip)
 
@@ -42,15 +41,9 @@ You do not need to redo any machine learning jobs after enabling hardware accele
 
 - The GPU must have compute capability 5.2 or greater.
 - The server must have the official NVIDIA driver installed.
-- The installed driver must be >= 545 (it must support CUDA 12.3).
+- The installed driver must be >= 535 (it must support CUDA 12.2).
 - On Linux (except for WSL2), you also need to have [NVIDIA Container Toolkit][nvct] installed.
 
-#### ROCm
-
-- The GPU must be supported by ROCm. If it isn't officially supported, you can attempt to use the `HSA_OVERRIDE_GFX_VERSION` environmental variable: `HSA_OVERRIDE_GFX_VERSION=<a supported version, e.g. 10.3.0>`. If this doesn't work, you might need to also set `HSA_USE_SVM=0`.
-- The ROCm image is quite large and requires at least 35GiB of free disk space. However, pulling later updates to the service through Docker will generally only amount to a few hundred megabytes as the rest will be cached.
-- This backend is new and may experience some issues. For example, GPU power consumption can be higher than usual after running inference, even if the machine learning service is idle. In this case, it will only go back to normal after being idle for 5 minutes (configurable with the [MACHINE_LEARNING_MODEL_TTL](/docs/install/environment-variables) setting).
-
 #### OpenVINO
 
 - Integrated GPUs are more likely to experience issues than discrete GPUs, especially for older processors or servers with low RAM.
@@ -71,12 +64,12 @@ You do not need to redo any machine learning jobs after enabling hardware accele
 
 1. If you do not already have it, download the latest [`hwaccel.ml.yml`][hw-file] file and ensure it's in the same folder as the `docker-compose.yml`.
 2. In the `docker-compose.yml` under `immich-machine-learning`, uncomment the `extends` section and change `cpu` to the appropriate backend.
-3. Still in `immich-machine-learning`, add one of -[armnn, cuda, rocm, openvino, rknn] to the `image` section's tag at the end of the line.
+3. Still in `immich-machine-learning`, add one of -[armnn, cuda, openvino] to the `image` section's tag at the end of the line.
 4. Redeploy the `immich-machine-learning` container with these updated settings.
 
 ### Confirming Device Usage
 
-You can confirm the device is being recognized and used by checking its utilization. There are many tools to display this, such as `nvtop` for NVIDIA or Intel, `intel_gpu_top` for Intel, and `radeontop` for AMD.
+You can confirm the device is being recognized and used by checking its utilization. There are many tools to display this, such as `nvtop` for NVIDIA or Intel and `intel_gpu_top` for Intel.
 
 You can also check the logs of the `immich-machine-learning` container. When a Smart Search or Face Detection job begins, or when you search with text in Immich, you should either see a log for `Available ORT providers` containing the relevant provider (e.g. `CUDAExecutionProvider` in the case of CUDA), or a `Loaded ANN model` log entry without errors in the case of ARM NN.
 

docs/docs/guides/custom-map-styles.md

@@ -14,14 +14,14 @@ online generators you can use.
 2. Paste the link to your JSON style in either the **Light Style** or **Dark Style**. (You can add different styles which will help make the map style more appropriate depending on whether you set **Immich** to Light or Dark mode.)
 3. Save your selections. Reload the map, and enjoy your custom map style!
 
-## Use MapTiler to build a custom style
+## Use Maptiler to build a custom style
 
-Customizing the map style can be done easily using MapTiler, if you do not want to write an entire JSON document by hand.
+Customizing the map style can be done easily using Maptiler, if you do not want to write an entire JSON document by hand.
 
 1. Create a free account at https://cloud.maptiler.com
 2. Once logged in, you can either create a brand new map by clicking on **New Map**, selecting a starter map, and then clicking **Customize**, OR by selecting a **Standard Map** and customizing it from there.
 3. The **editor** interface is self-explanatory. You can change colors, remove visible layers, or add optional layers (e.g., administrative, topo, hydro, etc.) in the composer.
 4. Once you have your map composed, click on **Save** at the top right. Give it a unique name to save it to your account.
-5. Next, **Publish** your style using the **Publish** button at the top right. This will deploy it to production, which means it is able to be exposed over the Internet. MapTiler will present an interactive side-by-side map with the original and your changes prior to publication.<br/>![MapTiler Publication Settings](img/immich_map_styles_publish.webp)
-6. MapTiler will warn you that changing the map will change it across all apps using the map. Since no apps are using the map yet, this is okay.
-7. Clicking on the name of your new map at the top left will bring you to the item's **details** page. From here, copy the link to the JSON style under **Use vector style**. This link will automatically contain your personal API key to MapTiler.
+5. Next, **Publish** your style using the **Publish** button at the top right. This will deploy it to production, which means it is able to be exposed over the Internet. Maptiler will present an interactive side-by-side map with the original and your changes prior to publication.<br/>![Maptiler Publication Settings](img/immich_map_styles_publish.webp)
+6. Maptiler will warn you that changing the map will change it across all apps using the map. Since no apps are using the map yet, this is okay.
+7. Clicking on the name of your new map at the top left will bring you to the item's **details** page. From here, copy the link to the JSON style under **Use vector style**. This link will automatically contain your personal API key to Maptiler.

docs/docs/guides/database-queries.md

@@ -1,7 +1,7 @@
 # Database Queries
 
 :::danger
-Keep in mind that mucking around in the database might set the Moon on fire. Avoid modifying the database directly when possible, and always have current backups.
+Keep in mind that mucking around in the database might set the moon on fire. Avoid modifying the database directly when possible, and always have current backups.
 :::
 
 :::tip

docs/docs/guides/remote-machine-learning.md

@@ -23,12 +23,12 @@ name: immich_remote_ml
 services:
   immich-machine-learning:
     container_name: immich_machine_learning
-    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
+    # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
     # Example tag: ${IMMICH_VERSION:-release}-cuda
     image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
     # extends:
     #   file: hwaccel.ml.yml
-    #   service: # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
+    #   service: # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
     volumes:
       - model-cache:/cache
     restart: always

docs/docs/install/config-file.md

@@ -1,7 +1,3 @@
----
-sidebar_position: 100
----
-
 # Config File
 
 A config file can be provided as an alternative to the UI configuration.

docs/docs/install/docker-compose.mdx

@@ -69,7 +69,39 @@ If you get an error `can't set healthcheck.start_interval as feature require Doc
 
 ## Next Steps
 
-Read the [Post Installation](/docs/install/post-install.mdx) steps and [upgrade instructions](/docs/install/upgrading.md).
+Read the [Post Installation](/docs/install/post-install.mdx) steps or setup optional features below.
+
+### Setting up optional features
+
+- [External Libraries](/docs/features/libraries.md): Adding your existing photo library to Immich
+- [Hardware Transcoding](/docs/features/hardware-transcoding.md): Speeding up video transcoding
+- [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md): Speeding up various machine learning tasks in Immich
+
+### Upgrading
+
+:::danger Read the release notes
+Immich is currently under heavy development, which means you can expect [breaking changes][breaking] and bugs. Therefore, we recommend reading the release notes prior to updating and to take special care when using automated tools like [Watchtower][watchtower].
+
+You can see versions that had breaking changes [here][breaking].
+:::
+
+If `IMMICH_VERSION` is set, it will need to be updated to the latest or desired version.
+
+When a new version of Immich is [released][releases], the application can be upgraded and restarted with the following commands, run in the directory with the `docker-compose.yml` file:
+
+```bash title="Upgrade and restart Immich"
+docker compose pull && docker compose up -d
+```
+
+To clean up disk space, the old version's obsolete container images can be deleted with the following command:
+
+```bash title="Clean up unused Docker images"
+docker image prune
+```
 
 [compose-file]: https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
 [env-file]: https://github.com/immich-app/immich/releases/latest/download/example.env
+[watchtower]: https://containrrr.dev/watchtower/
+[breaking]: https://github.com/immich-app/immich/discussions?discussions_q=label%3Achangelog%3Abreaking-change+sort%3Adate_created
+[container-auth]: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry
+[releases]: https://github.com/immich-app/immich/releases

docs/docs/install/post-install.mdx

@@ -41,9 +41,3 @@ A list of common steps to take after installing Immich include:
 ## Step 7 - Setup Server Backups
 
 <ServerBackup />
-
-## Setting up optional features
-
-- [External Libraries](/docs/features/libraries.md): Adding your existing photo library to Immich
-- [Hardware Transcoding](/docs/features/hardware-transcoding.md): Speeding up video transcoding
-- [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md): Speeding up various machine learning tasks in Immich

docs/docs/install/synology.md

@@ -67,4 +67,10 @@ Click "**Edit Rules**" and add the following firewall rules:
 
 ## Next Steps
 
-Read the [Post Installation](/docs/install/post-install.mdx) steps and [upgrade instructions](/docs/install/upgrading.md).
+Read the [Post Installation](/docs/install/post-install.mdx) steps or setup optional features below.
+
+### Setting up optional features
+
+- [External Libraries](/docs/features/libraries.md): Adding your existing photo library to Immich
+- [Hardware Transcoding](/docs/features/hardware-transcoding.md): Speeding up video transcoding
+- [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md): Speeding up various machine learning tasks in Immich

docs/docs/install/truenas.md

@@ -247,10 +247,6 @@ Some examples are: `IMMICH_VERSION`, `UPLOAD_LOCATION`, `DB_DATA_LOCATION`, `TZ`
 
 ## Updating the App
 
-:::danger
-Make sure to read the general [upgrade instructions](/docs/install/upgrading.md).
-:::
-
 When updates become available, SCALE alerts and provides easy updates.
 To update the app to the latest version:
 

docs/docs/install/unraid.md

@@ -131,10 +131,6 @@ For more information on how to use the application once installed, please refer
 
 ## Updating Steps
 
-:::danger
-Make sure to read the general [upgrade instructions](/docs/install/upgrading.md).
-:::
-
 Updating is extremely easy however it's important to be aware that containers managed via the Docker Compose Manager plugin do not integrate with Unraid's native dockerman UI, the label "_update ready_" will always be present on containers installed via the Docker Compose Manager.
 
 <img

docs/docs/install/upgrading.md

@@ -1,29 +0,0 @@
----
-sidebar_position: 95
----
-
-# Upgrading
-
-:::danger Read the release notes
-Immich is currently under heavy development, which means you can expect [breaking changes][breaking] and bugs. You should read the release notes prior to updating and take special care when using automated tools like [Watchtower][watchtower].
-
-You can see versions that had breaking changes [here][breaking].
-:::
-
-When a new version of Immich is [released][releases], you should read the release notes and account for any breaking changes noted (as mentioned above).
-If you use `IMMICH_VERSION` in your `.env` file, it will need to be updated to the latest or desired version.
-After that, the application can be upgraded and restarted with the following commands, run in the directory with the `docker-compose.yml` file:
-
-```bash title="Upgrade and restart Immich"
-docker compose pull && docker compose up -d
-```
-
-To clean up disk space, the old version's obsolete container images can be deleted with the following command:
-
-```bash title="Clean up unused Docker images"
-docker image prune
-```
-
-[watchtower]: https://containrrr.dev/watchtower/
-[breaking]: https://github.com/immich-app/immich/discussions?discussions_q=label%3Achangelog%3Abreaking-change+sort%3Adate_created
-[releases]: https://github.com/immich-app/immich/releases

docs/docs/partials/_server-backup.md

@@ -1,7 +1,2 @@
 Now that you have imported some pictures, you should setup server backups to preserve your memories.
 You can do so by following our [backup guide](/docs/administration/backup-and-restore.md).
-
-:::danger
-Immich is still under heavy development _and_ handles very important data.
-It is essential that you set up good backups, and test them.
-:::

docs/src/components/community-projects.tsx

@@ -40,9 +40,8 @@ const projects: CommunityProjectProps[] = [
   },
   {
     title: 'Lightroom Immich Plugin: lrc-immich-plugin',
-    description:
-      'Lightroom plugin to publish, export photos from Lightroom to Immich. Import from Immich to Lightroom is also supported.',
-    url: 'https://blog.fokuspunk.de/lrc-immich-plugin/',
+    description: 'Another Lightroom plugin to publish or export photos from Lightroom to Immich.',
+    url: 'https://github.com/bmachek/lrc-immich-plugin',
   },
   {
     title: 'Immich Duplicate Finder',

docs/src/pages/errors.md

@@ -1,5 +0,0 @@
-# Errors
-
-## TypeORM Upgrade
-
-The upgrade to Immich `v2.x.x` has a required upgrade path to `v1.132.0+`. This means it is required to start up the application at least once on version `1.132.0` (or later). Doing so will complete database schema upgrades that are required for `v2.0.0`. After Immich has successfully booted on this version, shut the system down and try the `v2.x.x` upgrade again.

docs/src/pages/index.tsx

@@ -1,11 +1,12 @@
 import React from 'react';
 import Link from '@docusaurus/Link';
 import Layout from '@theme/Layout';
+import { useColorMode } from '@docusaurus/theme-common';
 import { discordPath, discordViewBox } from '@site/src/components/svg-paths';
-import ThemedImage from '@theme/ThemedImage';
 import Icon from '@mdi/react';
-import { mdiAndroid } from '@mdi/js';
 function HomepageHeader() {
+  const { isDarkTheme } = useColorMode();
+
   return (
     <header>
       <div className="top-[calc(12%)]  md:top-[calc(30%)] h-screen w-full absolute -z-10">
@@ -13,8 +14,8 @@ function HomepageHeader() {
         <div className="w-full h-[120vh] absolute left-0 top-0 backdrop-blur-3xl bg-immich-bg/40 dark:bg-transparent"></div>
       </div>
       <section className="text-center pt-12 sm:pt-24 bg-immich-bg/50 dark:bg-immich-dark-bg/80">
-        <ThemedImage
-          sources={{ dark: 'img/logomark-dark.svg', light: 'img/logomark-light.svg' }}
+        <img
+          src={isDarkTheme ? 'img/logomark-dark.svg' : 'img/logomark-light.svg'}
           className="h-[115px] w-[115px] mb-2 antialiased rounded-none"
           alt="Immich logo"
         />
@@ -34,6 +35,7 @@ function HomepageHeader() {
             sacrificing your privacy.
           </p>
         </div>
+
         <div className="flex flex-col sm:flex-row place-items-center place-content-center mt-9 gap-4 ">
           <Link
             className="flex place-items-center place-content-center py-3 px-8 border bg-immich-primary dark:bg-immich-dark-primary rounded-xl no-underline hover:no-underline text-white hover:text-gray-50 dark:text-immich-dark-bg font-bold uppercase"
@@ -56,6 +58,7 @@ function HomepageHeader() {
             Buy Merch
           </Link>
         </div>
+
         <div className="my-12 flex gap-1 font-medium place-items-center place-content-center text-immich-primary dark:text-immich-dark-primary">
           <Icon
             path={discordPath}
@@ -64,19 +67,22 @@ function HomepageHeader() {
           />
           <Link to="https://discord.immich.app/">Join our Discord</Link>
         </div>
-        <ThemedImage
-          sources={{ dark: '/img/screenshot-dark.webp', light: '/img/screenshot-light.webp' }}
+        <img
+          src={isDarkTheme ? '/img/screenshot-dark.webp' : '/img/screenshot-light.webp'}
           alt="screenshots"
           className="w-[95%] lg:w-[85%] xl:w-[70%] 2xl:w-[60%] "
         />
+
         <div className="mx-[25%] m-auto my-14 md:my-28">
           <hr className="border bg-gray-500 dark:bg-gray-400" />
         </div>
-        <ThemedImage
-          sources={{ dark: 'img/logomark-dark.svg', light: 'img/logomark-light.svg' }}
+
+        <img
+          src={isDarkTheme ? 'img/logomark-dark.svg' : 'img/logomark-light.svg'}
           className="h-[115px] w-[115px] mb-2 antialiased rounded-none"
           alt="Immich logo"
         />
+
         <div>
           <p className="font-bold text-2xl md:text-5xl ">Download the mobile app</p>
           <p className="text-lg">
@@ -89,21 +95,15 @@ function HomepageHeader() {
               <img className="h-24" alt="Get it on Google Play" src="/img/google-play-badge.png" />
             </a>
           </div>
-
           <div className="h-24">
             <a href="https://apps.apple.com/sg/app/immich/id1613945652">
               <img className="h-24 sm:p-3.5 p-3" alt="Download on the App Store" src="/img/ios-app-store-badge.svg" />
             </a>
           </div>
-
-          <div className="h-24">
-            <a href="https://github.com/immich-app/immich/releases/latest">
-              <img className="h-24 sm:p-3.5 p-3" alt="Download APK" src="/img/download-apk-github.svg" />
-            </a>
-          </div>
         </div>
-        <ThemedImage
-          sources={{ dark: '/img/app-qr-code-dark.svg', light: '/img/app-qr-code-light.svg' }}
+
+        <img
+          src={isDarkTheme ? '/img/app-qr-code-dark.svg' : '/img/app-qr-code-light.svg'}
           alt="app qr code"
           width={'150px'}
           className="shadow-lg p-3 my-8 dark:bg-immich-dark-bg "

docs/src/pages/privacy-policy.tsx

@@ -1,7 +1,10 @@
 import React from 'react';
 import Link from '@docusaurus/Link';
 import Layout from '@theme/Layout';
+import { useColorMode } from '@docusaurus/theme-common';
 function HomepageHeader() {
+  const { isDarkTheme } = useColorMode();
+
   return (
     <header>
       <section className="max-w-[900px] m-4 p-4 md:p-6 md:m-auto md:my-12 border border-red-400 rounded-2xl  bg-slate-200 dark:bg-immich-dark-gray">

docs/src/pages/roadmap.tsx

@@ -76,7 +76,6 @@ import {
   mdiWeb,
   mdiDatabaseOutline,
   mdiLinkEdit,
-  mdiTagFaces,
   mdiMovieOpenPlayOutline,
 } from '@mdi/js';
 import Layout from '@theme/Layout';
@@ -84,8 +83,6 @@ import React from 'react';
 import { Item, Timeline } from '../components/timeline';
 
 const releases = {
-  'v1.130.0': new Date(2025, 2, 25),
-  'v1.127.0': new Date(2025, 1, 26),
   'v1.122.0': new Date(2024, 11, 5),
   'v1.120.0': new Date(2024, 10, 6),
   'v1.114.0': new Date(2024, 8, 6),
@@ -245,13 +242,6 @@ const roadmap: Item[] = [
 ];
 
 const milestones: Item[] = [
-  withRelease({
-    icon: mdiFolderMultiple,
-    iconColor: 'brown',
-    title: 'Folders view in the mobile app',
-    description: 'Browse your photos and videos in their folder structure inside the mobile app',
-    release: 'v1.130.0',
-  }),
   {
     icon: mdiStar,
     iconColor: 'gold',
@@ -259,14 +249,6 @@ const milestones: Item[] = [
     description: 'Reached 60K Stars on GitHub!',
     getDateLabel: withLanguage(new Date(2025, 2, 4)),
   },
-  withRelease({
-    icon: mdiTagFaces,
-    iconColor: 'teal',
-    title: 'Manual face tagging',
-    description:
-      'Manually tag or remove faces in photos and videos, even when automatic detection misses or misidentifies them.',
-    release: 'v1.127.0',
-  }),
   withRelease({
     icon: mdiLinkEdit,
     iconColor: 'crimson',
@@ -284,8 +266,8 @@ const milestones: Item[] = [
   withRelease({
     icon: mdiDatabaseOutline,
     iconColor: 'brown',
-    title: 'Automatic database dumps',
-    description: 'Database dumps are now integrated into the Immich server',
+    title: 'Automatic database backups',
+    description: 'Database backups are now integrated into the Immich server',
     release: 'v1.120.0',
   }),
   {
@@ -318,7 +300,7 @@ const milestones: Item[] = [
   withRelease({
     icon: mdiFolderMultiple,
     iconColor: 'brown',
-    title: 'Folders view',
+    title: 'Folders',
     description: 'Browse your photos and videos in their folder structure',
     release: 'v1.113.0',
   }),

docs/static/.well-known/security.txt

@@ -1,5 +0,0 @@
-Policy: https://github.com/immich-app/immich/blob/main/SECURITY.md
-Contact: mailto:security@immich.app
-Preferred-Languages: en
-Expires: 2026-05-01T23:59:00.000Z
-Canonical: https://immich.app/.well-known/security.txt

docs/static/archived-versions.json

@@ -1,52 +1,4 @@
 [
-  {
-    "label": "v1.132.3",
-    "url": "https://v1.132.3.archive.immich.app"
-  },
-  {
-    "label": "v1.132.2",
-    "url": "https://v1.132.2.archive.immich.app"
-  },
-  {
-    "label": "v1.132.1",
-    "url": "https://v1.132.1.archive.immich.app"
-  },
-  {
-    "label": "v1.132.0",
-    "url": "https://v1.132.0.archive.immich.app"
-  },
-  {
-    "label": "v1.131.3",
-    "url": "https://v1.131.3.archive.immich.app"
-  },
-  {
-    "label": "v1.131.2",
-    "url": "https://v1.131.2.archive.immich.app"
-  },
-  {
-    "label": "v1.131.1",
-    "url": "https://v1.131.1.archive.immich.app"
-  },
-  {
-    "label": "v1.131.0",
-    "url": "https://v1.131.0.archive.immich.app"
-  },
-  {
-    "label": "v1.130.3",
-    "url": "https://v1.130.3.archive.immich.app"
-  },
-  {
-    "label": "v1.130.2",
-    "url": "https://v1.130.2.archive.immich.app"
-  },
-  {
-    "label": "v1.130.1",
-    "url": "https://v1.130.1.archive.immich.app"
-  },
-  {
-    "label": "v1.130.0",
-    "url": "https://v1.130.0.archive.immich.app"
-  },
   {
     "label": "v1.129.0",
     "url": "https://v1.129.0.archive.immich.app"

e2e/docker-compose.yml

@@ -34,7 +34,7 @@ services:
       - 2285:2285
 
   redis:
-    image: redis:6.2-alpine@sha256:3211c33a618c457e5d241922c975dbc4f446d0bdb2dc75694f5573ef8e2d01fa
+    image: redis:6.2-alpine@sha256:148bb5411c184abd288d9aaed139c98123eeb8824c5d3fce03cf721db58066d8
 
   database:
     image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52

e2e/eslint.config.mjs

@@ -1,29 +1,39 @@
+import { FlatCompat } from '@eslint/eslintrc';
 import js from '@eslint/js';
-import eslintPluginPrettierRecommended from 'eslint-plugin-prettier/recommended';
-import eslintPluginUnicorn from 'eslint-plugin-unicorn';
+import typescriptEslint from '@typescript-eslint/eslint-plugin';
+import tsParser from '@typescript-eslint/parser';
 import globals from 'globals';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
-import typescriptEslint from 'typescript-eslint';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
+const compat = new FlatCompat({
+  baseDirectory: __dirname,
+  recommendedConfig: js.configs.recommended,
+  allConfig: js.configs.all,
+});
 
-export default typescriptEslint.config([
-  eslintPluginUnicorn.configs.recommended,
-  eslintPluginPrettierRecommended,
-  js.configs.recommended,
-  typescriptEslint.configs.recommended,
+export default [
   {
     ignores: ['eslint.config.mjs'],
   },
+  ...compat.extends(
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+    'plugin:unicorn/recommended',
+  ),
   {
+    plugins: {
+      '@typescript-eslint': typescriptEslint,
+    },
+
     languageOptions: {
       globals: {
         ...globals.node,
       },
 
-      parser: typescriptEslint.parser,
+      parser: tsParser,
       ecmaVersion: 5,
       sourceType: 'module',
 
@@ -52,4 +62,4 @@ export default typescriptEslint.config([
       'object-shorthand': ['error', 'always'],
     },
   },
-]);
+];

e2e/package.json

@@ -1,6 +1,6 @@
 {
   "name": "immich-e2e",
-  "version": "1.132.3",
+  "version": "1.129.0",
   "description": "",
   "main": "index.js",
   "type": "module",
@@ -25,16 +25,18 @@
     "@immich/sdk": "file:../open-api/typescript-sdk",
     "@playwright/test": "^1.44.1",
     "@types/luxon": "^3.4.2",
-    "@types/node": "^22.14.1",
+    "@types/node": "^22.13.9",
     "@types/oidc-provider": "^8.5.1",
     "@types/pg": "^8.11.0",
     "@types/pngjs": "^6.0.4",
     "@types/supertest": "^6.0.2",
+    "@typescript-eslint/eslint-plugin": "^8.15.0",
+    "@typescript-eslint/parser": "^8.15.0",
     "@vitest/coverage-v8": "^3.0.0",
     "eslint": "^9.14.0",
     "eslint-config-prettier": "^10.0.0",
     "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^57.0.0",
+    "eslint-plugin-unicorn": "^56.0.1",
     "exiftool-vendored": "^28.3.1",
     "globals": "^16.0.0",
     "jose": "^5.6.3",
@@ -47,7 +49,6 @@
     "socket.io-client": "^4.7.4",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "typescript-eslint": "^8.28.0",
     "utimes": "^5.2.1",
     "vitest": "^3.0.0"
   },

e2e/src/api/specs/asset.e2e-spec.ts

@@ -1141,7 +1141,7 @@ describe('/asset', () => {
             fNumber: 8,
             focalLength: 97,
             iso: 100,
-            lensModel: 'Sony E PZ 18-105mm F4 G OSS',
+            lensModel: 'E PZ 18-105mm F4 G OSS',
             fileSizeInByte: 25_001_984,
             dateTimeOriginal: '2016-09-27T10:51:44+00:00',
             orientation: '1',
@@ -1163,7 +1163,7 @@ describe('/asset', () => {
             fNumber: 22,
             focalLength: 25,
             iso: 100,
-            lensModel: 'Zeiss Batis 25mm F2',
+            lensModel: 'E 25mm F2',
             fileSizeInByte: 49_512_448,
             dateTimeOriginal: '2016-01-08T14:08:01+00:00',
             orientation: '1',
@@ -1234,7 +1234,7 @@ describe('/asset', () => {
             focalLength: 18.3,
             iso: 100,
             latitude: 36.613_24,
-            lensModel: '18.3mm F2.8',
+            lensModel: 'GR LENS 18.3mm F2.8',
             longitude: -121.897_85,
             make: 'RICOH IMAGING COMPANY, LTD.',
             model: 'RICOH GR III',
@@ -1257,7 +1257,6 @@ describe('/asset', () => {
 
       for (const { id, status } of assets) {
         expect(status).toBe(AssetMediaStatus.Created);
-        // longer timeout as the thumbnail generation from full-size raw files can take a while
         await utils.waitForWebsocketEvent({ event: 'assetUpload', id });
       }
 

e2e/src/api/specs/auth.e2e-spec.ts

@@ -5,7 +5,7 @@ import { app, utils } from 'src/utils';
 import request from 'supertest';
 import { beforeEach, describe, expect, it } from 'vitest';
 
-const { email, password } = signupDto.admin;
+const { name, email, password } = signupDto.admin;
 
 describe(`/auth/admin-sign-up`, () => {
   beforeEach(async () => {
@@ -13,6 +13,33 @@ describe(`/auth/admin-sign-up`, () => {
   });
 
   describe('POST /auth/admin-sign-up', () => {
+    const invalid = [
+      {
+        should: 'require an email address',
+        data: { name, password },
+      },
+      {
+        should: 'require a password',
+        data: { name, email },
+      },
+      {
+        should: 'require a name',
+        data: { email, password },
+      },
+      {
+        should: 'require a valid email',
+        data: { name, email: 'immich', password },
+      },
+    ];
+
+    for (const { should, data } of invalid) {
+      it(`should ${should}`, async () => {
+        const { status, body } = await request(app).post('/auth/admin-sign-up').send(data);
+        expect(status).toEqual(400);
+        expect(body).toEqual(errorDto.badRequest());
+      });
+    }
+
     it(`should sign up the admin`, async () => {
       const { status, body } = await request(app).post('/auth/admin-sign-up').send(signupDto.admin);
       expect(status).toBe(201);
@@ -30,6 +57,14 @@ describe(`/auth/admin-sign-up`, () => {
       });
     });
 
+    it('should transform email to lower case', async () => {
+      const { status, body } = await request(app)
+        .post('/auth/admin-sign-up')
+        .send({ ...signupDto.admin, email: 'aDmIn@IMMICH.cloud' });
+      expect(status).toEqual(201);
+      expect(body).toEqual(signupResponseDto.admin);
+    });
+
     it('should not allow a second admin to sign up', async () => {
       await signUpAdmin({ signUpDto: signupDto.admin });
 

e2e/src/api/specs/library.e2e-spec.ts

@@ -329,7 +329,7 @@ describe('/libraries', () => {
       const library = await utils.createLibrary(admin.accessToken, {
         ownerId: admin.userId,
         importPaths: [`${testAssetDirInternal}/temp`],
-        exclusionPatterns: ['**/directoryA/**'],
+        exclusionPatterns: ['**/directoryA'],
       });
 
       await utils.scan(admin.accessToken, library.id);
@@ -337,82 +337,7 @@ describe('/libraries', () => {
       const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
 
       expect(assets.count).toBe(1);
-
-      expect(assets.items).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ originalPath: expect.stringContaining('directoryB/assetB.png') }),
-        ]),
-      );
-    });
-
-    it('should scan external library with multiple exclusion patterns', async () => {
-      const library = await utils.createLibrary(admin.accessToken, {
-        ownerId: admin.userId,
-        importPaths: [`${testAssetDirInternal}/temp`],
-        exclusionPatterns: ['**/directoryA/**', '**/directoryB/**'],
-      });
-
-      await utils.scan(admin.accessToken, library.id);
-
-      const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-      expect(assets.count).toBe(0);
-
-      expect(assets.items).toEqual([]);
-    });
-
-    it('should remove assets covered by a new exclusion pattern', async () => {
-      const library = await utils.createLibrary(admin.accessToken, {
-        ownerId: admin.userId,
-        importPaths: [`${testAssetDirInternal}/temp`],
-      });
-
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.count).toBe(2);
-
-        expect(assets.items).toEqual(
-          expect.arrayContaining([
-            expect.objectContaining({ originalPath: expect.stringContaining('directoryA/assetA.png') }),
-            expect.objectContaining({ originalPath: expect.stringContaining('directoryB/assetB.png') }),
-          ]),
-        );
-      }
-
-      await utils.updateLibrary(admin.accessToken, library.id, {
-        exclusionPatterns: ['**/directoryA/**'],
-      });
-
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.count).toBe(1);
-
-        expect(assets.items).toEqual(
-          expect.arrayContaining([
-            expect.objectContaining({ originalPath: expect.stringContaining('directoryB/assetB.png') }),
-          ]),
-        );
-      }
-
-      await utils.updateLibrary(admin.accessToken, library.id, {
-        exclusionPatterns: ['**/directoryA/**', '**/directoryB/**'],
-      });
-
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.count).toBe(0);
-
-        expect(assets.items).toEqual([]);
-      }
+      expect(assets.items[0].originalPath.includes('directoryB'));
     });
 
     it('should scan multiple import paths', async () => {
@@ -529,133 +454,6 @@ describe('/libraries', () => {
       utils.removeImageFile(`${testAssetDir}/temp/folder${char}2/asset2.png`);
     });
 
-    it('should respect exclusion patterns when using multiple import paths', async () => {
-      // https://github.com/immich-app/immich/issues/17121
-      const library = await utils.createLibrary(admin.accessToken, {
-        ownerId: admin.userId,
-        importPaths: [`${testAssetDirInternal}/temp/exclusion/`, `${testAssetDirInternal}/temp/exclusion2/`],
-      });
-
-      const excludedFolder = `Raw`;
-
-      utils.createImageFile(`${testAssetDir}/temp/exclusion/asset1.png`);
-      utils.createImageFile(`${testAssetDir}/temp/exclusion/${excludedFolder}/asset2.png`);
-
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.items).toEqual(
-          expect.arrayContaining([
-            expect.objectContaining({ originalPath: expect.stringContaining(`/asset1.png`) }),
-            expect.objectContaining({ originalPath: expect.stringContaining(`${excludedFolder}/asset2.png`) }),
-          ]),
-        );
-      }
-
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.items).toEqual(
-          expect.arrayContaining([
-            expect.objectContaining({ originalPath: expect.stringContaining(`/asset1.png`) }),
-            expect.objectContaining({ originalPath: expect.stringContaining(`${excludedFolder}/asset2.png`) }),
-          ]),
-        );
-      }
-
-      await utils.updateLibrary(admin.accessToken, library.id, { exclusionPatterns: [`**/${excludedFolder}/**`] });
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.items).toEqual([
-          expect.objectContaining({ originalPath: expect.stringContaining(`/asset1.png`) }),
-        ]);
-      }
-
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.items).toEqual([
-          expect.objectContaining({ originalPath: expect.stringContaining(`/asset1.png`) }),
-        ]);
-      }
-
-      utils.removeImageFile(`${testAssetDir}/temp/exclusion/asset1.png`);
-      utils.removeImageFile(`${testAssetDir}/temp/exclusion/${excludedFolder}/asset2.png`);
-    });
-
-    const annoyingExclusionPatterns = ['@', '#', '$', '%', '^', '&', '='];
-
-    it.each(annoyingExclusionPatterns)('should support exclusion patterns with %s', async (char) => {
-      const library = await utils.createLibrary(admin.accessToken, {
-        ownerId: admin.userId,
-        importPaths: [`${testAssetDirInternal}/temp/exclusion/`],
-      });
-
-      const excludedFolder = `${char}folder`;
-
-      utils.createImageFile(`${testAssetDir}/temp/exclusion/asset1.png`);
-      utils.createImageFile(`${testAssetDir}/temp/exclusion/${excludedFolder}/asset2.png`);
-
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.items).toEqual(
-          expect.arrayContaining([
-            expect.objectContaining({ originalPath: expect.stringContaining(`/asset1.png`) }),
-            expect.objectContaining({ originalPath: expect.stringContaining(`${excludedFolder}/asset2.png`) }),
-          ]),
-        );
-      }
-
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.items).toEqual(
-          expect.arrayContaining([
-            expect.objectContaining({ originalPath: expect.stringContaining(`/asset1.png`) }),
-            expect.objectContaining({ originalPath: expect.stringContaining(`${excludedFolder}/asset2.png`) }),
-          ]),
-        );
-      }
-
-      await utils.updateLibrary(admin.accessToken, library.id, { exclusionPatterns: [`**/${excludedFolder}/**`] });
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.items).toEqual([
-          expect.objectContaining({ originalPath: expect.stringContaining(`/asset1.png`) }),
-        ]);
-      }
-
-      await utils.scan(admin.accessToken, library.id);
-
-      {
-        const { assets } = await utils.searchAssets(admin.accessToken, { libraryId: library.id });
-
-        expect(assets.items).toEqual([
-          expect.objectContaining({ originalPath: expect.stringContaining(`/asset1.png`) }),
-        ]);
-      }
-
-      utils.removeImageFile(`${testAssetDir}/temp/exclusion/asset1.png`);
-      utils.removeImageFile(`${testAssetDir}/temp/exclusion/${excludedFolder}/asset2.png`);
-    });
-
     it('should reimport a modified file', async () => {
       const library = await utils.createLibrary(admin.accessToken, {
         ownerId: admin.userId,

e2e/src/api/specs/oauth.e2e-spec.ts

@@ -6,7 +6,6 @@ import {
   startOAuth,
   updateConfig,
 } from '@immich/sdk';
-import { createHash, randomBytes } from 'node:crypto';
 import { errorDto } from 'src/responses';
 import { OAuthClient, OAuthUser } from 'src/setup/auth-server';
 import { app, asBearerAuth, baseUrl, utils } from 'src/utils';
@@ -22,30 +21,18 @@ const mobileOverrideRedirectUri = 'https://photos.immich.app/oauth/mobile-redire
 
 const redirect = async (url: string, cookies?: string[]) => {
   const { headers } = await request(url)
-    .get('')
+    .get('/')
     .set('Cookie', cookies || []);
   return { cookies: (headers['set-cookie'] as unknown as string[]) || [], location: headers.location };
 };
 
-// Function to generate a code challenge from the verifier
-const generateCodeChallenge = async (codeVerifier: string): Promise<string> => {
-  const hashed = createHash('sha256').update(codeVerifier).digest();
-  return hashed.toString('base64url');
-};
-
 const loginWithOAuth = async (sub: OAuthUser | string, redirectUri?: string) => {
-  const state = randomBytes(16).toString('base64url');
-  const codeVerifier = randomBytes(64).toString('base64url');
-  const codeChallenge = await generateCodeChallenge(codeVerifier);
-
-  const { url } = await startOAuth({
-    oAuthConfigDto: { redirectUri: redirectUri ?? `${baseUrl}/auth/login`, state, codeChallenge },
-  });
+  const { url } = await startOAuth({ oAuthConfigDto: { redirectUri: redirectUri ?? `${baseUrl}/auth/login` } });
 
   // login
   const response1 = await redirect(url.replace(authServer.internal, authServer.external));
   const response2 = await request(authServer.external + response1.location)
-    .post('')
+    .post('/')
     .set('Cookie', response1.cookies)
     .type('form')
     .send({ prompt: 'login', login: sub, password: 'password' });
@@ -53,7 +40,7 @@ const loginWithOAuth = async (sub: OAuthUser | string, redirectUri?: string) =>
   // approve
   const response3 = await redirect(response2.header.location, response1.cookies);
   const response4 = await request(authServer.external + response3.location)
-    .post('')
+    .post('/')
     .type('form')
     .set('Cookie', response3.cookies)
     .send({ prompt: 'consent' });
@@ -64,9 +51,9 @@ const loginWithOAuth = async (sub: OAuthUser | string, redirectUri?: string) =>
   expect(redirectUrl).toBeDefined();
   const params = new URL(redirectUrl).searchParams;
   expect(params.get('code')).toBeDefined();
-  expect(params.get('state')).toBe(state);
+  expect(params.get('state')).toBeDefined();
 
-  return { url: redirectUrl, state, codeVerifier };
+  return redirectUrl;
 };
 
 const setupOAuth = async (token: string, dto: Partial<SystemConfigOAuthDto>) => {
@@ -132,42 +119,9 @@ describe(`/oauth`, () => {
       expect(body).toEqual(errorDto.badRequest(['url should not be empty']));
     });
 
-    it(`should throw an error if the state is not provided`, async () => {
-      const { url } = await loginWithOAuth('oauth-auto-register');
-      const { status, body } = await request(app).post('/oauth/callback').send({ url });
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest('OAuth state is missing'));
-    });
-
-    it(`should throw an error if the state mismatches`, async () => {
-      const callbackParams = await loginWithOAuth('oauth-auto-register');
-      const { state } = await loginWithOAuth('oauth-auto-register');
-      const { status } = await request(app)
-        .post('/oauth/callback')
-        .send({ ...callbackParams, state });
-      expect(status).toBeGreaterThanOrEqual(400);
-    });
-
-    it(`should throw an error if the codeVerifier is not provided`, async () => {
-      const { url, state } = await loginWithOAuth('oauth-auto-register');
-      const { status, body } = await request(app).post('/oauth/callback').send({ url, state });
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest('OAuth code verifier is missing'));
-    });
-
-    it(`should throw an error if the codeVerifier doesn't match the challenge`, async () => {
-      const callbackParams = await loginWithOAuth('oauth-auto-register');
-      const { codeVerifier } = await loginWithOAuth('oauth-auto-register');
-      const { status, body } = await request(app)
-        .post('/oauth/callback')
-        .send({ ...callbackParams, codeVerifier });
-      console.log(body);
-      expect(status).toBeGreaterThanOrEqual(400);
-    });
-
     it('should auto register the user by default', async () => {
-      const callbackParams = await loginWithOAuth('oauth-auto-register');
-      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
+      const url = await loginWithOAuth('oauth-auto-register');
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
       expect(status).toBe(201);
       expect(body).toMatchObject({
         accessToken: expect.any(String),
@@ -178,30 +132,16 @@ describe(`/oauth`, () => {
       });
     });
 
-    it('should allow passing state and codeVerifier via cookies', async () => {
-      const { url, state, codeVerifier } = await loginWithOAuth('oauth-auto-register');
-      const { status, body } = await request(app)
-        .post('/oauth/callback')
-        .set('Cookie', [`immich_oauth_state=${state}`, `immich_oauth_code_verifier=${codeVerifier}`])
-        .send({ url });
-      expect(status).toBe(201);
-      expect(body).toMatchObject({
-        accessToken: expect.any(String),
-        userId: expect.any(String),
-        userEmail: 'oauth-auto-register@immich.app',
-      });
-    });
-
     it('should handle a user without an email', async () => {
-      const callbackParams = await loginWithOAuth(OAuthUser.NO_EMAIL);
-      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
+      const url = await loginWithOAuth(OAuthUser.NO_EMAIL);
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
       expect(status).toBe(400);
       expect(body).toEqual(errorDto.badRequest('OAuth profile does not have an email address'));
     });
 
     it('should set the quota from a claim', async () => {
-      const callbackParams = await loginWithOAuth(OAuthUser.WITH_QUOTA);
-      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
+      const url = await loginWithOAuth(OAuthUser.WITH_QUOTA);
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
       expect(status).toBe(201);
       expect(body).toMatchObject({
         accessToken: expect.any(String),
@@ -214,8 +154,8 @@ describe(`/oauth`, () => {
     });
 
     it('should set the storage label from a claim', async () => {
-      const callbackParams = await loginWithOAuth(OAuthUser.WITH_USERNAME);
-      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
+      const url = await loginWithOAuth(OAuthUser.WITH_USERNAME);
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
       expect(status).toBe(201);
       expect(body).toMatchObject({
         accessToken: expect.any(String),
@@ -236,8 +176,8 @@ describe(`/oauth`, () => {
         buttonText: 'Login with Immich',
         signingAlgorithm: 'RS256',
       });
-      const callbackParams = await loginWithOAuth('oauth-RS256-token');
-      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
+      const url = await loginWithOAuth('oauth-RS256-token');
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
       expect(status).toBe(201);
       expect(body).toMatchObject({
         accessToken: expect.any(String),
@@ -256,8 +196,8 @@ describe(`/oauth`, () => {
         buttonText: 'Login with Immich',
         profileSigningAlgorithm: 'RS256',
       });
-      const callbackParams = await loginWithOAuth('oauth-signed-profile');
-      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
+      const url = await loginWithOAuth('oauth-signed-profile');
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
       expect(status).toBe(201);
       expect(body).toMatchObject({
         userId: expect.any(String),
@@ -273,8 +213,8 @@ describe(`/oauth`, () => {
         buttonText: 'Login with Immich',
         signingAlgorithm: 'something-that-does-not-work',
       });
-      const callbackParams = await loginWithOAuth('oauth-signed-bad');
-      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
+      const url = await loginWithOAuth('oauth-signed-bad');
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
       expect(status).toBe(500);
       expect(body).toMatchObject({
         error: 'Internal Server Error',
@@ -295,8 +235,8 @@ describe(`/oauth`, () => {
       });
 
       it('should not auto register the user', async () => {
-        const callbackParams = await loginWithOAuth('oauth-no-auto-register');
-        const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
+        const url = await loginWithOAuth('oauth-no-auto-register');
+        const { status, body } = await request(app).post('/oauth/callback').send({ url });
         expect(status).toBe(400);
         expect(body).toEqual(errorDto.badRequest('User does not exist and auto registering is disabled.'));
       });
@@ -307,8 +247,8 @@ describe(`/oauth`, () => {
           email: 'oauth-user3@immich.app',
           password: 'password',
         });
-        const callbackParams = await loginWithOAuth('oauth-user3');
-        const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
+        const url = await loginWithOAuth('oauth-user3');
+        const { status, body } = await request(app).post('/oauth/callback').send({ url });
         expect(status).toBe(201);
         expect(body).toMatchObject({
           userId,
@@ -346,15 +286,13 @@ describe(`/oauth`, () => {
     });
 
     it('should auto register the user by default', async () => {
-      const callbackParams = await loginWithOAuth('oauth-mobile-override', 'app.immich:///oauth-callback');
-      expect(callbackParams.url).toEqual(expect.stringContaining(mobileOverrideRedirectUri));
+      const url = await loginWithOAuth('oauth-mobile-override', 'app.immich:///oauth-callback');
+      expect(url).toEqual(expect.stringContaining(mobileOverrideRedirectUri));
 
       // simulate redirecting back to mobile app
-      const url = callbackParams.url.replace(mobileOverrideRedirectUri, 'app.immich:///oauth-callback');
+      const redirectUri = url.replace(mobileOverrideRedirectUri, 'app.immich:///oauth-callback');
 
-      const { status, body } = await request(app)
-        .post('/oauth/callback')
-        .send({ ...callbackParams, url });
+      const { status, body } = await request(app).post('/oauth/callback').send({ url: redirectUri });
       expect(status).toBe(201);
       expect(body).toMatchObject({
         accessToken: expect.any(String),

e2e/src/api/specs/search.e2e-spec.ts

@@ -633,6 +633,7 @@ describe('/search', () => {
         .set('Authorization', `Bearer ${admin.accessToken}`);
       expect(body).toEqual([
         'Andalusia',
+        'Berlin',
         'Glarus',
         'Greater Accra',
         'Havana',
@@ -641,7 +642,6 @@ describe('/search', () => {
         'Mississippi',
         'New York',
         'Shanghai',
-        'State of Berlin',
         'St.-Petersburg',
         'Tbilisi',
         'Tokyo',
@@ -657,6 +657,7 @@ describe('/search', () => {
         .set('Authorization', `Bearer ${admin.accessToken}`);
       expect(body).toEqual([
         'Andalusia',
+        'Berlin',
         'Glarus',
         'Greater Accra',
         'Havana',
@@ -665,7 +666,6 @@ describe('/search', () => {
         'Mississippi',
         'New York',
         'Shanghai',
-        'State of Berlin',
         'St.-Petersburg',
         'Tbilisi',
         'Tokyo',

e2e/src/api/specs/shared-link.e2e-spec.ts

@@ -117,7 +117,7 @@ describe('/shared-links', () => {
       const resp = await request(shareUrl).get(`/${linkWithAssets.key}`);
       expect(resp.status).toBe(200);
       expect(resp.header['content-type']).toContain('text/html');
-      expect(resp.text).toContain(`<meta property="og:image" content="https://my.immich.app`);
+      expect(resp.text).toContain(`<meta property="og:image" content="http://`);
     });
   });
 
@@ -246,7 +246,15 @@ describe('/shared-links', () => {
       const { status, body } = await request(app).get('/shared-links/me').query({ key: linkWithMetadata.key });
 
       expect(status).toBe(200);
-      expect(body.assets).toHaveLength(0);
+      expect(body.assets).toHaveLength(1);
+      expect(body.assets[0]).toEqual(
+        expect.objectContaining({
+          originalFileName: 'example.png',
+          localDateTime: expect.any(String),
+          fileCreatedAt: expect.any(String),
+          exifInfo: expect.any(Object),
+        }),
+      );
       expect(body.album).toBeDefined();
     });
 

e2e/src/api/specs/user-admin.e2e-spec.ts

@@ -215,19 +215,6 @@ describe('/admin/users', () => {
       const user = await getMyUser({ headers: asBearerAuth(token.accessToken) });
       expect(user).toMatchObject({ email: nonAdmin.userEmail });
     });
-
-    it('should update the avatar color', async () => {
-      const { status, body } = await request(app)
-        .put(`/admin/users/${admin.userId}`)
-        .send({ avatarColor: 'orange' })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toMatchObject({ avatarColor: 'orange' });
-
-      const after = await getUserAdmin({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
-      expect(after).toMatchObject({ avatarColor: 'orange' });
-    });
   });
 
   describe('PUT /admin/users/:id/preferences', () => {
@@ -253,6 +240,19 @@ describe('/admin/users', () => {
       expect(after).toMatchObject({ memories: { enabled: false } });
     });
 
+    it('should update the avatar color', async () => {
+      const { status, body } = await request(app)
+        .put(`/admin/users/${admin.userId}/preferences`)
+        .send({ avatar: { color: 'orange' } })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ avatar: { color: 'orange' } });
+
+      const after = await getUserPreferencesAdmin({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
+      expect(after).toMatchObject({ avatar: { color: 'orange' } });
+    });
+
     it('should update download archive size', async () => {
       const { status, body } = await request(app)
         .put(`/admin/users/${admin.userId}/preferences`)

e2e/src/api/specs/user.e2e-spec.ts

@@ -31,7 +31,33 @@ describe('/users', () => {
     );
   });
 
+  describe('GET /users', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/users');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should get users', async () => {
+      const { status, body } = await request(app).get('/users').set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(200);
+      expect(body).toHaveLength(2);
+      expect(body).toEqual(
+        expect.arrayContaining([
+          expect.objectContaining({ email: 'admin@immich.cloud' }),
+          expect.objectContaining({ email: 'user2@immich.cloud' }),
+        ]),
+      );
+    });
+  });
+
   describe('GET /users/me', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get(`/users/me`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
     it('should not work for shared links', async () => {
       const album = await utils.createAlbum(admin.accessToken, { albumName: 'Album' });
       const sharedLink = await utils.createSharedLink(admin.accessToken, {
@@ -73,6 +99,24 @@ describe('/users', () => {
   });
 
   describe('PUT /users/me', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).put(`/users/me`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    for (const key of ['email', 'name']) {
+      it(`should not allow null ${key}`, async () => {
+        const dto = { [key]: null };
+        const { status, body } = await request(app)
+          .put(`/users/me`)
+          .set('Authorization', `Bearer ${admin.accessToken}`)
+          .send(dto);
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest());
+      });
+    }
+
     it('should update first and last name', async () => {
       const before = await getMyUser({ headers: asBearerAuth(admin.accessToken) });
 
@@ -139,19 +183,6 @@ describe('/users', () => {
         profileChangedAt: expect.anything(),
       });
     });
-
-    it('should update avatar color', async () => {
-      const { status, body } = await request(app)
-        .put(`/users/me`)
-        .send({ avatarColor: 'blue' })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toMatchObject({ avatarColor: 'blue' });
-
-      const after = await getMyUser({ headers: asBearerAuth(admin.accessToken) });
-      expect(after).toMatchObject({ avatarColor: 'blue' });
-    });
   });
 
   describe('PUT /users/me/preferences', () => {
@@ -171,6 +202,19 @@ describe('/users', () => {
       expect(after).toMatchObject({ memories: { enabled: false } });
     });
 
+    it('should update avatar color', async () => {
+      const { status, body } = await request(app)
+        .put(`/users/me/preferences`)
+        .send({ avatar: { color: 'blue' } })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ avatar: { color: 'blue' } });
+
+      const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
+      expect(after).toMatchObject({ avatar: { color: 'blue' } });
+    });
+
     it('should require an integer for download archive size', async () => {
       const { status, body } = await request(app)
         .put(`/users/me/preferences`)
@@ -225,6 +269,11 @@ describe('/users', () => {
   });
 
   describe('GET /users/:id', () => {
+    it('should require authentication', async () => {
+      const { status } = await request(app).get(`/users/${admin.userId}`);
+      expect(status).toEqual(401);
+    });
+
     it('should get the user', async () => {
       const { status, body } = await request(app)
         .get(`/users/${admin.userId}`)
@@ -243,6 +292,12 @@ describe('/users', () => {
   });
 
   describe('GET /server/license', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/users/me/license');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
     it('should return the user license', async () => {
       await request(app)
         .put('/users/me/license')
@@ -260,6 +315,11 @@ describe('/users', () => {
   });
 
   describe('PUT /users/me/license', () => {
+    it('should require authentication', async () => {
+      const { status } = await request(app).put(`/users/me/license`);
+      expect(status).toEqual(401);
+    });
+
     it('should set the user license', async () => {
       const { status, body } = await request(app)
         .put(`/users/me/license`)

e2e/src/cli/specs/upload.e2e-spec.ts

@@ -22,7 +22,7 @@ const tests: Test[] = [
   },
   {
     test: 'should support paths with an asterisk',
-    paths: [`/photos*/image1.jpg`],
+    paths: [`/photos\*/image1.jpg`],
     files: {
       '/photos*/image1.jpg': true,
       '/photos*/image2.jpg': false,
@@ -40,7 +40,7 @@ const tests: Test[] = [
   },
   {
     test: 'should support paths with a single quote',
-    paths: [`/photos'/image1.jpg`],
+    paths: [`/photos\'/image1.jpg`],
     files: {
       "/photos'/image1.jpg": true,
       "/photos'/image2.jpg": false,
@@ -49,7 +49,7 @@ const tests: Test[] = [
   },
   {
     test: 'should support paths with a double quote',
-    paths: [`/photos"/image1.jpg`],
+    paths: [`/photos\"/image1.jpg`],
     files: {
       '/photos"/image1.jpg': true,
       '/photos"/image2.jpg': false,
@@ -67,7 +67,7 @@ const tests: Test[] = [
   },
   {
     test: 'should support paths with an opening brace',
-    paths: [`/photos{/image1.jpg`],
+    paths: [`/photos\{/image1.jpg`],
     files: {
       '/photos{/image1.jpg': true,
       '/photos{/image2.jpg': false,
@@ -76,7 +76,7 @@ const tests: Test[] = [
   },
   {
     test: 'should support paths with a closing brace',
-    paths: [`/photos}/image1.jpg`],
+    paths: [`/photos\}/image1.jpg`],
     files: {
       '/photos}/image1.jpg': true,
       '/photos}/image2.jpg': false,

e2e/src/utils.ts

@@ -493,7 +493,7 @@ export const utils = {
         value: accessToken,
         domain,
         path: '/',
-        expires: 2_058_028_213,
+        expires: 1_742_402_728,
         httpOnly: true,
         secure: false,
         sameSite: 'Lax',
@@ -503,7 +503,7 @@ export const utils = {
         value: 'password',
         domain,
         path: '/',
-        expires: 2_058_028_213,
+        expires: 1_742_402_728,
         httpOnly: true,
         secure: false,
         sameSite: 'Lax',
@@ -513,7 +513,7 @@ export const utils = {
         value: 'true',
         domain,
         path: '/',
-        expires: 2_058_028_213,
+        expires: 1_742_402_728,
         httpOnly: false,
         secure: false,
         sameSite: 'Lax',
@@ -537,7 +537,6 @@ export const utils = {
   },
 
   waitForQueueFinish: (accessToken: string, queue: keyof AllJobStatusResponseDto, ms?: number) => {
-    // eslint-disable-next-line no-async-promise-executor
     return new Promise<void>(async (resolve, reject) => {
       const timeout = setTimeout(() => reject(new Error('Timed out waiting for queue to empty')), ms || 10_000);
 

e2e/src/web/specs/auth.e2e-spec.ts

@@ -25,7 +25,7 @@ test.describe('Registration', () => {
 
     // login
     await expect(page).toHaveTitle(/Login/);
-    await page.goto('/auth/login?autoLaunch=0');
+    await page.goto('/auth/login');
     await page.getByLabel('Email').fill('admin@immich.app');
     await page.getByLabel('Password').fill('password');
     await page.getByRole('button', { name: 'Login' }).click();
@@ -59,7 +59,7 @@ test.describe('Registration', () => {
     await context.clearCookies();
 
     // login
-    await page.goto('/auth/login?autoLaunch=0');
+    await page.goto('/auth/login');
     await page.getByLabel('Email').fill('user@immich.cloud');
     await page.getByLabel('Password').fill('password');
     await page.getByRole('button', { name: 'Login' }).click();
@@ -72,7 +72,7 @@ test.describe('Registration', () => {
     await page.getByRole('button', { name: 'Change password' }).click();
 
     // login with new password
-    await expect(page).toHaveURL('/auth/login?autoLaunch=0');
+    await expect(page).toHaveURL('/auth/login');
     await page.getByLabel('Email').fill('user@immich.cloud');
     await page.getByLabel('Password').fill('new-password');
     await page.getByRole('button', { name: 'Login' }).click();

e2e/src/web/specs/photo-viewer.e2e-spec.ts

@@ -8,23 +8,35 @@ function imageLocator(page: Page) {
 test.describe('Photo Viewer', () => {
   let admin: LoginResponseDto;
   let asset: AssetMediaResponseDto;
-  let rawAsset: AssetMediaResponseDto;
 
   test.beforeAll(async () => {
     utils.initSdk();
     await utils.resetDatabase();
     admin = await utils.adminSetup();
     asset = await utils.createAsset(admin.accessToken);
-    rawAsset = await utils.createAsset(admin.accessToken, { assetData: { filename: 'test.arw' } });
   });
 
   test.beforeEach(async ({ context, page }) => {
     // before each test, login as user
     await utils.setAuthCookies(context, admin.accessToken);
+    await page.goto('/photos');
     await page.waitForLoadState('networkidle');
   });
 
-  test('loads original photo when zoomed', async ({ page }) => {
+  test('initially shows a loading spinner', async ({ page }) => {
+    await page.route(`/api/assets/${asset.id}/thumbnail**`, async (route) => {
+      // slow down the request for thumbnail, so spinner has chance to show up
+      await new Promise((f) => setTimeout(f, 2000));
+      await route.continue();
+    });
+    await page.goto(`/photos/${asset.id}`);
+    await page.waitForLoadState('load');
+    // this is the spinner
+    await page.waitForSelector('svg[role=status]');
+    await expect(page.getByTestId('loading-spinner')).toBeVisible();
+  });
+
+  test('loads high resolution photo when zoomed', async ({ page }) => {
     await page.goto(`/photos/${asset.id}`);
     await expect.poll(async () => await imageLocator(page).getAttribute('src')).toContain('thumbnail');
     const box = await imageLocator(page).boundingBox();
@@ -35,17 +47,6 @@ test.describe('Photo Viewer', () => {
     await expect.poll(async () => await imageLocator(page).getAttribute('src')).toContain('original');
   });
 
-  test('loads fullsize image when zoomed and original is web-incompatible', async ({ page }) => {
-    await page.goto(`/photos/${rawAsset.id}`);
-    await expect.poll(async () => await imageLocator(page).getAttribute('src')).toContain('thumbnail');
-    const box = await imageLocator(page).boundingBox();
-    expect(box).toBeTruthy();
-    const { x, y, width, height } = box!;
-    await page.mouse.move(x + width / 2, y + height / 2);
-    await page.mouse.wheel(0, -1);
-    await expect.poll(async () => await imageLocator(page).getAttribute('src')).toContain('fullsize');
-  });
-
   test('reloads photo when checksum changes', async ({ page }) => {
     await page.goto(`/photos/${asset.id}`);
     await expect.poll(async () => await imageLocator(page).getAttribute('src')).toContain('thumbnail');

e2e/src/web/specs/shared-link.e2e-spec.ts

@@ -45,17 +45,17 @@ test.describe('Shared Links', () => {
     await page.goto(`/share/${sharedLink.key}`);
     await page.getByRole('heading', { name: 'Test Album' }).waitFor();
     await page.locator(`[data-asset-id="${asset.id}"]`).hover();
-    await page.waitForSelector('[data-group] svg');
+    await page.waitForSelector('#asset-group-by-date svg');
     await page.getByRole('checkbox').click();
     await page.getByRole('button', { name: 'Download' }).click();
-    await page.waitForEvent('download');
+    await page.getByText('DOWNLOADING', { exact: true }).waitFor();
   });
 
   test('download all from shared link', async ({ page }) => {
     await page.goto(`/share/${sharedLink.key}`);
     await page.getByRole('heading', { name: 'Test Album' }).waitFor();
     await page.getByRole('button', { name: 'Download' }).click();
-    await page.waitForEvent('download');
+    await page.getByText('DOWNLOADING', { exact: true }).waitFor();
   });
 
   test('enter password for a shared link', async ({ page }) => {

i18n/af.json

@@ -1,5 +1,5 @@
 {
-  "about": "Oor",
+  "about": "Verfris",
   "account": "Rekening",
   "account_settings": "Rekeninginstellings",
   "acknowledge": "Erken",
@@ -56,7 +56,7 @@
     "duplicate_detection_job_description": "Begin masjienleer op bates om soortgelyke beelde op te spoor. Maak staat op Smart Search",
     "exclusion_pattern_description": "Met uitsluitingspatrone kan jy lêers en vouers ignoreer wanneer jy jou biblioteek skandeer. Dit is nuttig as jy vouers het wat lêers bevat wat jy nie wil invoer nie, soos RAW-lêers.",
     "external_library_created_at": "Eksterne biblioteek (geskep op {date})",
-    "external_library_management": "Eksterne Biblioteekbestuur",
+    "external_library_management": "Eksterne Biblioteek-opsies",
     "face_detection": "Gesig deteksie",
     "failed_job_command": "Opdrag {command} het misluk vir werk: {job}",
     "force_delete_user_warning": "WAARSKUWING: Dit sal onmiddellik die gebruiker en alle bates verwyder. Dit kan nie ontdoen word nie en die lêers kan nie herstel word nie.",
@@ -64,8 +64,7 @@
     "image_format": "Formaat",
     "image_format_description": "WebP produseer kleiner lêers as JPEG, maar is stadiger om te enkodeer.",
     "image_prefer_embedded_preview": "Verkies ingebedde voorskou",
-    "image_prefer_wide_gamut": "Verkies wide gamut",
-    "image_prefer_wide_gamut_setting_description": "Gebruik Display P3 vir kleinkiekies. Dit behou die lewendheid van beelde met wye kleurruimtes beter, maar beelde kan anders verskyn op ou apparate met 'n ou blaaierweergawe. sRGB-beelde gebruik steeds sRGB om kleurverskuiwings te voorkom.",
+    "image_prefer_wide_gamut": "Verkies wye spektrum",
     "image_preview_description": "Mediumgrootte prent met gestroopte metadata, wat gebruik word wanneer 'n enkele bate bekyk word en vir masjienleer",
     "image_preview_quality_description": "Voorskou kwaliteit van 1-100. Hoër is beter, maar produseer groter lêers en kan app-reaksie verminder. Die stel van 'n lae waarde kan masjienleerkwaliteit beïnvloed.",
     "image_preview_title": "Voorskou Instellings",
@@ -73,14 +72,7 @@
     "image_resolution": "Resolusie",
     "image_resolution_description": "Hoër resolusies kan meer detail bewaar, maar neem langer om te enkodeer, het groter lêergroottes en kan app-reaksie verminder.",
     "image_settings": "Prent Instellings",
-    "image_settings_description": "Bestuur die kwaliteit en resolusie van gegenereerde beelde",
-    "image_thumbnail_description": "Klein kleinkiekies sonder metadata, gebruik om groepe foto's soos die tydlyn te bekyk",
-    "image_thumbnail_quality_description": "Kleinkiekiekwaliteit van 1-100. Hoër is beter, maar produseer groter lêers en kan die toepassing vertraag.",
-    "image_thumbnail_title": "Kleinkiekie-instellings",
-    "job_concurrency": "{job} gelyktydigheid",
-    "job_created": "Taak gemaak",
-    "job_not_concurrency_safe": "Hierdie taak kan nie gelyktydig uitgevoer word nie.",
-    "job_settings": "Agtergrondtaakinstellings"
+    "image_settings_description": "Bestuur die kwaliteit en resolusie van gegenereerde beelde"
   },
   "search_by_description": "Soek by beskrywing",
   "search_by_description_example": "Stapdag in Sapa"

i18n/be.json

@@ -4,7 +4,6 @@
   "account_settings": "Налады ўліковага запісу",
   "acknowledge": "Пацвердзіць",
   "action": "Дзеянне",
-  "action_common_update": "Абнавіць",
   "actions": "Дзеянні",
   "active": "Актыўны",
   "activity": "Актыўнасць",
@@ -21,10 +20,8 @@
   "add_partner": "Дадаць партнёра",
   "add_path": "Дадаць шлях",
   "add_photos": "Дадаць фота",
-  "add_to": "Дадаць у…",
+  "add_to": "Дадаць у...",
   "add_to_album": "Дадаць у альбом",
-  "add_to_album_bottom_sheet_added": "Дададзена да {album}",
-  "add_to_album_bottom_sheet_already_exists": "Ужо знаходзіцца ў {album}",
   "add_to_shared_album": "Дадаць у агульны альбом",
   "add_url": "Дадаць URL",
   "added_to_archive": "Дададзена ў архіў",
@@ -44,7 +41,6 @@
     "backup_settings": "Налады рэзервовага капіявання",
     "backup_settings_description": "Кіраванне наладкамі рэзервовага капіявання базы даных",
     "check_all": "Праверыць усе",
-    "cleanup": "Ачыстка",
     "cleared_jobs": "Ачышчаны заданні для: {job}",
     "config_set_by_file": "Канфігурацыя ў зараз усталявана праз файл канфігурацыі",
     "confirm_delete_library": "Вы ўпэўнены што жадаеце выдаліць {library} бібліятэку?",

i18n/bg.json

@@ -162,6 +162,7 @@
     "no_pattern_added": "Няма добавен модел",
     "note_apply_storage_label_previous_assets": "Забележка: За да приложите етикета за съхранение към предварително качени файлове, стартирайте",
     "note_cannot_be_changed_later": "ВНИМАНИЕ: Това не може да бъде променено по-късно!",
+    "note_unlimited_quota": "Бележка: Въведете 0 за да нямате лимит на квотата",
     "notification_email_from_address": "От адрес",
     "notification_email_from_address_description": "Електронна поща на изпращача, например: \"Immich Photo Server <noreply@example.com>\"",
     "notification_email_host_description": "Хост на сървъра за електронна поща (например: smtp.immich.app)",
@@ -922,6 +923,7 @@
   "no_shared_albums_message": "Създайте албум, за да споделяте снимки и видеоклипове с хората в мрежата си",
   "not_in_any_album": "Не е в никой албум",
   "note_apply_storage_label_to_previously_uploaded assets": "Забележка: За да приложите етикета за съхранение към предварително качени активи, стартирайте",
+  "note_unlimited_quota": "Забележка: Въведете 0 за неограничена квота",
   "notes": "Бележки",
   "notification_toggle_setting_description": "Активиране на имейл известия",
   "notifications": "Известия",
@@ -1372,4 +1374,4 @@
   "yes": "Да",
   "you_dont_have_any_shared_links": "Нямате споделени връзки",
   "zoom_image": "Увеличаване на изображението"
-}
+}

i18n/bi.json

@@ -1,22 +1,20 @@
 {
-  "about": "abaot",
-  "account": "Akaont",
-  "account_settings": "Seting blo Akaont",
-  "acknowledge": "Akcept",
+  "account": "",
+  "account_settings": "",
+  "acknowledge": "",
   "action": "",
   "actions": "",
-  "active": "Stap Mekem",
-  "activity": "Wanem hemi Mekem",
-  "activity_changed": "WAnem hemi Mekem hemi",
-  "add": "Ad",
-  "add_a_description": "Putem Description blo hem",
-  "add_a_location": "Putem place blo hem",
-  "add_a_name": "Putem nam blo hem",
-  "add_a_title": "Putem wan name blo hem",
-  "add_exclusion_pattern": "Putem wan paten wae hemi karem aot",
-  "add_import_path": "Putem wan pat blo import",
-  "add_location": "Putem wan place blo hem",
-  "add_more_users": "Putem mor man",
+  "active": "",
+  "activity": "",
+  "add": "",
+  "add_a_description": "",
+  "add_a_location": "",
+  "add_a_name": "",
+  "add_a_title": "",
+  "add_exclusion_pattern": "",
+  "add_import_path": "",
+  "add_location": "",
+  "add_more_users": "",
   "add_partner": "",
   "add_path": "",
   "add_photos": "",
@@ -118,6 +116,7 @@
     "no_pattern_added": "",
     "note_apply_storage_label_previous_assets": "",
     "note_cannot_be_changed_later": "",
+    "note_unlimited_quota": "",
     "notification_email_from_address": "",
     "notification_email_from_address_description": "",
     "notification_email_host_description": "",
@@ -613,6 +612,7 @@
   "no_shared_albums_message": "",
   "not_in_any_album": "",
   "note_apply_storage_label_to_previously_uploaded assets": "",
+  "note_unlimited_quota": "",
   "notes": "",
   "notification_toggle_setting_description": "",
   "notifications": "",

i18n/et.json

@@ -4,7 +4,6 @@
   "account_settings": "Konto seaded",
   "acknowledge": "Sain aru",
   "action": "Tegevus",
-  "action_common_update": "Uuenda",
   "actions": "Tegevused",
   "active": "Aktiivne",
   "activity": "Aktiivsus",
@@ -14,7 +13,6 @@
   "add_a_location": "Lisa asukoht",
   "add_a_name": "Lisa nimi",
   "add_a_title": "Lisa pealkiri",
-  "add_endpoint": "Lisa lõpp-punkt",
   "add_exclusion_pattern": "Lisa välistamismuster",
   "add_import_path": "Lisa imporditee",
   "add_location": "Lisa asukoht",
@@ -24,8 +22,6 @@
   "add_photos": "Lisa fotosid",
   "add_to": "Lisa kohta…",
   "add_to_album": "Lisa albumisse",
-  "add_to_album_bottom_sheet_added": "Lisatud albumisse {album}",
-  "add_to_album_bottom_sheet_already_exists": "On juba albumis {album}",
   "add_to_shared_album": "Lisa jagatud albumisse",
   "add_url": "Lisa URL",
   "added_to_archive": "Lisatud arhiivi",
@@ -39,11 +35,11 @@
     "authentication_settings_disable_all": "Kas oled kindel, et soovid kõik sisselogimismeetodid välja lülitada? Sisselogimine lülitatakse täielikult välja.",
     "authentication_settings_reenable": "Et taas lubada, kasuta <link>serveri käsku</link>.",
     "background_task_job": "Tausttegumid",
-    "backup_database": "Loo andmebaasi tõmmis",
-    "backup_database_enable_description": "Luba andmebaasi tõmmised",
-    "backup_keep_last_amount": "Eelmiste tõmmiste arv, mida alles hoida",
-    "backup_settings": "Andmebaasi tõmmiste seaded",
-    "backup_settings_description": "Halda andmebaasi tõmmiste seadeid. Märkus: Neid tööteid ei jälgita ning ebaõnnestumisest ei hoiatata.",
+    "backup_database": "Varunda andmebaas",
+    "backup_database_enable_description": "Luba andmebaasi varundamine",
+    "backup_keep_last_amount": "Varukoopiate arv, mida alles hoida",
+    "backup_settings": "Varundamise seaded",
+    "backup_settings_description": "Halda andmebaasi varundamise seadeid",
     "check_all": "Märgi kõik",
     "cleanup": "Koristus",
     "cleared_jobs": "Tööted eemaldatud: {job}",
@@ -70,11 +66,6 @@
     "forcing_refresh_library_files": "Kogu kõigi failide sundvärskendamine",
     "image_format": "Formaat",
     "image_format_description": "WebP failid on väiksemad kui JPEG, aga kodeerimine on aeglasem.",
-    "image_fullsize_description": "Täismõõdus pilt ilma metaandmeteta, kasutatakse sisse suumimisel",
-    "image_fullsize_enabled": "Luba täismõõdus piltide genereerimine",
-    "image_fullsize_enabled_description": "Genereeri mitte-veebisõbralike formaatide jaoks täismõõdus pilt. Kui \"Eelista manustatud eelvaadet\" on lubatud, kasutatakse manustatud eelvaateid otse ilma teisendamiseta. Ei mõjuta veebisõbralikke formaate nagu JPEG.",
-    "image_fullsize_quality_description": "Täismõõdus pildi kvaliteet vahemikus 1-100. Kõrgem väärtus on parem, aga tulemuseks on suuremad failid.",
-    "image_fullsize_title": "Täismõõdus pildi seaded",
     "image_prefer_embedded_preview": "Eelista manustatud eelvaadet",
     "image_prefer_embedded_preview_setting_description": "Kasuta pilditöötluse sisendina võimalusel RAW fotodesse manustatud eelvaateid. See võib mõnede piltide puhul anda tulemuseks täpsemad värvid, aga eelvaate kvaliteet sõltub konkreetsest kaamerast ning pildis võib olla rohkem tihendusmüra.",
     "image_prefer_wide_gamut": "Eelista laia värvigammat",
@@ -171,6 +162,7 @@
     "no_pattern_added": "Mustreid ei ole",
     "note_apply_storage_label_previous_assets": "Märkus: Et rakendada talletussilt varem üleslaaditud üksustele, käivita",
     "note_cannot_be_changed_later": "MÄRKUS: Seda ei saa hiljem muuta!",
+    "note_unlimited_quota": "Märkus: Piiramatu kvoodi jaoks sisesta 0",
     "notification_email_from_address": "Saatja aadress",
     "notification_email_from_address_description": "Saatja e-posti aadress, näiteks: \"Immich Photo Server <noreply@example.com>\"",
     "notification_email_host_description": "E-posti serveri host (nt. smtp.immich.app)",
@@ -371,10 +363,6 @@
   "admin_password": "Administraatori parool",
   "administration": "Administratsioon",
   "advanced": "Täpsemad valikud",
-  "advanced_settings_log_level_title": "Logimistase: {}",
-  "advanced_settings_proxy_headers_title": "Vaheserveri päised",
-  "advanced_settings_self_signed_ssl_title": "Luba endasigneeritud SSL-sertifikaadid",
-  "advanced_settings_troubleshooting_title": "Tõrkeotsing",
   "age_months": "Vanus {months, plural, one {# kuu} other {# kuud}}",
   "age_year_months": "Vanus 1 aasta, {months, plural, one {# kuu} other {# kuud}}",
   "age_years": "{years, plural, other {Vanus #}}",
@@ -383,8 +371,6 @@
   "album_cover_updated": "Albumi kaanepilt muudetud",
   "album_delete_confirmation": "Kas oled kindel, et soovid albumi {album} kustutada?",
   "album_delete_confirmation_description": "Kui see album on jagatud, ei pääse teised kasutajad sellele enam ligi.",
-  "album_info_card_backup_album_excluded": "VÄLJA JÄETUD",
-  "album_info_card_backup_album_included": "LISATUD",
   "album_info_updated": "Albumi info muudetud",
   "album_leave": "Lahku albumist?",
   "album_leave_confirmation": "Kas oled kindel, et soovid albumist {album} lahkuda?",
@@ -393,21 +379,10 @@
   "album_remove_user": "Eemalda kasutaja?",
   "album_remove_user_confirmation": "Kas oled kindel, et soovid kasutaja {user} eemaldada?",
   "album_share_no_users": "Paistab, et oled seda albumit kõikide kasutajatega jaganud, või pole ühtegi kasutajat, kellega jagada.",
-  "album_thumbnail_card_item": "1 üksus",
-  "album_thumbnail_card_items": "{} üksust",
-  "album_thumbnail_card_shared": " · Jagatud",
-  "album_thumbnail_shared_by": "Jagas {}",
   "album_updated": "Album muudetud",
   "album_updated_setting_description": "Saa teavitus e-posti teel, kui jagatud albumis on uusi üksuseid",
   "album_user_left": "Lahkutud albumist {album}",
   "album_user_removed": "Kasutaja {user} eemaldatud",
-  "album_viewer_appbar_delete_confirm": "Kas oled kindel, et soovid selle albumi oma kontolt kustutada?",
-  "album_viewer_appbar_share_err_delete": "Albumi kustutamine ebaõnnestus",
-  "album_viewer_appbar_share_err_leave": "Albumist lahkumine ebaõnnestus",
-  "album_viewer_appbar_share_err_remove": "Üksuste albumist eemaldamisel tekkis probleeme",
-  "album_viewer_appbar_share_err_title": "Albumi pealkirja muutmine ebaõnnestus",
-  "album_viewer_appbar_share_leave": "Lahku albumist",
-  "album_viewer_page_share_add_users": "Lisa kasutajaid",
   "album_with_link_access": "Luba kõigil, kellel on link, näha selle albumi fotosid ja isikuid.",
   "albums": "Albumid",
   "albums_count": "{count, plural, one {{count, number} album} other {{count, number} albumit}}",
@@ -425,36 +400,23 @@
   "api_key_description": "Seda väärtust kuvatakse ainult üks kord. Kopeeri see enne akna sulgemist.",
   "api_key_empty": "Su API võtme nimi ei tohiks olla tühi",
   "api_keys": "API võtmed",
-  "app_bar_signout_dialog_content": "Kas oled kindel, et soovid välja logida?",
-  "app_bar_signout_dialog_ok": "Jah",
-  "app_bar_signout_dialog_title": "Logi välja",
   "app_settings": "Rakenduse seaded",
   "appears_in": "Albumid",
   "archive": "Arhiiv",
   "archive_or_unarchive_photo": "Arhiveeri või taasta foto",
-  "archive_page_no_archived_assets": "Arhiveeritud üksuseid ei leitud",
   "archive_size": "Arhiivi suurus",
   "archive_size_description": "Seadista arhiivi suurus allalaadimiseks (GiB)",
-  "archived": "Arhiveeritud",
   "archived_count": "{count, plural, other {# arhiveeritud}}",
   "are_these_the_same_person": "Kas need on sama isik?",
   "are_you_sure_to_do_this": "Kas oled kindel, et soovid seda teha?",
-  "asset_action_delete_err_read_only": "Kirjutuskaitstud üksuseid ei saa kustutada, jätan vahele",
   "asset_added_to_album": "Lisatud albumisse",
   "asset_adding_to_album": "Albumisse lisamine…",
   "asset_description_updated": "Üksuse kirjeldus on muudetud",
   "asset_filename_is_offline": "Üksus {filename} ei ole kättesaadav",
   "asset_has_unassigned_faces": "Üksusel on seostamata nägusid",
   "asset_hashing": "Räsimine…",
-  "asset_list_group_by_sub_title": "Grupeeri",
-  "asset_list_layout_settings_dynamic_layout_title": "Dünaamiline asetus",
-  "asset_list_layout_settings_group_automatically": "Automaatne",
-  "asset_list_layout_settings_group_by": "Grupeeri üksused",
-  "asset_list_layout_settings_group_by_month_day": "Kuu + päev",
-  "asset_list_layout_sub_title": "Asetus",
   "asset_offline": "Üksus pole kättesaadav",
   "asset_offline_description": "Seda välise kogu üksust ei leitud kettalt. Abi saamiseks palun võta ühendust oma Immich'i administraatoriga.",
-  "asset_restored_successfully": "Üksus edukalt taastatud",
   "asset_skipped": "Vahele jäetud",
   "asset_skipped_in_trash": "Prügikastis",
   "asset_uploaded": "Üleslaaditud",
@@ -472,26 +434,8 @@
   "assets_trashed_count": "{count, plural, one {# üksus} other {# üksust}} liigutatud prügikasti",
   "assets_were_part_of_album_count": "{count, plural, one {Üksus oli} other {Üksused olid}} juba osa albumist",
   "authorized_devices": "Autoriseeritud seadmed",
-  "automatic_endpoint_switching_subtitle": "Ühendu lokaalselt üle valitud WiFi-võrgu, kui see on saadaval, ja kasuta mujal alternatiivseid ühendusi",
   "back": "Tagasi",
   "back_close_deselect": "Tagasi, sulge või tühista valik",
-  "backup_album_selection_page_select_albums": "Vali albumid",
-  "backup_album_selection_page_selection_info": "Valiku info",
-  "backup_album_selection_page_total_assets": "Unikaalseid üksuseid kokku",
-  "backup_all": "Kõik",
-  "backup_background_service_default_notification": "Uute üksuste kontrollimine…",
-  "backup_background_service_error_title": "Varundamise viga",
-  "backup_controller_page_background_battery_info_ok": "OK",
-  "backup_controller_page_background_wifi": "Ainult WiFi-võrgus",
-  "backup_controller_page_backup_sub": "Varundatud fotod ja videod",
-  "backup_controller_page_desc_backup": "Lülita sisse esiplaanil varundamine, et rakenduse avamisel uued üksused automaatselt serverisse üles laadida.",
-  "backup_controller_page_to_backup": "Albumid, mida varundada",
-  "backup_controller_page_total_sub": "Kõik unikaalsed fotod ja videod valitud albumitest",
-  "backup_err_only_album": "Ei saa ainsat albumit eemaldada",
-  "backup_info_card_assets": "üksused",
-  "backup_manual_cancelled": "Tühistatud",
-  "backup_manual_title": "Üleslaadimise staatus",
-  "backup_setting_subtitle": "Halda taustal ja esiplaanil üleslaadimise seadeid",
   "backward": "Tagasi",
   "birthdate_saved": "Sünnikuupäev salvestatud",
   "birthdate_set_description": "Sünnikuupäeva kasutatakse isiku vanuse arvutamiseks foto tegemise hetkel.",
@@ -503,14 +447,11 @@
   "bulk_keep_duplicates_confirmation": "Kas oled kindel, et soovid {count, plural, one {# dubleeritud üksuse} other {# dubleeritud üksust}} alles jätta? Sellega märgitakse kõik duplikaadigrupid lahendatuks ilma midagi kustutamata.",
   "bulk_trash_duplicates_confirmation": "Kas oled kindel, et soovid {count, plural, one {# dubleeritud üksuse} other {# dubleeritud üksust}} masskustutada? Sellega jäetakse alles iga grupi suurim üksus ning duplikaadid liigutatakse prügikasti.",
   "buy": "Osta Immich",
-  "cache_settings_clear_cache_button": "Tühjenda puhver",
-  "cache_settings_statistics_title": "Puhvri kasutus",
   "camera": "Kaamera",
   "camera_brand": "Kaamera mark",
   "camera_model": "Kaamera mudel",
   "cancel": "Katkesta",
   "cancel_search": "Katkesta otsing",
-  "canceled": "Tühistatud",
   "cannot_merge_people": "Ei saa isikuid ühendada",
   "cannot_undo_this_action": "Sa ei saa seda tagasi võtta!",
   "cannot_update_the_description": "Kirjelduse muutmine ebaõnnestus",
@@ -521,10 +462,6 @@
   "change_name_successfully": "Nimi edukalt muudetud",
   "change_password": "Parooli muutmine",
   "change_password_description": "See on su esimene kord süsteemi siseneda, või on tehtud taotlus parooli muutmiseks. Palun sisesta allpool uus parool.",
-  "change_password_form_confirm_password": "Kinnita parool",
-  "change_password_form_new_password": "Uus parool",
-  "change_password_form_password_mismatch": "Paroolid ei klapi",
-  "change_password_form_reenter_new_password": "Korda uut parooli",
   "change_your_password": "Muuda oma parooli",
   "changed_visibility_successfully": "Nähtavus muudetud",
   "check_all": "Märgi kõik",
@@ -536,14 +473,6 @@
   "clear_all_recent_searches": "Tühjenda hiljutised otsingud",
   "clear_message": "Tühjenda sõnum",
   "clear_value": "Tühjenda väärtus",
-  "client_cert_dialog_msg_confirm": "OK",
-  "client_cert_enter_password": "Sisesta parool",
-  "client_cert_import": "Impordi",
-  "client_cert_import_success_msg": "Klientsertifikaat on imporditud",
-  "client_cert_invalid_msg": "Vigane sertifikaadi fail või vale parool",
-  "client_cert_remove_msg": "Klientsertifikaat on eemaldatud",
-  "client_cert_subtitle": "Toetab ainult PKCS12 (.p12, .pfx) formaati. Sertifikaadi importimine/eemaldamine on saadaval ainult enne sisselogimist",
-  "client_cert_title": "SSL klientsertifikaat",
   "clockwise": "Päripäeva",
   "close": "Sulge",
   "collapse": "Peida",
@@ -554,8 +483,6 @@
   "comment_options": "Kommentaari valikud",
   "comments_and_likes": "Kommentaarid ja meeldimised",
   "comments_are_disabled": "Kommentaarid on keelatud",
-  "common_create_new_album": "Lisa uus album",
-  "completed": "Lõpetatud",
   "confirm": "Kinnita",
   "confirm_admin_password": "Kinnita administraatori parool",
   "confirm_delete_face": "Kas oled kindel, et soovid isiku {name} näo üksuselt kustutada?",
@@ -565,10 +492,6 @@
   "contain": "Mahuta ära",
   "context": "Kontekst",
   "continue": "Jätka",
-  "control_bottom_app_bar_create_new_album": "Lisa uus album",
-  "control_bottom_app_bar_delete_from_local": "Kustuta seadmest",
-  "control_bottom_app_bar_edit_location": "Muuda asukohta",
-  "control_bottom_app_bar_edit_time": "Muuda kuupäeva ja aega",
   "copied_image_to_clipboard": "Pilt kopeeritud lõikelauale.",
   "copied_to_clipboard": "Kopeeritud lõikelauale!",
   "copy_error": "Kopeeri viga",
@@ -590,7 +513,6 @@
   "create_new_person": "Lisa uus isik",
   "create_new_person_hint": "Seosta valitud üksused uue isikuga",
   "create_new_user": "Lisa uus kasutaja",
-  "create_shared_album_page_share_select_photos": "Vali fotod",
   "create_tag": "Lisa silt",
   "create_tag_description": "Lisa uus silt. Pesastatud siltide jaoks sisesta täielik tee koos kaldkriipsudega.",
   "create_user": "Lisa kasutaja",
@@ -615,23 +537,19 @@
   "delete": "Kustuta",
   "delete_album": "Kustuta album",
   "delete_api_key_prompt": "Kas oled kindel, et soovid selle API võtme kustutada?",
-  "delete_dialog_title": "Kustuta jäädavalt",
   "delete_duplicates_confirmation": "Kas oled kindel, et soovid need duplikaadid jäädavalt kustutada?",
   "delete_face": "Kustuta nägu",
   "delete_key": "Kustuta võti",
   "delete_library": "Kustuta kogu",
   "delete_link": "Kustuta link",
-  "delete_local_dialog_ok_backed_up_only": "Kustuta ainult varundatud",
   "delete_others": "Kustuta teised",
   "delete_shared_link": "Kustuta jagatud link",
-  "delete_shared_link_dialog_title": "Kustuta jagatud link",
   "delete_tag": "Kustuta silt",
   "delete_tag_confirmation_prompt": "Kas oled kindel, et soovid sildi {tagName} kustutada?",
   "delete_user": "Kustuta kasutaja",
   "deleted_shared_link": "Jagatud link kustutatud",
   "deletes_missing_assets": "Kustutab üksused, mis on kettalt puudu",
   "description": "Kirjeldus",
-  "description_input_hint_text": "Lisa kirjeldus...",
   "details": "Üksikasjad",
   "direction": "Suund",
   "disabled": "Välja lülitatud",
@@ -648,20 +566,10 @@
   "documentation": "Dokumentatsioon",
   "done": "Tehtud",
   "download": "Laadi alla",
-  "download_canceled": "Allalaadimine katkestatud",
-  "download_complete": "Allalaadimine lõpetatud",
-  "download_enqueue": "Allalaadimine ootel",
-  "download_error": "Allalaadimise viga",
-  "download_failed": "Allalaadimine ebaõnnestus",
-  "download_finished": "Allalaadimine lõpetatud",
   "download_include_embedded_motion_videos": "Manustatud videod",
   "download_include_embedded_motion_videos_description": "Lisa liikuvatesse fotodesse manustatud videod eraldi failidena",
-  "download_paused": "Allalaadimine peatatud",
   "download_settings": "Allalaadimine",
   "download_settings_description": "Halda üksuste allalaadimise seadeid",
-  "download_started": "Allalaadimine alustatud",
-  "download_sucess": "Allalaadimine õnnestus",
-  "download_sucess_android": "Meediumid laaditi alla kataloogi DCIM/Immich",
   "downloading": "Allalaadimine",
   "downloading_asset_filename": "Üksuse {filename} allalaadimine",
   "drop_files_to_upload": "Failide üleslaadimiseks sikuta need ükskõik kuhu",
@@ -680,7 +588,6 @@
   "edit_key": "Muuda võtit",
   "edit_link": "Muuda linki",
   "edit_location": "Muuda asukohta",
-  "edit_location_dialog_title": "Asukoht",
   "edit_name": "Muuda nime",
   "edit_people": "Muuda isikuid",
   "edit_tag": "Muuda silti",
@@ -693,15 +600,12 @@
   "editor_crop_tool_h2_aspect_ratios": "Kuvasuhted",
   "editor_crop_tool_h2_rotation": "Pööre",
   "email": "E-post",
-  "empty_folder": "See kaust on tühi",
   "empty_trash": "Tühjenda prügikast",
   "empty_trash_confirmation": "Kas oled kindel, et soovid prügikasti tühjendada? See eemaldab kõik seal olevad üksused Immich'ist jäädavalt.\nSeda tegevust ei saa tagasi võtta!",
   "enable": "Luba",
   "enabled": "Lubatud",
   "end_date": "Lõppkuupäev",
-  "enter_wifi_name": "Sisesta WiFi-võrgu nimi",
   "error": "Viga",
-  "error_change_sort_album": "Albumi sorteerimisjärjestuse muutmine ebaõnnestus",
   "error_delete_face": "Viga näo kustutamisel",
   "error_loading_image": "Viga pildi laadimisel",
   "error_title": "Viga - midagi läks valesti",
@@ -832,14 +736,8 @@
     "unable_to_upload_file": "Faili üleslaadimine ebaõnnestus"
   },
   "exif": "Exif",
-  "exif_bottom_sheet_description": "Lisa kirjeldus...",
-  "exif_bottom_sheet_details": "ÜKSIKASJAD",
-  "exif_bottom_sheet_location": "ASUKOHT",
-  "exif_bottom_sheet_people": "ISIKUD",
-  "exif_bottom_sheet_person_add_person": "Lisa nimi",
   "exit_slideshow": "Sulge slaidiesitlus",
   "expand_all": "Näita kõik",
-  "experimental_settings_title": "Eksperimentaalne",
   "expire_after": "Aegub",
   "expired": "Aegunud",
   "expires_date": "Aegub {date}",
@@ -850,7 +748,6 @@
   "extension": "Laiend",
   "external": "Väline",
   "external_libraries": "Välised kogud",
-  "external_network_sheet_info": "Kui seade ei ole eelistatud WiFi-võrgus, ühendub rakendus serveriga allolevatest URL-idest esimese kättesaadava kaudu, alustades ülevalt",
   "face_unassigned": "Seostamata",
   "failed_to_load_assets": "Üksuste laadimine ebaõnnestus",
   "favorite": "Lemmik",
@@ -866,8 +763,6 @@
   "filter_people": "Filtreeri isikuid",
   "find_them_fast": "Leia teda kiiresti nime järgi otsides",
   "fix_incorrect_match": "Paranda ebaõige vaste",
-  "folder": "Kaust",
-  "folder_not_found": "Kausta ei leitud",
   "folders": "Kaustad",
   "folders_feature_description": "Kaustavaate abil failisüsteemis olevate fotode ja videote sirvimine",
   "forward": "Edasi",
@@ -884,10 +779,6 @@
   "group_places_by": "Grupeeri kohad...",
   "group_year": "Grupeeri aasta kaupa",
   "has_quota": "On kvoot",
-  "header_settings_add_header_tip": "Lisa päis",
-  "header_settings_field_validator_msg": "Väärtus ei saa olla tühi",
-  "header_settings_header_name_input": "Päise nimi",
-  "header_settings_header_value_input": "Päise väärtus",
   "hi_user": "Tere {name} ({email})",
   "hide_all_people": "Peida kõik isikud",
   "hide_gallery": "Peida galerii",
@@ -895,20 +786,8 @@
   "hide_password": "Peida parool",
   "hide_person": "Peida isik",
   "hide_unnamed_people": "Peida nimetud isikud",
-  "home_page_add_to_album_conflicts": "{added} üksust lisati albumisse {album}. {failed} üksust oli juba albumis.",
-  "home_page_add_to_album_err_local": "Lokaalseid üksuseid ei saa veel albumisse lisada, jätan vahele",
-  "home_page_add_to_album_success": "{added} üksust lisati albumisse {album}.",
-  "home_page_album_err_partner": "Partneri üksuseid ei saa veel albumisse lisada, jätan vahele",
-  "home_page_archive_err_local": "Lokaalseid üksuseid ei saa veel arhiveerida, jätan vahele",
-  "home_page_archive_err_partner": "Partneri üksuseid ei saa arhiveerida, jätan vahele",
-  "home_page_building_timeline": "Ajajoone koostamine",
-  "home_page_delete_err_partner": "Partneri üksuseid ei saa kustutada, jätan vahele",
-  "home_page_favorite_err_local": "Lokaalseid üksuseid ei saa lemmikuks märkida, jätan vahele",
-  "home_page_favorite_err_partner": "Partneri üksuseid ei saa lemmikuks märkida, jätan vahele",
-  "home_page_share_err_local": "Lokaalseid üksuseid ei saa lingiga jagada, jätan vahele",
   "host": "Host",
   "hour": "Tund",
-  "ignore_icloud_photos": "Ignoreeri iCloud fotosid",
   "image": "Pilt",
   "image_alt_text_date": "{isVideo, select, true {Video} other {Pilt}} tehtud {date}",
   "image_alt_text_date_1_person": "{isVideo, select, true {Video} other {Pilt}} tehtud {date} koos isikuga {person1}",
@@ -920,8 +799,6 @@
   "image_alt_text_date_place_2_people": "{isVideo, select, true {Video} other {Pilt}} tehtud {date} kohas {city}, {country} koos isikutega {person1} ja {person2}",
   "image_alt_text_date_place_3_people": "{isVideo, select, true {Video} other {Pilt}} tehtud {date} kohas {city}, {country} koos isikutega {person1}, {person2} ja {person3}",
   "image_alt_text_date_place_4_or_more_people": "{isVideo, select, true {Video} other {Pilt}} tehtud {date} kohas {city}, {country} koos {person1}, {person2} ja veel {additionalCount, number} isikuga",
-  "image_viewer_page_state_provider_download_started": "Allalaadimine alustatud",
-  "image_viewer_page_state_provider_download_success": "Allalaadimine õnnestus",
   "immich_logo": "Immich'i logo",
   "immich_web_interface": "Immich'i veebiliides",
   "import_from_json": "Impordi JSON-formaadist",
@@ -940,8 +817,6 @@
     "night_at_midnight": "Iga päev keskööl",
     "night_at_twoam": "Iga öö kell 2"
   },
-  "invalid_date": "Vigane kuupäev",
-  "invalid_date_format": "Vigane kuupäevaformaat",
   "invite_people": "Kutsu inimesi",
   "invite_to_album": "Kutsu albumisse",
   "items_count": "{count, plural, one {# üksus} other {# üksust}}",
@@ -962,9 +837,6 @@
   "level": "Tase",
   "library": "Kogu",
   "library_options": "Kogu seaded",
-  "library_page_new_album": "Uus album",
-  "library_page_sort_asset_count": "Üksuste arv",
-  "library_page_sort_title": "Albumi pealkiri",
   "light": "Hele",
   "like_deleted": "Meeldimine kustutatud",
   "link_motion_video": "Lingi liikuv video",
@@ -974,24 +846,12 @@
   "list": "Loend",
   "loading": "Laadimine",
   "loading_search_results_failed": "Otsitulemuste laadimine ebaõnnestus",
-  "local_network_sheet_info": "Rakendus ühendub valitud Wi-Fi võrgus olles serveriga selle URL-i kaudu",
-  "location_permission_content": "Automaatseks ümberlülitumiseks vajab Immich täpse asukoha luba, et saaks lugeda aktiivse WiFi-võrgu nime",
-  "location_picker_choose_on_map": "Vali kaardil",
   "log_out": "Logi välja",
   "log_out_all_devices": "Logi kõigist seadmetest välja",
   "logged_out_all_devices": "Kõigist seadmetest välja logitud",
   "logged_out_device": "Seadmest välja logitud",
   "login": "Logi sisse",
-  "login_form_back_button_text": "Tagasi",
-  "login_form_email_hint": "sinunimi@email.com",
-  "login_form_endpoint_hint": "http://serveri-ip:port",
-  "login_form_endpoint_url": "Serveri lõpp-punkti URL",
-  "login_form_err_http": "Palun täpsusta http:// või https://",
-  "login_form_err_invalid_email": "Vigane e-posti aadress",
-  "login_form_err_invalid_url": "Vigane URL",
-  "login_form_password_hint": "parool",
   "login_has_been_disabled": "Sisselogimine on keelatud.",
-  "login_password_changed_success": "Parool edukalt uuendatud",
   "logout_all_device_confirmation": "Kas oled kindel, et soovid kõigist seadmetest välja logida?",
   "logout_this_device_confirmation": "Kas oled kindel, et soovid sellest seadmest välja logida?",
   "longitude": "Pikkuskraad",
@@ -999,7 +859,6 @@
   "loop_videos": "Taasesita videod",
   "loop_videos_description": "Lülita sisse, et detailvaates videot automaatselt taasesitada.",
   "main_branch_warning": "Sa kasutad arendusversiooni; soovitame tungivalt kasutada väljalaskeversiooni!",
-  "main_menu": "Peamenüü",
   "make": "Mark",
   "manage_shared_links": "Halda jagatud linke",
   "manage_sharing_with_partners": "Halda partneritega jagamist",
@@ -1012,14 +871,10 @@
   "map_marker_for_images": "Kaardimarker kohas {city}, {country} tehtud piltide jaoks",
   "map_marker_with_image": "Kaardimarker pildiga",
   "map_settings": "Kaardi seaded",
-  "map_settings_date_range_option_day": "Viimased 24 tundi",
-  "map_settings_date_range_option_year": "Viimane aasta",
-  "map_settings_dialog_title": "Kaardi seaded",
   "matches": "Ühtivad failid",
-  "media_type": "Meediumi tüüp",
+  "media_type": "Meedia tüüp",
   "memories": "Mälestused",
   "memories_setting_description": "Halda, mida sa oma mälestustes näed",
-  "memories_year_ago": "Aasta tagasi",
   "memory": "Mälestus",
   "memory_lane_title": "Mälestus {title}",
   "menu": "Menüü",
@@ -1036,14 +891,10 @@
   "month": "Kuu",
   "more": "Rohkem",
   "moved_to_trash": "Liigutatud prügikasti",
-  "multiselect_grid_edit_date_time_err_read_only": "Kirjutuskaitsega üksus(t)e kuupäeva ei saa muuta, jätan vahele",
-  "multiselect_grid_edit_gps_err_read_only": "Kirjutuskaitsega üksus(t)e asukohta ei saa muuta, jätan vahele",
   "mute_memories": "Vaigista mälestused",
   "my_albums": "Minu albumid",
   "name": "Nimi",
   "name_or_nickname": "Nimi või hüüdnimi",
-  "networking_settings": "Võrguühendus",
-  "networking_subtitle": "Halda serveri lõpp-punkti seadeid",
   "never": "Mitte kunagi",
   "new_album": "Uus album",
   "new_api_key": "Uus API võti",
@@ -1072,6 +923,7 @@
   "no_shared_albums_message": "Lisa album, et fotosid ja videosid teistega jagada",
   "not_in_any_album": "Pole üheski albumis",
   "note_apply_storage_label_to_previously_uploaded assets": "Märkus: Et rakendada talletussilt varem üleslaaditud üksustele, käivita",
+  "note_unlimited_quota": "Märkus: Piiramatu kvoodi jaoks sisesta 0",
   "notes": "Märkused",
   "notification_toggle_setting_description": "Luba e-posti teel teavitused",
   "notifications": "Teavitused",
@@ -1106,9 +958,6 @@
   "partner_can_access": "{partner} pääseb ligi",
   "partner_can_access_assets": "Kõik su fotod ja videod, välja arvatud arhiveeritud ja kustutatud",
   "partner_can_access_location": "Asukohad, kus su fotod tehti",
-  "partner_list_view_all": "Vaata kõiki",
-  "partner_page_partner_add_failed": "Partneri lisamine ebaõnnestus",
-  "partner_page_select_partner": "Vali partner",
   "partner_sharing": "Partneriga jagamine",
   "partners": "Partnerid",
   "password": "Parool",
@@ -1137,7 +986,6 @@
   "permanently_delete_assets_prompt": "Kas oled kindel, et soovid {count, plural, one {selle üksuse} other {need <b>#</b> üksust}} jäädavalt kustutada? Sellega eemaldatakse {count, plural, one {see} other {need}} ka oma albumi(te)st.",
   "permanently_deleted_asset": "Üksus jäädavalt kustutatud",
   "permanently_deleted_assets_count": "{count, plural, one {# üksus} other {# üksust}} jäädavalt kustutatud",
-  "permission_onboarding_back": "Tagasi",
   "person": "Isik",
   "person_birthdate": "Sündinud {date}",
   "person_hidden": "{name}{hidden, select, true { (peidetud)} other {}}",
@@ -1155,7 +1003,6 @@
   "play_motion_photo": "Esita liikuv foto",
   "play_or_pause_video": "Esita või peata video",
   "port": "Port",
-  "preferences_settings_title": "Eelistused",
   "preset": "Eelseadistus",
   "preview": "Eelvaade",
   "previous": "Eelmine",
@@ -1163,8 +1010,6 @@
   "previous_or_next_photo": "Eelmine või järgmine foto",
   "primary": "Peamine",
   "privacy": "Privaatsus",
-  "profile_drawer_app_logs": "Logid",
-  "profile_drawer_github": "GitHub",
   "profile_image_of_user": "Kasutaja {user} profiilipilt",
   "profile_picture_set": "Profiilipilt määratud.",
   "public_album": "Avalik album",
@@ -1214,8 +1059,6 @@
   "recent": "Hiljutine",
   "recent-albums": "Hiljutised albumid",
   "recent_searches": "Hiljutised otsingud",
-  "recently_added": "Hiljuti lisatud",
-  "recently_added_page_title": "Hiljuti lisatud",
   "refresh": "Värskenda",
   "refresh_encoded_videos": "Värskenda kodeeritud videod",
   "refresh_faces": "Värskenda näod",
@@ -1236,8 +1079,6 @@
   "remove_from_album": "Eemalda albumist",
   "remove_from_favorites": "Eemalda lemmikutest",
   "remove_from_shared_link": "Eemalda jagatud lingist",
-  "remove_memory": "Eemalda mälestus",
-  "remove_photo_from_memory": "Eemalda foto sellest mälestusest",
   "remove_url": "Eemalda URL",
   "remove_user": "Eemalda kasutaja",
   "removed_api_key": "API võti eemaldatud: {name}",
@@ -1272,7 +1113,6 @@
   "role_editor": "Muutja",
   "role_viewer": "Vaataja",
   "save": "Salvesta",
-  "save_to_gallery": "Salvesta galeriisse",
   "saved_api_key": "API võti salvestatud",
   "saved_profile": "Profiil salvestatud",
   "saved_settings": "Seaded salvestatud",
@@ -1292,32 +1132,14 @@
   "search_camera_model": "Otsi kaamera mudelit...",
   "search_city": "Otsi linna...",
   "search_country": "Otsi riiki...",
-  "search_filter_camera_title": "Vali kaamera tüüp",
-  "search_filter_date": "Kuupäev",
-  "search_filter_date_interval": "{start} kuni {end}",
-  "search_filter_date_title": "Vali kuupäevavahemik",
-  "search_filter_display_options": "Kuva valikud",
-  "search_filter_filename": "Otsi failinime alusel",
-  "search_filter_location": "Asukoht",
-  "search_filter_location_title": "Vali asukoht",
-  "search_filter_media_type": "Meediumi tüüp",
-  "search_filter_media_type_title": "Vali meediumi tüüp",
-  "search_filter_people_title": "Vali isikud",
   "search_for": "Otsi",
   "search_for_existing_person": "Otsi olemasolevat isikut",
   "search_no_people": "Isikuid ei ole",
   "search_no_people_named": "Ei ole isikuid nimega \"{name}\"",
   "search_options": "Otsingu valikud",
-  "search_page_categories": "Kategooriad",
-  "search_page_screenshots": "Ekraanipildid",
-  "search_page_search_photos_videos": "Otsi oma fotosid ja videosid",
-  "search_page_selfies": "Selfid",
-  "search_page_things": "Asjad",
-  "search_page_view_all_button": "Vaata kõiki",
   "search_people": "Otsi inimesi",
   "search_places": "Otsi kohti",
   "search_rating": "Otsi hinnangu järgi...",
-  "search_result_page_new_search_hint": "Uus otsing",
   "search_settings": "Otsi seadeid",
   "search_state": "Otsi osariiki...",
   "search_tags": "Otsi silte...",
@@ -1327,7 +1149,6 @@
   "searching_locales": "Lokaatide otsimine...",
   "second": "Sekund",
   "see_all_people": "Vaata kõiki isikuid",
-  "select": "Vali",
   "select_album_cover": "Vali albumi kaanepilt",
   "select_all": "Vali kõik",
   "select_all_duplicates": "Vali kõik duplikaadid",
@@ -1340,14 +1161,10 @@
   "select_new_face": "Vali uus nägu",
   "select_photos": "Vali fotod",
   "select_trash_all": "Vali kõik prügikasti",
-  "select_user_for_sharing_page_err_album": "Albumi lisamine ebaõnnestus",
   "selected": "Valitud",
   "selected_count": "{count, plural, other {# valitud}}",
   "send_message": "Saada sõnum",
   "send_welcome_email": "Saada tervituskiri",
-  "server_endpoint": "Serveri lõpp-punkt",
-  "server_info_box_app_version": "Rakenduse versioon",
-  "server_info_box_server_url": "Serveri URL",
   "server_offline": "Serveriga ühendus puudub",
   "server_online": "Server ühendatud",
   "server_stats": "Serveri statistika",
@@ -1359,42 +1176,22 @@
   "set_date_of_birth": "Määra sünnikuupäev",
   "set_profile_picture": "Sea profiilipilt",
   "set_slideshow_to_fullscreen": "Kuva slaidiesitlus täisekraanil",
-  "setting_languages_apply": "Rakenda",
-  "setting_languages_title": "Keeled",
-  "setting_notifications_notify_immediately": "kohe",
-  "setting_notifications_notify_never": "mitte kunagi",
   "settings": "Seaded",
   "settings_saved": "Seaded salvestatud",
   "share": "Jaga",
   "shared": "Jagatud",
-  "shared_album_section_people_action_error": "Viga albumist eemaldamisel/lahkumisel",
-  "shared_album_section_people_action_leave": "Eemalda kasutaja albumist",
-  "shared_album_section_people_action_remove_user": "Eemalda kasutaja albumist",
-  "shared_album_section_people_title": "ISIKUD",
   "shared_by": "Jagas",
   "shared_by_user": "Jagas {user}",
   "shared_by_you": "Jagasid sina",
   "shared_from_partner": "Fotod partnerilt {partner}",
-  "shared_link_app_bar_title": "Jagatud lingid",
-  "shared_link_clipboard_copied_massage": "Kopeeritud lõikelauale",
-  "shared_link_create_error": "Viga jagatud lingi loomisel",
-  "shared_link_edit_expire_after_option_day": "1 päev",
-  "shared_link_edit_expire_after_option_hour": "1 tund",
-  "shared_link_edit_expire_after_option_minute": "1 minut",
-  "shared_link_info_chip_metadata": "EXIF",
-  "shared_link_manage_links": "Halda jagatud linke",
   "shared_link_options": "Jagatud lingi valikud",
   "shared_links": "Jagatud lingid",
   "shared_links_description": "Jaga fotosid ja videosid lingiga",
   "shared_photos_and_videos_count": "{assetCount, plural, other {# jagatud fotot ja videot.}}",
-  "shared_with_me": "Minuga jagatud",
   "shared_with_partner": "Jagatud partneriga {partner}",
   "sharing": "Jagamine",
   "sharing_enter_password": "Palun sisesta selle lehe vaatamiseks salasõna.",
-  "sharing_page_album": "Jagatud albumid",
   "sharing_sidebar_description": "Kuva külgmenüüs Jagamise linki",
-  "sharing_silver_appbar_create_shared_album": "Uus jagatud album",
-  "sharing_silver_appbar_share_partner": "Jaga partneriga",
   "shift_to_permanent_delete": "vajuta ⇧, et üksus jäädavalt kustutada",
   "show_album_options": "Näita albumi valikuid",
   "show_albums": "Näita albumeid",
@@ -1461,7 +1258,6 @@
   "support_third_party_description": "Sinu Immich'i install on kolmanda osapoole pakendatud. Probleemid, mida täheldad, võivad olla põhjustatud selle pakendamise poolt, seega võta esmajärjekorras nendega ühendust, kasutades allolevaid linke.",
   "swap_merge_direction": "Muuda ühendamise suunda",
   "sync": "Sünkrooni",
-  "sync_albums": "Sünkrooni albumid",
   "tag": "Silt",
   "tag_assets": "Sildista üksuseid",
   "tag_created": "Lisatud silt: {tag}",
@@ -1475,9 +1271,6 @@
   "theme": "Teema",
   "theme_selection": "Teema valik",
   "theme_selection_description": "Sea automaatselt hele või tume teema vastavalt veebilehitseja eelistustele",
-  "theme_setting_primary_color_title": "Põhivärv",
-  "theme_setting_system_primary_color_title": "Kasuta süsteemset värvi",
-  "theme_setting_system_theme_switch": "Automaatne (järgi süsteemi seadet)",
   "they_will_be_merged_together": "Nad ühendatakse kokku",
   "third_party_resources": "Kolmanda osapoole ressursid",
   "time_based_memories": "Ajapõhised mälestused",
@@ -1498,9 +1291,6 @@
   "trash_count": "Liiguta {count, number} prügikasti",
   "trash_delete_asset": "Kustuta üksus",
   "trash_no_results_message": "Siia ilmuvad prügikasti liigutatud fotod ja videod.",
-  "trash_page_delete_all": "Kustuta kõik",
-  "trash_page_restore_all": "Taasta kõik",
-  "trash_page_select_assets_btn": "Vali üksused",
   "trashed_items_will_be_permanently_deleted_after": "Prügikasti tõstetud üksused kustutatakse jäädavalt {days, plural, one {# päeva} other {# päeva}} pärast.",
   "type": "Tüüp",
   "unarchive": "Taasta arhiivist",
@@ -1536,7 +1326,6 @@
   "upload_status_errors": "Vead",
   "upload_status_uploaded": "Üleslaaditud",
   "upload_success": "Üleslaadimine õnnestus, uute üksuste nägemiseks värskenda lehte.",
-  "uploading": "Üleslaadimine",
   "url": "URL",
   "usage": "Kasutus",
   "use_custom_date_range": "Kasuta kohandatud kuupäevavahemikku",
@@ -1574,21 +1363,16 @@
   "view_name": "Vaade",
   "view_next_asset": "Vaata järgmist üksust",
   "view_previous_asset": "Vaata eelmist üksust",
-  "view_qr_code": "Vaata QR-koodi",
   "view_stack": "Vaata virna",
-  "viewer_remove_from_stack": "Eemalda virnast",
-  "viewer_unstack": "Eralda",
   "visibility_changed": "{count, plural, one {# isiku} other {# isiku}} nähtavus muudetud",
   "waiting": "Ootel",
   "warning": "Hoiatus",
   "week": "Nädal",
   "welcome": "Tere tulemast",
   "welcome_to_immich": "Tere tulemast Immich'isse",
-  "wifi_name": "WiFi-võrgu nimi",
   "year": "Aasta",
   "years_ago": "{years, plural, one {# aasta} other {# aastat}} tagasi",
   "yes": "Jah",
   "you_dont_have_any_shared_links": "Sul pole ühtegi jagatud linki",
-  "your_wifi_name": "Sinu WiFi-võrgu nimi",
   "zoom_image": "Suumi pilti"
-}
+}