fix: update selectors for disabled state in thumbnail component

Merge remote-tracking branch 'origin/feat/shared-album-owner-labels' into refactor/expectSelectedReadonly
refactor(e2e/web): resolve todo of expectSelectedReadonly
2026-03-04 00:17:00 +00:00 · 2025-11-30 11:44:15 +09:00 · 2025-11-30 09:54:20 +09:00 · 2025-11-30 09:35:30 +09:00 · 2025-11-25 22:59:30 -05:00 · 2025-11-23 22:03:16 -05:00
2223 changed files with 45310 additions and 161789 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -2,7 +2,6 @@
  "name": "Immich - Backend, Frontend and ML",
  "service": "immich-server",
  "runServices": [
-    "immich-init",
    "immich-server",
    "redis",
    "database",
@@ -27,59 +26,7 @@
        "vitest.explorer",
        "ms-playwright.playwright",
        "ms-azuretools.vscode-docker"
-      ],
-      "settings": {
-        "tasks": {
-          "version": "2.0.0",
-          "tasks": [
-            {
-              "label": "Immich API Server (Nest)",
-              "type": "shell",
-              "command": "[ -f /immich-devcontainer/container-start-backend.sh ] && /immich-devcontainer/container-start-backend.sh || exit 0",
-              "isBackground": true,
-              "presentation": {
-                "echo": true,
-                "reveal": "always",
-                "focus": false,
-                "panel": "dedicated",
-                "showReuseMessage": true,
-                "clear": false,
-                "group": "Devcontainer tasks",
-                "close": true
-              },
-              "runOptions": {
-                "runOn": "folderOpen"
-              },
-              "problemMatcher": []
-            },
-            {
-              "label": "Immich Web Server (Vite)",
-              "type": "shell",
-              "command": "[ -f /immich-devcontainer/container-start-frontend.sh ] && /immich-devcontainer/container-start-frontend.sh || exit 0",
-              "isBackground": true,
-              "presentation": {
-                "echo": true,
-                "reveal": "always",
-                "focus": false,
-                "panel": "dedicated",
-                "showReuseMessage": true,
-                "clear": false,
-                "group": "Devcontainer tasks",
-                "close": true
-              },
-              "runOptions": {
-                "runOn": "folderOpen"
-              },
-              "problemMatcher": []
-            },
-            {
-              "label": "Build Immich CLI",
-              "type": "shell",
-              "command": "pnpm --filter cli build:dev"
-            }
-          ]
-        }
-      }
+      ]
    }
  },
  "features": {
@@ -109,8 +56,8 @@
    }
  },
  "overrideCommand": true,
-  "workspaceFolder": "/usr/src/app",
-  "remoteUser": "root",
+  "workspaceFolder": "/workspaces/immich",
+  "remoteUser": "node",
  "userEnvProbe": "loginInteractiveShell",
  "remoteEnv": {
    // The location where your uploaded files are stored
--- a/.devcontainer/mobile/container-compose-overrides.yml
+++ b/.devcontainer/mobile/container-compose-overrides.yml
@@ -1,17 +1,23 @@
 services:
-  immich-app-base:
-    image: busybox
  immich-server:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
-    image: immich-server-dev:latest
    build:
      target: dev-container-mobile
    environment:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
-    volumes:
+    volumes: !override # bind mount host to /workspaces/immich
+      - ..:/workspaces/immich
      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
      - /etc/localtime:/etc/localtime:ro
  immich-web:
    env_file: !reset []
--- a/.devcontainer/mobile/devcontainer.json
+++ b/.devcontainer/mobile/devcontainer.json
@@ -2,7 +2,6 @@
  "name": "Immich - Mobile",
  "service": "immich-server",
  "runServices": [
-    "immich-init",
    "immich-server",
    "redis",
    "database",
@@ -36,7 +35,7 @@
  },
  "forwardPorts": [],
  "overrideCommand": true,
-  "workspaceFolder": "/usr/src/app",
+  "workspaceFolder": "/workspaces/immich",
  "remoteUser": "node",
  "userEnvProbe": "loginInteractiveShell",
  "remoteEnv": {
--- a/.devcontainer/server/container-common.sh
+++ b/.devcontainer/server/container-common.sh
@@ -2,6 +2,11 @@
 export IMMICH_PORT="${DEV_SERVER_PORT:-2283}"
 export DEV_PORT="${DEV_PORT:-3000}"

+# search for immich directory inside workspace.
+# /workspaces/immich is the bind mount, but other directories can be mounted if runing
+# Devcontainer: Clone [repository|pull request] in container volumne
+WORKSPACES_DIR="/workspaces"
+IMMICH_DIR="$WORKSPACES_DIR/immich"
 IMMICH_DEVCONTAINER_LOG="$HOME/immich-devcontainer.log"

 log() {
@@ -25,8 +30,52 @@ run_cmd() {
    return "${PIPESTATUS[0]}"
 }

-export IMMICH_WORKSPACE="/usr/src/app"
+# Find directories excluding /workspaces/immich
+mapfile -t other_dirs < <(find "$WORKSPACES_DIR" -mindepth 1 -maxdepth 1 -type d ! -path "$IMMICH_DIR" ! -name ".*")
+
+if [ ${#other_dirs[@]} -gt 1 ]; then
+    log "Error: More than one directory found in $WORKSPACES_DIR other than $IMMICH_DIR."
+    exit 1
+elif [ ${#other_dirs[@]} -eq 1 ]; then
+    export IMMICH_WORKSPACE="${other_dirs[0]}"
+else
+    export IMMICH_WORKSPACE="$IMMICH_DIR"
+fi

 log "Found immich workspace in $IMMICH_WORKSPACE"
 log ""

+fix_permissions() {
+
+    log "Fixing permissions for ${IMMICH_WORKSPACE}"
+
+    # Change ownership for directories that exist
+    for dir in "${IMMICH_WORKSPACE}/.vscode" \
+        "${IMMICH_WORKSPACE}/server/upload" \
+        "${IMMICH_WORKSPACE}/.pnpm-store" \
+        "${IMMICH_WORKSPACE}/.github/node_modules" \
+        "${IMMICH_WORKSPACE}/cli/node_modules" \
+        "${IMMICH_WORKSPACE}/e2e/node_modules" \
+        "${IMMICH_WORKSPACE}/open-api/typescript-sdk/node_modules" \
+        "${IMMICH_WORKSPACE}/server/node_modules" \
+        "${IMMICH_WORKSPACE}/server/dist" \
+        "${IMMICH_WORKSPACE}/web/node_modules" \
+        "${IMMICH_WORKSPACE}/web/dist"; do
+        if [ -d "$dir" ]; then
+            run_cmd sudo chown node -R "$dir"
+        fi
+    done
+
+    log ""
+}
+
+install_dependencies() {
+
+    log "Installing dependencies"
+    (
+        cd "${IMMICH_WORKSPACE}" || exit 1
+        export CI=1 FROZEN=1 OFFLINE=1
+        run_cmd make setup-web-dev setup-server-dev
+    )
+    log ""
+}
--- a/.devcontainer/server/container-compose-overrides.yml
+++ b/.devcontainer/server/container-compose-overrides.yml
@@ -1,21 +1,26 @@
 services:
-  immich-app-base:
-    image: busybox
  immich-server:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
-    image: immich-server-dev:latest
    build:
      target: dev-container-server
    env_file: !reset []
    hostname: immich-dev
    environment:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
-    volumes:
+    volumes: !override
+      - ..:/workspaces/immich
      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
      - /etc/localtime:/etc/localtime:ro
-      - pnpm_store_server:/buildcache/pnpm-store
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
      - ../plugins:/build/corePlugin
  immich-web:
    env_file: !reset []
--- a/.devcontainer/server/container-start.sh
+++ b/.devcontainer/server/container-start.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+# shellcheck source=common.sh
+# shellcheck disable=SC1091
+source /immich-devcontainer/container-common.sh
+
+log "Setting up Immich dev container..."
+fix_permissions
+
+log "Setup complete, please wait while backend and frontend services automatically start"
+log
+log "If necessary, the services may be manually started using"
+log
+log "$ /immich-devcontainer/container-start-backend.sh"
+log "$ /immich-devcontainer/container-start-frontend.sh"
+log
+log "From different terminal windows, as these scripts automatically restart the server"
+log "on error, and will continuously run in a loop"
--- a/.github/.nvmrc
+++ b/.github/.nvmrc
@@ -1 +1 @@
-24.13.1
+24.11.1
--- a/.github/package.json
+++ b/.github/package.json
@@ -4,6 +4,6 @@
    "format:fix": "prettier --write ."
  },
  "devDependencies": {
-    "prettier": "^3.7.4"
+    "prettier": "^3.5.3"
  }
 }
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -26,7 +26,6 @@ The `/api/something` endpoint is now `/api/something-else`

 ## Checklist:

- [ ] I have carefully read CONTRIBUTING.md
 - [ ] I have performed a self-review of my own code
 - [ ] I have made corresponding changes to the documentation if applicable
 - [ ] I have no unrelated changes in the PR.
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -30,6 +30,18 @@ on:
        required: true
      IOS_CERTIFICATE_PASSWORD:
        required: true
+      IOS_PROVISIONING_PROFILE:
+        required: true
+      IOS_PROVISIONING_PROFILE_SHARE_EXTENSION:
+        required: true
+      IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION:
+        required: true
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE:
+        required: true
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION:
+        required: true
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION:
+        required: true
      FASTLANE_TEAM_ID:
        required: true
  pull_request:
@@ -51,14 +63,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -79,12 +91,12 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false
@@ -96,14 +108,14 @@ jobs:
        working-directory: ./mobile
        run: printf "%s" $KEY_JKS | base64 -d > android/key.jks

-      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
+      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          distribution: 'zulu'
          java-version: '17'

      - name: Restore Gradle Cache
        id: cache-gradle-restore
-        uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
        with:
          path: |
            ~/.gradle/caches
@@ -153,14 +165,14 @@ jobs:
          fi

      - name: Publish Android Artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: release-apk-signed
          path: mobile/build/app/outputs/flutter-apk/*.apk

      - name: Save Gradle Cache
        id: cache-gradle-save
-        uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
        if: github.ref == 'refs/heads/main'
        with:
          path: |
@@ -178,14 +190,11 @@ jobs:
      contents: read
    # Run on main branch or workflow_dispatch, or on PRs/other branches (build only, no upload)
    if: ${{ !github.event.pull_request.head.repo.fork && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
-    runs-on: macos-15
+    runs-on: macos-latest

    steps:
-      - name: Select Xcode 26
-        run: sudo xcode-select -s /Applications/Xcode_26.2.app/Contents/Developer
-
      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false
@@ -213,7 +222,6 @@ jobs:
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.3'
-          bundler-cache: true
          working-directory: ./mobile/ios

      - name: Install CocoaPods dependencies
@@ -221,6 +229,13 @@ jobs:
        run: |
          pod install

+      - name: Install Fastlane
+        working-directory: ./mobile/ios
+        run: |
+          gem install bundler
+          bundle config set --local path 'vendor/bundle'
+          bundle install
+
      - name: Create API Key
        env:
          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
@@ -231,14 +246,35 @@ jobs:
          mkdir -p ~/.appstoreconnect/private_keys
          echo "$API_KEY_CONTENT" | base64 --decode > ~/.appstoreconnect/private_keys/AuthKey_${API_KEY_ID}.p8

-      - name: Import Certificate
+      - name: Import Certificate and Provisioning Profiles
        env:
          IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
+          IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
+          IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
+          IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}
+          IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
+          IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
+          IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
+          IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
+          ENVIRONMENT: ${{ inputs.environment || 'development' }}
        working-directory: ./mobile/ios
        run: |
          # Decode certificate
          echo "$IOS_CERTIFICATE_P12" | base64 --decode > certificate.p12

+          # Decode provisioning profiles based on environment
+          if [[ "$ENVIRONMENT" == "development" ]]; then
+            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE" | base64 --decode > profile_dev.mobileprovision
+            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION" | base64 --decode > profile_dev_share.mobileprovision
+            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION" | base64 --decode > profile_dev_widget.mobileprovision
+            ls -lh profile_dev*.mobileprovision
+          else
+            echo "$IOS_PROVISIONING_PROFILE" | base64 --decode > profile.mobileprovision
+            echo "$IOS_PROVISIONING_PROFILE_SHARE_EXTENSION" | base64 --decode > profile_share.mobileprovision
+            echo "$IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION" | base64 --decode > profile_widget.mobileprovision
+            ls -lh profile*.mobileprovision
+          fi
+
      - name: Create keychain and import certificate
        env:
          KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
@@ -269,8 +305,6 @@ jobs:
          ENVIRONMENT: ${{ inputs.environment || 'development' }}
          BUNDLE_ID_SUFFIX: ${{ inputs.environment == 'production' && '' || 'development' }}
          GITHUB_REF: ${{ github.ref }}
-          FASTLANE_XCODEBUILD_SETTINGS_TIMEOUT: 120
-          FASTLANE_XCODEBUILD_SETTINGS_RETRIES: 6
        working-directory: ./mobile/ios
        run: |
          # Only upload to TestFlight on main branch
@@ -291,7 +325,7 @@ jobs:
          security delete-keychain build.keychain || true

      - name: Upload IPA artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: ios-release-ipa
          path: mobile/ios/Runner.ipa
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -19,13 +19,13 @@ jobs:
      actions: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check out code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
--- a/.github/workflows/check-openapi.yml
+++ b/.github/workflows/check-openapi.yml
@@ -1,32 +0,0 @@
-name: Check OpenAPI
-on:
-  workflow_dispatch:
-  pull_request:
-    paths:
-      - 'open-api/**'
-      - '.github/workflows/check-openapi.yml'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions: {}
-
-jobs:
-  check-openapi:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Check for breaking API changes
-        # sha is pinning to a commit instead of a tag since the action does not tag versions
-        uses: oasdiff/oasdiff-action/breaking@ccb863950ce437a50f8f1a40d2a1112117e06ce4
-        with:
-          base: https://raw.githubusercontent.com/${{ github.repository }}/main/open-api/immich-openapi-specs.json
-          revision: open-api/immich-openapi-specs.json
-          fail-on: ERR
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -24,19 +24,18 @@ jobs:
    runs-on: ubuntu-latest
    permissions:
      contents: read
-      id-token: write
-      packages: write
    defaults:
      run:
        working-directory: ./cli
+
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
@@ -45,7 +44,7 @@ jobs:
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0

      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
@@ -58,8 +57,10 @@ jobs:

      - run: pnpm install --frozen-lockfile
      - run: pnpm build
-      - run: pnpm publish --provenance --no-git-checks
+      - run: pnpm publish --no-git-checks
        if: ${{ github.event_name == 'release' }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

  docker:
    name: Docker
@@ -71,13 +72,13 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
@@ -86,10 +87,10 @@ jobs:
        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -104,7 +105,7 @@ jobs:

      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
+        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
        with:
          flavor: |
            latest=false
@@ -115,7 +116,7 @@ jobs:
            type=raw,value=latest,enable=${{ github.event_name == 'release' }}

      - name: Build and push image
-        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          file: cli/Dockerfile
          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/close-duplicates.yml
+++ b/.github/workflows/close-duplicates.yml
@@ -35,7 +35,7 @@ jobs:
    needs: [get_body, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    container:
-      image: ghcr.io/immich-app/mdq:main@sha256:4f9860d04c88f7f87861f8ee84bfeedaec15ed7ca5ca87bc7db44b036f81645f
+      image: ghcr.io/immich-app/mdq:main@sha256:9c905a4ff69f00c4b2f98b40b6090ab3ab18d1a15ed1379733b8691aa1fcb271
    outputs:
      checked: ${{ steps.get_checkbox.outputs.checked }}
    steps:
--- a/.github/workflows/close-llm-pr.yml
+++ b/.github/workflows/close-llm-pr.yml
@@ -1,38 +0,0 @@
-name: Close LLM-generated PRs
-
-on:
-  pull_request_target:
-    types: [labeled]
-
-permissions: {}
-
-jobs:
-  comment_and_close:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.label.name == 'llm-generated' }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Comment and close
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f body="Thank you for your interest in contributing to Immich! Unfortunately this PR looks like it was generated using an LLM. As noted in our [CONTRIBUTING.md](https://github.com/immich-app/immich/blob/main/CONTRIBUTING.md#use-of-generative-ai), we request that you don't use LLMs to generate PRs as those are not a good use of maintainer time." \
-            -f query='
-              mutation CommentAndClosePR($prId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $prId,
-                  body: $body
-                }) {
-                  __typename
-                }
-
-                closePullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -44,20 +44,20 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +70,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/autobuild@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -83,6 +83,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -23,14 +23,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -60,7 +60,7 @@ jobs:
        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -90,7 +90,7 @@ jobs:
        suffix: ['']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -131,8 +131,8 @@ jobs:
          - device: rocm
            suffixes: '-rocm'
            platforms: linux/amd64
-            runner-mapping: '{"linux/amd64": "pokedex-giant"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@bd49ed7a5a6022149f79b6564df48177476a822b # multi-runner-build-workflow-v2.2.1
+            runner-mapping: '{"linux/amd64": "mich"}'
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@47a2ee86898ccff51592d6572391fb1abcd7f782 # multi-runner-build-workflow-v2.0.1
    permissions:
      contents: read
      actions: read
@@ -155,7 +155,7 @@ jobs:
    name: Build and Push Server
    needs: pre-job
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@bd49ed7a5a6022149f79b6564df48177476a822b # multi-runner-build-workflow-v2.2.1
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@47a2ee86898ccff51592d6572391fb1abcd7f782 # multi-runner-build-workflow-v2.0.1
    permissions:
      contents: read
      actions: read
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -21,14 +21,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -54,23 +54,22 @@ jobs:

    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
-          fetch-depth: 0

      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0

      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './docs/.nvmrc'
          cache: 'pnpm'
@@ -86,7 +85,7 @@ jobs:
        run: pnpm build

      - name: Upload build output
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: docs-build-output
          path: docs/build/
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -20,7 +20,7 @@ jobs:
      artifact: ${{ steps.get-artifact.outputs.result }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -119,19 +119,19 @@ jobs:
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}

      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2
+        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0

      - name: Load parameters
        id: parameters
@@ -192,13 +192,16 @@ jobs:
          ' >> $GITHUB_OUTPUT

      - name: Publish to Cloudflare Pages
-        working-directory: docs
-        env:
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          PROJECT_NAME: ${{ steps.docs-output.outputs.projectName }}
-          BRANCH_NAME: ${{ steps.parameters.outputs.name }}
-        run: mise run //docs:deploy
+        # TODO: Action is deprecated
+        uses: cloudflare/pages-action@f0a1cd58cd66095dee69bfa18fa5efd1dde93bca # v1.5.0
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
+          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          projectName: ${{ steps.docs-output.outputs.projectName }}
+          workingDirectory: 'docs'
+          directory: 'build'
+          branch: ${{ steps.parameters.outputs.name }}
+          wranglerVersion: '3'

      - name: Deploy Docs Release Domain
        if: ${{ steps.parameters.outputs.event == 'release' }}
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -17,19 +17,19 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}

      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2
+        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0

      - name: Destroy Docs Subdomain
        env:
--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -16,13 +16,13 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: 'Checkout'
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
@@ -32,14 +32,14 @@ jobs:
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0

      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'

      - name: Fix formatting
-        run: pnpm --recursive install && pnpm run --recursive --if-present --parallel format:fix
+        run: pnpm --recursive install && pnpm run --recursive --parallel fix:format

      - name: Commit and push
        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
--- a/.github/workflows/merge-translations.yml
+++ b/.github/workflows/merge-translations.yml
@@ -31,7 +31,7 @@ jobs:
      - name: Generate a token
        id: generate_token
        if: ${{ inputs.skip != true }}
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -45,31 +45,30 @@ jobs:
    needs: [merge_translations]
    outputs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
-      version: ${{ steps.output.outputs.version }}
    permissions: {} # No job-level permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
          ref: main

      - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3

      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0

      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -81,16 +80,13 @@ jobs:
          MOBILE_BUMP: ${{ inputs.mobileBump }}
        run: misc/release/pump-version.sh -s "${SERVER_BUMP}" -m "${MOBILE_BUMP}"

-      - id: output
-        run: echo "version=$IMMICH_VERSION" >> $GITHUB_OUTPUT
-
      - name: Commit and tag
        id: push-tag
        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
        with:
          default_author: github_actions
-          message: 'chore: version ${{ steps.output.outputs.version }}'
-          tag: ${{ steps.output.outputs.version }}
+          message: 'chore: version ${{ env.IMMICH_VERSION }}'
+          tag: ${{ env.IMMICH_VERSION }}
          push: true

  build_mobile:
@@ -109,6 +105,12 @@ jobs:
      APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
      IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
      IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
+      IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
+      IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}
+      IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
      FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}

    with:
@@ -117,35 +119,35 @@ jobs:

  prepare_release:
    runs-on: ubuntu-latest
-    needs: [build_mobile, bump_version]
+    needs: build_mobile
    permissions:
      actions: read # To download the app artifact
      # No content permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false

      - name: Download APK
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
        with:
          name: release-apk-signed
          github-token: ${{ steps.generate-token.outputs.token }}

      - name: Create draft release
-        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
+        uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2
        with:
          draft: true
-          tag_name: ${{ needs.bump_version.outputs.version }}
+          tag_name: ${{ env.IMMICH_VERSION }}
          token: ${{ steps.generate-token.outputs.token }}
          generate_release_notes: true
          body_path: misc/release/notes.tmpl
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -32,7 +32,7 @@ jobs:
      pull-requests: write
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@@ -17,26 +17,26 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
          ref: main

      - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3

      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0

      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -159,7 +159,7 @@ jobs:

      - name: Create PR
        id: create-pr
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
          token: ${{ steps.generate-token.outputs.token }}
          commit-message: 'chore: release ${{ steps.bump-type.outputs.next }}'
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -52,13 +52,13 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false
@@ -74,13 +74,13 @@ jobs:
          echo "version=$VERSION" >> $GITHUB_OUTPUT

      - name: Download APK
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
        with:
          name: release-apk-signed
          github-token: ${{ steps.generate-token.outputs.token }}

      - name: Create draft release
-        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
+        uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2
        with:
          tag_name: ${{ steps.version.outputs.result }}
          token: ${{ steps.generate-token.outputs.token }}
@@ -88,7 +88,6 @@ jobs:
          draft: true
          files: |
            docker/docker-compose.yml
-            docker/docker-compose.rootless.yml
            docker/example.env
            docker/hwaccel.ml.yml
            docker/hwaccel.transcoding.yml
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -12,19 +12,17 @@ jobs:
    runs-on: ubuntu-latest
    permissions:
      contents: read
-      id-token: write
-      packages: write
    defaults:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
@@ -33,7 +31,7 @@ jobs:
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0

      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './open-api/typescript-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
@@ -44,4 +42,6 @@ jobs:
      - name: Build
        run: pnpm build
      - name: Publish
-        run: pnpm publish --provenance --no-git-checks
+        run: pnpm publish --no-git-checks
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -20,14 +20,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -49,13 +49,13 @@ jobs:
        working-directory: ./mobile
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
@@ -69,14 +69,6 @@ jobs:
      - name: Install dependencies
        run: dart pub get

-      - name: Install dependencies for UI package
-        run: dart pub get
-        working-directory: ./mobile/packages/ui
-
-      - name: Install dependencies for UI Showcase
-        run: dart pub get
-        working-directory: ./mobile/packages/ui/showcase
-
      - name: Install DCM
        uses: CQLabs/setup-dcm@8697ae0790c0852e964a6ef1d768d62a6675481a # v2.0.1
        with:
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,14 +17,14 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
@@ -63,13 +63,13 @@ jobs:
        working-directory: ./server
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
@@ -77,7 +77,7 @@ jobs:
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -108,20 +108,20 @@ jobs:
        working-directory: ./cli
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'pnpm'
@@ -155,20 +155,20 @@ jobs:
        working-directory: ./cli
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'pnpm'
@@ -197,20 +197,20 @@ jobs:
        working-directory: ./web
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -241,20 +241,20 @@ jobs:
        working-directory: ./web
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -279,28 +279,28 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Install dependencies
-        run: pnpm --filter=immich-i18n install --frozen-lockfile
+        run: pnpm --filter=immich-web install --frozen-lockfile
      - name: Format
-        run: pnpm --filter=immich-i18n format:fix
+        run: pnpm --filter=immich-web format:i18n
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
@@ -327,20 +327,20 @@ jobs:
        working-directory: ./e2e
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -373,13 +373,13 @@ jobs:
        working-directory: ./server
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          submodules: 'recursive'
@@ -387,7 +387,7 @@ jobs:
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -412,13 +412,13 @@ jobs:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          submodules: 'recursive'
@@ -426,7 +426,7 @@ jobs:
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -446,29 +446,12 @@ jobs:
      - name: Install dependencies
        run: pnpm install --frozen-lockfile
        if: ${{ !cancelled() }}
-      - name: Start Docker Compose
-        run: docker compose up -d --build --renew-anon-volumes --force-recreate --remove-orphans --wait --wait-timeout 300
+      - name: Docker build
+        run: docker compose build
        if: ${{ !cancelled() }}
      - name: Run e2e tests (api & cli)
-        env:
-          VITEST_DISABLE_DOCKER_SETUP: true
        run: pnpm test
        if: ${{ !cancelled() }}
-      - name: Run e2e tests (maintenance)
-        env:
-          VITEST_DISABLE_DOCKER_SETUP: true
-        run: pnpm test:maintenance
-        if: ${{ !cancelled() }}
-      - name: Capture Docker logs
-        if: always()
-        run: docker compose logs --no-color > docker-compose-logs.txt
-        working-directory: ./e2e
-      - name: Archive Docker logs
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        if: always()
-        with:
-          name: e2e-server-docker-logs-${{ matrix.runner }}
-          path: e2e/docker-compose-logs.txt
  e2e-tests-web:
    name: End-to-End Tests (Web)
    needs: pre-job
@@ -484,13 +467,13 @@ jobs:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          submodules: 'recursive'
@@ -498,7 +481,7 @@ jobs:
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -511,54 +494,22 @@ jobs:
        run: pnpm install --frozen-lockfile
        if: ${{ !cancelled() }}
      - name: Install Playwright Browsers
-        run: pnpm exec playwright install chromium --only-shell
+        run: npx playwright install chromium --only-shell
        if: ${{ !cancelled() }}
      - name: Docker build
-        run: docker compose up -d --build --renew-anon-volumes --force-recreate --remove-orphans --wait --wait-timeout 300
+        run: docker compose build
        if: ${{ !cancelled() }}
      - name: Run e2e tests (web)
        env:
-          PLAYWRIGHT_DISABLE_WEBSERVER: true
-        run: pnpm test:web
+          CI: true
+        run: npx playwright test
        if: ${{ !cancelled() }}
-      - name: Archive e2e test (web) results
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+      - name: Archive test results
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        if: success() || failure()
        with:
          name: e2e-web-test-results-${{ matrix.runner }}
          path: e2e/playwright-report/
-      - name: Run ui tests (web)
-        env:
-          PLAYWRIGHT_DISABLE_WEBSERVER: true
-        run: pnpm test:web:ui
-        if: ${{ !cancelled() }}
-      - name: Archive ui test (web) results
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        if: success() || failure()
-        with:
-          name: e2e-ui-test-results-${{ matrix.runner }}
-          path: e2e/playwright-report/
-      - name: Run maintenance tests
-        env:
-          PLAYWRIGHT_DISABLE_WEBSERVER: true
-        run: pnpm test:web:maintenance
-        if: ${{ !cancelled() }}
-      - name: Archive maintenance tests (web) results
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        if: success() || failure()
-        with:
-          name: e2e-maintenance-isolated-test-results-${{ matrix.runner }}
-          path: e2e/playwright-report/
-      - name: Capture Docker logs
-        if: always()
-        run: docker compose logs --no-color > docker-compose-logs.txt
-        working-directory: ./e2e
-      - name: Archive Docker logs
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        if: always()
-        with:
-          name: e2e-web-docker-logs-${{ matrix.runner }}
-          path: e2e/docker-compose-logs.txt
  success-check-e2e:
    name: End-to-End Tests Success
    needs: [e2e-tests-server-cli, e2e-tests-web]
@@ -578,12 +529,12 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
@@ -610,28 +561,31 @@ jobs:
        working-directory: ./machine-learning
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
-        with:
-          python-version: 3.11
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        # TODO: add caching when supported (https://github.com/actions/setup-python/pull/818)
+        # with:
+        #   python-version: 3.11
+        #   cache: 'uv'
      - name: Install dependencies
        run: |
          uv sync --extra cpu
      - name: Lint with ruff
        run: |
          uv run ruff check --output-format=github immich_ml
-      - name: Format with ruff
+      - name: Check black formatting
        run: |
-          uv run ruff format --check immich_ml
+          uv run black --check immich_ml
      - name: Run mypy type checking
        run: |
          uv run mypy --strict immich_ml/
@@ -650,20 +604,20 @@ jobs:
        working-directory: ./.github
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './.github/.nvmrc'
          cache: 'pnpm'
@@ -680,12 +634,12 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
@@ -701,20 +655,20 @@ jobs:
      contents: read
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -763,20 +717,20 @@ jobs:
        working-directory: ./server
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -24,19 +24,19 @@ jobs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@eed0f8b8165ffcb951f2ba854b2dd031935e1d73 # pre-job-action-v2.0.2
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
            i18n:
-              - modified: 'i18n/!(en|package)**\.json'
+              - modified: 'i18n/!(en)**\.json'
          skip-force-logic: 'true'

  enforce-lock:
@@ -47,7 +47,7 @@ jobs:
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
    steps:
      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
--- a/.pnpmfile.cjs
+++ b/.pnpmfile.cjs
@@ -4,18 +4,12 @@ module.exports = {
      if (!pkg.name) {
        return pkg;
      }
-      // make exiftool-vendored.pl a regular dependency since Docker prod
-      // images build with --no-optional to reduce image size
      if (pkg.name === "exiftool-vendored") {
-        const binaryPackage =
-          process.platform === "win32"
-            ? "exiftool-vendored.exe"
-            : "exiftool-vendored.pl";
-
-        if (pkg.optionalDependencies[binaryPackage]) {
-          pkg.dependencies[binaryPackage] =
-            pkg.optionalDependencies[binaryPackage];
-          delete pkg.optionalDependencies[binaryPackage];
+        if (pkg.optionalDependencies["exiftool-vendored.pl"]) {
+          // make exiftool-vendored.pl a regular dependency
+          pkg.dependencies["exiftool-vendored.pl"] =
+            pkg.optionalDependencies["exiftool-vendored.pl"];
+          delete pkg.optionalDependencies["exiftool-vendored.pl"];
        }
      }
      return pkg;
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -52,7 +52,7 @@
  },
  "cSpell.words": ["immich"],
  "editor.formatOnSave": true,
-  "eslint.validate": ["javascript", "typescript", "svelte"],
+  "eslint.validate": ["javascript", "svelte"],
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -0,0 +1,80 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "Fix Permissions, Install Dependencies",
+      "type": "shell",
+      "command": "[ -f /immich-devcontainer/container-start.sh ] && /immich-devcontainer/container-start.sh || exit 0",
+      "isBackground": true,
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "focus": false,
+        "panel": "dedicated",
+        "showReuseMessage": true,
+        "clear": false,
+        "group": "Devcontainer tasks",
+        "close": true
+      },
+      "runOptions": {
+        "runOn": "default"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Immich API Server (Nest)",
+      "dependsOn": ["Fix Permissions, Install Dependencies"],
+      "type": "shell",
+      "command": "[ -f /immich-devcontainer/container-start-backend.sh ] && /immich-devcontainer/container-start-backend.sh || exit 0",
+      "isBackground": true,
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "focus": false,
+        "panel": "dedicated",
+        "showReuseMessage": true,
+        "clear": false,
+        "group": "Devcontainer tasks",
+        "close": true
+      },
+      "runOptions": {
+        "runOn": "default"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Immich Web Server (Vite)",
+      "dependsOn": ["Fix Permissions, Install Dependencies"],
+      "type": "shell",
+      "command": "[ -f /immich-devcontainer/container-start-frontend.sh ] && /immich-devcontainer/container-start-frontend.sh || exit 0",
+      "isBackground": true,
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "focus": false,
+        "panel": "dedicated",
+        "showReuseMessage": true,
+        "clear": false,
+        "group": "Devcontainer tasks",
+        "close": true
+      },
+      "runOptions": {
+        "runOn": "default"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Immich Server and Web",
+      "dependsOn": ["Immich Web Server (Vite)", "Immich API Server (Nest)"],
+      "runOptions": {
+        "runOn": "folderOpen"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Build Immich CLI",
+      "type": "shell",
+      "command": "pnpm --filter cli build:dev"
+    }
+  ]
+}
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,43 +0,0 @@
-# Contributing to Immich
-
-We appreciate every contribution, and we're happy about every new contributor. So please feel invited to help make Immich a better product!
-
-## Getting started
-
-To get you started quickly we have detailed guides for the dev setup on our [website](https://docs.immich.app/developer/setup). If you prefer, you can also use [Devcontainers](https://docs.immich.app/developer/devcontainers).
-There are also additional resources about Immich's architecture, database migrations, the use of OpenAPI, and more in our [developer documentation](https://docs.immich.app/developer/architecture).
-
-## General
-
-Please try to keep pull requests as focused as possible. A PR should do exactly one thing and not bleed into other, unrelated areas. The smaller a PR, the fewer changes are likely needed, and the quicker it will likely be merged. For larger/more impactful PRs, please reach out to us first to discuss your plans. The best way to do this is through our [Discord](https://discord.immich.app). We have a dedicated `#contributing` channel there. Additionally, please fill out the entire template when opening a PR.
-
-## Finding work
-
-If you are looking for something to work on, there are discussions and issues with a `good-first-issue` label on them. These are always a good starting point. If none of them sound interesting or fit your skill set, feel free to reach out on our Discord. We're happy to help you find something to work on!
-
-## Use of generative AI
-
-We ask you not to open PRs generated with an LLM. We find that code generated like this tends to need a large amount of back-and-forth, which is a very inefficient use of our time. If we want LLM-generated code, it's much faster for us to use an LLM ourselves than to go through an intermediary via a pull request.
-
-## Feature freezes
-
-From time to time, we put a feature freeze on parts of the codebase. For us, this means we won't accept most PRs that make changes in that area. Exempted from this are simple bug fixes that require only minor changes. We will close feature PRs that target a feature-frozen area, even if that feature is highly requested and you put a lot of work into it. Please keep that in mind, and if you're ever uncertain if a PR would be accepted, reach out to us first (e.g., in the aforementioned `#contributing` channel). We hate to throw away work. Currently, we have feature freezes on:
-
- Sharing/Asset ownership
- (External) libraries
-
-## Non-code contributions
-
-If you want to contribute to Immich but you don't feel comfortable programming in our tech stack, there are other ways you can help the team.
-
-### Translations
-
-All our translations are done through [Weblate](https://hosted.weblate.org/projects/immich). These rely entirely on the community; if you speak a language that isn't fully translated yet, submitting translations there is greatly appreciated!
-
-### Datasets
-
-Help us improve our [Immich Datasets](https://datasets.immich.app) by submitting photos and videos taken from a variety of devices, including smartphones, DSLRs, and action cameras, as well as photos with unique features, such as panoramas, burst photos, and photo spheres. These datasets will be publically available for anyone to use, do not submit private/sensitive photos.
-
-### Community support
-
-If you like helping others, answering Q&A discussions here on GitHub and replying to people on our Discord is also always appreciated.
--- a/2
+++ b/2
@@ -52,7 +52,7 @@ attach-server:
 	docker exec -it docker_immich-server_1 sh

 renovate:
-  LOG_LEVEL=debug pnpm exec renovate --platform=local --repository-cache=reset
+  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset

 # Directories that need to be created for volumes or build output
 VOLUME_DIRS = \
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-24.13.1
+24.11.1
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@immich/cli",
-  "version": "2.5.6",
+  "version": "2.2.103",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
@@ -13,30 +13,30 @@
    "cli"
  ],
  "devDependencies": {
-    "@eslint/js": "^10.0.0",
-    "@immich/sdk": "workspace:*",
+    "@eslint/js": "^9.8.0",
+    "@immich/sdk": "file:../open-api/typescript-sdk",
    "@types/byte-size": "^8.1.0",
    "@types/cli-progress": "^3.11.0",
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^24.10.13",
+    "@types/node": "^24.10.1",
    "@vitest/coverage-v8": "^3.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
    "commander": "^12.0.0",
-    "eslint": "^10.0.0",
+    "eslint": "^9.14.0",
    "eslint-config-prettier": "^10.1.8",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^63.0.0",
-    "globals": "^17.0.0",
+    "eslint-plugin-unicorn": "^60.0.0",
+    "globals": "^16.0.0",
    "mock-fs": "^5.2.0",
-    "prettier": "^3.7.4",
+    "prettier": "^3.2.5",
    "prettier-plugin-organize-imports": "^4.0.0",
    "typescript": "^5.3.3",
    "typescript-eslint": "^8.28.0",
    "vite": "^7.0.0",
-    "vite-tsconfig-paths": "^6.0.0",
+    "vite-tsconfig-paths": "^5.0.0",
    "vitest": "^3.0.0",
    "vitest-fetch-mock": "^0.4.0",
    "yaml": "^2.3.1"
@@ -45,8 +45,8 @@
    "build": "vite build",
    "build:dev": "vite build --sourcemap true",
    "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
-    "lint:fix": "pnpm run lint --fix",
-    "prepack": "pnpm run build",
+    "lint:fix": "npm run lint -- --fix",
+    "prepack": "npm run build",
    "test": "vitest",
    "test:cov": "vitest --coverage",
    "format": "prettier --check .",
@@ -69,6 +69,6 @@
    "micromatch": "^4.0.8"
  },
  "volta": {
-    "node": "24.13.1"
+    "node": "24.11.1"
  }
 }
--- a/cli/src/commands/asset.spec.ts
+++ b/cli/src/commands/asset.spec.ts
@@ -7,15 +7,7 @@ import { describe, expect, it, MockedFunction, vi } from 'vitest';
 import { Action, checkBulkUpload, defaults, getSupportedMediaTypes, Reason } from '@immich/sdk';
 import createFetchMock from 'vitest-fetch-mock';

-import {
-  checkForDuplicates,
-  deleteFiles,
-  findSidecar,
-  getAlbumName,
-  startWatch,
-  uploadFiles,
-  UploadOptionsDto,
-} from 'src/commands/asset';
+import { checkForDuplicates, getAlbumName, startWatch, uploadFiles, UploadOptionsDto } from 'src/commands/asset';

 vi.mock('@immich/sdk');

@@ -317,85 +309,3 @@ describe('startWatch', () => {
    await fs.promises.rm(testFolder, { recursive: true, force: true });
  });
 });
-
-describe('findSidecar', () => {
-  let testDir: string;
-  let testFilePath: string;
-
-  beforeEach(() => {
-    testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-sidecar-'));
-    testFilePath = path.join(testDir, 'test.jpg');
-    fs.writeFileSync(testFilePath, 'test');
-  });
-
-  afterEach(() => {
-    fs.rmSync(testDir, { recursive: true, force: true });
-  });
-
-  it('should find sidecar file with photo.xmp naming convention', () => {
-    const sidecarPath = path.join(testDir, 'test.xmp');
-    fs.writeFileSync(sidecarPath, 'xmp data');
-
-    const result = findSidecar(testFilePath);
-    expect(result).toBe(sidecarPath);
-  });
-
-  it('should find sidecar file with photo.ext.xmp naming convention', () => {
-    const sidecarPath = path.join(testDir, 'test.jpg.xmp');
-    fs.writeFileSync(sidecarPath, 'xmp data');
-
-    const result = findSidecar(testFilePath);
-    expect(result).toBe(sidecarPath);
-  });
-
-  it('should prefer photo.ext.xmp over photo.xmp when both exist', () => {
-    const sidecarPath1 = path.join(testDir, 'test.xmp');
-    const sidecarPath2 = path.join(testDir, 'test.jpg.xmp');
-    fs.writeFileSync(sidecarPath1, 'xmp data 1');
-    fs.writeFileSync(sidecarPath2, 'xmp data 2');
-
-    const result = findSidecar(testFilePath);
-    // Should return the first one found (photo.xmp) based on the order in the code
-    expect(result).toBe(sidecarPath1);
-  });
-
-  it('should return undefined when no sidecar file exists', () => {
-    const result = findSidecar(testFilePath);
-    expect(result).toBeUndefined();
-  });
-});
-
-describe('deleteFiles', () => {
-  let testDir: string;
-  let testFilePath: string;
-
-  beforeEach(() => {
-    testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-delete-'));
-    testFilePath = path.join(testDir, 'test.jpg');
-    fs.writeFileSync(testFilePath, 'test');
-  });
-
-  afterEach(() => {
-    fs.rmSync(testDir, { recursive: true, force: true });
-  });
-
-  it('should delete asset and sidecar file when main file is deleted', async () => {
-    const sidecarPath = path.join(testDir, 'test.xmp');
-    fs.writeFileSync(sidecarPath, 'xmp data');
-
-    await deleteFiles([{ id: 'test-id', filepath: testFilePath }], [], { delete: true, concurrency: 1 });
-
-    expect(fs.existsSync(testFilePath)).toBe(false);
-    expect(fs.existsSync(sidecarPath)).toBe(false);
-  });
-
-  it('should not delete sidecar file when delete option is false', async () => {
-    const sidecarPath = path.join(testDir, 'test.xmp');
-    fs.writeFileSync(sidecarPath, 'xmp data');
-
-    await deleteFiles([{ id: 'test-id', filepath: testFilePath }], [], { delete: false, concurrency: 1 });
-
-    expect(fs.existsSync(testFilePath)).toBe(true);
-    expect(fs.existsSync(sidecarPath)).toBe(true);
-  });
-});
--- a/cli/src/commands/asset.ts
+++ b/cli/src/commands/asset.ts
@@ -4,7 +4,6 @@ import {
  AssetBulkUploadCheckResult,
  AssetMediaResponseDto,
  AssetMediaStatus,
-  Permission,
  addAssetsToAlbum,
  checkBulkUpload,
  createAlbum,
@@ -17,15 +16,17 @@ import { Matcher, watch as watchFs } from 'chokidar';
 import { MultiBar, Presets, SingleBar } from 'cli-progress';
 import { chunk } from 'lodash-es';
 import micromatch from 'micromatch';
-import { Stats, createReadStream, existsSync } from 'node:fs';
+import { Stats, createReadStream } from 'node:fs';
 import { stat, unlink } from 'node:fs/promises';
 import path, { basename } from 'node:path';
 import { Queue } from 'src/queue';
-import { BaseOptions, Batcher, authenticate, crawl, requirePermissions, s, sha1 } from 'src/utils';
+import { BaseOptions, Batcher, authenticate, crawl, sha1 } from 'src/utils';

 const UPLOAD_WATCH_BATCH_SIZE = 100;
 const UPLOAD_WATCH_DEBOUNCE_TIME_MS = 10_000;

+const s = (count: number) => (count === 1 ? '' : 's');
+
 // TODO figure out why `id` is missing
 type AssetBulkUploadCheckResults = Array<AssetBulkUploadCheckResult & { id: string }>;
 type Asset = { id: string; filepath: string };
@@ -135,7 +136,6 @@ export const startWatch = async (

 export const upload = async (paths: string[], baseOptions: BaseOptions, options: UploadOptionsDto) => {
  await authenticate(baseOptions);
-  await requirePermissions([Permission.AssetUpload]);

  const scanFiles = await scan(paths, options);

@@ -180,49 +180,18 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
  }

  let multiBar: MultiBar | undefined;
-  let totalSize = 0;
-  const statsMap = new Map<string, Stats>();
-
-  // Calculate total size first
-  for (const filepath of files) {
-    const stats = await stat(filepath);
-    statsMap.set(filepath, stats);
-    totalSize += stats.size;
-  }

  if (progress) {
    multiBar = new MultiBar(
-      {
-        format: '{message} | {bar} | {percentage}% | ETA: {eta_formatted} | {value}/{total}',
-        formatValue: (v: number, options, type) => {
-          // Don't format percentage
-          if (type === 'percentage') {
-            return v.toString();
-          }
-          return byteSize(v).toString();
-        },
-        etaBuffer: 100, // Increase samples for ETA calculation
-      },
+      { format: '{message} | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
      Presets.shades_classic,
    );
-
-    // Ensure we restore cursor on interrupt
-    process.on('SIGINT', () => {
-      if (multiBar) {
-        multiBar.stop();
-      }
-      process.exit(0);
-    });
  } else {
-    console.log(`Received ${files.length} files (${byteSize(totalSize)}), hashing...`);
+    console.log(`Received ${files.length} files, hashing...`);
  }

-  const hashProgressBar = multiBar?.create(totalSize, 0, {
-    message: 'Hashing files          ',
-  });
-  const checkProgressBar = multiBar?.create(totalSize, 0, {
-    message: 'Checking for duplicates',
-  });
+  const hashProgressBar = multiBar?.create(files.length, 0, { message: 'Hashing files          ' });
+  const checkProgressBar = multiBar?.create(files.length, 0, { message: 'Checking for duplicates' });

  const newFiles: string[] = [];
  const duplicates: Asset[] = [];
@@ -242,13 +211,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
        }
      }

-      // Update progress based on total size of processed files
-      let processedSize = 0;
-      for (const asset of assets) {
-        const stats = statsMap.get(asset.id);
-        processedSize += stats?.size || 0;
-      }
-      checkProgressBar?.increment(processedSize);
+      checkProgressBar?.increment(assets.length);
    },
    { concurrency, retry: 3 },
  );
@@ -258,10 +221,6 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas

  const queue = new Queue<string, AssetBulkUploadCheckItem[]>(
    async (filepath: string): Promise<AssetBulkUploadCheckItem[]> => {
-      const stats = statsMap.get(filepath);
-      if (!stats) {
-        throw new Error(`Stats not found for ${filepath}`);
-      }
      const dto = { id: filepath, checksum: await sha1(filepath) };

      results.push(dto);
@@ -272,7 +231,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
        void checkBulkUploadQueue.push(batch);
      }

-      hashProgressBar?.increment(stats.size);
+      hashProgressBar?.increment();
      return results;
    },
    { concurrency, retry: 3 },
@@ -403,6 +362,23 @@ export const uploadFiles = async (
 const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaResponseDto> => {
  const { baseUrl, headers } = defaults;

+  const assetPath = path.parse(input);
+  const noExtension = path.join(assetPath.dir, assetPath.name);
+
+  const sidecarsFiles = await Promise.all(
+    // XMP sidecars can come in two filename formats. For a photo named photo.ext, the filenames are photo.ext.xmp and photo.xmp
+    [`${noExtension}.xmp`, `${input}.xmp`].map(async (sidecarPath) => {
+      try {
+        const stats = await stat(sidecarPath);
+        return new UploadFile(sidecarPath, stats.size);
+      } catch {
+        return false;
+      }
+    }),
+  );
+
+  const sidecarData = sidecarsFiles.find((file): file is UploadFile => file !== false);
+
  const formData = new FormData();
  formData.append('deviceAssetId', `${basename(input)}-${stats.size}`.replaceAll(/\s+/g, ''));
  formData.append('deviceId', 'CLI');
@@ -412,15 +388,8 @@ const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaRespon
  formData.append('isFavorite', 'false');
  formData.append('assetData', new UploadFile(input, stats.size));

-  const sidecarPath = findSidecar(input);
-  if (sidecarPath) {
-    try {
-      const stats = await stat(sidecarPath);
-      const sidecarData = new UploadFile(sidecarPath, stats.size);
-      formData.append('sidecarData', sidecarData);
-    } catch {
-      // noop
-    }
+  if (sidecarData) {
+    formData.append('sidecarData', sidecarData);
  }

  const response = await fetch(`${baseUrl}/assets`, {
@@ -436,19 +405,7 @@ const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaRespon
  return response.json();
 };

-export const findSidecar = (filepath: string): string | undefined => {
-  const assetPath = path.parse(filepath);
-  const noExtension = path.join(assetPath.dir, assetPath.name);
-
-  // XMP sidecars can come in two filename formats. For a photo named photo.ext, the filenames are photo.ext.xmp and photo.xmp
-  for (const sidecarPath of [`${noExtension}.xmp`, `${filepath}.xmp`]) {
-    if (existsSync(sidecarPath)) {
-      return sidecarPath;
-    }
-  }
-};
-
-export const deleteFiles = async (uploaded: Asset[], duplicates: Asset[], options: UploadOptionsDto): Promise<void> => {
+const deleteFiles = async (uploaded: Asset[], duplicates: Asset[], options: UploadOptionsDto): Promise<void> => {
  let fileCount = 0;
  if (options.delete) {
    fileCount += uploaded.length;
@@ -476,15 +433,7 @@ export const deleteFiles = async (uploaded: Asset[], duplicates: Asset[], option

  const chunkDelete = async (files: Asset[]) => {
    for (const assetBatch of chunk(files, options.concurrency)) {
-      await Promise.all(
-        assetBatch.map(async (input: Asset) => {
-          await unlink(input.filepath);
-          const sidecarPath = findSidecar(input.filepath);
-          if (sidecarPath) {
-            await unlink(sidecarPath);
-          }
-        }),
-      );
+      await Promise.all(assetBatch.map((input: Asset) => unlink(input.filepath)));
      deletionProgress.update(assetBatch.length);
    }
  };
--- a/cli/src/commands/auth.ts
+++ b/cli/src/commands/auth.ts
@@ -1,15 +1,7 @@
-import { getMyUser, Permission } from '@immich/sdk';
+import { getMyUser } from '@immich/sdk';
 import { existsSync } from 'node:fs';
 import { mkdir, unlink } from 'node:fs/promises';
-import {
-  BaseOptions,
-  connect,
-  getAuthFilePath,
-  logError,
-  requirePermissions,
-  withError,
-  writeAuthFile,
-} from 'src/utils';
+import { BaseOptions, connect, getAuthFilePath, logError, withError, writeAuthFile } from 'src/utils';

 export const login = async (url: string, key: string, options: BaseOptions) => {
  console.log(`Logging in to ${url}`);
@@ -17,7 +9,6 @@ export const login = async (url: string, key: string, options: BaseOptions) => {
  const { configDirectory: configDir } = options;

  await connect(url, key);
-  await requirePermissions([Permission.UserRead]);

  const [error, user] = await withError(getMyUser());
  if (error) {
--- a/cli/src/commands/server-info.ts
+++ b/cli/src/commands/server-info.ts
@@ -1,9 +1,8 @@
-import { getAssetStatistics, getMyUser, getServerVersion, getSupportedMediaTypes, Permission } from '@immich/sdk';
-import { authenticate, BaseOptions, requirePermissions } from 'src/utils';
+import { getAssetStatistics, getMyUser, getServerVersion, getSupportedMediaTypes } from '@immich/sdk';
+import { BaseOptions, authenticate } from 'src/utils';

 export const serverInfo = async (options: BaseOptions) => {
  const { url } = await authenticate(options);
-  await requirePermissions([Permission.ServerAbout, Permission.AssetStatistics, Permission.UserRead]);

  const [versionInfo, mediaTypes, stats, userInfo] = await Promise.all([
    getServerVersion(),
--- a/cli/src/utils.spec.ts
+++ b/cli/src/utils.spec.ts
@@ -299,7 +299,7 @@ describe('crawl', () => {
          .map(([file]) => file);

        // Compare file's content instead of path since a file can be represent in multiple ways.
-        expect(actual.map((path) => readContent(path)).toSorted()).toEqual(expected.toSorted());
+        expect(actual.map((path) => readContent(path)).sort()).toEqual(expected.sort());
      });
    }
  });
--- a/cli/src/utils.ts
+++ b/cli/src/utils.ts
@@ -1,4 +1,4 @@
-import { ApiKeyResponseDto, getMyApiKey, getMyUser, init, isHttpError, Permission } from '@immich/sdk';
+import { getMyUser, init, isHttpError } from '@immich/sdk';
 import { convertPathToPattern, glob } from 'fast-glob';
 import { createHash } from 'node:crypto';
 import { createReadStream } from 'node:fs';
@@ -34,36 +34,6 @@ export const authenticate = async (options: BaseOptions): Promise<AuthDto> => {
  return auth;
 };

-export const s = (count: number) => (count === 1 ? '' : 's');
-
-let _apiKey: ApiKeyResponseDto;
-export const requirePermissions = async (permissions: Permission[]) => {
-  if (!_apiKey) {
-    _apiKey = await getMyApiKey();
-  }
-
-  if (_apiKey.permissions.includes(Permission.All)) {
-    return;
-  }
-
-  const missing: Permission[] = [];
-
-  for (const permission of permissions) {
-    if (!_apiKey.permissions.includes(permission)) {
-      missing.push(permission);
-    }
-  }
-
-  if (missing.length > 0) {
-    const combined = missing.map((permission) => `"${permission}"`).join(', ');
-    console.log(
-      `Missing required permission${s(missing.length)}: ${combined}.
-Please make sure your API key has the correct permissions.`,
-    );
-    process.exit(1);
-  }
-};
-
 export const connect = async (url: string, key: string) => {
  const wellKnownUrl = new URL('.well-known/immich', url);
  try {
@@ -190,7 +160,7 @@ export const crawl = async (options: CrawlOptions): Promise<string[]> => {
    ignore: [`**/${exclusionPattern}`],
  });
  globbedFiles.push(...crawledFiles);
-  return globbedFiles.toSorted();
+  return globbedFiles.sort();
 };

 export const sha1 = (filepath: string) => {
--- a/cli/tsconfig.json
+++ b/cli/tsconfig.json
@@ -9,7 +9,7 @@
    "experimentalDecorators": true,
    "allowSyntheticDefaultImports": true,
    "resolveJsonModule": true,
-    "target": "es2023",
+    "target": "es2022",
    "sourceMap": true,
    "outDir": "./dist",
    "incremental": true,
--- a/deployment/mise.toml
+++ b/deployment/mise.toml
@@ -1,6 +1,6 @@
 [tools]
-terragrunt = "0.98.0"
-opentofu = "1.11.4"
+terragrunt = "0.91.2"
+opentofu = "1.10.6"

 [tasks."tg:fmt"]
 run = "terragrunt hclfmt"
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -14,65 +14,33 @@
 name: immich-dev

 services:
-  immich-app-base:
-    profiles: ['_base']
-    tmpfs:
-      - /tmp
-    volumes:
-      - ..:/usr/src/app
-      - pnpm_cache:/buildcache/pnpm_cache
-      - server_node_modules:/usr/src/app/server/node_modules
-      - web_node_modules:/usr/src/app/web/node_modules
-      - github_node_modules:/usr/src/app/.github/node_modules
-      - cli_node_modules:/usr/src/app/cli/node_modules
-      - docs_node_modules:/usr/src/app/docs/node_modules
-      - e2e_node_modules:/usr/src/app/e2e/node_modules
-      - sdk_node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app_node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
-
-  immich-init:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
-    container_name: immich_init
-    image: immich-server-dev:latest
-    build:
-      context: ../
-      dockerfile: server/Dockerfile.dev
-      target: dev
-    command:
-      - |
-        pnpm install
-        touch /tmp/init-complete
-        exec tail -f /dev/null
-    volumes:
-      - pnpm_store_server:/buildcache/pnpm-store
-    restart: 'no'
-    healthcheck:
-      test: ['CMD', 'test', '-f', '/tmp/init-complete']
-      interval: 2s
-      timeout: 3s
-      retries: 300
-      start_period: 300s
-
  immich-server:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
    container_name: immich_server
    command: ['immich-dev']
    image: immich-server-dev:latest
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    build:
      context: ../
      dockerfile: server/Dockerfile.dev
      target: dev
    restart: unless-stopped
    volumes:
+      - ..:/usr/src/app
      - ${UPLOAD_LOCATION}/photos:/data
      - /etc/localtime:/etc/localtime:ro
-      - pnpm_store_server:/buildcache/pnpm-store
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
      - ../plugins:/build/corePlugin
    env_file:
      - .env
@@ -90,13 +58,15 @@ services:
      IMMICH_THIRD_PARTY_BUG_FEATURE_URL: https://github.com/immich-app/immich/issues
      IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://docs.immich.app
      IMMICH_THIRD_PARTY_SUPPORT_URL: https://docs.immich.app/community-guides
+    ulimits:
+      nofile:
+        soft: 1048576
+        hard: 1048576
    ports:
      - 9230:9230
      - 9231:9231
      - 2283:2283
    depends_on:
-      immich-init:
-        condition: service_healthy
      redis:
        condition: service_started
      database:
@@ -105,9 +75,6 @@ services:
      disable: false

  immich-web:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
    container_name: immich_web
    image: immich-web-dev:latest
    build:
@@ -121,11 +88,24 @@ services:
      - 3000:3000
      - 24678:24678
    volumes:
-      - pnpm_store_web:/buildcache/pnpm-store
+      - ..:/usr/src/app
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
+    ulimits:
+      nofile:
+        soft: 1048576
+        hard: 1048576
    restart: unless-stopped
    depends_on:
-      immich-init:
-        condition: service_healthy
      immich-server:
        condition: service_started

@@ -144,7 +124,7 @@ services:
      - 3003:3003
    volumes:
      - ../machine-learning/immich_ml:/usr/src/immich_ml
-      - model_cache:/cache
+      - model-cache:/cache
    env_file:
      - .env
    depends_on:
@@ -155,7 +135,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:930b41430fb727f533c5982fe509b6f04233e26d0f7354e04de4b0d5c706e44e
+    image: docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
    healthcheck:
      test: redis-cli ping || exit 1

@@ -174,8 +154,6 @@ services:
    ports:
      - 5432:5432
    shm_size: 128mb
-    healthcheck:
-      disable: false
  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
  # immich-prometheus:
  #   container_name: immich_prometheus
@@ -184,7 +162,7 @@ services:
  #   image: prom/prometheus
  #   volumes:
  #     - ./prometheus.yml:/etc/prometheus/prometheus.yml
-  #     - prometheus_data:/prometheus
+  #     - prometheus-data:/prometheus

  # first login uses admin/admin
  # add data source for http://immich-prometheus:9090 to get started
@@ -195,22 +173,20 @@ services:
  #     - 3000:3000
  #   image: grafana/grafana:10.3.3-ubuntu
  #   volumes:
-  #     - grafana_data:/var/lib/grafana
+  #     - grafana-data:/var/lib/grafana

 volumes:
-  model_cache:
-  prometheus_data:
-  grafana_data:
-  pnpm_cache:
-  pnpm_store_server:
-  pnpm_store_web:
-  server_node_modules:
-  web_node_modules:
-  github_node_modules:
-  cli_node_modules:
-  docs_node_modules:
-  e2e_node_modules:
-  sdk_node_modules:
-  app_node_modules:
+  model-cache:
+  prometheus-data:
+  grafana-data:
+  pnpm-store:
+  server-node_modules:
+  web-node_modules:
+  github-node_modules:
+  cli-node_modules:
+  docs-node_modules:
+  e2e-node_modules:
+  sdk-node_modules:
+  app-node_modules:
  sveltekit:
  coverage:
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -56,7 +56,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:930b41430fb727f533c5982fe509b6f04233e26d0f7354e04de4b0d5c706e44e
+    image: docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
@@ -77,15 +77,13 @@ services:
      - 5432:5432
    shm_size: 128mb
    restart: always
-    healthcheck:
-      disable: false

  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
  immich-prometheus:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:1f0f50f06acaceb0f5670d2c8a658a599affe7b0d8e78b898c1035653849a702
+    image: prom/prometheus@sha256:49214755b6153f90a597adcbff0252cc61069f8ab69ce8411285cd4a560e8038
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -97,7 +95,7 @@ services:
    command: ['./run.sh', '-disable-reporting']
    ports:
      - 3000:3000
-    image: grafana/grafana:12.3.2-ubuntu@sha256:6cca4b429a1dc0d37d401dee54825c12d40056c3c6f3f56e3f0d6318ce77749b
+    image: grafana/grafana:12.3.0-ubuntu@sha256:cee936306135e1925ab21dffa16f8a411535d16ab086bef2309339a8e74d62df
    volumes:
      - grafana-data:/var/lib/grafana

--- a/docker/docker-compose.rootless.yml
+++ b/docker/docker-compose.rootless.yml
@@ -1,100 +0,0 @@
-#
-# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
-#
-# Make sure to use the docker-compose.yml of the current release:
-#
-# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
-#
-# The compose file on main may not be compatible with the latest release.
-
-name: immich
-
-services:
-  immich-server:
-    container_name: immich_server
-    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
-    # extends:
-    #   file: hwaccel.transcoding.yml
-    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
-    user: '1000:1000'
-    security_opt:
-      - no-new-privileges:true
-    cap_drop:
-      - NET_RAW
-    volumes:
-      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${UPLOAD_LOCATION}:/data
-      - /etc/localtime:/etc/localtime:ro
-    env_file:
-      - .env
-    ports:
-      - '2283:2283'
-    depends_on:
-      - redis
-      - database
-    restart: always
-    healthcheck:
-      disable: false
-
-  immich-machine-learning:
-    container_name: immich_machine_learning
-    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
-    # Example tag: ${IMMICH_VERSION:-release}-cuda
-    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
-    # extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
-    #   file: hwaccel.ml.yml
-    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
-    user: '1000:1000'
-    security_opt:
-      - no-new-privileges:true
-    cap_drop:
-      - NET_RAW
-    volumes:
-      - ./ml-model-cache:/cache
-      - ./ml-dotcache:/.cache
-      - ./ml-config:/.config
-    env_file:
-      - .env
-    restart: always
-    healthcheck:
-      disable: false
-
-  redis:
-    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:930b41430fb727f533c5982fe509b6f04233e26d0f7354e04de4b0d5c706e44e
-    user: '1000:1000'
-    security_opt:
-      - no-new-privileges:true
-    cap_drop:
-      - NET_RAW
-    volumes:
-      - ./redis:/data
-    healthcheck:
-      test: redis-cli ping || exit 1
-    restart: always
-
-  database:
-    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
-    user: '1000:1000'
-    security_opt:
-      - no-new-privileges:true
-    cap_drop:
-      - NET_RAW
-    environment:
-      POSTGRES_PASSWORD: ${DB_PASSWORD}
-      POSTGRES_USER: ${DB_USERNAME}
-      POSTGRES_DB: ${DB_DATABASE_NAME}
-      POSTGRES_INITDB_ARGS: '--data-checksums'
-      # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
-      # DB_STORAGE_TYPE: 'HDD'
-    volumes:
-      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
-      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
-    shm_size: 128mb
-    restart: always
-    healthcheck:
-      disable: false
-
-volumes:
-  model-cache:
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -49,7 +49,7 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:930b41430fb727f533c5982fe509b6f04233e26d0f7354e04de4b0d5c706e44e
+    image: docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
@@ -69,8 +69,6 @@ services:
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
    shm_size: 128mb
    restart: always
-    healthcheck:
-      disable: false

 volumes:
  model-cache:
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-24.13.1
+24.11.1
--- a/docs/docs/FAQ.mdx
+++ b/docs/docs/FAQ.mdx
@@ -22,7 +22,7 @@ For organizations seeking to resell Immich, we have established the following gu

 - Do not misrepresent your reseller site or services as being officially affiliated with or endorsed by Immich or our development team.

- For small resellers who wish to contribute financially to Immich's development, we recommend directing your customers to purchase product keys directly from us rather than attempting to broker revenue-sharing arrangements. We ask that you refrain from misrepresenting reseller activities as directly supporting our development work.
+- For small resellers who wish to contribute financially to Immich's development, we recommend directing your customers to purchase licenses directly from us rather than attempting to broker revenue-sharing arrangements. We ask that you refrain from misrepresenting reseller activities as directly supporting our development work.

 When in doubt or if you have an edge case scenario, we encourage you to contact us directly via email to discuss the use of our trademark. We can provide clear guidance on what is acceptable and what is not. You can reach out at: questions@immich.app

@@ -133,9 +133,9 @@ There are a few different scenarios that can lead to this situation. The solutio
 The job is only automatically run once per asset after upload. If metadata extraction originally failed, the jobs were cleared/canceled, etc.,
 the job may not have run automatically the first time.

-### How can I hide a photo or video from the timeline?
+### How can I hide photos from the timeline?

-You can _archive_ them. This will hide the asset from the main timeline and folder view, but it will still show up in searches. All archived assets can be found in the _Archive_ view
+You can _archive_ them.

 ### How can I backup data from Immich?

@@ -402,9 +402,6 @@ To decrease Redis logs, you can add the following line to the `redis:` section o
 ### How can I run Immich as a non-root user?

 You can change the user in the container by setting the `user` argument in `docker-compose.yml` for each service.
-
-[Example docker-compose.yml file](https://github.com/immich-app/immich/blob/main/docker/docker-compose.rootless.yml)
-
 You may need to add mount points or docker volumes for the following internal container paths:

 - `immich-machine-learning:/.config`
--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -2,8 +2,6 @@

 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
-import { mdiAlertCircle, mdiCheckCircle } from '@mdi/js';
-import Icon from '@mdi/react';

 A [3-2-1 backup strategy](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) is recommended to protect your data. You should keep copies of your uploaded photos/videos as well as the Immich database for a comprehensive backup solution. This page provides an overview on how to backup the database and the location of user-uploaded pictures and videos. A template bash script that can be run as a cron job is provided [here](/guides/template-backup-script.md)

@@ -13,135 +11,54 @@ The instructions on this page show you how to prepare your Immich instance to be

 ## Database

-Immich stores [file paths](https://github.com/immich-app/immich/discussions/3299) and user metadata in the database. It does not scan the library folder, so database backups are essential.
-
-### Automatic Database Backups
-
-Immich automatically creates database backups for disaster-recovery purposes. These backups are stored in `UPLOAD_LOCATION/backups` and can be managed through the web interface.
-
-You can adjust the backup schedule and retention settings in **Administration > Settings > Backup** (default: keep last 14 backups, create daily at 2:00 AM).
-
 :::caution
-Database backups do **not** contain photos or videos — only metadata. They must be used together with a copy of the files in `UPLOAD_LOCATION` as outlined below.
+Immich saves [file paths in the database](https://github.com/immich-app/immich/discussions/3299), it does not scan the library folder to update the database so backups are crucial.
 :::

-#### Creating a Backup
-
-You can trigger a database backup manually:
-
-1. Go to **Administration > Job Queues**
-2. Click **Create job** in the top right
-3. Select **Create Database Backup** and click **Confirm**
-
-The backup will appear in `UPLOAD_LOCATION/backups` and counts toward your retention limit.
-
-### Restoring a Database Backup
-
-Immich provides two ways to restore a database backup: through the web interface or via the command line. The web interface is the recommended method for most users.
-
-#### Restore from Settings {#restore-from-settings}
-
-If you have an existing Immich installation:
-
-<img
-src={require('./img/restore-from-settings.webp').default}
-title="Restore from settings"
-/>
-
-1. Go to **Administration > Maintenance**
-2. Expand the **Restore database backup** section
-3. You'll see a list of available backups with their version and creation date
-4. Click **Restore** next to the backup you want to restore
-5. Confirm the restore operation
-
 :::info
-Restoring a backup will wipe the current database and replace it with the backup. A restore point is automatically created before the operation begins, allowing rollback if the restore fails.
+Refer to the official [postgres documentation](https://www.postgresql.org/docs/current/backup.html) for details about backing up and restoring a postgres database.
 :::

-#### Restore from Onboarding {#restore-from-onboarding}
-
-If you're setting up Immich on a fresh installation and want to restore from an existing backup:
-
-1. Download and populate `.env` and `docker-compose.yml` as per the [installation instructions](/install/docker-compose).
-2. Move the previous's instance data directories containing `backups`, `encoded-video`, `library`, `profile`, `thumbs` and `upload` into the new `UPLOAD_LOCATION`
-3. **(For external libraries)** If you used external library feature in your previous instance, make sure that the mount settings in your new `docker-compose.yml` reflect the same structure. You may need to move files accordingly.
-
-:::info Example
-
-Assuming your previous `UPLOAD_LOCATION` was `UPLOAD_LOCATION=/my-broken-instance/media` and your new one is `UPLOAD_LOCATION=/a-brand-new-instance/data`, you will need to perform the following file moves:
-
-```
-/my-broken-instance/media/backups          ->    /a-brand-new-instance/data/backups
-/my-broken-instance/media/encoded-video    ->    /a-brand-new-instance/data/encoded-video
-/my-broken-instance/media/library          ->    /a-brand-new-instance/data/library
-/my-broken-instance/media/profile          ->    /a-brand-new-instance/data/profile
-/my-broken-instance/media/thumbs           ->    /a-brand-new-instance/data/thumbs
-/my-broken-instance/media/upload           ->    /a-brand-new-instance/data/upload
-```
-
+:::caution
+It is not recommended to directly backup the `DB_DATA_LOCATION` folder. Doing so while the database is running can lead to a corrupted backup that cannot be restored.
 :::

-4. Start the Immich services with `docker compose up -d`
-
-<img
-src={require('./img/restore-from-onboarding.webp').default}
-title="Restore from onboarding"
-/>
-
-5. On the welcome screen, click **Restore from backup**
-6. Immich will enter maintenance mode and display integrity checks for your storage folders
-7. Review the folder status to ensure your library files are accessible
-8. Click **Next** to proceed to backup selection
-9. Select a backup from the list or upload a backup file (`.sql.gz`)
-10. Click **Restore** to begin the restoration process
-
-:::tip
-Before restoring, ensure your `UPLOAD_LOCATION` folders contain the same files that existed when the backup was created. The integrity check will show you which folders are readable/writable and how many files they contain.
-:::
-
-### Uploading a Backup File {#uploading-backup}
-
-You can upload a database backup file directly:
-
-1. In the **Restore database backup** section, click **Select from computer**
-2. Choose a `.sql.gz` file
-3. The uploaded backup will appear in the list with an `uploaded-` prefix
-4. Click **Restore** to restore from the uploaded file
-
-### Backup Version Compatibility {#backup-compatibility}
-
-When viewing backups, Immich displays compatibility indicators based on the current version and the information from the filename:
-
- <Icon path={mdiCheckCircle} size={1} color="green"/> Backup version matches current Immich version
- <Icon path={mdiAlertCircle} size={1} color="#feb001"/> Backup was created with a different Immich version
- <Icon path={mdiAlertCircle} size={1} color="red"/> Could not determine backup version
+### Automatic Database Dumps

 :::warning
-Restoring a backup from a different Immich version may require database migrations. The restore process will attempt to run migrations automatically, but you should ensure you're restoring to a compatible version when possible.
+The automatic database dumps can be used to restore the database in the event of damage to the Postgres database files.
+There is no monitoring for these dumps and you will not be notified if they are unsuccessful.
 :::

-### Restore Process {#restore-process}
+:::caution
+The database dumps do **NOT** contain any pictures or videos, only metadata. They are only usable with a copy of the other files in `UPLOAD_LOCATION` as outlined below.
+:::

-During restoration, Immich will:
+For disaster-recovery purposes, Immich will automatically create database dumps. The dumps are stored in `UPLOAD_LOCATION/backups`.
+Please be sure to make your own, independent backup of the database together with the asset folders as noted below.
+You can adjust the schedule and amount of kept database dumps in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).
+By default, Immich will keep the last 14 database dumps and create a new dump every day at 2:00 AM.

-1. Create a backup of the current database (restore point)
-2. Restore the selected backup
-3. Run database migrations if needed
-4. Perform a health check to verify the restore succeeded
+#### Trigger Dump

-If the restore fails (e.g., corrupted backup or missing admin user), Immich will automatically roll back to the restore point.
+You are able to trigger a database dump in the [admin job status page](http://my.immich.app/admin/jobs-status).
+Visit the page, open the "Create job" modal from the top right, select "Create Database Dump" and click "Confirm".
+A job will run and trigger a dump, you can verify this worked correctly by checking the logs or the `backups/` folder.
+This dumps will count towards the last `X` dumps that will be kept based on your settings.

-### Restore via Command Line {#restore-cli}
+#### Restoring

-For advanced users or automated recovery scenarios, you can restore a database backup using the command line.
+We hope to make restoring simpler in future versions, for now you can find the database dumps in the `UPLOAD_LOCATION/backups` folder on your host.
+Then please follow the steps in the following section for restoring the database.
+
+### Manual Backup and Restore

 <Tabs>
  <TabItem value="Linux system" label="Linux system" default>

 ```bash title='Backup'
 # Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
-# Replace <DB_DATABASE_NAME> with the database name - usually immich unless you have changed it.
-docker exec -t immich_postgres pg_dump --clean --if-exists --dbname=<DB_DATABASE_NAME> --username=<DB_USERNAME> | gzip > "/path/to/backup/dump.sql.gz"
+docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME> | gzip > "/path/to/backup/dump.sql.gz"
 ```

 ```bash title='Restore'
@@ -154,10 +71,9 @@ docker start immich_postgres    # Start Postgres server
 sleep 10                        # Wait for Postgres server to start up
 # Check the database user if you deviated from the default
 # Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
-# Replace <DB_DATABASE_NAME> with the database name - usually immich unless you have changed it.
 gunzip --stdout "/path/to/backup/dump.sql.gz" \
 | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" \
-| docker exec -i immich_postgres psql --dbname=<DB_DATABASE_NAME> --username=<DB_USERNAME> --single-transaction --set ON_ERROR_STOP=on  # Restore Backup
+| docker exec -i immich_postgres psql --dbname=postgres --username=<DB_USERNAME>  # Restore Backup
 docker compose up -d            # Start remainder of Immich apps
 ```

@@ -166,8 +82,7 @@ docker compose up -d            # Start remainder of Immich apps

 ```powershell title='Backup'
 # Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
-# Replace <DB_DATABASE_NAME> with the database name - usually immich unless you have changed it.
-[System.IO.File]::WriteAllLines("C:\absolute\path\to\backup\dump.sql", (docker exec -t immich_postgres pg_dump --clean --if-exists --dbname=<DB_DATABASE_NAME> --username=<DB_USERNAME>))
+[System.IO.File]::WriteAllLines("C:\absolute\path\to\backup\dump.sql", (docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME>))
 ```

 ```powershell title='Restore'
@@ -182,9 +97,8 @@ sleep 10                                          # Wait for Postgres server to
 docker exec -it immich_postgres bash              # Enter the Docker shell and run the following command
 # If your backup ends in `.gz`, replace `cat` with `gunzip --stdout`
 # Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
-# Replace <DB_DATABASE_NAME> with the database name - usually immich unless you have changed it.

-cat "/dump.sql" | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" | psql --dbname=<DB_DATABASE_NAME> --username=<DB_USERNAME>  --single-transaction --set ON_ERROR_STOP=on
+cat "/dump.sql" | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" | psql --dbname=postgres --username=<DB_USERNAME>
 exit                                              # Exit the Docker shell
 docker compose up -d                              # Start remainder of Immich apps
 ```
@@ -192,20 +106,10 @@ docker compose up -d                              # Start remainder of Immich ap
  </TabItem>
 </Tabs>

-:::warning
-The backup and restore process changed in v2.5.0, if you have a backup created with an older version of Immich, use the documentation version selector to find manual restore instructions for your backup.
-:::
-
-:::note
-For the database restore to proceed properly, it requires a completely fresh install (i.e., the Immich server has never run since creating the Docker containers). If the Immich app has run, you may encounter Postgres conflicts (relation already exists, violated foreign key constraints, etc.). In this case, delete the `DB_DATA_LOCATION` folder to reset the database.
-:::
+Note that for the database restore to proceed properly, it requires a completely fresh install (i.e. the Immich server has never run since creating the Docker containers). If the Immich app has run, Postgres conflicts may be encountered upon database restoration (relation already exists, violated foreign key constraints, multiple primary keys, etc.), in which case you need to delete the `DB_DATA_LOCATION` folder to reset the database.

 :::tip
-Some deployment methods make it difficult to start the database without also starting the server. In these cases, set the environment variable `DB_SKIP_MIGRATIONS=true` before starting the services. This prevents the server from running migrations that interfere with the restore process. Remove this variable and restart services after the database is restored.
-:::
-
-:::tip
-The provided restore process ensures your database is never in a broken state by committing all changes in one transaction. This may be undesirable behaviour in some circumstances, you can disable it by removing `--single-transaction --set ON_ERROR_STOP=on` from the command.
+Some deployment methods make it difficult to start the database without also starting the server. In these cases, you may set the environment variable `DB_SKIP_MIGRATIONS=true` before starting the services. This will prevent the server from running migrations that interfere with the restore process. Be sure to remove this variable and restart the services after the database is restored.
 :::

 ## Filesystem
@@ -253,14 +157,17 @@ for more info read the [release notes](https://github.com/immich-app/immich/rele
 - **Encoded Assets:**
  - Videos that have been re-encoded from the original for wider compatibility. The original is not removed.
  - Stored in `UPLOAD_LOCATION/encoded-video/<userID>`.
- **Database Dump Backups:**
-  - Automatic database backups created by Immich for disaster recovery.
-  - Stored in `UPLOAD_LOCATION/backups/`.
+
 - **Postgres**
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
  - Stored in `DB_DATA_LOCATION`.

+  :::danger
+  A backup of this folder does not constitute a backup of your database!
+  Follow the instructions listed [here](/administration/backup-and-restore#database) to learn how to perform a proper backup.
+  :::
+
 </TabItem>
  <TabItem value="Storage Template On" label="Storage Template On">

@@ -296,14 +203,16 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
  - Files uploaded through mobile apps.
  - Temporarily located in `UPLOAD_LOCATION/upload/<userID>`.
  - Transferred to `UPLOAD_LOCATION/library/<userID>` upon successful upload.
- **Database Dump Backups:**
-  - Automatic database backups created by Immich for disaster recovery.
-  - Stored in `UPLOAD_LOCATION/backups/`.
 - **Postgres**
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
  - Stored in `DB_DATA_LOCATION`.

+  :::danger
+  A backup of this folder does not constitute a backup of your database!
+  Follow the instructions listed [here](/administration/backup-and-restore#database) to learn how to perform a proper backup.
+  :::
+
 </TabItem>

 </Tabs>
--- a/docs/docs/administration/img/admin-jobs.webp
+++ b/docs/docs/administration/img/admin-jobs.webp
--- a/docs/docs/administration/img/admin-nightly-tasks.webp
+++ b/docs/docs/administration/img/admin-nightly-tasks.webp
--- a/docs/docs/administration/img/customize-delete-user.webp
+++ b/docs/docs/administration/img/customize-delete-user.webp
--- a/docs/docs/administration/img/immediately-remove-user.webp
+++ b/docs/docs/administration/img/immediately-remove-user.webp
--- a/docs/docs/administration/img/restore-from-onboarding.webp
+++ b/docs/docs/administration/img/restore-from-onboarding.webp
--- a/docs/docs/administration/img/restore-from-settings.webp
+++ b/docs/docs/administration/img/restore-from-settings.webp
--- a/docs/docs/administration/img/server-stats.webp
+++ b/docs/docs/administration/img/server-stats.webp
--- a/docs/docs/administration/img/user-edit-menu.webp
+++ b/docs/docs/administration/img/user-edit-menu.webp
--- a/docs/docs/administration/img/user-notifications-settings.webp
+++ b/docs/docs/administration/img/user-notifications-settings.webp
--- a/docs/docs/administration/img/user-notifications-templates.webp
+++ b/docs/docs/administration/img/user-notifications-templates.webp
--- a/docs/docs/administration/img/user-quota-size.webp
+++ b/docs/docs/administration/img/user-quota-size.webp
--- a/docs/docs/administration/img/user-storage-label.webp
+++ b/docs/docs/administration/img/user-storage-label.webp
--- a/docs/docs/administration/jobs-workers.md
+++ b/docs/docs/administration/jobs-workers.md
@@ -50,7 +50,7 @@ When a new asset is uploaded it kicks off a series of jobs, which include metada

 Additionally, some jobs (such as memories generation) run on a schedule, which is every night at midnight by default. To change when they run or enable/disable a job navigate to System Settings -> [Nightly Tasks Settings](https://my.immich.app/admin/system-settings?isOpen=nightly-tasks).

-<img src={require('./img/admin-nightly-tasks.webp').default} width="80%" title="Admin nightly tasks" />
+<img src={require('./img/admin-nightly-tasks.webp').default} width="60%" title="Admin nightly tasks" />

 :::note
 Some jobs ([External Libraries](/features/libraries) scanning, Database Dump) are configured in their own sections in System Settings.
--- a/docs/docs/administration/maintenance-mode.md
+++ b/docs/docs/administration/maintenance-mode.md
@@ -4,7 +4,7 @@ Maintenance mode is used to perform administrative tasks such as restoring backu

 You can enter maintenance mode by either:

- Selecting "Switch to maintenance mode" in `Maintenance` tab in administration.
+- Selecting "enable maintenance mode" in system settings in administration.
 - Running the enable maintenance mode [administration command](./server-commands.md).

 ## Logging in during maintenance
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -56,13 +56,11 @@ Once you have a new OAuth client application configured, Immich can be configure
 | Setting                                              | Type    | Default              | Description                                                                         |
 | ---------------------------------------------------- | ------- | -------------------- | ----------------------------------------------------------------------------------- |
 | Enabled                                              | boolean | false                | Enable/disable OAuth                                                                |
-| `issuer_url`                                         | URL     | (required)           | Required. Self-discovery URL for client (from previous step)                        |
-| `client_id`                                          | string  | (required)           | Required. Client ID (from previous step)                                            |
-| `client_secret`                                      | string  | (required)           | Required. Client Secret (previous step)                                             |
-| `scope`                                              | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
-| `id_token_signed_response_alg`                       | string  | RS256                | The algorithm used to sign the id token (examples: RS256, HS256)                    |
-| `userinfo_signed_response_alg`                       | string  | none                 | The algorithm used to sign the userinfo response (examples: RS256, HS256)           |
-| Request timeout                                      | string  | 30,000 (30 seconds)  | Number of milliseconds to wait for http requests to complete before giving up       |
+| Issuer URL                                           | URL     | (required)           | Required. Self-discovery URL for client (from previous step)                        |
+| Client ID                                            | string  | (required)           | Required. Client ID (from previous step)                                            |
+| Client Secret                                        | string  | (required)           | Required. Client Secret (previous step)                                             |
+| Scope                                                | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
+| Signing Algorithm                                    | string  | RS256                | The algorithm used to sign the id token (examples: RS256, HS256)                    |
 | Storage Label Claim                                  | string  | preferred_username   | Claim mapping for the user's storage label**¹**                                     |
 | Role Claim                                           | string  | immich_role          | Claim mapping for the user's role. (should return "user" or "admin")**¹**           |
 | Storage Quota Claim                                  | string  | immich_quota         | Claim mapping for the user's storage**¹**                                           |
--- a/docs/docs/administration/postgres-standalone.md
+++ b/docs/docs/administration/postgres-standalone.md
@@ -22,7 +22,7 @@ Immich is known to work with Postgres versions `>= 14, < 19`.
 VectorChord is known to work with pgvector versions `>= 0.7, < 0.9`.

 The Immich server will check the VectorChord version on startup to ensure compatibility, and refuse to start if a compatible version is not found.
-The current accepted range for VectorChord is `>= 0.3, < 2.0`.
+The current accepted range for VectorChord is `>= 0.3, < 0.6`.
 :::

 ## Specifying the connection URL
@@ -88,7 +88,7 @@ The easiest option is to have both extensions installed during the migration:
 <details>
 <summary>Migration steps (automatic)</summary>
 1. Ensure you still have pgvecto.rs installed
-2. Install `pgvector` (`>= 0.7, < 0.9`). The easiest way to do this is on Debian/Ubuntu by adding the [PostgreSQL Apt repository][pg-apt] and then running `apt install postgresql-NN-pgvector`, where `NN` is your Postgres version (e.g., `16`)
+2. Install `pgvector` (`>= 0.7.0, < 1.0.0`). The easiest way to do this is on Debian/Ubuntu by adding the [PostgreSQL Apt repository][pg-apt] and then running `apt install postgresql-NN-pgvector`, where `NN` is your Postgres version (e.g., `16`)
 3. [Install VectorChord][vchord-install]
 4. Add `shared_preload_libraries= 'vchord.so, vectors.so'` to your `postgresql.conf`, making sure to include _both_ `vchord.so` and `vectors.so`. You may include other libraries here as well if needed
 5. Restart the Postgres database
--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -21,12 +21,6 @@ server {
    # allow large file uploads
    client_max_body_size 50000M;

-    # disable buffering uploads to prevent OOM on reverse proxy server and make uploads twice as fast (no pause)
-    proxy_request_buffering off;
-
-    # increase body buffer to avoid limiting upload speed
-    client_body_buffer_size 1024k;
-
    # Set headers
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
@@ -35,6 +29,8 @@ server {

    # enable websockets: http://nginx.org/en/docs/http/websocket.html
    proxy_http_version 1.1;
+    proxy_set_header   Upgrade    $http_upgrade;
+    proxy_set_header   Connection "upgrade";
    proxy_redirect     off;

    # set timeout
@@ -44,8 +40,6 @@ server {

    location / {
        proxy_pass http://<backend_url>:2283;
-        proxy_set_header   Upgrade    $http_upgrade;
-        proxy_set_header   Connection "upgrade";
    }

    # useful when using Let's Encrypt http-01 challenge
@@ -98,6 +92,7 @@ entryPoints:
      respondingTimeouts:
        readTimeout: 600s
        idleTimeout: 600s
+        writeTimeout: 600s
 ```

 The second part is in the `docker-compose.yml` file where immich is in. Add the Traefik specific labels like in the example.
--- a/docs/docs/administration/server-commands.md
+++ b/docs/docs/administration/server-commands.md
@@ -52,7 +52,7 @@ Password login has been enabled.
 Disable Maintenance Mode

 ```
-immich-admin disable-maintenance-mode
+immich-admin disable-maintenace-mode
 Maintenance mode has been disabled.
 ```

--- a/docs/docs/administration/user-management.mdx
+++ b/docs/docs/administration/user-management.mdx
@@ -31,7 +31,7 @@ Admin can send a welcome email if the Email option is set, you can learn here ho

 Admin can specify the storage quota for the user as the instance's admin; once the limit is reached, the user won't be able to upload to the instance anymore.

-In order to select a storage quota, click on the edit user icon and enter the storage quota in GiB. You can choose an unlimited quota by leaving it empty (default).
+In order to select a storage quota, click on the pencil icon and enter the storage quota in GiB. You can choose an unlimited quota by leaving it empty (default).

 :::tip
 The system administrator can see the usage quota percentage of all users in Server Stats page.
@@ -41,12 +41,12 @@ The system administrator can see the usage quota percentage of all users in Serv
 External libraries don't take up space from the storage quota.
 :::

-<img src={require('./img/user-quota-size.webp').default} width="80%" title="Set Quota Size" />
+<img src={require('./img/user-quota-size.webp').default} width="40%" title="Set Quota Size" />

 ## Set Storage Label For User

 The admin can add a custom label for each user, so instead of `upload/{userId}/your-template` it will be `upload/{custom_user_label}/your-template`.  
-To apply a storage template, go to the `Administration > Users`, then click on the context menu button next to the user.
+To apply a storage template, go to the Administration page -> click on the pencil button next to the user.
 :::note
 To apply the Storage Label to previously uploaded assets, run the Storage Migration Job.
 :::
@@ -55,21 +55,25 @@ To apply the Storage Label to previously uploaded assets, run the Storage Migrat

 ## Password Reset

-<img src={require('./img/user-edit-menu.webp').default} width="80%" title="Customize Delete User" />
+To reset a user's password, click the pencil icon to edit a user, then click "Reset Password". The user's password will be reset to random password and they have to change it next time the sign in.

-To reset a user's password, go to `Administration > Users`, then click on the context menu button next to the user, then click "Reset Password". The user's password will be reset to a random password and they have to change it next time they sign in.
+<img src={require('./img/user-management-update.webp').default} width="40%" title="Reset Password" />

 ## Delete a User

-If you need to remove a user from Immich, go to `Administration > Users`, then click on the context menu button next to the user. The user account will immediately become disabled and their library and all associated data will be removed after 7 days by default.
+If you need to remove a user from Immich, head to "Administration", where users can be scheduled for deletion. The user account will immediately become disabled and their library and all associated data will be removed after 7 days by default.
+
+<img src={require('./img/delete-user.webp').default} width="40%" title="Delete User" />

 ### Delete Delay

-You can customize the time of the deletion of the users from `Administration -> Settings -> User Settings`.
+You can customize the time of the deletion of the users from the Administration -> Settings -> User Settings.
 :::info user deletion job
 The user deletion job runs at midnight to check for users that are ready for deletion. Changes to this setting will be evaluated at the next execution.
 :::

+<img src={require('./img/customize-delete-user.webp').default} width="80%" title="Customize Delete User" />
+
 ### Immediately Remove User

 You can choose to delete a user immediately by checking the box
--- a/docs/docs/developer/devcontainers.md
+++ b/docs/docs/developer/devcontainers.md
@@ -44,7 +44,7 @@ While this guide focuses on VS Code, you have many options for Dev Container dev
 **Self-Hostable Options:**

 - [Coder](https://coder.com) - Enterprise-focused, requires Terraform knowledge, self-managed
- [DevPod](https://devpod.sh) - Client-only tool with excellent devcontainer.json support, works with any provider (local, cloud, or on-premise). Check [quick-start guide](#quick-start-guide-for-devpod-with-docker)
+- [DevPod](https://devpod.sh) - Client-only tool with excellent devcontainer.json support, works with any provider (local, cloud, or on-premise)
  :::

 ## Dev Container Services
@@ -408,27 +408,7 @@ If you encounter issues:
 1. Check container logs: View → Output → Select "Dev Containers"
 2. Rebuild without cache: "Dev Containers: Rebuild Container Without Cache"
 3. Review [common Docker issues](https://docs.docker.com/desktop/troubleshoot/)
-4. Ask in [Discord](https://discord.immich.app) `#contributing` channel
-
-### Quick-start guide for DevPod with docker
-
-You will need DevPod CLI (check [DevPod CLI installation guide](https://devpod.sh/docs/getting-started/install)) and Docker Desktop.
-
-```sh
-# Step 1: Clone the Repository
-git clone https://github.com/immich-app/immich.git
-cd immich
-
-# Step 2: Prepare DevPod (if you haven't already)
-devpod provider add docker
-devpod provider use docker
-
-# Step 3: Build 'immich-server-dev' docker image first manually
-docker build -f server/Dockerfile.dev -t immich-server-dev .
-
-# Step 4: Now you can start devcontainer
-devpod up .
-```
+4. Ask in [Discord](https://discord.immich.app) `#help-desk-support` channel

 ## Mobile Development

--- a/docs/docs/developer/setup.md
+++ b/docs/docs/developer/setup.md
@@ -4,10 +4,6 @@ sidebar_position: 2

 # Setup

-:::warning
-Make sure to read the [`CONTRIBUTING.md`](https://github.com/immich-app/immich/blob/main/CONTRIBUTING.md) before you dive into the code.
-:::
-
 :::note
 If there's a feature you're planning to work on, just give us a heads up in [#contributing](https://discord.com/channels/979116623879368755/1071165397228855327) on [our Discord](https://discord.immich.app) so we can:

@@ -37,8 +33,7 @@ All the services are packaged to run as with single Docker Compose command.
 1. Clone the project repo.
 2. Run `cp docker/example.env docker/.env`.
 3. Edit `docker/.env` to provide values for the required variable `UPLOAD_LOCATION`.
-4. Install dependencies - `pnpm i`
-5. From the root directory, run:
+4. From the root directory, run:

 ```bash title="Start development server"
 make dev # required Makefile installed on the system.
@@ -53,6 +48,7 @@ You can access the web from `http://your-machine-ip:3000` or `http://localhost:3
 **Notes:**

 - The "web" development container runs with uid 1000. If that uid does not have read/write permissions on the mounted volumes, you may encounter errors
+- In case of rootless docker setup, you need to use root within the container, otherwise you will encounter read/write permission related errors, see comments in `docker/docker-compose.dev.yml`.

 #### Connect web to a remote backend

@@ -90,13 +86,10 @@ To see local changes to `@immich/ui` in Immich, do the following:

 #### Setup

-1. [Install mise](https://mise.jdx.dev/installing-mise.html).
-2. Change to the immich (root) directory and trust the mise config with `mise trust`.
-3. Install tools with mise: `mise install`.
-4. Change to the `mobile/` directory.
-5. Run `flutter pub get` to install the dependencies.
-6. Run `make translation` to generate the translation file.
-7. Run `flutter run` to start the app.
+1. Setup Flutter toolchain using FVM.
+2. Run `flutter pub get` to install the dependencies.
+3. Run `make translation` to generate the translation file.
+4. Run `fvm flutter run` to start the app.

 #### Translation

--- a/docs/docs/developer/testing.md
+++ b/docs/docs/developer/testing.md
@@ -18,7 +18,6 @@ make e2e
 Before you can run the tests, you need to run the following commands _once_:

 - `pnpm install` (in `e2e/`)
- `pnpm run build` (in `cli/`)
 - `make open-api` (in the project root `/`)

 Once the test environment is running, the e2e tests can be run via:
--- a/docs/docs/features/automatic-backup.md
+++ b/docs/docs/features/automatic-backup.md
@@ -0,0 +1,42 @@
+# Automatic Backup
+
+Immich supports uploading photos and videos from your mobile device to the server automatically.
+
+---
+
+You can enable the settings by accessing the upload options from the upload page
+
+<img src={require('./img/backup-settings-access.webp').default} width="50%" title="Backup option selection" />
+
+<img src={require('./img/background-foreground-backup.webp').default} width="50%" title="Foreground&Background Backup" />
+
+## Foreground backup
+
+If foreground backup is enabled: whenever the app is opened or resumed, it will check if any photos or videos in the selected album(s) have yet to be uploaded to the cloud (the remainder count). If there are any, they will be uploaded.
+
+## Background backup
+
+This feature is intended for everyday use. For initial bulk uploading, please use the foreground upload feature. For more information on why background upload is not working as expected, please refer to the [FAQ](/FAQ#why-does-foreground-backup-stop-when-i-navigate-away-from-the-app-shouldnt-it-transfer-the-job-to-background-backup).
+
+If background backup is enabled. The app will periodically check if there are any new photos or videos in the selected album(s) to be uploaded to the server. If there are, it will upload them to the cloud in the background.
+
+:::info Note
+
+#### General
+
+- The app must be in the background for the backup worker to start running.
+- If you reopen the app and the first page you see is the backup page, the counts will not reflect the background uploaded result. You have to navigate out of the page and come back to see the updated counts.
+
+#### Android
+
+- It is a well-known problem that some Android models are very strict with battery optimization settings, which can cause a problem with the background worker. Please visit [Don't kill my app](https://dontkillmyapp.com/) for a guide on disabling this setting on your phone.
+
+#### iOS
+
+- You must enable **Background App Refresh** for the app to work in the background. You can enable it in the Settings app under General > Background App Refresh.
+
+<div style={{textAlign: 'center'}}>
+<img src={require('./img/background-app-refresh.webp').default} width="30%" title="background-app-refresh" />
+</div>
+
+:::
--- a/docs/docs/features/command-line-interface.md
+++ b/docs/docs/features/command-line-interface.md
@@ -183,13 +183,11 @@ For example to get a list of files that would be uploaded for further
 processing:

 ```bash
-immich upload --dry-run --json-output . | tail -n +6 | jq .newFiles[]
+immich upload --dry-run . | tail -n +6 | jq .newFiles[]
 ```

 ### Obtain the API Key

-The API key can be obtained in the user setting panel on the web interface. You can also specify permissions for the key to limit its access.
+The API key can be obtained in the user setting panel on the web interface.

 ![Obtain Api Key](./img/obtain-api-key.webp)
-
-![Specify permissions for the key](./img/obtain-api-key-2.webp)
--- a/docs/docs/features/editing.mdx
+++ b/docs/docs/features/editing.mdx
@@ -1,19 +0,0 @@
-# Editing
-
-Immich supports non-destructive editing of photos. This means that any edits you make to an asset do not modify the original file, but instead create a new version of the asset with the edits applied. You can always revert back to the original asset if needed.
-
-## Supported Edits
-
-Currently, Immich supports the following types of edits:
-
- Cropping
- Rotation
- Mirroring
-
-<img src={require('./img/web-edit-interface.webp').default} title="Web edit interface" />
-
-## Download
-
-When you download an edited asset, Immich provides the edited version of the asset by default. However, you can choose to download the original version if needed.
-
-<img src={require('./img/web-edit-download.webp').default} title="Web edit download" />
--- a/docs/docs/features/facial-recognition.md
+++ b/docs/docs/features/facial-recognition.md
@@ -21,14 +21,14 @@ The asset detail view will also show the faces that are recognized in the asset.
 Additional actions you can do include:

 - Changing the feature photo of the person
+- Setting a person's date of birth
+- Merging two or more detected faces into one person
 - Hiding the faces of a person from the Explore page and detail view
- Setting a person's date of birth, so that the age of the person can be shown at the time the photo was taken
- Merging two or more detected people into one person
- Favoriting a person to pin them to the top of the list
+- Assigning an unrecognized face to a person

 It can be found from the app bar when you access the detail view of a person.

-<img src={require('./img/facial-recognition-4.webp').default} title='Facial Recognition 4' />
+<img src={require('./img/facial-recognition-4.webp').default} title='Facial Recognition 4' width="70%"/>

 ## How Face Detection Works

--- a/docs/docs/features/hardware-transcoding.md
+++ b/docs/docs/features/hardware-transcoding.md
@@ -71,22 +71,6 @@ For RKMPP to work:

 5. (Optional) Enable hardware decoding for optimal performance.

-<details>
-<summary>immich.json</summary>
-
-If you use a [configuration file](/install/config-file.md), use the `accel` option to select the hardware (e.g. `qsv` for Intel or `nvenc` for Nvidia). Set `accelDecode` to `true` if you want hardware decoding.
-
-```json
-{
-  "ffmpeg": {
-    "accel": "qsv",
-    "accelDecode": true
-  }
-}
-```
-
-</details>
-
 #### Single Compose File

 Some platforms, including Unraid and Portainer, do not support multiple Compose files as of writing. As an alternative, you can "inline" the relevant contents of the [`hwaccel.transcoding.yml`][hw-file] file into the `immich-server` service directly.
--- a/docs/docs/features/img/advanced-search-filters.webp
+++ b/docs/docs/features/img/advanced-search-filters.webp
--- a/docs/docs/features/img/android-backup-options.webp
+++ b/docs/docs/features/img/android-backup-options.webp
--- a/docs/docs/features/img/background-foreground-backup.webp
+++ b/docs/docs/features/img/background-foreground-backup.webp
--- a/docs/docs/features/img/backup-album-selection.webp
+++ b/docs/docs/features/img/backup-album-selection.webp
--- a/docs/docs/features/img/backup-album-sync.webp
+++ b/docs/docs/features/img/backup-album-sync.webp
--- a/docs/docs/features/img/backup-options.webp
+++ b/docs/docs/features/img/backup-options.webp
--- a/docs/docs/features/img/enable-backup-button.webp
+++ b/docs/docs/features/img/enable-backup-button.webp
--- a/docs/docs/features/img/facial-recognition-1.webp
+++ b/docs/docs/features/img/facial-recognition-1.webp
--- a/docs/docs/features/img/facial-recognition-2.webp
+++ b/docs/docs/features/img/facial-recognition-2.webp
--- a/docs/docs/features/img/facial-recognition-3.webp
+++ b/docs/docs/features/img/facial-recognition-3.webp
--- a/docs/docs/features/img/facial-recognition-4.webp
+++ b/docs/docs/features/img/facial-recognition-4.webp
--- a/docs/docs/features/img/folder-view-enable.webp
+++ b/docs/docs/features/img/folder-view-enable.webp
--- a/docs/docs/features/img/free-up-space.webp
+++ b/docs/docs/features/img/free-up-space.webp
--- a/docs/docs/features/img/gcast-enable.webp
+++ b/docs/docs/features/img/gcast-enable.webp
--- a/docs/docs/features/img/library-custom-scan-interval.webp
+++ b/docs/docs/features/img/library-custom-scan-interval.webp
--- a/docs/docs/features/img/mobile-smart-search.webp
+++ b/docs/docs/features/img/mobile-smart-search.webp
--- a/docs/docs/features/img/mobile-upload-selected-photos.webp
+++ b/docs/docs/features/img/mobile-upload-selected-photos.webp
--- a/docs/docs/features/img/my-wife.webp
+++ b/docs/docs/features/img/my-wife.webp
--- a/docs/docs/features/img/obtain-api-key-2.webp
+++ b/docs/docs/features/img/obtain-api-key-2.webp
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Norihide Saito	e9a36f0391	fix: update selectors for disabled state in thumbnail component	2025-11-30 11:44:15 +09:00
Norihide Saito	d10dfc05cc	Merge remote-tracking branch 'origin/feat/shared-album-owner-labels' into refactor/expectSelectedReadonly	2025-11-30 09:54:20 +09:00
Norihide Saito	0d5685a3fa	refactor(e2e/web): resolve todo of expectSelectedReadonly	2025-11-30 09:35:30 +09:00
CJPeckover	4c33fbb5e0	Merge branch 'immich-main' into feat/shared-album-owner-labels	2025-11-25 22:59:30 -05:00
CJPeckover	b687237d8f	format	2025-11-23 22:03:16 -05:00
CJPeckover	e75d9f5613	add missing import	2025-11-23 21:52:14 -05:00
CJPeckover	f353c99223	Don't show 'view owners' button if the album doesn't have editors	2025-11-23 21:49:47 -05:00
CJPeckover	c0afde91a7	add @idubnori suggestion for the name font	2025-11-23 21:33:13 -05:00
CJPeckover	ff19cd0107	update new Timeline with albumUsers	2025-11-23 21:01:33 -05:00
CJPeckover	d227077543	Merge branch 'immich-main' into feat/shared-album-owner-labels	2025-11-23 21:01:07 -05:00
CJPeckover	6e0005acfd	- add toggle to show/hide asset owner names	2025-08-25 19:55:25 -04:00
CJPeckover	55a196bfa0	Merge branch 'immich-main' into feat/shared-album-owner-labels	2025-08-25 18:27:51 -04:00
CJPeckover	d0b49846dc	format	2025-08-23 01:12:37 -04:00
CJPeckover	8896b2dbf5	fix lint	2025-08-23 01:11:10 -04:00
CJPeckover	251e644b2a	- cleanup albumUsers creation - use font-light for the user's name	2025-08-23 01:09:51 -04:00
CJPeckover	a02635f9a5	cleanup	2025-08-23 00:57:50 -04:00
CJPeckover	104f3dfcc3	- change owner to their name in white text instead of the avatar	2025-08-23 00:54:50 -04:00
CJPeckover	b7e3b48a44	- pass available album users along to the thumbnail through the asset-date-group - show a small user-avatar in bottom right of thumbnail	2025-08-22 17:29:03 -04:00
@@ -1 +1 @@
 .13.1
 .11.1