chore(deps): update github-actions

.github/workflows/build-mobile.yml

@@ -51,14 +51,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@4effdb9faa3c120fa03f487f0a476d55fc4cd9f2 # pre-job-action-v2.0.1
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -79,12 +79,12 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: ${{ inputs.ref || github.sha }}
           persist-credentials: false
@@ -96,14 +96,14 @@ jobs:
         working-directory: ./mobile
         run: printf "%s" $KEY_JKS | base64 -d > android/key.jks
 
-      - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
+      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
         with:
           distribution: 'zulu'
           java-version: '17'
 
       - name: Restore Gradle Cache
         id: cache-gradle-restore
-        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         with:
           path: |
             ~/.gradle/caches
@@ -160,7 +160,7 @@ jobs:
 
       - name: Save Gradle Cache
         id: cache-gradle-save
-        uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         if: github.ref == 'refs/heads/main'
         with:
           path: |
@@ -185,7 +185,7 @@ jobs:
         run: sudo xcode-select -s /Applications/Xcode_26.2.app/Contents/Developer
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           ref: ${{ inputs.ref || github.sha }}
           persist-credentials: false

.github/workflows/cache-cleanup.yml

@@ -19,13 +19,13 @@ jobs:
       actions: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check out code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}

.github/workflows/cli.yml

@@ -31,12 +31,12 @@ jobs:
         working-directory: ./cli
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -45,7 +45,7 @@ jobs:
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './cli/.nvmrc'
           registry-url: 'https://registry.npmjs.org'
@@ -71,13 +71,13 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -89,7 +89,7 @@ jobs:
         uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:
           registry: ghcr.io

.github/workflows/close-duplicates.yml

@@ -35,7 +35,7 @@ jobs:
     needs: [get_body, should_run]
     if: ${{ needs.should_run.outputs.should_run == 'true' }}
     container:
-      image: ghcr.io/immich-app/mdq:main@sha256:ab9f163cd5d5cec42704a26ca2769ecf3f10aa8e7bae847f1d527cdf075946e6
+      image: ghcr.io/immich-app/mdq:main@sha256:78cebf4615792f2786d55590c0ec6c6eea2201ea8527f0d0af7fd95f1f201cd9
     outputs:
       checked: ${{ steps.get_checkbox.outputs.checked }}
     steps:

.github/workflows/codeql-analysis.yml

@@ -44,20 +44,20 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +70,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -83,6 +83,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/docker.yml

@@ -23,14 +23,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@4effdb9faa3c120fa03f487f0a476d55fc4cd9f2 # pre-job-action-v2.0.1
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -60,7 +60,7 @@ jobs:
         suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
     steps:
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -90,7 +90,7 @@ jobs:
         suffix: ['']
     steps:
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -132,7 +132,7 @@ jobs:
             suffixes: '-rocm'
             platforms: linux/amd64
             runner-mapping: '{"linux/amd64": "mich"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@0477486d82313fba68f7c82c034120a4b8981297 # multi-runner-build-workflow-v2.1.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@fe13f89d76bce06e0f40ec521b074f77bcf05d12 # multi-runner-build-workflow-v2.2.0
     permissions:
       contents: read
       actions: read
@@ -155,7 +155,7 @@ jobs:
     name: Build and Push Server
     needs: pre-job
     if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@0477486d82313fba68f7c82c034120a4b8981297 # multi-runner-build-workflow-v2.1.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@fe13f89d76bce06e0f40ec521b074f77bcf05d12 # multi-runner-build-workflow-v2.2.0
     permissions:
       contents: read
       actions: read

.github/workflows/docs-build.yml

@@ -21,14 +21,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@4effdb9faa3c120fa03f487f0a476d55fc4cd9f2 # pre-job-action-v2.0.1
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -54,13 +54,13 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -70,7 +70,7 @@ jobs:
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './docs/.nvmrc'
           cache: 'pnpm'

.github/workflows/docs-deploy.yml

@@ -20,7 +20,7 @@ jobs:
       artifact: ${{ steps.get-artifact.outputs.result }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -119,19 +119,19 @@ jobs:
     if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0
+        uses: immich-app/devtools/actions/use-mise@b868e6e7c8cc212beec876330b4059e661ee44bb # use-mise-action-v1.1.1
 
       - name: Load parameters
         id: parameters

.github/workflows/docs-destroy.yml

@@ -17,19 +17,19 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0
+        uses: immich-app/devtools/actions/use-mise@b868e6e7c8cc212beec876330b4059e661ee44bb # use-mise-action-v1.1.1
 
       - name: Destroy Docs Subdomain
         env:

.github/workflows/fix-format.yml

@@ -22,7 +22,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: 'Checkout'
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           token: ${{ steps.generate-token.outputs.token }}
@@ -32,7 +32,7 @@ jobs:
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'

.github/workflows/pr-label-validation.yml

@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

.github/workflows/pr-labeler.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

.github/workflows/prepare-release.yml

@@ -56,20 +56,20 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: true
           ref: main
 
       - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
 
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
@@ -130,7 +130,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: false

.github/workflows/preview-label.yaml

@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -32,7 +32,7 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

.github/workflows/release-pr.yml

@@ -23,20 +23,20 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: true
           ref: main
 
       - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
 
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
@@ -159,7 +159,7 @@ jobs:
 
       - name: Create PR
         id: create-pr
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           commit-message: 'chore: release ${{ steps.bump-type.outputs.next }}'

.github/workflows/release.yml

@@ -58,7 +58,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: false

.github/workflows/sdk.yml

@@ -19,12 +19,12 @@ jobs:
         working-directory: ./open-api/typescript-sdk
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -33,7 +33,7 @@ jobs:
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './open-api/typescript-sdk/.nvmrc'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/static_analysis.yml

@@ -20,14 +20,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@4effdb9faa3c120fa03f487f0a476d55fc4cd9f2 # pre-job-action-v2.0.1
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -49,13 +49,13 @@ jobs:
         working-directory: ./mobile
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}

.github/workflows/test.yml

@@ -17,14 +17,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@4effdb9faa3c120fa03f487f0a476d55fc4cd9f2 # pre-job-action-v2.0.1
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -63,13 +63,13 @@ jobs:
         working-directory: ./server
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -77,7 +77,7 @@ jobs:
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
@@ -108,20 +108,20 @@ jobs:
         working-directory: ./cli
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './cli/.nvmrc'
           cache: 'pnpm'
@@ -155,20 +155,20 @@ jobs:
         working-directory: ./cli
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './cli/.nvmrc'
           cache: 'pnpm'
@@ -197,20 +197,20 @@ jobs:
         working-directory: ./web
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './web/.nvmrc'
           cache: 'pnpm'
@@ -241,20 +241,20 @@ jobs:
         working-directory: ./web
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './web/.nvmrc'
           cache: 'pnpm'
@@ -279,20 +279,20 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './web/.nvmrc'
           cache: 'pnpm'
@@ -327,20 +327,20 @@ jobs:
         working-directory: ./e2e
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './e2e/.nvmrc'
           cache: 'pnpm'
@@ -373,13 +373,13 @@ jobs:
         working-directory: ./server
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           submodules: 'recursive'
@@ -387,7 +387,7 @@ jobs:
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
@@ -412,13 +412,13 @@ jobs:
         runner: [ubuntu-latest, ubuntu-24.04-arm]
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           submodules: 'recursive'
@@ -426,7 +426,7 @@ jobs:
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './e2e/.nvmrc'
           cache: 'pnpm'
@@ -467,13 +467,13 @@ jobs:
         runner: [ubuntu-latest, ubuntu-24.04-arm]
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           submodules: 'recursive'
@@ -481,7 +481,7 @@ jobs:
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './e2e/.nvmrc'
           cache: 'pnpm'
@@ -540,12 +540,12 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -572,17 +572,17 @@ jobs:
         working-directory: ./machine-learning
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
         with:
           python-version: 3.11
       - name: Install dependencies
@@ -612,20 +612,20 @@ jobs:
         working-directory: ./.github
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './.github/.nvmrc'
           cache: 'pnpm'
@@ -642,12 +642,12 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -663,20 +663,20 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
@@ -725,20 +725,20 @@ jobs:
         working-directory: ./server
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'

.github/workflows/weblate-lock.yml

@@ -24,14 +24,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@4effdb9faa3c120fa03f487f0a476d55fc4cd9f2 # pre-job-action-v2.0.1
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -47,7 +47,7 @@ jobs:
     if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        uses: immich-app/devtools/actions/create-workflow-token@05e16407c0a5492138bb38139c9d9bf067b40886 # create-workflow-token-action-v1.0.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

mobile/openapi/lib/model/asset_bulk_update_dto.dart

@@ -53,7 +53,7 @@ class AssetBulkUpdateDto {
   ///
   String? description;
 
-  /// Duplicate ID
+  /// Duplicate asset ID
   String? duplicateId;
 
   /// Asset IDs to update

mobile/openapi/lib/model/user_admin_create_dto.dart

@@ -19,7 +19,6 @@ class UserAdminCreateDto {
     required this.name,
     this.notify,
     required this.password,
-    this.pinCode,
     this.quotaSizeInBytes,
     this.shouldChangePassword,
     this.storageLabel,
@@ -55,9 +54,6 @@ class UserAdminCreateDto {
   /// User password
   String password;
 
-  /// PIN code
-  String? pinCode;
-
   /// Storage quota in bytes
   ///
   /// Minimum value: 0
@@ -83,7 +79,6 @@ class UserAdminCreateDto {
     other.name == name &&
     other.notify == notify &&
     other.password == password &&
-    other.pinCode == pinCode &&
     other.quotaSizeInBytes == quotaSizeInBytes &&
     other.shouldChangePassword == shouldChangePassword &&
     other.storageLabel == storageLabel;
@@ -97,13 +92,12 @@ class UserAdminCreateDto {
     (name.hashCode) +
     (notify == null ? 0 : notify!.hashCode) +
     (password.hashCode) +
-    (pinCode == null ? 0 : pinCode!.hashCode) +
     (quotaSizeInBytes == null ? 0 : quotaSizeInBytes!.hashCode) +
     (shouldChangePassword == null ? 0 : shouldChangePassword!.hashCode) +
     (storageLabel == null ? 0 : storageLabel!.hashCode);
 
   @override
-  String toString() => 'UserAdminCreateDto[avatarColor=$avatarColor, email=$email, isAdmin=$isAdmin, name=$name, notify=$notify, password=$password, pinCode=$pinCode, quotaSizeInBytes=$quotaSizeInBytes, shouldChangePassword=$shouldChangePassword, storageLabel=$storageLabel]';
+  String toString() => 'UserAdminCreateDto[avatarColor=$avatarColor, email=$email, isAdmin=$isAdmin, name=$name, notify=$notify, password=$password, quotaSizeInBytes=$quotaSizeInBytes, shouldChangePassword=$shouldChangePassword, storageLabel=$storageLabel]';
 
   Map<String, dynamic> toJson() {
     final json = <String, dynamic>{};
@@ -125,11 +119,6 @@ class UserAdminCreateDto {
     //  json[r'notify'] = null;
     }
       json[r'password'] = this.password;
-    if (this.pinCode != null) {
-      json[r'pinCode'] = this.pinCode;
-    } else {
-    //  json[r'pinCode'] = null;
-    }
     if (this.quotaSizeInBytes != null) {
       json[r'quotaSizeInBytes'] = this.quotaSizeInBytes;
     } else {
@@ -163,7 +152,6 @@ class UserAdminCreateDto {
         name: mapValueOfType<String>(json, r'name')!,
         notify: mapValueOfType<bool>(json, r'notify'),
         password: mapValueOfType<String>(json, r'password')!,
-        pinCode: mapValueOfType<String>(json, r'pinCode'),
         quotaSizeInBytes: mapValueOfType<int>(json, r'quotaSizeInBytes'),
         shouldChangePassword: mapValueOfType<bool>(json, r'shouldChangePassword'),
         storageLabel: mapValueOfType<String>(json, r'storageLabel'),

open-api/immich-openapi-specs.json

@@ -15760,7 +15760,7 @@
             "type": "string"
           },
           "duplicateId": {
-            "description": "Duplicate ID",
+            "description": "Duplicate asset ID",
             "nullable": true,
             "type": "string"
           },
@@ -19038,7 +19038,6 @@
               "format": "uuid",
               "type": "string"
             },
-            "minItems": 1,
             "type": "array"
           }
         },
@@ -19129,7 +19128,6 @@
               "format": "uuid",
               "type": "string"
             },
-            "minItems": 1,
             "type": "array"
           },
           "readAt": {
@@ -25071,12 +25069,6 @@
             "description": "User password",
             "type": "string"
           },
-          "pinCode": {
-            "description": "PIN code",
-            "example": "123456",
-            "nullable": true,
-            "type": "string"
-          },
           "quotaSizeInBytes": {
             "description": "Storage quota in bytes",
             "format": "int64",

open-api/typescript-sdk/src/fetch-client.ts

@@ -233,8 +233,6 @@ export type UserAdminCreateDto = {
     notify?: boolean;
     /** User password */
     password: string;
-    /** PIN code */
-    pinCode?: string | null;
     /** Storage quota in bytes */
     quotaSizeInBytes?: number | null;
     /** Require password change on next login */
@@ -824,7 +822,7 @@ export type AssetBulkUpdateDto = {
     dateTimeRelative?: number;
     /** Asset description */
     description?: string;
-    /** Duplicate ID */
+    /** Duplicate asset ID */
     duplicateId?: string | null;
     /** Asset IDs to update */
     ids: string[];

server/src/commands/debug-migrations.command.ts

@@ -1,82 +0,0 @@
-import { Command, CommandRunner } from 'nest-commander';
-import { CliService } from 'src/services/cli.service';
-
-@Command({
-  name: 'debug-migrations',
-  description: 'Run a report to debug issues with database migrations',
-})
-export class DebugMigrations extends CommandRunner {
-  constructor(private service: CliService) {
-    super();
-  }
-
-  async run(): Promise<void> {
-    try {
-      const report = await this.service.debugMigrations();
-
-      const maxLength = Math.max(...report.results.map((item) => item.name.length));
-
-      const success = report.results.filter((item) => item.status === 'applied');
-      const deleted = report.results.filter((item) => item.status === 'deleted');
-      const missing = report.results.filter((item) => item.status === 'missing');
-
-      for (const item of report.results) {
-        const name = item.name.padEnd(maxLength, ' ');
-        switch (item.status) {
-          case 'applied': {
-            console.log(`✅ ${name}`);
-            break;
-          }
-
-          case 'deleted': {
-            console.log(`❌ ${name} - Deleted! (this migration does not exist anymore)`);
-            break;
-          }
-
-          case 'missing': {
-            console.log(`⚠️ ${name} - Missing! (this migration needs to be applied still)`);
-            break;
-          }
-        }
-      }
-
-      if (missing.length === 0 && deleted.length === 0) {
-        console.log(`\nAll ${success.length} migrations have been successfully applied! 🎉`);
-      } else {
-        console.log(`\nMigration issues detected:`);
-        console.log(`  Missing migrations: ${missing.length}`);
-        console.log(`  Deleted migrations: ${deleted.length}`);
-        console.log(`  Successfully applied migrations: ${success.length}`);
-      }
-    } catch (error) {
-      console.error(error);
-      console.error('Unable to debug migrations');
-    }
-  }
-}
-
-@Command({
-  name: 'debug-schema',
-  description: 'Run a report to debug issues with database schema',
-})
-export class DebugSchema extends CommandRunner {
-  constructor(private service: CliService) {
-    super();
-  }
-
-  async run(): Promise<void> {
-    try {
-      const output = await this.service.debugSchema();
-
-      if (output.length === 0) {
-        console.log('No schema changes detected');
-        return;
-      }
-
-      console.log(output.join('\n'));
-    } catch (error) {
-      console.error(error);
-      console.error('Unable to debug schema');
-    }
-  }
-}

server/src/commands/index.ts

@@ -1,4 +1,3 @@
-import { DebugMigrations, DebugSchema } from 'src/commands/debug-migrations.command';
 import { GrantAdminCommand, PromptEmailQuestion, RevokeAdminCommand } from 'src/commands/grant-admin';
 import { ListUsersCommand } from 'src/commands/list-users.command';
 import { DisableMaintenanceModeCommand, EnableMaintenanceModeCommand } from 'src/commands/maintenance-mode';
@@ -29,6 +28,4 @@ export const commandsAndQuestions = [
   ChangeMediaLocationCommand,
   PromptMediaLocationQuestions,
   PromptConfirmMoveQuestions,
-  DebugMigrations,
-  DebugSchema,
 ];

server/src/controllers/asset.controller.spec.ts

@@ -24,34 +24,6 @@ describe(AssetController.name, () => {
       await request(ctx.getHttpServer()).put(`/assets`);
       expect(ctx.authenticate).toHaveBeenCalled();
     });
-
-    it('should require a valid uuid', async () => {
-      const { status, body } = await request(ctx.getHttpServer())
-        .put(`/assets`)
-        .send({ ids: ['123'] });
-
-      expect(status).toBe(400);
-      expect(body).toEqual(factory.responses.badRequest(['each value in ids must be a UUID']));
-    });
-
-    it('should require duplicateId to be a string', async () => {
-      const id = factory.uuid();
-      const { status, body } = await request(ctx.getHttpServer())
-        .put(`/assets`)
-        .send({ ids: [id], duplicateId: true });
-
-      expect(status).toBe(400);
-      expect(body).toEqual(factory.responses.badRequest(['duplicateId must be a string']));
-    });
-
-    it('should accept a null duplicateId', async () => {
-      const id = factory.uuid();
-      await request(ctx.getHttpServer())
-        .put(`/assets`)
-        .send({ ids: [id], duplicateId: null });
-
-      expect(service.updateAll).toHaveBeenCalledWith(undefined, expect.objectContaining({ duplicateId: null }));
-    });
   });
 
   describe('DELETE /assets', () => {

server/src/controllers/notification-admin.controller.spec.ts

@@ -1,36 +0,0 @@
-import { NotificationAdminController } from 'src/controllers/notification-admin.controller';
-import { NotificationAdminService } from 'src/services/notification-admin.service';
-import request from 'supertest';
-import { factory } from 'test/small.factory';
-import { ControllerContext, controllerSetup, mockBaseService } from 'test/utils';
-
-describe(NotificationAdminController.name, () => {
-  let ctx: ControllerContext;
-  const service = mockBaseService(NotificationAdminService);
-
-  beforeAll(async () => {
-    ctx = await controllerSetup(NotificationAdminController, [
-      { provide: NotificationAdminService, useValue: service },
-    ]);
-    return () => ctx.close();
-  });
-
-  beforeEach(() => {
-    service.resetAllMocks();
-    ctx.reset();
-  });
-
-  describe('POST /admin/notifications', () => {
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).post('/admin/notifications');
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-
-    it('should accept a null readAt', async () => {
-      await request(ctx.getHttpServer())
-        .post(`/admin/notifications`)
-        .send({ title: 'Test', userId: factory.uuid(), readAt: null });
-      expect(service.create).toHaveBeenCalledWith(undefined, expect.objectContaining({ readAt: null }));
-    });
-  });
-});

server/src/controllers/notification.controller.spec.ts

@@ -37,33 +37,9 @@ describe(NotificationController.name, () => {
 
   describe('PUT /notifications', () => {
     it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).put('/notifications');
+      await request(ctx.getHttpServer()).get('/notifications');
       expect(ctx.authenticate).toHaveBeenCalled();
     });
-
-    describe('ids', () => {
-      it('should require a list', async () => {
-        const { status, body } = await request(ctx.getHttpServer()).put(`/notifications`).send({ ids: true });
-        expect(status).toBe(400);
-        expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['ids must be an array'])));
-      });
-
-      it('should require uuids', async () => {
-        const { status, body } = await request(ctx.getHttpServer())
-          .put(`/notifications`)
-          .send({ ids: [true] });
-        expect(status).toBe(400);
-        expect(body).toEqual(errorDto.badRequest(['each value in ids must be a UUID']));
-      });
-
-      it('should accept valid uuids', async () => {
-        const id = factory.uuid();
-        await request(ctx.getHttpServer())
-          .put(`/notifications`)
-          .send({ ids: [id] });
-        expect(service.updateAll).toHaveBeenCalledWith(undefined, expect.objectContaining({ ids: [id] }));
-      });
-    });
   });
 
   describe('GET /notifications/:id', () => {
@@ -84,11 +60,5 @@ describe(NotificationController.name, () => {
       await request(ctx.getHttpServer()).put(`/notifications/${factory.uuid()}`).send({ readAt: factory.date() });
       expect(ctx.authenticate).toHaveBeenCalled();
     });
-
-    it('should accept a null readAt', async () => {
-      const id = factory.uuid();
-      await request(ctx.getHttpServer()).put(`/notifications/${id}`).send({ readAt: null });
-      expect(service.update).toHaveBeenCalledWith(undefined, id, expect.objectContaining({ readAt: null }));
-    });
   });
 });

server/src/controllers/person.controller.spec.ts

@@ -58,11 +58,6 @@ describe(PersonController.name, () => {
       await request(ctx.getHttpServer()).post('/people').send({ birthDate: '' });
       expect(service.create).toHaveBeenCalledWith(undefined, { birthDate: null });
     });
-
-    it('should map an empty color to null', async () => {
-      await request(ctx.getHttpServer()).post('/people').send({ color: '' });
-      expect(service.create).toHaveBeenCalledWith(undefined, { color: null });
-    });
   });
 
   describe('DELETE /people', () => {

server/src/controllers/shared-link.controller.spec.ts

@@ -1,34 +0,0 @@
-import { SharedLinkController } from 'src/controllers/shared-link.controller';
-import { SharedLinkType } from 'src/enum';
-import { SharedLinkService } from 'src/services/shared-link.service';
-import request from 'supertest';
-import { ControllerContext, controllerSetup, mockBaseService } from 'test/utils';
-
-describe(SharedLinkController.name, () => {
-  let ctx: ControllerContext;
-  const service = mockBaseService(SharedLinkService);
-
-  beforeAll(async () => {
-    ctx = await controllerSetup(SharedLinkController, [{ provide: SharedLinkService, useValue: service }]);
-    return () => ctx.close();
-  });
-
-  beforeEach(() => {
-    service.resetAllMocks();
-    ctx.reset();
-  });
-
-  describe('POST /shared-links', () => {
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).post('/shared-links');
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-
-    it('should allow an null expiresAt', async () => {
-      await request(ctx.getHttpServer())
-        .post('/shared-links')
-        .send({ expiresAt: null, type: SharedLinkType.Individual });
-      expect(service.create).toHaveBeenCalledWith(undefined, expect.objectContaining({ expiresAt: null }));
-    });
-  });
-});

server/src/controllers/tag.controller.spec.ts

@@ -1,73 +0,0 @@
-import { TagController } from 'src/controllers/tag.controller';
-import { TagService } from 'src/services/tag.service';
-import request from 'supertest';
-import { errorDto } from 'test/medium/responses';
-import { factory } from 'test/small.factory';
-import { ControllerContext, controllerSetup, mockBaseService } from 'test/utils';
-
-describe(TagController.name, () => {
-  let ctx: ControllerContext;
-  const service = mockBaseService(TagService);
-
-  beforeAll(async () => {
-    ctx = await controllerSetup(TagController, [{ provide: TagService, useValue: service }]);
-    return () => ctx.close();
-  });
-
-  beforeEach(() => {
-    service.resetAllMocks();
-    ctx.reset();
-  });
-
-  describe('GET /tags', () => {
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).get('/tags');
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-  });
-
-  describe('POST /tags', () => {
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).post('/tags');
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-
-    it('should a null parentId', async () => {
-      await request(ctx.getHttpServer()).post(`/tags`).send({ name: 'tag', parentId: null });
-      expect(service.create).toHaveBeenCalledWith(undefined, expect.objectContaining({ parentId: null }));
-    });
-  });
-
-  describe('PUT /tags', () => {
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).put('/tags');
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-  });
-
-  describe('GET /tags/:id', () => {
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).get(`/tags/${factory.uuid()}`);
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-
-    it('should require a valid uuid', async () => {
-      const { status, body } = await request(ctx.getHttpServer()).get(`/tags/123`);
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest([expect.stringContaining('id must be a UUID')]));
-    });
-  });
-
-  describe('PUT /tags/:id', () => {
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).put(`/tags/${factory.uuid()}`);
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-
-    it('should allow setting a null color via an empty string', async () => {
-      const id = factory.uuid();
-      await request(ctx.getHttpServer()).put(`/tags/${id}`).send({ color: '' });
-      expect(service.update).toHaveBeenCalledWith(undefined, id, expect.objectContaining({ color: null }));
-    });
-  });
-});

server/src/controllers/user-admin.controller.spec.ts

@@ -31,55 +31,12 @@ describe(UserAdminController.name, () => {
     });
   });
 
-  describe('PUT /admin/users/:id', () => {
-    it('should be an authenticated route', async () => {
-      await request(ctx.getHttpServer()).put(`/admin/users/${factory.uuid()}`);
-      expect(ctx.authenticate).toHaveBeenCalled();
-    });
-  });
-
   describe('POST /admin/users', () => {
     it('should be an authenticated route', async () => {
       await request(ctx.getHttpServer()).post('/admin/users');
       expect(ctx.authenticate).toHaveBeenCalled();
     });
 
-    it('should allow a null pinCode', async () => {
-      await request(ctx.getHttpServer()).post(`/admin/users`).send({
-        name: 'Test user',
-        email: 'test@immich.cloud',
-        password: 'password',
-        pinCode: null,
-      });
-      expect(service.create).toHaveBeenCalledWith(expect.objectContaining({ pinCode: null }));
-    });
-
-    it('should allow a null avatarColor', async () => {
-      await request(ctx.getHttpServer()).post(`/admin/users`).send({
-        name: 'Test user',
-        email: 'test@immich.cloud',
-        password: 'password',
-        avatarColor: null,
-      });
-      expect(service.create).toHaveBeenCalledWith(expect.objectContaining({ avatarColor: null }));
-    });
-
-    it(`should `, async () => {
-      const dto: UserAdminCreateDto = {
-        email: 'user@immich.app',
-        password: 'test',
-        name: 'Test User',
-        quotaSizeInBytes: 1.2,
-      };
-
-      const { status, body } = await request(ctx.getHttpServer())
-        .post(`/admin/users`)
-        .set('Authorization', `Bearer token`)
-        .send(dto);
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['quotaSizeInBytes must be an integer number'])));
-    });
-
     it(`should not allow decimal quota`, async () => {
       const dto: UserAdminCreateDto = {
         email: 'user@immich.app',
@@ -118,17 +75,5 @@ describe(UserAdminController.name, () => {
       expect(status).toBe(400);
       expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['quotaSizeInBytes must be an integer number'])));
     });
-
-    it('should allow a null pinCode', async () => {
-      const id = factory.uuid();
-      await request(ctx.getHttpServer()).put(`/admin/users/${id}`).send({ pinCode: null });
-      expect(service.update).toHaveBeenCalledWith(undefined, id, expect.objectContaining({ pinCode: null }));
-    });
-
-    it('should allow a null avatarColor', async () => {
-      const id = factory.uuid();
-      await request(ctx.getHttpServer()).put(`/admin/users/${id}`).send({ avatarColor: null });
-      expect(service.update).toHaveBeenCalledWith(undefined, id, expect.objectContaining({ avatarColor: null }));
-    });
   });
 });

server/src/controllers/user.controller.spec.ts

@@ -54,14 +54,6 @@ describe(UserController.name, () => {
         expect(body).toEqual(errorDto.badRequest());
       });
     }
-
-    it('should allow an empty avatarColor', async () => {
-      await request(ctx.getHttpServer())
-        .put(`/users/me`)
-        .set('Authorization', `Bearer token`)
-        .send({ avatarColor: null });
-      expect(service.updateMe).toHaveBeenCalledWith(undefined, expect.objectContaining({ avatarColor: null }));
-    });
   });
 
   describe('GET /users/:id', () => {

server/src/dtos/asset.dto.ts

@@ -73,7 +73,8 @@ export class AssetBulkUpdateDto extends UpdateAssetBase {
   @ValidateUUID({ each: true, description: 'Asset IDs to update' })
   ids!: string[];
 
-  @ValidateString({ optional: true, nullable: true, description: 'Duplicate ID' })
+  @ApiProperty({ description: 'Duplicate asset ID' })
+  @Optional()
   duplicateId?: string | null;
 
   @ApiProperty({ description: 'Relative time offset in seconds' })

server/src/dtos/notification.dto.ts

@@ -1,7 +1,7 @@
 import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
-import { ArrayMinSize, IsString } from 'class-validator';
+import { IsString } from 'class-validator';
 import { NotificationLevel, NotificationType } from 'src/enum';
-import { Optional, ValidateBoolean, ValidateDate, ValidateEnum, ValidateString, ValidateUUID } from 'src/validation';
+import { Optional, ValidateBoolean, ValidateDate, ValidateEnum, ValidateUUID } from 'src/validation';
 
 export class TestEmailResponseDto {
   @ApiProperty({ description: 'Email message ID' })
@@ -75,17 +75,20 @@ export class NotificationCreateDto {
   @ValidateEnum({ enum: NotificationType, name: 'NotificationType', optional: true, description: 'Notification type' })
   type?: NotificationType;
 
-  @ValidateString({ description: 'Notification title' })
+  @ApiProperty({ description: 'Notification title' })
+  @IsString()
   title!: string;
 
-  @ValidateString({ optional: true, nullable: true, description: 'Notification description' })
+  @ApiPropertyOptional({ description: 'Notification description' })
+  @IsString()
+  @Optional({ nullable: true })
   description?: string | null;
 
   @ApiPropertyOptional({ description: 'Additional notification data' })
   @Optional({ nullable: true })
   data?: any;
 
-  @ValidateDate({ optional: true, nullable: true, description: 'Date when notification was read' })
+  @ValidateDate({ optional: true, description: 'Date when notification was read' })
   readAt?: Date | null;
 
   @ValidateUUID({ description: 'User ID to send notification to' })
@@ -93,22 +96,20 @@ export class NotificationCreateDto {
 }
 
 export class NotificationUpdateDto {
-  @ValidateDate({ optional: true, nullable: true, description: 'Date when notification was read' })
+  @ValidateDate({ optional: true, description: 'Date when notification was read' })
   readAt?: Date | null;
 }
 
 export class NotificationUpdateAllDto {
-  @ValidateUUID({ each: true, description: 'Notification IDs to update' })
-  @ArrayMinSize(1)
+  @ValidateUUID({ each: true, optional: true, description: 'Notification IDs to update' })
   ids!: string[];
 
-  @ValidateDate({ optional: true, nullable: true, description: 'Date when notifications were read' })
+  @ValidateDate({ optional: true, description: 'Date when notifications were read' })
   readAt?: Date | null;
 }
 
 export class NotificationDeleteAllDto {
   @ValidateUUID({ each: true, description: 'Notification IDs to delete' })
-  @ArrayMinSize(1)
   ids!: string[];
 }
 

server/src/dtos/shared-link.dto.ts

@@ -44,7 +44,7 @@ export class SharedLinkCreateDto {
   @IsString()
   slug?: string | null;
 
-  @ValidateDate({ optional: true, nullable: true, description: 'Expiration date' })
+  @ValidateDate({ optional: true, description: 'Expiration date' })
   expiresAt?: Date | null = null;
 
   @ValidateBoolean({ optional: true, description: 'Allow uploads' })

server/src/dtos/tag.dto.ts

@@ -9,7 +9,7 @@ export class TagCreateDto {
   @IsNotEmpty()
   name!: string;
 
-  @ValidateUUID({ nullable: true, optional: true, description: 'Parent tag ID' })
+  @ValidateUUID({ optional: true, description: 'Parent tag ID' })
   parentId?: string | null;
 
   @ApiPropertyOptional({ description: 'Tag color (hex)' })
@@ -20,7 +20,7 @@ export class TagCreateDto {
 
 export class TagUpdateDto {
   @ApiPropertyOptional({ description: 'Tag color (hex)' })
-  @Optional({ nullable: true, emptyToNull: true })
+  @Optional({ emptyToNull: true })
   @ValidateHexColor()
   color?: string | null;
 }

server/src/dtos/user.dto.ts

@@ -26,13 +26,7 @@ export class UserUpdateMeDto {
   @IsNotEmpty()
   name?: string;
 
-  @ValidateEnum({
-    enum: UserAvatarColor,
-    name: 'UserAvatarColor',
-    optional: true,
-    nullable: true,
-    description: 'Avatar color',
-  })
+  @ValidateEnum({ enum: UserAvatarColor, name: 'UserAvatarColor', optional: true, description: 'Avatar color' })
   avatarColor?: UserAvatarColor | null;
 }
 
@@ -102,19 +96,9 @@ export class UserAdminCreateDto {
   @IsString()
   name!: string;
 
-  @ValidateEnum({
-    enum: UserAvatarColor,
-    name: 'UserAvatarColor',
-    optional: true,
-    nullable: true,
-    description: 'Avatar color',
-  })
+  @ValidateEnum({ enum: UserAvatarColor, name: 'UserAvatarColor', optional: true, description: 'Avatar color' })
   avatarColor?: UserAvatarColor | null;
 
-  @ApiPropertyOptional({ description: 'PIN code' })
-  @PinCode({ optional: true, nullable: true, emptyToNull: true })
-  pinCode?: string | null;
-
   @ApiPropertyOptional({ description: 'Storage label' })
   @Optional({ nullable: true })
   @IsString()
@@ -151,7 +135,7 @@ export class UserAdminUpdateDto {
   password?: string;
 
   @ApiPropertyOptional({ description: 'PIN code' })
-  @PinCode({ optional: true, nullable: true, emptyToNull: true })
+  @PinCode({ optional: true, emptyToNull: true })
   pinCode?: string | null;
 
   @ApiPropertyOptional({ description: 'User name' })
@@ -160,13 +144,7 @@ export class UserAdminUpdateDto {
   @IsNotEmpty()
   name?: string;
 
-  @ValidateEnum({
-    enum: UserAvatarColor,
-    name: 'UserAvatarColor',
-    optional: true,
-    nullable: true,
-    description: 'Avatar color',
-  })
+  @ValidateEnum({ enum: UserAvatarColor, name: 'UserAvatarColor', optional: true, description: 'Avatar color' })
   avatarColor?: UserAvatarColor | null;
 
   @ApiPropertyOptional({ description: 'Storage label' })

server/src/queries/asset.job.repository.sql

@@ -430,6 +430,30 @@ select
   "asset"."originalPath",
   "asset"."isOffline",
   to_json("asset_exif") as "exifInfo",
+  (
+    select
+      coalesce(json_agg(agg), '[]')
+    from
+      (
+        select
+          "asset_face".*,
+          "person" as "person"
+        from
+          "asset_face"
+          left join lateral (
+            select
+              "person".*
+            from
+              "person"
+            where
+              "asset_face"."personId" = "person"."id"
+          ) as "person" on true
+        where
+          "asset_face"."assetId" = "asset"."id"
+          and "asset_face"."deletedAt" is null
+          and "asset_face"."isVisible" is true
+      ) as agg
+  ) as "faces",
   (
     select
       coalesce(json_agg(agg), '[]')
@@ -446,37 +470,27 @@ select
           "asset_file"."assetId" = "asset"."id"
       ) as agg
   ) as "files",
-  to_json("stack_result") as "stack"
+  to_json("stacked_assets") as "stack"
 from
   "asset"
   left join "asset_exif" on "asset"."id" = "asset_exif"."assetId"
+  left join "stack" on "stack"."id" = "asset"."stackId"
   left join lateral (
     select
       "stack"."id",
       "stack"."primaryAssetId",
-      (
-        select
-          coalesce(json_agg(agg), '[]')
-        from
-          (
-            select
-              "stack_asset"."id"
-            from
-              "asset" as "stack_asset"
-            where
-              "stack_asset"."stackId" = "stack"."id"
-              and "stack_asset"."id" != "stack"."primaryAssetId"
-              and "stack_asset"."visibility" = $1
-              and "stack_asset"."status" != $2
-          ) as agg
-      ) as "assets"
+      array_agg("stacked") as "assets"
     from
-      "stack"
+      "asset" as "stacked"
     where
-      "stack"."id" = "asset"."stackId"
-  ) as "stack_result" on true
+      "stacked"."deletedAt" is not null
+      and "stacked"."visibility" = $1
+      and "stacked"."stackId" = "stack"."id"
+    group by
+      "stack"."id"
+  ) as "stacked_assets" on "stack"."id" is not null
 where
-  "asset"."id" = $3
+  "asset"."id" = $2
 
 -- AssetJobRepository.streamForVideoConversion
 select

server/src/repositories/asset-job.repository.ts

@@ -1,10 +1,10 @@
 import { Injectable } from '@nestjs/common';
-import { Kysely, sql } from 'kysely';
+import { Kysely } from 'kysely';
 import { jsonArrayFrom } from 'kysely/helpers/postgres';
 import { InjectKysely } from 'nestjs-kysely';
-import { columns } from 'src/database';
+import { Asset, columns } from 'src/database';
 import { DummyValue, GenerateSql } from 'src/decorators';
-import { AssetFileType, AssetStatus, AssetType, AssetVisibility } from 'src/enum';
+import { AssetFileType, AssetType, AssetVisibility } from 'src/enum';
 import { DB } from 'src/schema';
 import {
   anyUuid,
@@ -15,6 +15,7 @@ import {
   withExif,
   withExifInner,
   withFaces,
+  withFacesAndPeople,
   withFilePath,
   withFiles,
 } from 'src/utils/database';
@@ -268,29 +269,23 @@ export class AssetJobRepository {
         'asset.isOffline',
       ])
       .$call(withExif)
+      .select(withFacesAndPeople)
       .select(withFiles)
+      .leftJoin('stack', 'stack.id', 'asset.stackId')
       .leftJoinLateral(
         (eb) =>
           eb
-            .selectFrom('stack')
-            .whereRef('stack.id', '=', 'asset.stackId')
-            .select((eb) => [
-              'stack.id',
-              'stack.primaryAssetId',
-              jsonArrayFrom(
-                eb
-                  .selectFrom('asset as stack_asset')
-                  .select(['stack_asset.id'])
-                  .whereRef('stack_asset.stackId', '=', 'stack.id')
-                  .whereRef('stack_asset.id', '!=', 'stack.primaryAssetId')
-                  .where('stack_asset.visibility', '=', sql.val(AssetVisibility.Timeline))
-                  .where('stack_asset.status', '!=', sql.val(AssetStatus.Deleted)),
-              ).as('assets'),
-            ])
-            .as('stack_result'),
-        (join) => join.onTrue(),
+            .selectFrom('asset as stacked')
+            .select(['stack.id', 'stack.primaryAssetId'])
+            .select((eb) => eb.fn<Asset[]>('array_agg', [eb.table('stacked')]).as('assets'))
+            .where('stacked.deletedAt', 'is not', null)
+            .where('stacked.visibility', '=', AssetVisibility.Timeline)
+            .whereRef('stacked.stackId', '=', 'stack.id')
+            .groupBy('stack.id')
+            .as('stacked_assets'),
+        (join) => join.on('stack.id', 'is not', null),
       )
-      .select((eb) => toJson(eb, 'stack_result').as('stack'))
+      .select((eb) => toJson(eb, 'stacked_assets').as('stack'))
       .where('asset.id', '=', id)
       .executeTakeFirst();
   }

server/src/repositories/database.repository.ts

@@ -281,14 +281,6 @@ export class DatabaseRepository {
     return rows[0].db;
   }
 
-  async getMigrations() {
-    const { rows } = await sql<{
-      name: string;
-      timestamp: string;
-    }>`SELECT * FROM kysely_migrations ORDER BY name ASC`.execute(this.db);
-    return rows;
-  }
-
   async getDimensionSize(table: string, column = 'embedding'): Promise<number> {
     const { rows } = await sql<{ dimsize: number }>`
       SELECT atttypmod as dimsize

server/src/repositories/storage.repository.ts

@@ -152,7 +152,7 @@ export class StorageRepository {
   }
 
   async unlinkDir(folder: string, options: { recursive?: boolean; force?: boolean }) {
-    await fs.rm(folder, { ...options, maxRetries: 5, retryDelay: 100 });
+    await fs.rm(folder, options);
   }
 
   async removeEmptyDirs(directory: string, self: boolean = false) {
@@ -168,13 +168,7 @@ export class StorageRepository {
     if (self) {
       const updated = await fs.readdir(directory);
       if (updated.length === 0) {
-        try {
-          await fs.rmdir(directory);
-        } catch (error: Error | any) {
-          if (error.code !== 'ENOTEMPTY') {
-            this.logger.warn(`Attempted to remove directory, but failed: ${error}`);
-          }
-        }
+        await fs.rmdir(directory);
       }
     }
   }

server/src/services/asset.service.spec.ts

@@ -8,6 +8,7 @@ import { AssetStats } from 'src/repositories/asset.repository';
 import { AssetService } from 'src/services/asset.service';
 import { assetStub } from 'test/fixtures/asset.stub';
 import { authStub } from 'test/fixtures/auth.stub';
+import { faceStub } from 'test/fixtures/face.stub';
 import { userStub } from 'test/fixtures/user.stub';
 import { factory } from 'test/small.factory';
 import { makeStream, newTestService, ServiceMocks } from 'test/utils';
@@ -564,11 +565,12 @@ describe(AssetService.name, () => {
   });
 
   describe('handleAssetDeletion', () => {
-    it('should clean up files', async () => {
-      const asset = assetStub.image;
-      mocks.assetJob.getForAssetDeletion.mockResolvedValue(asset);
+    it('should remove faces', async () => {
+      const assetWithFace = { ...assetStub.image, faces: [faceStub.face1, faceStub.mergeFace1] };
 
-      await sut.handleAssetDeletion({ id: asset.id, deleteOnDisk: true });
+      mocks.assetJob.getForAssetDeletion.mockResolvedValue(assetWithFace);
+
+      await sut.handleAssetDeletion({ id: assetWithFace.id, deleteOnDisk: true });
 
       expect(mocks.job.queue.mock.calls).toEqual([
         [
@@ -579,29 +581,38 @@ describe(AssetService.name, () => {
                 '/uploads/user-id/webp/path.ext',
                 '/uploads/user-id/thumbs/path.jpg',
                 '/uploads/user-id/fullsize/path.webp',
-                asset.originalPath,
+                assetWithFace.originalPath,
               ],
             },
           },
         ],
       ]);
-      expect(mocks.asset.remove).toHaveBeenCalledWith(asset);
+
+      expect(mocks.asset.remove).toHaveBeenCalledWith(assetWithFace);
+    });
+
+    it('should update stack primary asset if deleted asset was primary asset in a stack', async () => {
+      mocks.stack.update.mockResolvedValue(factory.stack() as any);
+      mocks.assetJob.getForAssetDeletion.mockResolvedValue(assetStub.primaryImage);
+
+      await sut.handleAssetDeletion({ id: assetStub.primaryImage.id, deleteOnDisk: true });
+
+      expect(mocks.stack.update).toHaveBeenCalledWith('stack-1', {
+        id: 'stack-1',
+        primaryAssetId: 'stack-child-asset-1',
+      });
     });
 
     it('should delete the entire stack if deleted asset was the primary asset and the stack would only contain one asset afterwards', async () => {
       mocks.stack.delete.mockResolvedValue();
       mocks.assetJob.getForAssetDeletion.mockResolvedValue({
         ...assetStub.primaryImage,
-        stack: {
-          id: 'stack-id',
-          primaryAssetId: assetStub.primaryImage.id,
-          assets: [{ id: 'one-asset' }],
-        },
+        stack: { ...assetStub.primaryImage.stack, assets: assetStub.primaryImage.stack!.assets.slice(0, 2) },
       });
 
       await sut.handleAssetDeletion({ id: assetStub.primaryImage.id, deleteOnDisk: true });
 
-      expect(mocks.stack.delete).toHaveBeenCalledWith('stack-id');
+      expect(mocks.stack.delete).toHaveBeenCalledWith('stack-1');
     });
 
     it('should delete a live photo', async () => {

server/src/services/asset.service.ts

@@ -327,11 +327,10 @@ export class AssetService extends BaseService {
       return JobStatus.Failed;
     }
 
-    // replace the parent of the stack children with a new asset
+    // Replace the parent of the stack children with a new asset
     if (asset.stack?.primaryAssetId === id) {
-      // this only includes timeline visible assets and excludes the primary asset
-      const stackAssetIds = asset.stack.assets.map((a) => a.id);
-      if (stackAssetIds.length >= 2) {
+      const stackAssetIds = asset.stack?.assets.map((a) => a.id) ?? [];
+      if (stackAssetIds.length > 2) {
         const newPrimaryAssetId = stackAssetIds.find((a) => a !== id)!;
         await this.stackRepository.update(asset.stack.id, {
           id: asset.stack.id,

server/src/services/cli.service.ts

@@ -1,80 +1,15 @@
 import { Injectable } from '@nestjs/common';
-import { isAbsolute, join } from 'node:path';
-import postgres from 'postgres';
+import { isAbsolute } from 'node:path';
 import { SALT_ROUNDS } from 'src/constants';
 import { MaintenanceAuthDto } from 'src/dtos/maintenance.dto';
 import { UserAdminResponseDto, mapUserAdmin } from 'src/dtos/user.dto';
 import { MaintenanceAction, SystemMetadataKey } from 'src/enum';
 import { BaseService } from 'src/services/base.service';
-import { schemaDiff, schemaFromCode, schemaFromDatabase } from 'src/sql-tools';
-import { asPostgresConnectionConfig } from 'src/utils/database';
 import { createMaintenanceLoginUrl, generateMaintenanceSecret } from 'src/utils/maintenance';
 import { getExternalDomain } from 'src/utils/misc';
 
-export type MigrationReport = {
-  files: string[];
-  rows: Array<{ name: string; timestamp: string }>;
-  results: MigrationStatus[];
-};
-type MigrationStatus = {
-  name: string;
-  status: 'applied' | 'missing' | 'deleted';
-};
-
 @Injectable()
 export class CliService extends BaseService {
-  async debugMigrations(): Promise<MigrationReport> {
-    // eslint-disable-next-line unicorn/prefer-module
-    const allFiles = await this.storageRepository.readdir(join(__dirname, '../schema/migrations'));
-    const files = allFiles.filter((file) => file.endsWith('.js')).map((file) => file.slice(0, -3));
-    const rows = await this.databaseRepository.getMigrations();
-    const filesSet = new Set(files);
-    const rowsSet = new Set(rows.map((item) => item.name));
-    const combined = [...filesSet, ...rowsSet].toSorted();
-
-    const results: MigrationStatus[] = [];
-
-    for (const name of combined) {
-      if (filesSet.has(name) && rowsSet.has(name)) {
-        results.push({ name, status: 'applied' });
-        continue;
-      }
-
-      if (filesSet.has(name) && !rowsSet.has(name)) {
-        results.push({ name, status: 'missing' });
-        continue;
-      }
-
-      if (!filesSet.has(name) && rowsSet.has(name)) {
-        results.push({ name, status: 'deleted' });
-        continue;
-      }
-    }
-
-    return { files, rows, results };
-  }
-
-  async debugSchema() {
-    const source = schemaFromCode({ overrides: true, namingStrategy: 'default' });
-    const { database } = this.configRepository.getEnv();
-    const db = postgres(asPostgresConnectionConfig(database.config));
-    const target = await schemaFromDatabase(db, {});
-
-    console.log(source.warnings.join('\n'));
-
-    const up = schemaDiff(source, target, {
-      tables: { ignoreExtra: true },
-      functions: { ignoreExtra: false },
-      parameters: { ignoreExtra: true },
-    });
-
-    if (up.items.length === 0) {
-      return [];
-    }
-
-    return up.asSql();
-  }
-
   async listUsers(): Promise<UserAdminResponseDto[]> {
     const users = await this.userRepository.getList({ withDeleted: true });
     return users.map((user) => mapUserAdmin(user));

server/src/validation.ts

@@ -232,20 +232,19 @@ export const ValidateHexColor = () => {
   return applyDecorators(...decorators);
 };
 
-type DateOptions = OptionalOptions & { optional?: boolean; format?: 'date' | 'date-time' };
+type DateOptions = { optional?: boolean; nullable?: boolean; format?: 'date' | 'date-time' };
 export const ValidateDate = (options?: DateOptions & ApiPropertyOptions) => {
-  const {
-    optional,
-    nullable = false,
-    emptyToNull = false,
-    format = 'date-time',
-    ...apiPropertyOptions
-  } = options || {};
+  const { optional, nullable, format, ...apiPropertyOptions } = {
+    optional: false,
+    nullable: false,
+    format: 'date-time',
+    ...options,
+  };
 
-  return applyDecorators(
+  const decorators = [
     ApiProperty({ format, ...apiPropertyOptions }),
     IsDate(),
-    optional ? Optional({ nullable, emptyToNull }) : IsNotEmpty(),
+    optional ? Optional({ nullable: true }) : IsNotEmpty(),
     Transform(({ key, value }) => {
       if (value === null || value === undefined) {
         return value;
@@ -257,17 +256,19 @@ export const ValidateDate = (options?: DateOptions & ApiPropertyOptions) => {
 
       return new Date(value as string);
     }),
-  );
+  ];
+
+  if (optional) {
+    decorators.push(Optional({ nullable }));
+  }
+
+  return applyDecorators(...decorators);
 };
 
-type StringOptions = OptionalOptions & { optional?: boolean; trim?: boolean };
+type StringOptions = { optional?: boolean; nullable?: boolean; trim?: boolean };
 export const ValidateString = (options?: StringOptions & ApiPropertyOptions) => {
-  const { optional, nullable, emptyToNull, trim, ...apiPropertyOptions } = options || {};
-  const decorators = [
-    ApiProperty(apiPropertyOptions),
-    IsString(),
-    optional ? Optional({ nullable, emptyToNull }) : IsNotEmpty(),
-  ];
+  const { optional, nullable, trim, ...apiPropertyOptions } = options || {};
+  const decorators = [ApiProperty(apiPropertyOptions), IsString(), optional ? Optional({ nullable }) : IsNotEmpty()];
 
   if (trim) {
     decorators.push(Transform(({ value }: { value: string }) => value?.trim()));
@@ -276,9 +277,9 @@ export const ValidateString = (options?: StringOptions & ApiPropertyOptions) =>
   return applyDecorators(...decorators);
 };
 
-type BooleanOptions = OptionalOptions & { optional?: boolean };
+type BooleanOptions = { optional?: boolean; nullable?: boolean };
 export const ValidateBoolean = (options?: BooleanOptions & PropertyOptions) => {
-  const { optional, nullable, emptyToNull, ...apiPropertyOptions } = options || {};
+  const { optional, nullable, ...apiPropertyOptions } = options || {};
   const decorators = [
     Property(apiPropertyOptions),
     IsBoolean(),
@@ -290,7 +291,7 @@ export const ValidateBoolean = (options?: BooleanOptions & PropertyOptions) => {
       }
       return value;
     }),
-    optional ? Optional({ nullable, emptyToNull }) : IsNotEmpty(),
+    optional ? Optional({ nullable }) : IsNotEmpty(),
   ];
 
   return applyDecorators(...decorators);

server/test/medium/specs/services/asset.service.spec.ts

@@ -1,5 +1,5 @@
 import { Kysely } from 'kysely';
-import { AssetFileType, AssetMetadataKey, AssetStatus, JobName, SharedLinkType } from 'src/enum';
+import { AssetFileType, AssetMetadataKey, JobName, SharedLinkType } from 'src/enum';
 import { AccessRepository } from 'src/repositories/access.repository';
 import { AlbumRepository } from 'src/repositories/album.repository';
 import { AssetJobRepository } from 'src/repositories/asset-job.repository';
@@ -246,66 +246,6 @@ describe(AssetService.name, () => {
       });
     });
 
-    it('should delete a stacked primary asset (2 assets)', async () => {
-      const { sut, ctx } = setup();
-      ctx.getMock(EventRepository).emit.mockResolvedValue();
-      ctx.getMock(JobRepository).queue.mockResolvedValue();
-      const { user } = await ctx.newUser();
-      const { asset: asset1 } = await ctx.newAsset({ ownerId: user.id });
-      const { asset: asset2 } = await ctx.newAsset({ ownerId: user.id });
-      const { stack, result } = await ctx.newStack({ ownerId: user.id }, [asset1.id, asset2.id]);
-
-      const stackRepo = ctx.get(StackRepository);
-
-      expect(result).toMatchObject({ primaryAssetId: asset1.id });
-
-      await sut.handleAssetDeletion({ id: asset1.id, deleteOnDisk: true });
-
-      // stack is deleted as well
-      await expect(stackRepo.getById(stack.id)).resolves.toBe(undefined);
-    });
-
-    it('should delete a stacked primary asset (3 assets)', async () => {
-      const { sut, ctx } = setup();
-      ctx.getMock(EventRepository).emit.mockResolvedValue();
-      ctx.getMock(JobRepository).queue.mockResolvedValue();
-      const { user } = await ctx.newUser();
-      const { asset: asset1 } = await ctx.newAsset({ ownerId: user.id });
-      const { asset: asset2 } = await ctx.newAsset({ ownerId: user.id });
-      const { asset: asset3 } = await ctx.newAsset({ ownerId: user.id });
-      const { stack, result } = await ctx.newStack({ ownerId: user.id }, [asset1.id, asset2.id, asset3.id]);
-
-      expect(result).toMatchObject({ primaryAssetId: asset1.id });
-
-      await sut.handleAssetDeletion({ id: asset1.id, deleteOnDisk: true });
-
-      // new primary asset is picked
-      await expect(ctx.get(StackRepository).getById(stack.id)).resolves.toMatchObject({ primaryAssetId: asset2.id });
-    });
-
-    it('should delete a stacked primary asset (3 trashed assets)', async () => {
-      const { sut, ctx } = setup();
-      ctx.getMock(EventRepository).emit.mockResolvedValue();
-      ctx.getMock(JobRepository).queue.mockResolvedValue();
-      const { user } = await ctx.newUser();
-      const { asset: asset1 } = await ctx.newAsset({ ownerId: user.id });
-      const { asset: asset2 } = await ctx.newAsset({ ownerId: user.id });
-      const { asset: asset3 } = await ctx.newAsset({ ownerId: user.id });
-      const { stack, result } = await ctx.newStack({ ownerId: user.id }, [asset1.id, asset2.id, asset3.id]);
-
-      await ctx.get(AssetRepository).updateAll([asset1.id, asset2.id, asset3.id], {
-        deletedAt: new Date(),
-        status: AssetStatus.Deleted,
-      });
-
-      expect(result).toMatchObject({ primaryAssetId: asset1.id });
-
-      await sut.handleAssetDeletion({ id: asset1.id, deleteOnDisk: true });
-
-      // stack is deleted as well
-      await expect(ctx.get(StackRepository).getById(stack.id)).resolves.toBe(undefined);
-    });
-
     it('should not delete offline assets', async () => {
       const { sut, ctx } = setup();
       ctx.getMock(EventRepository).emit.mockResolvedValue();

web/src/lib/components/SharedLinkFormFields.spec.ts

@@ -1,34 +0,0 @@
-import { render } from '@testing-library/svelte';
-import userEvent from '@testing-library/user-event';
-import SharedLinkFormFields from './SharedLinkFormFields.svelte';
-
-describe('SharedLinkFormFields component', () => {
-  const isChecked = (element: Element) =>
-    element instanceof HTMLInputElement ? element.checked : element.getAttribute('aria-checked') === 'true';
-
-  it('turns downloads off when metadata is disabled', async () => {
-    const { container } = render(SharedLinkFormFields, {
-      props: {
-        slug: '',
-        password: '',
-        description: '',
-        allowDownload: true,
-        allowUpload: false,
-        showMetadata: true,
-        expiresAt: null,
-      },
-    });
-    const user = userEvent.setup();
-
-    const switches = Array.from(container.querySelectorAll('[role="switch"], input[type="checkbox"]'));
-    expect(switches).toHaveLength(3);
-
-    const [showMetadataSwitch, allowDownloadSwitch] = switches;
-    expect(isChecked(allowDownloadSwitch)).toBe(true);
-
-    await user.click(showMetadataSwitch);
-
-    expect(isChecked(showMetadataSwitch)).toBe(false);
-    expect(isChecked(allowDownloadSwitch)).toBe(false);
-  });
-});

web/src/lib/components/SharedLinkFormFields.svelte

@@ -1,65 +0,0 @@
-<script lang="ts">
-  import SharedLinkExpiration from '$lib/components/SharedLinkExpiration.svelte';
-  import { Field, Input, PasswordInput, Switch, Text } from '@immich/ui';
-  import { t } from 'svelte-i18n';
-
-  type Props = {
-    slug: string;
-    password: string;
-    description: string;
-    allowDownload: boolean;
-    allowUpload: boolean;
-    showMetadata: boolean;
-    expiresAt: string | null;
-    createdAt?: string;
-  };
-
-  let {
-    slug = $bindable(),
-    password = $bindable(),
-    description = $bindable(),
-    allowDownload = $bindable(),
-    allowUpload = $bindable(),
-    showMetadata = $bindable(),
-    expiresAt = $bindable(),
-    createdAt,
-  }: Props = $props();
-
-  $effect(() => {
-    if (!showMetadata && allowDownload) {
-      allowDownload = false;
-    }
-  });
-</script>
-
-<div class="flex flex-col gap-4 mt-4">
-  <div>
-    <Field label={$t('custom_url')} description={$t('shared_link_custom_url_description')}>
-      <Input bind:value={slug} autocomplete="off" />
-    </Field>
-    {#if slug}
-      <Text size="tiny" color="muted" class="pt-2 break-all">/s/{encodeURIComponent(slug)}</Text>
-    {/if}
-  </div>
-
-  <Field label={$t('password')} description={$t('shared_link_password_description')}>
-    <PasswordInput bind:value={password} autocomplete="new-password" />
-  </Field>
-
-  <Field label={$t('description')}>
-    <Input bind:value={description} autocomplete="off" />
-  </Field>
-
-  <SharedLinkExpiration {createdAt} bind:expiresAt />
-  <Field label={$t('show_metadata')}>
-    <Switch bind:checked={showMetadata} />
-  </Field>
-
-  <Field label={$t('allow_public_user_to_download')} disabled={!showMetadata}>
-    <Switch bind:checked={allowDownload} />
-  </Field>
-
-  <Field label={$t('allow_public_user_to_upload')}>
-    <Switch bind:checked={allowUpload} />
-  </Field>
-</div>

web/src/lib/modals/AssetChangeDateModal.svelte

@@ -59,7 +59,12 @@
   size="small"
 >
   <Label for="datetime" class="block mb-1">{$t('date_and_time')}</Label>
-  <DateInput class="immich-form-input w-full mb-2" id="datetime" type="datetime-local" bind:value={selectedDate} />
+  <DateInput
+    class="immich-form-input text-gray-700 w-full mb-2"
+    id="datetime"
+    type="datetime-local"
+    bind:value={selectedDate}
+  />
   {#if timezoneInput}
     <div class="w-full">
       <Combobox bind:selectedOption label={$t('timezone')} options={timezones} placeholder={$t('search_timezone')} />

web/src/lib/modals/AssetSelectionChangeDateModal.svelte

@@ -77,7 +77,11 @@
   </Field>
   {#if showRelative}
     <Label for="relativedatetime" class="block mb-1">{$t('offset')}</Label>
-    <DurationInput class="immich-form-input w-full mb-2" id="relativedatetime" bind:value={selectedDuration} />
+    <DurationInput
+      class="immich-form-input w-full text-gray-700 mb-2"
+      id="relativedatetime"
+      bind:value={selectedDuration}
+    />
   {:else}
     <Label for="datetime" class="block mb-1">{$t('date_and_time')}</Label>
     <DateInput class="immich-form-input w-full mb-2" id="datetime" type="datetime-local" bind:value={selectedDate} />

web/src/lib/modals/AssetTagModal.svelte

@@ -33,7 +33,6 @@
 
     const updatedIds = await tagAssets({ tagIds: [...selectedIds], assetIds, showNotification: false });
     eventManager.emit('AssetsTag', updatedIds);
-    onClose();
   };
 
   const handleSelect = async (option?: ComboBoxOption) => {
@@ -82,7 +81,7 @@
       {#if tag}
         <div class="flex group transition-all">
           <span
-            class="inline-block h-min whitespace-nowrap ps-3 pe-1 group-hover:ps-3 py-1 text-center align-baseline leading-none text-gray-100 dark:text-immich-dark-gray bg-primary rounded-s-full hover:bg-immich-primary/80 dark:hover:bg-immich-dark-primary/80 transition-all"
+            class="inline-block h-min whitespace-nowrap ps-3 pe-1 group-hover:ps-3 py-1 text-center align-baseline leading-none text-gray-100 dark:text-immich-dark-gray bg-primary roudned-s-full hover:bg-immich-primary/80 dark:hover:bg-immich-dark-primary/80 transition-all"
           >
             <p class="text-sm">
               {tag.value}

web/src/lib/modals/SharedLinkCreateModal.svelte

@@ -1,8 +1,8 @@
 <script lang="ts">
-  import SharedLinkFormFields from '$lib/components/SharedLinkFormFields.svelte';
+  import SharedLinkExpiration from '$lib/components/SharedLinkExpiration.svelte';
   import { handleCreateSharedLink } from '$lib/services/shared-link.service';
   import { SharedLinkType } from '@immich/sdk';
-  import { FormModal } from '@immich/ui';
+  import { Field, FormModal, Input, PasswordInput, Switch, Text } from '@immich/ui';
   import { mdiLink } from '@mdi/js';
   import { t } from 'svelte-i18n';
 
@@ -24,6 +24,12 @@
 
   let type = $derived(albumId ? SharedLinkType.Album : SharedLinkType.Individual);
 
+  $effect(() => {
+    if (!showMetadata) {
+      allowDownload = false;
+    }
+  });
+
   const onSubmit = async () => {
     const success = await handleCreateSharedLink({
       type,
@@ -59,13 +65,36 @@
     <div>{$t('create_link_to_share_description')}</div>
   {/if}
 
-  <SharedLinkFormFields
-    bind:slug
-    bind:password
-    bind:description
-    bind:allowDownload
-    bind:allowUpload
-    bind:showMetadata
-    bind:expiresAt
-  />
+  <div class="flex flex-col gap-4 mt-4">
+    <div>
+      <Field label={$t('custom_url')} description={$t('shared_link_custom_url_description')}>
+        <Input bind:value={slug} autocomplete="off" />
+      </Field>
+      {#if slug}
+        <Text size="tiny" color="muted" class="pt-2 break-all">/s/{encodeURIComponent(slug)}</Text>
+      {/if}
+    </div>
+
+    <Field label={$t('password')} description={$t('shared_link_password_description')}>
+      <PasswordInput bind:value={password} autocomplete="new-password" />
+    </Field>
+
+    <Field label={$t('description')}>
+      <Input bind:value={description} autocomplete="off" />
+    </Field>
+
+    <SharedLinkExpiration bind:expiresAt />
+
+    <Field label={$t('show_metadata')}>
+      <Switch bind:checked={showMetadata} />
+    </Field>
+
+    <Field label={$t('allow_public_user_to_download')} disabled={!showMetadata}>
+      <Switch bind:checked={allowDownload} />
+    </Field>
+
+    <Field label={$t('allow_public_user_to_upload')}>
+      <Switch bind:checked={allowUpload} />
+    </Field>
+  </div>
 </FormModal>

web/src/routes/(user)/shared-links/(list)/[id]/edit/+page.svelte

@@ -1,10 +1,10 @@
 <script lang="ts">
   import { goto } from '$app/navigation';
-  import SharedLinkFormFields from '$lib/components/SharedLinkFormFields.svelte';
+  import SharedLinkExpiration from '$lib/components/SharedLinkExpiration.svelte';
   import { Route } from '$lib/route';
   import { handleUpdateSharedLink } from '$lib/services/shared-link.service';
   import { SharedLinkType } from '@immich/sdk';
-  import { FormModal } from '@immich/ui';
+  import { Field, FormModal, Input, PasswordInput, Switch, Text } from '@immich/ui';
   import { mdiLink } from '@mdi/js';
   import { t } from 'svelte-i18n';
   import type { PageData } from './$types';
@@ -61,14 +61,36 @@
     </div>
   {/if}
 
-  <SharedLinkFormFields
-    bind:slug
-    bind:password
-    bind:description
-    bind:allowDownload
-    bind:allowUpload
-    bind:showMetadata
-    bind:expiresAt
-    createdAt={sharedLink.createdAt}
-  />
+  <div class="flex flex-col gap-4 mt-4">
+    <div>
+      <Field label={$t('custom_url')} description={$t('shared_link_custom_url_description')}>
+        <Input bind:value={slug} autocomplete="off" />
+      </Field>
+      {#if slug}
+        <Text size="tiny" color="muted" class="pt-2">/s/{encodeURIComponent(slug)}</Text>
+      {/if}
+    </div>
+
+    <Field label={$t('password')} description={$t('shared_link_password_description')}>
+      <PasswordInput bind:value={password} autocomplete="new-password" />
+    </Field>
+
+    <Field label={$t('description')}>
+      <Input bind:value={description} autocomplete="off" />
+    </Field>
+
+    <SharedLinkExpiration createdAt={sharedLink.createdAt} bind:expiresAt />
+
+    <Field label={$t('show_metadata')}>
+      <Switch bind:checked={showMetadata} />
+    </Field>
+
+    <Field label={$t('allow_public_user_to_download')} disabled={!showMetadata}>
+      <Switch bind:checked={allowDownload} />
+    </Field>
+
+    <Field label={$t('allow_public_user_to_upload')}>
+      <Switch bind:checked={allowUpload} />
+    </Field>
+  </div>
 </FormModal>