diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
index 40dc72c12..21ee078d6 100644
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -70,7 +70,7 @@ services:
         hard: -1
 
   libretranslate:
-    image: libretranslate/libretranslate:v1.5.2
+    image: libretranslate/libretranslate:v1.5.3
     restart: unless-stopped
     volumes:
       - lt-data:/home/libretranslate/.local
diff --git a/.rubocop.yml b/.rubocop.yml
index 8832e28f6..bedd8f785 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -118,15 +118,10 @@ Rails/UnusedIgnoredColumns:
 Rails/NegateInclude:
   Enabled: false
 
-# Reason: Some single letter camel case files shouldn't be split
+# Reason: Deprecated cop, will be removed in 3.0, replaced by SpecFilePathFormat
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecfilepath
 RSpec/FilePath:
-  CustomTransform:
-    ActivityPub: activitypub
-    DeepL: deepl
-    FetchOEmbedService: fetch_oembed_service
-    OEmbedController: oembed_controller
-    OStatus: ostatus
+  Enabled: false
 
 # Reason:
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnamedsubject
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index bc66bc4ad..6ab895705 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.57.2.
+# using RuboCop version 1.59.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -26,7 +26,7 @@ Lint/NonLocalExitFromIterator:
 
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 100
+  Max: 82
 
 # Configuration parameters: CountBlocks, Max.
 Metrics/BlockNesting:
@@ -50,7 +50,7 @@ RSpec/MultipleExpectations:
 
 # Configuration parameters: AllowSubject.
 RSpec/MultipleMemoizedHelpers:
-  Max: 21
+  Max: 17
 
 # Configuration parameters: AllowedGroups.
 RSpec/NestedGroups:
@@ -66,7 +66,6 @@ Rails/ApplicationController:
 Rails/HasAndBelongsToMany:
   Exclude:
     - 'app/models/concerns/account/associations.rb'
-    - 'app/models/preview_card.rb'
     - 'app/models/status.rb'
     - 'app/models/tag.rb'
 
@@ -144,7 +143,6 @@ Rails/WhereExists:
   Exclude:
     - 'app/controllers/activitypub/inboxes_controller.rb'
     - 'app/controllers/admin/email_domain_blocks_controller.rb'
-    - 'app/controllers/auth/registrations_controller.rb'
     - 'app/lib/activitypub/activity/create.rb'
     - 'app/lib/delivery_failure_tracker.rb'
     - 'app/lib/feed_manager.rb'
@@ -160,24 +158,16 @@ Rails/WhereExists:
     - 'app/serializers/rest/announcement_serializer.rb'
     - 'app/serializers/rest/tag_serializer.rb'
     - 'app/services/activitypub/fetch_remote_status_service.rb'
-    - 'app/services/app_sign_up_service.rb'
     - 'app/services/vote_service.rb'
     - 'app/validators/reaction_validator.rb'
     - 'app/validators/vote_validator.rb'
     - 'app/workers/move_worker.rb'
-    - 'db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb'
     - 'lib/tasks/tests.rake'
     - 'spec/models/account_spec.rb'
     - 'spec/services/activitypub/process_collection_service_spec.rb'
     - 'spec/services/purge_domain_service_spec.rb'
     - 'spec/services/unallow_domain_service_spec.rb'
 
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowOnConstant, AllowOnSelfClass.
-Style/CaseEquality:
-  Exclude:
-    - 'config/initializers/trusted_proxies.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 # AllowedMethods: ==, equal?, eql?
@@ -205,8 +195,8 @@ Style/FetchEnvVar:
     - 'config/initializers/devise.rb'
     - 'config/initializers/paperclip.rb'
     - 'config/initializers/vapid.rb'
-    - 'lib/premailer_webpack_strategy.rb'
     - 'lib/mastodon/redis_config.rb'
+    - 'lib/premailer_webpack_strategy.rb'
     - 'lib/tasks/repo.rake'
     - 'spec/features/profile_spec.rb'
 
@@ -223,7 +213,6 @@ Style/FormatStringToken:
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/GlobalStdStream:
   Exclude:
-    - 'config/boot.rb'
     - 'config/environments/development.rb'
     - 'config/environments/production.rb'
 
@@ -253,8 +242,6 @@ Style/GuardClause:
     - 'app/workers/redownload_media_worker.rb'
     - 'app/workers/remote_account_refresh_worker.rb'
     - 'config/initializers/devise.rb'
-    - 'db/migrate/20170901141119_truncate_preview_cards.rb'
-    - 'db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb'
     - 'lib/devise/strategies/two_factor_ldap_authenticatable.rb'
     - 'lib/devise/strategies/two_factor_pam_authenticatable.rb'
     - 'lib/mastodon/cli/accounts.rb'
@@ -275,7 +262,6 @@ Style/HashAsLastArrayItem:
     - 'app/models/status.rb'
     - 'app/services/batched_remove_status_service.rb'
     - 'app/services/notify_service.rb'
-    - 'db/migrate/20181024224956_migrate_account_conversations.rb'
 
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/HashTransformValues:
@@ -415,8 +401,8 @@ Style/TrailingCommaInHashLiteral:
     - 'config/environments/test.rb'
 
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, MinSize, WordRegex.
+# Configuration parameters: WordRegex.
 # SupportedStyles: percent, brackets
 Style/WordArray:
-  Exclude:
-    - 'app/helpers/languages_helper.rb'
+  EnforcedStyle: percent
+  MinSize: 3
diff --git a/Gemfile b/Gemfile
index 300036804..d65386dac 100644
--- a/Gemfile
+++ b/Gemfile
@@ -90,7 +90,7 @@ gem 'sidekiq-bulk', '~> 0.2.0'
 gem 'simple-navigation', '~> 4.4'
 gem 'simple_form', '~> 5.2'
 gem 'stoplight', '~> 3.0.1'
-gem 'strong_migrations', '1.6.4'
+gem 'strong_migrations', '1.7.0'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
 gem 'tzinfo-data', '~> 1.2023'
diff --git a/Gemfile.lock b/Gemfile.lock
index 295461bd3..e694dce0f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -467,14 +467,14 @@ GEM
     multi_json (1.15.0)
     multipart-post (2.3.0)
     mutex_m (0.2.0)
-    net-http (0.4.0)
+    net-http (0.4.1)
       uri
     net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
     net-imap (0.4.4)
       date
       net-protocol
-    net-ldap (0.18.0)
+    net-ldap (0.19.0)
     net-pop (0.1.2)
       net-protocol
     net-protocol (0.2.2)
@@ -544,7 +544,7 @@ GEM
     psych (5.1.2)
       stringio
     public_suffix (5.0.4)
-    puma (6.4.1)
+    puma (6.4.2)
       nio4r (~> 2.0)
     pundit (2.3.1)
       activesupport (>= 3.0.0)
@@ -676,11 +676,11 @@ GEM
       unicode-display_width (>= 2.4.0, < 3.0)
     rubocop-ast (1.30.0)
       parser (>= 3.2.1.0)
-    rubocop-capybara (2.19.0)
+    rubocop-capybara (2.20.0)
       rubocop (~> 1.41)
-    rubocop-factory_bot (2.24.0)
+    rubocop-factory_bot (2.25.0)
       rubocop (~> 1.33)
-    rubocop-performance (1.20.1)
+    rubocop-performance (1.20.2)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.30.0, < 2.0)
     rubocop-rails (2.23.1)
@@ -688,7 +688,7 @@ GEM
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
       rubocop-ast (>= 1.30.0, < 2.0)
-    rubocop-rspec (2.25.0)
+    rubocop-rspec (2.26.1)
       rubocop (~> 1.40)
       rubocop-capybara (~> 2.17)
       rubocop-factory_bot (~> 2.22)
@@ -748,7 +748,7 @@ GEM
     stoplight (3.0.2)
       redlock (~> 1.0)
     stringio (3.1.0)
-    strong_migrations (1.6.4)
+    strong_migrations (1.7.0)
       activerecord (>= 5.2)
     swd (1.3.0)
       activesupport (>= 3)
@@ -952,7 +952,7 @@ DEPENDENCIES
   simplecov-lcov (~> 0.8)
   stackprof
   stoplight (~> 3.0.1)
-  strong_migrations (= 1.6.4)
+  strong_migrations (= 1.7.0)
   test-prof
   thor (~> 1.2)
   tty-prompt (~> 0.23)
diff --git a/app/controllers/admin/email_domain_blocks_controller.rb b/app/controllers/admin/email_domain_blocks_controller.rb
index 4a3228ec3..ff754bc0b 100644
--- a/app/controllers/admin/email_domain_blocks_controller.rb
+++ b/app/controllers/admin/email_domain_blocks_controller.rb
@@ -40,7 +40,7 @@ module Admin
           (@email_domain_block.other_domains || []).uniq.each do |domain|
             next if EmailDomainBlock.where(domain: domain).exists?
 
-            other_email_domain_block = EmailDomainBlock.create!(domain: domain, parent: @email_domain_block)
+            other_email_domain_block = EmailDomainBlock.create!(domain: domain, allow_with_approval: @email_domain_block.allow_with_approval, parent: @email_domain_block)
             log_action :create, other_email_domain_block
           end
         end
@@ -65,7 +65,7 @@ module Admin
     end
 
     def resource_params
-      params.require(:email_domain_block).permit(:domain, other_domains: [])
+      params.require(:email_domain_block).permit(:domain, :allow_with_approval, other_domains: [])
     end
 
     def form_email_domain_block_batch_params
diff --git a/app/controllers/api/v1/admin/email_domain_blocks_controller.rb b/app/controllers/api/v1/admin/email_domain_blocks_controller.rb
index 850eda622..df54b9f0a 100644
--- a/app/controllers/api/v1/admin/email_domain_blocks_controller.rb
+++ b/app/controllers/api/v1/admin/email_domain_blocks_controller.rb
@@ -55,7 +55,7 @@ class Api::V1::Admin::EmailDomainBlocksController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:domain)
+    params.permit(:domain, :allow_with_approval)
   end
 
   def insert_pagination_headers
diff --git a/app/controllers/concerns/cache_concern.rb b/app/controllers/concerns/cache_concern.rb
index 2dfe5e263..62f763fe2 100644
--- a/app/controllers/concerns/cache_concern.rb
+++ b/app/controllers/concerns/cache_concern.rb
@@ -3,150 +3,6 @@
 module CacheConcern
   extend ActiveSupport::Concern
 
-  module ActiveRecordCoder
-    EMPTY_HASH = {}.freeze
-
-    class << self
-      def dump(record)
-        instances = InstanceTracker.new
-        serialized_associations = serialize_associations(record, instances)
-        serialized_records = instances.map { |r| serialize_record(r) }
-        [serialized_associations, *serialized_records]
-      end
-
-      def load(payload)
-        instances = InstanceTracker.new
-        serialized_associations, *serialized_records = payload
-        serialized_records.each { |attrs| instances.push(deserialize_record(*attrs)) }
-        deserialize_associations(serialized_associations, instances)
-      end
-
-      private
-
-      # Records without associations, or which have already been visited before,
-      # are serialized by their id alone.
-      #
-      # Records with associations are serialized as a two-element array including
-      # their id and the record's association cache.
-      #
-      def serialize_associations(record, instances)
-        return unless record
-
-        if (id = instances.lookup(record))
-          payload = id
-        else
-          payload = instances.push(record)
-
-          cached_associations = record.class.reflect_on_all_associations.select do |reflection|
-            record.association_cached?(reflection.name)
-          end
-
-          unless cached_associations.empty?
-            serialized_associations = cached_associations.map do |reflection|
-              association = record.association(reflection.name)
-
-              serialized_target = if reflection.collection?
-                                    association.target.map { |target_record| serialize_associations(target_record, instances) }
-                                  else
-                                    serialize_associations(association.target, instances)
-                                  end
-
-              [reflection.name, serialized_target]
-            end
-
-            payload = [payload, serialized_associations]
-          end
-        end
-
-        payload
-      end
-
-      def deserialize_associations(payload, instances)
-        return unless payload
-
-        id, associations = payload
-        record = instances.fetch(id)
-
-        associations&.each do |name, serialized_target|
-          begin
-            association = record.association(name)
-          rescue ActiveRecord::AssociationNotFoundError
-            raise AssociationMissingError, "undefined association: #{name}"
-          end
-
-          target = if association.reflection.collection?
-                     serialized_target.map! { |serialized_record| deserialize_associations(serialized_record, instances) }
-                   else
-                     deserialize_associations(serialized_target, instances)
-                   end
-
-          association.target = target
-        end
-
-        record
-      end
-
-      def serialize_record(record)
-        arguments = [record.class.name, attributes_for_database(record)]
-        arguments << true if record.new_record?
-        arguments
-      end
-
-      def attributes_for_database(record)
-        attributes = record.attributes_for_database
-        attributes.transform_values! { |attr| attr.is_a?(::ActiveModel::Type::Binary::Data) ? attr.to_s : attr }
-        attributes
-      end
-
-      def deserialize_record(class_name, attributes_from_database, new_record = false) # rubocop:disable Style/OptionalBooleanParameter
-        begin
-          klass = Object.const_get(class_name)
-        rescue NameError
-          raise ClassMissingError, "undefined class: #{class_name}"
-        end
-
-        # Ideally we'd like to call `klass.instantiate`, however it doesn't allow to pass
-        # wether the record was persisted or not.
-        attributes = klass.attributes_builder.build_from_database(attributes_from_database, EMPTY_HASH)
-        klass.allocate.init_with_attributes(attributes, new_record)
-      end
-    end
-
-    class Error < StandardError
-    end
-
-    class ClassMissingError < Error
-    end
-
-    class AssociationMissingError < Error
-    end
-
-    class InstanceTracker
-      def initialize
-        @instances = []
-        @ids = {}.compare_by_identity
-      end
-
-      def map(&block)
-        @instances.map(&block)
-      end
-
-      def fetch(...)
-        @instances.fetch(...)
-      end
-
-      def push(instance)
-        id = @ids[instance] = @instances.size
-        @instances << instance
-        id
-      end
-
-      def lookup(instance)
-        @ids[instance]
-      end
-    end
-  end
-
   class_methods do
     def vary_by(value, **kwargs)
       before_action(**kwargs) do |controller|
@@ -196,11 +52,7 @@ module CacheConcern
     raw = raw.cache_ids.to_a if raw.is_a?(ActiveRecord::Relation)
     return [] if raw.empty?
 
-    cached_keys_with_value = begin
-      Rails.cache.read_multi(*raw).transform_keys(&:id).transform_values { |r| ActiveRecordCoder.load(r) }
-    rescue ActiveRecordCoder::Error
-      {} # The serialization format may have changed, let's pretend it's a cache miss.
-    end
+    cached_keys_with_value = Rails.cache.read_multi(*raw).transform_keys(&:id)
 
     uncached_ids = raw.map(&:id) - cached_keys_with_value.keys
 
@@ -208,10 +60,7 @@ module CacheConcern
 
     unless uncached_ids.empty?
       uncached = klass.where(id: uncached_ids).with_includes.index_by(&:id)
-
-      uncached.each_value do |item|
-        Rails.cache.write(item, ActiveRecordCoder.dump(item))
-      end
+      Rails.cache.write_multi(uncached.values.to_h { |i| [i, i] })
     end
 
     raw.filter_map { |item| cached_keys_with_value[item.id] || uncached[item.id] }
diff --git a/app/controllers/well_known/webfinger_controller.rb b/app/controllers/well_known/webfinger_controller.rb
index 364fbf8a1..72f0ea890 100644
--- a/app/controllers/well_known/webfinger_controller.rb
+++ b/app/controllers/well_known/webfinger_controller.rb
@@ -21,7 +21,7 @@ module WellKnown
       username = username_from_resource
 
       @account = begin
-        if username == Rails.configuration.x.local_domain
+        if username == Rails.configuration.x.local_domain || username == Rails.configuration.x.web_domain
           Account.representative
         else
           Account.find_local!(username)
diff --git a/app/javascript/mastodon/features/status/index.jsx b/app/javascript/mastodon/features/status/index.jsx
index 67a969731..c581255c9 100644
--- a/app/javascript/mastodon/features/status/index.jsx
+++ b/app/javascript/mastodon/features/status/index.jsx
@@ -582,16 +582,20 @@ class Status extends ImmutablePureComponent {
     ));
   }
 
-  setRef = c => {
+  setContainerRef = c => {
     this.node = c;
   };
 
+  setStatusRef = c => {
+    this.statusNode = c;
+  };
+
   _scrollStatusIntoView () {
     const { status, multiColumn } = this.props;
 
     if (status) {
-      window.requestAnimationFrame(() => {
-        this.node?.querySelector('.detailed-status__wrapper')?.scrollIntoView(true);
+      requestIdleCallback(() => {
+        this.statusNode?.scrollIntoView(true);
 
         // In the single-column interface, `scrollIntoView` will put the post behind the header,
         // so compensate for that.
@@ -629,9 +633,8 @@ class Status extends ImmutablePureComponent {
     }
 
     // Scroll to focused post if it is loaded
-    const child = this.node?.querySelector('.detailed-status__wrapper');
-    if (child) {
-      return [0, child.offsetTop];
+    if (this.statusNode) {
+      return [0, this.statusNode.offsetTop];
     }
 
     // Do not scroll otherwise, `componentDidUpdate` will take care of that
@@ -692,11 +695,11 @@ class Status extends ImmutablePureComponent {
         />
 
         <ScrollContainer scrollKey='thread' shouldUpdateScroll={this.shouldUpdateScroll}>
-          <div className={classNames('scrollable', { fullscreen })} ref={this.setRef}>
+          <div className={classNames('scrollable', { fullscreen })} ref={this.setContainerRef}>
             {ancestors}
 
             <HotKeys handlers={handlers}>
-              <div className={classNames('focusable', 'detailed-status__wrapper', `detailed-status__wrapper-${status.get('visibility')}`)} tabIndex={0} aria-label={textForScreenReader(intl, status, false)}>
+              <div className={classNames('focusable', 'detailed-status__wrapper', `detailed-status__wrapper-${status.get('visibility')}`)} tabIndex={0} aria-label={textForScreenReader(intl, status, false)} ref={this.setStatusRef}>
                 <DetailedStatus
                   key={`details-${status.get('id')}`}
                   status={status}
diff --git a/app/javascript/mastodon/locales/el.json b/app/javascript/mastodon/locales/el.json
index 17a0c9d4d..53e55fa95 100644
--- a/app/javascript/mastodon/locales/el.json
+++ b/app/javascript/mastodon/locales/el.json
@@ -260,6 +260,9 @@
   "filter_modal.select_filter.subtitle": "Χρησιμοποιήστε μια υπάρχουσα κατηγορία ή δημιουργήστε μια νέα",
   "filter_modal.select_filter.title": "Φιλτράρισμα αυτής της ανάρτησης",
   "filter_modal.title.status": "Φιλτράρισμα μιας ανάρτησης",
+  "firehose.all": "Όλα",
+  "firehose.local": "Αυτός ο διακομιστής",
+  "firehose.remote": "Άλλοι διακομιστές",
   "follow_request.authorize": "Εξουσιοδότησε",
   "follow_request.reject": "Απέρριψε",
   "follow_requests.unlocked_explanation": "Παρόλο που ο λογαριασμός σου δεν είναι κλειδωμένος, το προσωπικό του {domain} θεώρησαν πως ίσως να θέλεις να ελέγξεις χειροκίνητα αυτά τα αιτήματα ακολούθησης.",
@@ -285,11 +288,15 @@
   "hashtag.column_settings.tag_toggle": "Προσθήκη επιπλέον ταμπελών για την κολώνα",
   "hashtag.follow": "Παρακολούθηση ετικέτας",
   "hashtag.unfollow": "Διακοπή παρακολούθησης ετικέτας",
+  "home.actions.go_to_suggestions": "Βρείτε άτομα για να ακολουθήσετε",
   "home.column_settings.basic": "Βασικές ρυθμίσεις",
   "home.column_settings.show_reblogs": "Εμφάνιση προωθήσεων",
   "home.column_settings.show_replies": "Εμφάνιση απαντήσεων",
   "home.explore_prompt.body": "Your home feed will have a mix of posts from the hashtags you've chosen to follow, the people you've chosen to follow, and the posts they boost. If that feels too quiet, you may want to:\nΗ τροφοδοσία της αρχικής σελίδας σας είναι ένα μίγμα από αναρτήσεις με τις ετικέτες και τα άτομα που επιλέξατε να ακολουθείτε, και τις αναρτήσεις που προωθούν. Εάν αυτό σας φαίνεται πολύ ήσυχο, μπορεί να θέλετε:",
+  "home.explore_prompt.title": "Αυτό είναι το σπίτι σας στο Mastodon.",
   "home.hide_announcements": "Απόκρυψη ανακοινώσεων",
+  "home.pending_critical_update.link": "Δείτε ενημερώσεις",
+  "home.pending_critical_update.title": "Κρίσιμη ενημέρωση ασφαλείας διαθέσιμη!",
   "home.show_announcements": "Εμφάνιση ανακοινώσεων",
   "interaction_modal.description.follow": "Με έναν λογαριασμό Mastodon, μπορείς να ακολουθήσεις τον/την {name} ώστε να λαμβάνεις τις αναρτήσεις του/της στη δική σου ροή.",
   "interaction_modal.description.reblog": "Με ένα λογαριασμό Mastodon, μπορείς να ενισχύσεις αυτή την ανάρτηση για να τη μοιραστείς με τους δικούς σου ακολούθους.",
@@ -314,6 +321,7 @@
   "keyboard_shortcuts.direct": "για το άνοιγμα της στήλης ιδιωτικών επισημάνσεων",
   "keyboard_shortcuts.down": "κίνηση προς τα κάτω στη λίστα",
   "keyboard_shortcuts.enter": "Εμφάνιση ανάρτησης",
+  "keyboard_shortcuts.favourite": "Αγαπημένη δημοσίευση",
   "keyboard_shortcuts.federated": "Άνοιγμα ροής συναλλαγών",
   "keyboard_shortcuts.heading": "Συντομεύσεις πληκτρολογίου",
   "keyboard_shortcuts.home": "Άνοιγμα ροής αρχικής σελίδας",
@@ -358,6 +366,7 @@
   "lists.search": "Αναζήτησε μεταξύ των ανθρώπων που ακουλουθείς",
   "lists.subheading": "Οι λίστες σου",
   "load_pending": "{count, plural, one {# νέο στοιχείο} other {# νέα στοιχεία}}",
+  "loading_indicator.label": "Φόρτωση…",
   "media_gallery.toggle_visible": "{number, plural, one {Απόκρυψη εικόνας} other {Απόκρυψη εικόνων}}",
   "moved_to_account_banner.text": "Ο λογαριασμός σου {disabledAccount} είναι προσωρινά απενεργοποιημένος επειδή μεταφέρθηκες στον {movedToAccount}.",
   "mute_modal.duration": "Διάρκεια",
@@ -380,6 +389,7 @@
   "navigation_bar.lists": "Λίστες",
   "navigation_bar.logout": "Αποσύνδεση",
   "navigation_bar.mutes": "Αποσιωπημένοι χρήστες",
+  "navigation_bar.opened_in_classic_interface": "Δημοσιεύσεις, λογαριασμοί και άλλες συγκεκριμένες σελίδες ανοίγονται από προεπιλογή στην κλασική διεπαφή ιστού.",
   "navigation_bar.personal": "Προσωπικά",
   "navigation_bar.pins": "Καρφιτσωμένες αναρτήσεις",
   "navigation_bar.preferences": "Προτιμήσεις",
@@ -403,6 +413,7 @@
   "notifications.column_settings.admin.report": "Νέες αναφορές:",
   "notifications.column_settings.admin.sign_up": "Νέες εγγραφές:",
   "notifications.column_settings.alert": "Ειδοποιήσεις επιφάνειας εργασίας",
+  "notifications.column_settings.favourite": "Αγαπημένα:",
   "notifications.column_settings.filter_bar.advanced": "Εμφάνιση όλων των κατηγοριών",
   "notifications.column_settings.filter_bar.category": "Μπάρα γρήγορου φίλτρου",
   "notifications.column_settings.filter_bar.show_bar": "Εμφάνιση μπάρας φίλτρου",
diff --git a/app/javascript/mastodon/locales/ia.json b/app/javascript/mastodon/locales/ia.json
index 35397b8e1..00cafe260 100644
--- a/app/javascript/mastodon/locales/ia.json
+++ b/app/javascript/mastodon/locales/ia.json
@@ -1,4 +1,8 @@
 {
+  "about.blocks": "Servitores moderate",
+  "about.contact": "Contacto:",
+  "about.disclaimer": "Mastodon es software libere, de codice aperte, e un marca de Mastodon gGmbH.",
+  "account.account_note_header": "Nota",
   "account.add_or_remove_from_list": "Adder o remover ab listas",
   "account.badges.group": "Gruppo",
   "account.block": "Blocar @{name}",
@@ -21,9 +25,12 @@
   "bundle_column_error.return": "Retornar al initio",
   "bundle_modal_error.close": "Clauder",
   "bundle_modal_error.retry": "Tentar novemente",
+  "column.about": "A proposito de",
   "column.blocks": "Usatores blocate",
+  "column.bookmarks": "Marcapaginas",
   "column.directory": "Navigar profilos",
   "column.favourites": "Favoritos",
+  "column.firehose": "Fluxos in directe",
   "column.home": "Initio",
   "column.lists": "Listas",
   "column.notifications": "Notificationes",
@@ -33,23 +40,28 @@
   "compose.language.change": "Cambiar le lingua",
   "compose.language.search": "Cercar linguas...",
   "compose.published.open": "Aperir",
+  "compose_form.direct_message_warning_learn_more": "Apprender plus",
   "compose_form.poll.add_option": "Adder un option",
   "compose_form.poll.remove_option": "Remover iste option",
   "confirmation_modal.cancel": "Cancellar",
   "confirmations.delete.confirm": "Deler",
   "confirmations.delete_list.confirm": "Deler",
+  "confirmations.edit.confirm": "Modificar",
   "confirmations.logout.confirm": "Clauder le session",
   "copy_icon_button.copied": "Copiate al area de transferentia",
+  "copypaste.copied": "Copiate",
   "copypaste.copy_to_clipboard": "Copiar al area de transferentia",
   "disabled_account_banner.account_settings": "Parametros de conto",
   "dismissable_banner.dismiss": "Dimitter",
   "emoji_button.activity": "Activitate",
+  "emoji_button.clear": "Rader",
   "emoji_button.custom": "Personalisate",
   "emoji_button.search_results": "Resultatos de recerca",
   "empty_column.account_unavailable": "Profilo non disponibile",
   "errors.unexpected_crash.report_issue": "Signalar un defecto",
   "explore.search_results": "Resultatos de recerca",
   "explore.trending_links": "Novas",
+  "filter_modal.select_filter.prompt_new": "Nove categoria: {name}",
   "firehose.all": "Toto",
   "firehose.local": "Iste servitor",
   "firehose.remote": "Altere servitores",
@@ -62,23 +74,50 @@
   "keyboard_shortcuts.my_profile": "Aperir tu profilo",
   "lightbox.close": "Clauder",
   "lightbox.next": "Sequente",
+  "lightbox.previous": "Precedente",
   "link_preview.author": "Per {name}",
   "lists.account.add": "Adder al lista",
+  "lists.delete": "Deler lista",
+  "lists.edit": "Modificar lista",
+  "lists.new.create": "Adder lista",
+  "lists.subheading": "Tu listas",
   "mute_modal.duration": "Duration",
   "mute_modal.hide_notifications": "Celar notificationes de iste usator?",
   "navigation_bar.about": "A proposito de",
   "navigation_bar.advanced_interface": "Aperir in un interfacie web avantiate",
   "navigation_bar.blocks": "Usatores blocate",
+  "navigation_bar.discover": "Discoperir",
+  "navigation_bar.edit_profile": "Modificar profilo",
   "navigation_bar.favourites": "Favoritos",
   "navigation_bar.lists": "Listas",
   "navigation_bar.logout": "Clauder le session",
   "navigation_bar.preferences": "Preferentias",
+  "navigation_bar.search": "Cercar",
   "navigation_bar.security": "Securitate",
   "notifications.column_settings.alert": "Notificationes de scriptorio",
   "notifications.column_settings.filter_bar.advanced": "Monstrar tote le categorias",
   "notifications.column_settings.sound": "Reproducer sono",
   "notifications.filter.all": "Toto",
+  "notifications.filter.favourites": "Favoritos",
+  "notifications.grant_permission": "Conceder permission.",
+  "notifications.group": "{count} notificationes",
   "onboarding.compose.template": "Salute #Mastodon!",
   "onboarding.profile.save_and_continue": "Salvar e continuar",
-  "onboarding.share.title": "Compartir tu profilo"
+  "onboarding.share.title": "Compartir tu profilo",
+  "onboarding.steps.share_profile.title": "Compartir tu profilo de Mastodon",
+  "relative_time.just_now": "ora",
+  "relative_time.today": "hodie",
+  "reply_indicator.cancel": "Cancellar",
+  "report.next": "Sequente",
+  "report.placeholder": "Commentos additional",
+  "report.reasons.dislike": "Non me place",
+  "search.quick_action.go_to_account": "Vader al profilo {x}",
+  "search_results.accounts": "Profilos",
+  "search_results.see_all": "Vider toto",
+  "status.delete": "Deler",
+  "status.share": "Compartir",
+  "status.translate": "Traducer",
+  "status.translated_from_with": "Traducite ab {lang} usante {provider}",
+  "tabs_bar.home": "Initio",
+  "tabs_bar.notifications": "Notificationes"
 }
diff --git a/app/javascript/mastodon/locales/lad.json b/app/javascript/mastodon/locales/lad.json
index ce6cb5647..2067edcc7 100644
--- a/app/javascript/mastodon/locales/lad.json
+++ b/app/javascript/mastodon/locales/lad.json
@@ -501,6 +501,7 @@
   "onboarding.steps.setup_profile.title": "Personaliza tu profil",
   "onboarding.steps.share_profile.body": "Informe a tus amigos komo toparte en Mastodon",
   "onboarding.steps.share_profile.title": "Partaja tu profil de Mastodon",
+  "password_confirmation.mismatching": "Los dos kodes son desferentes",
   "picture_in_picture.restore": "Restora",
   "poll.closed": "Serrado",
   "poll.refresh": "Arefreska",
diff --git a/app/javascript/mastodon/locales/nn.json b/app/javascript/mastodon/locales/nn.json
index e5b1d2b37..ec2ff8214 100644
--- a/app/javascript/mastodon/locales/nn.json
+++ b/app/javascript/mastodon/locales/nn.json
@@ -606,7 +606,7 @@
   "search.quick_action.status_search": "Innlegg som samsvarer med {x}",
   "search.search_or_paste": "Søk eller lim inn URL",
   "search_popout.full_text_search_disabled_message": "Ikkje tilgjengeleg på {domain}.",
-  "search_popout.full_text_search_logged_out_message": "Bare tilgjengelig ved innlogging.",
+  "search_popout.full_text_search_logged_out_message": "Bare tilgjengelig når man er logget inn.",
   "search_popout.language_code": "ISO-språkkode",
   "search_popout.options": "Søkjealternativ",
   "search_popout.quick_actions": "Hurtighandlinger",
diff --git a/app/javascript/mastodon/locales/no.json b/app/javascript/mastodon/locales/no.json
index c0f50283a..50da3bb2b 100644
--- a/app/javascript/mastodon/locales/no.json
+++ b/app/javascript/mastodon/locales/no.json
@@ -606,7 +606,7 @@
   "search.quick_action.status_search": "Innlegg som samsvarer med {x}",
   "search.search_or_paste": "Søk eller lim inn URL",
   "search_popout.full_text_search_disabled_message": "Ikke tilgjengelig på {domain}.",
-  "search_popout.full_text_search_logged_out_message": "Bare tilgjengelig ved innlogging.",
+  "search_popout.full_text_search_logged_out_message": "Bare tilgjengelig når man er logget inn.",
   "search_popout.language_code": "ISO språkkode",
   "search_popout.options": "Alternativer for søk",
   "search_popout.quick_actions": "Hurtighandlinger",
diff --git a/app/javascript/mastodon/locales/sq.json b/app/javascript/mastodon/locales/sq.json
index 48eac1487..f45266c84 100644
--- a/app/javascript/mastodon/locales/sq.json
+++ b/app/javascript/mastodon/locales/sq.json
@@ -32,6 +32,7 @@
   "account.featured_tags.last_status_never": "Pa postime",
   "account.featured_tags.title": "Hashtagë të zgjedhur të {name}",
   "account.follow": "Ndiqeni",
+  "account.follow_back": "Ndiqe gjithashtu",
   "account.followers": "Ndjekës",
   "account.followers.empty": "Këtë përdorues ende s’e ndjek kush.",
   "account.followers_counter": "{count, plural, one {{counter} Ndjekës} other {{counter} Ndjekës}}",
@@ -52,6 +53,7 @@
   "account.mute_notifications_short": "Mos shfaq njoftime",
   "account.mute_short": "Mos i shfaq",
   "account.muted": "Heshtuar",
+  "account.mutual": "Reciproke",
   "account.no_bio": "S’u dha përshkrim.",
   "account.open_original_page": "Hap faqen origjinale",
   "account.posts": "Mesazhe",
diff --git a/app/javascript/mastodon/locales/zh-CN.json b/app/javascript/mastodon/locales/zh-CN.json
index 575e0c7ae..720e4331b 100644
--- a/app/javascript/mastodon/locales/zh-CN.json
+++ b/app/javascript/mastodon/locales/zh-CN.json
@@ -53,7 +53,7 @@
   "account.mute_notifications_short": "关闭通知",
   "account.mute_short": "隐藏",
   "account.muted": "已隐藏",
-  "account.mutual": "互相关注",
+  "account.mutual": "互粉好友",
   "account.no_bio": "未提供描述。",
   "account.open_original_page": "打开原始页面",
   "account.posts": "嘟文",
@@ -446,7 +446,7 @@
   "notifications.column_settings.filter_bar.advanced": "显示所有类别",
   "notifications.column_settings.filter_bar.category": "快速过滤栏",
   "notifications.column_settings.filter_bar.show_bar": "显示过滤栏",
-  "notifications.column_settings.follow": "新关注者：",
+  "notifications.column_settings.follow": "新粉丝：",
   "notifications.column_settings.follow_request": "新关注请求：",
   "notifications.column_settings.mention": "提及：",
   "notifications.column_settings.poll": "投票结果：",
@@ -700,7 +700,7 @@
   "time_remaining.moments": "即将结束",
   "time_remaining.seconds": "剩余 {number, plural, one {# 秒} other {# 秒}}",
   "timeline_hint.remote_resource_not_displayed": "不会显示来自其它服务器的{resource}",
-  "timeline_hint.resources.followers": "关注者",
+  "timeline_hint.resources.followers": "粉丝",
   "timeline_hint.resources.follows": "关注",
   "timeline_hint.resources.statuses": "更早的嘟文",
   "trends.counter_by_accounts": "过去 {days, plural, other {{days} 天}}有{count, plural, other { {counter} 人}}讨论",
diff --git a/app/lib/content_security_policy.rb b/app/lib/content_security_policy.rb
index 8f0278e37..9dbcb3563 100644
--- a/app/lib/content_security_policy.rb
+++ b/app/lib/content_security_policy.rb
@@ -10,7 +10,7 @@ class ContentSecurityPolicy
   end
 
   def media_hosts
-    [assets_host, cdn_host_value].concat(extra_data_hosts).compact
+    [assets_host, cdn_host_value, paperclip_root_url].concat(extra_data_hosts).compact
   end
 
   private
@@ -27,6 +27,15 @@ class ContentSecurityPolicy
     s3_alias_host || s3_cloudfront_host || azure_alias_host || s3_hostname_host
   end
 
+  def paperclip_root_url
+    root_url = ENV.fetch('PAPERCLIP_ROOT_URL', nil)
+    return if root_url.blank?
+
+    (Addressable::URI.parse(assets_host) + root_url).tap do |uri|
+      uri.path += '/' unless uri.path.blank? || uri.path.end_with?('/')
+    end.to_s
+  end
+
   def url_from_base_host
     host_to_url(base_host)
   end
diff --git a/app/models/concerns/attachmentable.rb b/app/models/concerns/attachmentable.rb
index 4cdbdeb47..3b7db1fce 100644
--- a/app/models/concerns/attachmentable.rb
+++ b/app/models/concerns/attachmentable.rb
@@ -11,11 +11,12 @@ module Attachmentable
   # For some file extensions, there exist different content
   # type variants, and browsers often send the wrong one,
   # for example, sending an audio .ogg file as video/ogg,
-  # likewise, MimeMagic also misreports them as such. For
+  # likewise, kt-paperclip also misreports them as such. For
   # those files, it is necessary to use the output of the
   # `file` utility instead
   INCORRECT_CONTENT_TYPES = %w(
     audio/vorbis
+    audio/opus
     video/ogg
     video/webm
   ).freeze
diff --git a/app/models/custom_filter.rb b/app/models/custom_filter.rb
index 9c936fed3..371267fc2 100644
--- a/app/models/custom_filter.rb
+++ b/app/models/custom_filter.rb
@@ -17,23 +17,8 @@
 class CustomFilter < ApplicationRecord
   self.ignored_columns += %w(whole_word irreversible)
 
-  # NOTE: We previously used `alias_attribute` but this does not play nicely
-  # with cache
-  def title
-    phrase
-  end
-
-  def title=(value)
-    self.phrase = value
-  end
-
-  def filter_action
-    action
-  end
-
-  def filter_action=(value)
-    self.action = value
-  end
+  alias_attribute :title, :phrase
+  alias_attribute :filter_action, :action
 
   VALID_CONTEXTS = %w(
     home
@@ -143,6 +128,10 @@ class CustomFilter < ApplicationRecord
   end
 
   def context_must_be_valid
-    errors.add(:context, I18n.t('filters.errors.invalid_context')) if context.empty? || context.any? { |c| !VALID_CONTEXTS.include?(c) }
+    errors.add(:context, I18n.t('filters.errors.invalid_context')) if invalid_context_value?
+  end
+
+  def invalid_context_value?
+    context.blank? || context.difference(VALID_CONTEXTS).any?
   end
 end
diff --git a/app/models/custom_filter_keyword.rb b/app/models/custom_filter_keyword.rb
index 1812a4308..3158b3b79 100644
--- a/app/models/custom_filter_keyword.rb
+++ b/app/models/custom_filter_keyword.rb
@@ -17,15 +17,7 @@ class CustomFilterKeyword < ApplicationRecord
 
   validates :keyword, presence: true
 
-  # NOTE: We previously used `alias_attribute` but this does not play nicely
-  # with cache
-  def phrase
-    keyword
-  end
-
-  def phrase=(value)
-    self.keyword = value
-  end
+  alias_attribute :phrase, :keyword
 
   before_save :prepare_cache_invalidation!
   before_destroy :prepare_cache_invalidation!
diff --git a/app/models/email_domain_block.rb b/app/models/email_domain_block.rb
index 60e90208d..f1b14c8b0 100644
--- a/app/models/email_domain_block.rb
+++ b/app/models/email_domain_block.rb
@@ -4,11 +4,12 @@
 #
 # Table name: email_domain_blocks
 #
-#  id         :bigint(8)        not null, primary key
-#  domain     :string           default(""), not null
-#  created_at :datetime         not null
-#  updated_at :datetime         not null
-#  parent_id  :bigint(8)
+#  id                  :bigint(8)        not null, primary key
+#  domain              :string           default(""), not null
+#  created_at          :datetime         not null
+#  updated_at          :datetime         not null
+#  parent_id           :bigint(8)
+#  allow_with_approval :boolean          default(FALSE), not null
 #
 
 class EmailDomainBlock < ApplicationRecord
@@ -42,8 +43,8 @@ class EmailDomainBlock < ApplicationRecord
       @attempt_ip = attempt_ip
     end
 
-    def match?
-      blocking? || invalid_uri?
+    def match?(...)
+      blocking?(...) || invalid_uri?
     end
 
     private
@@ -52,8 +53,8 @@ class EmailDomainBlock < ApplicationRecord
       @uris.any?(&:nil?)
     end
 
-    def blocking?
-      blocks = EmailDomainBlock.where(domain: domains_with_variants).order(Arel.sql('char_length(domain) desc'))
+    def blocking?(allow_with_approval: false)
+      blocks = EmailDomainBlock.where(domain: domains_with_variants, allow_with_approval: allow_with_approval).order(Arel.sql('char_length(domain) desc'))
       blocks.each { |block| block.history.add(@attempt_ip) } if @attempt_ip.present?
       blocks.any?
     end
@@ -86,4 +87,8 @@ class EmailDomainBlock < ApplicationRecord
   def self.block?(domain_or_domains, attempt_ip: nil)
     Matcher.new(domain_or_domains, attempt_ip: attempt_ip).match?
   end
+
+  def self.requires_approval?(domain_or_domains, attempt_ip: nil)
+    Matcher.new(domain_or_domains, attempt_ip: attempt_ip).match?(allow_with_approval: true)
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index c952beb6f..c67ea02ef 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -418,7 +418,7 @@ class User < ApplicationRecord
 
   def set_approved
     self.approved = begin
-      if sign_up_from_ip_requires_approval?
+      if sign_up_from_ip_requires_approval? || sign_up_email_requires_approval?
         false
       else
         open_registrations? || valid_invitation? || external?
@@ -430,6 +430,12 @@ class User < ApplicationRecord
     !sign_up_ip.nil? && IpBlock.where(severity: :sign_up_requires_approval).where('ip >>= ?', sign_up_ip.to_s).exists?
   end
 
+  def sign_up_email_requires_approval?
+    return false unless email.present? || unconfirmed_email.present?
+
+    EmailDomainBlock.requires_approval?(email.presence || unconfirmed_email, attempt_ip: sign_up_ip)
+  end
+
   def open_registrations?
     Setting.registrations_mode == 'open'
   end
diff --git a/app/serializers/rest/admin/email_domain_block_serializer.rb b/app/serializers/rest/admin/email_domain_block_serializer.rb
index a026ff680..afe7722cb 100644
--- a/app/serializers/rest/admin/email_domain_block_serializer.rb
+++ b/app/serializers/rest/admin/email_domain_block_serializer.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class REST::Admin::EmailDomainBlockSerializer < ActiveModel::Serializer
-  attributes :id, :domain, :created_at, :history
+  attributes :id, :domain, :created_at, :history, :allow_with_approval
 
   def id
     object.id.to_s
diff --git a/app/validators/email_mx_validator.rb b/app/validators/email_mx_validator.rb
index a30a0c820..794377894 100644
--- a/app/validators/email_mx_validator.rb
+++ b/app/validators/email_mx_validator.rb
@@ -47,6 +47,7 @@ class EmailMxValidator < ActiveModel::Validator
       dns.timeouts = 5
 
       records = dns.getresources(domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }
+      next if records == [''] # This domain explicitly rejects emails
 
       ([domain] + records).uniq.each do |hostname|
         ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::A).to_a.map { |e| e.address.to_s })
diff --git a/app/views/admin/email_domain_blocks/_email_domain_block.html.haml b/app/views/admin/email_domain_blocks/_email_domain_block.html.haml
index 7cb973c4b..f6a6e8266 100644
--- a/app/views/admin/email_domain_blocks/_email_domain_block.html.haml
+++ b/app/views/admin/email_domain_blocks/_email_domain_block.html.haml
@@ -12,3 +12,7 @@
         ·
 
       = t('admin.email_domain_blocks.attempts_over_week', count: email_domain_block.history.reduce(0) { |sum, day| sum + day.accounts })
+
+      - if email_domain_block.allow_with_approval?
+        ·
+        = t('admin.email_domain_blocks.allow_registrations_with_approval')
diff --git a/app/views/admin/email_domain_blocks/new.html.haml b/app/views/admin/email_domain_blocks/new.html.haml
index fa1d950ad..3d3148773 100644
--- a/app/views/admin/email_domain_blocks/new.html.haml
+++ b/app/views/admin/email_domain_blocks/new.html.haml
@@ -7,6 +7,9 @@
   .fields-group
     = f.input :domain, wrapper: :with_block_label, label: t('admin.email_domain_blocks.domain'), input_html: { readonly: defined?(@resolved_records) }
 
+  .fields-group
+    = f.input :allow_with_approval, wrapper: :with_label, hint: false, label: I18n.t('admin.email_domain_blocks.allow_registrations_with_approval')
+
   - if defined?(@resolved_records)
     %p.hint= t('admin.email_domain_blocks.resolved_dns_records_hint_html')
 
diff --git a/config/application.rb b/config/application.rb
index 990a89383..bab1b46cb 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -63,6 +63,8 @@ module Mastodon
     # Initialize configuration defaults for originally generated Rails version.
     config.load_defaults 7.0
 
+    config.active_record.marshalling_format_version = 7.1
+
     # Please, add to the `ignore` list any other `lib` subdirectories that do
     # not contain `.rb` files, or that should not be reloaded or eager loaded.
     # Common ones are `templates`, `generators`, or `middleware`, for example.
diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb
deleted file mode 100644
index edaf81944..000000000
--- a/config/initializers/new_framework_defaults_7_0.rb
+++ /dev/null
@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-# TODO
-# The Rails 7.0 framework default here is to set this true. However, we have a
-# location in devise that redirects where we don't have an easy ability to
-# override a method or set a config option, but where the redirect does not
-# provide this option.
-# https://github.com/heartcombo/devise/blob/v4.9.2/app/controllers/devise/confirmations_controller.rb#L28
-# Once a solution is found, this line can be removed.
-Rails.application.config.action_controller.raise_on_open_redirects = false
diff --git a/config/initializers/new_framework_defaults_7_1.rb b/config/initializers/new_framework_defaults_7_1.rb
index 2fa0e4274..1475fe2fd 100644
--- a/config/initializers/new_framework_defaults_7_1.rb
+++ b/config/initializers/new_framework_defaults_7_1.rb
@@ -158,15 +158,6 @@ Rails.application.config.add_autoload_paths_to_load_path = false
 # rather than to rely on a global default.
 # Rails.application.config.active_record.default_column_serializer = nil
 
-# Enable a performance optimization that serializes Active Record models
-# in a faster and more compact way.
-#
-# To perform a rolling deploy of a Rails 7.1 upgrade, wherein servers that have
-# not yet been upgraded must be able to read caches from upgraded servers,
-# leave this optimization off on the first deploy, then enable it on a
-# subsequent deploy.
-# Rails.application.config.active_record.marshalling_format_version = 7.1
-
 # Run `after_commit` and `after_*_commit` callbacks in the order they are defined in a model.
 # This matches the behaviour of all other callbacks.
 # In previous versions of Rails, they ran in the inverse order.
diff --git a/config/initializers/open_redirects.rb b/config/initializers/open_redirects.rb
new file mode 100644
index 000000000..c953a990c
--- /dev/null
+++ b/config/initializers/open_redirects.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# TODO
+# Starting with Rails 7.0, the framework default here is to set this true.
+# However, we have a location in devise that redirects where we don't have an
+# easy ability to override the method or set a config option, and where the
+# redirect does not supply this option itself.
+# https://github.com/heartcombo/devise/blob/v4.9.2/app/controllers/devise/confirmations_controller.rb#L28
+# Once a solution is found, this line can be removed.
+Rails.application.config.action_controller.raise_on_open_redirects = false
diff --git a/config/locales/activerecord.ia.yml b/config/locales/activerecord.ia.yml
index 480fd56f6..7d1e7d719 100644
--- a/config/locales/activerecord.ia.yml
+++ b/config/locales/activerecord.ia.yml
@@ -3,6 +3,7 @@ ia:
   activerecord:
     attributes:
       user:
+        email: Adresse de e-mail
         password: Contrasigno
       user/account:
         username: Nomine de usator
diff --git a/config/locales/activerecord.ie.yml b/config/locales/activerecord.ie.yml
index 588105ae9..0b22dd886 100644
--- a/config/locales/activerecord.ie.yml
+++ b/config/locales/activerecord.ie.yml
@@ -19,6 +19,7 @@ ie:
         account:
           attributes:
             username:
+              invalid: deve contener solmen lítteres, númeres e sublineas
               reserved: es reservat
         admin/webhook:
           attributes:
@@ -39,6 +40,7 @@ ie:
         user:
           attributes:
             email:
+              blocked: usa un ne-permisset provisor de e-posta
               unreachable: sembla ne exister
             role_id:
               elevated: ne posse esser plu alt quam tui actual rol
diff --git a/config/locales/be.yml b/config/locales/be.yml
index d8703b799..ca9b0d2b8 100644
--- a/config/locales/be.yml
+++ b/config/locales/be.yml
@@ -439,6 +439,7 @@ be:
       view: Праглядзець новы блок дамену
     email_domain_blocks:
       add_new: Дадаць
+      allow_registrations_with_approval: Дазволіць рэгістрацыю з дазволам
       attempts_over_week:
         few: "%{count} спробы рэгіістрацыі за апошні тыдзень"
         many: "%{count} спроб рэгіістрацыі за апошні тыдзень"
diff --git a/config/locales/ca.yml b/config/locales/ca.yml
index 0d7605f02..25f19ef25 100644
--- a/config/locales/ca.yml
+++ b/config/locales/ca.yml
@@ -425,6 +425,7 @@ ca:
       view: Veure el bloqueig del domini
     email_domain_blocks:
       add_new: Afegir nou
+      allow_registrations_with_approval: Registre permès amb validació
       attempts_over_week:
         one: "%{count} intent en la darrera setmana"
         other: "%{count} intents de registre en la darrera setmana"
diff --git a/config/locales/cy.yml b/config/locales/cy.yml
index 9dd533b2a..70b994903 100644
--- a/config/locales/cy.yml
+++ b/config/locales/cy.yml
@@ -453,6 +453,7 @@ cy:
       view: Gweld bloc parth
     email_domain_blocks:
       add_new: Ychwanegu
+      allow_registrations_with_approval: Caniatáu cofrestriadau wedi'u cymeradwyo
       attempts_over_week:
         few: "%{count} ymgais i gofrestru dros yr wythnos ddiwethaf"
         many: "%{count} ymgais i gofrestru dros yr wythnos ddiwethaf"
diff --git a/config/locales/da.yml b/config/locales/da.yml
index 6403ac1cc..3d6850ca5 100644
--- a/config/locales/da.yml
+++ b/config/locales/da.yml
@@ -425,6 +425,7 @@ da:
       view: Vis domæneblokering
     email_domain_blocks:
       add_new: Tilføj ny
+      allow_registrations_with_approval: Tillad registreringer med godkendelse
       attempts_over_week:
         one: "%{count} tilmeldingsforsøg over den seneste uge"
         other: "%{count} tilmeldingsforsøg over den seneste uge"
diff --git a/config/locales/devise.el.yml b/config/locales/devise.el.yml
index ba3ee59fa..13daa4b97 100644
--- a/config/locales/devise.el.yml
+++ b/config/locales/devise.el.yml
@@ -34,7 +34,7 @@ el:
         explanation: Το συνθηματικό του λογαριασμού σου άλλαξε.
         extra: Αν δεν άλλαξες εσύ το συνθηματικό σου, ίσως κάποιος να έχει αποκτήσει πρόσβαση στο λογαριασμό σου. Παρακαλούμε άλλαξε το συνθηματικό σου άμεσα ή επικοινώνησε με τον διαχειριστή του κόμβου σου αν έχεις κλειδωθεί απ' έξω.
         subject: 'Mastodon: Αλλαγή συνθηματικού'
-        title: Αλλαγή συνθηματικού
+        title: Ο κωδικός άλλαξε
       reconfirmation_instructions:
         explanation: Επιβεβαίωσε τη νέα διεύθυνση για να αλλάξεις το email σου.
         extra: Αν δεν ζήτησες εσύ αυτή την αλλαγή, παρακαλούμε αγνόησε αυτό το email. Η διεύθυνση email για τον λογαριασμό σου στο Mastodon δεν θα αλλάξει μέχρι να επισκεφτείς τον παραπάνω σύνδεσμο.
diff --git a/config/locales/devise.ia.yml b/config/locales/devise.ia.yml
index 6ab26788b..7b0ec2957 100644
--- a/config/locales/devise.ia.yml
+++ b/config/locales/devise.ia.yml
@@ -1 +1,25 @@
+---
 ia:
+  devise:
+    mailer:
+      confirmation_instructions:
+        action: Verificar adresse de e-mail
+        action_with_app: Confirmar e retornar a %{app}
+        title: Verificar adresse de e-mail
+      email_changed:
+        title: Nove adresse de e-mail
+      reconfirmation_instructions:
+        title: Verificar adresse de e-mail
+      reset_password_instructions:
+        action: Cambiar contrasigno
+        title: Reinitialisar contrasigno
+      two_factor_disabled:
+        title: 2FA disactivate
+    registrations:
+      updated: Tu conto ha essite actualisate con successo.
+    unlocks:
+      unlocked: Tu conto ha essite disblocate con successo. Initia session a continuar.
+  errors:
+    messages:
+      already_confirmed: jam esseva confirmate, tenta initiar session
+      not_found: non trovate
diff --git a/config/locales/devise.ie.yml b/config/locales/devise.ie.yml
index e4f2e6fb1..c6468d34c 100644
--- a/config/locales/devise.ie.yml
+++ b/config/locales/devise.ie.yml
@@ -46,17 +46,26 @@ ie:
         title: 2FA desvalidat
       two_factor_enabled:
         title: 2FA permisset
+      two_factor_recovery_codes_changed:
+        explanation: Li anteyan codes de recuperation ha esset ínvalidat, e novis generat.
+        subject: 'Mastodon: 2-factor codes de recuperation regenerat'
+        title: 2FA codes de recuperation changeat
       unlock_instructions:
         subject: 'Mastodon: Desserral instructiones'
       webauthn_credential:
         added:
           subject: 'Mastodon: Nov clave de securitá'
           title: Un nov clave de securitá ha esset adjuntet
+        deleted:
+          subject: 'Mastodon: Clave de securitá deletet'
       webauthn_disabled:
         subject: 'Mastodon: Autentication con claves de securitá desactivisat'
         title: Claves de securitá desactivisat
+      webauthn_enabled:
+        title: Claves de securitá activisat
     omniauth_callbacks:
       failure: Ne posset autenticar te de %{kind} pro "%{reason}".
+      success: Successosimen autenticat de conto %{kind}.
     passwords:
       no_token: Tu ne posse accessar ti-ci págine sin venir de un email pri reiniciar li passa-parol. Si tu ha venit de un email pri reiniciar li passa-parol, ples far cert que tu usat li complet URL providet.
       send_instructions: Si tui email-adresse existe in nor database, tu va reciver un ligament por recuperar li passa-parol a tui email-adresse in quelc minutes. Ples vider tui spam-emails si tu ne recivet ti email.
@@ -77,3 +86,6 @@ ie:
       expired: ha expirat, ples demandar un nov
       not_found: ne trovat
       not_locked: ne esset serrat
+      not_saved:
+        one: '1 error prohibit ti %{resource} de esser conservat:'
+        other: "%{count} errores prohibit ti %{resource} de esser conservat:"
diff --git a/config/locales/doorkeeper.el.yml b/config/locales/doorkeeper.el.yml
index b275af336..1cb9b3513 100644
--- a/config/locales/doorkeeper.el.yml
+++ b/config/locales/doorkeeper.el.yml
@@ -127,6 +127,7 @@ el:
         bookmarks: Σελιδοδείκτες
         conversations: Συνομιλίες
         crypto: Κρυπτογράφηση από άκρο σε άκρο
+        favourites: Αγαπημένα
         filters: Φίλτρα
         follow: Ακολουθείτε, σε Σίγαση και Αποκλεισμοί
         follows: Ακολουθείτε
@@ -169,9 +170,10 @@ el:
       read:accounts: να βλέπει τα στοιχεία λογαριασμών
       read:blocks: να βλέπει τους αποκλεισμένους σου
       read:bookmarks: εμφάνιση των σελιδοδεικτών σας
+      read:favourites: δείτε τα αγαπημένα σας
       read:filters: να βλέπει τα φίλτρα σου
-      read:follows: να βλέπει ποιους ακολουθείς
-      read:lists: να βλέπει τις λίστες σου
+      read:follows: δές ποιους ακολουθείς
+      read:lists: δές τις λίστες σου
       read:mutes: να βλέπει ποιους αποσιωπείς
       read:notifications: να βλέπει τις ειδοποιήσεις σου
       read:reports: να βλέπει τις καταγγελίες σου
@@ -183,8 +185,8 @@ el:
       write:bookmarks: προσθήκη σελιδοδεικτών
       write:conversations: σίγαση και διαγραφή συνομιλιών
       write:filters: να δημιουργεί φίλτρα
-      write:follows: να ακολουθεί ανθρώπους
-      write:lists: να δημιουργεί λίστες
+      write:follows: ακολουθήστε ανθρώπους
+      write:lists: δημιουργία λιστών
       write:media: να ανεβάζει πολυμέσα
       write:mutes: να αποσιωπεί ανθρώπους και συζητήσεις
       write:notifications: να καθαρίζει τις ειδοποιήσεις σου
diff --git a/config/locales/doorkeeper.ia.yml b/config/locales/doorkeeper.ia.yml
index 6ab26788b..55f28634a 100644
--- a/config/locales/doorkeeper.ia.yml
+++ b/config/locales/doorkeeper.ia.yml
@@ -1 +1,55 @@
+---
 ia:
+  activerecord:
+    attributes:
+      doorkeeper/application:
+        name: Nomine de application
+        website: Sito web de application
+  doorkeeper:
+    applications:
+      buttons:
+        cancel: Cancellar
+        edit: Modificar
+      edit:
+        title: Modificar application
+      index:
+        application: Application
+        delete: Deler
+        name: Nomine
+        new: Nove application
+        show: Monstrar
+        title: Tu applicationes
+      new:
+        title: Nove application
+      show:
+        actions: Actiones
+        title: 'Application: %{name}'
+    authorizations:
+      error:
+        title: Ocurreva un error
+    authorized_applications:
+      confirmations:
+        revoke: Es tu secur?
+      index:
+        scopes: Permissiones
+        title: Tu applicationes autorisate
+    flash:
+      applications:
+        create:
+          notice: Application create.
+        destroy:
+          notice: Application delite.
+        update:
+          notice: Application actualisate.
+    grouped_scopes:
+      title:
+        accounts: Contos
+        admin/accounts: Gestion de contos
+        favourites: Favoritos
+        lists: Listas
+        notifications: Notificationes
+        push: Notificationes push
+    layouts:
+      admin:
+        nav:
+          applications: Applicationes
diff --git a/config/locales/doorkeeper.ie.yml b/config/locales/doorkeeper.ie.yml
index 86a5de7b3..f49eb1d96 100644
--- a/config/locales/doorkeeper.ie.yml
+++ b/config/locales/doorkeeper.ie.yml
@@ -5,6 +5,7 @@ ie:
       doorkeeper/application:
         name: Nómine de aplication
         redirect_uri: URI de redirection
+        scopes: Scopes
         website: Situ web de aplication
     errors:
       models:
@@ -29,12 +30,15 @@ ie:
         title: Modificar aplication
       help:
         redirect_uri: Usar un linea per URI
+        scopes: Separar scopes con intersticies. Lassar blanc por usar li scopes predefinit.
       index:
         application: Aplication
+        callback_url: URL de retrovocada
         delete: Deleter
         empty: Tu have null aplicationes.
         name: Nómine
         new: Nov aplication
+        scopes: Scopes
         show: Monstrar
         title: Tui aplicationes
       new:
@@ -42,6 +46,8 @@ ie:
       show:
         actions: Actiones
         application_id: Clave de client
+        callback_urls: URLs de retrovocada
+        scopes: Scopes
         secret: Secrete de client
         title: 'Aplication: %{name}'
     authorizations:
@@ -51,6 +57,7 @@ ie:
       error:
         title: Alquo ha errat
       new:
+        review_permissions: Inspecter permissiones
         title: Autorisation besonat
     authorized_applications:
       buttons:
@@ -117,9 +124,13 @@ ie:
       admin:
         nav:
           applications: Aplicationes
+          oauth2_provider: Provisor OAuth2
+      application:
+        title: Autorisation OAuth besonat
     scopes:
       admin:read: leer li tot data sur li servitor
       admin:read:accounts: leer sensitiv information de omni contos
+      admin:read:canonical_email_blocks: leer sensitiv information pri omni canonic bloccas de e-posta
       admin:read:domain_allows: leer sensitiv information pri omni permisses de dominia
       admin:read:domain_blocks: leer sensitiv information pri omni bloccas de dominia
       admin:read:email_domain_blocks: leer sensitiv information pri omni bloccas de dominia basat sur e-posta
@@ -134,6 +145,7 @@ ie:
       admin:write:ip_blocks: fa moderatori actiones sur bloccas de IP
       admin:write:reports: far moderatori actiones sur raportes
       follow: modifica li relationes del conto
+      push: reciver tui pussa-notificationes
       read: lee omni datas de tui conto
       read:accounts: vide li informationes pri li conto
       read:blocks: vider tui bloccas
diff --git a/config/locales/el.yml b/config/locales/el.yml
index 4c58bfda0..4c31bfdde 100644
--- a/config/locales/el.yml
+++ b/config/locales/el.yml
@@ -962,6 +962,7 @@ el:
     notification_preferences: Αλλαγή προτιμήσεων email
     salutation: "%{name},"
     settings: 'Άλλαξε τις προτιμήσεις email: %{link}'
+    unsubscribe: Κατάργηση εγγραφής
     view: 'Προβολή:'
     view_profile: Προβολή προφίλ
     view_status: Προβολή ανάρτησης
@@ -975,6 +976,8 @@ el:
     your_token: Το διακριτικό πρόσβασής σου
   auth:
     apply_for_account: Ζήτα έναν λογαριασμό
+    captcha_confirmation:
+      title: Ελεγχος ασφαλείας
     confirmations:
       wrong_email_hint: Εάν αυτή η διεύθυνση email δεν είναι σωστή, μπορείς να την αλλάξεις στις ρυθμίσεις λογαριασμού.
     delete_account: Διαγραφή λογαριασμού
@@ -1238,6 +1241,8 @@ el:
     status: Κατάσταση
     success: Τα δεδομένα σου μεταφορτώθηκαν επιτυχώς και θα επεξεργαστούν σύντομα
     time_started: Ξεκίνησε στις
+    titles:
+      following: Εισαγωγή λογαριασμών που ακολουθείτε
     type: Τύπος εισαγωγής
     type_groups:
       destructive: Μπλοκ & σίγαση
@@ -1245,7 +1250,7 @@ el:
       blocking: Λίστα αποκλεισμού
       bookmarks: Σελιδοδείκτες
       domain_blocking: Λίστα αποκλεισμένων τομέων
-      following: Λίστα ακολούθων
+      following: Λίστα ατόμων που ακολουθείτε
       muting: Λίστα αποσιωπήσεων
     upload: Μεταμόρφωση
   invites:
@@ -1420,7 +1425,7 @@ el:
     follow_failure: Δεν ήταν δυνατή η παρακολούθηση ορισμένων από τους επιλεγμένους λογαριασμούς.
     follow_selected_followers: Ακολούθησε τους επιλεγμένους ακόλουθους
     followers: Ακόλουθοι
-    following: Ακολουθείς
+    following: Ακολουθείτε
     invited: Προσκεκλημένοι
     last_active: Τελευταία ενεργός
     most_recent: Πιο πρόσφατος
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 15d682d17..50f814a81 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -425,6 +425,7 @@ en:
       view: View domain block
     email_domain_blocks:
       add_new: Add new
+      allow_registrations_with_approval: Allow registrations with approval
       attempts_over_week:
         one: "%{count} attempt over the last week"
         other: "%{count} sign-up attempts over the last week"
diff --git a/config/locales/es-AR.yml b/config/locales/es-AR.yml
index 0000c297a..f214c92d2 100644
--- a/config/locales/es-AR.yml
+++ b/config/locales/es-AR.yml
@@ -425,6 +425,7 @@ es-AR:
       view: Ver bloqueo de dominio
     email_domain_blocks:
       add_new: Agregar nuevo
+      allow_registrations_with_approval: Permitir crear cuentas con aprobación
       attempts_over_week:
         one: "%{count} intento durante la última semana"
         other: "%{count} intentos durante la última semana"
diff --git a/config/locales/es-MX.yml b/config/locales/es-MX.yml
index 424262ca1..7f5b28287 100644
--- a/config/locales/es-MX.yml
+++ b/config/locales/es-MX.yml
@@ -425,6 +425,7 @@ es-MX:
       view: Ver dominio bloqueado
     email_domain_blocks:
       add_new: Añadir nuevo
+      allow_registrations_with_approval: Permitir registros con aprobación
       attempts_over_week:
         one: "%{count} intentos durante la última semana"
         other: "%{count} intentos de registro en la última semana"
diff --git a/config/locales/es.yml b/config/locales/es.yml
index f4a70e5e5..a1e9401f5 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -425,6 +425,7 @@ es:
       view: Ver dominio bloqueado
     email_domain_blocks:
       add_new: Añadir nuevo
+      allow_registrations_with_approval: Permitir registros con aprobación
       attempts_over_week:
         one: "%{count} intento durante la última semana"
         other: "%{count} intentos de registro durante la última semana"
diff --git a/config/locales/eu.yml b/config/locales/eu.yml
index bcf8540e7..0d253e9b3 100644
--- a/config/locales/eu.yml
+++ b/config/locales/eu.yml
@@ -427,6 +427,7 @@ eu:
       view: Ikusi domeinuaren blokeoa
     email_domain_blocks:
       add_new: Gehitu berria
+      allow_registrations_with_approval: Baimendu izen-emateak onarpen bidez
       attempts_over_week:
         one: Izen-emateko saiakera %{count} azken astean
         other: Izen-emateko %{count} saiakera azken astean
diff --git a/config/locales/fo.yml b/config/locales/fo.yml
index 726c9607e..00fb9c556 100644
--- a/config/locales/fo.yml
+++ b/config/locales/fo.yml
@@ -425,6 +425,7 @@ fo:
       view: Vís navnaøkisblokering
     email_domain_blocks:
       add_new: Stovna
+      allow_registrations_with_approval: Loyv skrásetingum við góðkenning
       attempts_over_week:
         one: "%{count} roynd seinastu vikuna"
         other: "%{count} tilmeldingarroyndir seinastu vikuna"
diff --git a/config/locales/fy.yml b/config/locales/fy.yml
index a08b3a401..9471c03b9 100644
--- a/config/locales/fy.yml
+++ b/config/locales/fy.yml
@@ -425,6 +425,7 @@ fy:
       view: Domeinblokkade besjen
     email_domain_blocks:
       add_new: Nije tafoegje
+      allow_registrations_with_approval: Ynskriuwingen mei tastimming tastean
       attempts_over_week:
         one: "%{count} registraasjebesykjen yn de ôfrûne wike"
         other: "%{count} registraasjebesykjen yn de ôfrûne wike"
diff --git a/config/locales/gl.yml b/config/locales/gl.yml
index c0e76842f..cff9427c6 100644
--- a/config/locales/gl.yml
+++ b/config/locales/gl.yml
@@ -425,6 +425,7 @@ gl:
       view: Ollar dominios bloqueados
     email_domain_blocks:
       add_new: Engadir novo
+      allow_registrations_with_approval: Permitir crear contas con aprobación
       attempts_over_week:
         one: "%{count} intento na última semana"
         other: "%{count} intentos de conexión na última semana"
diff --git a/config/locales/he.yml b/config/locales/he.yml
index f2cc88214..23a4e0c3a 100644
--- a/config/locales/he.yml
+++ b/config/locales/he.yml
@@ -439,6 +439,7 @@ he:
       view: צפייה בחסימת דומיינים
     email_domain_blocks:
       add_new: הוספת חדש
+      allow_registrations_with_approval: הרשאת הרשמה לאחר אישור
       attempts_over_week:
         many: "%{count} נסיונות הרשמה במשך השבוע שעבר"
         one: "%{count} נסיון במשך השבוע שעבר"
diff --git a/config/locales/hu.yml b/config/locales/hu.yml
index 5da1a4e06..5c8d1cf9a 100644
--- a/config/locales/hu.yml
+++ b/config/locales/hu.yml
@@ -425,6 +425,7 @@ hu:
       view: Domain tiltásának megtekintése
     email_domain_blocks:
       add_new: Új hozzáadása
+      allow_registrations_with_approval: Regisztráció engedélyezése jóváhagyással
       attempts_over_week:
         one: "%{count} próbálkozás a múlt héten"
         other: "%{count} próbálkozás feliratkozásra a múlt héten"
diff --git a/config/locales/ia.yml b/config/locales/ia.yml
index 64315d177..795ed8cc9 100644
--- a/config/locales/ia.yml
+++ b/config/locales/ia.yml
@@ -50,3 +50,26 @@ ia:
         '15778476': 6 menses
         '2629746': 1 mense
         '86400': 1 die
+  statuses_cleanup:
+    min_age:
+      '1209600': 2 septimanas
+      '15778476': 6 menses
+      '2629746': 1 mense
+      '31556952': 1 anno
+      '5259492': 2 menses
+      '604800': 1 septimana
+      '63113904': 2 annos
+      '7889238': 3 menses
+  themes:
+    default: Mastodon (Obscur)
+    mastodon-light: Mastodon (Clar)
+  two_factor_authentication:
+    add: Adder
+    disable: Disactivar 2FA
+  user_mailer:
+    appeal_approved:
+      action: Vader a tu conto
+    welcome:
+      subject: Benvenite in Mastodon
+  webauthn_credentials:
+    delete: Deler
diff --git a/config/locales/ie.yml b/config/locales/ie.yml
index 87aa1c41c..638205a7f 100644
--- a/config/locales/ie.yml
+++ b/config/locales/ie.yml
@@ -424,6 +424,7 @@ ie:
       view: Vider dominia-blocca
     email_domain_blocks:
       add_new: Adjunter un nov
+      allow_registrations_with_approval: Permisser registrationes con aprobation
       attempts_over_week:
         one: "%{count} registration-prova durant li ultim semane"
         other: "%{count} registration-prova durant li ultim semane"
@@ -439,6 +440,7 @@ ie:
         title: Bloccar nov email-dominia
       no_email_domain_block_selected: Null email-dominia-bloccas esset changeat pro que null esset selectet
       not_permitted: Ne permisset
+      resolved_dns_records_hint_html: Li dominia-nómine resolue se al seque dominias MX, queles es in fine responsabil por acceptar e-posta. Bloccar un dominia MX va bloccar inscriptiones de quelcunc e-posta quel usa li sam dominia MX, mem si li visibil dominia-nómine es diferent. <strong>Esse caut e ne blocca majori provisores de e-posta.</strong>
       resolved_through_html: Resoluet per %{domain}
       title: Bloccat email-dominias
     export_domain_allows:
@@ -672,11 +674,13 @@ ie:
       description_html: Con <strong>roles por usatores</strong>, tu posse customisar li functiones e locs de Mastodon in queles tui usatores posse accesser.
       edit: Modificar rol '%{name}'
       everyone: Permissiones predefinit
+      everyone_full_description_html: Ti es li <strong>fundamental rol</strong> quel afecta <strong>omni usatores</strong>, mem tis sin un assignat rol. Omni altri roles hereda permissiones de it.
       permissions_count:
         one: "%{count} permission"
         other: "%{count} permissiones"
       privileges:
         administrator: Administrator
+        administrator_description: Usatores con ti permission va trapassar omni permission
         delete_user_data: Deleter Data de Usator
         delete_user_data_description: Possibilisa que usatores mey deleter li data de altri usatores strax
         invite_users: Invitar Usatores
@@ -726,6 +730,8 @@ ie:
     settings:
       about:
         manage_rules: Gerer regules de servitor
+        preamble: Provider detalliat information pri qualmen li servitor es operat, moderat, payat.
+        rules_hint: Hay un dedicat area por regules queles vor usatores es expectat obedir.
         title: Pri
       appearance:
         preamble: Customisar li interfacie web de Mastodon.
@@ -736,7 +742,10 @@ ie:
         desc_html: To ci usa extern scrites de hCaptcha, quel posse esser ínquietant pro rasones de securitá e privatie. In plu, <strong>it posse far li processu de registration mult plu desfacil (particularimen por tis con deshabilitás)</strong>. Pro ti rasones, ples considerar alternativ mesuras, tales quam registration per aprobation o invitation.
         title: Exige que nov usatores solue un CAPTCHA por confirmar lor conto
       content_retention:
+        preamble: Decider qualmen usator-generat contenete es inmagasinat in Mastodon.
         title: Retention de contenete
+      default_noindex:
+        desc_html: Afecta omni usatores qui ne ha changeat ti parametre personalmen
       discovery:
         follow_recommendations: Seque-recomandationes
         preamble: Exposir interessant contenete es importantissim por incorporar nov usatores qui fórsan conosse nequi che Mastodon. Decider qualmen diferent utensiles de decovrition functiona che vor servitor.
@@ -771,11 +780,13 @@ ie:
       critical_update: Critic — ples actualisar rapidmen
       description: On recomanda que vu actualisa vor Mastodon-servitor regularimen por profiter del max recent fixes e facultates. In plu, quelcvez it es critic actualisar Mastodon promptmen por evitar problemas de securitá. Pro ti rasones, Mastodon questiona chascun 30 minutes ca hay actualisationes, e va notificar vos secun vor parametres pri email-notificationes.
       documentation_link: Aprender plu
+      release_notes: Version-notas
       title: Actualisationes disponibil
       type: Specie
       types:
         major: Majori lansament
         minor: Minori lansament
+        patch: Lapp-version — bug-corectiones e changes facil a aplicar
       version: Version
     statuses:
       account: Autor
@@ -967,6 +978,7 @@ ie:
       body: Nov versiones de Mastodon ha esset lansat, vu fórsan vole actualisar!
       subject: Nov versiones Mastodon es disponibil por %{instance}!
     new_trends:
+      body: 'Li sequent elementes besona un revision ante que on posse monstrar les publicmen:'
       new_trending_links:
         title: Populari ligamentes
       new_trending_statuses:
@@ -1385,10 +1397,12 @@ ie:
   media_attachments:
     validations:
       images_and_video: On ne posse atachar un video a un posta quel ja contene images
+      not_ready: Ne posse atachar files ancor sub tractament. Prova denov pos ne long!
       too_many: Ne posse atachar plu quam 4 files
   migrations:
     acct: Translocat a
     cancel: Anullar redirection
+    cancel_explanation: Anullar li redirection va reactivisar tui actual conto, ma ne va restaurar sequitores queles ha esset movet a ti-ta conto.
     cancelled_msg: Anullat redirection con successe.
     errors:
       already_moved: es li sam conto a equel tu ha ja translocat
@@ -1397,6 +1411,9 @@ ie:
       not_found: ne posset esser trovat
     followers_count: Sequitores al témpor de translocation
     incoming_migrations: Translocant de un conto diferent
+    incoming_migrations_html: Por mover de un altri conto a ti-ci, erstmen tu deve <a href="%{path}">crear un alias de conto</a>.
+    moved_msg: Tui conto nu redirecte a %{acct} e tui sequitores es in li processu de esser movet.
+    not_redirecting: Tui conto redirecte a null altri conto actualmen.
     on_cooldown: Tu ha recentmen migrat tui conto. Ti function va esser disponibil denov pos %{count} dies.
     past_migrations: Passat migrationes
     proceed_with_move: Translocar sequitores
@@ -1406,7 +1423,12 @@ ie:
     warning:
       backreference_required: Li nov conto deve in prim esser configurat por retroreferentiar ti-ci conto
       before: 'Ante proceder, ples leer ti notas cuidosimen:'
+      cooldown: Pos mover se, hay un periode de atendida durant quel tu ne va posser mover te denov
+      disabled_account: Tui actual conto ne va esser completmen usabil pos to. Támen, tu va posser accesser li exportation de data, e anc reactivisation.
+      followers: Ti-ci action va mover omni sequitores del actual conto al nov conto
+      only_redirect_html: Alternativmen, tu posse <a href="%{path}">solmen meter un redirection sur tui profil</a>.
       other_data: Necun altri data va esser translocat automaticmen
+      redirect: Li profil de tui actual conto va esser actualisat con un anuncie de redirection e va esser excludet de serchas
   moderation:
     title: Moderation
   move_handler:
@@ -1805,6 +1827,7 @@ ie:
   verification:
     extra_instructions_html: '<strong>Nota</strong>: Li ligament in tui websitu posse esser ínvisibil. Li important parte es <code>rel="me"</code> quel prevente fals self-identification in websitus con contenete generat de usatores. Tu posse mem usar un <code>link</code> element in li cap-section del págine vice <code>a</code>, ma li HTML code deve esser accessibil sin executer JavaScript.'
     here_is_how: Vide qualmen
+    hint_html: "<strong>Verificar tui identitá che Mastodon es por omnes.</strong> Basat sur apert web-criteries, líber nu e sempre. Omno quel tu besona es un websitu personal per quel gente reconosse te. Quande tu fa un ligament a tui websitu de tui profil, on va controlar que li websitu have un ligament reciproc a tui profil e monstrar un visual indicator sur it."
     instructions_html: Copiar e collar li code ci infra in li HTML de tui web-situ. Poy adjunter li adresse de tui web-situ ad-in un del aditional campes sur tui profil ex li section "Modificar profil" e salvar li changes.
     verification: Verification
     verified_links: Tui verificat ligamentes
@@ -1815,9 +1838,12 @@ ie:
       success: Tui clave de securitá esset adjuntet con successe.
     delete: Deleter
     delete_confirmation: Vole tu vermen deleter ti-ci clave de securitá?
+    description_html: Si tu activisa <strong>autentication per clave de securitá</strong>, aperter session va postular que tu usa un de tui claves de securitá.
     destroy:
+      error: Un problema evenit durant li deletion de tui clave de securitá. Ples provar denov.
       success: Tui clave de securitá esset successosimen deletet.
     invalid_credential: Ínvalid clave de securitá
     not_enabled: Tu ancor ne ha possibilisat WebAuthn
     not_supported: Ti-ci navigator ne subtene claves de securitá
+    otp_required: Por usar claves de securitá, ples activisar 2-factor autentication.
     registered_on: Adheret ye %{date}
diff --git a/config/locales/it.yml b/config/locales/it.yml
index 3637313c0..16b327f3e 100644
--- a/config/locales/it.yml
+++ b/config/locales/it.yml
@@ -425,6 +425,7 @@ it:
       view: Visualizza blocco di dominio
     email_domain_blocks:
       add_new: Aggiungi nuovo
+      allow_registrations_with_approval: Consenti registrazioni con approvazione
       attempts_over_week:
         one: "%{count} tentativo nell'ultima settimana"
         other: "%{count} tentativi di registrazione nell'ultima settimana"
diff --git a/config/locales/ko.yml b/config/locales/ko.yml
index e6187f4d8..76bb3bd9f 100644
--- a/config/locales/ko.yml
+++ b/config/locales/ko.yml
@@ -420,6 +420,7 @@ ko:
       view: 도메인 차단 보기
     email_domain_blocks:
       add_new: 새로 추가하기
+      allow_registrations_with_approval: 승인을 통한 가입 허용
       attempts_over_week:
         other: 지난 주 동안 %{count}건의 가입 시도가 있었습니다
       created_msg: 이메일 도메인 차단 규칙을 생성했습니다
diff --git a/config/locales/lad.yml b/config/locales/lad.yml
index 5c541d9f9..323ade8dd 100644
--- a/config/locales/lad.yml
+++ b/config/locales/lad.yml
@@ -383,7 +383,11 @@ lad:
       confirm_suspension:
         cancel: Anula
         confirm: Suspende
+        permanent_action: Si kites la suspensyon no restoraras dingunos datos ni relasyones.
+        remove_all_data: Esto efasara todo el kontenido, multimedia i datos de profiles de los kuentos en este domeno de tu sirvidor.
+        stop_communication: Tu sirvidor deshara de komunikarse kon estos sirvidores.
         title: Konfirma bloko de domeno para %{domain}
+        undo_relationships: Esto kitara todas las relasyones de segimyento entre tu kuentos en estos sirvidores i el tu sirvidor.
       created_msg: El bloko de domeno esta siendo prosesado
       destroyed_msg: El bloko de domeno se dezizo
       domain: Domeno
@@ -772,6 +776,8 @@ lad:
       type: Tipo
       types:
         major: Versyon prinsipala
+        minor: Versyon minora
+        patch: Versyon de remendo – koreksyones de yerros i trokamientos simples
       version: Versyon
     statuses:
       account: Autor
@@ -829,8 +835,10 @@ lad:
         message_html: No ay dingun prosedura Sidekiq en egzekusion para la(s) kola(s) %{value}. Por favor, reviza tu konfigurasyon de Sidekiq
       software_version_critical_check:
         action: Amostra aktualizasyones desponivles
+        message_html: Una aktualizasyon kritika de Mastodon esta desponivle. Por favor aktualiza pishin.
       software_version_patch_check:
         action: Amostra aktualizasyones desponivles
+        message_html: Una aktualizasyon de Mastodon kon koreksyon de yerros esta desponivle.
       upload_check_privacy_error:
         action: Klika aki para mas enformasyon
         message_html: "<strong>Tu sirvidor de web es mal konfigurado. La privasita de tus utilizadores esta en riziko.</strong>"
@@ -945,6 +953,7 @@ lad:
       next_steps: Puedes achetar la apelasyon para dezazer la dechizyon de moderasyon, o ignorarla.
       subject: "%{username} esta apelando a una dechizyon de moderasyon en %{instance}"
     new_critical_software_updates:
+      body: Ay mueva versyon kritika de Mastodon. Es posivle ke keras aktualizar pishin!
       subject: Ay aktualizasyones kritikas de Mastodon desponivles para %{instance}!
     new_pending_account:
       body: Los peratim del muevo kuento estan abashos. Puedes achetar o refuzar esta aplikasyon.
@@ -1045,13 +1054,17 @@ lad:
       accept: Acheta
       back: Atras
       preamble: Estas son establesidas i aplikadas por los moderadores de %{domain}.
+      preamble_invited: Antes de kontinuar, por favor reviza las reglas del sirvidor establesidas por los moderatores de %{domain}.
       title: Algunas reglas bazikas.
       title_invited: Fuites envitado.
     security: Sigurita
     set_new_password: Establese muevo kod
     setup:
       email_below_hint_html: Mira en tu kuti de spam o solisita de muevo. Si el adreso de posta elektronika ke aparese aki es yerrado, puedes trokarlo aki.
+      email_settings_hint_html: Klika el atadjiko ke te embimos para verifikar %{email}. Asperaremos aki.
       link_not_received: No risivites un atadijo?
+      new_confirmation_instructions_sent: Resiviras un muevo mesaj de posta elektronika kon el atadjio de konfirmasyon en unos minutos!
+      title: Reviza tu kuti de arivo
     sign_in:
       preamble_html: Konektate kon tus kredensiales de <strong>%{domain}</strong>. Si tu kuento esta balabayado en otruno servidor, no puedras konektarte aki.
       title: Konektate kon %{domain}
@@ -1246,9 +1259,11 @@ lad:
   imports:
     errors:
       empty: Dosya CSV vaziya
+      incompatible_type: Inkompativle kon el tipo de importo eskojido
       invalid_csv_file: 'Dosya CSV no valida. Yerro: %{error}'
       over_rows_processing_limit: kontiene mas de %{count} filas
       too_large: Dosya es mas grande
+    failures: Yerros
     imported: Importado
     modes:
       merge: Une
@@ -1671,6 +1686,9 @@ lad:
       month: "%b %Y"
       time: "%H:%M"
       with_time_zone: "%d de %b del %Y, %H:%M %Z"
+  translation:
+    errors:
+      too_many_requests: Ay demaziadas solisitudes de servisyo de traduksyon.
   two_factor_authentication:
     add: Adjusta
     disable: Inkapasita autentifikasyon en dos pasos
@@ -1750,9 +1768,12 @@ lad:
       title: Bienvenido, %{name}!
   users:
     follow_limit_reached: No puedes segir a mas de %{limit} personas
+    go_to_sso_account_settings: Va a la konfigurasyon de kuento de tu prokurador de identita
     invalid_otp_token: Kodiche de dos pasos no valido
+    otp_lost_help_html: Si pedriste akseso a los dos, puedes kontaktarte kon %{email}
     signed_in_as: 'Konektado komo:'
   verification:
+    here_is_how: Ansina es komo
     verification: Verifikasyon
     verified_links: Tus atadijos verifikados
   webauthn_credentials:
diff --git a/config/locales/lt.yml b/config/locales/lt.yml
index b1d8772b6..b194011a4 100644
--- a/config/locales/lt.yml
+++ b/config/locales/lt.yml
@@ -169,6 +169,7 @@ lt:
       undo: Atkurti domeno bloką
     email_domain_blocks:
       add_new: Pridėti naują
+      allow_registrations_with_approval: Leisti registracijas su patvirtinimu
       created_msg: El pašto domenas sėkmingai pridėtas į juodąjį sąrašą
       delete: Ištrinti
       domain: Domenas
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 44843b219..b2894e4ab 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -425,6 +425,7 @@ nl:
       view: Domeinblokkade bekijken
     email_domain_blocks:
       add_new: Nieuwe toevoegen
+      allow_registrations_with_approval: Inschrijvingen met toestemming toestaan
       attempts_over_week:
         one: "%{count} registratiepoging tijdens de afgelopen week"
         other: "%{count} registratiepogingen tijdens de afgelopen week"
diff --git a/config/locales/nn.yml b/config/locales/nn.yml
index 3ee02863d..70cbc27d6 100644
--- a/config/locales/nn.yml
+++ b/config/locales/nn.yml
@@ -425,6 +425,7 @@ nn:
       view: Vis domeneblokkering
     email_domain_blocks:
       add_new: Lag ny
+      allow_registrations_with_approval: Tillat registreringer med godkjenning
       attempts_over_week:
         one: "%{count} forsøk i løpet av den siste uken"
         other: "%{count} forsøk på å opprette konto i løpet av den siste uken"
diff --git a/config/locales/no.yml b/config/locales/no.yml
index f791c7151..54f82550b 100644
--- a/config/locales/no.yml
+++ b/config/locales/no.yml
@@ -425,6 +425,7 @@
       view: Vis domeneblokkering
     email_domain_blocks:
       add_new: Lag ny
+      allow_registrations_with_approval: Tillat registreringer med godkjenning
       attempts_over_week:
         one: "%{count} forsøk i løpet av den siste uken"
         other: "%{count} forsøk på å opprette konto i løpet av den siste uken"
diff --git a/config/locales/pl.yml b/config/locales/pl.yml
index 79de3b519..15aefe5f7 100644
--- a/config/locales/pl.yml
+++ b/config/locales/pl.yml
@@ -439,6 +439,7 @@ pl:
       view: Zobacz blokadę domeny
     email_domain_blocks:
       add_new: Dodaj nową
+      allow_registrations_with_approval: Zezwól na rejestracje po zatwierdzeniu
       attempts_over_week:
         few: "%{count} próby w ciągu ostatniego tygodnia"
         many: "%{count} prób w ciągu ostatniego tygodnia"
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index c8060ad80..2c485283b 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -425,6 +425,7 @@ pt-BR:
       view: Ver domínios bloqueados
     email_domain_blocks:
       add_new: Adicionar novo
+      allow_registrations_with_approval: Permitir inscrições com aprovação
       attempts_over_week:
         one: "%{count} tentativa na última semana"
         other: "%{count} tentativas de inscrição na última semana"
diff --git a/config/locales/pt-PT.yml b/config/locales/pt-PT.yml
index 89da6b480..111f0fa8e 100644
--- a/config/locales/pt-PT.yml
+++ b/config/locales/pt-PT.yml
@@ -425,6 +425,7 @@ pt-PT:
       view: Ver domínios bloqueados
     email_domain_blocks:
       add_new: Adicionar novo
+      allow_registrations_with_approval: Permitir inscrições com aprovação
       attempts_over_week:
         one: "%{count} tentativa na última semana"
         other: "%{count} tentativas de inscrição na última semana"
diff --git a/config/locales/simple_form.ia.yml b/config/locales/simple_form.ia.yml
index 6ab26788b..552abb255 100644
--- a/config/locales/simple_form.ia.yml
+++ b/config/locales/simple_form.ia.yml
@@ -1 +1,46 @@
+---
 ia:
+  simple_form:
+    labels:
+      account:
+        fields:
+          name: Etiquetta
+          value: Contento
+      admin_account_action:
+        type: Action
+      defaults:
+        avatar: Pictura de profilo
+        confirm_new_password: Confirmar nove contrasigno
+        confirm_password: Confirmar contrasigno
+        current_password: Contrasigno actual
+        new_password: Nove contrasigno
+        password: Contrasigno
+        setting_display_media_default: Predefinite
+        setting_display_media_hide_all: Celar toto
+        setting_display_media_show_all: Monstrar toto
+        setting_system_font_ui: Usar typo de litteras predefinite del systema
+        setting_theme: Thema de sito
+        setting_trends: Monstrar le tendentias de hodie
+        sign_in_token_attempt: Codice de securitate
+        title: Titulo
+        username: Nomine de usator
+        username_or_email: Nomine de usator o e-mail
+      form_admin_settings:
+        custom_css: CSS personalisate
+        profile_directory: Activar directorio de profilos
+        site_contact_email: Adresse de e-mail de contacto
+        site_contact_username: Nomine de usator de contacto
+        site_terms: Politica de confidentialitate
+        site_title: Nomine de servitor
+        theme: Thema predefinite
+        trends: Activar tendentias
+      notification_emails:
+        software_updates:
+          label: Un nove version de Mastodon es disponibile
+      user:
+        time_zone: Fuso horari
+      user_role:
+        name: Nomine
+        permissions_as_keys: Permissiones
+        position: Prioritate
+    'yes': Si
diff --git a/config/locales/simple_form.ie.yml b/config/locales/simple_form.ie.yml
index bde52e2a7..72797bde5 100644
--- a/config/locales/simple_form.ie.yml
+++ b/config/locales/simple_form.ie.yml
@@ -8,6 +8,7 @@ ie:
         fields: Tui websitu, pronómines, etá, quocunc quel tu vole.
         indexable: Tui public postas posse aparir in sercha-resultates sur Mastodon. E in omni casu, tis qui ha interactet con tui postas va posser serchar e trovar les.
         note: 'Tu posse @mentionar altri persones o #hashtags.'
+        show_collections: Gente va posser navigar tra tui sequentes e sequitores. Gente quem tu seque va vider que tu seque les sin egarda.
         unlocked: Persones va posser sequer te sin petir aprobation. Desselecte si tu vole manualmen tractar petitiones de sequer e decider ca acceptar o rejecter nov sequitores.
       account_alias:
         acct: Specificar li usatornomine@dominia del conto ex quel tu vole translocar
@@ -58,6 +59,14 @@ ie:
         setting_display_media_default: Celar medie marcat quam sensitiv
         setting_display_media_hide_all: Sempre celar medie
         setting_display_media_show_all: Sempre monstrar medie
+        setting_use_blurhash: Gradientes es basat sur li colores del celat visuales ma obscura omni detallies
+        setting_use_pending_items: Celar nov postas detra un clicc vice rular li témpor-linea automaticmen
+        username: Tu posse usar lítteres, númeres e sublineas
+      domain_allow:
+        domain: Ti dominia va posser obtener data de ti-ci servitor, e data venient de it va esser tractat e inmagasinat
+      email_domain_block:
+        domain: Ti posse esser li dominia-nómine quel apari in li email-adresse o li MX-registre quel it usa. Ili va esser controlat durant adhesion.
+        with_dns_records: On va far un prova resoluer li DNS-registres del specificat dominia, e li resultates anc va esser bloccat
       featured_tag:
         name: 'Vi quelc hashtags usat max recentmen de te:'
       filters:
@@ -66,8 +75,12 @@ ie:
           hide: Celar completmen li contenete filtrat, quam si it ne existe
           warn: Celar li contenete filtrat detra un avise mentionant li titul del filtre
       form_admin_settings:
+        activity_api_enabled: Númeres de postas publicat localmen, activ usatores, e nov adhesiones in periodes semanal
         backups_retention_period: Mantener usator-generat archives por li specificat quantitá de dies.
         bootstrap_timeline_accounts: Ti-ci contos va esser pinglat al parte superiori del recomandationes por nov usatores.
+        closed_registrations_message: Monstrat quande adhesiones es cludet
+        content_cache_retention_period: Omni postas e boosts de altri servitores va esser deletet pos li specificat quantitá de dies. Quelc postas fórsan va esser ínrestaurabil. Omni pertinent marcatores, favorites e boosts anc va esser perdit e ínpossibil a restaurar.
+        custom_css: On posse aplicar customisat stiles al web-version de Mastodon.
         mascot: Substitue li ilustration in li avansat interfacie web.
         peers_api_enabled: Un liste de nómines de dominia queles ti-ci servitor ha incontrat in li fediverse. Ci null data es includet pri ca tu confedera con un cert servitor o ne; it indica solmen que tui servitor conosse it. Usat per servicies colectent general statisticas pri federation.
         profile_directory: Li profilarium monstra omni usatores volent esser decovribil.
@@ -86,6 +99,7 @@ ie:
       ip_block:
         comment: Facultativ. Ne obliviar pro quo tu adjuntet ti-ci regul.
         expires_in: IP-adresses es un ressurse finit, quelcvez partit e transferet de manu a manu. Pro to, un índefinit bloccada de IP ne es recomandat.
+        ip: Intrar un adresse IPv4 o IPv6. Tu posse bloccar un tot intervalle de ili con li sintaxe CIDR. Atention a ne bloccar te self!
         severities:
           no_access: Bloccar accesse a omni ressurses
           sign_up_block: Nov registrationes ne va esser possibil
@@ -93,6 +107,10 @@ ie:
         severity: Selecter quo va evenir con demandes ex ti-ci IP
       rule:
         text: Descrir un regul o postulation por usatores sur ti-ci servitor. Prova scrir un descrition curt e simplic
+      sessions:
+        otp: 'Intrar li 2-factor code generat del app sur tui portabile o usar un de tui codes de recuperation:'
+      settings:
+        show_application: Totvez, tu va sempre posser vider quel app ha publicat tui posta.
       user:
         role: Permissiones de usator decidet per su rol
       user_role:
@@ -111,6 +129,7 @@ ie:
           name: Etiquette
           value: Contenete
         indexable: Includer public postas in resultates de sercha
+        unlocked: Automaticmen acceptar nov sequitores
       account_alias:
         acct: Usator-nómine del anteyan conto
       account_migration:
@@ -158,6 +177,7 @@ ie:
         max_uses: Max grand númere de usas
         new_password: Nov passa-parol
         note: Biografie
+        otp_attempt: 2-factor code
         password: Passa-parol
         phrase: Clave-parol o frase
         setting_advanced_layout: Possibilisar web-interfacie avansat
@@ -165,10 +185,13 @@ ie:
         setting_default_language: Lingue in quel postar
         setting_default_privacy: Privatie de postada
         setting_default_sensitive: Sempre marcar medie quam sensitiv
+        setting_display_media: Exposition de medie
         setting_display_media_default: Predefinitiones
         setting_display_media_hide_all: Celar omno
         setting_display_media_show_all: Monstrar omno
         setting_expand_spoilers: Sempre expander postas marcat con admonitiones de contenete
+        setting_hide_network: Celar tui grafica social
+        setting_reduce_motion: Reducter motion in animationes
         setting_system_font_ui: Usar predefinit fonte de sistema
         setting_theme: Tema de situ
         setting_trends: Monstrar li hodial tendenties
@@ -179,7 +202,10 @@ ie:
         title: Titul
         type: Specie de importation
         username: Nómine de usator
+        username_or_email: Usator-nómine o E-posta
         whole_word: Plen parol
+      email_domain_block:
+        with_dns_records: Includer archives MX e IPs del dominia
       featured_tag:
         name: Hashtag
       filters:
@@ -187,22 +213,36 @@ ie:
           hide: Celar completmen
           warn: Celar con un admonition
       form_admin_settings:
+        activity_api_enabled: Publicar agregat statisticas pri usator-activitá in li API
         backups_retention_period: Periode de retener archives de usator
         bootstrap_timeline_accounts: Sempre recomandar ti-ci contos a nov usatores
         closed_registrations_message: Customisat missage quande registration ne disponibil
+        content_cache_retention_period: Periode de retention por cachat contenete
         custom_css: Custom CSS
+        media_cache_retention_period: Periode de retention por cachat medie
+        peers_api_enabled: Publicar liste de conosset servitores per li API
         profile_directory: Possibilisar profilarium
         registrations_mode: Qui posse registrar se
+        require_invite_text: Exiger un rason por adherer se
         show_domain_blocks: Vider bloccas de dominia
         show_domain_blocks_rationale: Monstrar pro quo cert dominias esset bloccat
         site_contact_email: Contact e-mail adresse
         site_contact_username: Usator-nómine de contact
         site_extended_description: Extendet descrition
+        site_short_description: Descrition del servitor
+        site_terms: Politica pri Privatie
         site_title: Nómine de servitor
+        status_page_url: URL de statu-págine
         theme: Predefenit tema
+        thumbnail: Miniatura del servitor
+        timeline_preview: Permisser accesse ínautenticat al public témpor-lineas
         trendable_by_default: Possibilisar tendenties sin priori inspection
         trends: Possibilisar tendenties
         trends_as_landing_page: Usar tendenties quam frontispicie
+      interactions:
+        must_be_follower: Bloccar notificationes de tis qui ne seque te
+        must_be_following: Bloccar notificationes de tis quem tu ne seque
+        must_be_following_dm: Bloccar direct missages de tis quem tu ne seque
       invite:
         comment: Comentar
       invite_request:
@@ -216,27 +256,38 @@ ie:
           sign_up_requires_approval: Limitar usator-registrationes
         severity: Regul
       notification_emails:
+        appeal: Alqui apella un decision moderatori
+        digest: Inviar compendies per email
         favourite: Alqui favoritisat tui posta
         follow: Alqui sequet te
         follow_request: Alqui petit sequer te
         mention: Alqui mentionat te
         pending_account: Nov conto besonant inspection
+        reblog: Alqui boostat tui posta
         report: Nov raporte es submisset
         software_updates:
           all: Notificar pri omni nov actualisationes
           critical: Notificar solmen pri critical actualisationes
           label: Un nov version de Mastodon es disponibil
+          none: Nequande notificar pri actualisationes (ne recomandat)
+          patch: Notificar pri problema-fixant actualisationes
         trending_tag: Nov tendentie besonant inspection
       rule:
         text: Regul
+      settings:
+        indexable: Includer profil-pagine in serchatores
+        show_application: Monstrar de quel aplication tu fat un posta
       tag:
+        listable: Permisser que ti hashtag apari in serchas e suggestiones
         name: Hashtag
         trendable: Permisse que ti-ci hashtag apari sub tendenties
+        usable: Permisser que postas usa ti hashtag
       user:
         role: Rol
         time_zone: Zone temporal
       user_role:
         color: Color del insignie
+        highlighted: Monstrar rol quam insigne sur usator-profiles
         name: Nómine
         permissions_as_keys: Permissiones
         position: Prioritá
diff --git a/config/locales/simple_form.sk.yml b/config/locales/simple_form.sk.yml
index a89e1a429..e13a05835 100644
--- a/config/locales/simple_form.sk.yml
+++ b/config/locales/simple_form.sk.yml
@@ -149,6 +149,8 @@ sk:
         text: Prečo sa k nám chceš pridať?
       ip_block:
         comment: Komentár
+        severities:
+          sign_up_requires_approval: Obmedz registrácie
         severity: Pravidlo
       notification_emails:
         digest: Zasielať súhrnné emaily
diff --git a/config/locales/sk.yml b/config/locales/sk.yml
index feb84ea98..cfc5ee708 100644
--- a/config/locales/sk.yml
+++ b/config/locales/sk.yml
@@ -374,6 +374,7 @@ sk:
       view: Ukáž blokovanie domén
     email_domain_blocks:
       add_new: Pridaj nový
+      allow_registrations_with_approval: Povoľ registrovanie so schválením
       created_msg: Emailová doména bola úspešne pridaná do zoznamu zakázaných
       delete: Vymaž
       dns:
diff --git a/config/locales/sl.yml b/config/locales/sl.yml
index ecff5a667..83d52ae0e 100644
--- a/config/locales/sl.yml
+++ b/config/locales/sl.yml
@@ -439,6 +439,7 @@ sl:
       view: Pokaži domenski blok
     email_domain_blocks:
       add_new: Dodaj novo
+      allow_registrations_with_approval: Dovoli registracije z odobritvijo
       attempts_over_week:
         few: "%{count} poskusi prijave zadnji teden"
         one: "%{count} poskus prijave zadnji teden"
diff --git a/config/locales/sq.yml b/config/locales/sq.yml
index af1bb4644..9ab6e8536 100644
--- a/config/locales/sq.yml
+++ b/config/locales/sq.yml
@@ -425,6 +425,7 @@ sq:
       view: Shihni bllokim përkatësie
     email_domain_blocks:
       add_new: Shtoni të ri
+      allow_registrations_with_approval: Lejo regjistrim me miratim
       attempts_over_week:
         one: "%{count} përpjekje gjatë javës së shkuar"
         other: "%{count} përpjekje regjistrimi gjatë javës së kaluar"
diff --git a/config/locales/sr-Latn.yml b/config/locales/sr-Latn.yml
index e8760697e..02f63ede7 100644
--- a/config/locales/sr-Latn.yml
+++ b/config/locales/sr-Latn.yml
@@ -432,6 +432,7 @@ sr-Latn:
       view: Pročitaj blok domena
     email_domain_blocks:
       add_new: Dodaj novi
+      allow_registrations_with_approval: Dozvoli registraciju uz odobrenje
       attempts_over_week:
         few: "%{count} pokušaja tokom prethodne nedelje"
         one: "%{count} pokušaj tokom prethodne nedelje"
diff --git a/config/locales/sr.yml b/config/locales/sr.yml
index b32d86f65..51613940b 100644
--- a/config/locales/sr.yml
+++ b/config/locales/sr.yml
@@ -432,6 +432,7 @@ sr:
       view: Прочитај блок домена
     email_domain_blocks:
       add_new: Додај нови
+      allow_registrations_with_approval: Дозволи регистрацију уз одобрење
       attempts_over_week:
         few: "%{count} покушаја током претходне недеље"
         one: "%{count} покушај током претходне недеље"
diff --git a/config/locales/th.yml b/config/locales/th.yml
index 59a6b2c4f..f553f6a41 100644
--- a/config/locales/th.yml
+++ b/config/locales/th.yml
@@ -418,6 +418,7 @@ th:
       view: ดูการปิดกั้นโดเมน
     email_domain_blocks:
       add_new: เพิ่มใหม่
+      allow_registrations_with_approval: อนุญาตการลงทะเบียนด้วยการอนุมัติ
       attempts_over_week:
         other: "%{count} ความพยายามในการลงทะเบียนในช่วงสัปดาห์ที่ผ่านมา"
       created_msg: ปิดกั้นโดเมนอีเมลสำเร็จ
diff --git a/config/locales/tr.yml b/config/locales/tr.yml
index 568607e70..da8935f6c 100644
--- a/config/locales/tr.yml
+++ b/config/locales/tr.yml
@@ -425,6 +425,7 @@ tr:
       view: Alan adı bloğunu görüntüle
     email_domain_blocks:
       add_new: Yeni ekle
+      allow_registrations_with_approval: Onaylı kayıtlara izin ver
       attempts_over_week:
         one: Son haftada %{count} deneme
         other: Son haftada %{count} kayıt denemesi
diff --git a/config/locales/uk.yml b/config/locales/uk.yml
index 139b8be30..7a1957eba 100644
--- a/config/locales/uk.yml
+++ b/config/locales/uk.yml
@@ -439,6 +439,7 @@ uk:
       view: Переглянути заблоковані домени
     email_domain_blocks:
       add_new: Додати
+      allow_registrations_with_approval: Дозволити реєстрації із затвердженням
       attempts_over_week:
         few: "%{count} спроби входу за останній тиждень"
         many: "%{count} спроб входу за останній тиждень"
diff --git a/config/locales/vi.yml b/config/locales/vi.yml
index c06a84b97..85aabe717 100644
--- a/config/locales/vi.yml
+++ b/config/locales/vi.yml
@@ -418,6 +418,7 @@ vi:
       view: Xem máy chủ chặn
     email_domain_blocks:
       add_new: Thêm mới
+      allow_registrations_with_approval: Cho đăng ký nhưng duyệt thủ công
       attempts_over_week:
         other: "%{count} lần thử đăng ký vào tuần trước"
       created_msg: Đã chặn tên miền email này
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index ec4d71423..a573c8f99 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -418,6 +418,7 @@ zh-CN:
       view: 查看域名屏蔽
     email_domain_blocks:
       add_new: 添加新条目
+      allow_registrations_with_approval: 注册时需要批准
       attempts_over_week:
         other: 上周有 %{count} 次注册尝试
       created_msg: 成功屏蔽电子邮件域名
diff --git a/config/locales/zh-HK.yml b/config/locales/zh-HK.yml
index 01a0a026a..61355a4c5 100644
--- a/config/locales/zh-HK.yml
+++ b/config/locales/zh-HK.yml
@@ -418,6 +418,7 @@ zh-HK:
       view: 顯示正被阻隔的網域
     email_domain_blocks:
       add_new: 新增
+      allow_registrations_with_approval: 允許經批准的註冊
       attempts_over_week:
         other: 上週嘗試了註冊 %{count} 次
       created_msg: 已新增電郵網域阻隔
diff --git a/db/migrate/20170901141119_truncate_preview_cards.rb b/db/migrate/20170901141119_truncate_preview_cards.rb
index 22a773109..b4ba8c45e 100644
--- a/db/migrate/20170901141119_truncate_preview_cards.rb
+++ b/db/migrate/20170901141119_truncate_preview_cards.rb
@@ -22,11 +22,9 @@ class TruncatePreviewCards < ActiveRecord::Migration[5.1]
   end
 
   def down
-    if ActiveRecord::Base.connection.table_exists? 'deprecated_preview_cards'
-      drop_table :preview_cards
-      rename_table :deprecated_preview_cards, :preview_cards
-    else
-      raise ActiveRecord::IrreversibleMigration, 'Previous preview cards table has already been removed'
-    end
+    raise ActiveRecord::IrreversibleMigration, 'Previous preview cards table has already been removed' unless ActiveRecord::Base.connection.table_exists? 'deprecated_preview_cards'
+
+    drop_table :preview_cards
+    rename_table :deprecated_preview_cards, :preview_cards
   end
 end
diff --git a/db/migrate/20181024224956_migrate_account_conversations.rb b/db/migrate/20181024224956_migrate_account_conversations.rb
index 93ef5da61..d879fd88a 100644
--- a/db/migrate/20181024224956_migrate_account_conversations.rb
+++ b/db/migrate/20181024224956_migrate_account_conversations.rb
@@ -105,7 +105,7 @@ class MigrateAccountConversations < ActiveRecord::Migration[5.2]
       end
     end
 
-    notifications_about_direct_statuses.includes(:account, mention: { status: [:account, mentions: :account] }).find_each do |notification|
+    notifications_about_direct_statuses.includes(:account, mention: { status: [:account, { mentions: :account }] }).find_each do |notification|
       MigrationAccountConversation.add_status(notification.account, notification.target_status)
       migrated += 1
 
diff --git a/db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb b/db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb
index 88dcea436..4597ec5ef 100644
--- a/db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb
+++ b/db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb
@@ -9,7 +9,7 @@ class PreserveOldLayoutForExistingUsers < ActiveRecord::Migration[5.2]
     # on the to-be-changed default
 
     User.where(User.arel_table[:current_sign_in_at].gteq(1.month.ago)).find_each do |user|
-      next if Setting.unscoped.where(thing_type: 'User', thing_id: user.id, var: 'advanced_layout').exists?
+      next if Setting.unscoped.exists?(thing_type: 'User', thing_id: user.id, var: 'advanced_layout')
 
       user.settings.advanced_layout = true
     end
diff --git a/db/migrate/20231222100226_add_allow_with_approval_to_email_domain_blocks.rb b/db/migrate/20231222100226_add_allow_with_approval_to_email_domain_blocks.rb
new file mode 100644
index 000000000..01e8edfed
--- /dev/null
+++ b/db/migrate/20231222100226_add_allow_with_approval_to_email_domain_blocks.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddAllowWithApprovalToEmailDomainBlocks < ActiveRecord::Migration[7.1]
+  def change
+    add_column :email_domain_blocks, :allow_with_approval, :boolean, default: false, null: false
+  end
+end
diff --git a/db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb b/db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb
index 254690cc3..00afee26d 100644
--- a/db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb
+++ b/db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb
@@ -6,36 +6,55 @@ class MigrateSettingsToUserRoles < ActiveRecord::Migration[6.1]
   class UserRole < ApplicationRecord; end
 
   def up
-    owner_role     = UserRole.find_by(name: 'Owner')
-    admin_role     = UserRole.find_by(name: 'Admin')
-    moderator_role = UserRole.find_by(name: 'Moderator')
-    everyone_role  = UserRole.find_by(id: -99)
-
-    min_invite_role  = Setting.min_invite_role
-    show_staff_badge = Setting.show_staff_badge
-
-    if everyone_role
-      everyone_role.permissions &= ~::UserRole::FLAGS[:invite_users] unless min_invite_role == 'user'
-      everyone_role.save
-    end
-
-    if owner_role
-      owner_role.highlighted = show_staff_badge
-      owner_role.save
-    end
-
-    if admin_role
-      admin_role.permissions |= ::UserRole::FLAGS[:invite_users] if %w(admin moderator).include?(min_invite_role)
-      admin_role.highlighted  = show_staff_badge
-      admin_role.save
-    end
-
-    if moderator_role
-      moderator_role.permissions |= ::UserRole::FLAGS[:invite_users] if %w(moderator).include?(min_invite_role)
-      moderator_role.highlighted  = show_staff_badge
-      moderator_role.save
-    end
+    process_role_everyone
+    process_role_owner
+    process_role_admin
+    process_role_moderator
   end
 
   def down; end
+
+  private
+
+  def process_role_everyone
+    everyone_role = UserRole.find_by(id: -99)
+    return unless everyone_role
+
+    everyone_role.permissions &= ~::UserRole::FLAGS[:invite_users] unless min_invite_role == 'user'
+    everyone_role.save
+  end
+
+  def process_role_owner
+    owner_role = UserRole.find_by(name: 'Owner')
+    return unless owner_role
+
+    owner_role.highlighted = show_staff_badge
+    owner_role.save
+  end
+
+  def process_role_admin
+    admin_role = UserRole.find_by(name: 'Admin')
+    return unless admin_role
+
+    admin_role.permissions |= ::UserRole::FLAGS[:invite_users] if %w(admin moderator).include?(min_invite_role)
+    admin_role.highlighted  = show_staff_badge
+    admin_role.save
+  end
+
+  def process_role_moderator
+    moderator_role = UserRole.find_by(name: 'Moderator')
+    return unless moderator_role
+
+    moderator_role.permissions |= ::UserRole::FLAGS[:invite_users] if %w(moderator).include?(min_invite_role)
+    moderator_role.highlighted  = show_staff_badge
+    moderator_role.save
+  end
+
+  def min_invite_role
+    Setting.min_invite_role
+  end
+
+  def show_staff_badge
+    Setting.show_staff_badge
+  end
 end
diff --git a/db/schema.rb b/db/schema.rb
index 2bc6ca50d..05db802b6 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2023_12_12_073317) do
+ActiveRecord::Schema[7.1].define(version: 2023_12_22_100226) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
@@ -435,6 +435,7 @@ ActiveRecord::Schema[7.1].define(version: 2023_12_12_073317) do
     t.datetime "created_at", precision: nil, null: false
     t.datetime "updated_at", precision: nil, null: false
     t.bigint "parent_id"
+    t.boolean "allow_with_approval", default: false, null: false
     t.index ["domain"], name: "index_email_domain_blocks_on_domain", unique: true
   end
 
diff --git a/lib/mastodon/cli/federation.rb b/lib/mastodon/cli/federation.rb
index 4a4dde368..8bb46ecb1 100644
--- a/lib/mastodon/cli/federation.rb
+++ b/lib/mastodon/cli/federation.rb
@@ -48,19 +48,31 @@ module Mastodon::CLI
 
         exit(1) unless ask('Type in the domain of the server to confirm:') == Rails.configuration.x.local_domain
 
-        say('This operation WILL NOT be reversible.', :yellow)
-        say('While the data won\'t be erased locally, the server will be in a BROKEN STATE afterwards.', :yellow)
-        say('The deletion process itself may take a long time, and will be handled by Sidekiq, so do not shut it down until it has finished (you will be able to re-run this command to see the state of the self-destruct process).', :yellow)
+        say(<<~WARNING, :yellow)
+          This operation WILL NOT be reversible.
+          While the data won't be erased locally, the server will be in a BROKEN STATE afterwards.
+          The deletion process itself may take a long time, and will be handled by Sidekiq, so do not shut it down until it has finished (you will be able to re-run this command to see the state of the self-destruct process).
+        WARNING
 
         exit(1) if no?('Are you sure you want to proceed?')
 
-        self_destruct_value = Rails.application.message_verifier('self-destruct').generate(Rails.configuration.x.local_domain)
-        say('To switch Mastodon to self-destruct mode, add the following variable to your evironment (e.g. by adding a line to your `.env.production`) and restart all Mastodon processes:', :green)
-        say("  SELF_DESTRUCT=#{self_destruct_value}", :green)
-        say("\nYou can re-run this command to see the state of the self-destruct process.", :green)
+        say(<<~INSTRUCTIONS, :green)
+          To switch Mastodon to self-destruct mode, add the following variable to your evironment (e.g. by adding a line to your `.env.production`) and restart all Mastodon processes:
+            SELF_DESTRUCT=#{self_destruct_value}
+          You can re-run this command to see the state of the self-destruct process.
+        INSTRUCTIONS
       rescue Interrupt
         exit(1)
       end
+
+      private
+
+      def self_destruct_value
+        Rails
+          .application
+          .message_verifier('self-destruct')
+          .generate(Rails.configuration.x.local_domain)
+      end
     end
   end
 end
diff --git a/lib/mastodon/redis_config.rb b/lib/mastodon/redis_config.rb
index e885712f8..10672a535 100644
--- a/lib/mastodon/redis_config.rb
+++ b/lib/mastodon/redis_config.rb
@@ -34,7 +34,7 @@ REDIS_CACHE_PARAMS = {
   driver: :hiredis,
   url: ENV['CACHE_REDIS_URL'],
   expires_in: 10.minutes,
-  namespace: cache_namespace,
+  namespace: "#{cache_namespace}:7.1",
   connect_timeout: 5,
   pool: {
     size: Sidekiq.server? ? Sidekiq[:concurrency] : Integer(ENV['MAX_THREADS'] || 5),
diff --git a/package.json b/package.json
index b791eba46..abe81012d 100644
--- a/package.json
+++ b/package.json
@@ -205,7 +205,7 @@
     "prettier": "^3.0.0",
     "react-test-renderer": "^18.2.0",
     "stylelint": "^16.0.2",
-    "stylelint-config-standard-scss": "^12.0.0",
+    "stylelint-config-standard-scss": "^13.0.0",
     "typescript": "^5.0.4",
     "webpack-dev-server": "^3.11.3",
     "yargs": "^17.7.2"
diff --git a/spec/controllers/admin/email_domain_blocks_controller_spec.rb b/spec/controllers/admin/email_domain_blocks_controller_spec.rb
index 428660014..4de3ef0f6 100644
--- a/spec/controllers/admin/email_domain_blocks_controller_spec.rb
+++ b/spec/controllers/admin/email_domain_blocks_controller_spec.rb
@@ -12,13 +12,14 @@ RSpec.describe Admin::EmailDomainBlocksController do
   describe 'GET #index' do
     around do |example|
       default_per_page = EmailDomainBlock.default_per_page
-      EmailDomainBlock.paginates_per 1
+      EmailDomainBlock.paginates_per 2
       example.run
       EmailDomainBlock.paginates_per default_per_page
     end
 
     it 'returns http success' do
       2.times { Fabricate(:email_domain_block) }
+      Fabricate(:email_domain_block, allow_with_approval: true)
       get :index, params: { page: 2 }
       expect(response).to have_http_status(200)
     end
@@ -34,6 +35,16 @@ RSpec.describe Admin::EmailDomainBlocksController do
   describe 'POST #create' do
     context 'when resolve button is pressed' do
       before do
+        resolver = instance_double(Resolv::DNS)
+
+        allow(resolver).to receive(:getresources)
+          .with('example.com', Resolv::DNS::Resource::IN::MX)
+          .and_return([])
+        allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::A).and_return([])
+        allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::AAAA).and_return([])
+        allow(resolver).to receive(:timeouts=).and_return(nil)
+        allow(Resolv::DNS).to receive(:open).and_yield(resolver)
+
         post :create, params: { email_domain_block: { domain: 'example.com' } }
       end
 
diff --git a/spec/controllers/auth/registrations_controller_spec.rb b/spec/controllers/auth/registrations_controller_spec.rb
index 37172f8d2..bd1c61659 100644
--- a/spec/controllers/auth/registrations_controller_spec.rb
+++ b/spec/controllers/auth/registrations_controller_spec.rb
@@ -135,6 +135,25 @@ RSpec.describe Auth::RegistrationsController do
       end
     end
 
+    context 'when user has an email address requiring approval' do
+      subject do
+        Setting.registrations_mode = 'open'
+        Fabricate(:email_domain_block, allow_with_approval: true, domain: 'example.com')
+        request.headers['Accept-Language'] = accept_language
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
+      end
+
+      it 'creates unapproved user and redirects to setup' do
+        subject
+        expect(response).to redirect_to auth_setup_path
+
+        user = User.find_by(email: 'test@example.com')
+        expect(user).to_not be_nil
+        expect(user.locale).to eq(accept_language)
+        expect(user.approved).to be(false)
+      end
+    end
+
     context 'with Approval-based registrations without invite' do
       subject do
         Setting.registrations_mode = 'approved'
diff --git a/spec/features/admin/accounts_spec.rb b/spec/features/admin/accounts_spec.rb
index ad9c51485..6d7bab184 100644
--- a/spec/features/admin/accounts_spec.rb
+++ b/spec/features/admin/accounts_spec.rb
@@ -22,7 +22,7 @@ describe 'Admin::Accounts' do
 
     context 'without selecting any accounts' do
       it 'displays a notice about account selection' do
-        click_button button_for_suspend
+        click_on button_for_suspend
 
         expect(page).to have_content(selection_error_text)
       end
@@ -32,7 +32,7 @@ describe 'Admin::Accounts' do
       it 'suspends the account' do
         batch_checkbox_for(approved_user_account).check
 
-        click_button button_for_suspend
+        click_on button_for_suspend
 
         expect(approved_user_account.reload).to be_suspended
       end
@@ -42,7 +42,7 @@ describe 'Admin::Accounts' do
       it 'approves the account user' do
         batch_checkbox_for(unapproved_user_account).check
 
-        click_button button_for_approve
+        click_on button_for_approve
 
         expect(unapproved_user_account.reload.user).to be_approved
       end
@@ -52,7 +52,7 @@ describe 'Admin::Accounts' do
       it 'rejects and removes the account' do
         batch_checkbox_for(unapproved_user_account).check
 
-        click_button button_for_reject
+        click_on button_for_reject
 
         expect { unapproved_user_account.reload }.to raise_error(ActiveRecord::RecordNotFound)
       end
diff --git a/spec/features/admin/custom_emojis_spec.rb b/spec/features/admin/custom_emojis_spec.rb
index 3fea8f06f..8a8b6efcd 100644
--- a/spec/features/admin/custom_emojis_spec.rb
+++ b/spec/features/admin/custom_emojis_spec.rb
@@ -16,7 +16,7 @@ describe 'Admin::CustomEmojis' do
 
     context 'without selecting any records' do
       it 'displays a notice about selection' do
-        click_button button_for_enable
+        click_on button_for_enable
 
         expect(page).to have_content(selection_error_text)
       end
diff --git a/spec/features/admin/domain_blocks_spec.rb b/spec/features/admin/domain_blocks_spec.rb
index 4379ac91d..6a1405cdf 100644
--- a/spec/features/admin/domain_blocks_spec.rb
+++ b/spec/features/admin/domain_blocks_spec.rb
@@ -14,7 +14,7 @@ describe 'blocking domains through the moderation interface' do
 
       fill_in 'domain_block_domain', with: 'example.com'
       select I18n.t('admin.domain_blocks.new.severity.silence'), from: 'domain_block_severity'
-      click_button I18n.t('admin.domain_blocks.new.create')
+      click_on I18n.t('admin.domain_blocks.new.create')
 
       expect(DomainBlock.exists?(domain: 'example.com', severity: 'silence')).to be true
       expect(DomainBlockWorker).to have_received(:perform_async)
@@ -27,14 +27,14 @@ describe 'blocking domains through the moderation interface' do
 
       fill_in 'domain_block_domain', with: 'example.com'
       select I18n.t('admin.domain_blocks.new.severity.suspend'), from: 'domain_block_severity'
-      click_button I18n.t('admin.domain_blocks.new.create')
+      click_on I18n.t('admin.domain_blocks.new.create')
 
       # It doesn't immediately block but presents a confirmation screen
       expect(page).to have_title(I18n.t('admin.domain_blocks.confirm_suspension.title', domain: 'example.com'))
       expect(DomainBlockWorker).to_not have_received(:perform_async)
 
       # Confirming creates a block
-      click_button I18n.t('admin.domain_blocks.confirm_suspension.confirm')
+      click_on I18n.t('admin.domain_blocks.confirm_suspension.confirm')
 
       expect(DomainBlock.exists?(domain: 'example.com', severity: 'suspend')).to be true
       expect(DomainBlockWorker).to have_received(:perform_async)
@@ -49,14 +49,14 @@ describe 'blocking domains through the moderation interface' do
 
       fill_in 'domain_block_domain', with: 'example.com'
       select I18n.t('admin.domain_blocks.new.severity.suspend'), from: 'domain_block_severity'
-      click_button I18n.t('admin.domain_blocks.new.create')
+      click_on I18n.t('admin.domain_blocks.new.create')
 
       # It doesn't immediately block but presents a confirmation screen
       expect(page).to have_title(I18n.t('admin.domain_blocks.confirm_suspension.title', domain: 'example.com'))
       expect(DomainBlockWorker).to_not have_received(:perform_async)
 
       # Confirming updates the block
-      click_button I18n.t('admin.domain_blocks.confirm_suspension.confirm')
+      click_on I18n.t('admin.domain_blocks.confirm_suspension.confirm')
 
       expect(domain_block.reload.severity).to eq 'suspend'
       expect(DomainBlockWorker).to have_received(:perform_async)
@@ -71,14 +71,14 @@ describe 'blocking domains through the moderation interface' do
 
       fill_in 'domain_block_domain', with: 'subdomain.example.com'
       select I18n.t('admin.domain_blocks.new.severity.suspend'), from: 'domain_block_severity'
-      click_button I18n.t('admin.domain_blocks.new.create')
+      click_on I18n.t('admin.domain_blocks.new.create')
 
       # It doesn't immediately block but presents a confirmation screen
       expect(page).to have_title(I18n.t('admin.domain_blocks.confirm_suspension.title', domain: 'subdomain.example.com'))
       expect(DomainBlockWorker).to_not have_received(:perform_async)
 
       # Confirming creates the block
-      click_button I18n.t('admin.domain_blocks.confirm_suspension.confirm')
+      click_on I18n.t('admin.domain_blocks.confirm_suspension.confirm')
 
       expect(DomainBlock.where(domain: 'subdomain.example.com', severity: 'suspend')).to exist
       expect(DomainBlockWorker).to have_received(:perform_async)
@@ -96,14 +96,14 @@ describe 'blocking domains through the moderation interface' do
       visit edit_admin_domain_block_path(domain_block)
 
       select I18n.t('admin.domain_blocks.new.severity.suspend'), from: 'domain_block_severity'
-      click_button I18n.t('generic.save_changes')
+      click_on I18n.t('generic.save_changes')
 
       # It doesn't immediately block but presents a confirmation screen
       expect(page).to have_title(I18n.t('admin.domain_blocks.confirm_suspension.title', domain: 'example.com'))
       expect(DomainBlockWorker).to_not have_received(:perform_async)
 
       # Confirming updates the block
-      click_button I18n.t('admin.domain_blocks.confirm_suspension.confirm')
+      click_on I18n.t('admin.domain_blocks.confirm_suspension.confirm')
       expect(DomainBlockWorker).to have_received(:perform_async)
 
       expect(domain_block.reload.severity).to eq 'suspend'
diff --git a/spec/features/admin/email_domain_blocks_spec.rb b/spec/features/admin/email_domain_blocks_spec.rb
index 80efe72e9..14959cbe7 100644
--- a/spec/features/admin/email_domain_blocks_spec.rb
+++ b/spec/features/admin/email_domain_blocks_spec.rb
@@ -16,7 +16,7 @@ describe 'Admin::EmailDomainBlocks' do
 
     context 'without selecting any records' do
       it 'displays a notice about selection' do
-        click_button button_for_delete
+        click_on button_for_delete
 
         expect(page).to have_content(selection_error_text)
       end
diff --git a/spec/features/admin/ip_blocks_spec.rb b/spec/features/admin/ip_blocks_spec.rb
index 465c88919..c9b16f6f7 100644
--- a/spec/features/admin/ip_blocks_spec.rb
+++ b/spec/features/admin/ip_blocks_spec.rb
@@ -16,7 +16,7 @@ describe 'Admin::IpBlocks' do
 
     context 'without selecting any records' do
       it 'displays a notice about selection' do
-        click_button button_for_delete
+        click_on button_for_delete
 
         expect(page).to have_content(selection_error_text)
       end
diff --git a/spec/features/admin/software_updates_spec.rb b/spec/features/admin/software_updates_spec.rb
index a2373d35a..4a635d1a7 100644
--- a/spec/features/admin/software_updates_spec.rb
+++ b/spec/features/admin/software_updates_spec.rb
@@ -11,13 +11,13 @@ describe 'finding software updates through the admin interface' do
 
   it 'shows a link to the software updates page, which links to release notes' do
     visit settings_profile_path
-    click_link I18n.t('admin.critical_update_pending')
+    click_on I18n.t('admin.critical_update_pending')
 
     expect(page).to have_title(I18n.t('admin.software_updates.title'))
 
     expect(page).to have_content('99.99.99')
 
-    click_link I18n.t('admin.software_updates.release_notes')
+    click_on I18n.t('admin.software_updates.release_notes')
     expect(page).to have_current_path('https://github.com/mastodon/mastodon/releases/v99', url: true)
   end
 end
diff --git a/spec/features/admin/statuses_spec.rb b/spec/features/admin/statuses_spec.rb
index a21c901a9..531d0de95 100644
--- a/spec/features/admin/statuses_spec.rb
+++ b/spec/features/admin/statuses_spec.rb
@@ -17,7 +17,7 @@ describe 'Admin::Statuses' do
 
     context 'without selecting any records' do
       it 'displays a notice about selection' do
-        click_button button_for_report
+        click_on button_for_report
 
         expect(page).to have_content(selection_error_text)
       end
diff --git a/spec/features/admin/trends/links/preview_card_providers_spec.rb b/spec/features/admin/trends/links/preview_card_providers_spec.rb
index cf9796abf..dca89117b 100644
--- a/spec/features/admin/trends/links/preview_card_providers_spec.rb
+++ b/spec/features/admin/trends/links/preview_card_providers_spec.rb
@@ -16,7 +16,7 @@ describe 'Admin::Trends::Links::PreviewCardProviders' do
 
     context 'without selecting any records' do
       it 'displays a notice about selection' do
-        click_button button_for_allow
+        click_on button_for_allow
 
         expect(page).to have_content(selection_error_text)
       end
diff --git a/spec/features/admin/trends/links_spec.rb b/spec/features/admin/trends/links_spec.rb
index 8b1b991a5..99638bc06 100644
--- a/spec/features/admin/trends/links_spec.rb
+++ b/spec/features/admin/trends/links_spec.rb
@@ -16,7 +16,7 @@ describe 'Admin::Trends::Links' do
 
     context 'without selecting any records' do
       it 'displays a notice about selection' do
-        click_button button_for_allow
+        click_on button_for_allow
 
         expect(page).to have_content(selection_error_text)
       end
diff --git a/spec/features/admin/trends/statuses_spec.rb b/spec/features/admin/trends/statuses_spec.rb
index a578ab055..779a15d38 100644
--- a/spec/features/admin/trends/statuses_spec.rb
+++ b/spec/features/admin/trends/statuses_spec.rb
@@ -16,7 +16,7 @@ describe 'Admin::Trends::Statuses' do
 
     context 'without selecting any records' do
       it 'displays a notice about selection' do
-        click_button button_for_allow
+        click_on button_for_allow
 
         expect(page).to have_content(selection_error_text)
       end
diff --git a/spec/features/admin/trends/tags_spec.rb b/spec/features/admin/trends/tags_spec.rb
index 7502bc8c6..52e49c3a5 100644
--- a/spec/features/admin/trends/tags_spec.rb
+++ b/spec/features/admin/trends/tags_spec.rb
@@ -16,7 +16,7 @@ describe 'Admin::Trends::Tags' do
 
     context 'without selecting any records' do
       it 'displays a notice about selection' do
-        click_button button_for_allow
+        click_on button_for_allow
 
         expect(page).to have_content(selection_error_text)
       end
diff --git a/spec/features/captcha_spec.rb b/spec/features/captcha_spec.rb
index 906aec4af..15c37eb46 100644
--- a/spec/features/captcha_spec.rb
+++ b/spec/features/captcha_spec.rb
@@ -23,7 +23,7 @@ describe 'email confirmation flow when captcha is enabled' do
       expect(user.reload.confirmed?).to be false
 
       # It redirects to app and confirms user
-      click_button I18n.t('challenge.confirm')
+      click_on I18n.t('challenge.confirm')
       expect(user.reload.confirmed?).to be true
       expect(page).to have_current_path(/\A#{client_app.confirmation_redirect_uri}/, url: true)
 
diff --git a/spec/features/log_in_spec.rb b/spec/features/log_in_spec.rb
index 7e5196aba..c64e19d2b 100644
--- a/spec/features/log_in_spec.rb
+++ b/spec/features/log_in_spec.rb
@@ -19,7 +19,7 @@ describe 'Log in' do
   it 'A valid email and password user is able to log in' do
     fill_in 'user_email', with: email
     fill_in 'user_password', with: password
-    click_button I18n.t('auth.login')
+    click_on I18n.t('auth.login')
 
     expect(subject).to have_css('div.app-holder')
   end
@@ -27,7 +27,7 @@ describe 'Log in' do
   it 'A invalid email and password user is not able to log in' do
     fill_in 'user_email', with: 'invalid_email'
     fill_in 'user_password', with: 'invalid_password'
-    click_button I18n.t('auth.login')
+    click_on I18n.t('auth.login')
 
     expect(subject).to have_css('.flash-message', text: failure_message('invalid'))
   end
@@ -38,7 +38,7 @@ describe 'Log in' do
     it 'A unconfirmed user is able to log in' do
       fill_in 'user_email', with: email
       fill_in 'user_password', with: password
-      click_button I18n.t('auth.login')
+      click_on I18n.t('auth.login')
 
       expect(subject).to have_css('div.admin-wrapper')
     end
diff --git a/spec/features/oauth_spec.rb b/spec/features/oauth_spec.rb
index 0e612b56a..967956cc8 100644
--- a/spec/features/oauth_spec.rb
+++ b/spec/features/oauth_spec.rb
@@ -20,7 +20,7 @@ describe 'Using OAuth from an external app' do
       expect(page).to have_content(I18n.t('doorkeeper.authorizations.buttons.authorize'))
 
       # Upon authorizing, it redirects to the apps' callback URL
-      click_button I18n.t('doorkeeper.authorizations.buttons.authorize')
+      click_on I18n.t('doorkeeper.authorizations.buttons.authorize')
       expect(page).to have_current_path(/\A#{client_app.redirect_uri}/, url: true)
 
       # It grants the app access to the account
@@ -35,7 +35,7 @@ describe 'Using OAuth from an external app' do
       expect(page).to have_content(I18n.t('doorkeeper.authorizations.buttons.deny'))
 
       # Upon denying, it redirects to the apps' callback URL
-      click_button I18n.t('doorkeeper.authorizations.buttons.deny')
+      click_on I18n.t('doorkeeper.authorizations.buttons.deny')
       expect(page).to have_current_path(/\A#{client_app.redirect_uri}/, url: true)
 
       # It does not grant the app access to the account
@@ -63,17 +63,17 @@ describe 'Using OAuth from an external app' do
       # Failing to log-in presents the form again
       fill_in 'user_email', with: email
       fill_in 'user_password', with: 'wrong password'
-      click_button I18n.t('auth.login')
+      click_on I18n.t('auth.login')
       expect(page).to have_content(I18n.t('auth.login'))
 
       # Logging in redirects to an authorization page
       fill_in 'user_email', with: email
       fill_in 'user_password', with: password
-      click_button I18n.t('auth.login')
+      click_on I18n.t('auth.login')
       expect(page).to have_content(I18n.t('doorkeeper.authorizations.buttons.authorize'))
 
       # Upon authorizing, it redirects to the apps' callback URL
-      click_button I18n.t('doorkeeper.authorizations.buttons.authorize')
+      click_on I18n.t('doorkeeper.authorizations.buttons.authorize')
       expect(page).to have_current_path(/\A#{client_app.redirect_uri}/, url: true)
 
       # It grants the app access to the account
@@ -90,17 +90,17 @@ describe 'Using OAuth from an external app' do
       # Failing to log-in presents the form again
       fill_in 'user_email', with: email
       fill_in 'user_password', with: 'wrong password'
-      click_button I18n.t('auth.login')
+      click_on I18n.t('auth.login')
       expect(page).to have_content(I18n.t('auth.login'))
 
       # Logging in redirects to an authorization page
       fill_in 'user_email', with: email
       fill_in 'user_password', with: password
-      click_button I18n.t('auth.login')
+      click_on I18n.t('auth.login')
       expect(page).to have_content(I18n.t('doorkeeper.authorizations.buttons.authorize'))
 
       # Upon denying, it redirects to the apps' callback URL
-      click_button I18n.t('doorkeeper.authorizations.buttons.deny')
+      click_on I18n.t('doorkeeper.authorizations.buttons.deny')
       expect(page).to have_current_path(/\A#{client_app.redirect_uri}/, url: true)
 
       # It does not grant the app access to the account
@@ -120,27 +120,27 @@ describe 'Using OAuth from an external app' do
         # Failing to log-in presents the form again
         fill_in 'user_email', with: email
         fill_in 'user_password', with: 'wrong password'
-        click_button I18n.t('auth.login')
+        click_on I18n.t('auth.login')
         expect(page).to have_content(I18n.t('auth.login'))
 
         # Logging in redirects to a two-factor authentication page
         fill_in 'user_email', with: email
         fill_in 'user_password', with: password
-        click_button I18n.t('auth.login')
+        click_on I18n.t('auth.login')
         expect(page).to have_content(I18n.t('simple_form.hints.sessions.otp'))
 
         # Filling in an incorrect two-factor authentication code presents the form again
         fill_in 'user_otp_attempt', with: 'wrong'
-        click_button I18n.t('auth.login')
+        click_on I18n.t('auth.login')
         expect(page).to have_content(I18n.t('simple_form.hints.sessions.otp'))
 
         # Filling in the correct TOTP code redirects to an app authorization page
         fill_in 'user_otp_attempt', with: user.current_otp
-        click_button I18n.t('auth.login')
+        click_on I18n.t('auth.login')
         expect(page).to have_content(I18n.t('doorkeeper.authorizations.buttons.authorize'))
 
         # Upon authorizing, it redirects to the apps' callback URL
-        click_button I18n.t('doorkeeper.authorizations.buttons.authorize')
+        click_on I18n.t('doorkeeper.authorizations.buttons.authorize')
         expect(page).to have_current_path(/\A#{client_app.redirect_uri}/, url: true)
 
         # It grants the app access to the account
@@ -157,27 +157,27 @@ describe 'Using OAuth from an external app' do
         # Failing to log-in presents the form again
         fill_in 'user_email', with: email
         fill_in 'user_password', with: 'wrong password'
-        click_button I18n.t('auth.login')
+        click_on I18n.t('auth.login')
         expect(page).to have_content(I18n.t('auth.login'))
 
         # Logging in redirects to a two-factor authentication page
         fill_in 'user_email', with: email
         fill_in 'user_password', with: password
-        click_button I18n.t('auth.login')
+        click_on I18n.t('auth.login')
         expect(page).to have_content(I18n.t('simple_form.hints.sessions.otp'))
 
         # Filling in an incorrect two-factor authentication code presents the form again
         fill_in 'user_otp_attempt', with: 'wrong'
-        click_button I18n.t('auth.login')
+        click_on I18n.t('auth.login')
         expect(page).to have_content(I18n.t('simple_form.hints.sessions.otp'))
 
         # Filling in the correct TOTP code redirects to an app authorization page
         fill_in 'user_otp_attempt', with: user.current_otp
-        click_button I18n.t('auth.login')
+        click_on I18n.t('auth.login')
         expect(page).to have_content(I18n.t('doorkeeper.authorizations.buttons.authorize'))
 
         # Upon denying, it redirects to the apps' callback URL
-        click_button I18n.t('doorkeeper.authorizations.buttons.deny')
+        click_on I18n.t('doorkeeper.authorizations.buttons.deny')
         expect(page).to have_current_path(/\A#{client_app.redirect_uri}/, url: true)
 
         # It does not grant the app access to the account
diff --git a/spec/lib/content_security_policy_spec.rb b/spec/lib/content_security_policy_spec.rb
index 4286f1498..27a3e8025 100644
--- a/spec/lib/content_security_policy_spec.rb
+++ b/spec/lib/content_security_policy_spec.rb
@@ -125,5 +125,17 @@ describe ContentSecurityPolicy do
         expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3.example')
       end
     end
+
+    context 'when PAPERCLIP_ROOT_URL is configured' do
+      around do |example|
+        ClimateControl.modify PAPERCLIP_ROOT_URL: 'https://paperclip-host.example' do
+          example.run
+        end
+      end
+
+      it 'uses the provided URL in the content security policy' do
+        expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://paperclip-host.example')
+      end
+    end
   end
 end
diff --git a/spec/lib/request_pool_spec.rb b/spec/lib/request_pool_spec.rb
index f179e6ca9..bdb0859d7 100644
--- a/spec/lib/request_pool_spec.rb
+++ b/spec/lib/request_pool_spec.rb
@@ -33,11 +33,13 @@ describe RequestPool do
 
       subject
 
-      threads = Array.new(20) do |_i|
+      threads = Array.new(3) do
         Thread.new do
-          20.times do
+          2.times do
             subject.with('http://example.com') do |http_client|
               http_client.get('/').flush
+              # Nudge scheduler to yield and exercise the full pool
+              sleep(0)
             end
           end
         end
diff --git a/spec/models/custom_filter_spec.rb b/spec/models/custom_filter_spec.rb
new file mode 100644
index 000000000..940493633
--- /dev/null
+++ b/spec/models/custom_filter_spec.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe CustomFilter do
+  describe 'Validations' do
+    it 'requires presence of title' do
+      record = described_class.new(title: '')
+      record.valid?
+
+      expect(record).to model_have_error_on_field(:title)
+    end
+
+    it 'requires presence of context' do
+      record = described_class.new(context: nil)
+      record.valid?
+
+      expect(record).to model_have_error_on_field(:context)
+    end
+
+    it 'requires non-empty of context' do
+      record = described_class.new(context: [])
+      record.valid?
+
+      expect(record).to model_have_error_on_field(:context)
+    end
+
+    it 'requires valid context value' do
+      record = described_class.new(context: ['invalid'])
+      record.valid?
+
+      expect(record).to model_have_error_on_field(:context)
+    end
+  end
+end
diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
index c9352a4d5..e5d432b45 100644
--- a/spec/rails_helper.rb
+++ b/spec/rails_helper.rb
@@ -128,6 +128,10 @@ RSpec.configure do |config|
     self.use_transactional_tests = true
   end
 
+  config.before do |example|
+    allow(Resolv::DNS).to receive(:open).and_raise('Real DNS queries are disabled, stub Resolv::DNS as needed') unless example.metadata[:type] == :system
+  end
+
   config.before do |example|
     unless example.metadata[:paperclip_processing]
       allow_any_instance_of(Paperclip::Attachment).to receive(:post_process).and_return(true) # rubocop:disable RSpec/AnyInstance
diff --git a/spec/services/app_sign_up_service_spec.rb b/spec/services/app_sign_up_service_spec.rb
index 0adb473f1..86e64dab2 100644
--- a/spec/services/app_sign_up_service_spec.rb
+++ b/spec/services/app_sign_up_service_spec.rb
@@ -27,6 +27,27 @@ RSpec.describe AppSignUpService, type: :service do
       end
     end
 
+    context 'when the email address requires approval' do
+      before do
+        Setting.registrations_mode = 'open'
+        Fabricate(:email_domain_block, allow_with_approval: true, domain: 'email.com')
+      end
+
+      it 'creates an unapproved user', :aggregate_failures do
+        access_token = subject.call(app, remote_ip, params)
+        expect(access_token).to_not be_nil
+        expect(access_token.scopes.to_s).to eq 'read write'
+
+        user = User.find_by(id: access_token.resource_owner_id)
+        expect(user).to_not be_nil
+        expect(user.confirmed?).to be false
+        expect(user.approved?).to be false
+
+        expect(user.account).to_not be_nil
+        expect(user.invite_request).to be_nil
+      end
+    end
+
     context 'when registrations are closed' do
       before do
         Setting.registrations_mode = 'none'
diff --git a/spec/support/stories/profile_stories.rb b/spec/support/stories/profile_stories.rb
index 82667ca08..2b345ddef 100644
--- a/spec/support/stories/profile_stories.rb
+++ b/spec/support/stories/profile_stories.rb
@@ -18,7 +18,7 @@ module ProfileStories
     visit new_user_session_path
     fill_in 'user_email', with: email
     fill_in 'user_password', with: password
-    click_button I18n.t('auth.login')
+    click_on I18n.t('auth.login')
   end
 
   def with_alice_as_local_user
diff --git a/spec/system/new_statuses_spec.rb b/spec/system/new_statuses_spec.rb
index 244101f4d..02f2e2839 100644
--- a/spec/system/new_statuses_spec.rb
+++ b/spec/system/new_statuses_spec.rb
@@ -24,7 +24,7 @@ describe 'NewStatuses' do
 
     within('.compose-form') do
       fill_in "What's on your mind?", with: status_text
-      click_button 'Publish!'
+      click_on 'Publish!'
     end
 
     expect(subject).to have_css('.status__content__text', text: status_text)
@@ -37,7 +37,7 @@ describe 'NewStatuses' do
 
     within('.compose-form') do
       fill_in "What's on your mind?", with: status_text
-      click_button 'Publish!'
+      click_on 'Publish!'
     end
 
     expect(subject).to have_css('.status__content__text', text: status_text)
diff --git a/spec/validators/email_mx_validator_spec.rb b/spec/validators/email_mx_validator_spec.rb
index 876d73c18..21b1ad0a1 100644
--- a/spec/validators/email_mx_validator_spec.rb
+++ b/spec/validators/email_mx_validator_spec.rb
@@ -111,7 +111,7 @@ describe EmailMxValidator do
       allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::A).and_return([])
       allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::AAAA).and_return([])
       allow(resolver).to receive(:getresources).with('mail.example.com', Resolv::DNS::Resource::IN::A).and_return([instance_double(Resolv::DNS::Resource::IN::A, address: '2.3.4.5')])
-      allow(resolver).to receive(:getresources).with('mail.example.com', Resolv::DNS::Resource::IN::AAAA).and_return([instance_double(Resolv::DNS::Resource::IN::A, address: 'fd00::2')])
+      allow(resolver).to receive(:getresources).with('mail.example.com', Resolv::DNS::Resource::IN::AAAA).and_return([instance_double(Resolv::DNS::Resource::IN::AAAA, address: 'fd00::2')])
       allow(resolver).to receive(:timeouts=).and_return(nil)
       allow(Resolv::DNS).to receive(:open).and_yield(resolver)
 
diff --git a/streaming/index.js b/streaming/index.js
index 09e0c85be..9ed24dc02 100644
--- a/streaming/index.js
+++ b/streaming/index.js
@@ -5,6 +5,7 @@ const http = require('http');
 const path = require('path');
 const url = require('url');
 
+const cors = require('cors');
 const dotenv = require('dotenv');
 const express = require('express');
 const Redis = require('ioredis');
@@ -187,6 +188,7 @@ const startServer = async () => {
 
   const pgPool = new pg.Pool(pgConfigFromEnv(process.env));
   const server = http.createServer(app);
+  app.use(cors());
 
   /**
    * @type {Object.<string, Array.<function(Object<string, any>): void>>}
@@ -327,19 +329,6 @@ const startServer = async () => {
     }
   };
 
-  /**
-   * @param {any} req
-   * @param {any} res
-   * @param {function(Error=): void} next
-   */
-  const allowCrossDomain = (req, res, next) => {
-    res.header('Access-Control-Allow-Origin', '*');
-    res.header('Access-Control-Allow-Headers', 'Authorization, Accept, Cache-Control');
-    res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
-
-    next();
-  };
-
   /**
    * @param {any} req
    * @param {any} res
@@ -994,7 +983,6 @@ const startServer = async () => {
 
   api.use(setRequestId);
   api.use(setRemoteAddress);
-  api.use(allowCrossDomain);
 
   api.use(authenticationMiddleware);
   api.use(errorMiddleware);
diff --git a/streaming/package.json b/streaming/package.json
index 0cfc5b327..2d70acb82 100644
--- a/streaming/package.json
+++ b/streaming/package.json
@@ -16,6 +16,7 @@
     "check:types": "tsc --noEmit"
   },
   "dependencies": {
+    "cors": "^2.8.5",
     "dotenv": "^16.0.3",
     "express": "^4.18.2",
     "ioredis": "^5.3.2",
@@ -28,6 +29,7 @@
     "ws": "^8.12.1"
   },
   "devDependencies": {
+    "@types/cors": "^2.8.16",
     "@types/express": "^4.17.17",
     "@types/npmlog": "^7.0.0",
     "@types/pg": "^8.6.6",
diff --git a/yarn.lock b/yarn.lock
index 42c279cec..0cc61d35e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2436,7 +2436,7 @@ __metadata:
     stacktrace-js: "npm:^2.0.2"
     stringz: "npm:^2.1.0"
     stylelint: "npm:^16.0.2"
-    stylelint-config-standard-scss: "npm:^12.0.0"
+    stylelint-config-standard-scss: "npm:^13.0.0"
     substring-trie: "npm:^1.0.2"
     terser-webpack-plugin: "npm:^4.2.3"
     tesseract.js: "npm:^2.1.5"
@@ -2471,12 +2471,14 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@mastodon/streaming@workspace:streaming"
   dependencies:
+    "@types/cors": "npm:^2.8.16"
     "@types/express": "npm:^4.17.17"
     "@types/npmlog": "npm:^7.0.0"
     "@types/pg": "npm:^8.6.6"
     "@types/uuid": "npm:^9.0.0"
     "@types/ws": "npm:^8.5.9"
     bufferutil: "npm:^4.0.7"
+    cors: "npm:^2.8.5"
     dotenv: "npm:^16.0.3"
     eslint-define-config: "npm:^2.0.0"
     express: "npm:^4.18.2"
@@ -3030,6 +3032,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/cors@npm:^2.8.16":
+  version: 2.8.16
+  resolution: "@types/cors@npm:2.8.16"
+  dependencies:
+    "@types/node": "npm:*"
+  checksum: ebcfb325b102739249bbaa4845cf1cf4830baf5490a32bcd1a85cd9b8c4d4b9eaaaea94423e454b5b7c9da77e46a64db80d2381d3bc3f940d15d13814e87b70a
+  languageName: node
+  linkType: hard
+
 "@types/emoji-mart@npm:^3.0.9":
   version: 3.0.14
   resolution: "@types/emoji-mart@npm:3.0.14"
@@ -4688,13 +4699,13 @@ __metadata:
   linkType: hard
 
 "axios@npm:^1.4.0":
-  version: 1.6.3
-  resolution: "axios@npm:1.6.3"
+  version: 1.6.4
+  resolution: "axios@npm:1.6.4"
   dependencies:
-    follow-redirects: "npm:^1.15.0"
+    follow-redirects: "npm:^1.15.4"
     form-data: "npm:^4.0.0"
     proxy-from-env: "npm:^1.1.0"
-  checksum: dcc6d982353db33e6893ef01cdf81d0a0548dbd8fba0cb046dc4aee1a6a16226721faa4c2a13b2673d47130509629cdb93bb991b3a2bd4ef17a5ac27a8bba0da
+  checksum: daac697fa1ea9865cb48e9edb7eacd99e8a9214997f2d8e886cb61c380a613e5c270078bfc153ac96206680106c223f005f0e4bf2f3b2ddd88e559ecf970521f
   languageName: node
   linkType: hard
 
@@ -5207,7 +5218,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"browserslist@npm:^4.0.0, browserslist@npm:^4.21.10, browserslist@npm:^4.21.4, browserslist@npm:^4.22.2":
+"browserslist@npm:^4.0.0, browserslist@npm:^4.21.10, browserslist@npm:^4.22.2":
   version: 4.22.2
   resolution: "browserslist@npm:4.22.2"
   dependencies:
@@ -5983,6 +5994,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cors@npm:^2.8.5":
+  version: 2.8.5
+  resolution: "cors@npm:2.8.5"
+  dependencies:
+    object-assign: "npm:^4"
+    vary: "npm:^1"
+  checksum: 373702b7999409922da80de4a61938aabba6929aea5b6fd9096fefb9e8342f626c0ebd7507b0e8b0b311380744cc985f27edebc0a26e0ddb784b54e1085de761
+  languageName: node
+  linkType: hard
+
 "cosmiconfig@npm:^7.0.0":
   version: 7.1.0
   resolution: "cosmiconfig@npm:7.1.0"
@@ -6129,7 +6150,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"css-declaration-sorter@npm:^7.0.0":
+"css-declaration-sorter@npm:^7.1.1":
   version: 7.1.1
   resolution: "css-declaration-sorter@npm:7.1.1"
   peerDependencies:
@@ -6217,7 +6238,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"css-tree@npm:^2.2.1, css-tree@npm:^2.3.1":
+"css-tree@npm:^2.3.1":
   version: 2.3.1
   resolution: "css-tree@npm:2.3.1"
   dependencies:
@@ -6267,42 +6288,42 @@ __metadata:
   languageName: node
   linkType: hard
 
-"cssnano-preset-default@npm:^6.0.2":
-  version: 6.0.2
-  resolution: "cssnano-preset-default@npm:6.0.2"
+"cssnano-preset-default@npm:^6.0.3":
+  version: 6.0.3
+  resolution: "cssnano-preset-default@npm:6.0.3"
   dependencies:
-    css-declaration-sorter: "npm:^7.0.0"
+    css-declaration-sorter: "npm:^7.1.1"
     cssnano-utils: "npm:^4.0.1"
     postcss-calc: "npm:^9.0.1"
-    postcss-colormin: "npm:^6.0.1"
-    postcss-convert-values: "npm:^6.0.1"
+    postcss-colormin: "npm:^6.0.2"
+    postcss-convert-values: "npm:^6.0.2"
     postcss-discard-comments: "npm:^6.0.1"
     postcss-discard-duplicates: "npm:^6.0.1"
     postcss-discard-empty: "npm:^6.0.1"
     postcss-discard-overridden: "npm:^6.0.1"
-    postcss-merge-longhand: "npm:^6.0.1"
-    postcss-merge-rules: "npm:^6.0.2"
+    postcss-merge-longhand: "npm:^6.0.2"
+    postcss-merge-rules: "npm:^6.0.3"
     postcss-minify-font-values: "npm:^6.0.1"
     postcss-minify-gradients: "npm:^6.0.1"
-    postcss-minify-params: "npm:^6.0.1"
-    postcss-minify-selectors: "npm:^6.0.1"
+    postcss-minify-params: "npm:^6.0.2"
+    postcss-minify-selectors: "npm:^6.0.2"
     postcss-normalize-charset: "npm:^6.0.1"
     postcss-normalize-display-values: "npm:^6.0.1"
     postcss-normalize-positions: "npm:^6.0.1"
     postcss-normalize-repeat-style: "npm:^6.0.1"
     postcss-normalize-string: "npm:^6.0.1"
     postcss-normalize-timing-functions: "npm:^6.0.1"
-    postcss-normalize-unicode: "npm:^6.0.1"
+    postcss-normalize-unicode: "npm:^6.0.2"
     postcss-normalize-url: "npm:^6.0.1"
     postcss-normalize-whitespace: "npm:^6.0.1"
     postcss-ordered-values: "npm:^6.0.1"
-    postcss-reduce-initial: "npm:^6.0.1"
+    postcss-reduce-initial: "npm:^6.0.2"
     postcss-reduce-transforms: "npm:^6.0.1"
-    postcss-svgo: "npm:^6.0.1"
-    postcss-unique-selectors: "npm:^6.0.1"
+    postcss-svgo: "npm:^6.0.2"
+    postcss-unique-selectors: "npm:^6.0.2"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: c6f97674704c3a2a2473440549eac38ac722feebabbd39f2d4d1b8fae7f137f8fd0dfb88929e1ff737d54008de583c39e96f9dc450f2d71f8be6fc3bac2840a3
+  checksum: d100a1f8ab71adbb6df85e00f4a9e5d04ac06fc50343157eef853aded3f75dd0489dd845a5b2fb43ca701bd88c39c5aa88673f842bc1f94f4318c7b38ced1963
   languageName: node
   linkType: hard
 
@@ -6316,23 +6337,14 @@ __metadata:
   linkType: hard
 
 "cssnano@npm:^6.0.1":
-  version: 6.0.2
-  resolution: "cssnano@npm:6.0.2"
+  version: 6.0.3
+  resolution: "cssnano@npm:6.0.3"
   dependencies:
-    cssnano-preset-default: "npm:^6.0.2"
+    cssnano-preset-default: "npm:^6.0.3"
     lilconfig: "npm:^3.0.0"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 5f4146a6c8937d24b0d1d33e3acd85db7913c7558cc80b23169f86c9a552d091a26e0af6adcc535f8355561872f797a917b9353e38fe935bbaf08ec2b66f5ff8
-  languageName: node
-  linkType: hard
-
-"csso@npm:5.0.5":
-  version: 5.0.5
-  resolution: "csso@npm:5.0.5"
-  dependencies:
-    css-tree: "npm:~2.2.0"
-  checksum: ab4beb1e97dd7e207c10e9925405b45f15a6cd1b4880a8686ad573aa6d476aed28b4121a666cffd26c37a26179f7b54741f7c257543003bfb244d06a62ad569b
+  checksum: d1669eb987fd96159bae262ef2f76c1a64fffefe8fa593918a6bda377977798b60fb4a6a871a9b9a9deb11258130ee254fdb8c3144769b3060ad9f2a95a4ed0a
   languageName: node
   linkType: hard
 
@@ -6345,6 +6357,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"csso@npm:^5.0.5":
+  version: 5.0.5
+  resolution: "csso@npm:5.0.5"
+  dependencies:
+    css-tree: "npm:~2.2.0"
+  checksum: ab4beb1e97dd7e207c10e9925405b45f15a6cd1b4880a8686ad573aa6d476aed28b4121a666cffd26c37a26179f7b54741f7c257543003bfb244d06a62ad569b
+  languageName: node
+  linkType: hard
+
 "cssom@npm:^0.5.0":
   version: 0.5.0
   resolution: "cssom@npm:0.5.0"
@@ -8187,13 +8208,13 @@ __metadata:
   languageName: node
   linkType: hard
 
-"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.0":
-  version: 1.15.3
-  resolution: "follow-redirects@npm:1.15.3"
+"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.4":
+  version: 1.15.4
+  resolution: "follow-redirects@npm:1.15.4"
   peerDependenciesMeta:
     debug:
       optional: true
-  checksum: 915a2cf22e667bdf47b1a43cc6b7dce14d95039e9bbf9a24d0e739abfbdfa00077dd43c86d4a7a19efefcc7a99af144920a175eedc3888d268af5df67c272ee5
+  checksum: 5f37ed9170c9eb19448c5418fdb0f2b73f644b5364834e70791a76ecc7db215246f9773bbef4852cfae4067764ffc852e047f744b661b0211532155b73556a6a
   languageName: node
   linkType: hard
 
@@ -11977,7 +11998,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"object-assign@npm:^4.0.1, object-assign@npm:^4.1.1":
+"object-assign@npm:^4, object-assign@npm:^4.0.1, object-assign@npm:^4.1.1":
   version: 4.1.1
   resolution: "object-assign@npm:4.1.1"
   checksum: 1f4df9945120325d041ccf7b86f31e8bcc14e73d29171e37a7903050e96b81323784ec59f93f102ec635bcf6fa8034ba3ea0a8c7e69fa202b87ae3b6cec5a414
@@ -12746,29 +12767,29 @@ __metadata:
   languageName: node
   linkType: hard
 
-"postcss-colormin@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "postcss-colormin@npm:6.0.1"
+"postcss-colormin@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "postcss-colormin@npm:6.0.2"
   dependencies:
-    browserslist: "npm:^4.21.4"
+    browserslist: "npm:^4.22.2"
     caniuse-api: "npm:^3.0.0"
     colord: "npm:^2.9.1"
     postcss-value-parser: "npm:^4.2.0"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: b0056812b3436b05b6b84284a1ebe68a72299f23e7eeb0b7b40a775978d06a1cbe235f3665e3f694f5de76fe7d9b93db607536d07697b31a59fd4e8705e5b64d
+  checksum: 229681f9b89ba0909b4c69563837b0c32cc3d1c17ed1b00c33d4abfb0a0ef455124968e4885b5f92c64482e92074cd1958018ec111ed5d118f1e24baeda19c14
   languageName: node
   linkType: hard
 
-"postcss-convert-values@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "postcss-convert-values@npm:6.0.1"
+"postcss-convert-values@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "postcss-convert-values@npm:6.0.2"
   dependencies:
-    browserslist: "npm:^4.21.4"
+    browserslist: "npm:^4.22.2"
     postcss-value-parser: "npm:^4.2.0"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 53b951d7475206969c63b8427a2dea0ccba0a7cb08122e5f05aee8d12b09c870c070b101c9f8eceda76ff4d0fd9e5fa9385e83f143d658bb729dbb6a3583b872
+  checksum: 882d0b7839ef07ac8ffbf9cb48db0f610939a3496bd0321c7f23096ead676f13e09ab3d9c20ff3dbe2c887e855826051ca7dffeaffce5068cfdc9aaa573a3842
   languageName: node
   linkType: hard
 
@@ -12831,29 +12852,29 @@ __metadata:
   languageName: node
   linkType: hard
 
-"postcss-merge-longhand@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "postcss-merge-longhand@npm:6.0.1"
+"postcss-merge-longhand@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "postcss-merge-longhand@npm:6.0.2"
   dependencies:
     postcss-value-parser: "npm:^4.2.0"
-    stylehacks: "npm:^6.0.1"
+    stylehacks: "npm:^6.0.2"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 2c0eb81b6c6d3d2af3b129c46d10317b7923f218db1cadcb4723091fb951fe4624638002b65f235151129d4ce9b4775a6ed0d5fa13419c0df580f72e15fa4ad3
+  checksum: 2b3fae51bffc5962258d638bc7f415237593b515f369233e023f0eae5b13116297463c04b8c47a7b7af51cba5faaa7f517b653f6123e51935d670d4d4de5a26d
   languageName: node
   linkType: hard
 
-"postcss-merge-rules@npm:^6.0.2":
-  version: 6.0.2
-  resolution: "postcss-merge-rules@npm:6.0.2"
+"postcss-merge-rules@npm:^6.0.3":
+  version: 6.0.3
+  resolution: "postcss-merge-rules@npm:6.0.3"
   dependencies:
-    browserslist: "npm:^4.21.4"
+    browserslist: "npm:^4.22.2"
     caniuse-api: "npm:^3.0.0"
     cssnano-utils: "npm:^4.0.1"
-    postcss-selector-parser: "npm:^6.0.5"
+    postcss-selector-parser: "npm:^6.0.15"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 138a9921423420116b20e5761a1139392f0bcfcf34264fe11e254917d9c3170e3c0478a1b409e227d22bb0d9820b0168a871a240215d114e9c1e218ee6c132e6
+  checksum: c8355db11aa60bedcb1e6535fcd70f6ecec2dadd5c2975d3accf0eedbc92af782ac1f5e91a53866816ce332e4cbf1b94749a9425067935be066bc0c974e30fee
   languageName: node
   linkType: hard
 
@@ -12881,27 +12902,27 @@ __metadata:
   languageName: node
   linkType: hard
 
-"postcss-minify-params@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "postcss-minify-params@npm:6.0.1"
+"postcss-minify-params@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "postcss-minify-params@npm:6.0.2"
   dependencies:
-    browserslist: "npm:^4.21.4"
+    browserslist: "npm:^4.22.2"
     cssnano-utils: "npm:^4.0.1"
     postcss-value-parser: "npm:^4.2.0"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 0b34817f032ec9793fad4d33f3ba5551531073a36c9120d77194a3edeee860132951ed6954913494e5a6752ae8da1bc5cdb2a44fa5f428621afae8edddb0ca80
+  checksum: 6638460d2be4a2eca8adee8409b70d6c6a19aff8cf93fda1b45c9da627b258b6baaa6acb48f51d26cd287704a235f9c9ae2e4744335b1fd47e163177c33896df
   languageName: node
   linkType: hard
 
-"postcss-minify-selectors@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "postcss-minify-selectors@npm:6.0.1"
+"postcss-minify-selectors@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "postcss-minify-selectors@npm:6.0.2"
   dependencies:
-    postcss-selector-parser: "npm:^6.0.5"
+    postcss-selector-parser: "npm:^6.0.15"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: ffc7ebb286beda2b2aa0ed13abafc89b5ffe232a48d57d3f2b9f69e167e354482a6f5279e9118bed753bf6e82d3cfb21228a6b07acd93d0dc9e01bbf0e7ebc75
+  checksum: 5437b586c1237fc442e7e6078d4f23c987efc456366368b07a0da67332b04bd55821cedf0441e73e1209689f63139e272d930508e2963ba6e27c46561a661128
   languageName: node
   linkType: hard
 
@@ -13013,15 +13034,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"postcss-normalize-unicode@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "postcss-normalize-unicode@npm:6.0.1"
+"postcss-normalize-unicode@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "postcss-normalize-unicode@npm:6.0.2"
   dependencies:
-    browserslist: "npm:^4.21.4"
+    browserslist: "npm:^4.22.2"
     postcss-value-parser: "npm:^4.2.0"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 8057748dade94dc2dd63a3b75a85e394c2e9a7076053886ff08aa9b7729d383f204eda52d882e5361ae1ec493036e90b2e18dcc5f8c9b3a8f1cbfada12bcc05b
+  checksum: ea696194f65ad31de2a9c022f1946a07c298f04070706d88a20061845e1e052e645c74b5bc785595814db87d14e435f85e968a44855dedc207d8c0b5d43b1aee
   languageName: node
   linkType: hard
 
@@ -13059,15 +13080,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"postcss-reduce-initial@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "postcss-reduce-initial@npm:6.0.1"
+"postcss-reduce-initial@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "postcss-reduce-initial@npm:6.0.2"
   dependencies:
-    browserslist: "npm:^4.21.4"
+    browserslist: "npm:^4.22.2"
     caniuse-api: "npm:^3.0.0"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 3f8f6c26ceeb79ddc285b0e01183fe30e911dd26b3abcdca56568e2bef3747f2b7f22ee3f9117e9752e1e93c10bcd88bd6a2842ca525b54336726292ebd3c3ad
+  checksum: d35ad6f9725cdceb390a97a461e8594df7fbed4c55497c90d07c42f8343bf80139e720eaebc580bf480bf10e92959490aa308af66d8802ba71c327bdf08c93a1
   languageName: node
   linkType: hard
 
@@ -13107,36 +13128,36 @@ __metadata:
   languageName: node
   linkType: hard
 
-"postcss-selector-parser@npm:^6.0.11, postcss-selector-parser@npm:^6.0.13, postcss-selector-parser@npm:^6.0.2, postcss-selector-parser@npm:^6.0.4, postcss-selector-parser@npm:^6.0.5":
-  version: 6.0.13
-  resolution: "postcss-selector-parser@npm:6.0.13"
+"postcss-selector-parser@npm:^6.0.11, postcss-selector-parser@npm:^6.0.13, postcss-selector-parser@npm:^6.0.15, postcss-selector-parser@npm:^6.0.2, postcss-selector-parser@npm:^6.0.4":
+  version: 6.0.15
+  resolution: "postcss-selector-parser@npm:6.0.15"
   dependencies:
     cssesc: "npm:^3.0.0"
     util-deprecate: "npm:^1.0.2"
-  checksum: 51f099b27f7c7198ea1826470ef0adfa58b3bd3f59b390fda123baa0134880a5fa9720137b6009c4c1373357b144f700b0edac73335d0067422063129371444e
+  checksum: 48b425d6cef497bcf6b7d136f6fd95cfca43026955e07ec9290d3c15457de3a862dbf251dd36f42c07a0d5b5ab6f31e41acefeff02528995a989b955505e440b
   languageName: node
   linkType: hard
 
-"postcss-svgo@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "postcss-svgo@npm:6.0.1"
+"postcss-svgo@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "postcss-svgo@npm:6.0.2"
   dependencies:
     postcss-value-parser: "npm:^4.2.0"
-    svgo: "npm:^3.0.5"
+    svgo: "npm:^3.2.0"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 021da9b0d0696fce970f407891a0d6c05e51d1908af435026e0cd5936a75cd8502a7d504cd0e6a33b6f3369fee41f01b848e5bd919aecc3e804ce6308e91a6cc
+  checksum: db607404d09af256c7957a0ace822d651a00a52a1796da603f93ba3f0a095ac7595e1f624b9dc53f362ab10e382845d7873f485980f9c92fcb86256833f5e835
   languageName: node
   linkType: hard
 
-"postcss-unique-selectors@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "postcss-unique-selectors@npm:6.0.1"
+"postcss-unique-selectors@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "postcss-unique-selectors@npm:6.0.2"
   dependencies:
-    postcss-selector-parser: "npm:^6.0.5"
+    postcss-selector-parser: "npm:^6.0.15"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 637e35775d0ee8fbcf4a81b28d3832c5076de7c0232eb7769d4fbbf783f26793e2ec95e18461ae3b9f5f5cd63c3de9db102464487ba2488d4947aad24dc8841f
+  checksum: a0fe112d1094f90e1bfcfd2174a74b2fd0630a24449e9942923d02956c7d64ea4add5adede53d9efb3f6d40cd388ac150d032a115f6a46b73d5f3d3d26fa1bb7
   languageName: node
   linkType: hard
 
@@ -13148,13 +13169,13 @@ __metadata:
   linkType: hard
 
 "postcss@npm:^8.2.15, postcss@npm:^8.4.24, postcss@npm:^8.4.32":
-  version: 8.4.32
-  resolution: "postcss@npm:8.4.32"
+  version: 8.4.33
+  resolution: "postcss@npm:8.4.33"
   dependencies:
     nanoid: "npm:^3.3.7"
     picocolors: "npm:^1.0.0"
     source-map-js: "npm:^1.0.2"
-  checksum: 39308a9195fa34d4dbdd7b58a896cff0c7809f84f7a4ac1b95b68ca86c9138a395addff33075668ed3983d41b90aac05754c445237a9365eb1c3a5602ebd03ad
+  checksum: 16eda83458fcd8a91bece287b5920c7f57164c3ea293e6c80d0ea71ce7843007bcd8592260a5160b9a7f02693e6ac93e2495b02d8c7596d3f3f72c1447e3ba79
   languageName: node
   linkType: hard
 
@@ -13697,8 +13718,8 @@ __metadata:
   linkType: hard
 
 "react-redux-loading-bar@npm:^5.0.4":
-  version: 5.0.7
-  resolution: "react-redux-loading-bar@npm:5.0.7"
+  version: 5.0.8
+  resolution: "react-redux-loading-bar@npm:5.0.8"
   dependencies:
     prop-types: "npm:^15.7.2"
     react-lifecycles-compat: "npm:^3.0.4"
@@ -13707,7 +13728,7 @@ __metadata:
     react-dom: ^0.14.0 || ^15.0.0 || ^16.0.0 || ^17.0.0 || ^18.0.0
     react-redux: ^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0 || ^9.0.0
     redux: ^3.0.0 || ^4.0.0 || ^5.0.0
-  checksum: 45333093e7d28df923a657ad89ffe4673d7bd135ef57c0143fb4d868f21b57aeb9044691f553f7d2afbcc9080a1f8cd3cec5b274c80cb57faf0e87a70f7a2cce
+  checksum: 797c1abf8bcc947feb127380e6d363db264c12bc94e578d635f86f1d806b0ec714dc3723e54c884937448b17f9042cfc995fe7a1deaf558efc01681e43e4669c
   languageName: node
   linkType: hard
 
@@ -14553,8 +14574,8 @@ __metadata:
   linkType: hard
 
 "sass-loader@npm:^10.2.0":
-  version: 10.5.1
-  resolution: "sass-loader@npm:10.5.1"
+  version: 10.5.2
+  resolution: "sass-loader@npm:10.5.2"
   dependencies:
     klona: "npm:^2.0.4"
     loader-utils: "npm:^2.0.0"
@@ -14573,7 +14594,7 @@ __metadata:
       optional: true
     sass:
       optional: true
-  checksum: 841448d02045b0c65595eab4cb701384b01a2adcb3594beacbb767b0cee5bd9d444027f4fc3a10acef3fe1c7eb6510fccffdee72a20e9877777789a5e349cb49
+  checksum: 5ba4a83459fbb50e21d4f4b1b59baf1ddf8dd404099b6d1f2ec887c6903659e505879915030dd9efb1c6dd5fde2d515a19f418487b73d1cc59f6aad60c79bcf5
   languageName: node
   linkType: hard
 
@@ -15609,15 +15630,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"stylehacks@npm:^6.0.1":
-  version: 6.0.1
-  resolution: "stylehacks@npm:6.0.1"
+"stylehacks@npm:^6.0.2":
+  version: 6.0.2
+  resolution: "stylehacks@npm:6.0.2"
   dependencies:
-    browserslist: "npm:^4.21.4"
-    postcss-selector-parser: "npm:^6.0.4"
+    browserslist: "npm:^4.22.2"
+    postcss-selector-parser: "npm:^6.0.15"
   peerDependencies:
     postcss: ^8.4.31
-  checksum: 0877016f5b2a06b8ceaf39382b0c33da11ea93268209444f67f29b1ce465994058f305fc3bc90dda21e8664c959561fbb06ba12b82289c3b26ba832c6979d513
+  checksum: 658cac8b28edcb94d1db67808ab3aaa511cb1b9293594fc95607ee42ac4f57e742d9a1fa3ff5d5849db692971dc2a310e9ac1ed0bd4ea4bc48c80f5a6ef823fc
   languageName: node
   linkType: hard
 
@@ -15647,30 +15668,30 @@ __metadata:
   languageName: node
   linkType: hard
 
-"stylelint-config-standard-scss@npm:^12.0.0":
-  version: 12.0.0
-  resolution: "stylelint-config-standard-scss@npm:12.0.0"
+"stylelint-config-standard-scss@npm:^13.0.0":
+  version: 13.0.0
+  resolution: "stylelint-config-standard-scss@npm:13.0.0"
   dependencies:
     stylelint-config-recommended-scss: "npm:^14.0.0"
-    stylelint-config-standard: "npm:^35.0.0"
+    stylelint-config-standard: "npm:^36.0.0"
   peerDependencies:
     postcss: ^8.3.3
-    stylelint: ^16.0.2
+    stylelint: ^16.1.0
   peerDependenciesMeta:
     postcss:
       optional: true
-  checksum: 7f3ccfb4175f9c50b69d30ca35a97887008c5ba493dbe7d5bce0b57b1eafd21b268177b82404368e7780600077cba784f98e1046671724be3b29a00c6a7913a4
+  checksum: 4abf317676184f4aaace6ce72b9fc9e2dffe051d43dd5637afc5803b062ea381e2807ae983c045dff22e96af58388a8b1fe9a8bdda9f97bc3660280cf24fb4d3
   languageName: node
   linkType: hard
 
-"stylelint-config-standard@npm:^35.0.0":
-  version: 35.0.0
-  resolution: "stylelint-config-standard@npm:35.0.0"
+"stylelint-config-standard@npm:^36.0.0":
+  version: 36.0.0
+  resolution: "stylelint-config-standard@npm:36.0.0"
   dependencies:
     stylelint-config-recommended: "npm:^14.0.0"
   peerDependencies:
-    stylelint: ^16.0.0
-  checksum: 791fbc26cc3029ce3c2423a643e903545b5e4cd605251b18f0ce790bac6fbaaf380469845c1ff45f4e320126af9f8a9dc1ca85d0df9274277ae60da91e81895b
+    stylelint: ^16.1.0
+  checksum: 1fc9adddfc5cf0a1d7a443182a0731712a3950ace72a24081b4ede2b0bb6fc1eebd003c009f1d8d06c3a64ba9b31b0ed12512db2f91c8fa549238d8341580e4b
   languageName: node
   linkType: hard
 
@@ -15841,20 +15862,20 @@ __metadata:
   languageName: node
   linkType: hard
 
-"svgo@npm:^3.0.5":
-  version: 3.1.0
-  resolution: "svgo@npm:3.1.0"
+"svgo@npm:^3.2.0":
+  version: 3.2.0
+  resolution: "svgo@npm:3.2.0"
   dependencies:
     "@trysound/sax": "npm:0.2.0"
     commander: "npm:^7.2.0"
     css-select: "npm:^5.1.0"
-    css-tree: "npm:^2.2.1"
+    css-tree: "npm:^2.3.1"
     css-what: "npm:^6.1.0"
-    csso: "npm:5.0.5"
+    csso: "npm:^5.0.5"
     picocolors: "npm:^1.0.0"
   bin:
     svgo: ./bin/svgo
-  checksum: b3f00b3319dee6ddc53f8b8ac5acef581860e1708c98b492169e096621edc1bdf46e3778099e3dffb5116bf0d4c074a686099843dbc020c73b3ccfae7b6a88f0
+  checksum: 28fa9061ccbcf2e3616d48d1feb613aaa05f8f290a329beb0e585914f1864385152934a7d4d683a4609fafbae3d51666633437c359c5c5ef74fb58ad09092a7c
   languageName: node
   linkType: hard
 
@@ -16752,7 +16773,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"vary@npm:~1.1.2":
+"vary@npm:^1, vary@npm:~1.1.2":
   version: 1.1.2
   resolution: "vary@npm:1.1.2"
   checksum: f15d588d79f3675135ba783c91a4083dcd290a2a5be9fcb6514220a1634e23df116847b1cc51f66bfb0644cf9353b2abb7815ae499bab06e46dd33c1a6bf1f4f