Merge pull request #12202 from firefly-iii/release-1777358720

🤖 Automatically merge the PR into the develop branch.

.github/workflows/release.yml

@@ -99,11 +99,6 @@ jobs:
         env:
           FIREFLY_III_ROOT: /github/workspace
           GH_TOKEN: ''
-      - name: Setup Mago
-        uses: nhedger/setup-mago@v1
-        with:
-          version: "latest"
-          working-directory: "."
       - name: Run CI
         run: |
           cp .env.example .env
@@ -113,17 +108,19 @@ jobs:
 
           # format code.
           echo "Will now run Mago Format"
-          mago format
+          ./vendor/bin/mago format
           sudo chown -R runner:docker resources/lang
           echo "Will now run PHPCS"
           .ci/phpcs.sh
 
           # lint and check
           echo "Will now run Mago Lint"
-          mago lint
+          ./vendor/bin/mago lint
           echo "Will now run PHPstan"
           .ci/phpstan.sh
           rm .env
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Crowdin action
         uses: crowdin/github-action@v2
         with:

composer.json

@@ -111,7 +111,9 @@
     },
     "require-dev": {
         "barryvdh/laravel-ide-helper": "^3",
+        "carthage-software/mago": "^1.24.0",
         "driftingly/rector-laravel": "^2.0",
+        "ergebnis/phpstan-rules": "^2",
         "fakerphp/faker": "1.*",
         "filp/whoops": "2.*",
         "fruitcake/laravel-debugbar": "^4.0",
@@ -124,8 +126,7 @@
         "phpstan/phpstan-strict-rules": "^2",
         "phpunit/phpunit": "^13",
         "rector/rector": "^2.3",
-        "thecodingmachine/phpstan-safe-rule": "^1.4",
-        "ergebnis/phpstan-rules": "^2"
+        "thecodingmachine/phpstan-safe-rule": "^1.4"
     },
     "replace": {
         "symfony/polyfill-php54": "*",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "4f1f0dcde32d2f02333bd7af2cbc90eb",
+    "content-hash": "7f960fa15bddd432267fb2bb9b730195",
     "packages": [
         {
             "name": "bacon/bacon-qr-code",
@@ -10093,6 +10093,62 @@
             },
             "time": "2026-03-05T20:09:01+00:00"
         },
+        {
+            "name": "carthage-software/mago",
+            "version": "1.24.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/carthage-software/mago.git",
+                "reference": "ff885e99abe97222bb8b84dc346b59bddbe3a307"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/carthage-software/mago/zipball/ff885e99abe97222bb8b84dc346b59bddbe3a307",
+                "reference": "ff885e99abe97222bb8b84dc346b59bddbe3a307",
+                "shasum": ""
+            },
+            "require": {
+                "php": "~8.1 || ~8.2 || ~8.3 || ~8.4 || ~8.5 || ~8.6"
+            },
+            "suggest": {
+                "ext-curl": "To show binary download progress"
+            },
+            "bin": [
+                "composer/bin/mago"
+            ],
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "composer/functions.php",
+                    "composer/internal.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT OR Apache-2.0"
+            ],
+            "authors": [
+                {
+                    "name": "Saif Eddin Gmati",
+                    "email": "azjezz@carthage.software"
+                }
+            ],
+            "description": "Mago is a toolchain for PHP that aims to provide a set of tools to help developers write better code.",
+            "keywords": [
+                "dev"
+            ],
+            "support": {
+                "issues": "https://github.com/carthage-software/mago/issues",
+                "source": "https://github.com/carthage-software/mago/tree/1.24.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/azjezz",
+                    "type": "github"
+                }
+            ],
+            "time": "2026-04-22T07:00:59+00:00"
+        },
         {
             "name": "cloudcreativity/json-api-testing",
             "version": "v6.4.0",

config/firefly.php

@@ -78,8 +78,8 @@ return [
         'running_balance_column' => (bool)env_default_when_empty(env('USE_RUNNING_BALANCE'), true), // this is only the default value, is not used.
         // see cer.php for exchange rates feature flag.
     ],
-'version' => 'develop/2026-04-27',
-'build_time' => 1777307205,
+'version' => 'develop/2026-04-28',
+'build_time' => 1777358720,
     'api_version'                          => '2.1.0', // field is no longer used.
     'db_version'                           => 28, // field is no longer used.
 

resources/lang/en_US/firefly.php

@@ -1621,7 +1621,7 @@ return [
     'secure_pw_ff'                                        => 'Do you use the same password all over the internet? If one site loses your password, hackers have access to all your data. Firefly III relies on you to choose a strong and unique password to protect your financial records.',
     'secure_pw_check_box'                                 => 'To help you do that Firefly III can check if the password you want to use has been stolen in the past. If this is the case, Firefly III advises you NOT to use that password.',
     'secure_pw_working_title'                             => 'How does it work?',
-    'secure_pw_working'                                   => 'By checking the box, Firefly III will send the first five characters of the SHA1 hash of your password to <a href="https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/">the website of Troy Hunt</a> to see if it is on the list. This will stop you from using unsafe passwords as is recommended in the latest <a href="https://pages.nist.gov/800-63-3/sp800-63b.html">NIST Special Publication</a> on this subject.',
+    'secure_pw_working'                                   => 'By checking the box, Firefly III will send the first five characters of the SHA1 hash of your password to <a href="https://haveibeenpwned.com/API/v3#PwnedPasswords">the website of Troy Hunt</a> to see if it is on the list. This will stop you from using unsafe passwords as is recommended in the latest <a href="https://pages.nist.gov/800-63-3/sp800-63b.html">NIST Special Publication</a> on this subject.',
     'secure_pw_should'                                    => 'Should I check the box?',
     'secure_pw_long_password'                             => 'Yes. Always verify your password is safe.',
     'command_line_token'                                  => 'Command line token',

resources/views/auth/register.blade.php

@@ -49,7 +49,7 @@
                 </div>
                 <div class="row">
                     <div class="col-12">
-                            <input type="checkbox" id="verify_password" checked name="verify_password" value="1">
+                            <input type="checkbox" id="verify_password" name="verify_password" value="1">
                             <label for="verify_password">
                                 {{ trans('form.verify_password') }}
                                 <a href="#"