v1.6.0-rc2

* SECURITY
  * Add CSRF checking to reqToken and add reqToken to admin API routes (#5272) (#5250)
* FEATURE
  * Add comment replies (#5147) (#5104)
* BUGFIXES
  * Fix wrong api request url for instances running in subfolders (#5261) (#5247)
  * Accept web-command cli flags if web-command is commited (#5245) (#5200)
  * Reduce join star, repo_topic, topic tables on repo search, to resolve extra columns problem on MSSQL (#5136) (#5229)
  * Fix data race on migrate repository (#5224) (#5230)
  * Add secret to all webhook's payload where it has been missing (#5208) (#5199)
  * Fix sqlite and MSSQL lock (#5210) (#5223) (#5214) (#5218) (#5176) (#5179)
  * Fix race on updatesize (#5190) (#5215)
  * Fix filtering issues by tags on main screen issues (#5219) (#3824)
  * Fix SQL quoting (#5137) (#5117)
  * Fix regex to support optional end line of old section in diff hunk (#5097) (#5096)
-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEjEAzojiVI3yyfVLZ2bVhO+uBP5kFAlvfbrcACgkQ2bVhO+uB
P5k0dAf/UPFoVWX5z/9LVnTtDws3E+Sy08m/VMrsnGtRs92BRin1BN89LNs5rrr6
KS3R6fvez4PpbYZ5lK0xjB5F+jQ2yHuOoID2mLp5kVooZ1+9tgkLCDkPlZ8/hgaA
pT0QK06eNlNWUzvC7ROq5c3XFoUPJiJD6ZEo7p34Ip+BXhX7uLfHs/j9WNdjQdR5
3nsslscKqXuVCClji3v80dtPOiNluO6kPnRTlzaD9bIRvwZkR16S5nCNfj/1D+Z1
sZM9aG+6JpSHMeHRZcYPhHgTe4rPjRU9psNOnDctGKiBnXiDrr6XTijA9o69/6FR
2Xlvifo/ux4BG/YZ1b8Z/SOkAiZGXQ==
=bCFp
-----END PGP SIGNATURE-----