Merge branch 'main' into dev

* main: (44 commits)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in ru (#9943)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#9944)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#9942)
  stages/authenticator_webauthn: migrate device type import to systemtask and schedule (#9958)
  website: bump prettier from 3.2.5 to 3.3.0 in /website (#9951)
  web: bump yaml from 2.4.2 to 2.4.3 in /web (#9945)
  web: bump prettier from 3.2.5 to 3.3.0 in /web (#9946)
  core: bump uvicorn from 0.30.0 to 0.30.1 (#9948)
  core: bump ruff from 0.4.6 to 0.4.7 (#9949)
  website: bump the docusaurus group in /website with 9 updates (#9950)
  web: bump prettier from 3.2.5 to 3.3.0 in /tests/wdio (#9952)
  web: bump chromedriver from 125.0.2 to 125.0.3 in /tests/wdio (#9953)
  core: groups: optimize recursive children query (#9931)
  core, web: update translations (#9938)
  stages/authenticator_webauthn: optimize device types creation (#9932)
  stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#9936)
  providers/oauth2: don't handle api scope as special scope (#9910)
  core: bump goauthentik.io/api/v3 from 3.2024042.8 to 3.2024042.9 (#9915)
  web: bump the storybook group in /web with 7 updates (#9917)
  website/integrations: firezone: remove question mark typo and remove promotional sentence (#9927)
  ...

.github/workflows/ci-main.yml

@@ -50,7 +50,6 @@ jobs:
       fail-fast: false
       matrix:
         psql:
-          - 12-alpine
           - 15-alpine
           - 16-alpine
     steps:
@@ -104,7 +103,6 @@ jobs:
       fail-fast: false
       matrix:
         psql:
-          - 12-alpine
           - 15-alpine
           - 16-alpine
     steps:

Makefile

@@ -253,6 +253,7 @@ website-watch:  ## Build and watch the documentation website, updating automatic
 #########################
 
 docker:  ## Build a docker image of the current source tree
+	mkdir -p ${GEN_API_TS}
 	DOCKER_BUILDKIT=1 docker build . --progress plain --tag ${DOCKER_IMAGE}
 
 #########################

authentik/core/models.py

@@ -15,6 +15,7 @@ from django.http import HttpRequest
 from django.utils.functional import SimpleLazyObject, cached_property
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
+from django_cte import CTEQuerySet, With
 from guardian.conf import settings
 from guardian.mixins import GuardianUserMixin
 from model_utils.managers import InheritanceManager
@@ -56,6 +57,8 @@ options.DEFAULT_NAMES = options.DEFAULT_NAMES + (
     "authentik_used_by_shadows",
 )
 
+GROUP_RECURSION_LIMIT = 20
+
 
 def default_token_duration() -> datetime:
     """Default duration a Token is valid"""
@@ -96,6 +99,40 @@ class UserTypes(models.TextChoices):
     INTERNAL_SERVICE_ACCOUNT = "internal_service_account"
 
 
+class GroupQuerySet(CTEQuerySet):
+    def with_children_recursive(self):
+        """Recursively get all groups that have the current queryset as parents
+        or are indirectly related."""
+
+        def make_cte(cte):
+            """Build the query that ends up in WITH RECURSIVE"""
+            # Start from self, aka the current query
+            # Add a depth attribute to limit the recursion
+            return self.annotate(
+                relative_depth=models.Value(0, output_field=models.IntegerField())
+            ).union(
+                # Here is the recursive part of the query. cte refers to the previous iteration
+                # Only select groups for which the parent is part of the previous iteration
+                # and increase the depth
+                # Finally, limit the depth
+                cte.join(Group, group_uuid=cte.col.parent_id)
+                .annotate(
+                    relative_depth=models.ExpressionWrapper(
+                        cte.col.relative_depth
+                        + models.Value(1, output_field=models.IntegerField()),
+                        output_field=models.IntegerField(),
+                    )
+                )
+                .filter(relative_depth__lt=GROUP_RECURSION_LIMIT),
+                all=True,
+            )
+
+        # Build the recursive query, see above
+        cte = With.recursive(make_cte)
+        # Return the result, as a usable queryset for Group.
+        return cte.join(Group, group_uuid=cte.col.group_uuid).with_cte(cte)
+
+
 class Group(SerializerModel):
     """Group model which supports a basic hierarchy and has attributes"""
 
@@ -118,6 +155,8 @@ class Group(SerializerModel):
     )
     attributes = models.JSONField(default=dict, blank=True)
 
+    objects = GroupQuerySet.as_manager()
+
     @property
     def serializer(self) -> Serializer:
         from authentik.core.api.groups import GroupSerializer
@@ -136,36 +175,11 @@ class Group(SerializerModel):
         return user.all_groups().filter(group_uuid=self.group_uuid).exists()
 
     def children_recursive(self: Self | QuerySet["Group"]) -> QuerySet["Group"]:
-        """Recursively get all groups that have this as parent or are indirectly related"""
-        direct_groups = []
-        if isinstance(self, QuerySet):
-            direct_groups = list(x for x in self.all().values_list("pk", flat=True).iterator())
-        else:
-            direct_groups = [self.pk]
-        if len(direct_groups) < 1:
-            return Group.objects.none()
-        query = """
-        WITH RECURSIVE parents AS (
-            SELECT authentik_core_group.*, 0 AS relative_depth
-            FROM authentik_core_group
-            WHERE authentik_core_group.group_uuid = ANY(%s)
-
-            UNION ALL
-
-            SELECT authentik_core_group.*, parents.relative_depth + 1
-            FROM authentik_core_group, parents
-            WHERE (
-                authentik_core_group.group_uuid = parents.parent_id and
-                parents.relative_depth < 20
-            )
-        )
-        SELECT group_uuid
-        FROM parents
-        GROUP BY group_uuid, name
-        ORDER BY name;
-        """
-        group_pks = [group.pk for group in Group.objects.raw(query, [direct_groups]).iterator()]
-        return Group.objects.filter(pk__in=group_pks)
+        """Compatibility layer for Group.objects.with_children_recursive()"""
+        qs = self
+        if not isinstance(self, QuerySet):
+            qs = Group.objects.filter(group_uuid=self.group_uuid)
+        return qs.with_children_recursive()
 
     def __str__(self):
         return f"Group {self.name}"
@@ -232,10 +246,8 @@ class User(SerializerModel, GuardianUserMixin, AbstractUser):
         return User._meta.get_field("path").default
 
     def all_groups(self) -> QuerySet[Group]:
-        """Recursively get all groups this user is a member of.
-        At least one query is done to get the direct groups of the user, with groups
-        there are at most 3 queries done"""
-        return Group.children_recursive(self.ak_groups.all())
+        """Recursively get all groups this user is a member of."""
+        return self.ak_groups.all().with_children_recursive()
 
     def group_attributes(self, request: HttpRequest | None = None) -> dict[str, Any]:
         """Get a dictionary containing the attributes from all groups the user belongs to,

authentik/enterprise/providers/google_workspace/api/groups.py

@@ -1,14 +1,15 @@
 """GoogleWorkspaceProviderGroup API Views"""
 
-from rest_framework.viewsets import ModelViewSet
+from rest_framework import mixins
+from rest_framework.serializers import ModelSerializer
+from rest_framework.viewsets import GenericViewSet
 
-from authentik.core.api.sources import SourceSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.users import UserGroupSerializer
 from authentik.enterprise.providers.google_workspace.models import GoogleWorkspaceProviderGroup
 
 
-class GoogleWorkspaceProviderGroupSerializer(SourceSerializer):
+class GoogleWorkspaceProviderGroupSerializer(ModelSerializer):
     """GoogleWorkspaceProviderGroup Serializer"""
 
     group_obj = UserGroupSerializer(source="group", read_only=True)
@@ -20,10 +21,20 @@ class GoogleWorkspaceProviderGroupSerializer(SourceSerializer):
             "id",
             "group",
             "group_obj",
+            "provider",
+            "attributes",
         ]
+        extra_kwargs = {"attributes": {"read_only": True}}
 
 
-class GoogleWorkspaceProviderGroupViewSet(UsedByMixin, ModelViewSet):
+class GoogleWorkspaceProviderGroupViewSet(
+    mixins.CreateModelMixin,
+    mixins.RetrieveModelMixin,
+    mixins.DestroyModelMixin,
+    UsedByMixin,
+    mixins.ListModelMixin,
+    GenericViewSet,
+):
     """GoogleWorkspaceProviderGroup Viewset"""
 
     queryset = GoogleWorkspaceProviderGroup.objects.all().select_related("group")

authentik/enterprise/providers/google_workspace/api/users.py

@@ -1,14 +1,15 @@
 """GoogleWorkspaceProviderUser API Views"""
 
-from rest_framework.viewsets import ModelViewSet
+from rest_framework import mixins
+from rest_framework.serializers import ModelSerializer
+from rest_framework.viewsets import GenericViewSet
 
 from authentik.core.api.groups import GroupMemberSerializer
-from authentik.core.api.sources import SourceSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.enterprise.providers.google_workspace.models import GoogleWorkspaceProviderUser
 
 
-class GoogleWorkspaceProviderUserSerializer(SourceSerializer):
+class GoogleWorkspaceProviderUserSerializer(ModelSerializer):
     """GoogleWorkspaceProviderUser Serializer"""
 
     user_obj = GroupMemberSerializer(source="user", read_only=True)
@@ -20,10 +21,20 @@ class GoogleWorkspaceProviderUserSerializer(SourceSerializer):
             "id",
             "user",
             "user_obj",
+            "provider",
+            "attributes",
         ]
+        extra_kwargs = {"attributes": {"read_only": True}}
 
 
-class GoogleWorkspaceProviderUserViewSet(UsedByMixin, ModelViewSet):
+class GoogleWorkspaceProviderUserViewSet(
+    mixins.CreateModelMixin,
+    mixins.RetrieveModelMixin,
+    mixins.DestroyModelMixin,
+    UsedByMixin,
+    mixins.ListModelMixin,
+    GenericViewSet,
+):
     """GoogleWorkspaceProviderUser Viewset"""
 
     queryset = GoogleWorkspaceProviderUser.objects.all().select_related("user")

authentik/enterprise/providers/google_workspace/clients/groups.py

@@ -33,14 +33,14 @@ class GoogleWorkspaceGroupClient(
         self.mapper = PropertyMappingManager(
             self.provider.property_mappings_group.all().order_by("name").select_subclasses(),
             GoogleWorkspaceProviderMapping,
-            ["group", "provider", "creating"],
+            ["group", "provider", "connection"],
         )
 
-    def to_schema(self, obj: Group, creating: bool) -> dict:
+    def to_schema(self, obj: Group, connection: GoogleWorkspaceProviderGroup) -> dict:
         """Convert authentik group"""
         return super().to_schema(
             obj,
-            creating,
+            connection=connection,
             email=f"{slugify(obj.name)}@{self.provider.default_group_email_domain}",
         )
 
@@ -61,7 +61,7 @@ class GoogleWorkspaceGroupClient(
 
     def create(self, group: Group):
         """Create group from scratch and create a connection object"""
-        google_group = self.to_schema(group, True)
+        google_group = self.to_schema(group, None)
         self.check_email_valid(google_group["email"])
         with transaction.atomic():
             try:
@@ -74,16 +74,22 @@ class GoogleWorkspaceGroupClient(
                     self.directory_service.groups().get(groupKey=google_group["email"])
                 )
                 return GoogleWorkspaceProviderGroup.objects.create(
-                    provider=self.provider, group=group, google_id=group_data["id"]
+                    provider=self.provider,
+                    group=group,
+                    google_id=group_data["id"],
+                    attributes=group_data,
                 )
             else:
                 return GoogleWorkspaceProviderGroup.objects.create(
-                    provider=self.provider, group=group, google_id=response["id"]
+                    provider=self.provider,
+                    group=group,
+                    google_id=response["id"],
+                    attributes=response,
                 )
 
     def update(self, group: Group, connection: GoogleWorkspaceProviderGroup):
         """Update existing group"""
-        google_group = self.to_schema(group, False)
+        google_group = self.to_schema(group, connection)
         self.check_email_valid(google_group["email"])
         try:
             return self._request(
@@ -204,4 +210,5 @@ class GoogleWorkspaceGroupClient(
             provider=self.provider,
             group=matching_authentik_group,
             google_id=google_id,
+            attributes=group,
         )

authentik/enterprise/providers/google_workspace/clients/users.py

@@ -28,15 +28,12 @@ class GoogleWorkspaceUserClient(GoogleWorkspaceSyncClient[User, GoogleWorkspaceP
         self.mapper = PropertyMappingManager(
             self.provider.property_mappings.all().order_by("name").select_subclasses(),
             GoogleWorkspaceProviderMapping,
-            ["provider", "creating"],
+            ["provider", "connection"],
         )
 
-    def to_schema(self, obj: User, creating: bool) -> dict:
+    def to_schema(self, obj: User, connection: GoogleWorkspaceProviderUser) -> dict:
         """Convert authentik user"""
-        raw_google_user = super().to_schema(obj, creating)
-        if "primaryEmail" not in raw_google_user:
-            raw_google_user["primaryEmail"] = str(obj.email)
-        return delete_none_values(raw_google_user)
+        return delete_none_values(super().to_schema(obj, connection, primaryEmail=obj.email))
 
     def delete(self, obj: User):
         """Delete user"""
@@ -63,7 +60,7 @@ class GoogleWorkspaceUserClient(GoogleWorkspaceSyncClient[User, GoogleWorkspaceP
 
     def create(self, user: User):
         """Create user from scratch and create a connection object"""
-        google_user = self.to_schema(user, True)
+        google_user = self.to_schema(user, None)
         self.check_email_valid(
             google_user["primaryEmail"], *[x["address"] for x in google_user.get("emails", [])]
         )
@@ -73,18 +70,21 @@ class GoogleWorkspaceUserClient(GoogleWorkspaceSyncClient[User, GoogleWorkspaceP
             except ObjectExistsSyncException:
                 # user already exists in google workspace, so we can connect them manually
                 return GoogleWorkspaceProviderUser.objects.create(
-                    provider=self.provider, user=user, google_id=user.email
+                    provider=self.provider, user=user, google_id=user.email, attributes={}
                 )
             except TransientSyncException as exc:
                 raise exc
             else:
                 return GoogleWorkspaceProviderUser.objects.create(
-                    provider=self.provider, user=user, google_id=response["primaryEmail"]
+                    provider=self.provider,
+                    user=user,
+                    google_id=response["primaryEmail"],
+                    attributes=response,
                 )
 
     def update(self, user: User, connection: GoogleWorkspaceProviderUser):
         """Update existing user"""
-        google_user = self.to_schema(user, False)
+        google_user = self.to_schema(user, connection)
         self.check_email_valid(
             google_user["primaryEmail"], *[x["address"] for x in google_user.get("emails", [])]
         )
@@ -115,4 +115,5 @@ class GoogleWorkspaceUserClient(GoogleWorkspaceSyncClient[User, GoogleWorkspaceP
             provider=self.provider,
             user=matching_authentik_user,
             google_id=email,
+            attributes=user,
         )

authentik/enterprise/providers/google_workspace/migrations/0003_googleworkspaceprovidergroup_attributes_and_more.py

@@ -0,0 +1,26 @@
+# Generated by Django 5.0.6 on 2024-05-23 20:48
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        (
+            "authentik_providers_google_workspace",
+            "0001_squashed_0002_alter_googleworkspaceprovidergroup_options_and_more",
+        ),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="googleworkspaceprovidergroup",
+            name="attributes",
+            field=models.JSONField(default=dict),
+        ),
+        migrations.AddField(
+            model_name="googleworkspaceprovideruser",
+            name="attributes",
+            field=models.JSONField(default=dict),
+        ),
+    ]

authentik/enterprise/providers/google_workspace/models.py

@@ -153,6 +153,7 @@ class GoogleWorkspaceProviderUser(SerializerModel):
     google_id = models.TextField()
     user = models.ForeignKey(User, on_delete=models.CASCADE)
     provider = models.ForeignKey(GoogleWorkspaceProvider, on_delete=models.CASCADE)
+    attributes = models.JSONField(default=dict)
 
     @property
     def serializer(self) -> type[Serializer]:
@@ -178,6 +179,7 @@ class GoogleWorkspaceProviderGroup(SerializerModel):
     google_id = models.TextField()
     group = models.ForeignKey(Group, on_delete=models.CASCADE)
     provider = models.ForeignKey(GoogleWorkspaceProvider, on_delete=models.CASCADE)
+    attributes = models.JSONField(default=dict)
 
     @property
     def serializer(self) -> type[Serializer]:

authentik/enterprise/providers/microsoft_entra/api/groups.py

@@ -1,14 +1,15 @@
 """MicrosoftEntraProviderGroup API Views"""
 
-from rest_framework.viewsets import ModelViewSet
+from rest_framework import mixins
+from rest_framework.serializers import ModelSerializer
+from rest_framework.viewsets import GenericViewSet
 
-from authentik.core.api.sources import SourceSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.users import UserGroupSerializer
 from authentik.enterprise.providers.microsoft_entra.models import MicrosoftEntraProviderGroup
 
 
-class MicrosoftEntraProviderGroupSerializer(SourceSerializer):
+class MicrosoftEntraProviderGroupSerializer(ModelSerializer):
     """MicrosoftEntraProviderGroup Serializer"""
 
     group_obj = UserGroupSerializer(source="group", read_only=True)
@@ -20,10 +21,20 @@ class MicrosoftEntraProviderGroupSerializer(SourceSerializer):
             "id",
             "group",
             "group_obj",
+            "provider",
+            "attributes",
         ]
+        extra_kwargs = {"attributes": {"read_only": True}}
 
 
-class MicrosoftEntraProviderGroupViewSet(UsedByMixin, ModelViewSet):
+class MicrosoftEntraProviderGroupViewSet(
+    mixins.CreateModelMixin,
+    mixins.RetrieveModelMixin,
+    mixins.DestroyModelMixin,
+    UsedByMixin,
+    mixins.ListModelMixin,
+    GenericViewSet,
+):
     """MicrosoftEntraProviderGroup Viewset"""
 
     queryset = MicrosoftEntraProviderGroup.objects.all().select_related("group")

authentik/enterprise/providers/microsoft_entra/api/users.py

@@ -1,14 +1,15 @@
 """MicrosoftEntraProviderUser API Views"""
 
-from rest_framework.viewsets import ModelViewSet
+from rest_framework import mixins
+from rest_framework.serializers import ModelSerializer
+from rest_framework.viewsets import GenericViewSet
 
 from authentik.core.api.groups import GroupMemberSerializer
-from authentik.core.api.sources import SourceSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.enterprise.providers.microsoft_entra.models import MicrosoftEntraProviderUser
 
 
-class MicrosoftEntraProviderUserSerializer(SourceSerializer):
+class MicrosoftEntraProviderUserSerializer(ModelSerializer):
     """MicrosoftEntraProviderUser Serializer"""
 
     user_obj = GroupMemberSerializer(source="user", read_only=True)
@@ -20,10 +21,20 @@ class MicrosoftEntraProviderUserSerializer(SourceSerializer):
             "id",
             "user",
             "user_obj",
+            "provider",
+            "attributes",
         ]
+        extra_kwargs = {"attributes": {"read_only": True}}
 
 
-class MicrosoftEntraProviderUserViewSet(UsedByMixin, ModelViewSet):
+class MicrosoftEntraProviderUserViewSet(
+    mixins.CreateModelMixin,
+    mixins.RetrieveModelMixin,
+    mixins.DestroyModelMixin,
+    UsedByMixin,
+    mixins.ListModelMixin,
+    GenericViewSet,
+):
     """MicrosoftEntraProviderUser Viewset"""
 
     queryset = MicrosoftEntraProviderUser.objects.all().select_related("user")

authentik/enterprise/providers/microsoft_entra/clients/base.py

@@ -1,5 +1,6 @@
 from asyncio import run
 from collections.abc import Coroutine
+from dataclasses import asdict
 from typing import Any
 
 from azure.core.exceptions import (
@@ -15,6 +16,7 @@ from kiota_authentication_azure.azure_identity_authentication_provider import (
     AzureIdentityAuthenticationProvider,
 )
 from kiota_http.kiota_client_factory import KiotaClientFactory
+from msgraph.generated.models.entity import Entity
 from msgraph.generated.models.o_data_errors.o_data_error import ODataError
 from msgraph.graph_request_adapter import GraphRequestAdapter, options
 from msgraph.graph_service_client import GraphServiceClient
@@ -98,3 +100,10 @@ class MicrosoftEntraSyncClient[TModel: Model, TConnection: Model, TSchema: dict]
         for email in emails:
             if not any(email.endswith(f"@{domain_name}") for domain_name in self.domains):
                 raise BadRequestSyncException(f"Invalid email domain: {email}")
+
+    def entity_as_dict(self, entity: Entity) -> dict:
+        """Create a dictionary of a model instance, making sure to remove (known) things
+        we can't JSON serialize"""
+        raw_data = asdict(entity)
+        raw_data.pop("backing_store", None)
+        return raw_data

authentik/enterprise/providers/microsoft_entra/clients/groups.py

@@ -36,12 +36,12 @@ class MicrosoftEntraGroupClient(
         self.mapper = PropertyMappingManager(
             self.provider.property_mappings_group.all().order_by("name").select_subclasses(),
             MicrosoftEntraProviderMapping,
-            ["group", "provider", "creating"],
+            ["group", "provider", "connection"],
         )
 
-    def to_schema(self, obj: Group, creating: bool) -> MSGroup:
+    def to_schema(self, obj: Group, connection: MicrosoftEntraProviderGroup) -> MSGroup:
         """Convert authentik group"""
-        raw_microsoft_group = super().to_schema(obj, creating)
+        raw_microsoft_group = super().to_schema(obj, connection)
         try:
             return MSGroup(**raw_microsoft_group)
         except TypeError as exc:
@@ -62,7 +62,7 @@ class MicrosoftEntraGroupClient(
 
     def create(self, group: Group):
         """Create group from scratch and create a connection object"""
-        microsoft_group = self.to_schema(group, True)
+        microsoft_group = self.to_schema(group, None)
         with transaction.atomic():
             try:
                 response = self._request(self.client.groups.post(microsoft_group))
@@ -79,22 +79,29 @@ class MicrosoftEntraGroupClient(
                     )
                 )
                 group_data = self._request(self.client.groups.get(request_configuration))
-                if group_data.odata_count < 1:
+                if group_data.odata_count < 1 or len(group_data.value) < 1:
                     self.logger.warning(
                         "Group which could not be created also does not exist", group=group
                     )
                     return
+                ms_group = group_data.value[0]
                 return MicrosoftEntraProviderGroup.objects.create(
-                    provider=self.provider, group=group, microsoft_id=group_data.value[0].id
+                    provider=self.provider,
+                    group=group,
+                    microsoft_id=ms_group.id,
+                    attributes=self.entity_as_dict(ms_group),
                 )
             else:
                 return MicrosoftEntraProviderGroup.objects.create(
-                    provider=self.provider, group=group, microsoft_id=response.id
+                    provider=self.provider,
+                    group=group,
+                    microsoft_id=response.id,
+                    attributes=self.entity_as_dict(response),
                 )
 
     def update(self, group: Group, connection: MicrosoftEntraProviderGroup):
         """Update existing group"""
-        microsoft_group = self.to_schema(group, False)
+        microsoft_group = self.to_schema(group, connection)
         microsoft_group.id = connection.microsoft_id
         try:
             return self._request(
@@ -213,4 +220,5 @@ class MicrosoftEntraGroupClient(
             provider=self.provider,
             group=matching_authentik_group,
             microsoft_id=group.id,
+            attributes=self.entity_as_dict(group),
         )

authentik/enterprise/providers/microsoft_entra/clients/users.py

@@ -31,12 +31,12 @@ class MicrosoftEntraUserClient(MicrosoftEntraSyncClient[User, MicrosoftEntraProv
         self.mapper = PropertyMappingManager(
             self.provider.property_mappings.all().order_by("name").select_subclasses(),
             MicrosoftEntraProviderMapping,
-            ["provider", "creating"],
+            ["provider", "connection"],
         )
 
-    def to_schema(self, obj: User, creating: bool) -> MSUser:
+    def to_schema(self, obj: User, connection: MicrosoftEntraProviderUser) -> MSUser:
         """Convert authentik user"""
-        raw_microsoft_user = super().to_schema(obj, creating)
+        raw_microsoft_user = super().to_schema(obj, connection)
         try:
             return MSUser(**delete_none_values(raw_microsoft_user))
         except TypeError as exc:
@@ -67,7 +67,7 @@ class MicrosoftEntraUserClient(MicrosoftEntraSyncClient[User, MicrosoftEntraProv
 
     def create(self, user: User):
         """Create user from scratch and create a connection object"""
-        microsoft_user = self.to_schema(user, True)
+        microsoft_user = self.to_schema(user, None)
         self.check_email_valid(microsoft_user.user_principal_name)
         with transaction.atomic():
             try:
@@ -83,24 +83,32 @@ class MicrosoftEntraUserClient(MicrosoftEntraSyncClient[User, MicrosoftEntraProv
                     )
                 )
                 user_data = self._request(self.client.users.get(request_configuration))
-                if user_data.odata_count < 1:
+                if user_data.odata_count < 1 or len(user_data.value) < 1:
                     self.logger.warning(
                         "User which could not be created also does not exist", user=user
                     )
                     return
+                ms_user = user_data.value[0]
                 return MicrosoftEntraProviderUser.objects.create(
-                    provider=self.provider, user=user, microsoft_id=user_data.value[0].id
+                    provider=self.provider,
+                    user=user,
+                    microsoft_id=ms_user.id,
+                    attributes=self.entity_as_dict(ms_user),
                 )
             except TransientSyncException as exc:
                 raise exc
             else:
+                print(self.entity_as_dict(response))
                 return MicrosoftEntraProviderUser.objects.create(
-                    provider=self.provider, user=user, microsoft_id=response.id
+                    provider=self.provider,
+                    user=user,
+                    microsoft_id=response.id,
+                    attributes=self.entity_as_dict(response),
                 )
 
     def update(self, user: User, connection: MicrosoftEntraProviderUser):
         """Update existing user"""
-        microsoft_user = self.to_schema(user, False)
+        microsoft_user = self.to_schema(user, connection)
         self.check_email_valid(microsoft_user.user_principal_name)
         self._request(self.client.users.by_user_id(connection.microsoft_id).patch(microsoft_user))
 
@@ -125,4 +133,5 @@ class MicrosoftEntraUserClient(MicrosoftEntraSyncClient[User, MicrosoftEntraProv
             provider=self.provider,
             user=matching_authentik_user,
             microsoft_id=user.id,
+            attributes=self.entity_as_dict(user),
         )

authentik/enterprise/providers/microsoft_entra/migrations/0002_microsoftentraprovidergroup_attributes_and_more.py

@@ -0,0 +1,23 @@
+# Generated by Django 5.0.6 on 2024-05-23 20:48
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_providers_microsoft_entra", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="microsoftentraprovidergroup",
+            name="attributes",
+            field=models.JSONField(default=dict),
+        ),
+        migrations.AddField(
+            model_name="microsoftentraprovideruser",
+            name="attributes",
+            field=models.JSONField(default=dict),
+        ),
+    ]

authentik/enterprise/providers/microsoft_entra/models.py

@@ -142,6 +142,7 @@ class MicrosoftEntraProviderUser(SerializerModel):
     microsoft_id = models.TextField()
     user = models.ForeignKey(User, on_delete=models.CASCADE)
     provider = models.ForeignKey(MicrosoftEntraProvider, on_delete=models.CASCADE)
+    attributes = models.JSONField(default=dict)
 
     @property
     def serializer(self) -> type[Serializer]:
@@ -167,6 +168,7 @@ class MicrosoftEntraProviderGroup(SerializerModel):
     microsoft_id = models.TextField()
     group = models.ForeignKey(Group, on_delete=models.CASCADE)
     provider = models.ForeignKey(MicrosoftEntraProvider, on_delete=models.CASCADE)
+    attributes = models.JSONField(default=dict)
 
     @property
     def serializer(self) -> type[Serializer]:

authentik/lib/sync/outgoing/__init__.py

@@ -3,3 +3,6 @@
 PAGE_SIZE = 100
 PAGE_TIMEOUT = 60 * 60 * 0.5  # Half an hour
 HTTP_CONFLICT = 409
+HTTP_NO_CONTENT = 204
+HTTP_SERVICE_UNAVAILABLE = 503
+HTTP_TOO_MANY_REQUESTS = 429

authentik/lib/sync/outgoing/base.py

@@ -79,14 +79,14 @@ class BaseOutgoingSyncClient[
         """Delete object from destination"""
         raise NotImplementedError()
 
-    def to_schema(self, obj: TModel, creating: bool, **defaults) -> TSchema:
+    def to_schema(self, obj: TModel, connection: TConnection | None, **defaults) -> TSchema:
         """Convert object to destination schema"""
         raw_final_object = {}
         try:
             eval_kwargs = {
                 "request": None,
                 "provider": self.provider,
-                "creating": creating,
+                "connection": connection,
                 obj._meta.model_name: obj,
             }
             eval_kwargs.setdefault("user", None)

authentik/outposts/controllers/k8s/base.py

@@ -124,7 +124,6 @@ class KubernetesObjectReconciler(Generic[T]):
                 self.update(current, reference)
                 self.logger.debug("Updating")
             except (OpenApiException, HTTPError) as exc:
-
                 if isinstance(exc, ApiException) and exc.status == 422:  # noqa: PLR2004
                     self.logger.debug("Failed to update current, triggering re-create")
                     self._recreate(current=current, reference=reference)

authentik/providers/oauth2/views/userinfo.py

@@ -15,7 +15,6 @@ from authentik.core.expression.exceptions import PropertyMappingExpressionExcept
 from authentik.events.models import Event, EventAction
 from authentik.flows.challenge import PermissionDict
 from authentik.providers.oauth2.constants import (
-    SCOPE_AUTHENTIK_API,
     SCOPE_GITHUB_ORG_READ,
     SCOPE_GITHUB_USER,
     SCOPE_GITHUB_USER_EMAIL,
@@ -57,7 +56,6 @@ class UserInfoView(View):
             SCOPE_GITHUB_USER_READ: _("GitHub Compatibility: Access your User Information"),
             SCOPE_GITHUB_USER_EMAIL: _("GitHub Compatibility: Access you Email addresses"),
             SCOPE_GITHUB_ORG_READ: _("GitHub Compatibility: Access your Groups"),
-            SCOPE_AUTHENTIK_API: _("authentik API Access on behalf of your user"),
         }
         for scope in scopes:
             if scope in special_scope_map:

authentik/providers/scim/clients/base.py

@@ -6,9 +6,18 @@ from django.http import HttpResponseBadRequest, HttpResponseNotFound
 from pydantic import ValidationError
 from requests import RequestException, Session
 
-from authentik.lib.sync.outgoing import HTTP_CONFLICT
+from authentik.lib.sync.outgoing import (
+    HTTP_CONFLICT,
+    HTTP_NO_CONTENT,
+    HTTP_SERVICE_UNAVAILABLE,
+    HTTP_TOO_MANY_REQUESTS,
+)
 from authentik.lib.sync.outgoing.base import BaseOutgoingSyncClient
-from authentik.lib.sync.outgoing.exceptions import NotFoundSyncException, ObjectExistsSyncException
+from authentik.lib.sync.outgoing.exceptions import (
+    NotFoundSyncException,
+    ObjectExistsSyncException,
+    TransientSyncException,
+)
 from authentik.lib.utils.http import get_http_session
 from authentik.providers.scim.clients.exceptions import SCIMRequestException
 from authentik.providers.scim.clients.schema import ServiceProviderConfiguration
@@ -61,13 +70,15 @@ class SCIMClient[TModel: "Model", TConnection: "Model", TSchema: "BaseModel"](
         if response.status_code >= HttpResponseBadRequest.status_code:
             if response.status_code == HttpResponseNotFound.status_code:
                 raise NotFoundSyncException(response)
+            if response.status_code in [HTTP_TOO_MANY_REQUESTS, HTTP_SERVICE_UNAVAILABLE]:
+                raise TransientSyncException()
             if response.status_code == HTTP_CONFLICT:
                 raise ObjectExistsSyncException(response)
             self.logger.warning(
                 "Failed to send SCIM request", path=path, method=method, response=response.text
             )
             raise SCIMRequestException(response)
-        if response.status_code == 204:  # noqa: PLR2004
+        if response.status_code == HTTP_NO_CONTENT:
             return {}
         return response.json()
 

authentik/providers/scim/clients/groups.py

@@ -34,14 +34,14 @@ class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
         self.mapper = PropertyMappingManager(
             self.provider.property_mappings_group.all().order_by("name").select_subclasses(),
             SCIMMapping,
-            ["group", "provider", "creating"],
+            ["group", "provider", "connection"],
         )
 
-    def to_schema(self, obj: Group, creating: bool) -> SCIMGroupSchema:
+    def to_schema(self, obj: Group, connection: SCIMGroup) -> SCIMGroupSchema:
         """Convert authentik user into SCIM"""
         raw_scim_group = super().to_schema(
             obj,
-            creating,
+            connection,
             schemas=(SCIM_GROUP_SCHEMA,),
         )
         try:
@@ -76,7 +76,7 @@ class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
 
     def create(self, group: Group):
         """Create group from scratch and create a connection object"""
-        scim_group = self.to_schema(group, True)
+        scim_group = self.to_schema(group, None)
         response = self._request(
             "POST",
             "/Groups",
@@ -92,7 +92,7 @@ class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
 
     def update(self, group: Group, connection: SCIMGroup):
         """Update existing group"""
-        scim_group = self.to_schema(group, False)
+        scim_group = self.to_schema(group, connection)
         scim_group.id = connection.scim_id
         try:
             return self._request(

authentik/providers/scim/clients/users.py

@@ -24,14 +24,14 @@ class SCIMUserClient(SCIMClient[User, SCIMUser, SCIMUserSchema]):
         self.mapper = PropertyMappingManager(
             self.provider.property_mappings.all().order_by("name").select_subclasses(),
             SCIMMapping,
-            ["provider", "creating"],
+            ["provider", "connection"],
         )
 
-    def to_schema(self, obj: User, creating: bool) -> SCIMUserSchema:
+    def to_schema(self, obj: User, connection: SCIMUser) -> SCIMUserSchema:
         """Convert authentik user into SCIM"""
         raw_scim_user = super().to_schema(
             obj,
-            creating,
+            connection,
             schemas=(SCIM_USER_SCHEMA,),
         )
         try:
@@ -54,7 +54,7 @@ class SCIMUserClient(SCIMClient[User, SCIMUser, SCIMUserSchema]):
 
     def create(self, user: User):
         """Create user from scratch and create a connection object"""
-        scim_user = self.to_schema(user, True)
+        scim_user = self.to_schema(user, None)
         response = self._request(
             "POST",
             "/Users",
@@ -70,7 +70,7 @@ class SCIMUserClient(SCIMClient[User, SCIMUser, SCIMUserSchema]):
 
     def update(self, user: User, connection: SCIMUser):
         """Update existing user"""
-        scim_user = self.to_schema(user, False)
+        scim_user = self.to_schema(user, connection)
         scim_user.id = connection.scim_id
         self._request(
             "PUT",

authentik/rbac/signals.py

@@ -45,8 +45,9 @@ def rbac_group_role_m2m(
     if action not in ["post_add", "post_remove", "post_clear"]:
         return
     with atomic():
-        group_users = list(
-            instance.children_recursive()
+        group_users = (
+            Group.objects.filter(group_uuid=instance.group_uuid)
+            .with_children_recursive()
             .exclude(users__isnull=True)
             .values_list("users", flat=True)
         )

authentik/stages/authenticator_validate/stage.py

@@ -411,7 +411,9 @@ class AuthenticatorValidateStageView(ChallengeStageView):
             webauthn_device: WebAuthnDevice = response.device
             self.logger.debug("Set user from user-less flow", user=webauthn_device.user)
             self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = webauthn_device.user
-            self.executor.plan.context.setdefault(PLAN_CONTEXT_METHOD, "auth_webauthn_pwl")
+            # We already set a default method in the validator above
+            # so this needs to have higher priority
+            self.executor.plan.context[PLAN_CONTEXT_METHOD] = "auth_webauthn_pwl"
             self.executor.plan.context.setdefault(PLAN_CONTEXT_METHOD_ARGS, {})
             self.executor.plan.context[PLAN_CONTEXT_METHOD_ARGS].update(
                 {

authentik/stages/authenticator_validate/tests/test_webauthn.py

@@ -32,10 +32,7 @@ from authentik.stages.authenticator_webauthn.models import (
     WebAuthnDeviceType,
 )
 from authentik.stages.authenticator_webauthn.stage import SESSION_KEY_WEBAUTHN_CHALLENGE
-from authentik.stages.authenticator_webauthn.tasks import (
-    webauthn_aaguid_import,
-    webauthn_mds_import,
-)
+from authentik.stages.authenticator_webauthn.tasks import webauthn_mds_import
 from authentik.stages.identification.models import IdentificationStage, UserFields
 from authentik.stages.user_login.models import UserLoginStage
 
@@ -131,8 +128,7 @@ class AuthenticatorValidateStageWebAuthnTests(FlowTestCase):
     def test_device_challenge_webauthn_restricted(self):
         """Test webauthn (getting device challenges with a webauthn
         device that is not allowed due to aaguid restrictions)"""
-        webauthn_mds_import(force=True)
-        webauthn_aaguid_import()
+        webauthn_mds_import.delay(force=True).get()
         request = get_request("/")
         request.user = self.user
 
@@ -249,8 +245,7 @@ class AuthenticatorValidateStageWebAuthnTests(FlowTestCase):
 
     def test_validate_challenge_unrestricted(self):
         """Test webauthn authentication (unrestricted webauthn device)"""
-        webauthn_mds_import(force=True)
-        webauthn_aaguid_import()
+        webauthn_mds_import.delay(force=True).get()
         device = WebAuthnDevice.objects.create(
             user=self.user,
             public_key=(
@@ -323,8 +318,7 @@ class AuthenticatorValidateStageWebAuthnTests(FlowTestCase):
 
     def test_validate_challenge_restricted(self):
         """Test webauthn authentication (restricted device type, failure)"""
-        webauthn_mds_import(force=True)
-        webauthn_aaguid_import()
+        webauthn_mds_import.delay(force=True).get()
         device = WebAuthnDevice.objects.create(
             user=self.user,
             public_key=(

authentik/stages/authenticator_webauthn/apps.py

@@ -10,13 +10,3 @@ class AuthentikStageAuthenticatorWebAuthnConfig(ManagedAppConfig):
     label = "authentik_stages_authenticator_webauthn"
     verbose_name = "authentik Stages.Authenticator.WebAuthn"
     default = True
-
-    @ManagedAppConfig.reconcile_tenant
-    def webauthn_device_types(self):
-        from authentik.stages.authenticator_webauthn.tasks import (
-            webauthn_aaguid_import,
-            webauthn_mds_import,
-        )
-
-        webauthn_mds_import.delay()
-        webauthn_aaguid_import.delay()

authentik/stages/authenticator_webauthn/mds/aaguid.json

@@ -49,6 +49,11 @@
         "icon_dark": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMjQiIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzYwMzRfMzM2MjcpIj4KPGNpcmNsZSBjeD0iMTIiIGN5PSIxMiIgcj0iMTIiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0yMiAxMkMyMiAxNy41MjI4IDE3LjUyMjggMjIgMTIgMjJDNi40NzcxNSAyMiAyIDE3LjUyMjggMiAxMkMyIDYuNDc3MTUgNi40NzcxNSAyIDEyIDJDMTcuNTIyOCAyIDIyIDYuNDc3MTUgMjIgMTJaIiBmaWxsPSJibGFjayIvPgo8cGF0aCBkPSJNMTAuMTIxOCAzLjI3MzI1SDExLjY2NjZWOS41MTUyN0gxNC44NTc1TDE4LjY5NiA2LjQ2MzE3TDE5LjY2MDcgNy42NjgyMUwxNS4zOTg5IDExLjA1NjRIMTAuMTIxOFYzLjI3MzI1WiIgZmlsbD0iI0ZGQzcwMCIvPgo8cGF0aCBkPSJNMTMuMTQzOCAzLjQ4MzY2TDE0LjY4ODcgMy44NzY5NFY2LjAzNDkyTDE2LjQxNzMgNC42MTgxMUwxNy43MDA4IDUuNTYwOTdMMTQuNDA3IDguMjYwMTNMMTMuMTQzOCA4LjI1MzQxVjMuNDgzNjZaIiBmaWxsPSIjRkZDNzAwIi8+CjxwYXRoIGQ9Ik00LjAzODcgMTUuMDg0OUw1LjU4MzU0IDE2LjM5NThWNy44MTQyN0w0LjAzODcgOS4yMjc3MlYxNS4wODQ5WiIgZmlsbD0iI0ZGQzcwMCIvPgo8cGF0aCBkPSJNOC42MTI1NyAxOC4yNDExTDcuMDY2MDQgMTkuNTgwNlY0LjQ5NDg1TDguNjEyNTcgNS44MzQzNFYxOC4yNDExWiIgZmlsbD0iI0ZGQzcwMCIvPgo8cGF0aCBkPSJNMTQuNjg4NyAxOC4xMTc0TDE2LjQxNzMgMTkuNTM0MkwxNy43MDA4IDE4LjU4OTdMMTQuNDA3IDE1Ljg5MjJMMTMuMTQzOCAxNS44OTg5VjIwLjY2ODdMMTQuNjg4NyAyMC4yNzU0VjE4LjExNzRaIiBmaWxsPSIjRkZDNzAwIi8+CjxwYXRoIGQ9Ik0xOC42OTYgMTcuNDc4NkwxNC44NTc1IDE0LjQyNDhIMTEuNjY2NlYyMC42NjY4SDEwLjEyMThWMTIuODg1M0gxNS4zOTg5TDE5LjY2MDcgMTYuMjczNUwxOC42OTYgMTcuNDc4NloiIGZpbGw9IiNGRkM3MDAiLz4KPHBhdGggZD0iTTE2LjczNzYgMTEuOTcwNkwxOS44OTgxIDE0LjU3MDZMMjAuODgzIDEzLjM4MjNMMTkuMTY2MSAxMS45NzA2TDIwLjg4MyAxMC41NTg4TDE5Ljg5ODEgOS4zNzA1NkwxNi43Mzc2IDExLjk3MDZaIiBmaWxsPSIjRkZDNzAwIi8+CjwvZz4KPGRlZnM+CjxjbGlwUGF0aCBpZD0iY2xpcDBfNjAzNF8zMzYyNyI+CjxyZWN0IHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgZmlsbD0id2hpdGUiLz4KPC9jbGlwUGF0aD4KPC9kZWZzPgo8L3N2Zz4K",
         "icon_light": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMjQiIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzYwMzRfMzM2MjcpIj4KPGNpcmNsZSBjeD0iMTIiIGN5PSIxMiIgcj0iMTIiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0yMiAxMkMyMiAxNy41MjI4IDE3LjUyMjggMjIgMTIgMjJDNi40NzcxNSAyMiAyIDE3LjUyMjggMiAxMkMyIDYuNDc3MTUgNi40NzcxNSAyIDEyIDJDMTcuNTIyOCAyIDIyIDYuNDc3MTUgMjIgMTJaIiBmaWxsPSJibGFjayIvPgo8cGF0aCBkPSJNMTAuMTIxOCAzLjI3MzI1SDExLjY2NjZWOS41MTUyN0gxNC44NTc1TDE4LjY5NiA2LjQ2MzE3TDE5LjY2MDcgNy42NjgyMUwxNS4zOTg5IDExLjA1NjRIMTAuMTIxOFYzLjI3MzI1WiIgZmlsbD0iI0ZGQzcwMCIvPgo8cGF0aCBkPSJNMTMuMTQzOCAzLjQ4MzY2TDE0LjY4ODcgMy44NzY5NFY2LjAzNDkyTDE2LjQxNzMgNC42MTgxMUwxNy43MDA4IDUuNTYwOTdMMTQuNDA3IDguMjYwMTNMMTMuMTQzOCA4LjI1MzQxVjMuNDgzNjZaIiBmaWxsPSIjRkZDNzAwIi8+CjxwYXRoIGQ9Ik00LjAzODcgMTUuMDg0OUw1LjU4MzU0IDE2LjM5NThWNy44MTQyN0w0LjAzODcgOS4yMjc3MlYxNS4wODQ5WiIgZmlsbD0iI0ZGQzcwMCIvPgo8cGF0aCBkPSJNOC42MTI1NyAxOC4yNDExTDcuMDY2MDQgMTkuNTgwNlY0LjQ5NDg1TDguNjEyNTcgNS44MzQzNFYxOC4yNDExWiIgZmlsbD0iI0ZGQzcwMCIvPgo8cGF0aCBkPSJNMTQuNjg4NyAxOC4xMTc0TDE2LjQxNzMgMTkuNTM0MkwxNy43MDA4IDE4LjU4OTdMMTQuNDA3IDE1Ljg5MjJMMTMuMTQzOCAxNS44OTg5VjIwLjY2ODdMMTQuNjg4NyAyMC4yNzU0VjE4LjExNzRaIiBmaWxsPSIjRkZDNzAwIi8+CjxwYXRoIGQ9Ik0xOC42OTYgMTcuNDc4NkwxNC44NTc1IDE0LjQyNDhIMTEuNjY2NlYyMC42NjY4SDEwLjEyMThWMTIuODg1M0gxNS4zOTg5TDE5LjY2MDcgMTYuMjczNUwxOC42OTYgMTcuNDc4NloiIGZpbGw9IiNGRkM3MDAiLz4KPHBhdGggZD0iTTE2LjczNzYgMTEuOTcwNkwxOS44OTgxIDE0LjU3MDZMMjAuODgzIDEzLjM4MjNMMTkuMTY2MSAxMS45NzA2TDIwLjg4MyAxMC41NTg4TDE5Ljg5ODEgOS4zNzA1NkwxNi43Mzc2IDExLjk3MDZaIiBmaWxsPSIjRkZDNzAwIi8+CjwvZz4KPGRlZnM+CjxjbGlwUGF0aCBpZD0iY2xpcDBfNjAzNF8zMzYyNyI+CjxyZWN0IHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgZmlsbD0id2hpdGUiLz4KPC9jbGlwUGF0aD4KPC9kZWZzPgo8L3N2Zz4K"
     },
+    "891494da-2c90-4d31-a9cd-4eab0aed1309": {
+        "name": "Sésame",
+        "icon_dark": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAyNCIgaGVpZ2h0PSIxMDI0IiB2aWV3Qm94PSIwIDAgMTAyNCAxMDI0IiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cmVjdCB3aWR0aD0iMTAyNCIgaGVpZ2h0PSIxMDI0IiByeD0iMTc2IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfMjAyXzMpIi8+CjxwYXRoIGQ9Ik03NjkuMTc1IDQ1Mi4xMThMMzcwLjU3OSA0NTEuNjc4QzMzOS42NTggNDUxLjY4NSAzMTAuMDA2IDQ2My45NjMgMjg4LjE0NCA0ODUuODEyQzI2Ni4yODIgNTA3LjY2MiAyNTQgNTM3LjI5NCAyNTQgNTY4LjE5Vjc5OC43MUMyNTQgODA3LjUzNyAyNTcuNTA5IDgxNi4wMDQgMjYzLjc1NSA4MjIuMjQ3QzI3MC4wMDIgODI4LjQ5IDI3OC40NzQgODMxLjk5OCAyODcuMzA4IDgzMkg2NTIuOTRDNjgzLjg2NCA4MzEuOTk4IDcxMy41MiA4MTkuNzIyIDczNS4zODYgNzk3Ljg3MkM3NTcuMjUyIDc3Ni4wMjIgNzY5LjUzNiA3NDYuMzg4IDc2OS41MzYgNzE1LjQ4OEw3NzAgNDU5LjYzMVY0MjMuODUzQzc2OS43ODggMzc2LjUyMyA3NTUuMTQ5IDMzMC4zODIgNzI4LjAzNCAyOTEuNTc1QzcwMC45MTkgMjUyLjc2NyA2NjIuNjE0IDIyMy4xMzYgNjE4LjIyMiAyMDYuNjI3QzU3My44MyAxOTAuMTE4IDUyNS40NTggMTg3LjUxNiA0NzkuNTQ4IDE5OS4xNjdDNDMzLjYzOSAyMTAuODE3IDM5Mi4zNzIgMjM2LjE2OCAzNjEuMjQzIDI3MS44NDIiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMzIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPgo8cGF0aCBkPSJNNTEyLjAwMSA2OTJDNTM5LjYxNSA2OTIgNTYyLjAwMSA2NjkuNjE0IDU2Mi4wMDEgNjQyQzU2Mi4wMDEgNjE0LjM4NiA1MzkuNjE1IDU5MiA1MTIuMDAxIDU5MkM0ODQuMzg3IDU5MiA0NjIuMDAxIDYxNC4zODYgNDYyLjAwMSA2NDJDNDYyLjAwMSA2NjkuNjE0IDQ4NC4zODcgNjkyIDUxMi4wMDEgNjkyWiIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIzMiIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzIwMl8zIiB4MT0iMCIgeTE9IjAiIHgyPSIxMDI0IiB5Mj0iMTAyNCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjMDA2REU2Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwQTZGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo=",
+        "icon_light": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAyNCIgaGVpZ2h0PSIxMDI0IiB2aWV3Qm94PSIwIDAgMTAyNCAxMDI0IiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cmVjdCB3aWR0aD0iMTAyNCIgaGVpZ2h0PSIxMDI0IiByeD0iMTc2IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfMjAyXzMpIi8+CjxwYXRoIGQ9Ik03NjkuMTc1IDQ1Mi4xMThMMzcwLjU3OSA0NTEuNjc4QzMzOS42NTggNDUxLjY4NSAzMTAuMDA2IDQ2My45NjMgMjg4LjE0NCA0ODUuODEyQzI2Ni4yODIgNTA3LjY2MiAyNTQgNTM3LjI5NCAyNTQgNTY4LjE5Vjc5OC43MUMyNTQgODA3LjUzNyAyNTcuNTA5IDgxNi4wMDQgMjYzLjc1NSA4MjIuMjQ3QzI3MC4wMDIgODI4LjQ5IDI3OC40NzQgODMxLjk5OCAyODcuMzA4IDgzMkg2NTIuOTRDNjgzLjg2NCA4MzEuOTk4IDcxMy41MiA4MTkuNzIyIDczNS4zODYgNzk3Ljg3MkM3NTcuMjUyIDc3Ni4wMjIgNzY5LjUzNiA3NDYuMzg4IDc2OS41MzYgNzE1LjQ4OEw3NzAgNDU5LjYzMVY0MjMuODUzQzc2OS43ODggMzc2LjUyMyA3NTUuMTQ5IDMzMC4zODIgNzI4LjAzNCAyOTEuNTc1QzcwMC45MTkgMjUyLjc2NyA2NjIuNjE0IDIyMy4xMzYgNjE4LjIyMiAyMDYuNjI3QzU3My44MyAxOTAuMTE4IDUyNS40NTggMTg3LjUxNiA0NzkuNTQ4IDE5OS4xNjdDNDMzLjYzOSAyMTAuODE3IDM5Mi4zNzIgMjM2LjE2OCAzNjEuMjQzIDI3MS44NDIiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMzIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPgo8cGF0aCBkPSJNNTEyLjAwMSA2OTJDNTM5LjYxNSA2OTIgNTYyLjAwMSA2NjkuNjE0IDU2Mi4wMDEgNjQyQzU2Mi4wMDEgNjE0LjM4NiA1MzkuNjE1IDU5MiA1MTIuMDAxIDU5MkM0ODQuMzg3IDU5MiA0NjIuMDAxIDYxNC4zODYgNDYyLjAwMSA2NDJDNDYyLjAwMSA2NjkuNjE0IDQ4NC4zODcgNjkyIDUxMi4wMDEgNjkyWiIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIzMiIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzIwMl8zIiB4MT0iMCIgeTE9IjAiIHgyPSIxMDI0IiB5Mj0iMTAyNCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjMDA2REU2Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwQTZGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo="
+    },
     "f3809540-7f14-49c1-a8b3-8f813b225541": {
         "name": "Enpass",
         "icon_dark": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDUxMiA1MTIiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxwYXRoIGQ9Ik0yNTYuNDgzIDI4LjA1NTRDMzEzLjg5OSAyOC4wNTU0IDM3MS4zMTUgMjcuODg1NiA0MjguNzQ1IDI4LjE0MDVDNDQwLjY4IDI3LjkwNzYgNDUyLjUyMSAzMC4yODg5IDQ2My40NDEgMzUuMTE3OUM0NzQuMzYyIDM5Ljk0NjkgNDg0LjA5OSA0Ny4xMDczIDQ5MS45NzEgNTYuMDk4NEM1MDQuMDYyIDY5LjY5NjIgNTExLjEzMiA4Ny4wMzg3IDUxMiAxMDUuMjNDNTEyLjAyOCAxMjEuOTMzIDUxMC4wMzUgMTM4LjU3OCA1MDYuMDYzIDE1NC44MDFDNDk4LjQ0NCAxOTguNzA2IDQ5MC41MTUgMjQyLjUyNyA0ODIuNzI2IDI4Ni4zNzZDNDc2LjAxMiAzMjQuMTM0IDQ2OS41ODEgMzYxLjk1IDQ2Mi41MTMgMzk5LjY4QzQ1Ny42NzIgNDIwLjk2OSA0NDYuNTQ1IDQ0MC4zMDMgNDMwLjU4IDQ1NS4xNjVDNDE0LjYxNiA0NzAuMDI3IDM5NC41NTUgNDc5LjcyNyAzNzMuMDExIDQ4My4wMDJDMzY3Ljc1MiA0ODMuNjI5IDM2Mi40NjIgNDgzLjk0NiAzNTcuMTY2IDQ4My45NUMyOTAuMDUzIDQ4NC4wMTcgMjIyLjk0IDQ4NC4wMTcgMTU1LjgyOCA0ODMuOTVDMTMwLjQ2NiA0ODMuOSAxMDUuOTMgNDc0LjkxNSA4Ni41MTMyIDQ1OC41NjZDNjcuMDk2NSA0NDIuMjE4IDU0LjAzNjIgNDE5LjU0OCA0OS42MTggMzk0LjUyNUMzNi4xODA0IDMxOS4xNzcgMjIuNjI5NyAyNDMuODUzIDguOTY1OTcgMTY4LjU1M0M2LjI4MDM0IDE1My42MzkgMy4zMTIgMTM4LjgxMSAxLjIwNTkgMTIzLjc4NEMtMi40NjEwNSAxMDIuNzI5IDIuMzEwOTMgODEuMDc0NCAxNC40ODUyIDYzLjUyNDRDMjYuNjU5NiA0NS45NzQ1IDQ1LjI1MjkgMzMuOTQ2MiA2Ni4yMjY2IDMwLjA1MjVDNzMuMDU1NyAyOC43NDUxIDc5Ljk5NTkgMjguMTA5NCA4Ni45NDg0IDI4LjE1NDZDMTQzLjQ2IDI3Ljk5NDEgMTk5Ljk3MSAyNy45NjEgMjU2LjQ4MyAyOC4wNTU0Wk0yMTAuOTI2IDMzOS42NDNDMjEwLjkyNiAzNTQuNjcgMjEwLjkyNiAzNjkuNjk3IDIxMC45MjYgMzg0LjczOEMyMTAuNzczIDM4OC4yMDUgMjExLjM0MyAzOTEuNjY1IDIxMi41OTcgMzk0Ljg5OUMyMTMuODUyIDM5OC4xMzQgMjE1Ljc2NCA0MDEuMDcxIDIxOC4yMTMgNDAzLjUyNUMyMjAuNjYyIDQwNS45NzkgMjIzLjU5MyA0MDcuODk1IDIyNi44MjEgNDA5LjE1MkMyMzAuMDQ5IDQxMC40MDkgMjMzLjUwMyA0MTAuOTc5IDIzNi45NjIgNDEwLjgyNkMyNDkuMzg3IDQxMC44MjYgMjYxLjgxMiA0MTAuODI2IDI3NC4yMzYgNDEwLjgyNkMyNzcuOTIyIDQxMS4xODMgMjgxLjY0MiA0MTAuNzE3IDI4NS4xMjcgNDA5LjQ2MkMyODguNjEyIDQwOC4yMDggMjkxLjc3NyA0MDYuMTk2IDI5NC4zOTQgNDAzLjU3QzI5Ny4wMTIgNDAwLjk0NSAyOTkuMDE3IDM5Ny43NzIgMzAwLjI2NSAzOTQuMjc4QzMwMS41MTQgMzkwLjc4NSAzMDEuOTc1IDM4Ny4wNTggMzAxLjYxNSAzODMuMzY0QzMwMS42MTUgMzUzLjkxOSAzMDEuNjE2IDMyNC40NiAzMDEuNDc0IDI5NS4wMTVDMzAxLjMxMSAyOTMuMzMxIDMwMS42NyAyOTEuNjM3IDMwMi41MDIgMjkwLjE2NUMzMDMuMzM0IDI4OC42OTIgMzA0LjU5OSAyODcuNTEyIDMwNi4xMjUgMjg2Ljc4NkMzMjMuNzkgMjc2LjI5OCAzMzcuNTUxIDI2MC4zMTQgMzQ1LjMxMyAyNDEuMjY2QzM1My4wNzUgMjIyLjIxOSAzNTQuNDEzIDIwMS4xNTEgMzQ5LjEyMyAxODEuMjcyQzM0Mi4zNTYgMTU2Ljg1MyAzMjYuMjg2IDEzNi4wNzUgMzA0LjM3NiAxMjMuNDE0QzI4Mi40NjYgMTEwLjc1NCAyNTYuNDY5IDEwNy4yMjUgMjMxLjk4NyAxMTMuNTg2QzIxNy42NjkgMTE2LjU0NCAyMDQuMjg5IDEyMi45NTkgMTkzLjAwNyAxMzIuMjc0QzE4MS43MjYgMTQxLjU4OCAxNzIuODg0IDE1My41MjIgMTY3LjI0OSAxNjcuMDM4QzE1OS4wMjcgMTg4LjY4NiAxNTguNTQ4IDIxMi41MjEgMTY1Ljg5MyAyMzQuNDg0QzE3My4yMzggMjU2LjQ0NyAxODcuOTU0IDI3NS4xODEgMjA3LjUzMyAyODcuNDk1QzIwOC42NyAyODguMDM4IDIwOS42MTMgMjg4LjkxNyAyMTAuMjM3IDI5MC4wMTNDMjEwLjg2MSAyOTEuMTA5IDIxMS4xMzYgMjkyLjM3IDIxMS4wMjUgMjkzLjYyN0MyMTAuODQxIDMwOS4wMDggMjEwLjkyNiAzMjQuMzMzIDIxMC45MjYgMzM5LjY3MVYzMzkuNjQzWiIgZmlsbD0id2hpdGUiLz4KPC9zdmc+Cg==",

authentik/stages/authenticator_webauthn/settings.py

@@ -0,0 +1,17 @@
+"""Stage authenticator webauthn Settings"""
+
+from celery.schedules import crontab
+
+from authentik.lib.utils.time import fqdn_rand
+
+CELERY_BEAT_SCHEDULE = {
+    "stages_authenticator_webauthn_import_mds": {
+        "task": "authentik.stages.authenticator_webauthn.tasks.webauthn_mds_import",
+        "schedule": crontab(
+            minute=fqdn_rand("webauthn_mds_import"),
+            hour=fqdn_rand("webauthn_mds_import", 24),
+            day_of_week=fqdn_rand("webauthn_mds_import", 7),
+        ),
+        "options": {"queue": "authentik_scheduled"},
+    },
+}

authentik/stages/authenticator_webauthn/tasks.py

@@ -8,6 +8,8 @@ from django.core.cache import cache
 from django.db.transaction import atomic
 from fido2.mds3 import filter_revoked, parse_blob
 
+from authentik.events.models import TaskStatus
+from authentik.events.system_tasks import SystemTask, prefill_task
 from authentik.root.celery import CELERY_APP
 from authentik.stages.authenticator_webauthn.models import (
     UNKNOWN_DEVICE_TYPE_AAGUID,
@@ -27,43 +29,68 @@ def mds_ca() -> bytes:
         return _raw_root.read()
 
 
-@CELERY_APP.task()
-def webauthn_mds_import(force=False):
-    """Background task to import FIDO Alliance MDS blob into database"""
+@CELERY_APP.task(
+    bind=True,
+    base=SystemTask,
+)
+@prefill_task
+def webauthn_mds_import(self: SystemTask, force=False):
+    """Background task to import FIDO Alliance MDS blob and AAGUIDs into database"""
     with open(MDS_BLOB_PATH, mode="rb") as _raw_blob:
         blob = parse_blob(_raw_blob.read(), mds_ca())
-    with atomic():
-        WebAuthnDeviceType.objects.update_or_create(
+    to_create_update = [
+        WebAuthnDeviceType(
             aaguid=UNKNOWN_DEVICE_TYPE_AAGUID,
-            defaults={
-                "description": "authentik: Unknown devices",
-            },
+            description="authentik: Unknown devices",
         )
-        if cache.get(CACHE_KEY_MDS_NO) == blob.no and not force:
-            return
+    ]
+    to_delete = []
+
+    mds_no = cache.get(CACHE_KEY_MDS_NO)
+    if mds_no != blob.no or force:
         for entry in blob.entries:
             aaguid = entry.aaguid
             if not aaguid:
                 continue
             if not filter_revoked(entry):
-                WebAuthnDeviceType.objects.filter(aaguid=str(aaguid)).delete()
+                to_delete.append(str(aaguid))
                 continue
             metadata = entry.metadata_statement
-            WebAuthnDeviceType.objects.update_or_create(
-                aaguid=str(aaguid),
-                defaults={"description": metadata.description, "icon": metadata.icon},
+            to_create_update.append(
+                WebAuthnDeviceType(
+                    aaguid=str(aaguid),
+                    description=metadata.description,
+                    icon=metadata.icon,
+                )
             )
-    cache.set(CACHE_KEY_MDS_NO, blob.no)
+    with atomic():
+        WebAuthnDeviceType.objects.bulk_create(
+            to_create_update,
+            update_conflicts=True,
+            update_fields=["description", "icon"],
+            unique_fields=["aaguid"],
+        )
+        WebAuthnDeviceType.objects.filter(aaguid__in=to_delete).delete()
+    if mds_no != blob.no:
+        cache.set(CACHE_KEY_MDS_NO, blob.no)
 
-
-@CELERY_APP.task()
-def webauthn_aaguid_import(force=False):
-    """Background task to import AAGUIDs into database"""
     with open(AAGUID_BLOB_PATH, mode="rb") as _raw_blob:
         entries = loads(_raw_blob.read())
+    to_create_update = [
+        WebAuthnDeviceType(
+            aaguid=str(aaguid), description=details.get("name"), icon=details.get("icon_light")
+        )
+        for aaguid, details in entries.items()
+    ]
     with atomic():
-        for aaguid, details in entries.items():
-            WebAuthnDeviceType.objects.update_or_create(
-                aaguid=str(aaguid),
-                defaults={"description": details.get("name"), "icon": details.get("icon_light")},
-            )
+        WebAuthnDeviceType.objects.bulk_create(
+            to_create_update,
+            update_conflicts=True,
+            update_fields=["description", "icon"],
+            unique_fields=["aaguid"],
+        )
+
+    self.set_status(
+        TaskStatus.SUCCESSFUL,
+        "Successfully imported FIDO Alliance MDS blobs and AAGUIDs.",
+    )

authentik/stages/authenticator_webauthn/tests.py

@@ -19,10 +19,7 @@ from authentik.stages.authenticator_webauthn.models import (
     WebAuthnDeviceType,
 )
 from authentik.stages.authenticator_webauthn.stage import SESSION_KEY_WEBAUTHN_CHALLENGE
-from authentik.stages.authenticator_webauthn.tasks import (
-    webauthn_aaguid_import,
-    webauthn_mds_import,
-)
+from authentik.stages.authenticator_webauthn.tasks import webauthn_mds_import
 
 
 class TestAuthenticatorWebAuthnStage(FlowTestCase):
@@ -142,8 +139,7 @@ class TestAuthenticatorWebAuthnStage(FlowTestCase):
 
     def test_register_restricted_device_type_deny(self):
         """Test registration with restricted devices (fail)"""
-        webauthn_mds_import(force=True)
-        webauthn_aaguid_import()
+        webauthn_mds_import.delay(force=True).get()
         self.stage.device_type_restrictions.set(
             WebAuthnDeviceType.objects.filter(
                 description="Android Authenticator with SafetyNet Attestation"
@@ -208,8 +204,7 @@ class TestAuthenticatorWebAuthnStage(FlowTestCase):
 
     def test_register_restricted_device_type_allow(self):
         """Test registration with restricted devices (allow)"""
-        webauthn_mds_import(force=True)
-        webauthn_aaguid_import()
+        webauthn_mds_import.delay(force=True).get()
         self.stage.device_type_restrictions.set(
             WebAuthnDeviceType.objects.filter(description="iCloud Keychain")
         )
@@ -258,8 +253,7 @@ class TestAuthenticatorWebAuthnStage(FlowTestCase):
 
     def test_register_restricted_device_type_allow_unknown(self):
         """Test registration with restricted devices (allow, unknown device type)"""
-        webauthn_mds_import(force=True)
-        webauthn_aaguid_import()
+        webauthn_mds_import.delay(force=True).get()
         WebAuthnDeviceType.objects.filter(description="iCloud Keychain").delete()
         self.stage.device_type_restrictions.set(
             WebAuthnDeviceType.objects.filter(aaguid=UNKNOWN_DEVICE_TYPE_AAGUID)

blueprints/system/providers-microsoft-entra.yaml

@@ -19,10 +19,16 @@ entries:
             "mail_nickname": request.user.username,
             "user_principal_name": request.user.email,
         }
-        if creating:
+        if connection:
+            # If there is a connection already made (discover or update), we can use
+            # that connection's immutable_id...
+            user["on_premises_immutable_id"] = connection.attributes.get("on_premises_immutable_id")
+        else:
             user["password_profile"] = PasswordProfile(
                 password=request.user.password
             )
+            # ...otherwise we set an immutable ID based on the user's UID
+            user["on_premises_immutable_id"] = request.user.uid,
         return user
   - identifiers:
       managed: goauthentik.io/providers/microsoft_entra/group

blueprints/system/providers-oauth2.yaml

@@ -56,3 +56,14 @@ entries:
         # This scope grants the application a refresh token that can be used to refresh user data
         # and let the application access authentik without the users interaction
         return {}
+  - identifiers:
+      managed: goauthentik.io/providers/oauth2/scope-authentik_api
+    model: authentik_providers_oauth2.scopemapping
+    attrs:
+      name: "authentik default OAuth Mapping: authentik API access"
+      scope_name: goauthentik.io/api
+      description: "authentik API Access on behalf of your user"
+      expression: |
+        # This scope grants the application the ability to access the authentik API
+        # on behalf of the authorizing user
+        return {}

docker-compose.yml

@@ -2,7 +2,7 @@
 
 services:
   postgresql:
-    image: docker.io/library/postgres:12-alpine
+    image: docker.io/library/postgres:16-alpine
     restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]

go.mod

@@ -5,7 +5,7 @@ go 1.22.2
 require (
 	beryju.io/ldap v0.1.0
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/getsentry/sentry-go v0.27.0
+	github.com/getsentry/sentry-go v0.28.0
 	github.com/go-http-utils/etag v0.0.0-20161124023236-513ea8f21eb1
 	github.com/go-ldap/ldap/v3 v3.4.8
 	github.com/go-openapi/runtime v0.28.0
@@ -22,13 +22,13 @@ require (
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/pires/go-proxyproto v0.7.0
 	github.com/prometheus/client_golang v1.19.1
-	github.com/redis/go-redis/v9 v9.5.1
+	github.com/redis/go-redis/v9 v9.5.2
 	github.com/sethvargo/go-envconfig v1.0.3
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.9.0
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2024042.8
+	goauthentik.io/api/v3 v3.2024042.9
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.20.0
 	golang.org/x/sync v0.7.0

go.sum

@@ -69,8 +69,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/getsentry/sentry-go v0.27.0 h1:Pv98CIbtB3LkMWmXi4Joa5OOcwbmnX88sF5qbK3r3Ps=
-github.com/getsentry/sentry-go v0.27.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY=
+github.com/getsentry/sentry-go v0.28.0 h1:7Rqx9M3ythTKy2J6uZLHmc8Sz9OGgIlseuO1iBX/s0M=
+github.com/getsentry/sentry-go v0.28.0/go.mod h1:1fQZ+7l7eeJ3wYi82q5Hg8GqAPgefRq+FP/QhafYVgg=
 github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
 github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
@@ -242,8 +242,8 @@ github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSz
 github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
 github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
 github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
-github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=
-github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
+github.com/redis/go-redis/v9 v9.5.2 h1:L0L3fcSNReTRGyZ6AqAEN0K56wYeYAwapBIhkvh0f3E=
+github.com/redis/go-redis/v9 v9.5.2/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
@@ -294,8 +294,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-goauthentik.io/api/v3 v3.2024042.8 h1:predhkWFGO8Lvx2qXInuaHN61+EJ3VWyWt73DD91hH4=
-goauthentik.io/api/v3 v3.2024042.8/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
+goauthentik.io/api/v3 v3.2024042.9 h1:zj3nqmOEHNBsfANTv7Ec4yLZA755GKHU+WLz2t+nfaI=
+goauthentik.io/api/v3 v3.2024042.9/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=

locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-05-23 00:07+0000\n"
+"POT-Creation-Date: 2024-06-03 00:08+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -1454,10 +1454,6 @@ msgstr ""
 msgid "GitHub Compatibility: Access your Groups"
 msgstr ""
 
-#: authentik/providers/oauth2/views/userinfo.py
-msgid "authentik API Access on behalf of your user"
-msgstr ""
-
 #: authentik/providers/proxy/api.py
 msgid "User and password attributes must be set when basic auth is enabled."
 msgstr ""

locale/ru/LC_MESSAGES/django.po

@@ -16,7 +16,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-05-23 00:07+0000\n"
+"POT-Creation-Date: 2024-06-03 00:08+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: Anton Babenko, 2024\n"
 "Language-Team: Russian (https://app.transifex.com/authentik/teams/119923/ru/)\n"
@@ -1600,10 +1600,6 @@ msgstr "Совместимость с GitHub: Доступ к вашим адр
 msgid "GitHub Compatibility: Access your Groups"
 msgstr "Совместимость с GitHub: Доступ к вашим группам"
 
-#: authentik/providers/oauth2/views/userinfo.py
-msgid "authentik API Access on behalf of your user"
-msgstr "authentik API Access от имени вашего пользователя"
-
 #: authentik/providers/proxy/api.py
 msgid "User and password attributes must be set when basic auth is enabled."
 msgstr ""

locale/zh-Hans/LC_MESSAGES/django.po

@@ -8,15 +8,16 @@
 # 刘松, 2022
 # Jens L. <jens@goauthentik.io>, 2024
 # deluxghost, 2024
+# Tianhao Chai <cth451@gmail.com>, 2024
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-05-23 00:07+0000\n"
+"POT-Creation-Date: 2024-06-03 00:08+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: deluxghost, 2024\n"
+"Last-Translator: Tianhao Chai <cth451@gmail.com>, 2024\n"
 "Language-Team: Chinese Simplified (https://app.transifex.com/authentik/teams/119923/zh-Hans/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -56,7 +57,7 @@ msgid ""
 "by migrations. You can still modify the objects via the API, but expect "
 "changes to be overwritten in a later update."
 msgstr ""
-"由 authentik 管理的对象。这些对象会自动创建和更新。此标记仅仅表明对象可以被 Migration 覆盖。您仍然可以通过 API "
+"由 authentik 管理的对象。这些对象会自动创建和更新。此标记仅仅表明对象可以在迁移时被覆盖。您仍然可以通过 API "
 "修改对象，但这些修改可能会在之后的更新中被覆盖。"
 
 #: authentik/blueprints/models.py
@@ -104,7 +105,7 @@ msgstr "如果未设置，则返回所有提供程序。如果启用，仅返回
 
 #: authentik/core/api/users.py
 msgid "No leading or trailing slashes allowed."
-msgstr "不允许前缀或后缀斜线。"
+msgstr "不允许以斜线开始或结尾。"
 
 #: authentik/core/api/users.py
 msgid "No empty segments in user path allowed."
@@ -553,7 +554,7 @@ msgstr "（您已经在另一个标签页/窗口连接了）"
 msgid ""
 "Amount of time a user can take to return from the source to continue the "
 "flow (Format: hours=-1;minutes=-2;seconds=-3)"
-msgstr "用户从源返回并继续流程可以消耗的时间（格式：hours=-1;minutes=-2;seconds=-3）"
+msgstr "用户从源返回并继续流程的所需操作时间（格式：hours=-1;minutes=-2;seconds=-3）"
 
 #: authentik/enterprise/stages/source/models.py
 msgid "Source Stage"
@@ -740,7 +741,7 @@ msgstr "流程"
 
 #: authentik/flows/exceptions.py
 msgid "Flow does not apply to current user."
-msgstr "流程不应用于当前用户。"
+msgstr "流程不适用于当前用户。"
 
 #: authentik/flows/models.py
 #, python-brace-format
@@ -773,11 +774,11 @@ msgstr "启用兼容模式，增强与移动设备上密码管理器的兼容性
 
 #: authentik/flows/models.py
 msgid "Configure what should happen when a flow denies access to a user."
-msgstr "配置当流程拒绝访问一名用户时应该发生什么。"
+msgstr "配置当流程拒绝一名用户访问时应该发生什么。"
 
 #: authentik/flows/models.py
 msgid "Required level of authentication and authorization to access a flow."
-msgstr "需要身份验证和授权等级以访问流程。"
+msgstr "访问流程所需要身份验证和授权等级。"
 
 #: authentik/flows/models.py
 msgid "Flows"
@@ -1197,8 +1198,8 @@ msgid ""
 "that the numbers aren't too low for POSIX users. Default is 2000 to ensure "
 "that we don't collide with local users uidNumber"
 msgstr ""
-"起始 uidNumbers，这个数字会被添加到 user.pk 中，以确保对于 POSIX 用户来说，这个数字不会太低。默认值为 "
-"2000，以确保我们不会与本地用户的 uidNumber 发生冲突"
+"起始 uidNumber，从 user.pk 中生成的数字将和该数字相加后作为用户 uid，以确保对于 POSIX 用户来说，这个数字不会太低。默认值为"
+" 2000，以确保我们不会与本地用户的 uidNumber 发生冲突"
 
 #: authentik/providers/ldap/models.py
 msgid ""
@@ -1207,8 +1208,8 @@ msgid ""
 "Default is 4000 to ensure that we don't collide with local groups or users "
 "primary groups gidNumber"
 msgstr ""
-"起始 gidNumbers，这个数字会被添加到从 group.pk 生成的数字中，以确保对于 POSIX 用户来说，这个数字不会太低。默认值为 "
-"4000，以确保我们不会与本地群组或用户主组的 gidNumber 发生冲突"
+"起始 gidNumber，从 group.pk 中生成的数字将和该数字相加后作为群组 gid，以确保对于 POSIX "
+"群组来说，这个数字不会太低。默认值为 4000，以确保我们不会与本地群组或用户主组的 gidNumber 发生冲突"
 
 #: authentik/providers/ldap/models.py authentik/providers/radius/models.py
 msgid ""
@@ -1247,13 +1248,13 @@ msgstr "基于用户名"
 
 #: authentik/providers/oauth2/id_token.py
 msgid "Based on the User's Email. This is recommended over the UPN method."
-msgstr "基于用户的电子邮箱。建议在 UPN 方法上使用。"
+msgstr "基于用户的电子邮箱。较 UPN 方法更推荐适用此方法。"
 
 #: authentik/providers/oauth2/id_token.py
 msgid ""
 "Based on the User's UPN, only works if user has a 'upn' attribute set. Use "
 "this method only if you have different UPN and Mail domains."
-msgstr "基于用户的 UPN，仅当用户设置了 'upn' 属性时才有效。仅当您有不同的 UPN 和 Mail 域时才使用此方法。"
+msgstr "基于用户的 UPN，仅当用户设置了 'upn' 属性时才有效。仅当您有不同的 UPN 和 Mail 域时才应使用此方法。"
 
 #: authentik/providers/oauth2/models.py
 msgid "Confidential"
@@ -1365,13 +1366,13 @@ msgstr "对于不访问 userinfo 端点的应用程序，将来自作用域的
 msgid ""
 "Access codes not valid on or after current time + this value (Format: "
 "hours=1;minutes=2;seconds=3)."
-msgstr "从当前时间经过多久时或之后，访问代码无效（格式：hours=1;minutes=2;seconds=3）。"
+msgstr "从当前时间经过多久时或之后，访问代码失效（格式：hours=1;minutes=2;seconds=3）。"
 
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Tokens not valid on or after current time + this value (Format: "
 "hours=1;minutes=2;seconds=3)."
-msgstr "从当前时间经过多久时或之后，令牌无效（格式：hours=1;minutes=2;seconds=3）。"
+msgstr "从当前时间经过多久时或之后，令牌失效（格式：hours=1;minutes=2;seconds=3）。"
 
 #: authentik/providers/oauth2/models.py
 msgid ""
@@ -1485,10 +1486,6 @@ msgstr "GitHub 兼容性：访问您的电子邮件地址"
 msgid "GitHub Compatibility: Access your Groups"
 msgstr "GitHub 兼容性：访问您的组"
 
-#: authentik/providers/oauth2/views/userinfo.py
-msgid "authentik API Access on behalf of your user"
-msgstr "代表您的用户访问 authentik API"
-
 #: authentik/providers/proxy/api.py
 msgid "User and password attributes must be set when basic auth is enabled."
 msgstr "启用 Basic Auth 时，必须设置用户和密码属性。"
@@ -1535,7 +1532,7 @@ msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标
 
 #: authentik/providers/proxy/models.py
 msgid "HTTP-Basic Username Key"
-msgstr "HTTP-Basic 用户名密钥"
+msgstr "HTTP-Basic 用户名键值"
 
 #: authentik/providers/proxy/models.py
 msgid ""
@@ -1545,7 +1542,7 @@ msgstr "用于 HTTP-Basic 标头用户名部分的用户/组属性。如果未
 
 #: authentik/providers/proxy/models.py
 msgid "HTTP-Basic Password Key"
-msgstr "HTTP-Basic 密码密钥"
+msgstr "HTTP-Basic 密码键值"
 
 #: authentik/providers/proxy/models.py
 msgid ""
@@ -1562,14 +1559,14 @@ msgstr "代理提供程序"
 
 #: authentik/providers/radius/models.py
 msgid "Shared secret between clients and server to hash packets."
-msgstr "在客户端和服务端之间共享密钥以哈希数据包。"
+msgstr "用于哈希处理数据包的客户端服务端共享密钥。"
 
 #: authentik/providers/radius/models.py
 msgid ""
 "List of CIDRs (comma-separated) that clients can connect from. A more "
 "specific CIDR will match before a looser one. Clients connecting from a non-"
 "specified CIDR will be dropped."
-msgstr "允许客户端连接的 CIDR 列表（逗号分隔）。严格的 CIDR 会在宽松的之前匹配。来自 CIDR 范围外的客户端连接将会被丢弃。"
+msgstr "允许客户端连接的 CIDR 列表（逗号分隔）。严格的 CIDR 条目会在宽松的条目之前匹配。来自 CIDR 范围外的客户端连接将会被丢弃。"
 
 #: authentik/providers/radius/models.py
 msgid "Radius Provider"

locale/zh_CN/LC_MESSAGES/django.po

@@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-05-23 00:07+0000\n"
+"POT-Creation-Date: 2024-06-03 00:08+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: deluxghost, 2024\n"
 "Language-Team: Chinese (China) (https://app.transifex.com/authentik/teams/119923/zh_CN/)\n"
@@ -1485,10 +1485,6 @@ msgstr "GitHub 兼容性：访问您的电子邮件地址"
 msgid "GitHub Compatibility: Access your Groups"
 msgstr "GitHub 兼容性：访问您的组"
 
-#: authentik/providers/oauth2/views/userinfo.py
-msgid "authentik API Access on behalf of your user"
-msgstr "代表您的用户访问 authentik API"
-
 #: authentik/providers/proxy/api.py
 msgid "User and password attributes must be set when basic auth is enabled."
 msgstr "启用 Basic Auth 时，必须设置用户和密码属性。"

poetry.lock

@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.7.1 and should not be changed by hand.
 
 [[package]]
 name = "aiohttp"
@@ -956,63 +956,63 @@ files = [
 
 [[package]]
 name = "coverage"
-version = "7.5.2"
+version = "7.5.3"
 description = "Code coverage measurement for Python"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "coverage-7.5.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:554c7327bf0fd688050348e22db7c8e163fb7219f3ecdd4732d7ed606b417263"},
-    {file = "coverage-7.5.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:d0305e02e40c7cfea5d08d6368576537a74c0eea62b77633179748d3519d6705"},
-    {file = "coverage-7.5.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:829fb55ad437d757c70d5b1c51cfda9377f31506a0a3f3ac282bc6a387d6a5f1"},
-    {file = "coverage-7.5.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:894b1acded706f1407a662d08e026bfd0ff1e59e9bd32062fea9d862564cfb65"},
-    {file = "coverage-7.5.2-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fe76d6dee5e4febefa83998b17926df3a04e5089e3d2b1688c74a9157798d7a2"},
-    {file = "coverage-7.5.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:c7ebf2a37e4f5fea3c1a11e1f47cea7d75d0f2d8ef69635ddbd5c927083211fc"},
-    {file = "coverage-7.5.2-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:20e611fc36e1a0fc7bbf957ef9c635c8807d71fbe5643e51b2769b3cc0fb0b51"},
-    {file = "coverage-7.5.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:7c5c5b7ae2763533152880d5b5b451acbc1089ade2336b710a24b2b0f5239d20"},
-    {file = "coverage-7.5.2-cp310-cp310-win32.whl", hash = "sha256:1e4225990a87df898e40ca31c9e830c15c2c53b1d33df592bc8ef314d71f0281"},
-    {file = "coverage-7.5.2-cp310-cp310-win_amd64.whl", hash = "sha256:976cd92d9420e6e2aa6ce6a9d61f2b490e07cb468968adf371546b33b829284b"},
-    {file = "coverage-7.5.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:5997d418c219dcd4dcba64e50671cca849aaf0dac3d7a2eeeb7d651a5bd735b8"},
-    {file = "coverage-7.5.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ec27e93bbf5976f0465e8936f02eb5add99bbe4e4e7b233607e4d7622912d68d"},
-    {file = "coverage-7.5.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f11f98753800eb1ec872562a398081f6695f91cd01ce39819e36621003ec52a"},
-    {file = "coverage-7.5.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6e34680049eecb30b6498784c9637c1c74277dcb1db75649a152f8004fbd6646"},
-    {file = "coverage-7.5.2-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3e12536446ad4527ac8ed91d8a607813085683bcce27af69e3b31cd72b3c5960"},
-    {file = "coverage-7.5.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:3d3f7744b8a8079d69af69d512e5abed4fb473057625588ce126088e50d05493"},
-    {file = "coverage-7.5.2-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:431a3917e32223fcdb90b79fe60185864a9109631ebc05f6c5aa03781a00b513"},
-    {file = "coverage-7.5.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:a7c6574225f34ce45466f04751d957b5c5e6b69fca9351db017c9249786172ce"},
-    {file = "coverage-7.5.2-cp311-cp311-win32.whl", hash = "sha256:2b144d142ec9987276aeff1326edbc0df8ba4afbd7232f0ca10ad57a115e95b6"},
-    {file = "coverage-7.5.2-cp311-cp311-win_amd64.whl", hash = "sha256:900532713115ac58bc3491b9d2b52704a05ed408ba0918d57fd72c94bc47fba1"},
-    {file = "coverage-7.5.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:9a42970ce74c88bdf144df11c52c5cf4ad610d860de87c0883385a1c9d9fa4ab"},
-    {file = "coverage-7.5.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:26716a1118c6ce2188283b4b60a898c3be29b480acbd0a91446ced4fe4e780d8"},
-    {file = "coverage-7.5.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:60b66b0363c5a2a79fba3d1cd7430c25bbd92c923d031cae906bdcb6e054d9a2"},
-    {file = "coverage-7.5.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e5d22eba19273b2069e4efeff88c897a26bdc64633cbe0357a198f92dca94268"},
-    {file = "coverage-7.5.2-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3bb5b92a0ab3d22dfdbfe845e2fef92717b067bdf41a5b68c7e3e857c0cff1a4"},
-    {file = "coverage-7.5.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:1aef719b6559b521ae913ddeb38f5048c6d1a3d366865e8b320270b7bc4693c2"},
-    {file = "coverage-7.5.2-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:8809c0ea0e8454f756e3bd5c36d04dddf222989216788a25bfd6724bfcee342c"},
-    {file = "coverage-7.5.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:1acc2e2ef098a1d4bf535758085f508097316d738101a97c3f996bccba963ea5"},
-    {file = "coverage-7.5.2-cp312-cp312-win32.whl", hash = "sha256:97de509043d3f0f2b2cd171bdccf408f175c7f7a99d36d566b1ae4dd84107985"},
-    {file = "coverage-7.5.2-cp312-cp312-win_amd64.whl", hash = "sha256:8941e35a0e991a7a20a1fa3e3182f82abe357211f2c335a9e6007067c3392fcf"},
-    {file = "coverage-7.5.2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:5662bf0f6fb6757f5c2d6279c541a5af55a39772c2362ed0920b27e3ce0e21f7"},
-    {file = "coverage-7.5.2-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:3d9c62cff2ffb4c2a95328488fd7aa96a7a4b34873150650fe76b19c08c9c792"},
-    {file = "coverage-7.5.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:74eeaa13e8200ad72fca9c5f37395fb310915cec6f1682b21375e84fd9770e84"},
-    {file = "coverage-7.5.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1f29bf497d51a5077994b265e976d78b09d9d0dff6ca5763dbb4804534a5d380"},
-    {file = "coverage-7.5.2-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1f96aa94739593ae0707eda9813ce363a0a0374a810ae0eced383340fc4a1f73"},
-    {file = "coverage-7.5.2-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:51b6cee539168a912b4b3b040e4042b9e2c9a7ad9c8546c09e4eaeff3eacba6b"},
-    {file = "coverage-7.5.2-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:59a75e6aa5c25b50b5a1499f9718f2edff54257f545718c4fb100f48d570ead4"},
-    {file = "coverage-7.5.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:29da75ce20cb0a26d60e22658dd3230713c6c05a3465dd8ad040ffc991aea318"},
-    {file = "coverage-7.5.2-cp38-cp38-win32.whl", hash = "sha256:23f2f16958b16152b43a39a5ecf4705757ddd284b3b17a77da3a62aef9c057ef"},
-    {file = "coverage-7.5.2-cp38-cp38-win_amd64.whl", hash = "sha256:9e41c94035e5cdb362beed681b58a707e8dc29ea446ea1713d92afeded9d1ddd"},
-    {file = "coverage-7.5.2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:06d96b9b19bbe7f049c2be3c4f9e06737ec6d8ef8933c7c3a4c557ef07936e46"},
-    {file = "coverage-7.5.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:878243e1206828908a6b4a9ca7b1aa8bee9eb129bf7186fc381d2646f4524ce9"},
-    {file = "coverage-7.5.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:482df956b055d3009d10fce81af6ffab28215d7ed6ad4a15e5c8e67cb7c5251c"},
-    {file = "coverage-7.5.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a35c97af60a5492e9e89f8b7153fe24eadfd61cb3a2fb600df1a25b5dab34b7e"},
-    {file = "coverage-7.5.2-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:24bb4c7859a3f757a116521d4d3a8a82befad56ea1bdacd17d6aafd113b0071e"},
-    {file = "coverage-7.5.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:e1046aab24c48c694f0793f669ac49ea68acde6a0798ac5388abe0a5615b5ec8"},
-    {file = "coverage-7.5.2-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:448ec61ea9ea7916d5579939362509145caaecf03161f6f13e366aebb692a631"},
-    {file = "coverage-7.5.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:4a00bd5ba8f1a4114720bef283cf31583d6cb1c510ce890a6da6c4268f0070b7"},
-    {file = "coverage-7.5.2-cp39-cp39-win32.whl", hash = "sha256:9f805481d5eff2a96bac4da1570ef662bf970f9a16580dc2c169c8c3183fa02b"},
-    {file = "coverage-7.5.2-cp39-cp39-win_amd64.whl", hash = "sha256:2c79f058e7bec26b5295d53b8c39ecb623448c74ccc8378631f5cb5c16a7e02c"},
-    {file = "coverage-7.5.2-pp38.pp39.pp310-none-any.whl", hash = "sha256:40dbb8e7727560fe8ab65efcddfec1ae25f30ef02e2f2e5d78cfb52a66781ec5"},
-    {file = "coverage-7.5.2.tar.gz", hash = "sha256:13017a63b0e499c59b5ba94a8542fb62864ba3016127d1e4ef30d354fc2b00e9"},
+    {file = "coverage-7.5.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:a6519d917abb15e12380406d721e37613e2a67d166f9fb7e5a8ce0375744cd45"},
+    {file = "coverage-7.5.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:aea7da970f1feccf48be7335f8b2ca64baf9b589d79e05b9397a06696ce1a1ec"},
+    {file = "coverage-7.5.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:923b7b1c717bd0f0f92d862d1ff51d9b2b55dbbd133e05680204465f454bb286"},
+    {file = "coverage-7.5.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:62bda40da1e68898186f274f832ef3e759ce929da9a9fd9fcf265956de269dbc"},
+    {file = "coverage-7.5.3-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d8b7339180d00de83e930358223c617cc343dd08e1aa5ec7b06c3a121aec4e1d"},
+    {file = "coverage-7.5.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:25a5caf742c6195e08002d3b6c2dd6947e50efc5fc2c2205f61ecb47592d2d83"},
+    {file = "coverage-7.5.3-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:05ac5f60faa0c704c0f7e6a5cbfd6f02101ed05e0aee4d2822637a9e672c998d"},
+    {file = "coverage-7.5.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:239a4e75e09c2b12ea478d28815acf83334d32e722e7433471fbf641c606344c"},
+    {file = "coverage-7.5.3-cp310-cp310-win32.whl", hash = "sha256:a5812840d1d00eafae6585aba38021f90a705a25b8216ec7f66aebe5b619fb84"},
+    {file = "coverage-7.5.3-cp310-cp310-win_amd64.whl", hash = "sha256:33ca90a0eb29225f195e30684ba4a6db05dbef03c2ccd50b9077714c48153cac"},
+    {file = "coverage-7.5.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:f81bc26d609bf0fbc622c7122ba6307993c83c795d2d6f6f6fd8c000a770d974"},
+    {file = "coverage-7.5.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7cec2af81f9e7569280822be68bd57e51b86d42e59ea30d10ebdbb22d2cb7232"},
+    {file = "coverage-7.5.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:55f689f846661e3f26efa535071775d0483388a1ccfab899df72924805e9e7cd"},
+    {file = "coverage-7.5.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:50084d3516aa263791198913a17354bd1dc627d3c1639209640b9cac3fef5807"},
+    {file = "coverage-7.5.3-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:341dd8f61c26337c37988345ca5c8ccabeff33093a26953a1ac72e7d0103c4fb"},
+    {file = "coverage-7.5.3-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:ab0b028165eea880af12f66086694768f2c3139b2c31ad5e032c8edbafca6ffc"},
+    {file = "coverage-7.5.3-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:5bc5a8c87714b0c67cfeb4c7caa82b2d71e8864d1a46aa990b5588fa953673b8"},
+    {file = "coverage-7.5.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:38a3b98dae8a7c9057bd91fbf3415c05e700a5114c5f1b5b0ea5f8f429ba6614"},
+    {file = "coverage-7.5.3-cp311-cp311-win32.whl", hash = "sha256:fcf7d1d6f5da887ca04302db8e0e0cf56ce9a5e05f202720e49b3e8157ddb9a9"},
+    {file = "coverage-7.5.3-cp311-cp311-win_amd64.whl", hash = "sha256:8c836309931839cca658a78a888dab9676b5c988d0dd34ca247f5f3e679f4e7a"},
+    {file = "coverage-7.5.3-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:296a7d9bbc598e8744c00f7a6cecf1da9b30ae9ad51c566291ff1314e6cbbed8"},
+    {file = "coverage-7.5.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:34d6d21d8795a97b14d503dcaf74226ae51eb1f2bd41015d3ef332a24d0a17b3"},
+    {file = "coverage-7.5.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8e317953bb4c074c06c798a11dbdd2cf9979dbcaa8ccc0fa4701d80042d4ebf1"},
+    {file = "coverage-7.5.3-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:705f3d7c2b098c40f5b81790a5fedb274113373d4d1a69e65f8b68b0cc26f6db"},
+    {file = "coverage-7.5.3-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b1196e13c45e327d6cd0b6e471530a1882f1017eb83c6229fc613cd1a11b53cd"},
+    {file = "coverage-7.5.3-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:015eddc5ccd5364dcb902eaecf9515636806fa1e0d5bef5769d06d0f31b54523"},
+    {file = "coverage-7.5.3-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:fd27d8b49e574e50caa65196d908f80e4dff64d7e592d0c59788b45aad7e8b35"},
+    {file = "coverage-7.5.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:33fc65740267222fc02975c061eb7167185fef4cc8f2770267ee8bf7d6a42f84"},
+    {file = "coverage-7.5.3-cp312-cp312-win32.whl", hash = "sha256:7b2a19e13dfb5c8e145c7a6ea959485ee8e2204699903c88c7d25283584bfc08"},
+    {file = "coverage-7.5.3-cp312-cp312-win_amd64.whl", hash = "sha256:0bbddc54bbacfc09b3edaec644d4ac90c08ee8ed4844b0f86227dcda2d428fcb"},
+    {file = "coverage-7.5.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:f78300789a708ac1f17e134593f577407d52d0417305435b134805c4fb135adb"},
+    {file = "coverage-7.5.3-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:b368e1aee1b9b75757942d44d7598dcd22a9dbb126affcbba82d15917f0cc155"},
+    {file = "coverage-7.5.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f836c174c3a7f639bded48ec913f348c4761cbf49de4a20a956d3431a7c9cb24"},
+    {file = "coverage-7.5.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:244f509f126dc71369393ce5fea17c0592c40ee44e607b6d855e9c4ac57aac98"},
+    {file = "coverage-7.5.3-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c4c2872b3c91f9baa836147ca33650dc5c172e9273c808c3c3199c75490e709d"},
+    {file = "coverage-7.5.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:dd4b3355b01273a56b20c219e74e7549e14370b31a4ffe42706a8cda91f19f6d"},
+    {file = "coverage-7.5.3-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:f542287b1489c7a860d43a7d8883e27ca62ab84ca53c965d11dac1d3a1fab7ce"},
+    {file = "coverage-7.5.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:75e3f4e86804023e991096b29e147e635f5e2568f77883a1e6eed74512659ab0"},
+    {file = "coverage-7.5.3-cp38-cp38-win32.whl", hash = "sha256:c59d2ad092dc0551d9f79d9d44d005c945ba95832a6798f98f9216ede3d5f485"},
+    {file = "coverage-7.5.3-cp38-cp38-win_amd64.whl", hash = "sha256:fa21a04112c59ad54f69d80e376f7f9d0f5f9123ab87ecd18fbb9ec3a2beed56"},
+    {file = "coverage-7.5.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:f5102a92855d518b0996eb197772f5ac2a527c0ec617124ad5242a3af5e25f85"},
+    {file = "coverage-7.5.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:d1da0a2e3b37b745a2b2a678a4c796462cf753aebf94edcc87dcc6b8641eae31"},
+    {file = "coverage-7.5.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8383a6c8cefba1b7cecc0149415046b6fc38836295bc4c84e820872eb5478b3d"},
+    {file = "coverage-7.5.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9aad68c3f2566dfae84bf46295a79e79d904e1c21ccfc66de88cd446f8686341"},
+    {file = "coverage-7.5.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2e079c9ec772fedbade9d7ebc36202a1d9ef7291bc9b3a024ca395c4d52853d7"},
+    {file = "coverage-7.5.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:bde997cac85fcac227b27d4fb2c7608a2c5f6558469b0eb704c5726ae49e1c52"},
+    {file = "coverage-7.5.3-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:990fb20b32990b2ce2c5f974c3e738c9358b2735bc05075d50a6f36721b8f303"},
+    {file = "coverage-7.5.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:3d5a67f0da401e105753d474369ab034c7bae51a4c31c77d94030d59e41df5bd"},
+    {file = "coverage-7.5.3-cp39-cp39-win32.whl", hash = "sha256:e08c470c2eb01977d221fd87495b44867a56d4d594f43739a8028f8646a51e0d"},
+    {file = "coverage-7.5.3-cp39-cp39-win_amd64.whl", hash = "sha256:1d2a830ade66d3563bb61d1e3c77c8def97b30ed91e166c67d0632c018f380f0"},
+    {file = "coverage-7.5.3-pp38.pp39.pp310-none-any.whl", hash = "sha256:3538d8fb1ee9bdd2e2692b3b18c22bb1c19ffbefd06880f5ac496e42d7bb3884"},
+    {file = "coverage-7.5.3.tar.gz", hash = "sha256:04aefca5190d1dc7a53a4c1a5a7f8568811306d7a8ee231c42fb69215571944f"},
 ]
 
 [package.extras]
@@ -1194,6 +1194,17 @@ tzdata = {version = "*", markers = "sys_platform == \"win32\""}
 argon2 = ["argon2-cffi (>=19.1.0)"]
 bcrypt = ["bcrypt"]
 
+[[package]]
+name = "django-cte"
+version = "1.3.2"
+description = "Common Table Expressions (CTE) for Django"
+optional = false
+python-versions = "*"
+files = [
+    {file = "django-cte-1.3.2.tar.gz", hash = "sha256:841b264f83417d421393c8c4644f76300962c6c3ddbc37339cf99672eb3696a2"},
+    {file = "django_cte-1.3.2-py2.py3-none-any.whl", hash = "sha256:9ca0a900df4819bbe86447a594f27272d67069f3ef13da61e905b0ace67704e9"},
+]
+
 [[package]]
 name = "django-filter"
 version = "24.2"
@@ -1696,13 +1707,13 @@ grpcio-gcp = ["grpcio-gcp (>=0.2.2,<1.0.dev0)"]
 
 [[package]]
 name = "google-api-python-client"
-version = "2.130.0"
+version = "2.131.0"
 description = "Google API Client Library for Python"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "google-api-python-client-2.130.0.tar.gz", hash = "sha256:2bba3122b82a649c677b8a694b8e2bbf2a5fbf3420265caf3343bb88e2e9f0ae"},
-    {file = "google_api_python_client-2.130.0-py2.py3-none-any.whl", hash = "sha256:7d45a28d738628715944a9c9d73e8696e7e03ac50b7de87f5e3035cefa94ed3a"},
+    {file = "google-api-python-client-2.131.0.tar.gz", hash = "sha256:1c03e24af62238a8817ecc24e9d4c32ddd4cb1f323b08413652d9a9a592fc00d"},
+    {file = "google_api_python_client-2.131.0-py2.py3-none-any.whl", hash = "sha256:e325409bdcef4604d505d9246ce7199960a010a0569ac503b9f319db8dbdc217"},
 ]
 
 [package.dependencies]
@@ -1985,22 +1996,22 @@ files = [
 
 [[package]]
 name = "importlib-metadata"
-version = "7.0.0"
+version = "7.1.0"
 description = "Read metadata from Python packages"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "importlib_metadata-7.0.0-py3-none-any.whl", hash = "sha256:d97503976bb81f40a193d41ee6570868479c69d5068651eb039c40d850c59d67"},
-    {file = "importlib_metadata-7.0.0.tar.gz", hash = "sha256:7fc841f8b8332803464e5dc1c63a2e59121f46ca186c0e2e182e80bf8c1319f7"},
+    {file = "importlib_metadata-7.1.0-py3-none-any.whl", hash = "sha256:30962b96c0c223483ed6cc7280e7f0199feb01a0e40cfae4d4450fc6fab1f570"},
+    {file = "importlib_metadata-7.1.0.tar.gz", hash = "sha256:b78938b926ee8d5f020fc4772d487045805a55ddbad2ecf21c6d60938dc7fcd2"},
 ]
 
 [package.dependencies]
 zipp = ">=0.5"
 
 [package.extras]
-docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (<7.2.5)", "sphinx (>=3.5)", "sphinx-lint"]
+docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"]
 perf = ["ipython"]
-testing = ["flufl.flake8", "importlib-resources (>=1.3)", "packaging", "pyfakefs", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-mypy (>=0.9.1)", "pytest-perf (>=0.9.2)", "pytest-ruff"]
+testing = ["flufl.flake8", "importlib-resources (>=1.3)", "jaraco.test (>=5.4)", "packaging", "pyfakefs", "pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-mypy", "pytest-perf (>=0.9.2)", "pytest-ruff (>=0.2.1)"]
 
 [[package]]
 name = "incremental"
@@ -2949,46 +2960,49 @@ files = [
 
 [[package]]
 name = "opentelemetry-api"
-version = "1.24.0"
+version = "1.25.0"
 description = "OpenTelemetry Python API"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "opentelemetry_api-1.24.0-py3-none-any.whl", hash = "sha256:0f2c363d98d10d1ce93330015ca7fd3a65f60be64e05e30f557c61de52c80ca2"},
-    {file = "opentelemetry_api-1.24.0.tar.gz", hash = "sha256:42719f10ce7b5a9a73b10a4baf620574fb8ad495a9cbe5c18d76b75d8689c67e"},
+    {file = "opentelemetry_api-1.25.0-py3-none-any.whl", hash = "sha256:757fa1aa020a0f8fa139f8959e53dec2051cc26b832e76fa839a6d76ecefd737"},
+    {file = "opentelemetry_api-1.25.0.tar.gz", hash = "sha256:77c4985f62f2614e42ce77ee4c9da5fa5f0bc1e1821085e9a47533a9323ae869"},
 ]
 
 [package.dependencies]
 deprecated = ">=1.2.6"
-importlib-metadata = ">=6.0,<=7.0"
+importlib-metadata = ">=6.0,<=7.1"
 
 [[package]]
 name = "opentelemetry-sdk"
-version = "1.24.0"
+version = "1.25.0"
 description = "OpenTelemetry Python SDK"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "opentelemetry_sdk-1.24.0-py3-none-any.whl", hash = "sha256:fa731e24efe832e98bcd90902085b359dcfef7d9c9c00eb5b9a18587dae3eb59"},
-    {file = "opentelemetry_sdk-1.24.0.tar.gz", hash = "sha256:75bc0563affffa827700e0f4f4a68e1e257db0df13372344aebc6f8a64cde2e5"},
+    {file = "opentelemetry_sdk-1.25.0-py3-none-any.whl", hash = "sha256:d97ff7ec4b351692e9d5a15af570c693b8715ad78b8aafbec5c7100fe966b4c9"},
+    {file = "opentelemetry_sdk-1.25.0.tar.gz", hash = "sha256:ce7fc319c57707ef5bf8b74fb9f8ebdb8bfafbe11898410e0d2a761d08a98ec7"},
 ]
 
 [package.dependencies]
-opentelemetry-api = "1.24.0"
-opentelemetry-semantic-conventions = "0.45b0"
+opentelemetry-api = "1.25.0"
+opentelemetry-semantic-conventions = "0.46b0"
 typing-extensions = ">=3.7.4"
 
 [[package]]
 name = "opentelemetry-semantic-conventions"
-version = "0.45b0"
+version = "0.46b0"
 description = "OpenTelemetry Semantic Conventions"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "opentelemetry_semantic_conventions-0.45b0-py3-none-any.whl", hash = "sha256:a4a6fb9a7bacd9167c082aa4681009e9acdbfa28ffb2387af50c2fef3d30c864"},
-    {file = "opentelemetry_semantic_conventions-0.45b0.tar.gz", hash = "sha256:7c84215a44ac846bc4b8e32d5e78935c5c43482e491812a0bb8aaf87e4d92118"},
+    {file = "opentelemetry_semantic_conventions-0.46b0-py3-none-any.whl", hash = "sha256:6daef4ef9fa51d51855d9f8e0ccd3a1bd59e0e545abe99ac6203804e36ab3e07"},
+    {file = "opentelemetry_semantic_conventions-0.46b0.tar.gz", hash = "sha256:fbc982ecbb6a6e90869b15c1673be90bd18c8a56ff1cffc0864e38e2edffaefa"},
 ]
 
+[package.dependencies]
+opentelemetry-api = "1.25.0"
+
 [[package]]
 name = "outcome"
 version = "1.3.0.post0"
@@ -3362,19 +3376,19 @@ files = [
 
 [[package]]
 name = "pydantic"
-version = "2.7.1"
+version = "2.7.2"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pydantic-2.7.1-py3-none-any.whl", hash = "sha256:e029badca45266732a9a79898a15ae2e8b14840b1eabbb25844be28f0b33f3d5"},
-    {file = "pydantic-2.7.1.tar.gz", hash = "sha256:e9dbb5eada8abe4d9ae5f46b9939aead650cd2b68f249bb3a8139dbe125803cc"},
+    {file = "pydantic-2.7.2-py3-none-any.whl", hash = "sha256:834ab954175f94e6e68258537dc49402c4a5e9d0409b9f1b86b7e934a8372de7"},
+    {file = "pydantic-2.7.2.tar.gz", hash = "sha256:71b2945998f9c9b7919a45bde9a50397b289937d215ae141c1d0903ba7149fd7"},
 ]
 
 [package.dependencies]
 annotated-types = ">=0.4.0"
 email-validator = {version = ">=2.0.0", optional = true, markers = "extra == \"email\""}
-pydantic-core = "2.18.2"
+pydantic-core = "2.18.3"
 typing-extensions = ">=4.6.1"
 
 [package.extras]
@@ -3382,90 +3396,90 @@ email = ["email-validator (>=2.0.0)"]
 
 [[package]]
 name = "pydantic-core"
-version = "2.18.2"
+version = "2.18.3"
 description = "Core functionality for Pydantic validation and serialization"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pydantic_core-2.18.2-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:9e08e867b306f525802df7cd16c44ff5ebbe747ff0ca6cf3fde7f36c05a59a81"},
-    {file = "pydantic_core-2.18.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:f0a21cbaa69900cbe1a2e7cad2aa74ac3cf21b10c3efb0fa0b80305274c0e8a2"},
-    {file = "pydantic_core-2.18.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0680b1f1f11fda801397de52c36ce38ef1c1dc841a0927a94f226dea29c3ae3d"},
-    {file = "pydantic_core-2.18.2-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:95b9d5e72481d3780ba3442eac863eae92ae43a5f3adb5b4d0a1de89d42bb250"},
-    {file = "pydantic_core-2.18.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c4fcf5cd9c4b655ad666ca332b9a081112cd7a58a8b5a6ca7a3104bc950f2038"},
-    {file = "pydantic_core-2.18.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9b5155ff768083cb1d62f3e143b49a8a3432e6789a3abee8acd005c3c7af1c74"},
-    {file = "pydantic_core-2.18.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:553ef617b6836fc7e4df130bb851e32fe357ce36336d897fd6646d6058d980af"},
-    {file = "pydantic_core-2.18.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:b89ed9eb7d616ef5714e5590e6cf7f23b02d0d539767d33561e3675d6f9e3857"},
-    {file = "pydantic_core-2.18.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:75f7e9488238e920ab6204399ded280dc4c307d034f3924cd7f90a38b1829563"},
-    {file = "pydantic_core-2.18.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:ef26c9e94a8c04a1b2924149a9cb081836913818e55681722d7f29af88fe7b38"},
-    {file = "pydantic_core-2.18.2-cp310-none-win32.whl", hash = "sha256:182245ff6b0039e82b6bb585ed55a64d7c81c560715d1bad0cbad6dfa07b4027"},
-    {file = "pydantic_core-2.18.2-cp310-none-win_amd64.whl", hash = "sha256:e23ec367a948b6d812301afc1b13f8094ab7b2c280af66ef450efc357d2ae543"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:219da3f096d50a157f33645a1cf31c0ad1fe829a92181dd1311022f986e5fbe3"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:cc1cfd88a64e012b74e94cd00bbe0f9c6df57049c97f02bb07d39e9c852e19a4"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:05b7133a6e6aeb8df37d6f413f7705a37ab4031597f64ab56384c94d98fa0e90"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:224c421235f6102e8737032483f43c1a8cfb1d2f45740c44166219599358c2cd"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b14d82cdb934e99dda6d9d60dc84a24379820176cc4a0d123f88df319ae9c150"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2728b01246a3bba6de144f9e3115b532ee44bd6cf39795194fb75491824a1413"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:470b94480bb5ee929f5acba6995251ada5e059a5ef3e0dfc63cca287283ebfa6"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:997abc4df705d1295a42f95b4eec4950a37ad8ae46d913caeee117b6b198811c"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:75250dbc5290e3f1a0f4618db35e51a165186f9034eff158f3d490b3fed9f8a0"},
-    {file = "pydantic_core-2.18.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:4456f2dca97c425231d7315737d45239b2b51a50dc2b6f0c2bb181fce6207664"},
-    {file = "pydantic_core-2.18.2-cp311-none-win32.whl", hash = "sha256:269322dcc3d8bdb69f054681edff86276b2ff972447863cf34c8b860f5188e2e"},
-    {file = "pydantic_core-2.18.2-cp311-none-win_amd64.whl", hash = "sha256:800d60565aec896f25bc3cfa56d2277d52d5182af08162f7954f938c06dc4ee3"},
-    {file = "pydantic_core-2.18.2-cp311-none-win_arm64.whl", hash = "sha256:1404c69d6a676245199767ba4f633cce5f4ad4181f9d0ccb0577e1f66cf4c46d"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:fb2bd7be70c0fe4dfd32c951bc813d9fe6ebcbfdd15a07527796c8204bd36242"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:6132dd3bd52838acddca05a72aafb6eab6536aa145e923bb50f45e78b7251043"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d7d904828195733c183d20a54230c0df0eb46ec746ea1a666730787353e87182"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:c9bd70772c720142be1020eac55f8143a34ec9f82d75a8e7a07852023e46617f"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2b8ed04b3582771764538f7ee7001b02e1170223cf9b75dff0bc698fadb00cf3"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e6dac87ddb34aaec85f873d737e9d06a3555a1cc1a8e0c44b7f8d5daeb89d86f"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7ca4ae5a27ad7a4ee5170aebce1574b375de390bc01284f87b18d43a3984df72"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:886eec03591b7cf058467a70a87733b35f44707bd86cf64a615584fd72488b7c"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:ca7b0c1f1c983e064caa85f3792dd2fe3526b3505378874afa84baf662e12241"},
-    {file = "pydantic_core-2.18.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:4b4356d3538c3649337df4074e81b85f0616b79731fe22dd11b99499b2ebbdf3"},
-    {file = "pydantic_core-2.18.2-cp312-none-win32.whl", hash = "sha256:8b172601454f2d7701121bbec3425dd71efcb787a027edf49724c9cefc14c038"},
-    {file = "pydantic_core-2.18.2-cp312-none-win_amd64.whl", hash = "sha256:b1bd7e47b1558ea872bd16c8502c414f9e90dcf12f1395129d7bb42a09a95438"},
-    {file = "pydantic_core-2.18.2-cp312-none-win_arm64.whl", hash = "sha256:98758d627ff397e752bc339272c14c98199c613f922d4a384ddc07526c86a2ec"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:9fdad8e35f278b2c3eb77cbdc5c0a49dada440657bf738d6905ce106dc1de439"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:1d90c3265ae107f91a4f279f4d6f6f1d4907ac76c6868b27dc7fb33688cfb347"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:390193c770399861d8df9670fb0d1874f330c79caaca4642332df7c682bf6b91"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:82d5d4d78e4448683cb467897fe24e2b74bb7b973a541ea1dcfec1d3cbce39fb"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4774f3184d2ef3e14e8693194f661dea5a4d6ca4e3dc8e39786d33a94865cefd"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d4d938ec0adf5167cb335acb25a4ee69a8107e4984f8fbd2e897021d9e4ca21b"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e0e8b1be28239fc64a88a8189d1df7fad8be8c1ae47fcc33e43d4be15f99cc70"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:868649da93e5a3d5eacc2b5b3b9235c98ccdbfd443832f31e075f54419e1b96b"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:78363590ef93d5d226ba21a90a03ea89a20738ee5b7da83d771d283fd8a56761"},
-    {file = "pydantic_core-2.18.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:852e966fbd035a6468fc0a3496589b45e2208ec7ca95c26470a54daed82a0788"},
-    {file = "pydantic_core-2.18.2-cp38-none-win32.whl", hash = "sha256:6a46e22a707e7ad4484ac9ee9f290f9d501df45954184e23fc29408dfad61350"},
-    {file = "pydantic_core-2.18.2-cp38-none-win_amd64.whl", hash = "sha256:d91cb5ea8b11607cc757675051f61b3d93f15eca3cefb3e6c704a5d6e8440f4e"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:ae0a8a797a5e56c053610fa7be147993fe50960fa43609ff2a9552b0e07013e8"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:042473b6280246b1dbf530559246f6842b56119c2926d1e52b631bdc46075f2a"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1a388a77e629b9ec814c1b1e6b3b595fe521d2cdc625fcca26fbc2d44c816804"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e25add29b8f3b233ae90ccef2d902d0ae0432eb0d45370fe315d1a5cf231004b"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f459a5ce8434614dfd39bbebf1041952ae01da6bed9855008cb33b875cb024c0"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:eff2de745698eb46eeb51193a9f41d67d834d50e424aef27df2fcdee1b153845"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a8309f67285bdfe65c372ea3722b7a5642680f3dba538566340a9d36e920b5f0"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f93a8a2e3938ff656a7c1bc57193b1319960ac015b6e87d76c76bf14fe0244b4"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:22057013c8c1e272eb8d0eebc796701167d8377441ec894a8fed1af64a0bf399"},
-    {file = "pydantic_core-2.18.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:cfeecd1ac6cc1fb2692c3d5110781c965aabd4ec5d32799773ca7b1456ac636b"},
-    {file = "pydantic_core-2.18.2-cp39-none-win32.whl", hash = "sha256:0d69b4c2f6bb3e130dba60d34c0845ba31b69babdd3f78f7c0c8fae5021a253e"},
-    {file = "pydantic_core-2.18.2-cp39-none-win_amd64.whl", hash = "sha256:d9319e499827271b09b4e411905b24a426b8fb69464dfa1696258f53a3334641"},
-    {file = "pydantic_core-2.18.2-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:a1874c6dd4113308bd0eb568418e6114b252afe44319ead2b4081e9b9521fe75"},
-    {file = "pydantic_core-2.18.2-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:ccdd111c03bfd3666bd2472b674c6899550e09e9f298954cfc896ab92b5b0e6d"},
-    {file = "pydantic_core-2.18.2-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e18609ceaa6eed63753037fc06ebb16041d17d28199ae5aba0052c51449650a9"},
-    {file = "pydantic_core-2.18.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6e5c584d357c4e2baf0ff7baf44f4994be121e16a2c88918a5817331fc7599d7"},
-    {file = "pydantic_core-2.18.2-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:43f0f463cf89ace478de71a318b1b4f05ebc456a9b9300d027b4b57c1a2064fb"},
-    {file = "pydantic_core-2.18.2-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:e1b395e58b10b73b07b7cf740d728dd4ff9365ac46c18751bf8b3d8cca8f625a"},
-    {file = "pydantic_core-2.18.2-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:0098300eebb1c837271d3d1a2cd2911e7c11b396eac9661655ee524a7f10587b"},
-    {file = "pydantic_core-2.18.2-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:36789b70d613fbac0a25bb07ab3d9dba4d2e38af609c020cf4d888d165ee0bf3"},
-    {file = "pydantic_core-2.18.2-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:3f9a801e7c8f1ef8718da265bba008fa121243dfe37c1cea17840b0944dfd72c"},
-    {file = "pydantic_core-2.18.2-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:3a6515ebc6e69d85502b4951d89131ca4e036078ea35533bb76327f8424531ce"},
-    {file = "pydantic_core-2.18.2-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:20aca1e2298c56ececfd8ed159ae4dde2df0781988c97ef77d5c16ff4bd5b400"},
-    {file = "pydantic_core-2.18.2-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:223ee893d77a310a0391dca6df00f70bbc2f36a71a895cecd9a0e762dc37b349"},
-    {file = "pydantic_core-2.18.2-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:2334ce8c673ee93a1d6a65bd90327588387ba073c17e61bf19b4fd97d688d63c"},
-    {file = "pydantic_core-2.18.2-pp39-pypy39_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:cbca948f2d14b09d20268cda7b0367723d79063f26c4ffc523af9042cad95592"},
-    {file = "pydantic_core-2.18.2-pp39-pypy39_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:b3ef08e20ec49e02d5c6717a91bb5af9b20f1805583cb0adfe9ba2c6b505b5ae"},
-    {file = "pydantic_core-2.18.2-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:c6fdc8627910eed0c01aed6a390a252fe3ea6d472ee70fdde56273f198938374"},
-    {file = "pydantic_core-2.18.2.tar.gz", hash = "sha256:2e29d20810dfc3043ee13ac7d9e25105799817683348823f305ab3f349b9386e"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:744697428fcdec6be5670460b578161d1ffe34743a5c15656be7ea82b008197c"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:37b40c05ced1ba4218b14986fe6f283d22e1ae2ff4c8e28881a70fb81fbfcda7"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:544a9a75622357076efb6b311983ff190fbfb3c12fc3a853122b34d3d358126c"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e2e253af04ceaebde8eb201eb3f3e3e7e390f2d275a88300d6a1959d710539e2"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:855ec66589c68aa367d989da5c4755bb74ee92ccad4fdb6af942c3612c067e34"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3d3e42bb54e7e9d72c13ce112e02eb1b3b55681ee948d748842171201a03a98a"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c6ac9ffccc9d2e69d9fba841441d4259cb668ac180e51b30d3632cd7abca2b9b"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:c56eca1686539fa0c9bda992e7bd6a37583f20083c37590413381acfc5f192d6"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:17954d784bf8abfc0ec2a633108207ebc4fa2df1a0e4c0c3ccbaa9bb01d2c426"},
+    {file = "pydantic_core-2.18.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:98ed737567d8f2ecd54f7c8d4f8572ca7c7921ede93a2e52939416170d357812"},
+    {file = "pydantic_core-2.18.3-cp310-none-win32.whl", hash = "sha256:9f9e04afebd3ed8c15d67a564ed0a34b54e52136c6d40d14c5547b238390e779"},
+    {file = "pydantic_core-2.18.3-cp310-none-win_amd64.whl", hash = "sha256:45e4ffbae34f7ae30d0047697e724e534a7ec0a82ef9994b7913a412c21462a0"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:b9ebe8231726c49518b16b237b9fe0d7d361dd221302af511a83d4ada01183ab"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:b8e20e15d18bf7dbb453be78a2d858f946f5cdf06c5072453dace00ab652e2b2"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c0d9ff283cd3459fa0bf9b0256a2b6f01ac1ff9ffb034e24457b9035f75587cb"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:2f7ef5f0ebb77ba24c9970da18b771711edc5feaf00c10b18461e0f5f5949231"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:73038d66614d2e5cde30435b5afdced2b473b4c77d4ca3a8624dd3e41a9c19be"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:6afd5c867a74c4d314c557b5ea9520183fadfbd1df4c2d6e09fd0d990ce412cd"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bd7df92f28d351bb9f12470f4c533cf03d1b52ec5a6e5c58c65b183055a60106"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:80aea0ffeb1049336043d07799eace1c9602519fb3192916ff525b0287b2b1e4"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:aaee40f25bba38132e655ffa3d1998a6d576ba7cf81deff8bfa189fb43fd2bbe"},
+    {file = "pydantic_core-2.18.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:9128089da8f4fe73f7a91973895ebf2502539d627891a14034e45fb9e707e26d"},
+    {file = "pydantic_core-2.18.3-cp311-none-win32.whl", hash = "sha256:fec02527e1e03257aa25b1a4dcbe697b40a22f1229f5d026503e8b7ff6d2eda7"},
+    {file = "pydantic_core-2.18.3-cp311-none-win_amd64.whl", hash = "sha256:58ff8631dbab6c7c982e6425da8347108449321f61fe427c52ddfadd66642af7"},
+    {file = "pydantic_core-2.18.3-cp311-none-win_arm64.whl", hash = "sha256:3fc1c7f67f34c6c2ef9c213e0f2a351797cda98249d9ca56a70ce4ebcaba45f4"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:f0928cde2ae416a2d1ebe6dee324709c6f73e93494d8c7aea92df99aab1fc40f"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:0bee9bb305a562f8b9271855afb6ce00223f545de3d68560b3c1649c7c5295e9"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e862823be114387257dacbfa7d78547165a85d7add33b446ca4f4fae92c7ff5c"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:6a36f78674cbddc165abab0df961b5f96b14461d05feec5e1f78da58808b97e7"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ba905d184f62e7ddbb7a5a751d8a5c805463511c7b08d1aca4a3e8c11f2e5048"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7fdd362f6a586e681ff86550b2379e532fee63c52def1c666887956748eaa326"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:24b214b7ee3bd3b865e963dbed0f8bc5375f49449d70e8d407b567af3222aae4"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:691018785779766127f531674fa82bb368df5b36b461622b12e176c18e119022"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:60e4c625e6f7155d7d0dcac151edf5858102bc61bf959d04469ca6ee4e8381bd"},
+    {file = "pydantic_core-2.18.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:a4e651e47d981c1b701dcc74ab8fec5a60a5b004650416b4abbef13db23bc7be"},
+    {file = "pydantic_core-2.18.3-cp312-none-win32.whl", hash = "sha256:ffecbb5edb7f5ffae13599aec33b735e9e4c7676ca1633c60f2c606beb17efc5"},
+    {file = "pydantic_core-2.18.3-cp312-none-win_amd64.whl", hash = "sha256:2c8333f6e934733483c7eddffdb094c143b9463d2af7e6bd85ebcb2d4a1b82c6"},
+    {file = "pydantic_core-2.18.3-cp312-none-win_arm64.whl", hash = "sha256:7a20dded653e516a4655f4c98e97ccafb13753987434fe7cf044aa25f5b7d417"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:eecf63195be644b0396f972c82598cd15693550f0ff236dcf7ab92e2eb6d3522"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:2c44efdd3b6125419c28821590d7ec891c9cb0dff33a7a78d9d5c8b6f66b9702"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6e59fca51ffbdd1638b3856779342ed69bcecb8484c1d4b8bdb237d0eb5a45e2"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:70cf099197d6b98953468461d753563b28e73cf1eade2ffe069675d2657ed1d5"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:63081a49dddc6124754b32a3774331467bfc3d2bd5ff8f10df36a95602560361"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:370059b7883485c9edb9655355ff46d912f4b03b009d929220d9294c7fd9fd60"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5a64faeedfd8254f05f5cf6fc755023a7e1606af3959cfc1a9285744cc711044"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:19d2e725de0f90d8671f89e420d36c3dd97639b98145e42fcc0e1f6d492a46dc"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:67bc078025d70ec5aefe6200ef094576c9d86bd36982df1301c758a9fff7d7f4"},
+    {file = "pydantic_core-2.18.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:adf952c3f4100e203cbaf8e0c907c835d3e28f9041474e52b651761dc248a3c0"},
+    {file = "pydantic_core-2.18.3-cp38-none-win32.whl", hash = "sha256:9a46795b1f3beb167eaee91736d5d17ac3a994bf2215a996aed825a45f897558"},
+    {file = "pydantic_core-2.18.3-cp38-none-win_amd64.whl", hash = "sha256:200ad4e3133cb99ed82342a101a5abf3d924722e71cd581cc113fe828f727fbc"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:304378b7bf92206036c8ddd83a2ba7b7d1a5b425acafff637172a3aa72ad7083"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:c826870b277143e701c9ccf34ebc33ddb4d072612683a044e7cce2d52f6c3fef"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e201935d282707394f3668380e41ccf25b5794d1b131cdd96b07f615a33ca4b1"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5560dda746c44b48bf82b3d191d74fe8efc5686a9ef18e69bdabccbbb9ad9442"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:6b32c2a1f8032570842257e4c19288eba9a2bba4712af542327de9a1204faff8"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:929c24e9dea3990bc8bcd27c5f2d3916c0c86f5511d2caa69e0d5290115344a9"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e1a8376fef60790152564b0eab376b3e23dd6e54f29d84aad46f7b264ecca943"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:dccf3ef1400390ddd1fb55bf0632209d39140552d068ee5ac45553b556780e06"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:41dbdcb0c7252b58fa931fec47937edb422c9cb22528f41cb8963665c372caf6"},
+    {file = "pydantic_core-2.18.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:666e45cf071669fde468886654742fa10b0e74cd0fa0430a46ba6056b24fb0af"},
+    {file = "pydantic_core-2.18.3-cp39-none-win32.whl", hash = "sha256:f9c08cabff68704a1b4667d33f534d544b8a07b8e5d039c37067fceb18789e78"},
+    {file = "pydantic_core-2.18.3-cp39-none-win_amd64.whl", hash = "sha256:4afa5f5973e8572b5c0dcb4e2d4fda7890e7cd63329bd5cc3263a25c92ef0026"},
+    {file = "pydantic_core-2.18.3-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:77319771a026f7c7d29c6ebc623de889e9563b7087911b46fd06c044a12aa5e9"},
+    {file = "pydantic_core-2.18.3-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:df11fa992e9f576473038510d66dd305bcd51d7dd508c163a8c8fe148454e059"},
+    {file = "pydantic_core-2.18.3-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d531076bdfb65af593326ffd567e6ab3da145020dafb9187a1d131064a55f97c"},
+    {file = "pydantic_core-2.18.3-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d33ce258e4e6e6038f2b9e8b8a631d17d017567db43483314993b3ca345dcbbb"},
+    {file = "pydantic_core-2.18.3-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:1f9cd7f5635b719939019be9bda47ecb56e165e51dd26c9a217a433e3d0d59a9"},
+    {file = "pydantic_core-2.18.3-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:cd4a032bb65cc132cae1fe3e52877daecc2097965cd3914e44fbd12b00dae7c5"},
+    {file = "pydantic_core-2.18.3-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:82f2718430098bcdf60402136c845e4126a189959d103900ebabb6774a5d9fdb"},
+    {file = "pydantic_core-2.18.3-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:c0037a92cf0c580ed14e10953cdd26528e8796307bb8bb312dc65f71547df04d"},
+    {file = "pydantic_core-2.18.3-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:b95a0972fac2b1ff3c94629fc9081b16371dad870959f1408cc33b2f78ad347a"},
+    {file = "pydantic_core-2.18.3-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:a62e437d687cc148381bdd5f51e3e81f5b20a735c55f690c5be94e05da2b0d5c"},
+    {file = "pydantic_core-2.18.3-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b367a73a414bbb08507da102dc2cde0fa7afe57d09b3240ce82a16d608a7679c"},
+    {file = "pydantic_core-2.18.3-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0ecce4b2360aa3f008da3327d652e74a0e743908eac306198b47e1c58b03dd2b"},
+    {file = "pydantic_core-2.18.3-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:bd4435b8d83f0c9561a2a9585b1de78f1abb17cb0cef5f39bf6a4b47d19bafe3"},
+    {file = "pydantic_core-2.18.3-pp39-pypy39_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:616221a6d473c5b9aa83fa8982745441f6a4a62a66436be9445c65f241b86c94"},
+    {file = "pydantic_core-2.18.3-pp39-pypy39_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:7e6382ce89a92bc1d0c0c5edd51e931432202b9080dc921d8d003e616402efd1"},
+    {file = "pydantic_core-2.18.3-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:ff58f379345603d940e461eae474b6bbb6dab66ed9a851ecd3cb3709bf4dcf6a"},
+    {file = "pydantic_core-2.18.3.tar.gz", hash = "sha256:432e999088d85c8f36b9a3f769a8e2b57aabd817bbb729a90d1fe7f18f6f1f39"},
 ]
 
 [package.dependencies]
@@ -4038,28 +4052,28 @@ pyasn1 = ">=0.1.3"
 
 [[package]]
 name = "ruff"
-version = "0.4.5"
+version = "0.4.7"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.4.5-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:8f58e615dec58b1a6b291769b559e12fdffb53cc4187160a2fc83250eaf54e96"},
-    {file = "ruff-0.4.5-py3-none-macosx_11_0_arm64.whl", hash = "sha256:84dd157474e16e3a82745d2afa1016c17d27cb5d52b12e3d45d418bcc6d49264"},
-    {file = "ruff-0.4.5-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:25f483ad9d50b00e7fd577f6d0305aa18494c6af139bce7319c68a17180087f4"},
-    {file = "ruff-0.4.5-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:63fde3bf6f3ad4e990357af1d30e8ba2730860a954ea9282c95fc0846f5f64af"},
-    {file = "ruff-0.4.5-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:78e3ba4620dee27f76bbcad97067766026c918ba0f2d035c2fc25cbdd04d9c97"},
-    {file = "ruff-0.4.5-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:441dab55c568e38d02bbda68a926a3d0b54f5510095c9de7f95e47a39e0168aa"},
-    {file = "ruff-0.4.5-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1169e47e9c4136c997f08f9857ae889d614c5035d87d38fda9b44b4338909cdf"},
-    {file = "ruff-0.4.5-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:755ac9ac2598a941512fc36a9070a13c88d72ff874a9781493eb237ab02d75df"},
-    {file = "ruff-0.4.5-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f4b02a65985be2b34b170025a8b92449088ce61e33e69956ce4d316c0fe7cce0"},
-    {file = "ruff-0.4.5-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:75a426506a183d9201e7e5664de3f6b414ad3850d7625764106f7b6d0486f0a1"},
-    {file = "ruff-0.4.5-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:6e1b139b45e2911419044237d90b60e472f57285950e1492c757dfc88259bb06"},
-    {file = "ruff-0.4.5-py3-none-musllinux_1_2_i686.whl", hash = "sha256:a6f29a8221d2e3d85ff0c7b4371c0e37b39c87732c969b4d90f3dad2e721c5b1"},
-    {file = "ruff-0.4.5-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:d6ef817124d72b54cc923f3444828ba24fa45c3164bc9e8f1813db2f3d3a8a11"},
-    {file = "ruff-0.4.5-py3-none-win32.whl", hash = "sha256:aed8166c18b1a169a5d3ec28a49b43340949e400665555b51ee06f22813ef062"},
-    {file = "ruff-0.4.5-py3-none-win_amd64.whl", hash = "sha256:b0b03c619d2b4350b4a27e34fd2ac64d0dabe1afbf43de57d0f9d8a05ecffa45"},
-    {file = "ruff-0.4.5-py3-none-win_arm64.whl", hash = "sha256:9d15de3425f53161b3f5a5658d4522e4eee5ea002bf2ac7aa380743dd9ad5fba"},
-    {file = "ruff-0.4.5.tar.gz", hash = "sha256:286eabd47e7d4d521d199cab84deca135557e6d1e0f0d01c29e757c3cb151b54"},
+    {file = "ruff-0.4.7-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:e089371c67892a73b6bb1525608e89a2aca1b77b5440acf7a71dda5dac958f9e"},
+    {file = "ruff-0.4.7-py3-none-macosx_11_0_arm64.whl", hash = "sha256:10f973d521d910e5f9c72ab27e409e839089f955be8a4c8826601a6323a89753"},
+    {file = "ruff-0.4.7-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:59c3d110970001dfa494bcd95478e62286c751126dfb15c3c46e7915fc49694f"},
+    {file = "ruff-0.4.7-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:fa9773c6c00f4958f73b317bc0fd125295110c3776089f6ef318f4b775f0abe4"},
+    {file = "ruff-0.4.7-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:07fc80bbb61e42b3b23b10fda6a2a0f5a067f810180a3760c5ef1b456c21b9db"},
+    {file = "ruff-0.4.7-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:fa4dafe3fe66d90e2e2b63fa1591dd6e3f090ca2128daa0be33db894e6c18648"},
+    {file = "ruff-0.4.7-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a7c0083febdec17571455903b184a10026603a1de078428ba155e7ce9358c5f6"},
+    {file = "ruff-0.4.7-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:ad1b20e66a44057c326168437d680a2166c177c939346b19c0d6b08a62a37589"},
+    {file = "ruff-0.4.7-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cbf5d818553add7511c38b05532d94a407f499d1a76ebb0cad0374e32bc67202"},
+    {file = "ruff-0.4.7-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:50e9651578b629baec3d1513b2534de0ac7ed7753e1382272b8d609997e27e83"},
+    {file = "ruff-0.4.7-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:8874a9df7766cb956b218a0a239e0a5d23d9e843e4da1e113ae1d27ee420877a"},
+    {file = "ruff-0.4.7-py3-none-musllinux_1_2_i686.whl", hash = "sha256:b9de9a6e49f7d529decd09381c0860c3f82fa0b0ea00ea78409b785d2308a567"},
+    {file = "ruff-0.4.7-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:13a1768b0691619822ae6d446132dbdfd568b700ecd3652b20d4e8bc1e498f78"},
+    {file = "ruff-0.4.7-py3-none-win32.whl", hash = "sha256:769e5a51df61e07e887b81e6f039e7ed3573316ab7dd9f635c5afaa310e4030e"},
+    {file = "ruff-0.4.7-py3-none-win_amd64.whl", hash = "sha256:9e3ab684ad403a9ed1226894c32c3ab9c2e0718440f6f50c7c5829932bc9e054"},
+    {file = "ruff-0.4.7-py3-none-win_arm64.whl", hash = "sha256:10f2204b9a613988e3484194c2c9e96a22079206b22b787605c255f130db5ed7"},
+    {file = "ruff-0.4.7.tar.gz", hash = "sha256:2331d2b051dc77a289a653fcc6a42cce357087c5975738157cd966590b18b5e1"},
 ]
 
 [[package]]
@@ -4390,17 +4404,17 @@ pbr = ">=2.0.0,<2.1.0 || >2.1.0"
 
 [[package]]
 name = "structlog"
-version = "24.1.0"
+version = "24.2.0"
 description = "Structured Logging for Python"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "structlog-24.1.0-py3-none-any.whl", hash = "sha256:3f6efe7d25fab6e86f277713c218044669906537bb717c1807a09d46bca0714d"},
-    {file = "structlog-24.1.0.tar.gz", hash = "sha256:41a09886e4d55df25bdcb9b5c9674bccfab723ff43e0a86a1b7b236be8e57b16"},
+    {file = "structlog-24.2.0-py3-none-any.whl", hash = "sha256:983bd49f70725c5e1e3867096c0c09665918936b3db27341b41d294283d7a48a"},
+    {file = "structlog-24.2.0.tar.gz", hash = "sha256:0e3fe74924a6d8857d3f612739efb94c72a7417d7c7c008d12276bca3b5bf13b"},
 ]
 
 [package.extras]
-dev = ["structlog[tests,typing]"]
+dev = ["freezegun (>=0.2.8)", "mypy (>=1.4)", "pretend", "pytest (>=6.0)", "pytest-asyncio (>=0.17)", "rich", "simplejson", "twisted"]
 docs = ["furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-mermaid", "sphinxext-opengraph", "twisted"]
 tests = ["freezegun (>=0.2.8)", "pretend", "pytest (>=6.0)", "pytest-asyncio (>=0.17)", "simplejson"]
 typing = ["mypy (>=1.4)", "rich", "twisted"]
@@ -4655,13 +4669,13 @@ zstd = ["zstandard (>=0.18.0)"]
 
 [[package]]
 name = "uvicorn"
-version = "0.29.0"
+version = "0.30.1"
 description = "The lightning-fast ASGI server."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "uvicorn-0.29.0-py3-none-any.whl", hash = "sha256:2c2aac7ff4f4365c206fd773a39bf4ebd1047c238f8b8268ad996829323473de"},
-    {file = "uvicorn-0.29.0.tar.gz", hash = "sha256:6a69214c0b6a087462412670b3ef21224fa48cae0e452b5883e8e8bdfdd11dd0"},
+    {file = "uvicorn-0.30.1-py3-none-any.whl", hash = "sha256:cd17daa7f3b9d7a24de3617820e634d0933b69eed8e33a516071174427238c81"},
+    {file = "uvicorn-0.30.1.tar.gz", hash = "sha256:d46cd8e0fd80240baffbcd9ec1012a712938754afcf81bce56c024c1656aece8"},
 ]
 
 [package.dependencies]
@@ -5336,4 +5350,4 @@ files = [
 [metadata]
 lock-version = "2.0"
 python-versions = "~3.12"
-content-hash = "112c777b6cf6bec7583f3994cd1fa0165d046d09a2f378990ba6bb626f9739ca"
+content-hash = "f960013b56683ab42d82f8b49b2822dffc76046e3d22695ebb737b405a98dbaf"

pyproject.toml

@@ -94,6 +94,7 @@ dacite = "*"
 deepmerge = "*"
 defusedxml = "*"
 django = "*"
+django-cte = "*"
 django-filter = "*"
 django-guardian = "*"
 django-model-utils = "*"

schema.yml

@@ -16369,85 +16369,6 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-    put:
-      operationId: providers_google_workspace_groups_update
-      description: GoogleWorkspaceProviderGroup Viewset
-      parameters:
-      - in: path
-        name: id
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Google Workspace Provider Group.
-        required: true
-      tags:
-      - providers
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/GoogleWorkspaceProviderGroupRequest'
-        required: true
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GoogleWorkspaceProviderGroup'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-    patch:
-      operationId: providers_google_workspace_groups_partial_update
-      description: GoogleWorkspaceProviderGroup Viewset
-      parameters:
-      - in: path
-        name: id
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Google Workspace Provider Group.
-        required: true
-      tags:
-      - providers
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PatchedGoogleWorkspaceProviderGroupRequest'
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GoogleWorkspaceProviderGroup'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
     delete:
       operationId: providers_google_workspace_groups_destroy
       description: GoogleWorkspaceProviderGroup Viewset
@@ -16646,85 +16567,6 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-    put:
-      operationId: providers_google_workspace_users_update
-      description: GoogleWorkspaceProviderUser Viewset
-      parameters:
-      - in: path
-        name: id
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Google Workspace Provider User.
-        required: true
-      tags:
-      - providers
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/GoogleWorkspaceProviderUserRequest'
-        required: true
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GoogleWorkspaceProviderUser'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-    patch:
-      operationId: providers_google_workspace_users_partial_update
-      description: GoogleWorkspaceProviderUser Viewset
-      parameters:
-      - in: path
-        name: id
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Google Workspace Provider User.
-        required: true
-      tags:
-      - providers
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PatchedGoogleWorkspaceProviderUserRequest'
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GoogleWorkspaceProviderUser'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
     delete:
       operationId: providers_google_workspace_users_destroy
       description: GoogleWorkspaceProviderUser Viewset
@@ -17539,85 +17381,6 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-    put:
-      operationId: providers_microsoft_entra_groups_update
-      description: MicrosoftEntraProviderGroup Viewset
-      parameters:
-      - in: path
-        name: id
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Microsoft Entra Provider Group.
-        required: true
-      tags:
-      - providers
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/MicrosoftEntraProviderGroupRequest'
-        required: true
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/MicrosoftEntraProviderGroup'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-    patch:
-      operationId: providers_microsoft_entra_groups_partial_update
-      description: MicrosoftEntraProviderGroup Viewset
-      parameters:
-      - in: path
-        name: id
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Microsoft Entra Provider Group.
-        required: true
-      tags:
-      - providers
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PatchedMicrosoftEntraProviderGroupRequest'
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/MicrosoftEntraProviderGroup'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
     delete:
       operationId: providers_microsoft_entra_groups_destroy
       description: MicrosoftEntraProviderGroup Viewset
@@ -17816,85 +17579,6 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-    put:
-      operationId: providers_microsoft_entra_users_update
-      description: MicrosoftEntraProviderUser Viewset
-      parameters:
-      - in: path
-        name: id
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Microsoft Entra Provider User.
-        required: true
-      tags:
-      - providers
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/MicrosoftEntraProviderUserRequest'
-        required: true
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/MicrosoftEntraProviderUser'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-    patch:
-      operationId: providers_microsoft_entra_users_partial_update
-      description: MicrosoftEntraProviderUser Viewset
-      parameters:
-      - in: path
-        name: id
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Microsoft Entra Provider User.
-        required: true
-      tags:
-      - providers
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PatchedMicrosoftEntraProviderUserRequest'
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/MicrosoftEntraProviderUser'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
     delete:
       operationId: providers_microsoft_entra_users_destroy
       description: MicrosoftEntraProviderUser Viewset
@@ -36634,10 +36318,16 @@ components:
           allOf:
           - $ref: '#/components/schemas/UserGroup'
           readOnly: true
+        provider:
+          type: integer
+        attributes:
+          readOnly: true
       required:
+      - attributes
       - group
       - group_obj
       - id
+      - provider
     GoogleWorkspaceProviderGroupRequest:
       type: object
       description: GoogleWorkspaceProviderGroup Serializer
@@ -36645,8 +36335,11 @@ components:
         group:
           type: string
           format: uuid
+        provider:
+          type: integer
       required:
       - group
+      - provider
     GoogleWorkspaceProviderMapping:
       type: object
       description: GoogleWorkspaceProviderMapping Serializer
@@ -36773,8 +36466,14 @@ components:
           allOf:
           - $ref: '#/components/schemas/GroupMember'
           readOnly: true
+        provider:
+          type: integer
+        attributes:
+          readOnly: true
       required:
+      - attributes
       - id
+      - provider
       - user
       - user_obj
     GoogleWorkspaceProviderUserRequest:
@@ -36783,7 +36482,10 @@ components:
       properties:
         user:
           type: integer
+        provider:
+          type: integer
       required:
+      - provider
       - user
     Group:
       type: object
@@ -38284,10 +37986,16 @@ components:
           allOf:
           - $ref: '#/components/schemas/UserGroup'
           readOnly: true
+        provider:
+          type: integer
+        attributes:
+          readOnly: true
       required:
+      - attributes
       - group
       - group_obj
       - id
+      - provider
     MicrosoftEntraProviderGroupRequest:
       type: object
       description: MicrosoftEntraProviderGroup Serializer
@@ -38295,8 +38003,11 @@ components:
         group:
           type: string
           format: uuid
+        provider:
+          type: integer
       required:
       - group
+      - provider
     MicrosoftEntraProviderMapping:
       type: object
       description: MicrosoftEntraProviderMapping Serializer
@@ -38420,8 +38131,14 @@ components:
           allOf:
           - $ref: '#/components/schemas/GroupMember'
           readOnly: true
+        provider:
+          type: integer
+        attributes:
+          readOnly: true
       required:
+      - attributes
       - id
+      - provider
       - user
       - user_obj
     MicrosoftEntraProviderUserRequest:
@@ -38430,7 +38147,10 @@ components:
       properties:
         user:
           type: integer
+        provider:
+          type: integer
       required:
+      - provider
       - user
     ModelEnum:
       enum:
@@ -41826,13 +41546,6 @@ components:
             to a challenge. RETRY returns the error message and a similar challenge
             to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT
             restarts the flow while keeping the current context.
-    PatchedGoogleWorkspaceProviderGroupRequest:
-      type: object
-      description: GoogleWorkspaceProviderGroup Serializer
-      properties:
-        group:
-          type: string
-          format: uuid
     PatchedGoogleWorkspaceProviderMappingRequest:
       type: object
       description: GoogleWorkspaceProviderMapping Serializer
@@ -41892,12 +41605,6 @@ components:
         default_group_email_domain:
           type: string
           minLength: 1
-    PatchedGoogleWorkspaceProviderUserRequest:
-      type: object
-      description: GoogleWorkspaceProviderUser Serializer
-      properties:
-        user:
-          type: integer
     PatchedGroupRequest:
       type: object
       description: Group Serializer
@@ -42253,13 +41960,6 @@ components:
         key:
           type: string
           minLength: 1
-    PatchedMicrosoftEntraProviderGroupRequest:
-      type: object
-      description: MicrosoftEntraProviderGroup Serializer
-      properties:
-        group:
-          type: string
-          format: uuid
     PatchedMicrosoftEntraProviderMappingRequest:
       type: object
       description: MicrosoftEntraProviderMapping Serializer
@@ -42316,12 +42016,6 @@ components:
           $ref: '#/components/schemas/OutgoingSyncDeleteAction'
         group_delete_action:
           $ref: '#/components/schemas/OutgoingSyncDeleteAction'
-    PatchedMicrosoftEntraProviderUserRequest:
-      type: object
-      description: MicrosoftEntraProviderUser Serializer
-      properties:
-        user:
-          type: integer
     PatchedNotificationRequest:
       type: object
       description: Notification Serializer

tests/wdio/package-lock.json

@@ -6,13 +6,13 @@
         "": {
             "name": "@goauthentik/web-tests",
             "dependencies": {
-                "chromedriver": "^125.0.2"
+                "chromedriver": "^125.0.3"
             },
             "devDependencies": {
                 "@trivago/prettier-plugin-sort-imports": "^4.3.0",
                 "@typescript-eslint/eslint-plugin": "^7.5.0",
                 "@typescript-eslint/parser": "^7.5.0",
-                "@wdio/cli": "^8.38.0",
+                "@wdio/cli": "^8.38.1",
                 "@wdio/local-runner": "^8.38.0",
                 "@wdio/mocha-framework": "^8.38.0",
                 "@wdio/spec-reporter": "^8.38.0",
@@ -20,7 +20,7 @@
                 "eslint-config-google": "^0.14.0",
                 "eslint-plugin-sonarjs": "^0.25.1",
                 "npm-run-all": "^4.1.5",
-                "prettier": "^3.2.5",
+                "prettier": "^3.3.0",
                 "ts-node": "^10.9.2",
                 "typescript": "^5.4.5",
                 "wdio-wait-for": "^3.0.11"
@@ -1189,9 +1189,9 @@
             }
         },
         "node_modules/@wdio/cli": {
-            "version": "8.38.0",
-            "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.38.0.tgz",
-            "integrity": "sha512-plRVINOKeVzg4uOFJBjaEg5fBZ1vw/yxvreziL0AOxAG03HalrE1sImvu83HjDWNUDIRVcJDq+iiiFsL3khSLg==",
+            "version": "8.38.1",
+            "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.38.1.tgz",
+            "integrity": "sha512-xif0RvJX+saXVdzrhlEafbEdptNyeyqm0pyilT4H7OI7OMa+23rWB67r2SPoIZbBrVeFv1iqtUx9hR73RRio2A==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.1",
@@ -2084,9 +2084,9 @@
             }
         },
         "node_modules/chromedriver": {
-            "version": "125.0.2",
-            "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-125.0.2.tgz",
-            "integrity": "sha512-H2mIy3r//bIGVouQQrp2UzS93cjGCV2f+I6qNimAOyIiWkaKCiLEuDMQnuC21rewo/UuyOA8CDqa4a7RIT/8EQ==",
+            "version": "125.0.3",
+            "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-125.0.3.tgz",
+            "integrity": "sha512-Qzuk5Wian2o3EVGjtbz6V/jv+pT/AV9246HbG6kUljZXXjsKZLZxqJC+kHR3qEh/wdv4EJD0YwAOWV72v9hogw==",
             "hasInstallScript": true,
             "dependencies": {
                 "@testim/chrome-version": "^1.1.4",
@@ -6908,9 +6908,9 @@
             }
         },
         "node_modules/prettier": {
-            "version": "3.2.5",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.2.5.tgz",
-            "integrity": "sha512-3/GWa9aOC0YeD7LUfvOG2NiDyhOWRvt1k+rcKhOuYnMY24iiCphgneUfJDyFXd6rZCAnuLBv6UeAULtrhT/F4A==",
+            "version": "3.3.0",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.0.tgz",
+            "integrity": "sha512-J9odKxERhCQ10OC2yb93583f6UnYutOeiV5i0zEDS7UGTdUt0u+y8erxl3lBKvwo/JHyyoEdXjwp4dke9oyZ/g==",
             "dev": true,
             "bin": {
                 "prettier": "bin/prettier.cjs"

tests/wdio/package.json

@@ -6,7 +6,7 @@
         "@trivago/prettier-plugin-sort-imports": "^4.3.0",
         "@typescript-eslint/eslint-plugin": "^7.5.0",
         "@typescript-eslint/parser": "^7.5.0",
-        "@wdio/cli": "^8.38.0",
+        "@wdio/cli": "^8.38.1",
         "@wdio/local-runner": "^8.38.0",
         "@wdio/mocha-framework": "^8.38.0",
         "@wdio/spec-reporter": "^8.38.0",
@@ -14,7 +14,7 @@
         "eslint-config-google": "^0.14.0",
         "eslint-plugin-sonarjs": "^0.25.1",
         "npm-run-all": "^4.1.5",
-        "prettier": "^3.2.5",
+        "prettier": "^3.3.0",
         "ts-node": "^10.9.2",
         "typescript": "^5.4.5",
         "wdio-wait-for": "^3.0.11"
@@ -32,6 +32,6 @@
         "node": ">=20"
     },
     "dependencies": {
-        "chromedriver": "^125.0.2"
+        "chromedriver": "^125.0.3"
     }
 }

web/package.json

@@ -38,7 +38,7 @@
         "@codemirror/theme-one-dark": "^6.1.2",
         "@formatjs/intl-listformat": "^7.5.7",
         "@fortawesome/fontawesome-free": "^6.5.2",
-        "@goauthentik/api": "^2024.4.2-1716550354",
+        "@goauthentik/api": "^2024.4.2-1717033226",
         "@lit-labs/task": "^3.1.0",
         "@lit/context": "^1.1.1",
         "@lit/localize": "^0.12.1",
@@ -46,7 +46,7 @@
         "@open-wc/lit-helpers": "^0.7.0",
         "@patternfly/elements": "^3.0.1",
         "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^8.4.0",
+        "@sentry/browser": "^8.7.0",
         "@webcomponents/webcomponentsjs": "^2.8.0",
         "base64-js": "^1.5.1",
         "chart.js": "^4.4.3",
@@ -65,7 +65,7 @@
         "style-mod": "^4.1.2",
         "ts-pattern": "^5.1.2",
         "webcomponent-qr-code": "^1.2.0",
-        "yaml": "^2.4.2"
+        "yaml": "^2.4.3"
     },
     "devDependencies": {
         "@babel/core": "^7.24.6",
@@ -81,13 +81,13 @@
         "@lit/localize-tools": "^0.7.2",
         "@rollup/plugin-replace": "^5.0.5",
         "@spotlightjs/spotlight": "^1.2.17",
-        "@storybook/addon-essentials": "^8.1.3",
-        "@storybook/addon-links": "^8.1.3",
+        "@storybook/addon-essentials": "^8.1.5",
+        "@storybook/addon-links": "^8.1.5",
         "@storybook/api": "^7.6.17",
         "@storybook/blocks": "^8.0.8",
-        "@storybook/manager-api": "^8.1.3",
-        "@storybook/web-components": "^8.1.3",
-        "@storybook/web-components-vite": "^8.1.3",
+        "@storybook/manager-api": "^8.1.5",
+        "@storybook/web-components": "^8.1.5",
+        "@storybook/web-components-vite": "^8.1.5",
         "@trivago/prettier-plugin-sort-imports": "^4.3.0",
         "@types/chart.js": "^2.9.41",
         "@types/codemirror": "5.60.15",
@@ -100,7 +100,7 @@
         "babel-plugin-tsconfig-paths": "^1.0.3",
         "chokidar": "^3.6.0",
         "cross-env": "^7.0.3",
-        "esbuild": "^0.21.3",
+        "esbuild": "^0.21.4",
         "eslint": "^8.57.0",
         "eslint-config-google": "^0.14.0",
         "eslint-plugin-custom-elements": "0.0.8",
@@ -111,13 +111,13 @@
         "glob": "^10.4.1",
         "lit-analyzer": "^2.0.3",
         "npm-run-all": "^4.1.5",
-        "prettier": "^3.2.5",
+        "prettier": "^3.3.0",
         "pseudolocale": "^2.0.0",
         "react": "^18.2.0",
         "react-dom": "^18.3.1",
         "rollup-plugin-modify": "^3.0.0",
         "rollup-plugin-postcss-lit": "^2.1.0",
-        "storybook": "^8.1.3",
+        "storybook": "^8.1.5",
         "storybook-addon-mock": "^5.0.0",
         "ts-lit-plugin": "^2.0.2",
         "tslib": "^2.6.2",

web/src/admin/applications/components/ak-backchannel-input.ts

@@ -1,5 +1,7 @@
 import "@goauthentik/admin/applications/ProviderSelectModal";
 import { AKElement } from "@goauthentik/elements/Base";
+import "@goauthentik/elements/chips/Chip";
+import "@goauthentik/elements/chips/ChipGroup";
 
 import { TemplateResult, html, nothing } from "lit";
 import { customElement, property } from "lit/decorators.js";

web/src/admin/applications/wizard/methods/oauth/ak-application-wizard-authentication-by-oauth.ts

@@ -3,6 +3,7 @@ import "@goauthentik/admin/common/ak-crypto-certificate-search";
 import "@goauthentik/admin/common/ak-flow-search/ak-branded-flow-search";
 import {
     clientTypeOptions,
+    defaultScopes,
     issuerModeOptions,
     redirectUriHelp,
     subjectModeOptions,
@@ -225,10 +226,9 @@ export class ApplicationWizardAuthenticationByOauth extends BaseProviderPanel {
                                 ${this.propertyMappings?.results.map((scope) => {
                                     let selected = false;
                                     if (!provider?.propertyMappings) {
-                                        selected =
-                                            scope.managed?.startsWith(
-                                                "goauthentik.io/providers/oauth2/scope-",
-                                            ) || false;
+                                        selected = scope.managed
+                                            ? defaultScopes.includes(scope.managed)
+                                            : false;
                                     } else {
                                         selected = Array.from(provider?.propertyMappings).some(
                                             (su) => {

web/src/admin/providers/google_workspace/GoogleWorkspaceProviderGroupList.ts

@@ -13,6 +13,8 @@ export class GoogleWorkspaceProviderGroupList extends Table<GoogleWorkspaceProvi
     @property({ type: Number })
     providerId?: number;
 
+    expandable = true;
+
     searchEnabled(): boolean {
         return true;
     }
@@ -39,4 +41,12 @@ export class GoogleWorkspaceProviderGroupList extends Table<GoogleWorkspaceProvi
             html`${item.id}`,
         ];
     }
+
+    renderExpanded(item: GoogleWorkspaceProviderGroup): TemplateResult {
+        return html`<td role="cell" colspan="4">
+            <div class="pf-c-table__expandable-row-content">
+                <pre>${JSON.stringify(item.attributes, null, 4)}</pre>
+            </div>
+        </td>`;
+    }
 }

web/src/admin/providers/google_workspace/GoogleWorkspaceProviderUserList.ts

@@ -17,6 +17,8 @@ export class GoogleWorkspaceProviderUserList extends Table<GoogleWorkspaceProvid
         return true;
     }
 
+    expandable = true;
+
     async apiEndpoint(page: number): Promise<PaginatedResponse<GoogleWorkspaceProviderUser>> {
         return new ProvidersApi(DEFAULT_CONFIG).providersGoogleWorkspaceUsersList({
             page: page,
@@ -40,4 +42,12 @@ export class GoogleWorkspaceProviderUserList extends Table<GoogleWorkspaceProvid
             html`${item.id}`,
         ];
     }
+
+    renderExpanded(item: GoogleWorkspaceProviderUser): TemplateResult {
+        return html`<td role="cell" colspan="4">
+            <div class="pf-c-table__expandable-row-content">
+                <pre>${JSON.stringify(item.attributes, null, 4)}</pre>
+            </div>
+        </td>`;
+    }
 }

web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderGroupList.ts

@@ -13,6 +13,8 @@ export class MicrosoftEntraProviderGroupList extends Table<MicrosoftEntraProvide
     @property({ type: Number })
     providerId?: number;
 
+    expandable = true;
+
     searchEnabled(): boolean {
         return true;
     }
@@ -39,4 +41,12 @@ export class MicrosoftEntraProviderGroupList extends Table<MicrosoftEntraProvide
             html`${item.id}`,
         ];
     }
+
+    renderExpanded(item: MicrosoftEntraProviderGroup): TemplateResult {
+        return html`<td role="cell" colspan="4">
+            <div class="pf-c-table__expandable-row-content">
+                <pre>${JSON.stringify(item.attributes, null, 4)}</pre>
+            </div>
+        </td>`;
+    }
 }

web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderUserList.ts

@@ -13,6 +13,8 @@ export class MicrosoftEntraProviderUserList extends Table<MicrosoftEntraProvider
     @property({ type: Number })
     providerId?: number;
 
+    expandable = true;
+
     searchEnabled(): boolean {
         return true;
     }
@@ -40,4 +42,12 @@ export class MicrosoftEntraProviderUserList extends Table<MicrosoftEntraProvider
             html`${item.id}`,
         ];
     }
+
+    renderExpanded(item: MicrosoftEntraProviderUser): TemplateResult {
+        return html`<td role="cell" colspan="4">
+            <div class="pf-c-table__expandable-row-content">
+                <pre>${JSON.stringify(item.attributes, null, 4)}</pre>
+            </div>
+        </td>`;
+    }
 }

web/src/admin/providers/oauth2/OAuth2ProviderForm.ts

@@ -48,6 +48,12 @@ export const clientTypeOptions = [
     },
 ];
 
+export const defaultScopes = [
+    "goauthentik.io/providers/oauth2/scope-openid",
+    "goauthentik.io/providers/oauth2/scope-email",
+    "goauthentik.io/providers/oauth2/scope-profile",
+];
+
 export const subjectModeOptions = [
     {
         label: msg("Based on the User's hashed ID"),
@@ -289,14 +295,9 @@ export class OAuth2ProviderFormPage extends BaseProviderForm<OAuth2Provider> {
                             ${this.propertyMappings?.results.map((scope) => {
                                 let selected = false;
                                 if (!provider?.propertyMappings) {
-                                    selected =
-                                        // By default select all managed scope mappings, except offline_access
-                                        (scope.managed?.startsWith(
-                                            "goauthentik.io/providers/oauth2/scope-",
-                                        ) &&
-                                            scope.managed !==
-                                                "goauthentik.io/providers/oauth2/scope-offline_access") ||
-                                        false;
+                                    selected = scope.managed
+                                        ? defaultScopes.includes(scope.managed)
+                                        : false;
                                 } else {
                                     selected = Array.from(provider?.propertyMappings).some((su) => {
                                         return su == scope.pk;

web/src/elements/oauth/UserAccessTokenList.ts

@@ -2,6 +2,8 @@ import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import "@goauthentik/components/ak-status-label";
+import "@goauthentik/elements/chips/Chip";
+import "@goauthentik/elements/chips/ChipGroup";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { Table, TableColumn } from "@goauthentik/elements/table/Table";
@@ -86,12 +88,21 @@ export class UserOAuthAccessTokenList extends Table<TokenModel> {
     row(item: TokenModel): TemplateResult[] {
         return [
             html`<a href="#/core/providers/${item.provider?.pk}"> ${item.provider?.name} </a>`,
-            html`<ak-status-label type="warning" ?good=${item.revoked}></ak-status-label>`,
+            html`<ak-status-label
+                type="warning"
+                ?good=${!item.revoked}
+                good-label=${msg("No")}
+                bad-label=${msg("Yes")}
+            ></ak-status-label>`,
             html`${item.expires
                 ? html`<div>${getRelativeTime(item.expires)}</div>
                       <small>${item.expires.toLocaleString()}</small>`
                 : msg("-")}`,
-            html`${item.scope.join(", ")}`,
+            html`<ak-chip-group>
+                ${item.scope.map((scope) => {
+                    return html`<ak-chip .removable=${false}>${scope}</ak-chip>`;
+                })}
+            </ak-chip-group>`,
         ];
     }
 }

web/src/elements/oauth/UserRefreshTokenList.ts

@@ -2,6 +2,8 @@ import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
 import "@goauthentik/components/ak-status-label";
+import "@goauthentik/elements/chips/Chip";
+import "@goauthentik/elements/chips/ChipGroup";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { Table, TableColumn } from "@goauthentik/elements/table/Table";
@@ -87,12 +89,21 @@ export class UserOAuthRefreshTokenList extends Table<TokenModel> {
     row(item: TokenModel): TemplateResult[] {
         return [
             html`<a href="#/core/providers/${item.provider?.pk}"> ${item.provider?.name} </a>`,
-            html`<ak-status-label type="warning" ?good=${item.revoked}></ak-status-label>`,
+            html`<ak-status-label
+                type="warning"
+                ?good=${!item.revoked}
+                good-label=${msg("No")}
+                bad-label=${msg("Yes")}
+            ></ak-status-label>`,
             html`${item.expires
                 ? html`<div>${getRelativeTime(item.expires)}</div>
                       <small>${item.expires.toLocaleString()}</small>`
                 : msg("-")}`,
-            html`${item.scope.join(", ")}`,
+            html`<ak-chip-group>
+                ${item.scope.map((scope) => {
+                    return html`<ak-chip .removable=${false}>${scope}</ak-chip>`;
+                })}
+            </ak-chip-group>`,
         ];
     }
 }

web/src/elements/user/UserConsentList.ts

@@ -1,6 +1,8 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { uiConfig } from "@goauthentik/common/ui/config";
 import { getRelativeTime } from "@goauthentik/common/utils";
+import "@goauthentik/elements/chips/Chip";
+import "@goauthentik/elements/chips/ChipGroup";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { Table, TableColumn } from "@goauthentik/elements/table/Table";
@@ -66,7 +68,13 @@ export class UserConsentList extends Table<UserConsent> {
                 ? html`<div>${getRelativeTime(item.expires)}</div>
                       <small>${item.expires.toLocaleString()}</small>`
                 : msg("-")}`,
-            html`${item.permissions || "-"}`,
+            html`${item.permissions
+                ? html`<ak-chip-group>
+                      ${item.permissions.split(" ").map((perm) => {
+                          return html`<ak-chip .removable=${false}>${perm}</ak-chip>`;
+                      })}
+                  </ak-chip-group>`
+                : html`-`}`,
         ];
     }
 }

web/xliff/zh-Hans.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -596,9 +596,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>未找到 URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot;。</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>未找到 URL "
+        <x id="0" equiv-text="${this.url}"/>"。</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1040,8 +1040,8 @@
         
       </trans-unit>
       <trans-unit id="sa8384c9c26731f83">
-        <source>To allow any redirect URI, set this value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-        <target>要允许任何重定向 URI，请将此值设置为 &quot;.*&quot;。请注意这可能带来的安全影响。</target>
+        <source>To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.</source>
+        <target>要允许任何重定向 URI，请将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
         
       </trans-unit>
       <trans-unit id="s55787f4dfcdce52b">
@@ -1767,8 +1767,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 &quot;fa-test&quot;。</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -2946,8 +2946,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s76768bebabb7d543">
-        <source>Field which contains members of a group. Note that if using the &quot;memberUid&quot; field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
-        <target>包含组成员的字段。请注意，如果使用 &quot;memberUid&quot; 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
+        <source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
+        <target>包含组成员的字段。请注意，如果使用 "memberUid" 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
         
       </trans-unit>
       <trans-unit id="s026555347e589f0e">
@@ -3708,8 +3708,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s7b1fba26d245cb1c">
-        <source>When using an external logging solution for archiving, this can be set to &quot;minutes=5&quot;.</source>
-        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 &quot;minutes=5&quot;。</target>
+        <source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
+        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 "minutes=5"。</target>
         
       </trans-unit>
       <trans-unit id="s44536d20bb5c8257">
@@ -3885,10 +3885,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>您确定要更新
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot; 吗？</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>" 吗？</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4964,7 +4964,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
         <target>像 YubiKey 这样的“漫游”身份验证器</target>
         
       </trans-unit>
@@ -5299,10 +5299,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s2d5f69929bb7221d">
-        <source><x id="0" equiv-text="${prompt.name}"/> (&quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${prompt.type}"/>)</source>
+        <source><x id="0" equiv-text="${prompt.name}"/> ("<x id="1" equiv-text="${prompt.fieldKey}"/>", of type <x id="2" equiv-text="${prompt.type}"/>)</source>
         <target>
-        <x id="0" equiv-text="${prompt.name}"/>（&quot;
-        <x id="1" equiv-text="${prompt.fieldKey}"/>&quot;，类型为
+        <x id="0" equiv-text="${prompt.name}"/>（"
+        <x id="1" equiv-text="${prompt.fieldKey}"/>"，类型为
         <x id="2" equiv-text="${prompt.type}"/>）</target>
         
       </trans-unit>
@@ -5351,7 +5351,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
         <target>如果设置时长大于 0，用户可以选择“保持登录”选项，这将使用户的会话延长此处设置的时间。</target>
         
       </trans-unit>
@@ -7795,7 +7795,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>此用户将会被添加到组 &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;。</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8746,4 +8746,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

website/docs/releases/2024/v2024.next.md

@@ -0,0 +1,54 @@
+---
+title: Release 2024.next
+slug: "/releases/2024.next"
+---
+
+:::::note
+2024.next has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates.
+
+To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2024.next.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet.
+:::::
+
+## Breaking changes
+
+### PostgreSQL minimum supported version upgrade
+
+authentik now requires PostgreSQL version 14 or later. We recommend upgrading to the latest version if you are running an older version.
+
+The provided Helm chart defaults to PostgreSQL 15. If you are using the Helm chart with the default values, no action is required.
+
+The provided Compose file was updated with PostgreSQL 16. You can follow the procedure [here](../../troubleshooting/postgres/upgrade_docker.md) to upgrade.
+
+## New features
+
+## Upgrading
+
+authentik now requires PostgreSQL version 14 or later. We recommend upgrading to the latest version if needed. Follow the instructions [here](../../troubleshooting/postgres/upgrade_docker.md) if you need to upgrade PostgreSQL with docker-compose.
+
+### Docker Compose
+
+To upgrade, download the new Compose file and update the Docker stack with the new version, using these commands:
+
+```shell
+wget -O docker-compose.yml https://goauthentik.io/version/2024.next/docker-compose.yml
+docker compose up -d
+```
+
+The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
+
+### Kubernetes
+
+Upgrade the Helm Chart to the new version, using the following commands:
+
+```shell
+helm repo update
+helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.next
+```
+
+## Minor changes/fixes
+
+<!-- _Insert the output of `make gen-changelog` here_ -->
+
+## API Changes
+
+<!-- _Insert output of `make gen-diff` here_ -->

website/docs/troubleshooting/postgres/upgrade_docker.md

@@ -0,0 +1,45 @@
+---
+title: Upgrade PostgreSQL on Docker Compose
+---
+
+### Dump your database
+
+Dump your existing database with `docker compose exec postgresql pg_dump -U authentik -d authentik -cC > upgrade_backup_12.sql`.
+
+### Stop your authentik stack
+
+Stop all services with `docker compose down`.
+
+### Backup your existing database
+
+If you use Docker volumes you can run the following command: `docker volume create authentik_database_backup && docker run --rm -v authentik_database:/from -v authentik_database_backup:/to alpine sh -c 'cd /from && cp -a . /to'`. You can find the name of the `authentik_database` volume with `docker volume ls`.
+
+If your data is a file path: `cp -a /path/to/v12-data /path/to/v12-backup`
+
+### Delete your old database
+
+:::::danger
+Do not execute this step without checking that the backup (previous step) completed successfully.
+:::::
+
+If you use Docker volumes: `docker volume rm -f authentik_database`.
+
+If your data is a file path: `rm -rf /path/to/v12-data`
+
+### Modify your docker-compose.yml file
+
+Update the PostgreSQL service image from `docker.io/library/postgres:12-alpine` to `docker.io/library/postgres:16-alpine`.
+
+Add `network_mode: none` to prevent connections being established to the database during the upgrade.
+
+### Recreate the database container
+
+Pull new images and re-create the PostgreSQL container: `docker compose pull && docker compose up --force-recreate -d postgresql`
+
+Apply your backup to the new database: `cat upgrade_backup_12.sql | docker compose exec postgresql psql -U authentik`
+
+Remove the network configuration setting `network_mode: none` that you added to the Compose file in the previous step.
+
+### Recreate authentik
+
+Start authentik again: `docker compose up --force-recreate -d`

website/integrations/services/argocd/index.md

@@ -33,7 +33,7 @@ In authentik, create an _OAuth2/OpenID Provider_ (under _Applications/Providers_
 -   Redirect URIs:
 
 ```
-http://argocd.company/api/dex/callback
+https://argocd.company/api/dex/callback
 http://localhost:8085/auth/callback
 ```
 
@@ -46,15 +46,78 @@ Create a new _Application_ (under _Applications/Applications_) with these settin
 -   Name: ArgoCD
 -   Provider: ArgoCD
 -   Slug: argocd
--   Launch URL: http://argocd.company/auth/login
+-   Launch URL: https://argocd.company/auth/login
 
-### Step 3 - ArgoCD Admin Group creation
+### Step 3 - ArgoCD Group creation
 
 Create a new _Group_ (under _Directory/Groups_) that'll be used as the admin group for ArgoCD (if you already have an "admin" group, you can skip this part!)
 
 -   Name: ArgoCD Admins
 -   Members: Add your user and/or any user that should be an ArgoCD admin
 
+You can create another group for read-only access to ArgoCD as well if desired:
+
+-   Name: ArgoCD Viewers
+-   Members: Any user that should have ArgoCD read-only access
+
+## Terraform provider
+
+```hcl
+data "authentik_flow" "default-provider-authorization-implicit-consent" {
+  slug = "default-provider-authorization-implicit-consent"
+}
+
+data "authentik_scope_mapping" "scope-email" {
+  name = "authentik default OAuth Mapping: OpenID 'email'"
+}
+
+data "authentik_scope_mapping" "scope-profile" {
+  name = "authentik default OAuth Mapping: OpenID 'profile'"
+}
+
+data "authentik_scope_mapping" "scope-openid" {
+  name = "authentik default OAuth Mapping: OpenID 'openid'"
+}
+
+resource "authentik_provider_oauth2" "argocd" {
+  name          = "ArgoCD"
+  #  Required. You can use the output of:
+  #     $ openssl rand -hex 16
+  client_id     = "my_client_id"
+
+  # Optional: will be generated if not provided
+  # client_secret = "my_client_secret"
+
+  authorization_flow  = data.authentik_flow.default-provider-authorization-implicit-consent.id
+
+  redirect_uris = [
+    "https://argocd.company/api/dex/callback",
+    "http://localhost:8085/auth/callback"
+  ]
+
+  property_mappings = [
+    data.authentik_scope_mapping.scope-email.id,
+    data.authentik_scope_mapping.scope-profile.id,
+    data.authentik_scope_mapping.scope-openid.id,
+  ]
+}
+
+resource "authentik_application" "argocd" {
+  name              = "ArgoCD"
+  slug              = "argocd"
+  protocol_provider = authentik_provider_oauth2.argocd.id
+}
+
+resource "authentik_group" "argocd_admins" {
+  name    = "ArgoCD Admins"
+}
+
+
+resource "authentik_group" "argocd_viewers" {
+  name    = "ArgoCD Viewers"
+}
+```
+
 ## ArgoCD Configuration
 
 :::note
@@ -69,16 +132,25 @@ In the `argocd-secret` Secret, add the following value to the `data` field:
 dex.authentik.clientSecret: <base 64 encoded value of the Client Secret from the Provider above>
 ```
 
+If using Helm, the above can be added to `configs.secret.extra` in your ArgoCD Helm `values.yaml` file as shown below, securely substituting the string however you see fit:
+
+```yaml
+configs:
+    secret:
+        extra:
+            dex.authentik.clientSecret: "${argocd_authentik_client_secret}"
+```
+
 ### Step 2 - Configure ArgoCD to use authentik as OIDC backend
 
 In the `argocd-cm` ConfigMap, add the following to the data field :
 
 ```yaml
-url: http://argocd.company
+url: https://argocd.company
 dex.config: |
     connectors:
     - config:
-        issuer: http://authentik.company/application/o/<application slug defined in step 2>/
+        issuer: https://authentik.company/application/o/<application slug defined in step 2>/
         clientID: <client ID from the Provider above>
         clientSecret: $dex.authentik.clientSecret
         insecureEnableGroups: true
@@ -98,8 +170,10 @@ In the `argocd-rbac-cm` ConfigMap, add the following to the data field (or creat
 ```yaml
 policy.csv: |
     g, ArgoCD Admins, role:admin
+    g, ArgoCD Viewers, role:readonly
 ```
 
 If you already had an "admin" group and thus didn't create the `ArgoCD Admins` one, just replace `ArgoCD Admins` with your existing group name.
+If you did not opt to create a read-only group, or chose to use one with a different name in authentik, rename or remove here accordingly.
 
 Apply all the modified manifests, and you should be able to login to ArgoCD both through the UI and the CLI.

website/integrations/services/cloudflare-access/index.mdx

@@ -0,0 +1,64 @@
+---
+title: Cloudflare Access
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is Cloudflare Access
+
+> Cloudflare Access is a secure, cloud-based zero-trust solution for managing and authenticating user access to internal applications and resources.
+>
+> -- https://www.cloudflare.com/zero-trust/products/access/
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `mysubdomain.cloudflareaccess.company` is the FQDN of your Cloudflare Access subdomain.
+-   `authentik.company` is the FQDN of the authentik install.
+
+To proceed, you need to register for a free Cloudflare Access account and have both a Cloudflare account and a publicly accessible authentik instance with a trusted SSL certificate.
+
+## authentik configuration
+
+### Step 1: Log in to authentik
+
+1. Log in to your authentik instance.
+2. Click **Admin interface**.
+
+### Step 2: Create a new authentication provider
+
+3. Under **Application**, click **Providers** and create a new provider.
+4. Choose **OAuth2/OpenID Provider** and then click **Next**.
+5. Set the authorization flow to **Authorize Application** (`default-provider-authorization-explicit-consent`).
+6. Set the client type to **Confidential**.
+7. Set the redirect URI to `https://mysubdomain.cloudflareaccess.company/cdn-cgi/access/callback`.
+8. Ensure that the signing key is set to **Authentik Self-signed Certificate**.
+9. Click **Finish** to create the provider.
+
+### Step 3: Create a new application
+
+10. Create a new application and give it a name.
+11. Set the provider to the one you just created.
+12. Ensure that the **Policy engine mode** is set to **ANY, any policy must match to grant access**.
+13. Click **Create** and then navigate to your [Cloudflare Access dashboard](https://one.dash.cloudflare.com).
+
+## Cloudflare Access configuration
+
+### Step 4: Configure Cloudflare Access
+
+1. Go to the Cloudflare One dashboard.
+2. Click **Settings** at the bottom of the menu, then select **Authentication**.
+
+### Step 5: Add a login method
+
+3. From **Login methods** click **Add** and select **OpenID Connect"**
+4. Enter a name for your login method. This can be anything.
+5. Copy the following details from the authentik provider settings you previously created and paste them into the text boxes:
+    - **Client ID** -> App ID
+    - **Client Secret** -> Client Secret
+    - **Authorize URL** -> Auth URL
+    - **Token URL** -> Token URL
+    - **JWKS URL** -> Certificate URL
+6. Click **Save**.
+7. Click **Test** to verify your login provider.

website/integrations/services/firezone/index.md

@@ -6,8 +6,7 @@ title: Firezone
 
 ## What is Firezone
 
-> Firezone is an open-source remote access platform built on WireGuard?, a modern VPN protocol that's 4-6x faster than OpenVPN.
-> Deploy on your infrastructure and start onboarding users in minutes.
+> Firezone is an open-source remote access platform built on WireGuard®, a modern VPN protocol that's 4-6x faster than OpenVPN.
 >
 > -- https://www.firezone.dev
 

website/integrations/services/index.mdx

@@ -6,14 +6,14 @@ import DocCardList from "@theme/DocCardList";
 
 Below is a list of all applications that are known to work with authentik. All app integrations will have one of these badges:
 
--   <span class="badge badge--secondary">Support level: Community</span> The integration
-    is community maintained.
+-   <span class="badge badge--secondary">Support level: Community</span> The
+    integration is community maintained.
 
 -   <span class="badge badge--info">Support level: Vendor</span> The integration
     is supported by the vendor.
 
--   <span class="badge badge--primary">Support level: authentik</span> The integration
-    is regularly tested by the authentik team.
+-   <span class="badge badge--primary">Support level: authentik</span> The
+    integration is regularly tested by the authentik team.
 
 ### Add a new application
 

website/integrations/services/wordpress/index.md

@@ -1,24 +1,24 @@
 ---
-title: Wordpress
+title: WordPress
 ---
 
 <span class="badge badge--secondary">Support level: Community</span>
 
-## What is Wordpress
+## What is WordPress
 
 > WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes
 >
 > -- https://en.wikipedia.org/wiki/WordPress
 
 :::note
-There are many different plugins for Wordpress that allow you to setup SSO using different authentication methods. The plugin that is explained in this tutorial is "OpenID Connect Generic" version 3.8.5 by daggerhart. This plugin uses OpenID/OAUTH2 and is free without paywalls or subscriptions at the time of writing this. The plugin is available for free in the Wordpress Plugin gallery.
+There are many different plugins for WordPress that allow you to setup SSO using different authentication methods. The plugin that is explained in this tutorial is "OpenID Connect Generic" version 3.8.5 by daggerhart. This plugin uses OpenID/OAUTH2 and is free without paywalls or subscriptions at the time of writing this. The plugin is available for free in the WordPress Plugin gallery.
 :::
 
 ## Preparation
 
 The following placeholders will be used:
 
--   `wp.company` is the FQDN of Wordpress.
+-   `wp.company` is the FQDN of WordPress.
 -   `authentik.company` is the FQDN of authentik.
 
 ### Step 1 - authentik
@@ -31,18 +31,18 @@ Only settings that have been modified from default have been listed.
 
 **Protocol Settings**
 
--   Name: Wordpress
+-   Name: WordPress
 -   Client ID: Copy and Save this for Later
 -   Client Secret: Copy and Save this for later
 -   Redirect URIs/Origins: `https://wp.company/wp-admin/admin-ajax.php\?action=openid-connect-authorize`
 
-### Step 2 - Wordpress
+### Step 2 - WordPress
 
 :::note
 Assumption is being made that you have successfully downloaded and activated the required plugin "OpenID Connect Generic" by daggerhart
 :::
 
-In Wordpress, under _Settings_, Select _OpenID Connect Client_
+In WordPress, under _Settings_, Select _OpenID Connect Client_
 
 :::note
 Only settings that have been modified from default have been listed.
@@ -63,11 +63,11 @@ Review each setting and choose the ones that you require for your installation.
 
 ### Step 3 - authentik
 
-In authentik, create an application which uses this provider and directly launches Wordpress' backend login-screen. Optionally apply access restrictions to the application using policy bindings.
+In authentik, create an application which uses this provider and directly launches WordPress' backend login-screen. Optionally apply access restrictions to the application using policy bindings.
 
--   Name: Wordpress
+-   Name: WordPress
 -   Slug: wordpress
--   Provider: wordpress
+-   Provider: WordPress
 -   Launch URL: https://wp.company/wp-login.php
 
 ## Notes

website/package-lock.json

@@ -9,12 +9,12 @@
             "version": "0.0.0",
             "license": "MIT",
             "dependencies": {
-                "@docusaurus/core": "^3.3.2",
-                "@docusaurus/plugin-client-redirects": "^3.3.2",
-                "@docusaurus/plugin-content-docs": "^3.3.2",
-                "@docusaurus/preset-classic": "^3.3.2",
-                "@docusaurus/theme-common": "^3.3.2",
-                "@docusaurus/theme-mermaid": "^3.3.2",
+                "@docusaurus/core": "^3.4.0",
+                "@docusaurus/plugin-client-redirects": "^3.4.0",
+                "@docusaurus/plugin-content-docs": "^3.4.0",
+                "@docusaurus/preset-classic": "^3.4.0",
+                "@docusaurus/theme-common": "^3.4.0",
+                "@docusaurus/theme-mermaid": "^3.4.0",
                 "@mdx-js/react": "^3.0.1",
                 "clsx": "^2.1.1",
                 "disqus-react": "^1.1.5",
@@ -32,10 +32,10 @@
             },
             "devDependencies": {
                 "@docusaurus/module-type-aliases": "^3.3.2",
-                "@docusaurus/tsconfig": "^3.3.2",
+                "@docusaurus/tsconfig": "^3.4.0",
                 "@docusaurus/types": "^3.3.2",
                 "@types/react": "^18.3.3",
-                "prettier": "3.2.5",
+                "prettier": "3.3.0",
                 "typescript": "~5.4.5"
             },
             "engines": {
@@ -2141,9 +2141,9 @@
             }
         },
         "node_modules/@docusaurus/core": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.3.2.tgz",
-            "integrity": "sha512-PzKMydKI3IU1LmeZQDi+ut5RSuilbXnA8QdowGeJEgU8EJjmx3rBHNT1LxQxOVqNEwpWi/csLwd9bn7rUjggPA==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.4.0.tgz",
+            "integrity": "sha512-g+0wwmN2UJsBqy2fQRQ6fhXruoEa62JDeEa5d8IdTJlMoaDaEDfHh7WjwGRn4opuTQWpjAwP/fbcgyHKlE+64w==",
             "dependencies": {
                 "@babel/core": "^7.23.3",
                 "@babel/generator": "^7.23.3",
@@ -2155,12 +2155,12 @@
                 "@babel/runtime": "^7.22.6",
                 "@babel/runtime-corejs3": "^7.22.6",
                 "@babel/traverse": "^7.22.8",
-                "@docusaurus/cssnano-preset": "3.3.2",
-                "@docusaurus/logger": "3.3.2",
-                "@docusaurus/mdx-loader": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-common": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/cssnano-preset": "3.4.0",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/mdx-loader": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-common": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "autoprefixer": "^10.4.14",
                 "babel-loader": "^9.1.3",
                 "babel-plugin-dynamic-import-node": "^2.3.3",
@@ -2225,40 +2225,14 @@
                 "react-dom": "^18.0.0"
             }
         },
-        "node_modules/@docusaurus/cssnano-preset": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.3.2.tgz",
-            "integrity": "sha512-+5+epLk/Rp4vFML4zmyTATNc3Is+buMAL6dNjrMWahdJCJlMWMPd/8YfU+2PA57t8mlSbhLJ7vAZVy54cd1vRQ==",
+        "node_modules/@docusaurus/core/node_modules/@docusaurus/mdx-loader": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz",
+            "integrity": "sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw==",
             "dependencies": {
-                "cssnano-preset-advanced": "^6.1.2",
-                "postcss": "^8.4.38",
-                "postcss-sort-media-queries": "^5.2.0",
-                "tslib": "^2.6.0"
-            },
-            "engines": {
-                "node": ">=18.0"
-            }
-        },
-        "node_modules/@docusaurus/logger": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.3.2.tgz",
-            "integrity": "sha512-Ldu38GJ4P8g4guN7d7pyCOJ7qQugG7RVyaxrK8OnxuTlaImvQw33aDRwaX2eNmX8YK6v+//Z502F4sOZbHHCHQ==",
-            "dependencies": {
-                "chalk": "^4.1.2",
-                "tslib": "^2.6.0"
-            },
-            "engines": {
-                "node": ">=18.0"
-            }
-        },
-        "node_modules/@docusaurus/mdx-loader": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.3.2.tgz",
-            "integrity": "sha512-AFRxj/aOk3/mfYDPxE3wTbrjeayVRvNSZP7mgMuUlrb2UlPRbSVAFX1k2RbgAJrnTSwMgb92m2BhJgYRfptN3g==",
-            "dependencies": {
-                "@docusaurus/logger": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "@mdx-js/mdx": "^3.0.0",
                 "@slorber/remark-comment": "^1.0.0",
                 "escape-html": "^1.0.3",
@@ -2289,12 +2263,38 @@
                 "react-dom": "^18.0.0"
             }
         },
-        "node_modules/@docusaurus/module-type-aliases": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.3.2.tgz",
-            "integrity": "sha512-b/XB0TBJah5yKb4LYuJT4buFvL0MGAb0+vJDrJtlYMguRtsEBkf2nWl5xP7h4Dlw6ol0hsHrCYzJ50kNIOEclw==",
+        "node_modules/@docusaurus/cssnano-preset": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.4.0.tgz",
+            "integrity": "sha512-qwLFSz6v/pZHy/UP32IrprmH5ORce86BGtN0eBtG75PpzQJAzp9gefspox+s8IEOr0oZKuQ/nhzZ3xwyc3jYJQ==",
             "dependencies": {
-                "@docusaurus/types": "3.3.2",
+                "cssnano-preset-advanced": "^6.1.2",
+                "postcss": "^8.4.38",
+                "postcss-sort-media-queries": "^5.2.0",
+                "tslib": "^2.6.0"
+            },
+            "engines": {
+                "node": ">=18.0"
+            }
+        },
+        "node_modules/@docusaurus/logger": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.4.0.tgz",
+            "integrity": "sha512-bZwkX+9SJ8lB9kVRkXw+xvHYSMGG4bpYHKGXeXFvyVc79NMeeBSGgzd4TQLHH+DYeOJoCdl8flrFJVxlZ0wo/Q==",
+            "dependencies": {
+                "chalk": "^4.1.2",
+                "tslib": "^2.6.0"
+            },
+            "engines": {
+                "node": ">=18.0"
+            }
+        },
+        "node_modules/@docusaurus/module-type-aliases": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.4.0.tgz",
+            "integrity": "sha512-A1AyS8WF5Bkjnb8s+guTDuYmUiwJzNrtchebBHpc0gz0PyHJNMaybUlSrmJjHVcGrya0LKI4YcR3lBDQfXRYLw==",
+            "dependencies": {
+                "@docusaurus/types": "3.4.0",
                 "@types/history": "^4.7.11",
                 "@types/react": "*",
                 "@types/react-router-config": "*",
@@ -2308,15 +2308,15 @@
             }
         },
         "node_modules/@docusaurus/plugin-client-redirects": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-client-redirects/-/plugin-client-redirects-3.3.2.tgz",
-            "integrity": "sha512-W8ueb5PaQ06oanatL+CzE3GjqeRBTzv3MSFqEQlBa8BqLyOomc1uHsWgieE3glHsckU4mUZ6sHnOfesAtYnnew==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-client-redirects/-/plugin-client-redirects-3.4.0.tgz",
+            "integrity": "sha512-Pr8kyh/+OsmYCvdZhc60jy/FnrY6flD2TEAhl4rJxeVFxnvvRgEhoaIVX8q9MuJmaQoh6frPk94pjs7/6YgBDQ==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/logger": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-common": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-common": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "eta": "^2.2.0",
                 "fs-extra": "^11.1.1",
                 "lodash": "^4.17.21",
@@ -2331,17 +2331,17 @@
             }
         },
         "node_modules/@docusaurus/plugin-content-blog": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.3.2.tgz",
-            "integrity": "sha512-fJU+dmqp231LnwDJv+BHVWft8pcUS2xVPZdeYH6/ibH1s2wQ/sLcmUrGWyIv/Gq9Ptj8XWjRPMghlxghuPPoxg==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.4.0.tgz",
+            "integrity": "sha512-vv6ZAj78ibR5Jh7XBUT4ndIjmlAxkijM3Sx5MAAzC1gyv0vupDQNhzuFg1USQmQVj3P5I6bquk12etPV3LJ+Xw==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/logger": "3.3.2",
-                "@docusaurus/mdx-loader": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-common": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/mdx-loader": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-common": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "cheerio": "^1.0.0-rc.12",
                 "feed": "^4.2.2",
                 "fs-extra": "^11.1.1",
@@ -2361,19 +2361,57 @@
                 "react-dom": "^18.0.0"
             }
         },
-        "node_modules/@docusaurus/plugin-content-docs": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.3.2.tgz",
-            "integrity": "sha512-Dm1ri2VlGATTN3VGk1ZRqdRXWa1UlFubjaEL6JaxaK7IIFqN/Esjpl+Xw10R33loHcRww/H76VdEeYayaL76eg==",
+        "node_modules/@docusaurus/plugin-content-blog/node_modules/@docusaurus/mdx-loader": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz",
+            "integrity": "sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/logger": "3.3.2",
-                "@docusaurus/mdx-loader": "3.3.2",
-                "@docusaurus/module-type-aliases": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-common": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
+                "@mdx-js/mdx": "^3.0.0",
+                "@slorber/remark-comment": "^1.0.0",
+                "escape-html": "^1.0.3",
+                "estree-util-value-to-estree": "^3.0.1",
+                "file-loader": "^6.2.0",
+                "fs-extra": "^11.1.1",
+                "image-size": "^1.0.2",
+                "mdast-util-mdx": "^3.0.0",
+                "mdast-util-to-string": "^4.0.0",
+                "rehype-raw": "^7.0.0",
+                "remark-directive": "^3.0.0",
+                "remark-emoji": "^4.0.0",
+                "remark-frontmatter": "^5.0.0",
+                "remark-gfm": "^4.0.0",
+                "stringify-object": "^3.3.0",
+                "tslib": "^2.6.0",
+                "unified": "^11.0.3",
+                "unist-util-visit": "^5.0.0",
+                "url-loader": "^4.1.1",
+                "vfile": "^6.0.1",
+                "webpack": "^5.88.1"
+            },
+            "engines": {
+                "node": ">=18.0"
+            },
+            "peerDependencies": {
+                "react": "^18.0.0",
+                "react-dom": "^18.0.0"
+            }
+        },
+        "node_modules/@docusaurus/plugin-content-docs": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.4.0.tgz",
+            "integrity": "sha512-HkUCZffhBo7ocYheD9oZvMcDloRnGhBMOZRyVcAQRFmZPmNqSyISlXA1tQCIxW+r478fty97XXAGjNYzBjpCsg==",
+            "dependencies": {
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/mdx-loader": "3.4.0",
+                "@docusaurus/module-type-aliases": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-common": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "@types/react-router-config": "^5.0.7",
                 "combine-promises": "^1.1.0",
                 "fs-extra": "^11.1.1",
@@ -2391,16 +2429,54 @@
                 "react-dom": "^18.0.0"
             }
         },
-        "node_modules/@docusaurus/plugin-content-pages": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.3.2.tgz",
-            "integrity": "sha512-EKc9fQn5H2+OcGER8x1aR+7URtAGWySUgULfqE/M14+rIisdrBstuEZ4lUPDRrSIexOVClML82h2fDS+GSb8Ew==",
+        "node_modules/@docusaurus/plugin-content-docs/node_modules/@docusaurus/mdx-loader": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz",
+            "integrity": "sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/mdx-loader": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
+                "@mdx-js/mdx": "^3.0.0",
+                "@slorber/remark-comment": "^1.0.0",
+                "escape-html": "^1.0.3",
+                "estree-util-value-to-estree": "^3.0.1",
+                "file-loader": "^6.2.0",
+                "fs-extra": "^11.1.1",
+                "image-size": "^1.0.2",
+                "mdast-util-mdx": "^3.0.0",
+                "mdast-util-to-string": "^4.0.0",
+                "rehype-raw": "^7.0.0",
+                "remark-directive": "^3.0.0",
+                "remark-emoji": "^4.0.0",
+                "remark-frontmatter": "^5.0.0",
+                "remark-gfm": "^4.0.0",
+                "stringify-object": "^3.3.0",
+                "tslib": "^2.6.0",
+                "unified": "^11.0.3",
+                "unist-util-visit": "^5.0.0",
+                "url-loader": "^4.1.1",
+                "vfile": "^6.0.1",
+                "webpack": "^5.88.1"
+            },
+            "engines": {
+                "node": ">=18.0"
+            },
+            "peerDependencies": {
+                "react": "^18.0.0",
+                "react-dom": "^18.0.0"
+            }
+        },
+        "node_modules/@docusaurus/plugin-content-pages": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.4.0.tgz",
+            "integrity": "sha512-h2+VN/0JjpR8fIkDEAoadNjfR3oLzB+v1qSXbIAKjQ46JAHx3X22n9nqS+BWSQnTnp1AjkjSvZyJMekmcwxzxg==",
+            "dependencies": {
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/mdx-loader": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "fs-extra": "^11.1.1",
                 "tslib": "^2.6.0",
                 "webpack": "^5.88.1"
@@ -2413,14 +2489,52 @@
                 "react-dom": "^18.0.0"
             }
         },
-        "node_modules/@docusaurus/plugin-debug": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-debug/-/plugin-debug-3.3.2.tgz",
-            "integrity": "sha512-oBIBmwtaB+YS0XlmZ3gCO+cMbsGvIYuAKkAopoCh0arVjtlyPbejzPrHuCoRHB9G7abjNZw7zoONOR8+8LM5+Q==",
+        "node_modules/@docusaurus/plugin-content-pages/node_modules/@docusaurus/mdx-loader": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz",
+            "integrity": "sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
+                "@mdx-js/mdx": "^3.0.0",
+                "@slorber/remark-comment": "^1.0.0",
+                "escape-html": "^1.0.3",
+                "estree-util-value-to-estree": "^3.0.1",
+                "file-loader": "^6.2.0",
+                "fs-extra": "^11.1.1",
+                "image-size": "^1.0.2",
+                "mdast-util-mdx": "^3.0.0",
+                "mdast-util-to-string": "^4.0.0",
+                "rehype-raw": "^7.0.0",
+                "remark-directive": "^3.0.0",
+                "remark-emoji": "^4.0.0",
+                "remark-frontmatter": "^5.0.0",
+                "remark-gfm": "^4.0.0",
+                "stringify-object": "^3.3.0",
+                "tslib": "^2.6.0",
+                "unified": "^11.0.3",
+                "unist-util-visit": "^5.0.0",
+                "url-loader": "^4.1.1",
+                "vfile": "^6.0.1",
+                "webpack": "^5.88.1"
+            },
+            "engines": {
+                "node": ">=18.0"
+            },
+            "peerDependencies": {
+                "react": "^18.0.0",
+                "react-dom": "^18.0.0"
+            }
+        },
+        "node_modules/@docusaurus/plugin-debug": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-debug/-/plugin-debug-3.4.0.tgz",
+            "integrity": "sha512-uV7FDUNXGyDSD3PwUaf5YijX91T5/H9SX4ErEcshzwgzWwBtK37nUWPU3ZLJfeTavX3fycTOqk9TglpOLaWkCg==",
+            "dependencies": {
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
                 "fs-extra": "^11.1.1",
                 "react-json-view-lite": "^1.2.0",
                 "tslib": "^2.6.0"
@@ -2434,13 +2548,13 @@
             }
         },
         "node_modules/@docusaurus/plugin-google-analytics": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.3.2.tgz",
-            "integrity": "sha512-jXhrEIhYPSClMBK6/IA8qf1/FBoxqGXZvg7EuBax9HaK9+kL3L0TJIlatd8jQJOMtds8mKw806TOCc3rtEad1A==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.4.0.tgz",
+            "integrity": "sha512-mCArluxEGi3cmYHqsgpGGt3IyLCrFBxPsxNZ56Mpur0xSlInnIHoeLDH7FvVVcPJRPSQ9/MfRqLsainRw+BojA==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "tslib": "^2.6.0"
             },
             "engines": {
@@ -2452,13 +2566,13 @@
             }
         },
         "node_modules/@docusaurus/plugin-google-gtag": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.3.2.tgz",
-            "integrity": "sha512-vcrKOHGbIDjVnNMrfbNpRQR1x6Jvcrb48kVzpBAOsKbj9rXZm/idjVAXRaewwobHdOrJkfWS/UJoxzK8wyLRBQ==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.4.0.tgz",
+            "integrity": "sha512-Dsgg6PLAqzZw5wZ4QjUYc8Z2KqJqXxHxq3vIoyoBWiLEEfigIs7wHR+oiWUQy3Zk9MIk6JTYj7tMoQU0Jm3nqA==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "@types/gtag.js": "^0.0.12",
                 "tslib": "^2.6.0"
             },
@@ -2471,13 +2585,13 @@
             }
         },
         "node_modules/@docusaurus/plugin-google-tag-manager": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.3.2.tgz",
-            "integrity": "sha512-ldkR58Fdeks0vC+HQ+L+bGFSJsotQsipXD+iKXQFvkOfmPIV6QbHRd7IIcm5b6UtwOiK33PylNS++gjyLUmaGw==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.4.0.tgz",
+            "integrity": "sha512-O9tX1BTwxIhgXpOLpFDueYA9DWk69WCbDRrjYoMQtFHSkTyE7RhNgyjSPREUWJb9i+YUg3OrsvrBYRl64FCPCQ==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "tslib": "^2.6.0"
             },
             "engines": {
@@ -2489,16 +2603,16 @@
             }
         },
         "node_modules/@docusaurus/plugin-sitemap": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.3.2.tgz",
-            "integrity": "sha512-/ZI1+bwZBhAgC30inBsHe3qY9LOZS+79fRGkNdTcGHRMcdAp6Vw2pCd1gzlxd/xU+HXsNP6cLmTOrggmRp3Ujg==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.4.0.tgz",
+            "integrity": "sha512-+0VDvx9SmNrFNgwPoeoCha+tRoAjopwT0+pYO1xAbyLcewXSemq+eLxEa46Q1/aoOaJQ0qqHELuQM7iS2gp33Q==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/logger": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-common": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-common": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "fs-extra": "^11.1.1",
                 "sitemap": "^7.1.1",
                 "tslib": "^2.6.0"
@@ -2512,23 +2626,23 @@
             }
         },
         "node_modules/@docusaurus/preset-classic": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/preset-classic/-/preset-classic-3.3.2.tgz",
-            "integrity": "sha512-1SDS7YIUN1Pg3BmD6TOTjhB7RSBHJRpgIRKx9TpxqyDrJ92sqtZhomDc6UYoMMLQNF2wHFZZVGFjxJhw2VpL+Q==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/preset-classic/-/preset-classic-3.4.0.tgz",
+            "integrity": "sha512-Ohj6KB7siKqZaQhNJVMBBUzT3Nnp6eTKqO+FXO3qu/n1hJl3YLwVKTWBg28LF7MWrKu46UuYavwMRxud0VyqHg==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/plugin-content-blog": "3.3.2",
-                "@docusaurus/plugin-content-docs": "3.3.2",
-                "@docusaurus/plugin-content-pages": "3.3.2",
-                "@docusaurus/plugin-debug": "3.3.2",
-                "@docusaurus/plugin-google-analytics": "3.3.2",
-                "@docusaurus/plugin-google-gtag": "3.3.2",
-                "@docusaurus/plugin-google-tag-manager": "3.3.2",
-                "@docusaurus/plugin-sitemap": "3.3.2",
-                "@docusaurus/theme-classic": "3.3.2",
-                "@docusaurus/theme-common": "3.3.2",
-                "@docusaurus/theme-search-algolia": "3.3.2",
-                "@docusaurus/types": "3.3.2"
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/plugin-content-blog": "3.4.0",
+                "@docusaurus/plugin-content-docs": "3.4.0",
+                "@docusaurus/plugin-content-pages": "3.4.0",
+                "@docusaurus/plugin-debug": "3.4.0",
+                "@docusaurus/plugin-google-analytics": "3.4.0",
+                "@docusaurus/plugin-google-gtag": "3.4.0",
+                "@docusaurus/plugin-google-tag-manager": "3.4.0",
+                "@docusaurus/plugin-sitemap": "3.4.0",
+                "@docusaurus/theme-classic": "3.4.0",
+                "@docusaurus/theme-common": "3.4.0",
+                "@docusaurus/theme-search-algolia": "3.4.0",
+                "@docusaurus/types": "3.4.0"
             },
             "engines": {
                 "node": ">=18.0"
@@ -2539,22 +2653,22 @@
             }
         },
         "node_modules/@docusaurus/theme-classic": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.3.2.tgz",
-            "integrity": "sha512-gepHFcsluIkPb4Im9ukkiO4lXrai671wzS3cKQkY9BXQgdVwsdPf/KS0Vs4Xlb0F10fTz+T3gNjkxNEgSN9M0A==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.4.0.tgz",
+            "integrity": "sha512-0IPtmxsBYv2adr1GnZRdMkEQt1YW6tpzrUPj02YxNpvJ5+ju4E13J5tB4nfdaen/tfR1hmpSPlTFPvTf4kwy8Q==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/mdx-loader": "3.3.2",
-                "@docusaurus/module-type-aliases": "3.3.2",
-                "@docusaurus/plugin-content-blog": "3.3.2",
-                "@docusaurus/plugin-content-docs": "3.3.2",
-                "@docusaurus/plugin-content-pages": "3.3.2",
-                "@docusaurus/theme-common": "3.3.2",
-                "@docusaurus/theme-translations": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-common": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/mdx-loader": "3.4.0",
+                "@docusaurus/module-type-aliases": "3.4.0",
+                "@docusaurus/plugin-content-blog": "3.4.0",
+                "@docusaurus/plugin-content-docs": "3.4.0",
+                "@docusaurus/plugin-content-pages": "3.4.0",
+                "@docusaurus/theme-common": "3.4.0",
+                "@docusaurus/theme-translations": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-common": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "@mdx-js/react": "^3.0.0",
                 "clsx": "^2.0.0",
                 "copy-text-to-clipboard": "^3.2.0",
@@ -2577,18 +2691,56 @@
                 "react-dom": "^18.0.0"
             }
         },
-        "node_modules/@docusaurus/theme-common": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.3.2.tgz",
-            "integrity": "sha512-kXqSaL/sQqo4uAMQ4fHnvRZrH45Xz2OdJ3ABXDS7YVGPSDTBC8cLebFrRR4YF9EowUHto1UC/EIklJZQMG/usA==",
+        "node_modules/@docusaurus/theme-classic/node_modules/@docusaurus/mdx-loader": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz",
+            "integrity": "sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw==",
             "dependencies": {
-                "@docusaurus/mdx-loader": "3.3.2",
-                "@docusaurus/module-type-aliases": "3.3.2",
-                "@docusaurus/plugin-content-blog": "3.3.2",
-                "@docusaurus/plugin-content-docs": "3.3.2",
-                "@docusaurus/plugin-content-pages": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-common": "3.3.2",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
+                "@mdx-js/mdx": "^3.0.0",
+                "@slorber/remark-comment": "^1.0.0",
+                "escape-html": "^1.0.3",
+                "estree-util-value-to-estree": "^3.0.1",
+                "file-loader": "^6.2.0",
+                "fs-extra": "^11.1.1",
+                "image-size": "^1.0.2",
+                "mdast-util-mdx": "^3.0.0",
+                "mdast-util-to-string": "^4.0.0",
+                "rehype-raw": "^7.0.0",
+                "remark-directive": "^3.0.0",
+                "remark-emoji": "^4.0.0",
+                "remark-frontmatter": "^5.0.0",
+                "remark-gfm": "^4.0.0",
+                "stringify-object": "^3.3.0",
+                "tslib": "^2.6.0",
+                "unified": "^11.0.3",
+                "unist-util-visit": "^5.0.0",
+                "url-loader": "^4.1.1",
+                "vfile": "^6.0.1",
+                "webpack": "^5.88.1"
+            },
+            "engines": {
+                "node": ">=18.0"
+            },
+            "peerDependencies": {
+                "react": "^18.0.0",
+                "react-dom": "^18.0.0"
+            }
+        },
+        "node_modules/@docusaurus/theme-common": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.4.0.tgz",
+            "integrity": "sha512-0A27alXuv7ZdCg28oPE8nH/Iz73/IUejVaCazqu9elS4ypjiLhK3KfzdSQBnL/g7YfHSlymZKdiOHEo8fJ0qMA==",
+            "dependencies": {
+                "@docusaurus/mdx-loader": "3.4.0",
+                "@docusaurus/module-type-aliases": "3.4.0",
+                "@docusaurus/plugin-content-blog": "3.4.0",
+                "@docusaurus/plugin-content-docs": "3.4.0",
+                "@docusaurus/plugin-content-pages": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-common": "3.4.0",
                 "@types/history": "^4.7.11",
                 "@types/react": "*",
                 "@types/react-router-config": "*",
@@ -2606,16 +2758,54 @@
                 "react-dom": "^18.0.0"
             }
         },
-        "node_modules/@docusaurus/theme-mermaid": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/theme-mermaid/-/theme-mermaid-3.3.2.tgz",
-            "integrity": "sha512-JY6q7owe5S5iH2N9oTjNDkqmuPW/+4j/zrX46Xag4RYOzt+WtMkeJilbzak8QGG8I2wDJXjUvX7Lu/jWuDAwUg==",
+        "node_modules/@docusaurus/theme-common/node_modules/@docusaurus/mdx-loader": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz",
+            "integrity": "sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw==",
             "dependencies": {
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/module-type-aliases": "3.3.2",
-                "@docusaurus/theme-common": "3.3.2",
-                "@docusaurus/types": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
+                "@mdx-js/mdx": "^3.0.0",
+                "@slorber/remark-comment": "^1.0.0",
+                "escape-html": "^1.0.3",
+                "estree-util-value-to-estree": "^3.0.1",
+                "file-loader": "^6.2.0",
+                "fs-extra": "^11.1.1",
+                "image-size": "^1.0.2",
+                "mdast-util-mdx": "^3.0.0",
+                "mdast-util-to-string": "^4.0.0",
+                "rehype-raw": "^7.0.0",
+                "remark-directive": "^3.0.0",
+                "remark-emoji": "^4.0.0",
+                "remark-frontmatter": "^5.0.0",
+                "remark-gfm": "^4.0.0",
+                "stringify-object": "^3.3.0",
+                "tslib": "^2.6.0",
+                "unified": "^11.0.3",
+                "unist-util-visit": "^5.0.0",
+                "url-loader": "^4.1.1",
+                "vfile": "^6.0.1",
+                "webpack": "^5.88.1"
+            },
+            "engines": {
+                "node": ">=18.0"
+            },
+            "peerDependencies": {
+                "react": "^18.0.0",
+                "react-dom": "^18.0.0"
+            }
+        },
+        "node_modules/@docusaurus/theme-mermaid": {
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/theme-mermaid/-/theme-mermaid-3.4.0.tgz",
+            "integrity": "sha512-3w5QW0HEZ2O6x2w6lU3ZvOe1gNXP2HIoKDMJBil1VmLBc9PmpAG17VmfhI/p3L2etNmOiVs5GgniUqvn8AFEGQ==",
+            "dependencies": {
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/module-type-aliases": "3.4.0",
+                "@docusaurus/theme-common": "3.4.0",
+                "@docusaurus/types": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "mermaid": "^10.4.0",
                 "tslib": "^2.6.0"
             },
@@ -2628,18 +2818,18 @@
             }
         },
         "node_modules/@docusaurus/theme-search-algolia": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.3.2.tgz",
-            "integrity": "sha512-qLkfCl29VNBnF1MWiL9IyOQaHxUvicZp69hISyq/xMsNvFKHFOaOfk9xezYod2Q9xx3xxUh9t/QPigIei2tX4w==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.4.0.tgz",
+            "integrity": "sha512-aiHFx7OCw4Wck1z6IoShVdUWIjntC8FHCw9c5dR8r3q4Ynh+zkS8y2eFFunN/DL6RXPzpnvKCg3vhLQYJDmT9Q==",
             "dependencies": {
                 "@docsearch/react": "^3.5.2",
-                "@docusaurus/core": "3.3.2",
-                "@docusaurus/logger": "3.3.2",
-                "@docusaurus/plugin-content-docs": "3.3.2",
-                "@docusaurus/theme-common": "3.3.2",
-                "@docusaurus/theme-translations": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-validation": "3.3.2",
+                "@docusaurus/core": "3.4.0",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/plugin-content-docs": "3.4.0",
+                "@docusaurus/theme-common": "3.4.0",
+                "@docusaurus/theme-translations": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-validation": "3.4.0",
                 "algoliasearch": "^4.18.0",
                 "algoliasearch-helper": "^3.13.3",
                 "clsx": "^2.0.0",
@@ -2658,9 +2848,9 @@
             }
         },
         "node_modules/@docusaurus/theme-translations": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.3.2.tgz",
-            "integrity": "sha512-bPuiUG7Z8sNpGuTdGnmKl/oIPeTwKr0AXLGu9KaP6+UFfRZiyWbWE87ti97RrevB2ffojEdvchNujparR3jEZQ==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.4.0.tgz",
+            "integrity": "sha512-zSxCSpmQCCdQU5Q4CnX/ID8CSUUI3fvmq4hU/GNP/XoAWtXo9SAVnM3TzpU8Gb//H3WCsT8mJcTfyOk3d9ftNg==",
             "dependencies": {
                 "fs-extra": "^11.1.1",
                 "tslib": "^2.6.0"
@@ -2670,15 +2860,15 @@
             }
         },
         "node_modules/@docusaurus/tsconfig": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/tsconfig/-/tsconfig-3.3.2.tgz",
-            "integrity": "sha512-2MQXkLoWqgOSiqFojNEq8iPtFBHGQqd1b/SQMoe+v3GgHmk/L6YTTO/hMcHhWb1hTFmbkei++IajSfD3RlZKvw==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/tsconfig/-/tsconfig-3.4.0.tgz",
+            "integrity": "sha512-0qENiJ+TRaeTzcg4olrnh0BQ7eCxTgbYWBnWUeQDc84UYkt/T3pDNnm3SiQkqPb+YQ1qtYFlC0RriAElclo8Dg==",
             "dev": true
         },
         "node_modules/@docusaurus/types": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.3.2.tgz",
-            "integrity": "sha512-5p201S7AZhliRxTU7uMKtSsoC8mgPA9bs9b5NQg1IRdRxJfflursXNVsgc3PcMqiUTul/v1s3k3rXXFlRE890w==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.4.0.tgz",
+            "integrity": "sha512-4jcDO8kXi5Cf9TcyikB/yKmz14f2RZ2qTRerbHAsS+5InE9ZgSLBNLsewtFTcTOXSVcbU3FoGOzcNWAmU1TR0A==",
             "dependencies": {
                 "@mdx-js/mdx": "^3.0.0",
                 "@types/history": "^4.7.11",
@@ -2696,12 +2886,12 @@
             }
         },
         "node_modules/@docusaurus/utils": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.3.2.tgz",
-            "integrity": "sha512-f4YMnBVymtkSxONv4Y8js3Gez9IgHX+Lcg6YRMOjVbq8sgCcdYK1lf6SObAuz5qB/mxiSK7tW0M9aaiIaUSUJg==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.4.0.tgz",
+            "integrity": "sha512-fRwnu3L3nnWaXOgs88BVBmG1yGjcQqZNHG+vInhEa2Sz2oQB+ZjbEMO5Rh9ePFpZ0YDiDUhpaVjwmS+AU2F14g==",
             "dependencies": {
-                "@docusaurus/logger": "3.3.2",
-                "@docusaurus/utils-common": "3.3.2",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/utils-common": "3.4.0",
                 "@svgr/webpack": "^8.1.0",
                 "escape-string-regexp": "^4.0.0",
                 "file-loader": "^6.2.0",
@@ -2718,6 +2908,7 @@
                 "shelljs": "^0.8.5",
                 "tslib": "^2.6.0",
                 "url-loader": "^4.1.1",
+                "utility-types": "^3.10.0",
                 "webpack": "^5.88.1"
             },
             "engines": {
@@ -2733,9 +2924,9 @@
             }
         },
         "node_modules/@docusaurus/utils-common": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.3.2.tgz",
-            "integrity": "sha512-QWFTLEkPYsejJsLStgtmetMFIA3pM8EPexcZ4WZ7b++gO5jGVH7zsipREnCHzk6+eDgeaXfkR6UPaTt86bp8Og==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.4.0.tgz",
+            "integrity": "sha512-NVx54Wr4rCEKsjOH5QEVvxIqVvm+9kh7q8aYTU5WzUU9/Hctd6aTrcZ3G0Id4zYJ+AeaG5K5qHA4CY5Kcm2iyQ==",
             "dependencies": {
                 "tslib": "^2.6.0"
             },
@@ -2752,15 +2943,17 @@
             }
         },
         "node_modules/@docusaurus/utils-validation": {
-            "version": "3.3.2",
-            "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.3.2.tgz",
-            "integrity": "sha512-itDgFs5+cbW9REuC7NdXals4V6++KifgVMzoGOOOSIifBQw+8ULhy86u5e1lnptVL0sv8oAjq2alO7I40GR7pA==",
+            "version": "3.4.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.4.0.tgz",
+            "integrity": "sha512-hYQ9fM+AXYVTWxJOT1EuNaRnrR2WGpRdLDQG07O8UOpsvCPWUVOeo26Rbm0JWY2sGLfzAb+tvJ62yF+8F+TV0g==",
             "dependencies": {
-                "@docusaurus/logger": "3.3.2",
-                "@docusaurus/utils": "3.3.2",
-                "@docusaurus/utils-common": "3.3.2",
+                "@docusaurus/logger": "3.4.0",
+                "@docusaurus/utils": "3.4.0",
+                "@docusaurus/utils-common": "3.4.0",
+                "fs-extra": "^11.2.0",
                 "joi": "^17.9.2",
                 "js-yaml": "^4.1.0",
+                "lodash": "^4.17.21",
                 "tslib": "^2.6.0"
             },
             "engines": {
@@ -4287,9 +4480,9 @@
             }
         },
         "node_modules/algoliasearch-helper": {
-            "version": "3.19.0",
-            "resolved": "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.19.0.tgz",
-            "integrity": "sha512-AaSb5DZDMZmDQyIy6lf4aL0OZGgyIdqvLIIvSuVQOIOqfhrYSY7TvotIFI2x0Q3cP3xUpTd7lI1astUC4aXBJw==",
+            "version": "3.21.0",
+            "resolved": "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.21.0.tgz",
+            "integrity": "sha512-hjVOrL15I3Y3K8xG0icwG1/tWE+MocqBrhW6uVBWpU+/kVEMK0BnM2xdssj6mZM61eJ4iRxHR0djEI3ENOpR8w==",
             "dependencies": {
                 "@algolia/events": "^4.0.1"
             },
@@ -8464,9 +8657,9 @@
             }
         },
         "node_modules/fs-extra": {
-            "version": "11.1.1",
-            "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.1.tgz",
-            "integrity": "sha512-MGIE4HOvQCeUCzmlHs0vXpih4ysz4wg9qiSAu6cd42lVwPbTM1TjV7RusoyQqMmk/95gdQZX72u+YW+c3eEpFQ==",
+            "version": "11.2.0",
+            "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz",
+            "integrity": "sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==",
             "dependencies": {
                 "graceful-fs": "^4.2.0",
                 "jsonfile": "^6.0.1",
@@ -14809,9 +15002,9 @@
             }
         },
         "node_modules/prettier": {
-            "version": "3.2.5",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.2.5.tgz",
-            "integrity": "sha512-3/GWa9aOC0YeD7LUfvOG2NiDyhOWRvt1k+rcKhOuYnMY24iiCphgneUfJDyFXd6rZCAnuLBv6UeAULtrhT/F4A==",
+            "version": "3.3.0",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.0.tgz",
+            "integrity": "sha512-J9odKxERhCQ10OC2yb93583f6UnYutOeiV5i0zEDS7UGTdUt0u+y8erxl3lBKvwo/JHyyoEdXjwp4dke9oyZ/g==",
             "dev": true,
             "bin": {
                 "prettier": "bin/prettier.cjs"
@@ -16841,9 +17034,9 @@
             }
         },
         "node_modules/search-insights": {
-            "version": "2.13.0",
-            "resolved": "https://registry.npmjs.org/search-insights/-/search-insights-2.13.0.tgz",
-            "integrity": "sha512-Orrsjf9trHHxFRuo9/rzm0KIWmgzE8RMlZMzuhZOJ01Rnz3D0YBAe+V6473t6/H6c7irs6Lt48brULAiRWb3Vw==",
+            "version": "2.14.0",
+            "resolved": "https://registry.npmjs.org/search-insights/-/search-insights-2.14.0.tgz",
+            "integrity": "sha512-OLN6MsPMCghDOqlCtsIsYgtsC0pnwVTyT9Mu6A3ewOj1DxvzZF6COrn2g86E/c05xbktB0XN04m/t1Z+n+fTGw==",
             "peer": true
         },
         "node_modules/section-matter": {
@@ -17271,9 +17464,9 @@
             "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg=="
         },
         "node_modules/sitemap": {
-            "version": "7.1.1",
-            "resolved": "https://registry.npmjs.org/sitemap/-/sitemap-7.1.1.tgz",
-            "integrity": "sha512-mK3aFtjz4VdJN0igpIJrinf3EO8U8mxOPsTBzSsy06UtjZQJ3YY3o3Xa7zSc5nMqcMrRwlChHZ18Kxg0caiPBg==",
+            "version": "7.1.2",
+            "resolved": "https://registry.npmjs.org/sitemap/-/sitemap-7.1.2.tgz",
+            "integrity": "sha512-ARCqzHJ0p4gWt+j7NlU5eDlIO9+Rkr/JhPFZKKQ1l5GCus7rJH4UdrlVAh0xC/gDS/Qir2UMxqYNHtsKr2rpCw==",
             "dependencies": {
                 "@types/node": "^17.0.5",
                 "@types/sax": "^1.2.1",

website/package.json

@@ -16,12 +16,12 @@
         "test": "node --test"
     },
     "dependencies": {
-        "@docusaurus/core": "^3.3.2",
-        "@docusaurus/plugin-client-redirects": "^3.3.2",
-        "@docusaurus/plugin-content-docs": "^3.3.2",
-        "@docusaurus/preset-classic": "^3.3.2",
-        "@docusaurus/theme-common": "^3.3.2",
-        "@docusaurus/theme-mermaid": "^3.3.2",
+        "@docusaurus/core": "^3.4.0",
+        "@docusaurus/plugin-client-redirects": "^3.4.0",
+        "@docusaurus/plugin-content-docs": "^3.4.0",
+        "@docusaurus/preset-classic": "^3.4.0",
+        "@docusaurus/theme-common": "^3.4.0",
+        "@docusaurus/theme-mermaid": "^3.4.0",
         "@mdx-js/react": "^3.0.1",
         "clsx": "^2.1.1",
         "disqus-react": "^1.1.5",
@@ -51,10 +51,10 @@
     },
     "devDependencies": {
         "@docusaurus/module-type-aliases": "^3.3.2",
-        "@docusaurus/tsconfig": "^3.3.2",
+        "@docusaurus/tsconfig": "^3.4.0",
         "@docusaurus/types": "^3.3.2",
         "@types/react": "^18.3.3",
-        "prettier": "3.2.5",
+        "prettier": "3.3.0",
         "typescript": "~5.4.5"
     },
     "engines": {

website/sidebars.js

@@ -483,7 +483,10 @@ const docsSidebar = {
                 {
                     type: "category",
                     label: "PostgreSQL",
-                    items: ["troubleshooting/postgres/upgrade_kubernetes"],
+                    items: [
+                        "troubleshooting/postgres/upgrade_kubernetes",
+                        "troubleshooting/postgres/upgrade_docker",
+                    ],
                 },
                 "troubleshooting/access",
                 "troubleshooting/login",

website/sidebarsIntegrations.js

@@ -80,6 +80,7 @@ module.exports = {
                         "services/apache-guacamole/index",
                         "services/argocd/index",
                         "services/awx-tower/index",
+                        "services/cloudflare-access/index",
                         "services/globalprotect/index",
                         "services/harbor/index",
                         "services/hashicorp-vault/index",