website: Bump prettier from 3.3.3 to 3.4.1 in /website (#12205)

* website: Bump prettier from 3.3.3 to 3.4.1 in /website Bumps [prettier](https://github.com/prettier/prettier) from 3.3.3 to 3.4.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/3.3.3...3.4.1) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * update formatting Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sigh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * disable flaky test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2024-11-27 15:14:19 +01:00
parent 6d2072a730
commit 3996bdac33
252 changed files with 22143 additions and 22140 deletions
--- a/website/docs/security/cves/CVE-2022-23555.md
+++ b/website/docs/security/cves/CVE-2022-23555.md
@ -28,4 +28,4 @@ As a workaround, fixed data can be added to invitations which can be checked in

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2022-46172.md
+++ b/website/docs/security/cves/CVE-2022-46172.md
@ -24,4 +24,4 @@ This vulnerability has already been submitted over email, this security advisory

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2023-26481.md
+++ b/website/docs/security/cves/CVE-2023-26481.md
@ -24,4 +24,4 @@ It is recommended to upgrade to the patched version of authentik. Regardless, fo

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2023-39522.md
+++ b/website/docs/security/cves/CVE-2023-39522.md
@ -24,4 +24,4 @@ An attacker can easily enumerate and check users' existence using the recovery f

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2023-48228.md
+++ b/website/docs/security/cves/CVE-2023-48228.md
@ -58,4 +58,4 @@ An attacker could potentially gain full access to the application. If the code g

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-21637.md
+++ b/website/docs/security/cves/CVE-2024-21637.md
@ -36,4 +36,4 @@ It is recommended to upgrade to the patched version of authentik. If not possibl

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-23647.md
+++ b/website/docs/security/cves/CVE-2024-23647.md
@ -24,4 +24,4 @@ The OAuth BCP (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-t

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-37905.md
+++ b/website/docs/security/cves/CVE-2024-37905.md
@ -24,4 +24,4 @@ As a workaround it is possible to block any requests to `/api/v3/core/tokens*` a

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-38371.md
+++ b/website/docs/security/cves/CVE-2024-38371.md
@ -20,4 +20,4 @@ As authentik flows are still used as part of the OAuth2 Device code flow, it is

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-42490.md
+++ b/website/docs/security/cves/CVE-2024-42490.md
@ -10,9 +10,9 @@ Several API endpoints can be accessed by users without correct authentication/au

 The main API endpoints affected by this:

-   `/api/v3/crypto/certificatekeypairs/<uuid>/view_certificate/`
-   `/api/v3/crypto/certificatekeypairs/<uuid>/view_private_key/`
-   `/api/v3/.../used_by/`
+- `/api/v3/crypto/certificatekeypairs/<uuid>/view_certificate/`
+- `/api/v3/crypto/certificatekeypairs/<uuid>/view_private_key/`
+- `/api/v3/.../used_by/`

 Note that all of the affected API endpoints require the knowledge of the ID of an object, which especially for certificates is not accessible to an unprivileged user. Additionally the IDs for most objects are UUIDv4, meaning they are not easily guessable/enumerable.

@ -28,4 +28,4 @@ Access to the API endpoints can be blocked at a Reverse-proxy/Load balancer leve

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-47070.md
+++ b/website/docs/security/cves/CVE-2024-47070.md
@ -14,9 +14,9 @@ Since the default authentication flow uses a policy to enable the password stage

 This can be exploited for the following configurations:

-   An attacker can access authentik without a reverse proxy (and `AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS` is not configured properly)
-   The reverse proxy configuration does not correctly overwrite X-Forwarded-For
-   Policies (User and group bindings do _not_ apply) are bound to authentication/authorization flows
+- An attacker can access authentik without a reverse proxy (and `AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS` is not configured properly)
+- The reverse proxy configuration does not correctly overwrite X-Forwarded-For
+- Policies (User and group bindings do _not_ apply) are bound to authentication/authorization flows

 ### Patches

@ -32,4 +32,4 @@ In addition you can manually change the _Failure result_ option on policy bindin

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-47077.md
+++ b/website/docs/security/cves/CVE-2024-47077.md
@ -22,4 +22,4 @@ authentik 2024.6.5 and 2024.8.3 fix this issue.

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-52287.md
+++ b/website/docs/security/cves/CVE-2024-52287.md
@ -24,4 +24,4 @@ authentik 2024.8.5 and 2024.10.3 fix this issue.

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-52289.md
+++ b/website/docs/security/cves/CVE-2024-52289.md
@ -27,4 +27,4 @@ When configuring OAuth2 providers, make sure to escape any wildcard characters t

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/cves/CVE-2024-52307.md
+++ b/website/docs/security/cves/CVE-2024-52307.md
@ -33,4 +33,4 @@ location /-/metrics/ {

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io).
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io).
--- a/website/docs/security/cves/GHSA-rjvp-29xq-f62w.md
+++ b/website/docs/security/cves/GHSA-rjvp-29xq-f62w.md
@ -24,4 +24,4 @@ Ensure the default admin user (Username `akadmin`) exists and has a password set

 If you have any questions or comments about this advisory:

-   Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)
--- a/website/docs/security/security-hardening.md
+++ b/website/docs/security/security-hardening.md
@ -10,8 +10,8 @@ authentik's default Password policy complies with the [NIST SP 800-63 Digital Id

 However, for further hardening compliant to the NIST Guidelines, consider

-   setting the length of the password to a minimum of 15 characters, and
-   enabling the "Check haveibeenpwned.com" blocklist comparison (note that this cannot be used on Air-gapped instances)
+- setting the length of the password to a minimum of 15 characters, and
+- enabling the "Check haveibeenpwned.com" blocklist comparison (note that this cannot be used on Air-gapped instances)

 For further options, see [Password policy](../customize/policies/index.md#password-policy).

@ -21,9 +21,9 @@ For further options, see [Password policy](../customize/policies/index.md#passwo

 However, for further hardening, it is possible to prevent any user (even super-users) from using expressions to create or edit any objects. To do so, configure your deployment to block API requests to these endpoints:

-   `/api/v3/policies/expression*`
-   `/api/v3/propertymappings*`
-   `/api/v3/managed/blueprints*`
+- `/api/v3/policies/expression*`
+- `/api/v3/propertymappings*`
+- `/api/v3/managed/blueprints*`

 With these restrictions in place, expressions can only be edited using [Blueprints on the file system](../customize/blueprints/index.md#storage---file). Take care to restrict access to the file system itself.

@ -33,7 +33,7 @@ Blueprints allow for templating and managing the authentik configuration as code

 To prevent any user from creating/editing blueprints, block API requests to this endpoint:

-   `/api/v3/managed/blueprints*`
+- `/api/v3/managed/blueprints*`

 With these restrictions in place, Blueprints can only be edited via [the file system](../customize/blueprints/index.md#storage---file).

@ -43,8 +43,8 @@ The CAPTCHA stage allows for additional verification of a user while authenticat

 To prevent any user from creating/editing CAPTCHA stages block API requests to these endpoints:

-   `/api/v3/stages/captcha*`
-   `/api/v3/managed/blueprints*`
+- `/api/v3/stages/captcha*`
+- `/api/v3/managed/blueprints*`

 With these restrictions in place, CAPTCHA stages can only be edited using [Blueprints on the file system](../customize/blueprints/index.md#storage---file).

@ -72,7 +72,7 @@ script-src 'self' 'unsafe-inline';   # Required for generated scripts

 Your use case might require more allowed locations for various directives, e.g.

-   when using a CAPTCHA service
-   when using Sentry
-   when using any custom JavaScript in a prompt stage
-   when using Spotlight Sidecar for development
+- when using a CAPTCHA service
+- when using Sentry
+- when using any custom JavaScript in a prompt stage
+- when using Spotlight Sidecar for development